Abstract
High-security processes have to load confidential information into shared resources as part of their operation. This confidential information may be leaked (directly or indirectly) to low-security processes via the shared resource. This paper considers leakage from high-security to low-security processes from the perspective of scheduling. The workflow model is here extended to support preemption, security levels, and leakage. Formalization of leakage properties is then built upon this extended model, allowing formal reasoning about the security of schedulers. Several heuristics are presented in the form of compositional preprocessors and postprocessors as part of a more general scheduling approach. The effectiveness of such heuristics are evaluated experimentally, showing them to achieve significantly better schedulability than the state of the art. Modeling of leakage from cache attacks is presented as a case study.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
Technical details for X86-64 (https://software.intel.com/sites/default/files/article/402129/mpx-linux64-abi.pdf) and ELF initialization (http://lxr.linux.no/linux+v3.2.4/arch/ia64/include/asm/elf.h).
- 2.
30,000 sets of tasks were generated, 22 were discarded as unschedulable.
- 3.
Available via git from: https://scm.gforge.inria.fr/anonscm/git/secleakpublic/secleakpublic.git.
- 4.
Demo available via website at: http://secleakpublic.gforge.inria.fr/.
References
Alvim, M.S., Chatzikokolakis, K., Palamidessi, C., Smith, G.: Measuring information leakage using generalized gain functions. In: Chong, S. (ed.) CSF. IEEE (2012)
Backes, M., Köpf, B., Rybalchenko, A.: Automatic discovery and quantification of information leaks. In: S&P, pp. 141–153. IEEE (2009)
Benoit, A., Çatalyürek, U.V., Robert, Y., Saule, E.: A survey of pipelined workflow scheduling: models and algorithms. ACM Comput. Surv. 45(4), 50:1–50:36 (2013)
Biondi, F., Legay, A., Malacaria, P., Wasowski, A.: Quantifying information leakage of randomized protocols. Theor. Comput. Sci. 597, 62–87 (2015)
Biondi, F., Legay, A., Traonouez, L.-M., Wąsowski, A.: QUAIL: a quantitative security analyzer for imperative code. In: Sharygina, N., Veith, H. (eds.) CAV 2013. LNCS, vol. 8044, pp. 702–707. Springer, Heidelberg (2013). doi:10.1007/978-3-642-39799-8_49
Chothia, T., Kawamoto, Y., Novakovic, C.: LeakWatch: estimating information leakage from java programs. In: Kutyłowski, M., Vaidya, J. (eds.) ESORICS 2014. LNCS, vol. 8713, pp. 219–236. Springer, Cham (2014). doi:10.1007/978-3-319-11212-1_13
Costan, V., Devadas, S.: Intel sgx explained. IACR ePrint Archive 2016, 86 (2016)
Falliere, N., Murchu, L.O., Chien, E.: W32.Stuxnet dossier (2011)
Graham, R.L.: Bounds for certain multiprocessing anomalies. Bell Syst. Tech. J. 45(9), 1563–1581 (1966)
Gruss, D., Maurice, C., Wagner, K., Mangard, S.: Flush+Flush: a fast and stealthy cache attack. In: Caballero, J., Zurutuza, U., Rodríguez, R.J. (eds.) DIMVA 2016. LNCS, vol. 9721, pp. 279–299. Springer, Cham (2016). doi:10.1007/978-3-319-40667-1_14
Gruss, D., Spreitzer, R., Mangard, S.: Cache template attacks: automating attacks on inclusive last-level caches. In: Usenix Security 2015, pp. 897–912 (2015)
Heusser, J., Malacaria, P.: Quantifying information leaks in software. In: Gates, C., Franz, M., McDermott, J.P. (ed.) ACSAC, pp. 261–269. ACM (2010)
Kim, J.H., Legay, A., Larsen, K.G., Mikučionis, M., Nielsen, B.: Resource-parameterized timing analysis of real-time systems. In: Piterman, N. (ed.) HVC 2015. LNCS, vol. 9434, pp. 190–205. Springer, Cham (2015). doi:10.1007/978-3-319-26287-1_12
Kim, J.H., Legay, A., Traonouez, L., Boudjadar, A., Nyman, U., Larsen, K.G., Lee, I., Choi, J.: Optimizing the resource requirements of hierarchical scheduling systems. SIGBED Rev. 13(3), 41–48 (2016)
Mohan, S., Yoon, M., Pellizzoni, R., Bobba, R.: Real-time systems security through scheduler constraints. In: ECRTS, pp. 129–140. IEEE Computer Society (2014)
Osvik, D.A., Shamir, A., Tromer, E.: Cache attacks and countermeasures: the case of AES. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 1–20. Springer, Heidelberg (2006). doi:10.1007/11605805_1
Pellizzoni, R., Paryab, N., Yoon, M., Bak, S., Mohan, S., Bobba, R.: A generalized model for preventing information leakage in hard real-time systems. In: RTAS. IEEE (2015)
Ristenpart, T., Tromer, E., Shacham, H., Savage, S.: Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In: CCS 2009. ACM (2009)
Schwarz, M., Weiser, S., Gruss, D., Maurice, C., Mangard, S.: Malware guard extension: Using SGX to conceal cache attacks. arXiv preprint (2017). arXiv:1702.08719
Son, J., Alves-Foss, J.: Covert timing channel capacity of rate monotonic real-time scheduling algorithm in MLS systems. In: IASTED, pp. 13–18 (2006)
Son, S.H., Mukkamala, R., David, R.: Integrating security and real-time requirements using covert channel capacity. IEEE Trans. Knowl. Data Eng. 12(6), 865–879 (2000)
Tromer, E., Osvik, D.A., Shamir, A.: Efficient cache attacks on AES, and countermeasures. J. Cryptol. 23(1), 37–71 (2010)
Val, C.G., Enescu, M.A., Bayless, S., Aiello, W., Hu, A.J.: Precisely measuring quantitative information flow: 10k lines of code and beyond. In: Euro S&P. IEEE (2016)
Varadarajan, V., Ristenpart, T., Swift, M.M.: Scheduler-based defenses against cross-VM side-channels. In: Usenix Security, pp. 687–702 (2014)
Yarom, Y., Falkner, K.: FLUSH+RELOAD: a high resolution, low noise, L3 cache side-channel attack. In: USENIX Security, pp. 719–732 (2014)
Yoon, M.-K., Mohan, S., Chen, C.-Y., Sha, L.: Taskshuffler: a schedule randomization protocol for obfuscation against timing inference attacks in real-time systems. In: RTAS, pp. 1–12. IEEE (2016)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Biondi, F., Chadli, M., Given-Wilson, T., Legay, A. (2017). Information Leakage as a Scheduling Resource. In: Petrucci, L., Seceleanu, C., Cavalcanti, A. (eds) Critical Systems: Formal Methods and Automated Verification. AVoCS FMICS 2017 2017. Lecture Notes in Computer Science(), vol 10471. Springer, Cham. https://doi.org/10.1007/978-3-319-67113-0_6
Download citation
DOI: https://doi.org/10.1007/978-3-319-67113-0_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-67112-3
Online ISBN: 978-3-319-67113-0
eBook Packages: Computer ScienceComputer Science (R0)