Formal Methods and Automated Tool for Timing-Channel Identification in TCB Source Code

We characterize the properties of timing channels that are reflected in source code and present formal methods for the identification of these channels in source code of trusted computing bases (TCBs). Our study differs significantly from previous ones which focus on a high-level characterization of timing channels without leading to practical methods for their identification [11,

[1]  Richard A. Kemmerer,et al.  Shared resource matrix methodology: an approach to identifying storage and timing channels , 1983, TOCS.

[2]  Wei-Ming Hu,et al.  Reducing timing channels with fuzzy time , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.

[3]  Gregory R. Andrews,et al.  An Axiomatic Approach to Information Flow in Programs , 1980, TOPL.

[4]  Jingsha He,et al.  Information-flow analysis for covert-channel identification in multilevel secure operating systems , 1990, [1990] Proceedings. The Computer Security Foundations Workshop III.

[5]  Virgil D. Gligor,et al.  On the Identification of Covert Storage Channels in Secure Systems , 1990, IEEE Trans. Software Eng..

[6]  Virgil D. Gligor,et al.  Design and Implementation of Secure Xenix , 1987, IEEE Transactions on Software Engineering.

[7]  Dorothy E. Denning,et al.  A lattice model of secure information flow , 1976, CACM.

[8]  Richard J. Feiertag A Technique for Proving Specifications are Multilevel Secure , 1980 .

[9]  Morrie Gasser,et al.  Building a Secure Computer System , 1988 .

[10]  Butler W. Lampson,et al.  A note on the confinement problem , 1973, CACM.

[11]  John McHugh,et al.  An Information Flow Tool for Gypsy , 1985, IEEE Symposium on Security and Privacy.

[12]  John McHugh,et al.  An Experience Using Two Covert Channel Analysis Techniques on a Real System Design , 1987, IEEE Trans. Software Eng..

[13]  John C. Wray,et al.  An analysis of covert timing channels , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.