Development of dynamic protection against timing channels

Information systems face many threats, such as covert channels, which declassify hidden information by, e.g., analyzing the program execution time. Such threats exist at various stages of the execution of instructions. Even if software developers are able to neutralize these threats in source code, new attack vectors can arise in compiler-generated machine code from these representations. Existing approaches for preventing vulnerabilities have numerous restrictions related to both their functionality and the range of threats that can be found and removed. This study presents a technique for removing threats and generating safer code using dynamic compilation in an execution environment by combining information from program analysis of the malicious code and re-compiling such code to run securely. The proposed approach stores summary information in the form of rules that can be shared among analyses. The annotations enable us to conduct the analyses to mitigate threats. Developers can update the analyses and control the volume of resources that are allocated to perform these analyses by changing the precision. The authors’ experiments show that the binary code created by applying the suggested method is of high quality.

[1]  Hui Liu,et al.  High performance linpack benchmark: a fault tolerant implementation without checkpointing , 2011, ICS '11.

[2]  Mayur Pandey,et al.  LLVM Cookbook , 2015 .

[3]  Bruce E. Hajek,et al.  An information-theoretic and game-theoretic study of timing channels , 2002, IEEE Trans. Inf. Theory.

[4]  Shiguang Ju,et al.  The Dilemma of Covert Channels Searching , 2005, ICISC.

[5]  Sen Hu,et al.  Efficient system-enforced deterministic parallelism , 2010, OSDI.

[6]  Maksim E. Shirokov Conditions for coincidence of the classical capacity and entanglement-assisted capacity of a quantum channel , 2012, Probl. Inf. Transm..

[7]  Zhiqiang Zuo Efficient statistical debugging via hierarchical instrumentation , 2014, ISSTA 2014.

[8]  Martin Monperrus,et al.  A critical review of "automatic patch generation learned from human-written patches": essay on the problem statement and the evaluation of automatic software repair , 2014, ICSE.

[9]  Peng Li,et al.  Mitigating access-driven timing channels in clouds using StopWatch , 2013, 2013 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).

[10]  Steven Gianvecchio,et al.  An Entropy-Based Approach to Detecting Covert Timing Channels , 2011, IEEE Transactions on Dependable and Secure Computing.

[11]  Kirill Kononenko A unified approach to identifying and healing vulnerabilities in x86 machine code , 2012, Mobicom '12.

[12]  Sajal K. Das,et al.  Handbook on Securing Cyber-Physical Critical Infrastructure , 2012 .

[13]  Jung Hee Cheon,et al.  Static Analysis with Set-Closure in Secrecy , 2015, SAS.

[14]  Koen De Bosschere,et al.  Practical Mitigations for Timing-Based Side-Channel Attacks on Modern x86 Processors , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[15]  Bart Coppens,et al.  Compiler mitigations for time attacks on modern x86 processors , 2012, TACO.

[16]  Matthew C. Elder,et al.  Large-Scale Evaluation of a Vulnerability Analysis Framework , 2014, CSET.

[17]  Michael D. Ernst,et al.  Automatically patching errors in deployed software , 2009, SOSP '09.

[18]  Kenneth B. Kent,et al.  A quantitative analysis of the .NET common language runtime , 2008, J. Syst. Archit..

[19]  Dorit Nuzman,et al.  JIT technology with C/C++ , 2013, ACM Trans. Archit. Code Optim..

[20]  Danfeng Zhang,et al.  Predictive mitigation of timing channels in interactive systems , 2011, CCS '11.

[21]  Geoffrey Smith,et al.  Vulnerability Bounds and Leakage Resilience of Blinded Cryptography under Timing Attacks , 2010, 2010 23rd IEEE Computer Security Foundations Symposium.

[22]  Petr Hanácek,et al.  Characteristics of buffer overflow attacks tunneled in HTTP traffic , 2014, 2014 International Carnahan Conference on Security Technology (ICCST).

[23]  Chet Hosmer,et al.  Data Hiding: Exposing Concealed Data in Multimedia, Operating Systems, Mobile Devices and Network Protocols , 2012 .

[24]  Calton Pu,et al.  Buffer overflows: attacks and defenses for the vulnerability of the decade , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[25]  Andrew Meneely,et al.  Do Bugs Foreshadow Vulnerabilities? A Study of the Chromium Project , 2015, 2015 IEEE/ACM 12th Working Conference on Mining Software Repositories.

[26]  Rolf Riesen,et al.  Accelerating incremental checkpointing for extreme-scale computing , 2013, Future Gener. Comput. Syst..

[27]  John C. Wray An Analysis of Covert Timing Channels , 1992, J. Comput. Secur..

[28]  Kirill Kononenko An approach to error correction in program code using dynamic optimization in a virtual execution environment , 2015, The Journal of Supercomputing.

[29]  Jurriaan Hage,et al.  How do professionals perceive legacy systems and software modernization? , 2014, ICSE.

[30]  Yong-jie Wang,et al.  Study on Computer Network Intrusion Effect Evaluation , 2013, 2013 Third International Conference on Instrumentation, Measurement, Computer, Communication and Control.

[31]  Konstantin Serebryany,et al.  MemorySanitizer: Fast detector of uninitialized memory use in C++ , 2015, 2015 IEEE/ACM International Symposium on Code Generation and Optimization (CGO).

[32]  Behrooz Makki,et al.  Channel Capacity Bounds in the Presence of Quantized Channel State Information , 2010, EURASIP J. Wirel. Commun. Netw..

[33]  Todd P. Coleman,et al.  Characterizing the Efficacy of the NRL Network Pump in Mitigating Covert Timing Channels , 2012, IEEE Transactions on Information Forensics and Security.

[34]  Ahmed E. Hassan,et al.  An empirical study of dormant bugs , 2014, MSR 2014.

[35]  Kirill Kononenko Demo: Dynamic Neutralization of Data Leakages , 2015, S3@MobiCom.

[36]  Yuriy Brun,et al.  Is the cure worse than the disease? overfitting in automated program repair , 2015, ESEC/SIGSOFT FSE.

[37]  Danfeng Zhang,et al.  Language-based control and mitigation of timing channels , 2012, PLDI.

[38]  Dave Clarke,et al.  Disjointness domains for fine-grained aliasing , 2015, OOPSLA.

[39]  Ching-Kuang Shene,et al.  A comparative study of linked list sorting algorithms , 1996, SG3C.

[40]  David Lo,et al.  Version history, similar report, and structure: putting them together for improved bug localization , 2014, ICPC 2014.