Options
Hybrid monitors for concurrent noninterference
Publikationstyp
Conference Paper
Date Issued
2015-07
Sprache
English
Author(s)
Start Page
137
End Page
151
Article Number
7243730
Citation
28th IEEE Computer Security Foundations Symposium (CSF 2015)
Contribution to Conference
Publisher DOI
Scopus ID
Publisher
IEEE
ISBN of container
978-1-4673-7538-2
978-1-4673-7539-9
Controlling confidential information in concurrent systems is difficult, due to covert channels resulting from interaction between threads. This problem is exacerbated if threads share resources at fine granularity. In this work, we propose a novel monitoring framework to enforce strong information security in concurrent programs. Our monitors are hybrid, combining dynamic and static program analysis to enforce security in a sound and rather precise fashion. In our framework, each thread is guarded by its own local monitor, and there is a single global monitor. We instantiate our monitoring framework to support rely-guarantee style reasoning about the use of shared resources, at the granularity of individual memory locations, and then specialize local monitors further to enforce flow-sensitive progress-sensitive information-flow control. Our local monitors exploit rely-guarantee-style reasoning about shared memory to achieve high precision. Soundness of rely-guarantee-style reasoning is guaranteed by all monitors cooperatively. The global monitor is invoked only when threads synchronize, and so does not needlessly restrict concurrency. We prove that our hybrid monitoring approach enforces a knowledge-based progress-sensitive non-interference security condition.
Subjects
hybrid information-flow monitor
information-flow control for concurrent systems
Language-based security
DDC Class
004: Informatik