Abstract
We characterize the properties of timing channels that are reflected in source code and present formal methods for the identification of these channels in source code of trusted computing bases (TCBs). Our study differs significantly from previous ones which focus on a high-level characterization of timing channels without leading to practical methods for their identification [11,
Also available as IBM Technical Report 85.0148, June 1992.
Chapter PDF
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Andrews, G. R. and R. P. Reitman, “An Axiomatic Approach to Information Flow in Programs,” ACM Trans. Prog. Lang. Syst., Vol. 2, No. 1, Jan. 1980, pp. 56–76.
Denning, D. E., “A Lattice Model of Secure Information Flow,” Comm. ACM, Vol. 19, No. 5, May 1976, pp. 236–243.
Eckmann, S. T., “Ina Flo: The FDM Flow Tool,” in Proc. 10th Nat'l Compt. Sec. Conf., NBS, Gaithersburg, MD, 1987, pp. 175–182.
Feiertag, R. J., “A Technique for Proving Specifications Are Multilevel Secure,” Computer Science Lab Report CSL-109, SRI, Menlo Park, CA, 1980.
Gasser, M., Building A Secure Computer System, Van Nostrand Reinhold Company, New York, NY, 1988.
Gligor, V. D., C. S. Chandersekaran, R. S. Chapman, L. J. Dotterer, M. S. Hecht, W.-D. Jiang, A. Johri, G. L. Luckenbaugh, and N. Vasudevan, “Design and Implementation of Secure Xenix,” IEEE Trans. Software Engr., Vol. SE-13, No. 2, Feb. 1987, pp. 208–221.
Haigh, J. T., R. A. Kemmerer, J. McHugh, and W. D. Young, “An Experience Using Two Covert Channel Analysis Techniques on a Real System Design,” IEEE Trans. Software Engr., Vol. SE-13, No. 2, Feb. 1987, pp. 157–168.
He, J. and V. D. Gligor, “Information-Flow Analysis for Covert-Channel Identification in Multilevel Secure Operating Systems,” in Proc. Computer Security Foundations Workshop III, Franconia, NH, June 1990.
He, J., An Automated System for the Identification of Potential Covert Channels in Multilevel Secure Operating Systems, Ph.D. Dissertation, University of Maryland, College Park, MD, Dec. 1990.
Hu, W.-M., “Reducing Timing Channels with Fuzzy Time,” in Proc. IEEE Symp. Research on Security and Privacy, Oakland, CA, May 1991.
Kemmerer, R. A., “Shared Resource Matrix Methodology: An Approach to Identifying Storage and Timing Channels,” ACM Trans. Compt. Syst., Vol. 1, No. 3, Aug. 1983, pp. 256–277.
Kramer, S. M., “The Mitre Flow Table Generator — Volume 1,” M83-31 Volume 1, Mitre Corporation, Bedford, MA, Jan. 1983.
Lampson, B. W., “A Note on the Confinement Problem,” Comm. ACM, Vol. 16, No. 10, Oct. 1973, pp. 613–615.
McHugh, J. and D. I. Good, “An Information Flow Tool for Gypsy,” in Proc. IEEE Symp. Security and Privacy, Oakland, CA, April 1985, pp. 46–48.
Trusted Computer System Evaluation Criteria, U. S. Dept. of Defense Standard DOD 5200.28-STD, Dec. 1985.
Tsai, C.-R., V. D. Gligor, and C. S. Chandersekaran, “On the Identification of Covert Storage Channels in Secure Systems,” IEEE Trans. Software Engr., Vol. 16, No. 6, June 1990, pp. 569–580.
Wray, J. C., “An Analysis of Covert Timing Channels,” in Proc. IEEE Symp. Research on Security and Privacy, Oakland, CA, May 1991, pp. 2–7.
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 1992 Springer-Verlag
About this paper
Cite this paper
He, J., Gligor, V.D. (1992). Formal methods and automated tool for timing-channel identification in tcb source code. In: Deswarte, Y., Eizenberg, G., Quisquater, JJ. (eds) Computer Security — ESORICS 92. ESORICS 1992. Lecture Notes in Computer Science, vol 648. Springer, Berlin, Heidelberg. https://doi.org/10.1007/BFb0013892
Download citation
DOI: https://doi.org/10.1007/BFb0013892
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-56246-7
Online ISBN: 978-3-540-47488-3
eBook Packages: Springer Book Archive