Information Leakage as a Scheduling Resource

High-security processes have to load confidential information into shared resources as part of their operation. This confidential information may be leaked (directly or indirectly) to low-security processes via the shared resource. This paper considers leakage from high-security to low-security processes from the perspective of scheduling. The workflow model is here extended to support preemption, security levels, and leakage. Formalization of leakage properties is then built upon this extended model, allowing formal reasoning about the security of schedulers. Several heuristics are presented in the form of compositional preprocessors and postprocessors as part of a more general scheduling approach. The effectiveness of such heuristics are evaluated experimentally, showing them to achieve significantly better schedulability than the state of the art. Modeling of leakage from cache attacks is presented as a case study.

[1]  Sang Hyuk Son,et al.  Correction to 'Integrating Security and Real-Time Requirements Using Covert Channel Capacity' , 2000, IEEE Trans. Knowl. Data Eng..

[2]  Ronald L. Graham,et al.  Bounds for certain multiprocessing anomalies , 1966 .

[3]  Yves Robert,et al.  A survey of pipelined workflow scheduling: Models and algorithms , 2013, CSUR.

[4]  Alan J. Hu,et al.  Precisely Measuring Quantitative Information Flow: 10K Lines of Code and Beyond , 2016, 2016 IEEE European Symposium on Security and Privacy (EuroS&P).

[5]  Man-Ki Yoon,et al.  Real-Time Systems Security through Scheduler Constraints , 2014, 2014 26th Euromicro Conference on Real-Time Systems.

[6]  Yuval Yarom,et al.  FLUSH+RELOAD: A High Resolution, Low Noise, L3 Cache Side-Channel Attack , 2014, USENIX Security Symposium.

[7]  Axel Legay,et al.  QUAIL: A Quantitative Security Analyzer for Imperative Code , 2013, CAV.

[8]  Kim G. Larsen,et al.  Resource-Parameterized Timing Analysis of Real-Time Systems , 2015, Haifa Verification Conference.

[9]  Tom Chothia,et al.  LeakWatch: Estimating Information Leakage from Java Programs , 2014, ESORICS.

[10]  Jim Alves-Foss,et al.  Covert timing channel capacity of rate monotonic real-time scheduling algorithm in MLS systems , 2006, Communication, Network, and Information Security.

[11]  Michael M. Swift,et al.  Scheduler-based Defenses against Cross-VM Side-channels , 2014, USENIX Security Symposium.

[12]  Pasquale Malacaria,et al.  Quantifying information leaks in software , 2010, ACSAC '10.

[13]  Lui Sha,et al.  TaskShuffler: A Schedule Randomization Protocol for Obfuscation against Timing Inference Attacks in Real-Time Systems , 2016, 2016 IEEE Real-Time and Embedded Technology and Applications Symposium (RTAS).

[14]  Stefan Mangard,et al.  Cache Template Attacks: Automating Attacks on Inclusive Last-Level Caches , 2015, USENIX Security Symposium.

[15]  Mário S. Alvim,et al.  Measuring Information Leakage Using Generalized Gain Functions , 2012, 2012 IEEE 25th Computer Security Foundations Symposium.

[16]  Michael Backes,et al.  Automatic Discovery and Quantification of Information Leaks , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[17]  Hovav Shacham,et al.  Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds , 2009, CCS.

[18]  Axel Legay,et al.  Quantifying information leakage of randomized protocols , 2015, Theor. Comput. Sci..

[19]  Stefan Mangard,et al.  Malware Guard Extension: Using SGX to Conceal Cache Attacks , 2017, DIMVA.

[20]  Srinivas Devadas,et al.  Intel SGX Explained , 2016, IACR Cryptol. ePrint Arch..

[21]  Kim G. Larsen,et al.  Optimizing the resource requirements of hierarchical scheduling systems , 2016, SIGBED.

[22]  Man-Ki Yoon,et al.  A generalized model for preventing information leakage in hard real-time systems , 2015, 21st IEEE Real-Time and Embedded Technology and Applications Symposium.

[23]  Klaus Wagner,et al.  Flush+Flush: A Fast and Stealthy Cache Attack , 2015, DIMVA.

[24]  Klaus Wagner,et al.  Flush+Flush: A Stealthier Last-Level Cache Attack , 2015, ArXiv.

[25]  Adi Shamir,et al.  Efficient Cache Attacks on AES, and Countermeasures , 2010, Journal of Cryptology.

[26]  Adi Shamir,et al.  Cache Attacks and Countermeasures: The Case of AES , 2006, CT-RSA.