Complete information flow tracking from the gates up

Authors:
Mohit Tiwari;Hassan M.G. Wassel;Bita Mazloom;Shashidhar Mysore;Frederic T. Chong;Timothy Sherwood
Affiliations:
University of California, Santa Barbara, CA, USA;University of California, Santa Barbara, CA, USA;University of California, Santa Barbara, CA, USA;University of California, Santa Barbara, CA, USA;University of California, Santa Barbara, CA, USA;University of California, Santa Barbara, CA, USA
Venue:
Proceedings of the 14th international conference on Architectural support for programming languages and operating systems
Year:
2009

Citing 21
Cited 20

Certification of programs for secure information flow

Communications of the ACM
The Design of Rijndael

The Design of Rijndael
Secure program execution via dynamic information flow tracking

ASPLOS XI Proceedings of the 11th international conference on Architectural support for programming languages and operating systems
Minos: Control Data Attack Prevention Orthogonal to Memory Model

Proceedings of the 37th annual IEEE/ACM International Symposium on Microarchitecture
RIFLE: An Architectural Framework for User-Centric Information-Flow Security

Proceedings of the 37th annual IEEE/ACM International Symposium on Microarchitecture
Architecture for Protecting Critical Secrets in Microprocessors

Proceedings of the 32nd annual international symposium on Computer Architecture
Vigilante: end-to-end containment of internet worms

Proceedings of the twentieth ACM symposium on Operating systems principles
Towards Automatic Generation of Vulnerability-Based Signatures

SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
A General Dynamic Information Flow Tracking Framework for Security Applications

ACSAC '06 Proceedings of the 22nd Annual Computer Security Applications Conference
LIFT: A Low-Overhead Practical Information Flow Tracking System for Detecting Security Attacks

Proceedings of the 39th Annual IEEE/ACM International Symposium on Microarchitecture
Raksha: a flexible information flow architecture for software security

Proceedings of the 34th annual international symposium on Computer architecture
Taint-enhanced policy enforcement: a practical approach to defeat a wide range of attacks

USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
Efficient online detection of dynamic control dependence

Proceedings of the 2007 international symposium on Software testing and analysis
Dytan: a generic dynamic taint analysis framework

Proceedings of the 2007 international symposium on Software testing and analysis
Yet another MicroArchitectural Attack:: exploiting I-Cache

Proceedings of the 2007 ACM workshop on Computer security architecture
Aegis: A Single-Chip Secure Processor

IEEE Design & Test
Cell broadband engine processor vault security architecture

IBM Journal of Research and Development
Understanding and visualizing full systems with data flow tomography

Proceedings of the 13th international conference on Architectural support for programming languages and operating systems
Parallelizing dynamic information flow tracking

Proceedings of the twentieth annual symposium on Parallelism in algorithms and architectures
From Speculation to Security: Practical and Efficient Information Flow Tracking Using Speculative Hardware

ISCA '08 Proceedings of the 35th Annual International Symposium on Computer Architecture
Cache attacks and countermeasures: the case of AES

CT-RSA'06 Proceedings of the 2006 The Cryptographers' Track at the RSA conference on Topics in Cryptology

Execution leases: a hardware-supported mechanism for enforcing strong non-interference

Proceedings of the 42nd Annual IEEE/ACM International Symposium on Microarchitecture
Tainting is not pointless

ACM SIGOPS Operating Systems Review
Secure information flow analysis for hardware design: using the right abstraction for the job

PLAS '10 Proceedings of the 5th ACM SIGPLAN Workshop on Programming Languages and Analysis for Security
Theoretical analysis of gate level information flow tracking

Proceedings of the 47th Design Automation Conference
On information flow for intrusion detection: what if accurate full-system dynamic information flow tracking was possible?

Proceedings of the 2010 workshop on New security paradigms
Caisson: a hardware description language for secure information flow

Proceedings of the 32nd ACM SIGPLAN conference on Programming language design and implementation
Crafting a usable microkernel, processor, and I/O system with strict and provable information flow security

Proceedings of the 38th annual international symposium on Computer architecture
Information flow isolation in I2C and USB

Proceedings of the 48th Design Automation Conference
Dataflow Tomography: Information Flow Tracking For Understanding and Visualizing Full Systems

ACM Transactions on Architecture and Code Optimization (TACO)
Architecture support for disciplined approximate programming

ASPLOS XVII Proceedings of the seventeenth international conference on Architectural Support for Programming Languages and Operating Systems
A software-hardware architecture for self-protecting data

Proceedings of the 2012 ACM conference on Computer and communications security
Turtles all the way down: a clean-slate, ground-up, first-principles approach to secure systems

Proceedings of the 2012 workshop on New security paradigms
Simultaneous information flow security and circuit redundancy in Boolean gates

Proceedings of the International Conference on Computer-Aided Design
Position paper: Sapper -- a language for provable hardware policy enforcement

Proceedings of the Eighth ACM SIGPLAN workshop on Programming languages and analysis for security
A practical testing framework for isolating hardware timing channels

Proceedings of the Conference on Design, Automation and Test in Europe
SurfNoC: a low latency and provably non-interfering approach to secure networks-on-chip

Proceedings of the 40th Annual International Symposium on Computer Architecture
PHANTOM: practical oblivious computation in a secure processor

Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Sleuth: automated verification of software power analysis countermeasures

CHES'13 Proceedings of the 15th international conference on Cryptographic Hardware and Embedded Systems
Sapper: a language for hardware-level security policy enforcement

Proceedings of the 19th international conference on Architectural support for programming languages and operating systems
WHISK: an uncore architecture for dynamic information flow tracking in heterogeneous embedded SoCs

Proceedings of the Ninth IEEE/ACM/IFIP International Conference on Hardware/Software Codesign and System Synthesis

Quantified Score

Hi-index	0.00

Visualization

Abstract

For many mission-critical tasks, tight guarantees on the flow of information are desirable, for example, when handling important cryptographic keys or sensitive financial data. We present a novel architecture capable of tracking all information flow within the machine, including all explicit data transfers and all implicit flows (those subtly devious flows caused by not performing conditional operations). While the problem is impossible to solve in the general case, we have created a machine that avoids the general-purpose programmability that leads to this impossibility result, yet is still programmable enough to handle a variety of critical operations such as public-key encryption and authentication. Through the application of our novel gate-level information flow tracking method, we show how all flows of information can be precisely tracked. From this foundation, we then describe how a class of architectures can be constructed, from the gates up, to completely capture all information flows and we measure the impact of doing so on the hardware implementation, the ISA, and the programmer.