Probability and Timing: Challenges for Secure Programming
PAPM-PROBMIV '02 Proceedings of the Second Joint International Workshop on Process Algebra and Probabilistic Methods, Performance Modeling and Verification
The Impact of Synchronisation on Secure Information Flow in Concurrent Programs
PSI '02 Revised Papers from the 4th International Andrei Ershov Memorial Conference on Perspectives of System Informatics: Akademgorodok, Novosibirsk, Russia
Securing Communication in a Concurrent Language
SAS '02 Proceedings of the 9th International Symposium on Static Analysis
A Generic Approach to the Security of Multi-Threaded Programs
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
A unifying approach to the security of distributed and multi-threaded programs
Journal of Computer Security - Special issue on CSFW14
Securing Statically-verified Communications Protocols Against Timing Attacks
Electronic Notes in Theoretical Computer Science (ENTCS)
Specification and verification of side channel declassification
FAST'09 Proceedings of the 6th international conference on Formal Aspects in Security and Trust
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
CacheAudit: a tool for the static analysis of cache side channels
SEC'13 Proceedings of the 22nd USENIX conference on Security
Hi-index | 0.00 |
Abstract: Recent interest in methods for certifying programs for secure information flow (noninterference) have failed to raise a key question: can efficient algorithms be written so as to satisfy the requirements of secure information flow? In this paper we discuss how algorithms for searching and sorting can be adapted to work on collections of secret data without leaking any confidential information, either directly, indirectly, or through timing behaviour. We pay particular attention to the issue of timing channels caused by cache behaviour, and argue that it is necessary to disable the effect of the cache in order to construct algorithms manipulating pointers to objects in such a way that they satisfy the conditions of noninterference. We also discuss how randomisation can be used to implement secure algorithms, and discuss how randomised hash tables might be made practically secure.