Information Leakage as a Scheduling Resource

  • Fabrizio Biondi
  • Mounir Chadli
  • Thomas Given-WilsonEmail author
  • Axel Legay
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10471)


High-security processes have to load confidential information into shared resources as part of their operation. This confidential information may be leaked (directly or indirectly) to low-security processes via the shared resource. This paper considers leakage from high-security to low-security processes from the perspective of scheduling. The workflow model is here extended to support preemption, security levels, and leakage. Formalization of leakage properties is then built upon this extended model, allowing formal reasoning about the security of schedulers. Several heuristics are presented in the form of compositional preprocessors and postprocessors as part of a more general scheduling approach. The effectiveness of such heuristics are evaluated experimentally, showing them to achieve significantly better schedulability than the state of the art. Modeling of leakage from cache attacks is presented as a case study.


  1. 1.
    Alvim, M.S., Chatzikokolakis, K., Palamidessi, C., Smith, G.: Measuring information leakage using generalized gain functions. In: Chong, S. (ed.) CSF. IEEE (2012)Google Scholar
  2. 2.
    Backes, M., Köpf, B., Rybalchenko, A.: Automatic discovery and quantification of information leaks. In: S&P, pp. 141–153. IEEE (2009)Google Scholar
  3. 3.
    Benoit, A., Çatalyürek, U.V., Robert, Y., Saule, E.: A survey of pipelined workflow scheduling: models and algorithms. ACM Comput. Surv. 45(4), 50:1–50:36 (2013)CrossRefGoogle Scholar
  4. 4.
    Biondi, F., Legay, A., Malacaria, P., Wasowski, A.: Quantifying information leakage of randomized protocols. Theor. Comput. Sci. 597, 62–87 (2015)CrossRefzbMATHMathSciNetGoogle Scholar
  5. 5.
    Biondi, F., Legay, A., Traonouez, L.-M., Wąsowski, A.: QUAIL: a quantitative security analyzer for imperative code. In: Sharygina, N., Veith, H. (eds.) CAV 2013. LNCS, vol. 8044, pp. 702–707. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-39799-8_49 CrossRefGoogle Scholar
  6. 6.
    Chothia, T., Kawamoto, Y., Novakovic, C.: LeakWatch: estimating information leakage from java programs. In: Kutyłowski, M., Vaidya, J. (eds.) ESORICS 2014. LNCS, vol. 8713, pp. 219–236. Springer, Cham (2014). doi: 10.1007/978-3-319-11212-1_13 Google Scholar
  7. 7.
    Costan, V., Devadas, S.: Intel sgx explained. IACR ePrint Archive 2016, 86 (2016)Google Scholar
  8. 8.
    Falliere, N., Murchu, L.O., Chien, E.: W32.Stuxnet dossier (2011)Google Scholar
  9. 9.
    Graham, R.L.: Bounds for certain multiprocessing anomalies. Bell Syst. Tech. J. 45(9), 1563–1581 (1966)CrossRefzbMATHGoogle Scholar
  10. 10.
    Gruss, D., Maurice, C., Wagner, K., Mangard, S.: Flush+Flush: a fast and stealthy cache attack. In: Caballero, J., Zurutuza, U., Rodríguez, R.J. (eds.) DIMVA 2016. LNCS, vol. 9721, pp. 279–299. Springer, Cham (2016). doi: 10.1007/978-3-319-40667-1_14 Google Scholar
  11. 11.
    Gruss, D., Spreitzer, R., Mangard, S.: Cache template attacks: automating attacks on inclusive last-level caches. In: Usenix Security 2015, pp. 897–912 (2015)Google Scholar
  12. 12.
    Heusser, J., Malacaria, P.: Quantifying information leaks in software. In: Gates, C., Franz, M., McDermott, J.P. (ed.) ACSAC, pp. 261–269. ACM (2010)Google Scholar
  13. 13.
    Kim, J.H., Legay, A., Larsen, K.G., Mikučionis, M., Nielsen, B.: Resource-parameterized timing analysis of real-time systems. In: Piterman, N. (ed.) HVC 2015. LNCS, vol. 9434, pp. 190–205. Springer, Cham (2015). doi: 10.1007/978-3-319-26287-1_12 CrossRefGoogle Scholar
  14. 14.
    Kim, J.H., Legay, A., Traonouez, L., Boudjadar, A., Nyman, U., Larsen, K.G., Lee, I., Choi, J.: Optimizing the resource requirements of hierarchical scheduling systems. SIGBED Rev. 13(3), 41–48 (2016)CrossRefGoogle Scholar
  15. 15.
    Mohan, S., Yoon, M., Pellizzoni, R., Bobba, R.: Real-time systems security through scheduler constraints. In: ECRTS, pp. 129–140. IEEE Computer Society (2014)Google Scholar
  16. 16.
    Osvik, D.A., Shamir, A., Tromer, E.: Cache attacks and countermeasures: the case of AES. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 1–20. Springer, Heidelberg (2006). doi: 10.1007/11605805_1 CrossRefGoogle Scholar
  17. 17.
    Pellizzoni, R., Paryab, N., Yoon, M., Bak, S., Mohan, S., Bobba, R.: A generalized model for preventing information leakage in hard real-time systems. In: RTAS. IEEE (2015)Google Scholar
  18. 18.
    Ristenpart, T., Tromer, E., Shacham, H., Savage, S.: Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In: CCS 2009. ACM (2009)Google Scholar
  19. 19.
    Schwarz, M., Weiser, S., Gruss, D., Maurice, C., Mangard, S.: Malware guard extension: Using SGX to conceal cache attacks. arXiv preprint (2017). arXiv:1702.08719
  20. 20.
    Son, J., Alves-Foss, J.: Covert timing channel capacity of rate monotonic real-time scheduling algorithm in MLS systems. In: IASTED, pp. 13–18 (2006)Google Scholar
  21. 21.
    Son, S.H., Mukkamala, R., David, R.: Integrating security and real-time requirements using covert channel capacity. IEEE Trans. Knowl. Data Eng. 12(6), 865–879 (2000)CrossRefGoogle Scholar
  22. 22.
    Tromer, E., Osvik, D.A., Shamir, A.: Efficient cache attacks on AES, and countermeasures. J. Cryptol. 23(1), 37–71 (2010)CrossRefzbMATHMathSciNetGoogle Scholar
  23. 23.
    Val, C.G., Enescu, M.A., Bayless, S., Aiello, W., Hu, A.J.: Precisely measuring quantitative information flow: 10k lines of code and beyond. In: Euro S&P. IEEE (2016)Google Scholar
  24. 24.
    Varadarajan, V., Ristenpart, T., Swift, M.M.: Scheduler-based defenses against cross-VM side-channels. In: Usenix Security, pp. 687–702 (2014)Google Scholar
  25. 25.
    Yarom, Y., Falkner, K.: FLUSH+RELOAD: a high resolution, low noise, L3 cache side-channel attack. In: USENIX Security, pp. 719–732 (2014)Google Scholar
  26. 26.
    Yoon, M.-K., Mohan, S., Chen, C.-Y., Sha, L.: Taskshuffler: a schedule randomization protocol for obfuscation against timing inference attacks in real-time systems. In: RTAS, pp. 1–12. IEEE (2016)Google Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Fabrizio Biondi
    • 1
  • Mounir Chadli
    • 2
  • Thomas Given-Wilson
    • 2
    Email author
  • Axel Legay
    • 2
  1. 1.CentraleSupélecChâtenay-MalabryFrance
  2. 2.InriaParisFrance

Personalised recommendations