Caisson: A hardware description language for secure information flow

Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI)

Volumn , Issue , 2011, Pages 109-120

  Li, Xun ^a   Tiwari, Mohit ^a   Oberg, Jason K ^b   Kashyap, Vineeth ^a   Chong, Frederic T ^a   Sherwood, Timothy ^a   Hardekopf, Ben ^a  

^a University of California   (United States)

^b UNIVERSITY OF CALIFORNIA   (United States)

Author keywords

hardware description language; non interference; state machine

Indexed keywords

ABSTRACTING; CAISSONS; COMPUTER HARDWARE; FOUNDATIONS; HARDWARE SECURITY; INTEGRATED CIRCUIT DESIGN; PRESSURE VESSELS;

DESIGN TIME; HARDWARE DESIGN; INFORMATION FLOWS; NON INTERFERENCE; ROOT OF TRUSTS; SECURE INFORMATION FLOW; SECURE PROCESSORS; SECURE PROGRAMMING; SECURITY PROPERTIES; STATE-MACHINE;

COMPUTER HARDWARE DESCRIPTION LANGUAGES;

EID: 79959876833     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1993498.1993512     Document Type: Conference Paper

References (59)

1. 90nm generic CMOS library, Synopsys University program, Synopsys Inc.
2. Common critera evaluation and validation scheme. http://www.niapccevs. org/cc-scheme/cc docs/.
3. Validated FIPS 140-1 and FIPS 140-2 cryptographic modules. http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140valall.htm.
4. What does CC EAL6+ mean? http://www.ok-labs.com/blog/entry/what-does-cc- eal6-mean/.
5. O. Accigmez, J. pierre Seifert, and C. K. Koc. Predicting secret keys via branch prediction. In The Cryptographers' Track at the RSA Conference, pages 225-242. Springer-Verlag, 2007.
6. O. Aciiçmez. Yet another microarchitectural attack: Exploiting i-cache. In CCS Computer Security Architecture Workshop, 2007.
7. O. Aciiçmez, J.-P. Seifert, and C. K. Koc. Micro-architectural crypt-analysis. IEEE Security and Privacy, 5:62-64, July 2007.
8. J. Agat. Transforming out timing leaks. In Proceedings of the 27th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, POPL '00, pages 40-53, New York, NY, USA, 2000. ACM.
9. G. Barthe, T. Rezk, and M. Warnier. Preventing Timing Leaks Through Transactional Branching Instructions. Electronic Notes Theoretical Computer Science, 153:33-55, May 2006.
10. G. Boudol and I. Castellani. Noninterference for concurrent programs. pages 382-395, 2001.
11. E. M. Clarke, O. Grumberg, and D.Peled. Model Checking. MIT Press, 2000.
12. J. R. Crandall and F. T. Chong. Minos: Control data attack prevention orthogonal to memory model. In Micro, pages 221-232, 2004.
13. M. Dalton, H. Kannan, and C. Kozyrakis. Raksha: A flexible information flow architecture for software security. In ISCA, pages 482-493, 2007.
14. D. E. Denning and P. J. Denning. Certification of programs for secure information flow. Communications of the ACM, 20(7):504-513, 1977.
15. F. A. A. (FAA). Boeing model 787-8 airplane; systems and data networks security-isolation or protection from unauthorized passenger domain systems access. http://cryptome.info/faa010208.htm.
16. A. Filinski. Linear continuations. In Proceedings of the 19th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, POPL '92, pages 27-38, New York, NY, USA, 1992. ACM.
17. C. Fournet and T. Rezk. Cryptographically sound implementations for typed information-flow security. In POPL, pages 323-335, 2008.
18. J. A. Goguen and J. Meseguer. Security policies and security models. In IEEE Symposium on Security and Privacy, 1982.
19. C. Hankin. Program analysis tools. International Journal on Software Tools for Technology Transfer, 2(1), 1998.
20. D. Harel. Statecharts: A visual formalism for complex systems. Science of Computer Programming 8, 1987.
21. D. Hedin and D. Sands. Timing aware information flow security for a javacard-like bytecode. 141(1):163-182, 2005.
22. C. Hymans. Checking safety properties of behavioral VHDL descriptions by abstract interpretation. In International Static Analysis Symposium, pages 444-460. Springer, 2002.
23. C. Hymans. Design and implementation of an abstract interpreter for VHDL. D.Geist and E.Tronci, editors, CHARME, 2860 of LNCS, 2003.
24. G. Klein, K. Elphinstone, G. Heiser, J. Andronick, D. Cock, P. Derrin, D. Elkaduwe, K. Engelhardt, R. Kolanski, M. Norrish, T. Sewell, H. Tuch, and S. Winwood. seL4: formal verification of an OS kernel. In SOSP, pages 207-220, 2009.
25. P. C. Kocher, J. Jaffe, and B. Jun. Differential power analysis. In Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology, pages 388-397, 1999.
26. J. Kong, O. Aciiçmez, J.-P. Seifert, and H. Zhou. Deconstructing new cache designs for thwarting software cache-based side channel attacks. In Proc. of the 2nd ACM workshop on Computer security architectures, pages 25-34, 2008.
27. K. Koscher, A. Czeskis, F. Roesner, S. Patel, T. Kohno, S. Checkoway, D. McCoy, B. Kantor, D. Anderson, H. Shacham, and S. Savage. Experimental security analysis of a modern automobile. IEEE Symposium on Security and Privacy, pages 447-462, 2010.
28. M. Krohn, A. Yip, M. Brodsky, N. Cliffer, M. Frans, K. Eddie, and K. R. Morris. Information flow control for standard OS abstractions. In SOSP, 2007.
29. L. C. Lam and T.-c. Chiueh. A general dynamic information flow tracking framework for security applications. In Proceedings of the 22nd Annual Computer Security Applications Conference, pages 463-472, 2006.
30. P. Li, Y. Mao, and S. Zdancewic. Information integrity policies. In Proceedings of the Workshop on Formal Aspects in Security and Trust, 2003.
31. X. Li, M. Tiwari, B. Hardekopf, T. Sherwood, and F. T. Chong. Secure information flow analysis for hardware design: Using the right abstraction for the job. The Fifth ACM SIGPLAN Workshop on Programming Languages and Analysis for Security(PLAS), June 2010.
32. O. Mutlu and T. Moscibroda. Stall-time fair memory access scheduling for chip multiprocessors. In Micro, pages 146-160, 2007.
33. A. C. Myers, N. Nystrom, L. Zheng, and S. Zdancewic. Jif: Java information flow. Software release. http://www.cs.cornell.edu/jif, July 2001.
34. J. Newsome and D. Song. Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. In NDSS, 2005.
35. C. Percival. Cache missing for fun and profit. In Proc. of BSDCan, 2005.
36. F. Qin, C. Wang, Z. Li, H.-s. Kim, Y. Zhou, and Y. Wu. Lift: A low-overhead practical information flow tracking system for detecting security attacks. In Micro, pages 135-148, 2006.
37. A. Russo, J. Hughes, D. Naumann, and A. Sabelfeld. Closing internal timing channels by transformation. pages 120-135, 2007.
38. O. Ruwase, P. B. Gibbons, T. C. Mowry, V. Ramachandran, S. Chen, M. Kozuch, and M. Ryan. Parallelizing dynamic information flow tracking. In SPAA, pages 35-45, 2008.
39. A. Sabelfeld and A. C. Myers. Language-based information-flow security. IEEE Journal on Selected Areas in Communications, 21(1), Jan. 2003.
40. M. Schlickling and M. Pister. A framework for static analysis of VHDL code. 7th International Workshop on Worst-Case Execution Time (WCET) Analysis, 2007.
41. O. Sibert, P. A. Porras, and R. Lindell. An analysis of the intel 80x86 security architecture and implement ations. IEEE Transactions on Software Engineering, 22(5):283-293, 1996. (Pubitemid 126771670)
42. G. Smith and D. Volpano. Secure information flow in a multi-threaded imperative language. pages 355-364, 1998.
43. G. E. Suh, J. W. Lee, D. Zhang, and S. Devadas. Secure program execution via dynamic information flow tracking. In ASPLOS, pages 85-96, 2004.
44. E. Technologies. The Esterel v7 Reference Manual, version v7.30 - initial IEEE standardization proposal edition. 2005.
45. M. Tiwari, X. Li, H. Wassel, F. Chong, and T. Sherwood. Execution leases: A hardware-supported mechanism for enforcing strong non-interference. In Micro, 2009.
46. M. Tiwari, H.Wassel, B. Mazloom, S. Mysore, F. Chong, and T. Sherwood. Complete information flow tracking from the gates up. In ASPLOS, March 2009.
47. T. K. Tolstrup. Language-based Security for VHDL. PhD thesis, Technical University of Denmark, 2006.
48. T. K. Tolstrup, F. Nielson, and H. R. Nielson. Information flow analysis for VHDL. volume 3606 of LNCS, 2005.
49. N. Vachharajani, M. J. Bridges, J. Chang, R. Rangan, G. Ottoni, J. A. Blome, G. A. Reis, M. Vachharajani, and D. I. August. Rifle: An architectural framework for user-centric information-flow security. In Micro, pages 243-254, 2004.
50. G. Venkataramani, I. Doudalis, Y. Solihin, and M. Prvulovic. Flexi-Taint: A programmable accelerator for dynamic taint propagation. In HPCA, pages 196-206, 2008.
51. D. Volpano, C. Irvine, and G. Smith. A sound type system for secure flow analysis. J. Comput. Secur., 4:167-187, January 1996.
52. D. Volpano and G. Smith. Eliminating covert flows with minimum typings. page 156, 1997.
53. D. Volpano and G. Smith. A type-based approach to program security. In In Proceedings of the 7th International Joint Conference on the Theory and Practice of Software Devel-opment, pages 607-621. Springer, 1997.
54. Z. Wang and R. B. Lee. New cache designs for thwarting software cache-based side channel attacks. In ISCA, pages 494-505, New York, NY, USA, 2007. ACM.
55. S. Zdancewic and A. C. Myers. Secure information flow via linear continuations. 15(2-3):209-234, 2002.
56. S. Zdancewic and A. C. Myers. Observational determinism for concurrent program security. pages 29-43, 2003.
57. N. Zeldovich, S. Boyd-Wickizer, and D.Mazieres. Security distributed systems with information flow control. In NSDI, pages 293-308, Apr. 2008.
58. N. Zeldovich, S. Boyd-Wickizer, E. Kohler, and D. Mazières. Making information flow explicit in HiStar. In OSDI, 2006.
59. N. Zeldovich, H. Kannan, M. Dalton, and C. Kozyrakis. Hardware enforcement of application security policies using tagged memory. In OSDI, Dec. 2008.