Abstract
We propose a new language-based approach to mitigating timing channels. In this language, well-typed programs provably leak only a bounded amount of information over time through external timing channels. By incorporating mechanisms for predictive mitigation of timing channels, this approach also permits a more expressive programming model. Timing channels arising from interaction with underlying hardware features such as instruction caches are controlled. Assumptions about the underlying hardware are explicitly formalized, supporting the design of hardware that efficiently controls timing channels. One such hardware design is modeled and used to show that timing channels can be controlled in some simple programs of real-world significance.
- O. Acıiçmez. Yet another microarchitectural attack: Exploiting I-cache. In Proceedings of the ACM Workshop on Computer Security Architecture (CSAW '07), pages 11--18, 2007. Google Scholar
Digital Library
- O. Acıiçmez, C. Koç, and J. Seifert. On the power of simple branch prediction analysis. In ASIACCS, pages 312--320, 2007. Google Scholar
Digital Library
- J. Agat. Transforming out timing leaks. In Proc. 27th ACM Symp. on Principles of Programming Languages (POPL), pages 40--53, Boston, MA, January 2000. Google Scholar
Digital Library
- A. Askarov, S. Hunt, A. Sabelfeld, and D. Sands. Termination-insensitive noninterference leaks more than just a bit. In ESORICS, pages 333--348, October 2008. Google Scholar
Digital Library
- A. Askarov, D. Zhang, and A. C. Myers. Predictive black-box mitigation of timing channels. In ACM Conf. on Computer and Communications Security (CCS), pages 297--307, October 2010. Google Scholar
Digital Library
- G. Barthe, T. Rezk, and M. Warnier. Preventing timing leaks through transactional branching instructions. Electronic Notes in Theoretical Computer Science, 153(2):33--55, 2006. Google Scholar
Digital Library
- A. Bortz and D. Boneh. Exposing private information by timing web applications. In Proc. 16th Int'l World-Wide Web Conf., May 2007. Google Scholar
Digital Library
- D. Brumley and D. Boneh. Remote timing attacks are practical. Computer Networks, January 2005. Google Scholar
Digital Library
- D. C. Burger and T. M. Austin. The SimpleScalar tool set, version 3.0. Technical Report CS-TR-97-1342, University of Wisconsin, Madison, June 1997.Google Scholar
- B. Coppens, I. Verbauwhede, K. D. Bosschere, and B. D. Sutter. Practical mitigations for timing-based side-channel attacks on modern x86 processors. IEEE Symposium on Security and Privacy, pages 45--60, 2009. Google Scholar
Digital Library
- D. E. Denning. Cryptography and Data Security. Addison-Wesley, Reading, Massachusetts, 1982.Google Scholar
Digital Library
- D. Devriese and F. Piessens. Noninterference through secure multi-execution. In IEEE Symposium on Security and Privacy, pages 109--124, May 2010. Google Scholar
Digital Library
- J. Giffin, R. Greenstadt, P. Litwack, and R. Tibbetts. Covert messaging through TCP timestamps. Privacy Enhancing Technologies, Lecture Notes in Computer Science, 2482(2003):189--193, 2003. Google Scholar
Digital Library
- D. Gullasch, E. Bangerter, and S. Krenn. Cache games-bringing access-based cache attacks on AES to practice. In IEEE Symposium on Security and Privacy, pages 490--505, 2011. Google Scholar
Digital Library
- D. Hedin and D. Sands. Timing aware information flow security for a JavaCard-like bytecode. Electronic Notes in Theoretical Computer Science, 141(1):163--182, 2005. Google Scholar
Digital Library
- M. Huisman, P. Worah, and K. Sunesen. A temporal logic characterisation of observational determinism. In Proc. 19th IEEE Computer Security Foundations Workshop, 2006. Google Scholar
Digital Library
- V. Kashyap, B. Wiedermann, and B. Hardekopf. Timing- and termination-sensitive secure information flow: Exploring a new approach. In IEEE Symposium on Security and Privacy, pages 413--430, May 2011. Google Scholar
Digital Library
- P. Kocher. Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In Advances in Cryptology-CRYPTO'96, August 1996. Google Scholar
Digital Library
- J. Kong, O. Acıiçmez, J.-P. Seifert, and H. Zhou. Deconstructing new cache designs for thwarting software cache-based side channel attacks. In Proceedings of the 2nd ACM Workshop on Computer Security Architectures, pages 25--34, 2008. Google Scholar
Digital Library
- B. Köpf and M. Dürmuth. A provably secure and efficient countermeasure against timing attacks. In 2009 IEEE Computer Security Foundations, July 2009.Google Scholar
Digital Library
- X. Li, M. Tiwari, J. Oberg, V. Kashyap, F. Chong, T. Sherwood, and B. Hardekopf. Caisson: a hardware description language for secure information flow. In ACM SIGPLAN Conference on Programming Language Design and Implementation, pages 109--120, 2011. Google Scholar
Digital Library
- J. K. Millen. Covert channel capacity. In Proc. IEEE Symposium on Security and Privacy, Oakland, CA, April 1987.Google Scholar
Cross Ref
- D. Molnar, M. Piotrowski, D. Schultz, and D. Wagner. The program counter security model: automatic detection and removal of control-flow side channel attacks. Cryptology ePrint archive: report 2005/368, 2005.Google Scholar
- D. Osvik, A. Shamir, and E. Tromer. Cache attacks and counter measures: the case of AES. Topics in Cryptology-CT-RSA 2006, January 2006. Google Scholar
Digital Library
- D. Page. Partitioned cache architecture as a side-channel defense mechanism. In Cryptology ePrint Archive, Report 2005/280, 2005.Google Scholar
- A. Russo and A. Sabelfeld. Securing interaction between threads and the scheduler. In Proc. 19th IEEE Computer Security Foundations Workshop, 2006. Google Scholar
Digital Library
- A. Sabelfeld and A. C. Myers. Language-based information-flow security. IEEE Journal on Selected Areas in Communications, 21(1):5--19, January 2003. Google Scholar
Digital Library
- A. Sabelfeld and D. Sands. Probabilistic noninterference for multi-threaded programs. In Proc. 13th IEEE Computer Security Foundations Workshop, pages 200--214. IEEE Computer Society Press, July 2000. Google Scholar
Digital Library
- S. Sellke, C. Wang, and S. Bagchi. TCP/IP timing channels: Theory to implementation. In Proc. INFOCOM 2009, pages 2204--2212, January 2009.Google Scholar
Cross Ref
- G. Smith. A new type system for secure information flow. In Proc. 14th IEEE Computer Security Foundations Workshop, pages 115--125, June 2001. Google Scholar
Digital Library
- G. Smith. On the foundations of quantitative information flow. Foundations of Software Science and Computational Structures, 5504:288--302, 2009. Google Scholar
Digital Library
- G. Smith and D. Volpano. Secure information flow in a multi-threaded imperative language. In Proc. 25th ACM Symp. on Principles of Programming Languages (POPL), pages 355--364, January 1998. Google Scholar
Digital Library
- D. Volpano and G. Smith. Eliminating covert flows with minimum typings. In Proc. 10th IEEE Computer Security Foundations Workshop, pages 156--168, 1997. Google Scholar
Digital Library
- Z. Wang and R. Lee. Covert and side channels due to processor architecture. In ACSAC '06, pages 473--482, 2006. Google Scholar
Digital Library
- Z. Wang and R. Lee. New cache designs for thwarting software cache-based side channel attacks. In Proceedings of the 34th annual international symposium on computer architecture (ISCA '07), pages 494--505, 2007. Google Scholar
Digital Library
- J. C. Wray. An analysis of covert timing channels. In Proc. IEEE Symposium on Security and Privacy, pages 2--7, 1991.Google Scholar
Cross Ref
- S. Zdancewic and A. C. Myers. Observational determinism for concurrent program security. In Proc. 16th IEEE Computer Security Foundations Workshop, pages 29--43, June 2003.Google Scholar
Cross Ref
- D. Zhang, A. Askarov, and A. C. Myers. Predictive mitigation of timing channels in interactive systems. In ACM Conf. on Computer and Communications Security (CCS), pages 563--574, October 2011. Google Scholar
Digital Library
- D. Zhang, A. Askarov, and A. C. Myers. Language mechanisms for controlling and mitigating timing channels. Technical report, Cornell University, March 2012. http://hdl.handle.net/1813/28635.Google Scholar
Index Terms
Language-based control and mitigation of timing channels
Recommendations
A Hardware Design Language for Timing-Sensitive Information-Flow Security
ASPLOS '15: Proceedings of the Twentieth International Conference on Architectural Support for Programming Languages and Operating SystemsInformation security can be compromised by leakage via low-level hardware features. One recently prominent example is cache probing attacks, which rely on timing channels created by caches. We introduce a hardware design language, SecVerilog, which ...
Language-based control and mitigation of timing channels
PLDI '12: Proceedings of the 33rd ACM SIGPLAN Conference on Programming Language Design and ImplementationWe propose a new language-based approach to mitigating timing channels. In this language, well-typed programs provably leak only a bounded amount of information over time through external timing channels. By incorporating mechanisms for predictive ...
Predictive black-box mitigation of timing channels
CCS '10: Proceedings of the 17th ACM conference on Computer and communications securityWe investigate techniques for general black-box mitigation of timing channels. The source of events is wrapped by a timing mitigator that delays output events so that they contain only a bounded amount of information. We introduce a general class of ...







Comments