Title :
Statically Checking Confidentiality of Shared Memory Programs with Dynamic Labels
Author_Institution :
Dept. of Comput. Sci., Tech. Univ. Dresden, Dresden
Abstract :
At WITS 2005, Warmer et al. published an algorithm to statically check confidentiality of programs with dynamic labels. Unlike prior approaches, their method allows for temporary breaches of confidentiality. However, they share the commonly made assumption that programs run entirely in private memory. Thus, interaction with and observation of the checked program is restricted to program start and termination respectively. This paper extends Warnier´s approach in two fundamental aspects: shared memory and synchronisation. Through shared memory other programs may observe and interact with the checked program at memory-access granularity. Synchronisation renders parts of the shared memory inaccessible to those programs which adhere to the locking policy. We provide a mechanically-checked soundness proof and show the effectiveness of a countermeasure to the AES cache side-channel attack.
Keywords :
cache storage; concurrency control; cryptography; program diagnostics; program verification; shared memory systems; synchronisation; AES cache side-channel attack; concurrency control; dynamic label; locking policy; mechanically-checked soundness proof; memory-access granularity; program synchronisation; shared-memory program; static confidentiality checking; Availability; Computer security; Concrete; Cryptography; Information security; Labeling; Network servers; Virtual manufacturing; Voice mail; Workstations; information flow; language-based security;
Conference_Titel :
Availability, Reliability and Security, 2008. ARES 08. Third International Conference on
Conference_Location :
Barcelona
Print_ISBN :
978-0-7695-3102-1
DOI :
10.1109/ARES.2008.56
