Access Control and Information Flow in Transactional Memory

Authors:
Ariel Cohen;Ron Meyden;Lenore D. Zuck
Affiliations:
New York University,;University of New South Wales,;University of Illinois at Chicago,
Venue:
Formal Aspects in Security and Trust
Year:
2009

Citing 8
Cited 1

Extending the Noninterference Version of MLS for SAT

IEEE Transactions on Software Engineering - Special issue on computer security and privacy
Database Concurrency Control in Multilevel Secure Database Management Systems

IEEE Transactions on Knowledge and Data Engineering
Software transactional memory for dynamic-sized data structures

Proceedings of the twenty-second annual symposium on Principles of distributed computing
Transactional Memory Coherence and Consistency

Proceedings of the 31st annual international symposium on Computer architecture
Unbounded Transactional Memory

HPCA '05 Proceedings of the 11th International Symposium on High-Performance Computer Architecture
A Distributed Secure System

Computer
Verifying Correctness of Transactional Memories

FMCAD '07 Proceedings of the Formal Methods in Computer Aided Design
What, indeed, is intransitive noninterference?

ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security

Transactional correctness for secure nested transactions

TGC'11 Proceedings of the 6th international conference on Trustworthy Global Computing

Quantified Score

Hi-index	0.00

Visualization

Abstract

The paper considers the addition of access control to a number of transactional memory implementations, and studies its impact on the information flow security of such systems. Even after the imposition of access control, the Unbounded Transactional Memory due to Ananian et al, and most instances of a general scheme for transactional conflict detection and arbitration due to Scott, are shown to be insecure. This result applies even for a very simple policy prohibiting information flow from a high to a low security domain. The source of the insecurity is identified as the ability of agents to cause aborts of other agents' transactions. A generic implementation is defined, parameterized by a "may-abort" relation that defines which agents may cause aborts of other agents' transactions. This implementation is shown to be secure with respect to an intransitive information flow policy consistent with the access control table and "may-abort" relation. Using this result, Transactional Memory Coherence and Consistency, an implementation due to Hammond et al, is shown to be secure with respect to intransitive information flow policies. Moreover, it is shown how to modify Scott's arbitration policies using the may-abort relation, yielding a class of secure implementations closely related to Scott's scheme.