Skip to main content
Disciplines
Automotive Business IT + Informatics Construction + Real Estate Electrical Engineering + Electronics Energy + Sustainability Insurance + Risk Finance + Banking Management + Leadership Marketing + Sales Mechanical Engineering + Materials
Events
DE
EN
Books
Journals
Topic Page
Marketing
Start single access now
Access for companies
EXTENDED SEARCH
Log in
Top
Published in:
DeepSafe: A Data-Driven Approach for Assessing Robustness of Neural Networks Read chapter Read first chapter

2018 | OriginalPaper | Chapter

Information Leakage in Arbiter Protocols

Authors : Nestan Tsiskaridze, Lucas Bang, Joseph McMahan, Tevfik Bultan, Timothy Sherwood

Published in: Automated Technology for Verification and Analysis

Publisher: Springer International Publishing

Log in

Activate our intelligent search to find suitable subject content or patents.

search-config
loading …

Abstract

Resource sharing while preserving privacy is an increasingly important problem due to a wide-scale adoption of cloud computing. Under multitenancy, it is common to have multiple mutually distrustful “processes” (e.g. cores, threads, etc.) running on the same system simultaneously. This paper explores a new approach for automatically identifying and quantifying the information leakage in protocols that arbitrate utilization of shared resources between processes. Our approach is based on symbolic execution of arbiter protocols to extract constraints relating adversary observations to victim requests, then using model counting constraint solvers to quantify the information leaked. We present enumerative and optimized methods of exact model counting, and apply our methods to a set of nine different arbiter protocols, quantifying their leakage under different scenarios and allowing for informed comparison.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

inform now
previous chapter PSense: Automatic Sensitivity Analysis for Probabilistic Programs
next chapter Neural State Classification for Hybrid Systems
Literature
1.
2.
Backes, M., Kopf, B., Rybalchenko, A.: Automatic discovery and quantification of information leaks. In: Proceedings of the 30th IEEE Symposium on Security and Privacy, SP 2009, Washington, DC, USA (2009)
3.
Backes, M., Pfitzmann, B.: Computational probabilistic noninterference. Int. J. Inf. Sec. 3(1), 42–60 (2004)CrossRef
4.
Cabuk, S., Brodley, C.E., Shields, C.: IP covert channel detection. ACM Trans. Inf. Syst. Secur. 12(4), 22:1–22:29 (2009)CrossRef
5.
Chothia, T., Kawamoto, Y., Novakovic, C.: Leakwatch: estimating information leakage from java programs. In: Proceedings of 19th European Symposium on Research in Computer Security, Computer Security - ESORICS 2014 (2014)
6.
Clark, D., Hunt, S., Malacaria, P.: A static analysis for quantifying information flow in a simple imperative language. J. Comput. Secur. 15(3), 321–371 (2007)CrossRef
7.
Ensafi, R., Park, J.C., Kapur, D., Crandall, J.R.: Idle port scanning and non-interference analysis of network protocol stacks using model checking. In: 19th USENIX Security Symposium, Washington, DC, USA (2010)
8.
Ferraiuolo, A., Hua, W., Myers, A.C., Suh, G.E.: Secure information flow verification with mutable dependent types. In: Proceedings of the 54th Annual Design Automation Conference, DAC 2017 (2017)
9.
Gong, X., Kiyavash, A.: Quantifying the information leakage in timing side channels in deterministic work-conserving schedulers. IEEE/ACM Trans. Netw. 24(3), 1841–1852 (2016)CrossRef
10.
Guo, S., Wu, M., Wang, C.: Symbolic execution of programmable logic controller code. In: ESEC/SIGSOFT FSE (2017)
11.
Gupta, J., Goel, N.: Efficient bus arbitration protocol for SoC design. In: 2015 International Conference on Smart Technologies and Management for Computing, Communication, Controls, Energy and Materials (ICSTM) (2015)
12.
Heusser, J., Malacaria, P.: Quantifying information leaks in software. In: Twenty-Sixth Annual Computer Security Applications Conference, ACSAC 2010, Austin, Texas, USA, 6–10 December 2010, pp. 261–269 (2010)
13.
Hughes, D.J.D., Shmatikov, V.: Information hiding, anonymity and privacy: a modular approach. J. Comput. Secur. 12(1), 3–36 (2004)CrossRef
14.
Kadloor, S., Kiyavash, N.: Delay optimal policies offer very little privacy. In: Proceedings of the IEEE INFOCOM 2013, Turin, Italy (2013)
15.
16.
Köpf, B., Basin, D.A.: An information-theoretic model for adaptive side-channel attacks. In: Proceedings of the ACM Conference on Computer and Communications Security, CCS 2007, Alexandria, Virginia, USA (2007)
17.
De Loera, J.A., Hemmecke, R., Tauzer, J., Yoshida, R.: Effective lattice point counting in rational convex polytopes. J. Symb. Comput. 38(4), 1273–1302 (2004)MathSciNetCrossRef
18.
Malacaria, P., Khouzani, M.H.R., Pasareanu, C.S., Phan, Q.S., Luckow, K.: Symbolic side-channel analysis for probabilistic programs. IACR Cryptology ePrint Archive, 2018, p. 329 (2018)
19.
McCamant, S., Ernst, M.D.: Quantitative information flow as network flow capacity. In: Proceedings of the ACM SIGPLAN 2008 Conference on Programming Language Design and Implementation, Tucson, AZ, USA (2008)
20.
Phan, Q.S., Bang, L., Pasareanu, C.S., Malacaria, P., Bultan, T.: Synthesis of adaptive side-channel attacks. In: 30th IEEE Computer Security Foundations Symposium, CSF 2017, Santa Barbara, CA, USA (2017)
21.
Phan, Q.-S., Malacaria, P., Tkachuk, O., Pasareanu, C.S.: Symbolic quantitative information flow. ACM SIGSOFT Softw. Eng. Notes 37(6), 1–5 (2012)CrossRef
22.
Păsăreanu, C.S., Phan, Q.S., Malacaria, P.: Multi-run side-channel analysis using Symbolic Execution and Max-SMT. In: 29th IEEE Computer Security Foundations Symposium, CSF 2016, Washington, DC, USA (2016)
23.
Păsăreanu, C.S., Visser, W., Bushnell, D., Geldenhuys, J., Mehlitz, P., Rungta, N.: Symbolic PathFinder: integrating symbolic execution with model checking for Java bytecode analysis. ASE 20, 391 (2013)
24.
Sellke, S.H., Wang, C.C., Shroff, N.E., Bagchi, S.: Capacity bounds on timing channels with bounded service times. In: 2007 IEEE International Symposium on Information Theory, pp. 981–985 (2007)
25.
Smith, G.: On the foundations of quantitative information flow. In: Proceedings of the 12th International Conference on Foundations of Software Science and Computational Structures (FOSSACS), pp. 288–302 (2009)CrossRef
26.
Wang, C., Patrick, S.: Security by compilation: an automated approach to comprehensive side-channel resistance. ACM SIGLOG News 4(2), 76–89 (2017)
Metadata
Title
Information Leakage in Arbiter Protocols
Authors
Nestan Tsiskaridze
Lucas Bang
Joseph McMahan
Tevfik Bultan
Timothy Sherwood
Copyright Year
2018
Book
Automated Technology for Verification and Analysis

Print ISBN: 978-3-030-01089-8

Electronic ISBN: 978-3-030-01090-4

Copyright Year: 2018

DOI
https://doi.org/10.1007/978-3-030-01090-4_24

Premium Partner

    Image Credits