Lazy Programs Leak Secrets

  • Pablo Buiras
  • Alejandro Russo
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8208)

Abstract

To preserve confidentiality, information-flow control (IFC) restricts how untrusted code handles secret data. While promising, IFC systems are not perfect; they can still leak sensitive information via covert channels. In this work, we describe a novel exploit of lazy evaluation to reveal secrets in IFC systems. Specifically, we show that lazy evaluation might transport information through the internal timing covert channel, a channel present in systems with concurrency and shared resources. We illustrate our claim with an attack for LIO, a concurrent IFC system for Haskell. We propose a countermeasure based on restricting the implicit sharing caused by lazy evaluation.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Askarov, A., Hunt, S., Sabelfeld, A., Sands, D.: Termination-insensitive noninterference leaks more than just a bit. In: Jajodia, S., Lopez, J. (eds.) ESORICS 2008. LNCS, vol. 5283, pp. 333–348. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  2. 2.
    Breitner, J.: dup – Explicit un-sharing in Haskell. CoRR, abs/1207.2017 (2012)Google Scholar
  3. 3.
    Farmer, A., Gill, A., Komp, E., Sculthorpe, N.: The HERMIT in the machine: a plugin for the interactive transformation of GHC core language programs. In: Proc. ACM SIGPLAN Symposium on Haskell (2012)Google Scholar
  4. 4.
    Goguen, J.A., Meseguer, J.: Security policies and security models. In: IEEE Symposium on Security and Privacy, pp. 11–20. IEEE Computer Society (1982)Google Scholar
  5. 5.
    Jones, S.P., Gordon, A., Finne, S.: Concurrent Haskell. In: Proc. ACM Symp. on Principles of Prog. Languages. ACM (1996)Google Scholar
  6. 6.
    Lampson, B.W.: A note on the confinement problem. Communications of the ACM 16(10), 613–615 (1973)CrossRefGoogle Scholar
  7. 7.
    Launchbury, J.: A natural semantics for lazy evaluation. In: Proc. ACM Symp. on Principles of Prog. Languages. ACM (1993)Google Scholar
  8. 8.
    Moggi, E.: Notions of computation and monads. Information and Computation 93(1), 55–92 (1991)MathSciNetCrossRefMATHGoogle Scholar
  9. 9.
    Rafnsson, W., Nakata, K., Sabelfeld, A.: Securing class initialization in Java-like languages. IEEE Transactions on Dependable and Secure Computing 10(1) (January 2013)Google Scholar
  10. 10.
    Sabelfeld, A., Sands, D.: A per model of secure information flow in sequential programs. Higher Order Symbol. Comput. 14(1) (March 2001)Google Scholar
  11. 11.
    Smith, G., Volpano, D.: Secure information flow in a multi-threaded imperative language. In: Proc. ACM Symp. on Principles of Prog. Languages (January 1998)Google Scholar
  12. 12.
    Stefan, D., Russo, A., Buiras, P., Levy, A., Mitchell, J.C., Mazières, D.: Addressing covert termination and timing channels in concurrent information flow systems. In: Proc. of the ACM SIGPLAN International Conference on Functional Programming (ICFP) (September 2012)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Pablo Buiras
    • 1
  • Alejandro Russo
    • 1
  1. 1.Dept. of Computer Science and EngineeringChalmers University of TechnologyGöteborgSweden

Personalised recommendations