Plugging Side-Channel Leaks with Timing Information Flow Control
Bryan Ford
Yale University
4th USENIX Workshop on Hot Topics in Cloud Computing
(HotCloud '12)
June 13, 2012, Boston, MA
Abstract
The cloud model's dependence on
massive parallelism and resource sharing
exacerbates the security challenge of timing side-channels.
Timing Information Flow Control (TIFC) is
a novel adaptation of IFC techniques
that may offer a way to reason about, and ultimately control,
the flow of sensitive information through systems
via timing channels.
With TIFC, objects such as files, messages, and processes
carry not just
content labels describing the ownership
of the object's “bits,”
but also
timing labels describing information
contained in timing events affecting the object,
such as process creation/termination or message reception.
With two system design tools—
deterministic execution and
pacing queues—TIFC
enables the construction
of “timing-hardened” cloud infrastructure
that permits statistical multiplexing,
while aggregating and rate-limiting timing information leakage
between hosted computations.
Paper:
PDF
This research was supported by
the National Science Foundation under grant
CNS-1149936.