A Multi-Flow Information Flow Tracking Approach for Proving Quantitative Hardware Security Properties

Yu Tai; Wei Hu; Lu Zhang; Dejun Mu; Ryan Kastner

doi:10.26599/TST.2019.9010042

AI Chat Paper

Note: Please note that the following content is generated by AMiner AI. SciOpen does not take any responsibility related to this content.

Chat more with AI

| Sign up

Browse by Subject

Search for peer-reviewed journals with full access.

Journals A - Z

About Us

Discover the SciOpen Platform and Achieve Your Research Goals with Ease.

About Us

Publish with Us

Support

Journals A - Z

About Us

Publish with Us

Support

PDF (1.8 MB)

Cite

EndNote(RIS) BibTeX

Collect

Submit Manuscript

AI Chat Paper

Show Outline

Outline

Show full outline

Hide outline

Outline

Show full outline

Hide outline

Open Access

A Multi-Flow Information Flow Tracking Approach for Proving Quantitative Hardware Security Properties

Yu Tai, Wei Hu(

), Lu Zhang, Dejun Mu, Ryan Kastner

School of Cybersecurity, Northwestern Polytechnical University, Xi’an 710072, China.

School of Automation, Northwestern Polytechnical University, Xi’an 710072, China.

Department of Computer Science and Engineering, University of California, San Diego, CA 92093, USA.

Show Author Information

Abstract

Information Flow Tracking (IFT) is an established formal method for proving security properties related to confidentiality, integrity, and isolation. It has seen promise in identifying security vulnerabilities resulting from design flaws, timing channels, and hardware Trojans for secure hardware design. However, existing IFT methods tend to take a qualitative approach and only enforce binary security properties, requiring strict non-interference for the properties to hold while real systems usually allow a small amount of information flows to enable desirable interactions. Consequently, existing methods are inadequate for reasoning about quantitative security properties or measuring the security of a design in order to assess the severity of a security vulnerability. In this work, we propose two multi-flow solutions - multiple verifications for replicating existing IFT model and multi-flow IFT method. The proposed multi-flow IFT method provides more insight into simultaneous information flow behaviors and allows for proof of quantitative information flow security properties, such as diffusion, randomization, and boundaries on the amount of simultaneous information flows. Experimental results show that our method can be used to prove a new type of information flow security property with verification performance benefits.

Keywords

hardware security Information Flow Tracking (IFT)multi-flow IFT security property

References

[1]

J. A. Goguen and J. Meseguer, Security policies and security models, in Proc. IEEE Symposium on Security and Privacy, Oakland, CA, USA, 1982, pp. 11-20.

Crossref

[2]

G. E. Suh, J. W. Lee, D. Zhang, and S. Devadas, Secure program execution via dynamic information flow tracking, in ACM Sigplan Notices, vol. 39, no. 11, pp. 85-96, 2004.

Crossref Google Scholar

[3]

D. Zhang, Y. Wang, G. E. Suh, and A. C. Myers, A hardware design language for timing-sensitive information-flow security, in Proc. of Int. Conf. on Architectural Support for Programming Languages and Operating Systems, Istanbul, Turkey, 2015, pp. 503-516.

Crossref

[4]

A. Ardeshiricham, W. Hu, J. Marxen, and R. Kastner, Register transfer level information flow tracking for provably secure hardware design, in Proc. of 2017 IEEE Int. Design, Automation & Test in Europe Conference & Exhibition Conf., Lausanne, Switzerland, 2017, pp. 1691-1696.

Crossref

[5]

M. Tiwari, H. M. Wassel, B. Mazloom, S. Mysore, F. T. Chong, and T. Sherwood, Complete information flow tracking from the gates up, ACM Sigplan Notices, vol. 44, no. 3, pp. 109-120, 2009.

Crossref Google Scholar

[6]

W. Hu, J. Oberg, A. Irturk, M. Tiwari, T. Sherwood, D. Mu, and R. Kastner, Theoretical fundamentals of gate level information flow tracking, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, vol. 30, no. 8, pp. 1128-1140, 2011.

Crossref Google Scholar

[7]

J. Oberg, S. Meiklejohn, T. Sherwood, and R. Kastner, Leveraging gate-level properties to identify hardware timing channels, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, vol. 33, no. 9, pp. 1288-1301, 2014.

Crossref Google Scholar

[8]

C. E. Shannon, A mathematical theory of communication, ACM SIGMOBILE Mobile Computing and Communications Review, vol. 5, no. 1, pp. 3-55, 2001.

Crossref Google Scholar

[9]

D. Clark, S. Hunt, and P. Malacaria, Quantified interference for a while language, Electronic Notes in Theoretical Computer Science, vol. 112, pp. 149-166, 2005.

Crossref Google Scholar

[10]

J. W. Gray III, Toward a mathematical foundation for information flow security, Journal of Computer Security, vol. 1, nos. 3&4, pp. 255-294, 1992.

Crossref Google Scholar

[11]

J. Heusser and P. Malacaria, Quantifying information leaks in software, in Proc. of 26th ACM Annual Computer Security Applications Conf., Austin, TX, USA, 2010, pp. 261-269.

Crossref

[12]

B. Mao, W. Hu, A. Althoff, J. Matai, Y. Tai, D. Mu, T. Sherwood, and R. Kastner, Quantitative analysis of timing channel security in cryptographic hardware design, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, vol. 37, no. 9, pp. 1719-1732, 2018.

Crossref Google Scholar

[13]

L. Zhang, W. Hu, A. Ardeshiricham, Y. Tai, J. Blackstone, D. Mu, and R. Kastner, Examining the consequences of high-level synthesis optimizations on power side-channel, in Proc. of 2018 IEEE Int. Design, Automation & Test in Europe Conference & Exhibition Conf., Dresden, Germany, 2018, pp. 1167-1170.

Crossref

[14]

J. Oberg, W. Hu, A. Irturk, M. Tiwari, T. Sherwood, and R. Kastner, Information flow isolation in I2C and USB, in Proc. of 48th ACM/EDAC/IEEE Design Automation Conference, New York, NY, USA, 2011, pp. 254-259.

Crossref

[15]

R. Kastner, J. Oberg, W. Hu, and A. Irturk, Enforcing information flow guarantees in reconfigurable systems with mix-trusted IP, in Proc. of Int. Conf. on Engineering of Reconfigurable Systems and Algorithms, Las Vegas, NV, USA, 2011, pp. 1-12.

[16]

M. Tiwari, J. K. Oberg, X. Li, J. Valamehr, T. Levin, B. Hardekopf, R. Kastner, F. T. Chong, and T. Sherwood, Crafting a usable microkernel, processor, and I/O system with strict and provable information flow security, ACM SIGARCH Computer Architecture News, vol. 39, no. 3, pp. 189-200, 2011.

Crossref Google Scholar

[17]

W. Hu, B. Mao, J. Oberg, and R. Kastner, Detecting hardware trojans with gate-level information-flow tracking, Computer, vol. 49, no. 8. pp. 44-52, 2016.

Crossref Google Scholar

[18]

X. Li, M. Tiwari, J. K. Oberg, V. Kashyap, F. T. Chong, T. Sherwood, and B. Hardekopf, Caisson: A hardware description language for secure information flow, ACM SIGPLAN Notices, vol. 46, no. 6, pp. 109-120, 2011.

Crossref Google Scholar

[19]

X. Li, V. Kashyap, J. K. Oberg, M. Tiwari, V. R. Rajarathinam, R. Kastner, T. Sherwood, B. Hardekopf, and F. T. Chong, Sapper: A language for hardware-level security policy enforcement, ACM SIGPLAN Notices, vol. 42, no. 4, pp. 97-112, 2014.

Crossref Google Scholar

[20]

Y. Jin and Y. Makris, Proof carrying-based information flow tracking for data secrecy protection and hardware trust, in Proc. of IEEE 30th VLSI Test Symposium, Maui, HI, USA, 2012, pp. 252-257.

Crossref

[21]

F. Yan and K. Wang, Leakage is prohibited: Memory protection extensions protected address space randomization, Tsinghua Science and Technology, vol. 24, no. 5, pp. 546-556, 2019.

Crossref Google Scholar

[22]

W. Hu, A. Ardeshiricham, M. S. Gobulukoglu, X. Wang, and R. Kastner, Property specific information flow analysis for hardware security verification, in Proc. of IEEE/ACM Int. Conf. on Computer-Aided Design, San Diego, CA, USA, 2018, pp. 1-8.

Crossref

[23]

B. Mazloom, S. Mysore, M. Tiwari, B. Agrawal, and T. Sherwood, Dataflow tomography: Information flow tracking for understanding and visualizing full systems, ACM Transactions on Architecture and Code Optimization, vol. 9, no. 1, pp. 1-26, 2012.

Crossref Google Scholar

[24]

H. Salmani, M. Tehranipoor, and R. Karri, On design vulnerability analysis and trust benchmarks development, in Proc. of IEEE Int. Conf. on Computer Design, Asheville, NC, USA, 2013, pp. 471-474.

Crossref

Tsinghua Science and Technology

Volume 26 Issue 1,
February 2021

Pages 62-71

DOI: 10.26599/TST.2019.9010042

Cite this article:

Tai Y, Hu W, Zhang L, et al. A Multi-Flow Information Flow Tracking Approach for Proving Quantitative Hardware Security Properties. Tsinghua Science and Technology, 2021, 26(1): 62-71. https://doi.org/10.26599/TST.2019.9010042

629

Views

Downloads

Crossref

N/A

Web of Science

Scopus

CSCD

Google Scholar
Citation

Altmetrics

Received: 27 May 2019

Accepted: 28 August 2019

Published: 19 June 2020

The articles published in this open access journal are distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/).