Certification of programs for secure information flow
Communications of the ACM
The Design of Rijndael
Secure program execution via dynamic information flow tracking
ASPLOS XI Proceedings of the 11th international conference on Architectural support for programming languages and operating systems
Minos: Control Data Attack Prevention Orthogonal to Memory Model
Proceedings of the 37th annual IEEE/ACM International Symposium on Microarchitecture
RIFLE: An Architectural Framework for User-Centric Information-Flow Security
Proceedings of the 37th annual IEEE/ACM International Symposium on Microarchitecture
Architecture for Protecting Critical Secrets in Microprocessors
Proceedings of the 32nd annual international symposium on Computer Architecture
Vigilante: end-to-end containment of internet worms
Proceedings of the twentieth ACM symposium on Operating systems principles
Towards Automatic Generation of Vulnerability-Based Signatures
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
A General Dynamic Information Flow Tracking Framework for Security Applications
ACSAC '06 Proceedings of the 22nd Annual Computer Security Applications Conference
LIFT: A Low-Overhead Practical Information Flow Tracking System for Detecting Security Attacks
Proceedings of the 39th Annual IEEE/ACM International Symposium on Microarchitecture
Raksha: a flexible information flow architecture for software security
Proceedings of the 34th annual international symposium on Computer architecture
Taint-enhanced policy enforcement: a practical approach to defeat a wide range of attacks
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
Efficient online detection of dynamic control dependence
Proceedings of the 2007 international symposium on Software testing and analysis
Dytan: a generic dynamic taint analysis framework
Proceedings of the 2007 international symposium on Software testing and analysis
Yet another MicroArchitectural Attack:: exploiting I-Cache
Proceedings of the 2007 ACM workshop on Computer security architecture
Aegis: A Single-Chip Secure Processor
IEEE Design & Test
Cell broadband engine processor vault security architecture
IBM Journal of Research and Development
Understanding and visualizing full systems with data flow tomography
Proceedings of the 13th international conference on Architectural support for programming languages and operating systems
Parallelizing dynamic information flow tracking
Proceedings of the twentieth annual symposium on Parallelism in algorithms and architectures
ISCA '08 Proceedings of the 35th Annual International Symposium on Computer Architecture
Cache attacks and countermeasures: the case of AES
CT-RSA'06 Proceedings of the 2006 The Cryptographers' Track at the RSA conference on Topics in Cryptology
Execution leases: a hardware-supported mechanism for enforcing strong non-interference
Proceedings of the 42nd Annual IEEE/ACM International Symposium on Microarchitecture
ACM SIGOPS Operating Systems Review
Secure information flow analysis for hardware design: using the right abstraction for the job
PLAS '10 Proceedings of the 5th ACM SIGPLAN Workshop on Programming Languages and Analysis for Security
Theoretical analysis of gate level information flow tracking
Proceedings of the 47th Design Automation Conference
Proceedings of the 2010 workshop on New security paradigms
Caisson: a hardware description language for secure information flow
Proceedings of the 32nd ACM SIGPLAN conference on Programming language design and implementation
Proceedings of the 38th annual international symposium on Computer architecture
Information flow isolation in I2C and USB
Proceedings of the 48th Design Automation Conference
Dataflow Tomography: Information Flow Tracking For Understanding and Visualizing Full Systems
ACM Transactions on Architecture and Code Optimization (TACO)
Architecture support for disciplined approximate programming
ASPLOS XVII Proceedings of the seventeenth international conference on Architectural Support for Programming Languages and Operating Systems
A software-hardware architecture for self-protecting data
Proceedings of the 2012 ACM conference on Computer and communications security
Turtles all the way down: a clean-slate, ground-up, first-principles approach to secure systems
Proceedings of the 2012 workshop on New security paradigms
Simultaneous information flow security and circuit redundancy in Boolean gates
Proceedings of the International Conference on Computer-Aided Design
Position paper: Sapper -- a language for provable hardware policy enforcement
Proceedings of the Eighth ACM SIGPLAN workshop on Programming languages and analysis for security
A practical testing framework for isolating hardware timing channels
Proceedings of the Conference on Design, Automation and Test in Europe
SurfNoC: a low latency and provably non-interfering approach to secure networks-on-chip
Proceedings of the 40th Annual International Symposium on Computer Architecture
PHANTOM: practical oblivious computation in a secure processor
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Sleuth: automated verification of software power analysis countermeasures
CHES'13 Proceedings of the 15th international conference on Cryptographic Hardware and Embedded Systems
Sapper: a language for hardware-level security policy enforcement
Proceedings of the 19th international conference on Architectural support for programming languages and operating systems
WHISK: an uncore architecture for dynamic information flow tracking in heterogeneous embedded SoCs
Proceedings of the Ninth IEEE/ACM/IFIP International Conference on Hardware/Software Codesign and System Synthesis
Hi-index | 0.00 |
For many mission-critical tasks, tight guarantees on the flow of information are desirable, for example, when handling important cryptographic keys or sensitive financial data. We present a novel architecture capable of tracking all information flow within the machine, including all explicit data transfers and all implicit flows (those subtly devious flows caused by not performing conditional operations). While the problem is impossible to solve in the general case, we have created a machine that avoids the general-purpose programmability that leads to this impossibility result, yet is still programmable enough to handle a variety of critical operations such as public-key encryption and authentication. Through the application of our novel gate-level information flow tracking method, we show how all flows of information can be precisely tracked. From this foundation, we then describe how a class of architectures can be constructed, from the gates up, to completely capture all information flows and we measure the impact of doing so on the hardware implementation, the ISA, and the programmer.