Multi-Execution Lattices Fast and Slow

03/25/2021
by   Maximilian Algehed, et al.
0

Methods for automatically, soundly, and precisely guaranteeing the noninterference security policy are predominantly based on multi-execution. All other methods are either based on undecidable theorem proving or suffer from false alarms. The multi-execution mechanisms, meanwhile, work by isolating security levels during program execution and running multiple copies of the target program, once for each security level with carefully tailored inputs that ensure both soundness and precision. When security levels are hierarchically organised in a lattice, this may lead to an exponential number of executions of the target program as the number of possible ways of combining security levels grows. In this paper we study how the lattice structure for security levels influences the runtime overhead of multi-execution. We additionally show how to use Galois connections to gain speedups in multi-execution by switching from lattices with high overhead to lattices with low overhead. Additionally, we give an empirical evaluation that corroborates our analysis and shows how Galois connections have potential to speed up multi-execution.

READ FULL TEXT

page 1

page 2

page 3

page 4

research
05/25/2020

Transparent IFC Enforcement: Possibility and (In)Efficiency Results

Information Flow Control (IFC) is a collection of techniques for ensurin...
research
04/07/2023

CrossCode: Multi-level Visualization of Program Execution

Program visualizations help to form useful mental models of how programs...
research
11/04/2020

dMVX: Secure and Efficient Multi-Variant Execution in a Distributed Setting

Multi-variant execution (MVX) systems amplify the effectiveness of softw...
research
02/08/2023

Parma: Confidential Containers via Attested Execution Policies

Container-based technologies empower cloud tenants to develop highly por...
research
06/24/2021

SecureDL: Securing Code Execution and Access Control for Distributed Data Analytics Platforms

Distributed data analytics platforms such as Apache Spark enable cost-ef...
research
06/12/2018

SoK: Sanitizing for Security

The C and C++ programming languages are notoriously insecure yet remain ...
research
09/25/2019

SIP Shaker: Software Integrity Protection Composition

Man-At-The-End (MATE) attackers are almighty adversaries against whom th...

Please sign up or login with your details

Forgot password? Click here to reset