The formal semantics of programming languages: an introduction
The formal semantics of programming languages: an introduction
Secure information flow in a multi-threaded imperative language
POPL '98 Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Proceedings of the 27th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Probabilistic noninterference in a concurrent language
Journal of Computer Security
A sound type system for secure flow analysis
Journal of Computer Security
Certification of programs for secure information flow
Communications of the ACM
A uniform type structure for secure information flow
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Noninterference for concurrent programs and thread systems
Theoretical Computer Science
Mathematical Models of Computer Security
FOSAD '00 Revised versions of lectures given during the IFIP WG 1.7 International School on Foundations of Security Analysis and Design on Foundations of Security Analysis and Design: Tutorial Lectures
Classification of Security Properties (Part I: Information Flow)
FOSAD '00 Revised versions of lectures given during the IFIP WG 1.7 International School on Foundations of Security Analysis and Design on Foundations of Security Analysis and Design: Tutorial Lectures
The Impact of Synchronisation on Secure Information Flow in Concurrent Programs
PSI '02 Revised Papers from the 4th International Andrei Ershov Memorial Conference on Perspectives of System Informatics: Akademgorodok, Novosibirsk, Russia
Probabilistic Noninterference for Multi-Threaded Programs
CSFW '00 Proceedings of the 13th IEEE workshop on Computer Security Foundations
A Simple View of Type-Secure Information Flow in the "-Calculus
CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
Using Replication and Partitioning to Build Secure Distributed Systems
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
A New Type System for Secure Information Flow
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
Refactoring programs to secure information flows
Proceedings of the 2006 workshop on Programming languages and analysis for security
A Temporal Logic Characterisation of Oservational Determinism
CSFW '06 Proceedings of the 19th IEEE workshop on Computer Security Foundations
Securing Interaction between Threads and the Scheduler
CSFW '06 Proceedings of the 19th IEEE workshop on Computer Security Foundations
Security for multithreaded programs under cooperative scheduling
PSI'06 Proceedings of the 6th international Andrei Ershov memorial conference on Perspectives of systems informatics
Language-based information-flow security
IEEE Journal on Selected Areas in Communications
Quantitative analysis of leakage for multi-threaded programs
Proceedings of the 2007 workshop on Programming languages and analysis for security
Avoiding timing channels in fixed-priority schedulers
Proceedings of the 2008 ACM symposium on Information, computer and communications security
Security of multithreaded programs by compilation
ACM Transactions on Information and System Security (TISSEC)
Predictive black-box mitigation of timing channels
Proceedings of the 17th ACM conference on Computer and communications security
Flexible scheduler-independent security
ESORICS'10 Proceedings of the 15th European conference on Research in computer security
Caisson: a hardware description language for secure information flow
Proceedings of the 32nd ACM SIGPLAN conference on Programming language design and implementation
Predictive mitigation of timing channels in interactive systems
Proceedings of the 18th ACM conference on Computer and communications security
Securing the future: an information flow analysis of a distributed OO language
SOFSEM'12 Proceedings of the 38th international conference on Current Trends in Theory and Practice of Computer Science
Secure multi-execution in haskell
PSI'11 Proceedings of the 8th international conference on Perspectives of System Informatics
Addressing covert termination and timing channels in concurrent information flow systems
Proceedings of the 17th ACM SIGPLAN international conference on Functional programming
Security of multithreaded programs by compilation
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
Proving concurrent noninterference
CPP'12 Proceedings of the Second international conference on Certified Programs and Proofs
| Hi-index | 0.00 |
Abstract. A major difficulty for tracking information flow in multithreaded programs is due to the internal timing covert channel. Information is leaked via this channel when secrets affect the timing behavior of a thread, which, via the scheduler, affects the interleaving of assignments to public variables. This channel is particularly dangerous because, in contrast to external timing, the attacker does not need to observe the actual execution time. This paper presents a compositional transformation that closes the internal timing channel for multithreaded programs (or rejects the program if there are symptoms of other flows). The transformation is based on spawning dedicated threads, whenever computation may affect secrets, and carefully synchronizing them. The target language features semaphores, which have not been previously considered in the context of termination-insensitive security.