Securing interaction between threads and the scheduler in the presence of synchronization

https://doi.org/10.1016/j.jlap.2008.09.003Get rights and content
Under an Elsevier user license
open archive

Abstract

The problem of information flow in multithreaded programs remains an important open challenge. Existing approaches to specifying and enforcing information-flow security often suffer from over-restrictiveness, relying on nonstandard semantics, lack of compositionality, inability to handle dynamic threads, inability to handle synchronization, scheduler dependence, and efficiency overhead for the code that results from security-enforcing transformations. This paper suggests a remedy for some of these shortcomings by developing a novel treatment of the interaction between threads and the scheduler. As a result, we present a permissive noninterference-like security specification and a compositional security type system that provably enforces this specification. The type system guarantees security for a wide class of schedulers and provides a flexible and efficiency-friendly treatment of dynamic threads.

Keywords

Information flow
Multithreading
Synchronization
Noninterference
Security

Cited by (0)