• DocumentCode
    1565448
  • Title

    Statically Checking Confidentiality of Shared Memory Programs with Dynamic Labels

  • Author

    Volp, Marcus

  • Author_Institution
    Dept. of Comput. Sci., Tech. Univ. Dresden, Dresden
  • fYear
    2008
  • Firstpage
    268
  • Lastpage
    275
  • Abstract
    At WITS 2005, Warmer et al. published an algorithm to statically check confidentiality of programs with dynamic labels. Unlike prior approaches, their method allows for temporary breaches of confidentiality. However, they share the commonly made assumption that programs run entirely in private memory. Thus, interaction with and observation of the checked program is restricted to program start and termination respectively. This paper extends Warnier´s approach in two fundamental aspects: shared memory and synchronisation. Through shared memory other programs may observe and interact with the checked program at memory-access granularity. Synchronisation renders parts of the shared memory inaccessible to those programs which adhere to the locking policy. We provide a mechanically-checked soundness proof and show the effectiveness of a countermeasure to the AES cache side-channel attack.
  • Keywords
    cache storage; concurrency control; cryptography; program diagnostics; program verification; shared memory systems; synchronisation; AES cache side-channel attack; concurrency control; dynamic label; locking policy; mechanically-checked soundness proof; memory-access granularity; program synchronisation; shared-memory program; static confidentiality checking; Availability; Computer security; Concrete; Cryptography; Information security; Labeling; Network servers; Virtual manufacturing; Voice mail; Workstations; information flow; language-based security;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Availability, Reliability and Security, 2008. ARES 08. Third International Conference on
  • Conference_Location
    Barcelona
  • Print_ISBN
    978-0-7695-3102-1
  • Type

    conf

  • DOI
    10.1109/ARES.2008.56
  • Filename
    4529347