Extending the Noninterference Version of MLS for SAT
IEEE Transactions on Software Engineering - Special issue on computer security and privacy
Database Concurrency Control in Multilevel Secure Database Management Systems
IEEE Transactions on Knowledge and Data Engineering
Software transactional memory for dynamic-sized data structures
Proceedings of the twenty-second annual symposium on Principles of distributed computing
Transactional Memory Coherence and Consistency
Proceedings of the 31st annual international symposium on Computer architecture
Unbounded Transactional Memory
HPCA '05 Proceedings of the 11th International Symposium on High-Performance Computer Architecture
Computer
Verifying Correctness of Transactional Memories
FMCAD '07 Proceedings of the Formal Methods in Computer Aided Design
What, indeed, is intransitive noninterference?
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
Transactional correctness for secure nested transactions
TGC'11 Proceedings of the 6th international conference on Trustworthy Global Computing
Hi-index | 0.00 |
The paper considers the addition of access control to a number of transactional memory implementations, and studies its impact on the information flow security of such systems. Even after the imposition of access control, the Unbounded Transactional Memory due to Ananian et al, and most instances of a general scheme for transactional conflict detection and arbitration due to Scott, are shown to be insecure. This result applies even for a very simple policy prohibiting information flow from a high to a low security domain. The source of the insecurity is identified as the ability of agents to cause aborts of other agents' transactions. A generic implementation is defined, parameterized by a "may-abort" relation that defines which agents may cause aborts of other agents' transactions. This implementation is shown to be secure with respect to an intransitive information flow policy consistent with the access control table and "may-abort" relation. Using this result, Transactional Memory Coherence and Consistency, an implementation due to Hammond et al, is shown to be secure with respect to intransitive information flow policies. Moreover, it is shown how to modify Scott's arbitration policies using the may-abort relation, yielding a class of secure implementations closely related to Scott's scheme.