Timing Aware Information Flow Security for a JavaCard-like Bytecode |
| |
Authors: | Daniel Hedin David Sands |
| |
Affiliation: | Department of Computing Science, Chalmers, Goteborg, Sweden |
| |
Abstract: | Common protection mechanisms fail to provide end-to-end security; programs with legitimate access to secret information are not prevented from leaking this to the world. Information-flow aware analyses track the flow of information through the program to prevent such leakages, but often ignore information flows through covert channels even though they pose a serious threat. A typical covert channel is to use the timing of certain events to carry information. We present a timing-aware information-flow type system for a low-level language similar to a non-trivial subset of a sequential Java bytecode. The type system is parameterized over the time model of the instructions of the language and over the algorithm enforcing low-observational equivalence, used in the prevention of implicit and timing flows. |
| |
Keywords: | covert channels information flow security bytecode |
本文献已被 ScienceDirect 等数据库收录! |