Lazy Programs Leak Secrets
نویسندگان
چکیده
To preserve confidentiality, information-flow control (IFC) restricts how untrusted code handles secret data. While promising, IFC systems are not perfect; they can still leak sensitive information via covert channels. In this work, we describe a novel exploit of lazy evaluation to reveal secrets in IFC systems. Specifically, we show that lazy evaluation might transport information through the internal timing covert channel, a channel present in systems with concurrency and shared resources. We illustrate our claim with an attack for LIO , a concurrent IFC system for Haskell. We propose a countermeasure based on restricting the implicit sharing caused by lazy evaluation.
منابع مشابه
Language Support for Controlling Timing-Based Covert Channels
The problem of controlling information flow in multithreaded programs remains an important open challenge. A major difficulty for tracking information flow in concurrent programs is due to the internal timing covert channel. Information is leaked via this channel when secrets affect the timing behavior of a thread, which, via the scheduler, affects the interleaving of public events. This channe...
متن کاملFixing some Space Leaks with a Garbage Collector
Some functional programs may use more space than would be expected. A modiication to the garbage collector is suggested which solves this problem in some cases. Related work is discussed. A \space leak" is a feature of a program that causes it to use more space than one would expect. Several researchers have pointed out that space leaks are a common problem in functional languages with lazy eva...
متن کاملOn the Statistical Leak of the GGH13 Multilinear Map and some Variants
At EUROCRYPT 2013, Garg, Gentry and Halevi proposed a candidate construction (later referred as GGH13) of cryptographic multilinear map (MMap). Despite weaknesses uncovered by Hu and Jia (EUROCRYPT 2016), this candidate is still used for designing obfuscators. The naive version of the GGH13 scheme was deemed susceptible to averaging attacks, i.e., it could su er from a statistical leak (yet no ...
متن کاملOptimal Sensor Placement for Leak Location in Water Distribution Networks using Evolutionary Algorithms
In this paper, a sensor placement approach to improve the leak location in water distribution networks is proposed when the leak signature space (LSS) method is used. The sensor placement problem is formulated as an integer optimization problem where the criterion to be minimized is the number of overlapping signature domains computed from the original LSS representation. First, a semi-exhausti...
متن کاملLazy-CSeq: A Lazy Sequentialization Tool for C - (Competition Contribution)
We describe a version of the lazy sequentialization schema by La Torre, Madhusudan, and Parlato that is optimized for bounded programs, and avoids the re-computation of the local state of each process at each context switch. Lazy-CSeq implements this sequentialization schema for sequentially consistent C programs using POSIX threads. Experiments show that it is very competitive.
متن کامل