Abstract
Secure Multi-Execution (SME) is a promising solution for precise automatic information flow control that can be used to transform potentially vulnerable programs into secure variants. However, due to the multi-execution, it comes with high resource demands. Recently proposed efficient optimizations of SME, such as Faceted Secure Multi-Execution (FSME) and Demand-Driven Secure Multi-Execution (DDSME), unfortunately cannot uphold the same level of security with regards to attacks on the timing-channel. In this paper, we propose a novel, queue-based synchronization scheme for DDSME (Q-DDSME) that guarantees (indirect) termination- and timing-sensitive non-interference. To show that our improvement is applicable to existing programs, we implemented a Q-DDSME prototype for compiled code and provide evidence that it is (i) more efficient than unoptimized SME in realistic scenarios, (ii) guarantees (indirect) termination- and timing-sensitive non-interference, and (iii) preserves per-channel transparency. This is an important result that shows that more efficient solutions can be used without sacrificing security.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
