Skip to main content
Log in

Generating optimized gate level information flow tracking logic for enforcing multilevel security

  • Published:
Automatic Control and Computer Sciences Aims and scope Submit manuscript

Abstract

Vulnerabilities such as design flaws, malicious codes and covert channels residing in hardware design are known to expose hard-to-detect security holes. However, security hole detection methods based on functional testing and verification cannot guarantee test coverage or identify malicious code triggered under specific conditions and hardware-specific covert channels. As a complement approach to cipher algorithms and access control, information flow analysis techniques have been proved to be effective in detecting security vulnerabilities and preventing attacks through side channels. Recently, gate level information flow tracking (GLIFT) has been proposed to enforce bittight information flow security from the level of Boolean gates, which allows detection of hardware-specific security vulnerabilities. However, the inherent high complexity of GLIFT logic causes significant overheads in verification time for static analysis or area and performance for physical implementation, especially under multilevel security lattices. This paper proposes to reduce the complexity of GLIFT logic through state encoding and logic optimization techniques. Experimental results show that our methods can reduce the complexity of GLIFT logic significantly, which will allow the application of GLIFT for proving multilevel information flow security.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Suh, G.E., Lee, J.W., Zhang, D. and Devadas, S., Secure programexecution via dynamic information flow tracking, Proc. 11th Int. Conf. Architectural Support for Programming Languages and Operating Systems (ASPLOS-XI), New York, 2004, pp. 85–96.

    Google Scholar 

  2. Qin, F., Wang, C., Li, Z., Kim, H.S., Zhou, Y., Wu, Y., Lift: Alow-overhead practical information flow tracking system for detecting security attacks, Proc. 39th Annu. IEEE/ACM Int. Symp. Microarchitecture, 2006, pp. 135–148.

    Google Scholar 

  3. Tripp, O., Pistoia, M., Fink, S., Sridharan, M., and Weisman, O., TAJ: Effective Taint Analysis of Web Applications, Proc. of PLDI’09, Dublin, 2009, pp. 87–97.

    Google Scholar 

  4. Tiwari, M., Wassel, H.M., Mazloom, B., Mysore, S., Chong, F.T., and Sherwood, T., Complete information flow tracking from the gates up, Proc. 14th Int. Conf. Architect. Support Programming Lang. Operating Syst. (ASPLOS), New York, 2009, pp. 109–120.

    Google Scholar 

  5. Hu, W., Oberg, J., Irturk, A., Tiwari, M., Sherwood, T., and Kastner, R., Theoretical fundamentals of gate level information flow tracking, IEEE Trans. CAD, 2011, vol. 30, no. 8, pp. 1128–1140.

    Article  Google Scholar 

  6. Hu, W., Oberg, J., Irturk, A., Tiwari, M., Sherwood, T., Mu, D., and Kastner, R., On the complexity of generating gate level information flow tracking logic, IEEE Trans. Inf. Forensics Secur., 2012, vol. 7, no. 3, pp. 1067–1080.

    Article  Google Scholar 

  7. Mu, D., Hu, W., Mao, B., and Ma, B., A bottom-up approach to verifiable embedded system information flow security, IET Inf. Secur., 2013 (in press).

    Google Scholar 

  8. Oberg, J., Hu, W., Irturk, A., Tiwari, M., Sherwood, T., and Kastner, R., Information flow isolation in i2c and usb, Proceedings of the 48th ACM/EDAC/IEEE Design Automation Conference (DAC'11), New York, 2011, pp. 254–259.

    Google Scholar 

  9. Oberg, J., Hu, W., Irturk, A., Tiwari, M., Sherwood, T., and Kastner, R., Leveraging gate-level properties to identify hardware timing channels, IEEE Trans. Comput.-Aided Des. Integr. Circuits Syst., 2014, vol. 33, no. 9, pp. 1288–1301.

    Article  Google Scholar 

  10. Hu, W., Oberg, J., Irturk, A., Tiwari, M., Sherwood, T., Mu, D., and Kastner, R., An improved encoding technique for gate level information flow tracking, International Workshop on Logic and Synthesis (IWLS), 2011.

    Google Scholar 

  11. Denning, D.E., Cryptography and Data Security, Reading, MA, Addison-Wesley, 1982.

    MATH  Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to De-Jun Mu.

Additional information

The article is published in the original.

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Tai, Y., Hu, W., Zhang, HX. et al. Generating optimized gate level information flow tracking logic for enforcing multilevel security. Aut. Control Comp. Sci. 50, 361–368 (2016). https://doi.org/10.3103/S0146411616050096

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.3103/S0146411616050096

Keywords

Navigation