research-article

Language-based control and mitigation of timing channels

Authors:

Andrew C. MyersAuthors Info & Claims

PLDI '12: Proceedings of the 33rd ACM SIGPLAN Conference on Programming Language Design and Implementation

Pages 99 - 110

https://doi.org/10.1145/2254064.2254078

Published: 11 June 2012 Publication History

Abstract

We propose a new language-based approach to mitigating timing channels. In this language, well-typed programs provably leak only a bounded amount of information over time through external timing channels. By incorporating mechanisms for predictive mitigation of timing channels, this approach also permits a more expressive programming model. Timing channels arising from interaction with underlying hardware features such as instruction caches are controlled. Assumptions about the underlying hardware are explicitly formalized, supporting the design of hardware that efficiently controls timing channels. One such hardware design is modeled and used to show that timing channels can be controlled in some simple programs of real-world significance.

References

[1]

O. Acıiçmez. Yet another microarchitectural attack: Exploiting I-cache. In Proceedings of the ACM Workshop on Computer Security Architecture (CSAW '07), pages 11--18, 2007.

Digital Library

[2]

O. Acıiçmez, C. Koç, and J. Seifert. On the power of simple branch prediction analysis. In ASIACCS, pages 312--320, 2007.

Digital Library

[3]

J. Agat. Transforming out timing leaks. In Proc. 27th ACM Symp. on Principles of Programming Languages (POPL), pages 40--53, Boston, MA, January 2000.

Digital Library

[4]

A. Askarov, S. Hunt, A. Sabelfeld, and D. Sands. Termination-insensitive noninterference leaks more than just a bit. In ESORICS, pages 333--348, October 2008.

Digital Library

[5]

A. Askarov, D. Zhang, and A. C. Myers. Predictive black-box mitigation of timing channels. In ACM Conf. on Computer and Communications Security (CCS), pages 297--307, October 2010.

Digital Library

[6]

G. Barthe, T. Rezk, and M. Warnier. Preventing timing leaks through transactional branching instructions. Electronic Notes in Theoretical Computer Science, 153(2):33--55, 2006.

Digital Library

[7]

A. Bortz and D. Boneh. Exposing private information by timing web applications. In Proc. 16th Int'l World-Wide Web Conf., May 2007.

Digital Library

[8]

D. Brumley and D. Boneh. Remote timing attacks are practical. Computer Networks, January 2005.

Digital Library

[9]

D. C. Burger and T. M. Austin. The SimpleScalar tool set, version 3.0. Technical Report CS-TR-97-1342, University of Wisconsin, Madison, June 1997.

[10]

B. Coppens, I. Verbauwhede, K. D. Bosschere, and B. D. Sutter. Practical mitigations for timing-based side-channel attacks on modern x86 processors. IEEE Symposium on Security and Privacy, pages 45--60, 2009.

Digital Library

[11]

D. E. Denning. Cryptography and Data Security. Addison-Wesley, Reading, Massachusetts, 1982.

Digital Library

[12]

D. Devriese and F. Piessens. Noninterference through secure multi-execution. In IEEE Symposium on Security and Privacy, pages 109--124, May 2010.

Digital Library

[13]

J. Giffin, R. Greenstadt, P. Litwack, and R. Tibbetts. Covert messaging through TCP timestamps. Privacy Enhancing Technologies, Lecture Notes in Computer Science, 2482(2003):189--193, 2003.

Digital Library

[14]

D. Gullasch, E. Bangerter, and S. Krenn. Cache games-bringing access-based cache attacks on AES to practice. In IEEE Symposium on Security and Privacy, pages 490--505, 2011.

Digital Library

[15]

D. Hedin and D. Sands. Timing aware information flow security for a JavaCard-like bytecode. Electronic Notes in Theoretical Computer Science, 141(1):163--182, 2005.

Digital Library

[16]

M. Huisman, P. Worah, and K. Sunesen. A temporal logic characterisation of observational determinism. In Proc. 19th IEEE Computer Security Foundations Workshop, 2006.

Digital Library

[17]

V. Kashyap, B. Wiedermann, and B. Hardekopf. Timing- and termination-sensitive secure information flow: Exploring a new approach. In IEEE Symposium on Security and Privacy, pages 413--430, May 2011.

Digital Library

[18]

P. Kocher. Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In Advances in Cryptology-CRYPTO'96, August 1996.

Digital Library

[19]

J. Kong, O. Acıiçmez, J.-P. Seifert, and H. Zhou. Deconstructing new cache designs for thwarting software cache-based side channel attacks. In Proceedings of the 2nd ACM Workshop on Computer Security Architectures, pages 25--34, 2008.

Digital Library

[20]

B. Köpf and M. Dürmuth. A provably secure and efficient countermeasure against timing attacks. In 2009 IEEE Computer Security Foundations, July 2009.

Digital Library

[21]

X. Li, M. Tiwari, J. Oberg, V. Kashyap, F. Chong, T. Sherwood, and B. Hardekopf. Caisson: a hardware description language for secure information flow. In ACM SIGPLAN Conference on Programming Language Design and Implementation, pages 109--120, 2011.

Digital Library

[22]

J. K. Millen. Covert channel capacity. In Proc. IEEE Symposium on Security and Privacy, Oakland, CA, April 1987.

[23]

D. Molnar, M. Piotrowski, D. Schultz, and D. Wagner. The program counter security model: automatic detection and removal of control-flow side channel attacks. Cryptology ePrint archive: report 2005/368, 2005.

[24]

D. Osvik, A. Shamir, and E. Tromer. Cache attacks and counter measures: the case of AES. Topics in Cryptology-CT-RSA 2006, January 2006.

Digital Library

[25]

D. Page. Partitioned cache architecture as a side-channel defense mechanism. In Cryptology ePrint Archive, Report 2005/280, 2005.

[26]

A. Russo and A. Sabelfeld. Securing interaction between threads and the scheduler. In Proc. 19th IEEE Computer Security Foundations Workshop, 2006.

Digital Library

[27]

A. Sabelfeld and A. C. Myers. Language-based information-flow security. IEEE Journal on Selected Areas in Communications, 21(1):5--19, January 2003.

Digital Library

[28]

A. Sabelfeld and D. Sands. Probabilistic noninterference for multi-threaded programs. In Proc. 13th IEEE Computer Security Foundations Workshop, pages 200--214. IEEE Computer Society Press, July 2000.

Digital Library

[29]

S. Sellke, C. Wang, and S. Bagchi. TCP/IP timing channels: Theory to implementation. In Proc. INFOCOM 2009, pages 2204--2212, January 2009.

[30]

G. Smith. A new type system for secure information flow. In Proc. 14th IEEE Computer Security Foundations Workshop, pages 115--125, June 2001.

Digital Library

[31]

G. Smith. On the foundations of quantitative information flow. Foundations of Software Science and Computational Structures, 5504:288--302, 2009.

[32]

G. Smith and D. Volpano. Secure information flow in a multi-threaded imperative language. In Proc. 25th ACM Symp. on Principles of Programming Languages (POPL), pages 355--364, January 1998.

Digital Library

[33]

D. Volpano and G. Smith. Eliminating covert flows with minimum typings. In Proc. 10th IEEE Computer Security Foundations Workshop, pages 156--168, 1997.

Digital Library

[34]

Z. Wang and R. Lee. Covert and side channels due to processor architecture. In ACSAC '06, pages 473--482, 2006.

Digital Library

[35]

Z. Wang and R. Lee. New cache designs for thwarting software cache-based side channel attacks. In Proceedings of the 34th annual international symposium on computer architecture (ISCA '07), pages 494--505, 2007.

Digital Library

[36]

J. C. Wray. An analysis of covert timing channels. In Proc. IEEE Symposium on Security and Privacy, pages 2--7, 1991.

[37]

S. Zdancewic and A. C. Myers. Observational determinism for concurrent program security. In Proc. 16th IEEE Computer Security Foundations Workshop, pages 29--43, June 2003.

[38]

D. Zhang, A. Askarov, and A. C. Myers. Predictive mitigation of timing channels in interactive systems. In ACM Conf. on Computer and Communications Security (CCS), pages 563--574, October 2011.

Digital Library

[39]

D. Zhang, A. Askarov, and A. C. Myers. Language mechanisms for controlling and mitigating timing channels. Technical report, Cornell University, March 2012. http://hdl.handle.net/1813/28635.

Cited By

Zhao YQu GZhang QLi YLi ZHe J(2024)Static Gate-Level Information Flow for Hardware Information Security with Bounded Model Checking2024 IEEE 42nd VLSI Test Symposium (VTS)10.1109/VTS60656.2024.10538813(1-7)Online publication date: 22-Apr-2024
https://doi.org/10.1109/VTS60656.2024.10538813
Sadhukhan RSaha SParia SBhunia SMukhopadhyay D(2024)VALIANT: An EDA Flow for Side-Channel Leakage Evaluation and Tailored ProtectionIEEE Transactions on Computers10.1109/TC.2023.333316473:2(436-450)Online publication date: 1-Feb-2024
https://dl.acm.org/doi/10.1109/TC.2023.3333164
Blaabjerg JAskarov A(2023)OblivIO: Securing Reactive Programs by Oblivious Execution with Bounded Traffic Overheads2023 IEEE 36th Computer Security Foundations Symposium (CSF)10.1109/CSF57540.2023.00014(292-307)Online publication date: Jul-2023
https://doi.org/10.1109/CSF57540.2023.00014
Show More Cited By

Index Terms

Language-based control and mitigation of timing channels

Recommendations

A Hardware Design Language for Timing-Sensitive Information-Flow Security
ASPLOS '15: Proceedings of the Twentieth International Conference on Architectural Support for Programming Languages and Operating Systems

Information security can be compromised by leakage via low-level hardware features. One recently prominent example is cache probing attacks, which rely on timing channels created by caches. We introduce a hardware design language, SecVerilog, which ...
A Hardware Design Language for Timing-Sensitive Information-Flow Security
ASPLOS '15

Information security can be compromised by leakage via low-level hardware features. One recently prominent example is cache probing attacks, which rely on timing channels created by caches. We introduce a hardware design language, SecVerilog, which ...
Predictive mitigation of timing channels in interactive systems
CCS '11: Proceedings of the 18th ACM conference on Computer and communications security

Timing channels remain a difficult and important problem for information security. Recent work introduced predictive mitigation, a new way to mitigating leakage through timing channels; this mechanism works by predicting timing from past behavior, and ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

PLDI '12: Proceedings of the 33rd ACM SIGPLAN Conference on Programming Language Design and Implementation

June 2012

572 pages

ISBN:9781450312059

DOI:10.1145/2254064

General Chairs:
Jan Vitek
Purdue University
,
Haibo Lin
Microsoft China
,
Program Chair:
Frank Tip
IBM T.J. Watson Research Center

ACM SIGPLAN Notices Volume 47, Issue 6
PLDI '12
June 2012
534 pages
ISSN:0362-1340
EISSN:1558-1160
DOI:10.1145/2345156
Issue’s Table of Contents

Copyright © 2012 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGPLAN: ACM Special Interest Group on Programming Languages

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 11 June 2012

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

PLDI '12

Sponsor:

SIGPLAN

PLDI '12: ACM SIGPLAN Conference on Programming Language Design and Implementation

June 11 - 16, 2012

Beijing, China

Acceptance Rates

PLDI '12 Paper Acceptance Rate 48 of 255 submissions, 19%;

Overall Acceptance Rate 406 of 2,067 submissions, 20%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

118
Total Citations
View Citations
662
Total Downloads

Downloads (Last 12 months)36
Downloads (Last 6 weeks)4

Reflects downloads up to 23 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Zhao YQu GZhang QLi YLi ZHe J(2024)Static Gate-Level Information Flow for Hardware Information Security with Bounded Model Checking2024 IEEE 42nd VLSI Test Symposium (VTS)10.1109/VTS60656.2024.10538813(1-7)Online publication date: 22-Apr-2024
https://doi.org/10.1109/VTS60656.2024.10538813
Sadhukhan RSaha SParia SBhunia SMukhopadhyay D(2024)VALIANT: An EDA Flow for Side-Channel Leakage Evaluation and Tailored ProtectionIEEE Transactions on Computers10.1109/TC.2023.333316473:2(436-450)Online publication date: 1-Feb-2024
https://dl.acm.org/doi/10.1109/TC.2023.3333164
Blaabjerg JAskarov A(2023)OblivIO: Securing Reactive Programs by Oblivious Execution with Bounded Traffic Overheads2023 IEEE 36th Computer Security Foundations Symposium (CSF)10.1109/CSF57540.2023.00014(292-307)Online publication date: Jul-2023
https://doi.org/10.1109/CSF57540.2023.00014
Ammanaghatta Shivakumar BBarthe GGrégoire BLaporte VPriya SYin HStavrou ACremers CShi E(2022)Enforcing Fine-grained Constant-time PoliciesProceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security10.1145/3548606.3560689(83-96)Online publication date: 7-Nov-2022
https://dl.acm.org/doi/10.1145/3548606.3560689
Jiang KBao YWang SLiu ZZhang TYin HStavrou ACremers CShi E(2022)Cache Refinement Type for Side-Channel Detection of Cryptographic SoftwareProceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security10.1145/3548606.3560672(1583-1597)Online publication date: 7-Nov-2022
https://dl.acm.org/doi/10.1145/3548606.3560672
Sun WYan ZXu XDing WGao L(2022)Software Side Channel Vulnerability Detection Based on Similarity Calculation and Deep Learning2022 IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)10.1109/TrustCom56396.2022.00112(800-809)Online publication date: Dec-2022
https://doi.org/10.1109/TrustCom56396.2022.00112
Xu ZYin LLyu YWang HQu GWang D(2022)CacheGuard: A Behavior Model Checker for Cache Timing Side-Channel Security: (Invited Paper)2022 27th Asia and South Pacific Design Automation Conference (ASP-DAC)10.1109/ASP-DAC52403.2022.9712560(19-24)Online publication date: 17-Jan-2022
https://doi.org/10.1109/ASP-DAC52403.2022.9712560
Borrello PD'Elia DQuerzoni LGiuffrida CKim YKim JVigna GShi E(2021)Constantine: Automatic Side-Channel Resistance Using Efficient Control and Data Flow LinearizationProceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security10.1145/3460120.3484583(715-733)Online publication date: 12-Nov-2021
https://dl.acm.org/doi/10.1145/3460120.3484583
Blaabjerg JAskarov A(2021)Towards Language-Based Mitigation of Traffic Analysis Attacks2021 IEEE 34th Computer Security Foundations Symposium (CSF)10.1109/CSF51468.2021.00030(1-15)Online publication date: Jun-2021
https://doi.org/10.1109/CSF51468.2021.00030
Bastys IBalliu MRezk TSabelfeld A(2020)Clockwork: Tracking Remote Timing Attacks2020 IEEE 33rd Computer Security Foundations Symposium (CSF)10.1109/CSF49147.2020.00032(350-365)Online publication date: Jun-2020
https://doi.org/10.1109/CSF49147.2020.00032
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents