scholarly journals Information Flow Tracking for Linux Handling Concurrent System Calls and Shared Memory

2017 ◽  
pp. 1-16 ◽  
Author(s):  
Laurent Georget ◽  
Mathieu Jaume ◽  
Guillaume Piolle ◽  
Frédéric Tronel ◽  
Valérie Viet Triem Tong
Keyword(s):  
Shared Memory ◽  
Information Flow ◽  
Concurrent System ◽  
Information Flow Tracking ◽  
System Calls

Hardware Information Flow Tracking

2021 ◽  
Vol 54 (4) ◽  
pp. 1-39
Author(s):  
Wei Hu ◽  
Armaiti Ardeshiricham ◽  
Ryan Kastner
Keyword(s):  
Access Control ◽  
Computer Security ◽  
Information Flow ◽  
Hardware Security ◽  
Computing System ◽  
Security Vulnerabilities ◽  
Information Flow Tracking ◽  
Side Channels ◽  
Security Properties ◽  
Tools And Techniques

Information flow tracking (IFT) is a fundamental computer security technique used to understand how information moves through a computing system. Hardware IFT techniques specifically target security vulnerabilities related to the design, verification, testing, manufacturing, and deployment of hardware circuits. Hardware IFT can detect unintentional design flaws, malicious circuit modifications, timing side channels, access control violations, and other insecure hardware behaviors. This article surveys the area of hardware IFT. We start with a discussion on the basics of IFT, whose foundations were introduced by Denning in the 1970s. Building upon this, we develop a taxonomy for hardware IFT. We use this to classify and differentiate hardware IFT tools and techniques. Finally, we discuss the challenges yet to be resolved. The survey shows that hardware IFT provides a powerful technique for identifying hardware security vulnerabilities, as well as verifying and enforcing hardware security properties.

scholarly journals Towards a hardware-assisted information flow tracking ecosystem for ARM processors

2016 ◽  
Author(s):  
Muhammad Abdul Wahab ◽  
Pascal Cotret ◽  
Mounir Nasr Allah ◽  
Guillaume Hiet ◽  
Vianney Lapotre ◽  
...  
Keyword(s):  
Information Flow ◽  
Information Flow Tracking

An Enhanced Dynamic Information Flow Tracking Method with Reverse Stack Execution

2015 ◽  
Vol 3 (1) ◽  
pp. 40-58 ◽  
Author(s):  
Anna Trikalinou ◽  
Nikolaos Bourbakis
Keyword(s):  
Programming Languages ◽  
Information Flow ◽  
Attack Detection ◽  
Control Flow ◽  
Security Issue ◽  
Memory Errors ◽  
Dynamic Information ◽  
C Programs ◽  
Information Flow Tracking ◽  
Dynamic Information Flow Tracking

Memory errors have long been a critical security issue primarily for C/C++ programming languages and are still considered one of the top three most dangerous software errors according to the MITRE ranking. In this paper the authors focus on their exploitation via control-flow hijacking and data-only attacks (stack, and partially heap (G. Novarck & E. Berger, 2010)) by proposing a synergistic security methodology, which can accurately detect and thwart them. Their methodology is based on the Dynamic Information Flow Tracking (DIFT) technique and improves its data-only attack detection by utilizing features from the Reverse Stack Execution (RSE) security technique. Thus, the authors can significantly lower the resource consumption of the latter methodology, while increasing the former's accuracy. Their proof-of-concept compiler implementation verifies their assumptions and is able to protect vulnerable C programs against various real-world attack scenarios.

Expanding Gate Level Information Flow Tracking for Multilevel Security

2013 ◽  
Vol 5 (2) ◽  
pp. 25-28 ◽  
Author(s):  
Wei Hu ◽  
J. Oberg ◽  
J. Barrientos ◽  
Dejun Mu ◽  
R. Kastner
Keyword(s):  
Information Flow ◽  
Multilevel Security ◽  
Information Flow Tracking ◽  
Level Information

scholarly journals Data Secrecy Protection Through Information Flow Tracking in Proof-Carrying Hardware IP—Part II: Framework Automation

2017 ◽  
Vol 12 (10) ◽  
pp. 2430-2443 ◽  
Author(s):  
Mohammad-Mahdi Bidmeshki ◽  
Xiaolong Guo ◽  
Raj Gautam Dutta ◽  
Yier Jin ◽  
Yiorgos Makris
Keyword(s):  
Information Flow ◽  
Information Flow Tracking

Generic Semantics Specification and Processing for Inter-System Information Flow Tracking

2017 ◽  
pp. 445-460
Author(s):  
Pascal Birnstill ◽  
Christoph Bier ◽  
Paul Wagner ◽  
Jürgen Beyerer
Keyword(s):  
Information Flow ◽  
Information Flow Tracking ◽  
System Information

scholarly journals Interdomain I/O Optimization in Virtualized Sensor Networks

Sensors ◽  
2018 ◽  
Vol 18 (12) ◽  
pp. 4395 ◽  
Author(s):  
Congfeng Jiang ◽  
Tiantian Fan ◽  
Yeliang Qiu ◽  
Hongyuan Wu ◽  
Jilin Zhang ◽  
...  
Keyword(s):  
Sensor Networks ◽  
Shared Memory ◽  
Performance Optimization ◽  
Virtual Machines ◽  
Transmission Control Protocol ◽  
Virtual Network ◽  
Network Interface ◽  
Communication Performance ◽  
System Calls ◽  
Interdomain Communication

In virtualized sensor networks, virtual machines (VMs) share the same hardware for sensing service consolidation and saving power. For those VMs that reside in the same hardware, frequent interdomain data transfers are invoked for data analytics, and sensor collaboration and actuation. Traditional ways of interdomain communications are based on virtual network interfaces of bilateral VMs for data sending and receiving. Since these network communications use TCP/IP (Transmission Control Protocol/Internet Protocol) stacks, they result in lengthy communication paths and frequent kernel interactions, which deteriorate the I/O (Input/Output) performance of involved VMs. In this paper, we propose an optimized interdomain communication approach based on shared memory to improve the interdomain communication performance of multiple VMs residing in the same sensor hardware. In our approach, the sending data are shared in memory pages maintained by the hypervisor, and the data are not transferred through the virtual network interface via a TCP/IP stack. To avoid security trapping, the shared data are mapped in the user space of each VM involved in the communication, therefore reducing tedious system calls and frequent kernel context switches. In implementation, the shared memory is created by a customized shared-device kernel module that has bidirectional event channels between both communicating VMs. For performance optimization, we use state flags in a circular buffer to reduce wait-and-notify operations and system calls during communications. Experimental results show that our proposed approach can provide five times higher throughput and 2.5 times less latency than traditional TCP/IP communication via a virtual network interface.

Sign in / Sign up

Export Citation Format

Share Document