A multi-flow information flow tracking approach for proving quantitative hardware security properties

Information flow tracking (IFT) is a fundamental computer security technique used to understand how information moves through a computing system. Hardware IFT techniques specifically target security vulnerabilities related to the design, verification, testing, manufacturing, and deployment of hardware circuits. Hardware IFT can detect unintentional design flaws, malicious circuit modifications, timing side channels, access control violations, and other insecure hardware behaviors. This article surveys the area of hardware IFT. We start with a discussion on the basics of IFT, whose foundations were introduced by Denning in the 1970s. Building upon this, we develop a taxonomy for hardware IFT. We use this to classify and differentiate hardware IFT tools and techniques. Finally, we discuss the challenges yet to be resolved. The survey shows that hardware IFT provides a powerful technique for identifying hardware security vulnerabilities, as well as verifying and enforcing hardware security properties.

Download Full-text

Theorem proof based gate level information flow tracking for hardware security verification

Computers & Security ◽

10.1016/j.cose.2019.05.005 ◽

2019 ◽

Vol 85 ◽

pp. 225-239 ◽

Cited By ~ 1

Author(s):

Maoyuan Qin ◽

Wei Hu ◽

Xinmu Wang ◽

Dejun Mu ◽

Baolei Mao

Keyword(s):

Information Flow ◽

Hardware Security ◽

Information Flow Tracking ◽

Level Information ◽

Theorem Proof ◽

Security Verification

Download Full-text

Information Flow Tracking for Linux Handling Concurrent System Calls and Shared Memory

Software Engineering and Formal Methods - Lecture Notes in Computer Science ◽

10.1007/978-3-319-66197-1_1 ◽

2017 ◽

pp. 1-16 ◽

Cited By ~ 1

Author(s):

Laurent Georget ◽

Mathieu Jaume ◽

Guillaume Piolle ◽

Frédéric Tronel ◽

Valérie Viet Triem Tong

Keyword(s):

Shared Memory ◽

Information Flow ◽

Concurrent System ◽

Information Flow Tracking ◽

System Calls

Download Full-text

Towards a hardware-assisted information flow tracking ecosystem for ARM processors

2016 26th International Conference on Field Programmable Logic and Applications (FPL) ◽

10.1109/fpl.2016.7577396 ◽

2016 ◽

Author(s):

Muhammad Abdul Wahab ◽

Pascal Cotret ◽

Mounir Nasr Allah ◽

Guillaume Hiet ◽

Vianney Lapotre ◽

...

Keyword(s):

Information Flow ◽

Information Flow Tracking

Download Full-text

Complete information flow tracking from the gates up

Proceeding of the 14th international conference on Architectural support for programming languages and operating systems - ASPLOS '09 ◽

10.1145/1508244.1508258 ◽

2009 ◽

Cited By ~ 91

Author(s):

Mohit Tiwari ◽

Hassan M.G. Wassel ◽

Bita Mazloom ◽

Shashidhar Mysore ◽

Frederic T. Chong ◽

...

Keyword(s):

Information Flow ◽

Complete Information ◽

Information Flow Tracking

Download Full-text

Stochastic Dynamic Information Flow Tracking Game with Reinforcement Learning

Lecture Notes in Computer Science - Decision and Game Theory for Security ◽

10.1007/978-3-030-32430-8_25 ◽

2019 ◽

pp. 417-438

Author(s):

Dinuka Sahabandu ◽

Shana Moothedath ◽

Joey Allen ◽

Linda Bushnell ◽

Wenke Lee ◽

...

Keyword(s):

Reinforcement Learning ◽

Information Flow ◽

Stochastic Dynamic ◽

Dynamic Information ◽

Information Flow Tracking ◽

Dynamic Information Flow Tracking

Download Full-text

Quantifying Hardware Security Using Joint Information Flow Analysis

Proceedings of the 2016 Design, Automation & Test in Europe Conference & Exhibition (DATE) ◽

10.3850/9783981537079_1008 ◽

2016 ◽

Author(s):

Ryan Kastner ◽

Wei Hu ◽

Alric Althoff

Keyword(s):

Information Flow ◽

Flow Analysis ◽

Hardware Security ◽

Information Flow Analysis

Download Full-text

An Enhanced Dynamic Information Flow Tracking Method with Reverse Stack Execution

International Journal of Monitoring and Surveillance Technologies Research ◽

10.4018/ijmstr.2015010103 ◽

2015 ◽

Vol 3 (1) ◽

pp. 40-58 ◽

Cited By ~ 2

Author(s):

Anna Trikalinou ◽

Nikolaos Bourbakis

Keyword(s):

Programming Languages ◽

Information Flow ◽

Attack Detection ◽

Control Flow ◽

Security Issue ◽

Memory Errors ◽

Dynamic Information ◽

C Programs ◽

Information Flow Tracking ◽

Dynamic Information Flow Tracking

Memory errors have long been a critical security issue primarily for C/C++ programming languages and are still considered one of the top three most dangerous software errors according to the MITRE ranking. In this paper the authors focus on their exploitation via control-flow hijacking and data-only attacks (stack, and partially heap (G. Novarck & E. Berger, 2010)) by proposing a synergistic security methodology, which can accurately detect and thwart them. Their methodology is based on the Dynamic Information Flow Tracking (DIFT) technique and improves its data-only attack detection by utilizing features from the Reverse Stack Execution (RSE) security technique. Thus, the authors can significantly lower the resource consumption of the latter methodology, while increasing the former's accuracy. Their proof-of-concept compiler implementation verifies their assumptions and is able to protect vulnerable C programs against various real-world attack scenarios.

Download Full-text