Abstract
Vulnerabilities such as design flaws, malicious codes and covert channels residing in hardware design are known to expose hard-to-detect security holes. However, security hole detection methods based on functional testing and verification cannot guarantee test coverage or identify malicious code triggered under specific conditions and hardware-specific covert channels. As a complement approach to cipher algorithms and access control, information flow analysis techniques have been proved to be effective in detecting security vulnerabilities and preventing attacks through side channels. Recently, gate level information flow tracking (GLIFT) has been proposed to enforce bittight information flow security from the level of Boolean gates, which allows detection of hardware-specific security vulnerabilities. However, the inherent high complexity of GLIFT logic causes significant overheads in verification time for static analysis or area and performance for physical implementation, especially under multilevel security lattices. This paper proposes to reduce the complexity of GLIFT logic through state encoding and logic optimization techniques. Experimental results show that our methods can reduce the complexity of GLIFT logic significantly, which will allow the application of GLIFT for proving multilevel information flow security.
Similar content being viewed by others
References
Suh, G.E., Lee, J.W., Zhang, D. and Devadas, S., Secure programexecution via dynamic information flow tracking, Proc. 11th Int. Conf. Architectural Support for Programming Languages and Operating Systems (ASPLOS-XI), New York, 2004, pp. 85–96.
Qin, F., Wang, C., Li, Z., Kim, H.S., Zhou, Y., Wu, Y., Lift: Alow-overhead practical information flow tracking system for detecting security attacks, Proc. 39th Annu. IEEE/ACM Int. Symp. Microarchitecture, 2006, pp. 135–148.
Tripp, O., Pistoia, M., Fink, S., Sridharan, M., and Weisman, O., TAJ: Effective Taint Analysis of Web Applications, Proc. of PLDI’09, Dublin, 2009, pp. 87–97.
Tiwari, M., Wassel, H.M., Mazloom, B., Mysore, S., Chong, F.T., and Sherwood, T., Complete information flow tracking from the gates up, Proc. 14th Int. Conf. Architect. Support Programming Lang. Operating Syst. (ASPLOS), New York, 2009, pp. 109–120.
Hu, W., Oberg, J., Irturk, A., Tiwari, M., Sherwood, T., and Kastner, R., Theoretical fundamentals of gate level information flow tracking, IEEE Trans. CAD, 2011, vol. 30, no. 8, pp. 1128–1140.
Hu, W., Oberg, J., Irturk, A., Tiwari, M., Sherwood, T., Mu, D., and Kastner, R., On the complexity of generating gate level information flow tracking logic, IEEE Trans. Inf. Forensics Secur., 2012, vol. 7, no. 3, pp. 1067–1080.
Mu, D., Hu, W., Mao, B., and Ma, B., A bottom-up approach to verifiable embedded system information flow security, IET Inf. Secur., 2013 (in press).
Oberg, J., Hu, W., Irturk, A., Tiwari, M., Sherwood, T., and Kastner, R., Information flow isolation in i2c and usb, Proceedings of the 48th ACM/EDAC/IEEE Design Automation Conference (DAC'11), New York, 2011, pp. 254–259.
Oberg, J., Hu, W., Irturk, A., Tiwari, M., Sherwood, T., and Kastner, R., Leveraging gate-level properties to identify hardware timing channels, IEEE Trans. Comput.-Aided Des. Integr. Circuits Syst., 2014, vol. 33, no. 9, pp. 1288–1301.
Hu, W., Oberg, J., Irturk, A., Tiwari, M., Sherwood, T., Mu, D., and Kastner, R., An improved encoding technique for gate level information flow tracking, International Workshop on Logic and Synthesis (IWLS), 2011.
Denning, D.E., Cryptography and Data Security, Reading, MA, Addison-Wesley, 1982.
Author information
Authors and Affiliations
Corresponding author
Additional information
The article is published in the original.
About this article
Cite this article
Tai, Y., Hu, W., Zhang, HX. et al. Generating optimized gate level information flow tracking logic for enforcing multilevel security. Aut. Control Comp. Sci. 50, 361–368 (2016). https://doi.org/10.3103/S0146411616050096
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.3103/S0146411616050096