Building intrusion-tolerant secure software

Author

Zhang, Tao ; Zhuang, Xiaotong ; Pande, Santosh

Author_Institution

Coll. of Comput., Georgia Inst. of Technol., Atlanta, GA, USA

fYear

2005

fDate

20-23 March 2005

Firstpage

255

Lastpage

266

Abstract

In this work, we develop a secret sharing based compiler solution to achieve confidentiality, integrity and availability (intrusion tolerance) of critical data together, rather than tackling them one by one as in previous approaches. Under our scheme, the compiler automatically identifies some critical data values, whereas the user specifies some others. The compiler generates code for scattering/assembling and verifying of those critical data values using secret sharing scheme. In this way, we achieve data confidentiality and integrity. We also provide mechanisms to gracefully recover upon data tampering, achieving intrusion tolerance. The implementation of our secret sharing scheme is carefully crafted to achieve low overhead. We further propose several compiler optimizations such as secret-sharing-aware register allocation, rematerialization etc. to reduce the cost of secret sharing further, making our scheme a practical solution in a high performance system.

Keywords

optimising compilers; security of data; software fault tolerance; compiler generated code; compiler optimization; data availability; data confidentiality; data integrity; data tampering; intrusion-tolerant secure software; secret sharing based compiler; secret-sharing-aware register allocation; Assembly; Cryptography; Data security; Educational institutions; Hardware; Information security; Optimizing compilers; Registers; Scattering; Telecommunication computing;

fLanguage

English

Publisher

ieee

Conference_Titel

Code Generation and Optimization, 2005. CGO 2005. International Symposium on

Print_ISBN

0-7695-2298-X

Type

conf

DOI

10.1109/CGO.2005.8

Filename

1402093