skip to main content
research-article

Language-based control and mitigation of timing channels

Published:11 June 2012Publication History
Skip Abstract Section

Abstract

We propose a new language-based approach to mitigating timing channels. In this language, well-typed programs provably leak only a bounded amount of information over time through external timing channels. By incorporating mechanisms for predictive mitigation of timing channels, this approach also permits a more expressive programming model. Timing channels arising from interaction with underlying hardware features such as instruction caches are controlled. Assumptions about the underlying hardware are explicitly formalized, supporting the design of hardware that efficiently controls timing channels. One such hardware design is modeled and used to show that timing channels can be controlled in some simple programs of real-world significance.

References

  1. O. Acıiçmez. Yet another microarchitectural attack: Exploiting I-cache. In Proceedings of the ACM Workshop on Computer Security Architecture (CSAW '07), pages 11--18, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. O. Acıiçmez, C. Koç, and J. Seifert. On the power of simple branch prediction analysis. In ASIACCS, pages 312--320, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. J. Agat. Transforming out timing leaks. In Proc. 27th ACM Symp. on Principles of Programming Languages (POPL), pages 40--53, Boston, MA, January 2000. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. A. Askarov, S. Hunt, A. Sabelfeld, and D. Sands. Termination-insensitive noninterference leaks more than just a bit. In ESORICS, pages 333--348, October 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. A. Askarov, D. Zhang, and A. C. Myers. Predictive black-box mitigation of timing channels. In ACM Conf. on Computer and Communications Security (CCS), pages 297--307, October 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. G. Barthe, T. Rezk, and M. Warnier. Preventing timing leaks through transactional branching instructions. Electronic Notes in Theoretical Computer Science, 153(2):33--55, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. A. Bortz and D. Boneh. Exposing private information by timing web applications. In Proc. 16th Int'l World-Wide Web Conf., May 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. D. Brumley and D. Boneh. Remote timing attacks are practical. Computer Networks, January 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. D. C. Burger and T. M. Austin. The SimpleScalar tool set, version 3.0. Technical Report CS-TR-97-1342, University of Wisconsin, Madison, June 1997.Google ScholarGoogle Scholar
  10. B. Coppens, I. Verbauwhede, K. D. Bosschere, and B. D. Sutter. Practical mitigations for timing-based side-channel attacks on modern x86 processors. IEEE Symposium on Security and Privacy, pages 45--60, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. D. E. Denning. Cryptography and Data Security. Addison-Wesley, Reading, Massachusetts, 1982.Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. D. Devriese and F. Piessens. Noninterference through secure multi-execution. In IEEE Symposium on Security and Privacy, pages 109--124, May 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. J. Giffin, R. Greenstadt, P. Litwack, and R. Tibbetts. Covert messaging through TCP timestamps. Privacy Enhancing Technologies, Lecture Notes in Computer Science, 2482(2003):189--193, 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. D. Gullasch, E. Bangerter, and S. Krenn. Cache games-bringing access-based cache attacks on AES to practice. In IEEE Symposium on Security and Privacy, pages 490--505, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. D. Hedin and D. Sands. Timing aware information flow security for a JavaCard-like bytecode. Electronic Notes in Theoretical Computer Science, 141(1):163--182, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. M. Huisman, P. Worah, and K. Sunesen. A temporal logic characterisation of observational determinism. In Proc. 19th IEEE Computer Security Foundations Workshop, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. V. Kashyap, B. Wiedermann, and B. Hardekopf. Timing- and termination-sensitive secure information flow: Exploring a new approach. In IEEE Symposium on Security and Privacy, pages 413--430, May 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. P. Kocher. Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In Advances in Cryptology-CRYPTO'96, August 1996. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. J. Kong, O. Acıiçmez, J.-P. Seifert, and H. Zhou. Deconstructing new cache designs for thwarting software cache-based side channel attacks. In Proceedings of the 2nd ACM Workshop on Computer Security Architectures, pages 25--34, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. B. Köpf and M. Dürmuth. A provably secure and efficient countermeasure against timing attacks. In 2009 IEEE Computer Security Foundations, July 2009.Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. X. Li, M. Tiwari, J. Oberg, V. Kashyap, F. Chong, T. Sherwood, and B. Hardekopf. Caisson: a hardware description language for secure information flow. In ACM SIGPLAN Conference on Programming Language Design and Implementation, pages 109--120, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. J. K. Millen. Covert channel capacity. In Proc. IEEE Symposium on Security and Privacy, Oakland, CA, April 1987.Google ScholarGoogle ScholarCross RefCross Ref
  23. D. Molnar, M. Piotrowski, D. Schultz, and D. Wagner. The program counter security model: automatic detection and removal of control-flow side channel attacks. Cryptology ePrint archive: report 2005/368, 2005.Google ScholarGoogle Scholar
  24. D. Osvik, A. Shamir, and E. Tromer. Cache attacks and counter measures: the case of AES. Topics in Cryptology-CT-RSA 2006, January 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. D. Page. Partitioned cache architecture as a side-channel defense mechanism. In Cryptology ePrint Archive, Report 2005/280, 2005.Google ScholarGoogle Scholar
  26. A. Russo and A. Sabelfeld. Securing interaction between threads and the scheduler. In Proc. 19th IEEE Computer Security Foundations Workshop, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. A. Sabelfeld and A. C. Myers. Language-based information-flow security. IEEE Journal on Selected Areas in Communications, 21(1):5--19, January 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. A. Sabelfeld and D. Sands. Probabilistic noninterference for multi-threaded programs. In Proc. 13th IEEE Computer Security Foundations Workshop, pages 200--214. IEEE Computer Society Press, July 2000. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. S. Sellke, C. Wang, and S. Bagchi. TCP/IP timing channels: Theory to implementation. In Proc. INFOCOM 2009, pages 2204--2212, January 2009.Google ScholarGoogle ScholarCross RefCross Ref
  30. G. Smith. A new type system for secure information flow. In Proc. 14th IEEE Computer Security Foundations Workshop, pages 115--125, June 2001. Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. G. Smith. On the foundations of quantitative information flow. Foundations of Software Science and Computational Structures, 5504:288--302, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. G. Smith and D. Volpano. Secure information flow in a multi-threaded imperative language. In Proc. 25th ACM Symp. on Principles of Programming Languages (POPL), pages 355--364, January 1998. Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. D. Volpano and G. Smith. Eliminating covert flows with minimum typings. In Proc. 10th IEEE Computer Security Foundations Workshop, pages 156--168, 1997. Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. Z. Wang and R. Lee. Covert and side channels due to processor architecture. In ACSAC '06, pages 473--482, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. Z. Wang and R. Lee. New cache designs for thwarting software cache-based side channel attacks. In Proceedings of the 34th annual international symposium on computer architecture (ISCA '07), pages 494--505, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. J. C. Wray. An analysis of covert timing channels. In Proc. IEEE Symposium on Security and Privacy, pages 2--7, 1991.Google ScholarGoogle ScholarCross RefCross Ref
  37. S. Zdancewic and A. C. Myers. Observational determinism for concurrent program security. In Proc. 16th IEEE Computer Security Foundations Workshop, pages 29--43, June 2003.Google ScholarGoogle ScholarCross RefCross Ref
  38. D. Zhang, A. Askarov, and A. C. Myers. Predictive mitigation of timing channels in interactive systems. In ACM Conf. on Computer and Communications Security (CCS), pages 563--574, October 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  39. D. Zhang, A. Askarov, and A. C. Myers. Language mechanisms for controlling and mitigating timing channels. Technical report, Cornell University, March 2012. http://hdl.handle.net/1813/28635.Google ScholarGoogle Scholar

Index Terms

  1. Language-based control and mitigation of timing channels

              Recommendations

              Comments

              Login options

              Check if you have access through your login credentials or your institution to get full access on this article.

              Sign in

              Full Access

              • Published in

                cover image ACM SIGPLAN Notices
                ACM SIGPLAN Notices  Volume 47, Issue 6
                PLDI '12
                June 2012
                534 pages
                ISSN:0362-1340
                EISSN:1558-1160
                DOI:10.1145/2345156
                Issue’s Table of Contents
                • cover image ACM Conferences
                  PLDI '12: Proceedings of the 33rd ACM SIGPLAN Conference on Programming Language Design and Implementation
                  June 2012
                  572 pages
                  ISBN:9781450312059
                  DOI:10.1145/2254064

                Copyright © 2012 ACM

                Publisher

                Association for Computing Machinery

                New York, NY, United States

                Publication History

                • Published: 11 June 2012

                Check for updates

                Qualifiers

                • research-article

              PDF Format

              View or Download as a PDF file.

              PDF

              eReader

              View online with eReader.

              eReader
              About Cookies On This Site

              We use cookies to ensure that we give you the best experience on our website.

              Learn more

              Got it!