Visible to the public Biblio

Filters: Author is Myers, Andrew C.  [Clear All Filters]
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 
Ferraiuolo, Andrew, Zhao, Mark, Myers, Andrew C., Suh, G. Edward.  2018.  HyperFlow: A Processor Architecture for Nonmalleable, Timing-Safe Information Flow Security. Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. :1583-1600.

This paper presents HyperFlow, a processor that enforces secure information flow, including control over timing channels. The design and implementation of HyperFlow offer security assurance because it is implemented using a security-typed hardware description language that enforces secure information flow. Unlike prior processors that aim to enforce simple information-flow policies such as noninterference, HyperFlow allows complex information flow policies that can be configured at run time. Its fine-grained, decentralized information flow mechanisms allow controlled communication among mutually distrusting processes and system calls into different security domains. We address the significant challenges in designing such a processor architecture with contributions in both the hardware architecture and the security type system. The paper discusses the architecture decisions that make the processor secure and describes ChiselFlow, a new secure hardware description language supporting lightweight information-flow enforcement. The HyperFlow architecture is prototyped on a full-featured processor that offers a complete RISC-V instruction set, and is shown to add moderate overhead to area and performance.

Sheff, Isaac, Magrino, Tom, Liu, Jed, Myers, Andrew C., van Renesse, Robbert.  2016.  Safe Serializable Secure Scheduling: Transactions and the Trade-Off Between Security and Consistency. Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. :229–241.

Modern applications often operate on data in multiple administrative domains. In this federated setting, participants may not fully trust each other. These distributed applications use transactions as a core mechanism for ensuring reliability and consistency with persistent data. However, the coordination mechanisms needed for transactions can both leak confidential information and allow unauthorized influence. By implementing a simple attack, we show these side channels can be exploited. However, our focus is on preventing such attacks. We explore secure scheduling of atomic, serializable transactions in a federated setting. While we prove that no protocol can guarantee security and liveness in all settings, we establish conditions for sets of transactions that can safely complete under secure scheduling. Based on these conditions, we introduce \textbackslashti\staged commit\, a secure scheduling protocol for federated transactions. This protocol avoids insecure information channels by dividing transactions into distinct stages. We implement a compiler that statically checks code to ensure it meets our conditions, and a system that schedules these transactions using the staged commit protocol. Experiments on this implementation demonstrate that realistic federated transactions can be scheduled securely, atomically, and efficiently.

Wang, Yao, Ferraiuolo, Andrew, Zhang, Danfeng, Myers, Andrew C., Suh, G. Edward.  2016.  SecDCP: Secure Dynamic Cache Partitioning for Efficient Timing Channel Protection. Proceedings of the 53rd Annual Design Automation Conference. :74:1–74:6.

In today's multicore processors, the last-level cache is often shared by multiple concurrently running processes to make efficient use of hardware resources. However, previous studies have shown that a shared cache is vulnerable to timing channel attacks that leak confidential information from one process to another. Static cache partitioning can eliminate the cache timing channels but incurs significant performance overhead. In this paper, we propose Secure Dynamic Cache Partitioning (SecDCP), a partitioning technique that defeats cache timing channel attacks. The SecDCP scheme changes the size of cache partitions at run time for better performance while preventing insecure information leakage between processes. For cache-sensitive multiprogram workloads, our experimental results show that SecDCP improves performance by up to 43% and by an average of 12.5% over static cache partitioning.

Liu, Jed, Corbett-Davies, Joe, Ferraiuolo, Andrew, Ivanov, Alexander, Luo, Mulong, Suh, G. Edward, Myers, Andrew C., Campbell, Mark.  2018.  Secure Autonomous Cyber-Physical Systems Through Verifiable Information Flow Control. Proceedings of the 2018 Workshop on Cyber-Physical Systems Security and PrivaCy. :48–59.

Modern cyber-physical systems are complex networked computing systems that electronically control physical systems. Autonomous road vehicles are an important and increasingly ubiquitous instance. Unfortunately, their increasing complexity often leads to security vulnerabilities. Network connectivity exposes these vulnerable systems to remote software attacks that can result in real-world physical damage, including vehicle crashes and loss of control authority. We introduce an integrated architecture to provide provable security and safety assurance for cyber-physical systems by ensuring that safety-critical operations and control cannot be unintentionally affected by potentially malicious parts of the system. Fine-grained information flow control is used to design both hardware and software, determining how low-integrity information can affect high-integrity control decisions. This security assurance is used to improve end-to-end security across the entire cyber-physical system. We demonstrate this integrated approach by developing a mobile robotic testbed modeling a self-driving system and testing it with a malicious attack.