Abstract
The paper considers the addition of access control to a number of transactional memory implementations, and studies its impact on the information flow security of such systems. Even after the imposition of access control, the Unbounded Transactional Memory due to Ananian et al, and most instances of a general scheme for transactional conflict detection and arbitration due to Scott, are shown to be insecure. This result applies even for a very simple policy prohibiting information flow from a high to a low security domain. The source of the insecurity is identified as the ability of agents to cause aborts of other agents’ transactions. A generic implementation is defined, parameterized by a “may-abort” relation that defines which agents may cause aborts of other agents’ transactions. This implementation is shown to be secure with respect to an intransitive information flow policy consistent with the access control table and “may-abort” relation. Using this result, Transactional Memory Coherence and Consistency, an implementation due to Hammond et al, is shown to be secure with respect to intransitive information flow policies. Moreover, it is shown how to modify Scott’s arbitration policies using the may-abort relation, yielding a class of secure implementations closely related to Scott’s scheme.
The research of the first and third co-authors was sponsored in part by ONR grant N00014-99-1-0131 and NSF Award CNS-0420477. The work of the second author was supported by ARC Discovery grant DP0451529.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Alves-Foss, J., Harrison, W.S., Oman, P., Taylor, C.: The MILS architecture for high-assurance embedded systems. International Journal of Embedded Systems 2(3/4), 239–247 (2006)
Ananian, C.S., Asanovic, K., Kuszmaul, B.C., Leiserson, C.E., Lie, S.: Unbounded transactional memory. In: Proceedings of the Eleventh International Symposium on High-Performance Computer Architecture, pp. 316–327 (February 2005)
Atluri, V., Jajodia, S., George, B.: Multi-level secure transaction processing. Kluwer, Dordrecht (2000)
Cohen, A., O’Leary, J.W., Pnueli, A., Tuttle, M.R., Zuck, L.D.: Verifying correctness of transactional memories. In: Proceedings of FMCAD 2007 (November 2007)
Downing, A.R., Greenberg, T.F., Lunt, T.F.: Issues in distributed database security. In: Proceedings of Fifth Annual Computer Security Applications Conference, pp. 196–203 (December 1989)
Goguen, J.A., Meseguer, J.: Security policies and security models. In: Proc. IEEE Symp. on Security and Privacy, Oakland, pp. 11–20 (1982)
Haigh, J.T., Young, W.D.: Extending the noninterference version of MLS for SAT. IEEE Trans. on Software Engineering SE-13(2), 141–150 (1987)
Hammond, L., Wong, V., Chen, M., Carlstrom, B.D., Davis, J.D., Hertzberg, B., Prabhu, M.K., Wijaya, H., Kozyrakis, C., Olukotun, K.: Transactional memory coherence and consistency. In: Proceedings of the 31st Annual International Symposium on Computer Architecture, p. 102. IEEE Computer Society, Los Alamitos (2004)
Herlihy, M., Luchangco, V., Moir, M., Scherer III, W.N.: Software transactional memory for dynamic-sized data structures. In: PODC 2003: Proceedings of the twenty-second annual symposium on Principles of distributed computing, pp. 92–101. ACM Press, New York (2003)
Keefe, T.K., Tsai, W.T., Srivastava, J.: Database concurrency control in multilevel secure database management systems. IEEE Trans. Knowledge and Data Engineering 5(6), 1039–1055 (1993)
Larus, J.R., Rajwar, R.: Transactional Memory. Morgan & Claypool Publishers, San Francisco (2007)
van der Meyden, R.: What, indeed, is intransitive noninterference? In: Biskup, J., López, J. (eds.) ESORICS 2007. LNCS, vol. 4734, pp. 235–250. Springer, Heidelberg (2007)
Proctor, N.E., Neumann, P.G.: Architectural implications of covert channels. In: Proc. 15th National Computer Security Conference, pp. 28–43 (1992)
Rushby, J.M., Randell, R.: A distributed secure system. IEEE Computer 16(7), 55–67 (1983)
Rushby, J.: Noninterference, transitivity, and channel-control security policies. Technical report, SRI international (December 1992)
Scott, M.L.: Sequential specification of transactional memory semantics. In: Proc. TRANSACT the First ACM SIGPLAN Workshop on Languages, Compiler, and Hardware Suppport for Transactional Computing, Ottawa (2006)
Vanfleet, W.M., Beckworth, R.W., Calloni, B., Luke, J.A., Taylor, C., Uchenick, G.: MILS: architecture for high assurance embedded computing. Crosstalk: The Journal of Defence Engineering, 12–16 (August 2005)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Cohen, A., van der Meyden, R., Zuck, L.D. (2009). Access Control and Information Flow in Transactional Memory. In: Degano, P., Guttman, J., Martinelli, F. (eds) Formal Aspects in Security and Trust. FAST 2008. Lecture Notes in Computer Science, vol 5491. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-01465-9_21
Download citation
DOI: https://doi.org/10.1007/978-3-642-01465-9_21
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-01464-2
Online ISBN: 978-3-642-01465-9
eBook Packages: Computer ScienceComputer Science (R0)