Complexity and information flow analysis for multi-threaded programs

Minh Tri Ngo, Marieke Huisman

Abstract

This paper studies the security of multi-threaded programs. We combine two methods, i.e., qualitative and quantitative security analysis, to check whether a multi-threaded program is secure or not. In this paper, besides reviewing classical analysis models, we present a novel model of quantitative analysis where the attacker is able to select the scheduling policy. This model does not follow the traditional information-theoretic channel setting. Our analysis first studies what extra information an attacker can get if he knows the scheduler’s choices, and then integrates this information into the transition system modeling the program execution. Via a case study, we compare this approach with the traditional information-theoretic models, and show that this approach gives more intuitive-matching results.
Original languageUndefined
Pages (from-to)1-18
Number of pages18
JournalEuropean physical journal. Special topics
Volumeonline pre-publication
DOIs
StatePublished - Jan 2017

Fingerprint

Scheduling
Chemical analysis

Keywords

  • IR-104403
  • EWI-27665

Cite this

Ngo, Minh Tri; Huisman, Marieke / Complexity and information flow analysis for multi-threaded programs.

In: European physical journal. Special topics, Vol. online pre-publication, 01.2017, p. 1-18.

Research output: Scientific - peer-reviewArticle

@article{b023baac518b467dbd42eb16bc3003c6,
title = "Complexity and information flow analysis for multi-threaded programs",
abstract = "This paper studies the security of multi-threaded programs. We combine two methods, i.e., qualitative and quantitative security analysis, to check whether a multi-threaded program is secure or not. In this paper, besides reviewing classical analysis models, we present a novel model of quantitative analysis where the attacker is able to select the scheduling policy. This model does not follow the traditional information-theoretic channel setting. Our analysis first studies what extra information an attacker can get if he knows the scheduler’s choices, and then integrates this information into the transition system modeling the program execution. Via a case study, we compare this approach with the traditional information-theoretic models, and show that this approach gives more intuitive-matching results.",
keywords = "IR-104403, EWI-27665",
author = "Ngo, {Minh Tri} and Marieke Huisman",
year = "2017",
month = "1",
doi = "10.1140/epjst/e2016-60402-0",
volume = "online pre-publication",
pages = "1--18",
journal = "European physical journal. Special topics",
issn = "1951-6355",
publisher = "Springer Verlag",

}

Complexity and information flow analysis for multi-threaded programs. / Ngo, Minh Tri; Huisman, Marieke.

In: European physical journal. Special topics, Vol. online pre-publication, 01.2017, p. 1-18.

Research output: Scientific - peer-reviewArticle

TY - JOUR

T1 - Complexity and information flow analysis for multi-threaded programs

AU - Ngo,Minh Tri

AU - Huisman,Marieke

PY - 2017/1

Y1 - 2017/1

N2 - This paper studies the security of multi-threaded programs. We combine two methods, i.e., qualitative and quantitative security analysis, to check whether a multi-threaded program is secure or not. In this paper, besides reviewing classical analysis models, we present a novel model of quantitative analysis where the attacker is able to select the scheduling policy. This model does not follow the traditional information-theoretic channel setting. Our analysis first studies what extra information an attacker can get if he knows the scheduler’s choices, and then integrates this information into the transition system modeling the program execution. Via a case study, we compare this approach with the traditional information-theoretic models, and show that this approach gives more intuitive-matching results.

AB - This paper studies the security of multi-threaded programs. We combine two methods, i.e., qualitative and quantitative security analysis, to check whether a multi-threaded program is secure or not. In this paper, besides reviewing classical analysis models, we present a novel model of quantitative analysis where the attacker is able to select the scheduling policy. This model does not follow the traditional information-theoretic channel setting. Our analysis first studies what extra information an attacker can get if he knows the scheduler’s choices, and then integrates this information into the transition system modeling the program execution. Via a case study, we compare this approach with the traditional information-theoretic models, and show that this approach gives more intuitive-matching results.

KW - IR-104403

KW - EWI-27665

U2 - 10.1140/epjst/e2016-60402-0

DO - 10.1140/epjst/e2016-60402-0

M3 - Article

VL - online pre-publication

SP - 1

EP - 18

JO - European physical journal. Special topics

T2 - European physical journal. Special topics

JF - European physical journal. Special topics

SN - 1951-6355

ER -