Abstract
Information flow exhibited by multithreaded programs is subtle because the attacker may exploit scheduler properties when deducing secret information from publicly observable outputs. Volpano and Smith have introduced a protect command that prevents the scheduler from observing sensitive timing behavior of protected commands and therefore prevents undesired information flows. While a useful construct, protect is nonstandard and difficult to implement. This paper presents a transformation that eliminates the need for protect under cooperative scheduling. We show that both termination-insensitive and termination-sensitive security can be enforced by variants of the transformation in a language with dynamic thread creation.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Boudol, G., Castellani, I.: Non-interference for concurrent programs and thread systems. Theoretical Computer Science 281(1), 109–130 (2002)
Denning, D.E., Denning, P.J.: Certification of programs for secure information flow. Comm. of the ACM 20(7), 504–513 (1977)
Engelschall, R.S.: Gnu pth - the gnu portable threads (Nov. 2005), http://www.gnu.org/software/pth/
Goguen, J.A., Meseguer, J.: Security policies and security models. In: Proc. IEEE Symp. on Security and Privacy, Apr. 1982, pp. 11–20 (1982)
Huisman, M., Worah, P., Sunesen, K.: A temporal logic characterisation of observational determinism. In: Proc. IEEE Computer Security Foundations Workshop (July 2006)
Mantel, H., Sands, D.: Controlled downgrading based on intransitive (non)interference. In: Chin, W.-N. (ed.) APLAS 2004. LNCS, vol. 3302, pp. 129–145. Springer, Heidelberg (2004)
Myers, A.C., et al.: Jif: Java information flow. Software release (July 2001–2006), http://www.cs.cornell.edu/jif
Russo, A., Sabelfeld, A.: Securing interaction between threads and the scheduler. In: Proc. IEEE Computer Security Foundations Workshop, July 2006, pp. 177–189 (2006)
Sabelfeld, A.: The impact of synchronisation on secure information flow in concurrent programs. In: Bjørner, D., Broy, M., Zamulin, A.V. (eds.) PSI 2001. LNCS, vol. 2244, pp. 225–239. Springer, Heidelberg (2001)
Sabelfeld, A.: Confidentiality for multithreaded programs via bisimulation. In: Broy, M., Zamulin, A.V. (eds.) PSI 2003. LNCS, vol. 2890, pp. 260–273. Springer, Heidelberg (2004)
Sabelfeld, A., Mantel, H.: Static confidentiality enforcement for distributed programs. In: Hermenegildo, M.V., Puebla, G. (eds.) SAS 2002. LNCS, vol. 2477, pp. 376–394. Springer, Heidelberg (2002)
Sabelfeld, A., Myers, A.C.: Language-based information-flow security. IEEE J. Selected Areas in Communications 21(1), 5–19 (2003)
Sabelfeld, A., Sands, D.: Probabilistic noninterference for multi-threaded programs. In: Proc. IEEE Computer Security Foundations Workshop, July 2000, pp. 200–214 (2000)
Simonet, V.: The Flow Caml system. Software release (July 2003), Located at http://cristal.inria.fr/~simonet/soft/flowcaml/
Smith, G.: A new type system for secure information flow. In: Proc. IEEE Computer Security Foundations Workshop, June 2001, pp. 115–125 (2001)
Smith, G.: Probabilistic noninterference through weak probabilistic bisimulation. In: Proc. IEEE Computer Security Foundations Workshop, pp. 3–13 (2003)
Smith, G., Volpano, D.: Secure information flow in a multi-threaded imperative language. In: Proc. ACM Symp. on Principles of Programming Languages, Jan. 1998, pp. 355–364 (1998)
Volpano, D., Smith, G.: Probabilistic noninterference in a concurrent language. J. Computer Security 7(2–3), 231–253 (1999)
Volpano, D., Smith, G., Irvine, C.: A sound type system for secure flow analysis. J. Computer Security 4(3), 167–187 (1996)
Winskel, G.: The Formal Semantics of Programming Languages: An Introduction. MIT Press, Cambridge (1993)
Zdancewic, S., Myers, A.C.: Observational determinism for concurrent program security. In: Proc. IEEE Computer Security Foundations Workshop, June 2003, pp. 29–43 (2003)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Russo, A., Sabelfeld, A. (2007). Security for Multithreaded Programs Under Cooperative Scheduling. In: Virbitskaite, I., Voronkov, A. (eds) Perspectives of Systems Informatics. PSI 2006. Lecture Notes in Computer Science, vol 4378. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-70881-0_43
Download citation
DOI: https://doi.org/10.1007/978-3-540-70881-0_43
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-70880-3
Online ISBN: 978-3-540-70881-0
eBook Packages: Computer ScienceComputer Science (R0)