ABSTRACT
Security-critical communications devices must be evaluated to the highest possible standards before they can be deployed. This process includes tracing potential information flow through the device's electronic circuitry, for each of the device's operating modes. Increasingly, however, security functionality is being entrusted to embedded software running on microprocessors within such devices, so new strategies are needed for integrating information flow analyses of embedded program code with hardware analyses. Here we show how standard compiler principles can augment high-integrity security evaluations to allow seamless tracing of information flow through both the hardware and software of embedded systems. This is done by unifying input/output statements in embedded program execution paths with the hardware pins they access, and by associating significant software states with corresponding operating modes of the surrounding electronic circuitry.
- A. V. Aho, R. Sethi, and J. D. Ullman. Compilers: Principles, Techniques, and Tools. Addison-Wesley, California, USA, 1986. Google Scholar
Digital Library
- M. Avvenuti, C. Bernardeschi, and N. De Francesco. Java bytecode verification for secure information flow. ACM SIGPLAN Notices, 38(12):20--27, December 2003. Google Scholar
Digital Library
- R. A. Ballance, A. B. Maccabe, and K. J. Ottenstein. The program dependence web: A representation supporting control-, data-, and demand-driven interpretation of imperative languages. In Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI'90), New York, USA, June 20--22, 1990, pages 257--271. ACM, 1990. Google Scholar
Digital Library
- K. Banks. Tips for checking schematics. Embedded Systems, 16(6):36--38, June 2003.Google Scholar
- H. Bar-El, H. Choukri, D. Naccache, M. Tunstall, and C. Whelan. The sorcerer's apprentice guide to fault attacks. Proceedings of the IEEE, 94(2):370--382, February 2006.Google Scholar
Cross Ref
- D. Clark, C. Hankin, and S. Hunt. Information flow for ALGOL-like languages. Computer Languages, 28(1):3--28, April 2002. Google Scholar
Digital Library
- A. W. Dent and J. Malone-Lee. The physically observable security of signature schemes. In N. P. Smart, editor, Cryptography and Coding -- Tenth IMA International Conference, volume 3796 of Lecture Notes in Computer Science, pages 220--232, Cirencester, United Kingdom, 19--21 December 2005. Springer-Verlag, Berlin. Google Scholar
Digital Library
- J. Ferrante, K. J. Ottenstein, and J. D. Warren. The Program Dependence Graph and its use in optimization. ACM Transactions on Programming Languages and Systems, 9(3):319--349, July 1987. Google Scholar
Digital Library
- S. Horwitz and T. Reps. The use of program dependence graphs in software engineering. In Proceedings of the Fourteenth International Conference on Software Engineering (ICSE'92), pages 392--411, Melbourne, Australia, 11--15 May 1992. ACM Press, New York. Google Scholar
Digital Library
- R. Joshi and K. R. M. Leino. A semantic approach to secure information flow. Science of Computer Programming, 37(1--3):113--138, May 2000. Google Scholar
Digital Library
- V. Lotz, V. Kessler, and G. H. Walter. A formal security model for microprocessor hardware. IEEE Transactions on Software Engineering, 26(8):702--712, August 2000. Google Scholar
Digital Library
- A. Mahalingam, B. P. Butz, and M. Duarte. An intelligent circuit analysis module to analyze student queries in the Universal Virtual Laboratory. In W. Oakes, D. Voltmer, and C. Yokomoto, editors, Proceedings of the 35th ASEE/IEEE Frontiers in Education Conference (FIE'05), pages F4E-1-F4E-6, Indianapolis, USA, 19--22 October 2005. Institute of Electrical and Electronics Engineers, New Jersey, USA.Google Scholar
Cross Ref
- T. McComb and L. P. Wildman. SIFA: A tool for evaluation of high-grade security devices. In C. Boyd and J. Nieto, editors, Proceedings of the Tenth Australasian Conference on Information Security and Privacy (ACISP 2005), volume 3574 of Lecture Notes in Computer Science, pages 230--241, Brisbane, Australia, 4--6 July 2005. Springer-Verlag, Berlin. Google Scholar
Digital Library
- T. McComb and L. P. Wildman. Verifying abstract information flow properties in fault tolerant security devices. In Z. Liu and J. He, editors, Proceedings of the Eighth International Conference on Formal Engineering Methods (ICFEM 2006), volume 4260 of Lecture Notes in Computer Science, pages 621--638, Macao, China, 1--3 November 2006. Springer-Verlag, Berlin. Google Scholar
Digital Library
- A. C. Myers, A. Sabelfeld, and S. Zdancewic. Enforcing robust declassification and qualified robustness. Journal of Computer Security, 14(2):157--196, 2006. Google Scholar
Cross Ref
- K. R. O'Neill, M. R. Clarkson, and S. Chong. Information-flow security for interactive programs. In Proceedings of the 19th IEEE Computer Security Foundations Workshop (CSFW'06), pages 190--201, Venice, Italy, 5--7 July 2006. IEEE Computer Society, Washington, DC, USA. Google Scholar
Digital Library
- M. Pistoia, S. Chandra, S. J. Fink, and E. Yahav. A survey of static analysis methods for identifying security vulnerabilities in software systems. IBM Systems Journal, 46(2):265--288, 2007. Google Scholar
Digital Library
- A. J. Rae and C. J. Fidge. Information flow analysis for fail-secure devices. The Computer Journal, 48(1):17--26, January 2005. Google Scholar
Digital Library
- A. Sabelfeld and A. C. Myers. Language-based information-flow security. IEEE Journal on Selected Areas in Communications, 21(1):1--15, January 2003. Google Scholar
Digital Library
- B. Schlich, M. Rohrbach, M. Weber, and S. Kowalewski. Model checking software for microcontrollers. Technical Report AIB-2006-11, Department of Computer Science, RWTH Aachen University, Germany, 2006.Google Scholar
- G. Snelting, T. Robschink, and J. Krinke. Efficient path conditions in dependence graphs for software safety analysis. ACM Transactions on Software Engineering and Methodology, 15(5):410--457, October 2006. Google Scholar
Digital Library
- The Common Criteria Project Sponsoring Organisations. Common Criteria for Information Technology Security Evaluation. International Organization for Standardization, Geneva, August 1999.Google Scholar
Index Terms
Integrating hardware and software information flow analyses
Recommendations
Integrating hardware and software information flow analyses
LCTES '09Security-critical communications devices must be evaluated to the highest possible standards before they can be deployed. This process includes tracing potential information flow through the device's electronic circuitry, for each of the device's ...
A Student Experiment Method for Learning the Basics of Embedded Software Development Including HW/SW Co-design
AINAW '08: Proceedings of the 22nd International Conference on Advanced Information Networking and Applications - WorkshopsThe applications of embedded system are widespread in not only consumer products and industrial machines but also new applications such as ubiquitous networking or sensor networking. There is a great demand for em-bedded software engineers in the ...
Use of Student Experiments for Teaching Embedded Software Development Including HW/SW Co-Design
Embedded systems have been applied widely, not only to consumer products and industrial machines, but also to new applications such as ubiquitous or sensor networking. The increasing role of software (SW) in embedded system development has caused a ...







Comments