Using Information Flow to Design an ISA that Controls Timing Channels

dc.contributor.authorZagieboylo, Drew
dc.contributor.authorSuh, Gookwon Edward
dc.contributor.authorMyers, Andrew C.
dc.description.abstractInformation-flow control (IFC) enforcing languages can provide high assurance that software does not leak information or allow an attacker to influence critical systems. IFC hardware description languages have also been used to design secure circuits that eliminate timing channels. However, there remains a gap between IFC hardware and software; these two components are built independently with no abstraction for how to compose their security guarantees. This paper presents a proposal for an instruction set architecture (ISA) that can provide the appropriate abstraction for joining hardware and software IFC mechanisms. Our ISA describes a RISC-V processor that tracks information-flow labels at run time and uses these labels to eliminate or mitigate timing channels. To make the ISA more practical, it allows constrained downgrading of information; it permits trading off security for performance; and still offers control primitives such as system calls. We prove timing-sensitive noninterference modulo downgrading and nonmalleability for programs executing our ISA. This involves novel restrictions on the mutability of labels beyond previous dynamic IFC systems. Furthermore, we define specific security conditions which correct hardware can implement to provide software-level security and sketch how such hardware may be designed and verified.en_US
dc.description.sponsorshipNSF grant CNS-1513797 DARPA contract HR0011-18-C-0014en_US
dc.rightsAttribution-NonCommercial-ShareAlike 4.0 International*
dc.subjectHardware Architectureen_US
dc.subjectSide Channelsen_US
dc.subjectInformation Flowen_US
dc.titleUsing Information Flow to Design an ISA that Controls Timing Channelsen_US
dc.typetechnical reporten_US


Original bundle
Now showing 1 - 1 of 1
Thumbnail Image
407.93 KB
Adobe Portable Document Format
Technical Report