Information flow isolation in I2C and USB

Flight control, banking, medical, and other high assurance systems have a strict requirement on correct operation. Fundamental to this is the enforcement of non-interference where particular subsystems should not affect one another. In an effort to help guarantee this policy, recent work has emerged with tracking information flows at the hardware level. This article uses a specific method known as gate-level information flow tracking (GLIFT) to provide a methodology for testing information flows in two common bus protocols, I2C and USB. We show that the protocols do elicit unintended information flows and provide a solution based on time division multiple access (TDMA) that provably isolates devices on the bus from these flows. This paper also discusses the overheads in area and simulation time incurred by this TDMA based solution.

[1]  Frederic T. Chong,et al.  Minos: Control Data Attack Prevention Orthogonal to Memory Model , 2004, 37th International Symposium on Microarchitecture (MICRO-37'04).

[2]  J. Meseguer,et al.  Security Policies and Security Models , 1982, 1982 IEEE Symposium on Security and Privacy.

[3]  David Zhang,et al.  Secure program execution via dynamic information flow tracking , 2004, ASPLOS XI.

[4]  Christoforos E. Kozyrakis,et al.  Raksha: a flexible information flow architecture for software security , 2007, ISCA '07.

[5]  Wei-Ming Hu Reducing Timing Channels with Fuzzy Time , 1992, J. Comput. Secur..

[6]  Mary Ellen Zurko,et al.  A Retrospective on the VAX VMM Security Kernel , 1991, IEEE Trans. Software Eng..

[7]  Frederic T. Chong,et al.  Complete information flow tracking from the gates up , 2009, ASPLOS.

[8]  Daniel J. Bernstein,et al.  Cache-timing attacks on AES , 2005 .

[9]  Onur Aciiçmez,et al.  Predicting Secret Keys Via Branch Prediction , 2007, CT-RSA.

[10]  Wei Hu,et al.  Theoretical analysis of gate level information flow tracking , 2010, Design Automation Conference.