A Language-based Approach to Analysing Flow Security Properties in Virtualised Computing Systems

被引:0
作者
Mu, Chunyan [1 ]
机构
[1] Teesside Univ, Dept Comp Sci, Middlesbrough, Cleveland, England
来源
2020 INTERNATIONAL SYMPOSIUM ON THEORETICAL ASPECTS OF SOFTWARE ENGINEERING (TASE 2020) | 2020年
关键词
language-based security; information flow control; cache non-interference; virtualised computing systems; INFORMATION-FLOW;
D O I
10.1109/TASE49443.2020.00033
中图分类号
TP18 [人工智能理论];
学科分类号
081104 ; 0812 ; 0835 ; 1405 ;
摘要
This paper studies the problem of reasoning about flow security properties in virtualised computing networks with mobility from perspective of formal language. We propose a distributed process algebra CSP4v with security labelled processes for the purpose of formal modelling of virtualised computing systems. Specifically, information leakage can come from observations on process executions. communications and from cache side channels in the virtualised environment. We describe a cache flow policy to identify such flows. A type system of the language is presented to enforce the flow policy.
引用
收藏
页码:185 / 192
页数:8
相关论文
共 33 条
[1]  
Amtoft T, 2004, LECT NOTES COMPUT SC, V3148, P100
[2]  
Capecchi S, 2010, LECT NOTES COMPUT SC, V6269, P237, DOI 10.1007/978-3-642-15375-4_17
[3]   Information flow for Algol-like languages [J].
Clark, D ;
Hankin, C ;
Hunt, S .
COMPUTER LANGUAGES SYSTEMS & STRUCTURES, 2002, 28 (01) :3-28
[4]   Thwarting Cache Side-Channel Attacks Through Dynamic Software Diversity [J].
Crane, Stephen ;
Homescu, Andrei ;
Brunthaler, Stefan ;
Larsen, Per ;
Franz, Michael .
22ND ANNUAL NETWORK AND DISTRIBUTED SYSTEM SECURITY SYMPOSIUM (NDSS 2015), 2015,
[5]   Non-Monopolizable Caches: Low-Complexity Mitigation of Cache Side Channel Attacks [J].
Domnitser, Leonid ;
Jaleel, Aamer ;
Loew, Jason ;
Abu-Ghazaleh, Nael ;
Ponomarev, Dmitry .
ACM TRANSACTIONS ON ARCHITECTURE AND CODE OPTIMIZATION, 2012, 8 (04)
[6]   A simple view of type-secure information flow in the π-calculus [J].
François, P .
15TH IEEE COMPUTER SECURITY FOUNDATION WORKSHOP, PROCEEDINGS, 2002, :320-330
[7]   Preventing Cache-Based Side-Channel Attacks in a Cloud Environment [J].
Godfrey, Michael ;
Zulkernine, Mohammad .
IEEE TRANSACTIONS ON CLOUD COMPUTING, 2014, 2 (04) :395-408
[8]  
Goguen J. A., 1982, Proceedings of the 1982 Symposium on Security and Privacy, P11
[9]   Flow-sensitive, context-sensitive, and object-sensitive information flow control based on program dependence graphs [J].
Hammer, Christian ;
Snelting, Gregor .
INTERNATIONAL JOURNAL OF INFORMATION SECURITY, 2009, 8 (06) :399-422
[10]   COMMUNICATING SEQUENTIAL PROCESSES [J].
HOARE, CAR .
COMMUNICATIONS OF THE ACM, 1978, 21 (08) :666-677
1234