Skip to main content
SpringerLink
Log in

Closing Internal Timing Channels by Transformation

  • Conference paper
Advances in Computer Science - ASIAN 2006. Secure Software and Related Issues (ASIAN 2006)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 4435))

Included in the following conference series:

Abstract

A major difficulty for tracking information flow in multithreaded programs is due to the internal timing covert channel. Information is leaked via this channel when secrets affect the timing behavior of a thread, which, via the scheduler, affects the interleaving of assignments to public variables. This channel is particularly dangerous because, in contrast to external timing, the attacker does not need to observe the actual execution time. This paper presents a compositional transformation that closes the internal timing channel for multithreaded programs (or rejects the program if there are symptoms of other flows). The transformation is based on spawning dedicated threads, whenever computation may affect secrets, and carefully synchronizing them. The target language features semaphores, which have not been previously considered in the context of termination-insensitive security.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Report on resource and information flow security requirements, Deliverable D1.1 of the EU IST FET GC2 MOBIUS project, (March 2006), http://mobius.inria.fr/

  2. Agat, J.: Transforming out timing leaks. In: Proc. POPL 2002, pp. 40–53 (January 2000)

    Google Scholar 

  3. Boudol, G., Castellani, I.: Noninterference for concurrent programs. In: Orejas, F., Spirakis, P.G., van Leeuwen, J. (eds.) ICALP 2001. LNCS, vol. 2076, pp. 382–395. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  4. Boudol, G., Castellani, I.: Non-interference for concurrent programs and thread systems. Theoretical Computer Science 281(1), 109–130 (2002)

    Article  MathSciNet  MATH  Google Scholar 

  5. Denning, D.E., Denning, P.J.: Certification of programs for secure information flow. Comm. of the ACM 20(7), 504–513 (1977)

    Article  MATH  Google Scholar 

  6. Focardi, R., Gorrieri, R.: Classification of security properties (part I: Information flow). In: Focardi, R., Gorrieri, R. (eds.) Foundations of Security Analysis and Design. LNCS, vol. 2171, pp. 331–396. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  7. Honda, K., Vasconcelos, V., Yoshida, N.: Secure information flow as typed process behaviour. In: Smolka, G. (ed.) ESOP 2000 and ETAPS 2000. LNCS, vol. 1782, Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  8. Honda, K., Yoshida, N.: A uniform type structure for secure information flow. In: Proc. ACM Symp. on Principles of Programming Languages, pp. 81–92. ACM Press, New York (2002)

    Google Scholar 

  9. Huisman, M., Worah, P., Sunesen, K.: A temporal logic characterisation of observational determinism. In: Proc. IEEE Computer Security Foundations Workshop (July 2006)

    Google Scholar 

  10. JSR 118 Expert Group. Mobile information device profile (MIDP), version 2.0. Java specification request, Java Community Process (November 2002)

    Google Scholar 

  11. JSR 179 Expert Group. Location API for J2ME. Java specification request, Java Community Process (September 2003)

    Google Scholar 

  12. Knudsen, J.: Networking, user experience, and threads. Sun Technical Articles and Tips, (2002), http://developers.sun.com/techtopics/mobility/midp/articles/threading/

  13. Köpf, B., Mantel, H.: Eliminating implicit information leaks by transformational typing and unification. In: Dimitrakos, T., Martinelli, F., Ryan, P.Y.A., Schneider, S. (eds.) FAST 2005. LNCS, vol. 3866, Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  14. Mahmoud, Q.H.: Preventing screen lockups of blocking operations. Sun Technical Articles and Tips (2004), http://developers.sun.com/techtopics/mobility/midp/ttips/screenlock/

  15. Pottier, F.: A simple view of type-secure information flow in the pi-calculus. In: Proc. IEEE Computer Security Foundations Workshop, pp. 320–330. IEEE Computer Society Press, Los Alamitos (2002)

    Google Scholar 

  16. Russo, A., Sabelfeld, A.: Securing interaction between threads and the scheduler. In: Proc. IEEE Computer Security Foundations Workshop, pp. 177–189. IEEE Computer Society Press, Los Alamitos (2006)

    Google Scholar 

  17. Russo, A., Sabelfeld, A.: Security for multithreaded programs under cooperative scheduling. In: Virbitskaite, I., Voronkov, A. (eds.) PSI 2006. LNCS, vol. 4378, Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  18. Ryan, P.: Mathematical models of computer security—tutorial lectures. In: Focardi, R., Gorrieri, R. (eds.) FOSAD 2001. LNCS, vol. 2946, Springer, Heidelberg (2004)

    Google Scholar 

  19. Sabelfeld, A.: The impact of synchronisation on secure information flow in concurrent programs. In: Bjørner, D., Broy, M., Zamulin, A.V. (eds.) PSI 2001. LNCS, vol. 2244, Springer, Heidelberg (2001)

    Google Scholar 

  20. Sabelfeld, A., Mantel, H.: Static confidentiality enforcement for distributed programs. In: Hermenegildo, M.V., Puebla, G. (eds.) SAS 2002. LNCS, vol. 2477, Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  21. Sabelfeld, A., Myers, A.C.: Language-based information-flow security. IEEE J. Selected Areas in Communications 21(1), 5–19 (2003)

    Article  Google Scholar 

  22. Sabelfeld, A., Sands, D.: Probabilistic noninterference for multi-threaded programs. In: Proc. IEEE Computer Security Foundations Workshop, pp. 200–214. IEEE Computer Society Press, Los Alamitos (2000)

    Google Scholar 

  23. Smith, G.: A new type system for secure information flow. In: Proc. IEEE Computer Security Foundations Workshop, pp. 115–125. IEEE Computer Society Press, Los Alamitos (2001)

    Google Scholar 

  24. Smith, G.: Probabilistic noninterference through weak probabilistic bisimulation. In: Proc. IEEE Computer Security Foundations Workshop, pp. 3–13. IEEE Computer Society Press, Los Alamitos (2003)

    Google Scholar 

  25. Smith, G., Volpano, D.: Secure information flow in a multi-threaded imperative language. In: Proc. ACM Symp. on Principles of Programming Languages, pp. 355–364. ACM Press, New York (1998)

    Google Scholar 

  26. Smith, S.F., Thober, M.: Refactoring programs to secure information flows. In: PLAS 2006, pp. 75–84. ACM Press, New York (2006)

    Google Scholar 

  27. Volpano, D., Smith, G.: Probabilistic noninterference in a concurrent language. J. Computer Security 7(2–3), 231–253 (1999)

    Article  Google Scholar 

  28. Volpano, D., Smith, G., Irvine, C.: A sound type system for secure flow analysis. J. Computer Security 4(3), 167–187 (1996)

    Article  Google Scholar 

  29. Winskel, G.: The Formal Semantics of Programming Languages: An Introduction. MIT Press, Cambridge (1993)

    MATH  Google Scholar 

  30. Zdancewic, S., Myers, A.C.: Observational determinism for concurrent program security. In: Proc. IEEE Computer Security Foundations Workshop, pp. 29–43. IEEE Computer Society Press, Los Alamitos (2003)

    Google Scholar 

  31. Zheng, L., Chong, S., Myers, A.C., Zdancewic, S.: Using replication and partitioning to build secure distributed systems. In: Proc. IEEE Symp. on Security and Privacy, pp. 236–250. IEEE Computer Society Press, Los Alamitos (2003)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, Chalmers University of Technology, 412 96, Göteborg, Sweden

    Alejandro Russo, John Hughes & Andrei Sabelfeld

  2. Department of Computer Science, Stevens Institute of Technology, Hoboken, New Jersey, 07030, USA

    David Naumann

Authors
  1. Alejandro Russo
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. John Hughes
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. David Naumann
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Andrei Sabelfeld
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Mitsu Okada Ichiro Satoh

Rights and permissions

Reprints and permissions

Copyright information

© 2007 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Russo, A., Hughes, J., Naumann, D., Sabelfeld, A. (2007). Closing Internal Timing Channels by Transformation. In: Okada, M., Satoh, I. (eds) Advances in Computer Science - ASIAN 2006. Secure Software and Related Issues. ASIAN 2006. Lecture Notes in Computer Science, vol 4435. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-77505-8_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-77505-8_10

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-77504-1

  • Online ISBN: 978-3-540-77505-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation