research-article

Complete information flow tracking from the gates up

Authors:

Hassan M.G. Wassel,

Shashidhar Mysore,

Frederic T. Chong,

Timothy SherwoodAuthors Info & Claims

ACM SIGPLAN Notices, Volume 44, Issue 3

Pages 109 - 120

https://doi.org/10.1145/1508284.1508258

Published: 07 March 2009 Publication History

Abstract

For many mission-critical tasks, tight guarantees on the flow of information are desirable, for example, when handling important cryptographic keys or sensitive financial data. We present a novel architecture capable of tracking all information flow within the machine, including all explicit data transfers and all implicit flows (those subtly devious flows caused by not performing conditional operations). While the problem is impossible to solve in the general case, we have created a machine that avoids the general-purpose programmability that leads to this impossibility result, yet is still programmable enough to handle a variety of critical operations such as public-key encryption and authentication. Through the application of our novel gate-level information flow tracking method, we show how all flows of information can be precisely tracked. From this foundation, we then describe how a class of architectures can be constructed, from the gates up, to completely capture all information flows and we measure the impact of doing so on the hardware implementation, the ISA, and the programmer.

References

[1]

James Newsome and Dawn Song. Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. In 12th Annual Network and Distributed System Security Symposium (NDSS 05), February 2005.

[2]

Onur Aciic¸gmez. Yet another microarchitectural attack: Exploiting i-cache. In Proceedings of the 2007 ACM Workshop on Computer Security Architecture(CSAW), 2007.

Digital Library

[3]

Onur Aciic¸mez, Jean pierre Seifert, and Cetin Kaya Koc. Predicting secret keys via branch prediction. In The Cryptographers Track at the RSA Conference(CT-RSA), 2007.

[4]

Tiago Alves and Don Felton. TrustZone: Integrated Hardware and Software Security, July 2004. URL http://www.arm.com/

[5]

products/esd/trustzone_home.html.

[6]

David Brumley, James Newsome, Dawn Song, Hao Wang, and Somesh Jha. Towards automatic generation of vulnerability--based signatures. In Proceedings of the 2006 IEEE Symposium on Security and Privacy, 2006.

Digital Library

[7]

Haibo Chen, Xi Wu, Liwei Yuan, Binyu Zang, Pen chung Yew, and Frederic T. Chong. From speculation to security: Practical and efficient information flow tracking using speculative hardware. Intl. Symposium on Computer Architecture (ISCA), 2008.

Digital Library

[8]

James Clause, Wanchun Li, and Alessandro Orso. Dytan: a generic dynamic taint analysis framework. In Proceedings of the International Symposium on Software Testing and Analysis(ISSTA), 2007.

Digital Library

[9]

Manuel Costa, Jon Crowcroft, Miguel Castro, Antony Rowstron, Lidong Zhou, Lintao Zhang, and Paul Barham. Vigilante: end-to-end containment of internet worms. In Proceedings of the ACM Symposium on Operating Systems Principles(SOSP), 2005.

Digital Library

[10]

Jedidiah R. Crandall and Frederic T. Chong. Minos: Control Data Attack Prevention Orthogonal to Memory Model. In Proceedings of the 37th annual IEEE/ACM International Symposium on Microarchitecture(MICRO), 2004.

Digital Library

[11]

Joan Daemen and Vincent Rijmen. The design of rijndael: Aes -- the advanced encryption standard. 2002.

Digital Library

[12]

Michael Dalton, Hari Kannan, and Christos Kozyrakis. Raksha: A Flexible Information Flow Architecture for Software Security. In 34th Intl. Symposium on Computer Architecture (ISCA), June 2007.

Digital Library

[13]

Dorothy E. Denning and Peter J. Denning. Certification of programs for secure information flow. Commun. ACM, 20(7), 1977.

Digital Library

[14]

Karine Gandolfi, Christophe Mourtel, and Francis Olivier. Electromagnetic Analysis: Concrete Results. In Cryptographic Hardware and Embedded Systems, volume 2162 of Lecture Notes in Computer Science, pages 251--261. Springer-Verlag, 2001.

Digital Library

[15]

Paul Kocher, Joshua Ja E, and Benjamin Jun. Differential power analysis. In Advances in Cryptology, pages 388--397. Springer-Verlag, 1999.

Digital Library

[16]

Paul C. Kocher. Timing attacks on implementations of die-hellman, rsa, dss, and other systems. pages 104--113. Springer-Verlag, 1996.

Digital Library

[17]

Lap Chung Lam and Tzi cker Chiueh. A general dynamic information flow tracking framework for security applications. In Proceedings of the 22nd Annual Computer Security Applications Conference on Annual Computer Security Applications Conference(ACSAC), 2006.

Digital Library

[18]

Ruby B. Lee, Peter C. S. Kwan, John P. Mcgregor, Jeffrey Dwoskin, and Zhenghong Wang. Architecture for protecting critical secrets in microprocessors. In Proceedings of the 32nd International Symposium on Computer Architecture (ISCA), 2005.

Digital Library

[19]

Shashidhar Mysore, Bita Mazloom, Banit Agrawal, and Timothy Sherwood. Understanding and Visualizing Full Systems with Data Flow Tomography. In Proceedings of the 13th International Conference on Architectural Support for Programming Languages and Operating Systems(ASPLOS), 2008.

Digital Library

[20]

Dag Arne Osvik, Adi Shamir, and Eran Tromer. Cache attacks and countermeasures: the case of aes. In Topics in Cryptology -- CTRSA 2006, The Cryptographers Track at the RSA Conference 2006, pages 1--20. Springer-Verlag, 2006.

Digital Library

[21]

Feng Qin, Cheng Wang, Zhenmin Li, Ho seop Kim, Yuanyuan Zhou, and Youfeng Wu. LIFT: A Low-Overhead Practical Information Flow Tracking System for Detecting General Security Attacks. In Annual IEEE/ACM International Symposium on Microarchitecture, December 2006.

Digital Library

[22]

Olatunji Ruwase, Phillip B. Gibbons, Todd C. Mowry, Vijaya Ramachandran, Shimin Chen, Michael Kozuch, and Michael Ryan. Parallelizing dynamic information flow tracking. In Proceedings of the twentieth annual Symposium on Parallelism in Algorithms and Architectures(SPAA), 2008.

Digital Library

[23]

K. Shimizu, H. P. Hofstee, and J. S. Liberty. Cell broadband engine processor vault security architecture. IBM J. Res. Dev., 51(5):521--528, 2007. ISSN 0018-8646.

Digital Library

[24]

G.E. Suh, J.W. Lee, D. Zhang, and S. Devadas. Secure Program Execution via Dynamic Information Flow Tracking. In Proceedings of the 11th international conference on Architectural Support for Programming Languages and Operating Systems(ASPLOS), 2004.

Digital Library

[25]

G.E. Suh, C.W. O'Donnell, and S. Devadas. Aegis: A single-chip secure processor. Design and Test of Computers, IEEE, 24(6):570--580, Nov.-Dec. 2007. ISSN 0740-7475.

Digital Library

[26]

Neil Vachharajani, Matthew J. Bridges, Jonathan Chang, Ram Rangan, Guilherme Ottoni, Jason A. Blome, George A. Reis, Manish Vachharajani, and David I. August. Rifle: An architectural framework for user-centric information-flow security. In MICRO 37: Proceedings of the 37th annual IEEE/ACM International Symposium on Microarchitecture, 2004.

Digital Library

[27]

Guru Venkataramani, Ioannis Doudalis, Yan Solihin, and Milos Prvulovic. Flexitaint: A programmable accelerator for dynamic taint propagation. In Fourteenth International Symposium on High Performance Computer Architecture (HPCA), 2008.

[28]

Philipp Vogt, Florian Nentwich, Nenad Jovanovic, Engin Kirda, Christopher Kruegel, and Giovanni Vigna. Cross-Site Scripting Prevention with Dynamic Data Tainting and Static Analysis. In Proceeding of the Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 2007.

[29]

Bin Xin and Xiangyu Zhang. Efficient online detection of dynamic control dependence. In ISSTA, pages 185--195, 2007.

Digital Library

[30]

Wei Xu, Sandeep Bhatkar, and R. Sekar. Taint-enhanced policy enforcement: A practical approach to defeat a wide range of attacks. In 15th USENIX Security Symposium, 2006.

Digital Library

Cited By

Qin MZhu JMao BHu W(2024)Hardware/software security co-verification and vulnerability detectionIntegration, the VLSI Journal10.1016/j.vlsi.2023.10208994:COnline publication date: 1-Jan-2024
https://dl.acm.org/doi/10.1016/j.vlsi.2023.102089
Meng XRaj KRay SBasu K(2023)SeVNoC: Security Validation of System-on-Chip Designs With NoC FabricsIEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems10.1109/TCAD.2022.317930742:2(672-682)Online publication date: Feb-2023
https://doi.org/10.1109/TCAD.2022.3179307
Goli MDrechsler RGoli MDrechsler R(2023)Anwendung II: SicherheitsvalidierungAutomatisierte Analyse von virtuellen Prototypen auf der Ebene elektronischer Systeme10.1007/978-3-031-36997-1_5(113-134)Online publication date: 20-Sep-2023
https://doi.org/10.1007/978-3-031-36997-1_5
Show More Cited By

Index Terms

Complete information flow tracking from the gates up
1. Computer systems organization
  1. Embedded and cyber-physical systems
  2. Real-time systems

Recommendations

Hardware Information Flow Tracking

Information flow tracking (IFT) is a fundamental computer security technique used to understand how information moves through a computing system. Hardware IFT techniques specifically target security vulnerabilities related to the design, verification, ...
Complete information flow tracking from the gates up
ASPLOS XIV: Proceedings of the 14th international conference on Architectural support for programming languages and operating systems

For many mission-critical tasks, tight guarantees on the flow of information are desirable, for example, when handling important cryptographic keys or sensitive financial data. We present a novel architecture capable of tracking all information flow ...
Complete information flow tracking from the gates up
ASPLOS 2009

For many mission-critical tasks, tight guarantees on the flow of information are desirable, for example, when handling important cryptographic keys or sensitive financial data. We present a novel architecture capable of tracking all information flow ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM SIGPLAN Notices

ACM SIGPLAN Notices Volume 44, Issue 3

ASPLOS 2009

March 2009

346 pages

ISSN:0362-1340

EISSN:1558-1160

DOI:10.1145/1508284

Issue’s Table of Contents

ASPLOS XIV: Proceedings of the 14th international conference on Architectural support for programming languages and operating systems
March 2009
358 pages
ISBN:9781605584065
DOI:10.1145/1508244
General Chair:
Mary Lou Soffa
University of Virginia, USA
,
Program Chair:
Mary Jane Irwin
Penn State University, USA

Copyright © 2009 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 07 March 2009

Published in SIGPLAN Volume 44, Issue 3

Check for updates

Author Tags

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

224
Total Citations
View Citations
1,548
Total Downloads

Downloads (Last 12 months)102
Downloads (Last 6 weeks)19

Reflects downloads up to 16 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Qin MZhu JMao BHu W(2024)Hardware/software security co-verification and vulnerability detectionIntegration, the VLSI Journal10.1016/j.vlsi.2023.10208994:COnline publication date: 1-Jan-2024
https://dl.acm.org/doi/10.1016/j.vlsi.2023.102089
Meng XRaj KRay SBasu K(2023)SeVNoC: Security Validation of System-on-Chip Designs With NoC FabricsIEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems10.1109/TCAD.2022.317930742:2(672-682)Online publication date: Feb-2023
https://doi.org/10.1109/TCAD.2022.3179307
Goli MDrechsler RGoli MDrechsler R(2023)Anwendung II: SicherheitsvalidierungAutomatisierte Analyse von virtuellen Prototypen auf der Ebene elektronischer Systeme10.1007/978-3-031-36997-1_5(113-134)Online publication date: 20-Sep-2023
https://doi.org/10.1007/978-3-031-36997-1_5
Farahmandi FRahman MRajendran STehranipoor MFarahmandi FRahman MRajendran STehranipoor M(2023)CAD for Information Leakage AssessmentCAD for Hardware Security10.1007/978-3-031-26896-0_4(81-102)Online publication date: 28-Jan-2023
https://doi.org/10.1007/978-3-031-26896-0_4
Zhang QLiu LYuan YZhang ZHe JGao YLi YGuo XZhao Y(2022)A Gate-Level Information Leakage Detection Framework of Sequential Circuit Using Z3Electronics10.3390/electronics1124421611:24(4216)Online publication date: 16-Dec-2022
https://doi.org/10.3390/electronics11244216
Meng XKundu SKanuparthi ABasu K(2022)RTL-ConTest: Concolic Testing on RTL for Detecting Security VulnerabilitiesIEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems10.1109/TCAD.2021.306656041:3(466-477)Online publication date: Mar-2022
https://doi.org/10.1109/TCAD.2021.3066560
Deutschbein CMeza ARestuccia FKastner RSturton C(2022)Isadora: automated information-flow property generation for hardware security verificationJournal of Cryptographic Engineering10.1007/s13389-022-00306-w13:4(391-407)Online publication date: 11-Nov-2022
https://doi.org/10.1007/s13389-022-00306-w
Dangwal DZhang ZCrandall JSherwood T(2021)Context-Aware Privacy-Optimizing Address Tracing2021 International Symposium on Secure and Private Execution Environment Design (SEED)10.1109/SEED51797.2021.00027(150-162)Online publication date: Sep-2021
https://doi.org/10.1109/SEED51797.2021.00027
Hu WArdeshiricham AWu LKastner R(2021)Integrating Information Flow Tracking into High-Level Synthesis Design FlowBehavioral Synthesis for Hardware Security10.1007/978-3-030-78841-4_16(365-387)Online publication date: 28-May-2021
https://doi.org/10.1007/978-3-030-78841-4_16
Sapountzis NSun RWei XJin YCrandall JOliveira D(2020)MITOS: Optimal Decisioning for the Indirect Flow Propagation Dilemma in Dynamic Information Flow Tracking Systems2020 IEEE 40th International Conference on Distributed Computing Systems (ICDCS)10.1109/ICDCS47774.2020.00093(1090-1100)Online publication date: Nov-2020
https://doi.org/10.1109/ICDCS47774.2020.00093
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Issue’s Table of Contents