Article

Free access

Transforming out timing leaks

Author:

Johan AgatAuthors Info & Claims

POPL '00: Proceedings of the 27th ACM SIGPLAN-SIGACT symposium on Principles of programming languages

Pages 40 - 53

https://doi.org/10.1145/325694.325702

Published: 05 January 2000 Publication History

Abstract

One aspect of security in mobile code is privacy: private (or secret) data should not be leaked to unauthorised agents. Most of the work on secure information flow has until recently only been concerned with detecting direct and indirect flows. Secret information can however be leaked to the attacker also through covert channels. It is very reasonable to assume that the attacker, even as an external observer, can monitor the timing (including termination) behaviour of the program. Thus to claim a program secure, the security analysis must take also these into account.

In this work we present a surprisingly simple solution to the problem of detecting timing leakages to external observers. Our system consists of a type system in which well-typed programs do not leak secret information directly, indirectly or through timing, and a transformation for removing timing leakages. For any program that is well typed according to Volpano and Smith [VS97a], our transformation generates a program that is also free of timing leaks.

References

[1]

J.-P. Banatre, C. Bryce, and D. Le Metayer. Compile-time detection of information flow in sequential programs. Lecture Notes in Computer Science, 875:55-73, 1994.]]

Digital Library

[2]

D.E. Denning and P. J. Denning. Certification of programs for secure information flow. Communications of the ACM, 20(7):504-513, July 1977.]]

Digital Library

[3]

D.E. Denning. A lattice model of secure information flow. Communications of the A CM, 19(5):236-243, May 1976.]]

Digital Library

[4]

D. Dean, E. W. Felten, D. Wallach, and D. Balfanz. Java security: Web browsers and beyond. Technical Report TR-566-97, Princeton University, Computer Science Department, February 1997.]]

[5]

J. Goguen and J. Meseguer. Security policies and security models. In Proceedings of the IEEE Symposium on Security and Privacy. IEEE Computer Society Press, April 1982.]]

[6]

A. Gordon. A tutorial on co-induction and functional programming. In Glasgow functional programming workshop, pages 78-95. Springer Workshops in Computing, 1994.]]

[7]

E.C.R. Hehner. Predicative programming part 1. Communications of the ACM, 27(2):134-143, February 1984.]]

Digital Library

[8]

J. He and V. D. Gligor. Formal methods and automated tool for timing-channel identification in tcb source code. In In Proceedings 2nd European Symposium on Research in Computer Security, LNCS 648, pages 57-75, November 1992.]]

Digital Library

[9]

N. Heintze and J. G. Riecke. The SLam calculus: programming with secrecy and integrity. In Conference Record of the Twenty-Fifth Annual A CM Symposium on Principles of Programming Languages, pages 365-377. ACM, 1998.]]

Digital Library

[10]

P.C. Kocher. Timing attacks on implementations of diffie-hellman, rsa, dss, and other systems. In Neal Koblitz, editor, Advances in Cryptology - CRYPTO'96, volume 1109 of LNCS, pages 104-113. Springer-Verlag, 1996.]]

Digital Library

[11]

D. McCullough. Specifications for multi-level security and hook-up property. In Proceedings of the IEEE Symposium on Security and Privacy, pages 161-166. IEEE Computer Society Press, 1987.]]

[12]

T./E. Mogensen. Separating binding times in language specifications. In Proceedings of the Conference on Functional Programming Languages and Computer Architecture '89, Imperial College, London, pages 12-25, New York, NY,1989. ACM.]]

Digital Library

[13]

A.C. Myers. jFlow: practical mostly-static information flow control. In ACM, editor, POPL '99. Proceedings o/ the 26th A CM SIGPLAN- SIGACT on Principles of programming languages, January 20-22, 1999, San Antonio, TX, pages 228-241, New York, NY 10036, USA, 1999. AC M Press.]]

Digital Library

[14]

H.R. Nielson. Hoare Logic's for Run-time Analysis of Programs. Ph.D. thesis, CST-30-84, Edinburgh University, 1984.]]

[15]

K. Rustan, M. Leino, and R. Joshi. A semantic approach to secure information flow. Lecture Notes in Computer Science, 1422:254-271, 1998.]]

Digital Library

[16]

T. Reps and T. Turnidge. Program specialization via program slicing. In O. Danvy, R. Glueck, and P. Thiemann, editors, Dagstuhl Seminar on Partial Evaluation, volume 1110 of Lecture Notes in Computer Science, pages 409- 429. Springer-Verlag, Feb 1996.]]

Digital Library

[17]

A. Sabelfeld and D. Sands. Probabilistic noninterference for multithreaded programs. Unpublished (ht t p://www, cs. chalmers.se/" dave/papers/probsabelfeld-sands.ps), June; Revised October 1999.]]

[18]

G. Smith and D. Volpano. Secure information flow in a multi-threaded imperative language. In Conference Record of POPL '98: The 25th A CM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pages 355- 364, San Diego, California, 19-21 January 1998.]]

Digital Library

[19]

D. Volpano and G. Smith. Eliminating covert flows with minimum typings. Proc. l Oth IEEE Computer Security Foundations Workshop, pages 156-168, June 1997.]]

Digital Library

[20]

D. Volpano and C. Smith. A type-based approach to program security. In TAPSOFT'97, volume 1214 of LNCS, pages 607-621. Springer- Verlag, April 1997.]]

Digital Library

[21]

D. Volpano and G. Smith. Probabilistic noninterference in a concurrent language. Proc. 11th IEEE Computer Security Foundations Workshop, pages 34-43, June 1998.]]

Digital Library

[22]

D. Votpano, G. Smith, and C. Irvine. A sound type system for secure flow analysis. J. Computer Security, 4(3):1-21~ 1996.]]

Digital Library

Cited By

Cai LSong FChen T(2024)Towards Efficient Verification of Constant-Time Cryptographic ImplementationsProceedings of the ACM on Software Engineering10.1145/36437721:FSE(1019-1042)Online publication date: 12-Jul-2024
https://dl.acm.org/doi/10.1145/3643772
Parolini FMiné A(2024)Sound Abstract Nonexploitability AnalysisVerification, Model Checking, and Abstract Interpretation10.1007/978-3-031-50521-8_15(314-337)Online publication date: 15-Jan-2024
https://dl.acm.org/doi/10.1007/978-3-031-50521-8_15
Raimondi GBesson FJensen T(2023)Type-directed Program Transformation for Constant-Time EnforcementProceedings of the 25th International Symposium on Principles and Practice of Declarative Programming10.1145/3610612.3610618(1-13)Online publication date: 22-Oct-2023
https://dl.acm.org/doi/10.1145/3610612.3610618
Show More Cited By

Index Terms

Transforming out timing leaks
1. Software and its engineering
  1. Software notations and tools
    1. General programming languages
      1. Language types
        Functional languages

Recommendations

Preventing Timing Leaks Through Transactional Branching Instructions

Timing channels constitute one form of covert channels through which programs may be leaking information about the confidential data they manipulate. Such timing channels are typically eliminated by design, employing ad-hoc techniques to avoid ...
The case for mobile forensics of private data leaks: towards large-scale user-oriented privacy protection
APSys '13: Proceedings of the 4th Asia-Pacific Workshop on Systems

Privacy protection against mobile applications on mobile devices is becoming a serious concern as user sensitive data may be leaked without proper justification. Most current leak detection tools only report leaked private data, but provide inadequate ...
Preserving Privacy Against Side-Channel Leaks: From Data Publishing to Web Applications

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

POPL '00: Proceedings of the 27th ACM SIGPLAN-SIGACT symposium on Principles of programming languages

January 2000

402 pages

ISBN:1581131259

DOI:10.1145/325694

Chairmen:
Mark Wegman
IBM T. J. Watson Research Center, Yorktown Heights, NY
,
Thomas Reps
Univ. of Wisconsin

Copyright © 2000 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 05 January 2000

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Article

Conference

POPL00

Sponsor:

POPL00: Symposium on Principles of Programming Languages 2000

January 19 - 21, 2000

MA, Boston, USA

Acceptance Rates

POPL '00 Paper Acceptance Rate 30 of 151 submissions, 20%;

Overall Acceptance Rate 824 of 4,130 submissions, 20%

Upcoming Conference

POPL '25

Sponsor:
sigplan

The 52nd Annual ACM SIGPLAN Symposium on Principles of Programming Languages

January 19 - 25, 2025

Denver , CO , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

265
Total Citations
View Citations
1,332
Total Downloads

Downloads (Last 12 months)95
Downloads (Last 6 weeks)11

Reflects downloads up to 27 Jul 2024

Other Metrics

View Author Metrics

Citations

Cited By

Cai LSong FChen T(2024)Towards Efficient Verification of Constant-Time Cryptographic ImplementationsProceedings of the ACM on Software Engineering10.1145/36437721:FSE(1019-1042)Online publication date: 12-Jul-2024
https://dl.acm.org/doi/10.1145/3643772
Parolini FMiné A(2024)Sound Abstract Nonexploitability AnalysisVerification, Model Checking, and Abstract Interpretation10.1007/978-3-031-50521-8_15(314-337)Online publication date: 15-Jan-2024
https://dl.acm.org/doi/10.1007/978-3-031-50521-8_15
Raimondi GBesson FJensen T(2023)Type-directed Program Transformation for Constant-Time EnforcementProceedings of the 25th International Symposium on Principles and Practice of Declarative Programming10.1145/3610612.3610618(1-13)Online publication date: 22-Oct-2023
https://dl.acm.org/doi/10.1145/3610612.3610618
Soares LCanesche MPereira F(2023)Side-channel Elimination via Partial Control-flow LinearizationACM Transactions on Programming Languages and Systems10.1145/359473645:2(1-43)Online publication date: 26-Jun-2023
https://dl.acm.org/doi/10.1145/3594736
Daniel LBardin SRezk T(2023)Binsec/Rel: Symbolic Binary Analyzer for Security with Applications to Constant-Time and Secret-ErasureACM Transactions on Privacy and Security10.1145/356303726:2(1-42)Online publication date: 14-Apr-2023
https://dl.acm.org/doi/10.1145/3563037
Schwarzl MBorrello PSaileshwar GMüller HSchwarz MGruss D(2023)Practical Timing Side-Channel Attacks on Memory Compression2023 IEEE Symposium on Security and Privacy (SP)10.1109/SP46215.2023.10179297(1186-1203)Online publication date: May-2023
https://doi.org/10.1109/SP46215.2023.10179297
Qin QJiYang JSong FChen TXing XRoychoudhury ACadar CKim M(2022)DeJITLeak: eliminating JIT-induced timing side-channel leaksProceedings of the 30th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering10.1145/3540250.3549150(872-884)Online publication date: 7-Nov-2022
https://dl.acm.org/doi/10.1145/3540250.3549150
André ÉLime DMarinho DSun J(2022)Guaranteeing Timed Opacity using Parametric Timed Model CheckingACM Transactions on Software Engineering and Methodology10.1145/350285131:4(1-36)Online publication date: 8-Sep-2022
https://dl.acm.org/doi/10.1145/3502851
Mogensen T(2022)HermesScience of Computer Programming10.1016/j.scico.2021.102746215:COnline publication date: 1-Mar-2022
https://dl.acm.org/doi/10.1016/j.scico.2021.102746
Arora SHansen RLarsen KLegay APoulsen D(2022)Statistical Model Checking for Probabilistic Hyperproperties of Real-Valued SignalsModel Checking Software10.1007/978-3-031-15077-7_4(61-78)Online publication date: 21-May-2022
https://dl.acm.org/doi/10.1007/978-3-031-15077-7_4
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents