Skip to main content
SpringerLink
Log in

Information Leakage in Arbiter Protocols

  • Conference paper
  • First Online:
Automated Technology for Verification and Analysis (ATVA 2018)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 11138))

Abstract

Resource sharing while preserving privacy is an increasingly important problem due to a wide-scale adoption of cloud computing. Under multitenancy, it is common to have multiple mutually distrustful “processes” (e.g. cores, threads, etc.) running on the same system simultaneously. This paper explores a new approach for automatically identifying and quantifying the information leakage in protocols that arbitrate utilization of shared resources between processes. Our approach is based on symbolic execution of arbiter protocols to extract constraints relating adversary observations to victim requests, then using model counting constraint solvers to quantify the information leaked. We present enumerative and optimized methods of exact model counting, and apply our methods to a set of nine different arbiter protocols, quantifying their leakage under different scenarios and allowing for informed comparison.

This material is based on research sponsored by DARPA under the agreement number FA8750-15-2-0087 and the National Science Foundation under Grants No. 1740352, 1730309, 1717779, 1563935. The U.S. Government is authorized to reproduce and distribute reprints for Governmental purposes notwithstanding any copyright notation thereon. The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of DARPA or the U.S. Government.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Aydin, A., Bang, L., Bultan, T.: Automata-based model counting for string constraints. In: Kroening, D., Păsăreanu, C.S. (eds.) CAV 2015, Part I. LNCS, vol. 9206, pp. 255–272. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-21690-4_15

    Chapter  Google Scholar 

  2. Backes, M., Kopf, B., Rybalchenko, A.: Automatic discovery and quantification of information leaks. In: Proceedings of the 30th IEEE Symposium on Security and Privacy, SP 2009, Washington, DC, USA (2009)

    Google Scholar 

  3. Backes, M., Pfitzmann, B.: Computational probabilistic noninterference. Int. J. Inf. Sec. 3(1), 42–60 (2004)

    Article  Google Scholar 

  4. Cabuk, S., Brodley, C.E., Shields, C.: IP covert channel detection. ACM Trans. Inf. Syst. Secur. 12(4), 22:1–22:29 (2009)

    Article  Google Scholar 

  5. Chothia, T., Kawamoto, Y., Novakovic, C.: Leakwatch: estimating information leakage from java programs. In: Proceedings of 19th European Symposium on Research in Computer Security, Computer Security - ESORICS 2014 (2014)

    Google Scholar 

  6. Clark, D., Hunt, S., Malacaria, P.: A static analysis for quantifying information flow in a simple imperative language. J. Comput. Secur. 15(3), 321–371 (2007)

    Article  Google Scholar 

  7. Ensafi, R., Park, J.C., Kapur, D., Crandall, J.R.: Idle port scanning and non-interference analysis of network protocol stacks using model checking. In: 19th USENIX Security Symposium, Washington, DC, USA (2010)

    Google Scholar 

  8. Ferraiuolo, A., Hua, W., Myers, A.C., Suh, G.E.: Secure information flow verification with mutable dependent types. In: Proceedings of the 54th Annual Design Automation Conference, DAC 2017 (2017)

    Google Scholar 

  9. Gong, X., Kiyavash, A.: Quantifying the information leakage in timing side channels in deterministic work-conserving schedulers. IEEE/ACM Trans. Netw. 24(3), 1841–1852 (2016)

    Article  Google Scholar 

  10. Guo, S., Wu, M., Wang, C.: Symbolic execution of programmable logic controller code. In: ESEC/SIGSOFT FSE (2017)

    Google Scholar 

  11. Gupta, J., Goel, N.: Efficient bus arbitration protocol for SoC design. In: 2015 International Conference on Smart Technologies and Management for Computing, Communication, Controls, Energy and Materials (ICSTM) (2015)

    Google Scholar 

  12. Heusser, J., Malacaria, P.: Quantifying information leaks in software. In: Twenty-Sixth Annual Computer Security Applications Conference, ACSAC 2010, Austin, Texas, USA, 6–10 December 2010, pp. 261–269 (2010)

    Google Scholar 

  13. Hughes, D.J.D., Shmatikov, V.: Information hiding, anonymity and privacy: a modular approach. J. Comput. Secur. 12(1), 3–36 (2004)

    Article  Google Scholar 

  14. Kadloor, S., Kiyavash, N.: Delay optimal policies offer very little privacy. In: Proceedings of the IEEE INFOCOM 2013, Turin, Italy (2013)

    Google Scholar 

  15. Klebanov, V., Manthey, N., Muise, C.: SAT-based analysis and quantification of information flow in programs. In: Joshi, K., Siegle, M., Stoelinga, M., D’Argenio, P.R. (eds.) QEST 2013. LNCS, vol. 8054. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40196-1_16

    Chapter  Google Scholar 

  16. Köpf, B., Basin, D.A.: An information-theoretic model for adaptive side-channel attacks. In: Proceedings of the ACM Conference on Computer and Communications Security, CCS 2007, Alexandria, Virginia, USA (2007)

    Google Scholar 

  17. De Loera, J.A., Hemmecke, R., Tauzer, J., Yoshida, R.: Effective lattice point counting in rational convex polytopes. J. Symb. Comput. 38(4), 1273–1302 (2004)

    Article  MathSciNet  Google Scholar 

  18. Malacaria, P., Khouzani, M.H.R., Pasareanu, C.S., Phan, Q.S., Luckow, K.: Symbolic side-channel analysis for probabilistic programs. IACR Cryptology ePrint Archive, 2018, p. 329 (2018)

    Google Scholar 

  19. McCamant, S., Ernst, M.D.: Quantitative information flow as network flow capacity. In: Proceedings of the ACM SIGPLAN 2008 Conference on Programming Language Design and Implementation, Tucson, AZ, USA (2008)

    Google Scholar 

  20. Phan, Q.S., Bang, L., Pasareanu, C.S., Malacaria, P., Bultan, T.: Synthesis of adaptive side-channel attacks. In: 30th IEEE Computer Security Foundations Symposium, CSF 2017, Santa Barbara, CA, USA (2017)

    Google Scholar 

  21. Phan, Q.-S., Malacaria, P., Tkachuk, O., Pasareanu, C.S.: Symbolic quantitative information flow. ACM SIGSOFT Softw. Eng. Notes 37(6), 1–5 (2012)

    Article  Google Scholar 

  22. Păsăreanu, C.S., Phan, Q.S., Malacaria, P.: Multi-run side-channel analysis using Symbolic Execution and Max-SMT. In: 29th IEEE Computer Security Foundations Symposium, CSF 2016, Washington, DC, USA (2016)

    Google Scholar 

  23. Păsăreanu, C.S., Visser, W., Bushnell, D., Geldenhuys, J., Mehlitz, P., Rungta, N.: Symbolic PathFinder: integrating symbolic execution with model checking for Java bytecode analysis. ASE 20, 391 (2013)

    Google Scholar 

  24. Sellke, S.H., Wang, C.C., Shroff, N.E., Bagchi, S.: Capacity bounds on timing channels with bounded service times. In: 2007 IEEE International Symposium on Information Theory, pp. 981–985 (2007)

    Google Scholar 

  25. Smith, G.: On the foundations of quantitative information flow. In: Proceedings of the 12th International Conference on Foundations of Software Science and Computational Structures (FOSSACS), pp. 288–302 (2009)

    Chapter  Google Scholar 

  26. Wang, C., Patrick, S.: Security by compilation: an automated approach to comprehensive side-channel resistance. ACM SIGLOG News 4(2), 76–89 (2017)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of California, Santa Barbara, 93106, USA

    Nestan Tsiskaridze, Joseph McMahan, Tevfik Bultan & Timothy Sherwood

  2. Harvey Mudd College, Claremont, CA, 91711, USA

    Lucas Bang

Authors
  1. Nestan Tsiskaridze
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Lucas Bang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Joseph McMahan
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Tevfik Bultan
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Timothy Sherwood
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Nestan Tsiskaridze .

Editor information

Editors and Affiliations

  1. Microsoft Research, Redmond, WA, USA

    Shuvendu K. Lahiri

  2. University of Southern California, Los Angeles, CA, USA

    Chao Wang

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Tsiskaridze, N., Bang, L., McMahan, J., Bultan, T., Sherwood, T. (2018). Information Leakage in Arbiter Protocols. In: Lahiri, S., Wang, C. (eds) Automated Technology for Verification and Analysis. ATVA 2018. Lecture Notes in Computer Science(), vol 11138. Springer, Cham. https://doi.org/10.1007/978-3-030-01090-4_24

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-01090-4_24

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-01089-8

  • Online ISBN: 978-3-030-01090-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation