Plugging Side-Channel Leaks with Timing Information Flow Control
4th USENIX Workshop on Hot Topics in Cloud Computing
June 13, 2012, Boston, MA
The cloud model's dependence on
massive parallelism and resource sharing
exacerbates the security challenge of timing side-channels.
Timing Information Flow Control (TIFC) is
a novel adaptation of IFC techniques
that may offer a way to reason about, and ultimately control,
the flow of sensitive information through systems
via timing channels.
With TIFC, objects such as files, messages, and processes
carry not just content labels
describing the ownership
of the object's “bits,”
but also timing labels
contained in timing events affecting the object,
such as process creation/termination or message reception.
With two system design tools—deterministic execution
and pacing queues
enables the construction
of “timing-hardened” cloud infrastructure
that permits statistical multiplexing,
while aggregating and rate-limiting timing information leakage
between hosted computations.
This research was supported by
the National Science Foundation under grant