Timing-Sensitive Synchronization for Efficient Secure Multi-Execution
Pages 153 - 164
Abstract
Secure Multi-Execution (SME) is a promising solution for precise automatic information flow control that can be used to transform potentially vulnerable programs into secure variants. However, due to the multi-execution, it comes with high resource demands. Recently proposed efficient optimizations of SME, such as Faceted Secure Multi-Execution (FSME) and Demand-Driven Secure Multi-Execution (DDSME), unfortunately cannot uphold the same level of security with regards to attacks on the timing-channel. In this paper, we propose a novel, queue-based synchronization scheme for DDSME (Q-DDSME) that guarantees (indirect) termination- and timing-sensitive non-interference. To show that our improvement is applicable to existing programs, we implemented a Q-DDSME prototype for compiled code and provide evidence that it is (i) more efficient than unoptimized SME in realistic scenarios, (ii) guarantees (indirect) termination- and timing-sensitive non-interference, and (iii) preserves per-channel transparency. This is an important result that shows that more efficient solutions can be used without sacrificing security.
References
[1]
Thomas H Austin and Cormac Flanagan. 2012. Multiple facets for dynamic information flow. In ACM Sigplan Notices, Vol. 47. ACM, 165--178.
[2]
Gogul Balakrishnan and Thomas Reps. 2010. WYSINWYX: What You See is Not What You eXecute. ACM Trans. Program. Lang. Syst., Vol. 32, 6, Article 23 (#aug# 2010), bibinfonumpages84 pages. https://doi.org/10.1145/1749608.1749612
[3]
Gilles Barthe, Pedro R D'Argenio, and Tamara Rezk. 2004. Secure information flow by self-composition. In Computer Security Foundations Workshop, 2004. Proceedings. 17th IEEE. IEEE, 100--114.
[4]
Nataliia Bielova and Tamara Rezk. 2016. A Taxonomy of Information Flow Monitors. Springer Berlin Heidelberg, Berlin, Heidelberg, 46--67. https://doi.org/10.1007/978-3-662-49635-0_3
[5]
David Brumley, Ivan Jager, Thanassis Avgerinos, and Edward J Schwartz. 2011. BAP: A binary analysis platform. In International Conference on Computer Aided Verification. Springer, 463--469.
[6]
David Clark, Sebastian Hunt, and Pasquale Malacaria. 2004. Quantified interference: Information theory and information flow. In Workshop on Issues in the Theory of Security (WITS'04).
[7]
Michael R Clarkson and Fred B Schneider. 2010. Hyperproperties. Journal of Computer Security, Vol. 18, 6 (2010), 1157--1210.
[8]
Willem De Groef, Dominique Devriese, Nick Nikiforakis, and Frank Piessens. 2012. FlowFox: a web browser with flexible and precise information flow control. In Proceedings of the 2012 ACM conference on Computer and communications security. ACM, 748--759.
[9]
Dominique Devriese and Frank Piessens. 2010. Noninterference through secure multi-execution. In Security and Privacy (SP), 2010 IEEE Symposium on. IEEE, 109--124.
[10]
Joseph A Goguen and José Meseguer. 1982. Security policies and security models. In Security and Privacy, 1982 IEEE Symposium on. IEEE, 11--11.
[11]
Kevin W Hamlen, Greg Morrisett, and Fred B Schneider. 2006. Computability classes for enforcement mechanisms. ACM Transactions on Programming Languages and Systems (TOPLAS), Vol. 28, 1 (2006), 175--205.
[12]
Christian Hammer and Gregor Snelting. 2009. Flow-sensitive, context-sensitive, and object-sensitive information flow control based on program dependence graphs. International Journal of Information Security, Vol. 8, 6 (2009), 399--422.
[13]
Vineeth Kashyap, Ben Wiedermann, and Ben Hardekopf. 2011. Timing-and termination-sensitive secure information flow: Exploring a new approach. In Security and Privacy (SP), 2011 IEEE Symposium on. IEEE, 413--428.
[14]
Xiaozhu Meng and B Miller. 2015. Binary code is not easy. Technical Report. Tech. rep., Computer Sciences Department, University of Wisconsin, Madison.
[15]
M. Ngo, F. Piessens, and T. Rezk. 2018. Impossibility of Precise and Sound Termination-Sensitive Security Enforcements. In 2018 IEEE Symposium on Security and Privacy (SP). 496--513. https://doi.org/10.1109/SP.2018.00048
[16]
Tobias Pfeffer, Thomas Göthel, and Sabine Glesner. 2019. Efficient and Precise Information Flow Control for Machine Code through Demand-Driven Secure Multi-Execution. In Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy (CODASPY '19). ACM, New York, NY, USA, 197--208. https://doi.org/10.1145/3292006.3300040
[17]
Willard Rafnsson and Andrei Sabelfeld. 2016. Secure multi-execution: Fine-grained, declassification-aware, and transparent. Journal of Computer Security, Vol. 24, 1 (2016), 39--90.
[18]
Alejandro Russo and Andrei Sabelfeld. 2010. Dynamic vs. static flow-sensitive security analysis. In Computer Security Foundations Symposium (CSF), 2010 23rd IEEE. IEEE, 186--199.
[19]
Andrei Sabelfeld and Andrew C Myers. 2003. Language-based information-flow security. IEEE Journal on selected areas in communications, Vol. 21, 1 (2003), 5--19.
[20]
Andrei Sabelfeld and Alejandro Russo. 2009. From Dynamic to Static and Back: Riding the Roller Coaster of Information-Flow Control Research. In Ershov Memorial Conference, Vol. 5947. Springer, 352--365.
[21]
Thomas Schmitz, Maximilian Algehed, Cormac Flanagan, and Alejandro Russo. 2018. Faceted Secure Multi Execution. (2018).
[22]
Yan Shoshitaishvili, Ruoyu Wang, Christopher Salls, Nick Stephens, Mario Polino, Andrew Dutcher, John Grosen, Siji Feng, Christophe Hauser, Christopher Kruegel, and Giovanni Vigna. 2016. SoK: (State of) The Art of War: Offensive Techniques in Binary Analysis. In IEEE Symposium on Security and Privacy.
[23]
Venkatesh Srinivasan and Thomas Reps. 2016. An improved algorithm for slicing machine code. In ACM SIGPLAN Notices, Vol. 51. ACM, 378--393.
[24]
Tachio Terauchi and Alexander Aiken. 2005. Secure information flow as a safety problem. In SAS, Vol. 3672. Springer, 352--367.
[25]
Aydan R Yumerefendi, Benjamin Mickle, and Landon P Cox. 2007. TightLip: Keeping Applications from Spilling the Beans. In NSDI.
[26]
D. Zanarini, M. Jaskelioff, and A. Russo. 2013. Precise Enforcement of Confidentiality for Reactive Systems. In 2013 IEEE 26th Computer Security Foundations Symposium. 18--32. https://doi.org/10.1109/CSF.2013.9
Index Terms
- Timing-Sensitive Synchronization for Efficient Secure Multi-Execution
Recommendations
Secure Multi-execution: Fine-Grained, Declassification-Aware, and Transparent
CSF '13: Proceedings of the 2013 IEEE 26th Computer Security Foundations SymposiumRecently, much progress has been made on achieving information-flow security via secure multi-execution. Secure multi-execution (SME) is an elegant way to enforce security by executing a given program multiple times, once for each security level, while ...
Timing- and Termination-Sensitive Secure Information Flow: Exploring a New Approach
SP '11: Proceedings of the 2011 IEEE Symposium on Security and PrivacySecure information flow guarantees the secrecy and integrity of data, preventing an attacker from learning secret information (secrecy) or injecting untrusted information (integrity). Covert channels can be used to subvert these security guarantees, for ...
Faceted Secure Multi Execution
CCS '18: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications SecurityTo enforce non-interference, both Secure Multi-Execution (SME) and Multiple Facets (MF) rely on the introduction of multi-executions. The attractiveness of these techniques is that they are precise: secure programs running under SME or MF do not change ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
November 2019
209 pages
Copyright © 2019 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 11 November 2019
Check for updates
Author Tags
Qualifiers
- Research-article
Conference
CCS '19
Sponsor:
CCS '19: 2019 ACM SIGSAC Conference on Computer and Communications Security
November 11, 2019
London, United Kingdom
Acceptance Rates
Overall Acceptance Rate 37 of 108 submissions, 34%
Upcoming Conference
CCS '25
- Sponsor:
- sigsac
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 125Total Downloads
- Downloads (Last 12 months)5
- Downloads (Last 6 weeks)0
Reflects downloads up to 18 Nov 2024
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in