Visible to the public An Axiomatic Approach to Detect Information Leaks in Concurrent Programs

TitleAn Axiomatic Approach to Detect Information Leaks in Concurrent Programs
Publication TypeConference Paper
Year of Publication2021
AuthorsGhosal, Sandip, Shyamasundar, R. K.
Conference Name2021 IEEE/ACM 43rd International Conference on Software Engineering: New Ideas and Emerging Results (ICSE-NIER)
Date Publishedmay
Keywordsaxiomatic approach, composability, Concurrency, Concurrent computing, concurrent programs, Context, correctness, Information Leak, leaky assertions, Metrics, Programming, pubcrawl, Real-time Systems, resilience, Resiliency, security, Software algorithms, software engineering
AbstractRealizing flow security in a concurrent environment is extremely challenging, primarily due to non-deterministic nature of execution. The difficulty is further exacerbated from a security angle if sequential threads disclose control locations through publicly observable statements like print, sleep, delay, etc. Such observations lead to internal and external timing attacks. Inspired by previous works that use classical Hoare style proof systems for establishing correctness of distributed (real-time) programs, in this paper, we describe a method for finding information leaks in concurrent programs through the introduction of leaky assertions at observable program points. Specifying leaky assertions akin to classic assertions, we demonstrate how information leaks can be detected in a concurrent context. To our knowledge, this is the first such work that enables integration of different notions of non-interference used in functional and security context. While the approach is sound and relatively complete in the classic sense, it enables the use of algorithmic techniques that enable programmers to come up with leaky assertions that enable checking for information leaks in sensitive applications.
DOI10.1109/ICSE-NIER52604.2021.00015
Citation Keyghosal_axiomatic_2021