Complexity and information flow analysis for multi-threaded programs

Minh Tri Ngo, Marieke Huisman

Research output: Contribution to journalArticle

  • 2 Citations

Abstract

This paper studies the security of multi-threaded programs. We combine two methods, i.e., qualitative and quantitative security analysis, to check whether a multi-threaded program is secure or not. In this paper, besides reviewing classical analysis models, we present a novel model of quantitative analysis where the attacker is able to select the scheduling policy. This model does not follow the traditional information-theoretic channel setting. Our analysis first studies what extra information an attacker can get if he knows the scheduler’s choices, and then integrates this information into the transition system modeling the program execution. Via a case study, we compare this approach with the traditional information-theoretic models, and show that this approach gives more intuitive-matching results.
LanguageEnglish
Pages1-18
Number of pages18
JournalEuropean physical journal. Special topics
Volumeonline pre-publication
DOIs
StatePublished - Jan 2017

Fingerprint

information flow
reviewing
scheduling
quantitative analysis
Scheduling
Chemical analysis

Keywords

  • IR-104403
  • EWI-27665

Cite this

@article{b023baac518b467dbd42eb16bc3003c6,
title = "Complexity and information flow analysis for multi-threaded programs",
abstract = "This paper studies the security of multi-threaded programs. We combine two methods, i.e., qualitative and quantitative security analysis, to check whether a multi-threaded program is secure or not. In this paper, besides reviewing classical analysis models, we present a novel model of quantitative analysis where the attacker is able to select the scheduling policy. This model does not follow the traditional information-theoretic channel setting. Our analysis first studies what extra information an attacker can get if he knows the scheduler’s choices, and then integrates this information into the transition system modeling the program execution. Via a case study, we compare this approach with the traditional information-theoretic models, and show that this approach gives more intuitive-matching results.",
keywords = "IR-104403, EWI-27665",
author = "Ngo, {Minh Tri} and Marieke Huisman",
year = "2017",
month = "1",
doi = "10.1140/epjst/e2016-60402-0",
language = "English",
volume = "online pre-publication",
pages = "1--18",
journal = "European physical journal. Special topics",
issn = "1951-6355",
publisher = "EDP Sciences",

}

Complexity and information flow analysis for multi-threaded programs. / Ngo, Minh Tri; Huisman, Marieke.

In: European physical journal. Special topics, Vol. online pre-publication, 01.2017, p. 1-18.

Research output: Contribution to journalArticle

TY - JOUR

T1 - Complexity and information flow analysis for multi-threaded programs

AU - Ngo,Minh Tri

AU - Huisman,Marieke

PY - 2017/1

Y1 - 2017/1

N2 - This paper studies the security of multi-threaded programs. We combine two methods, i.e., qualitative and quantitative security analysis, to check whether a multi-threaded program is secure or not. In this paper, besides reviewing classical analysis models, we present a novel model of quantitative analysis where the attacker is able to select the scheduling policy. This model does not follow the traditional information-theoretic channel setting. Our analysis first studies what extra information an attacker can get if he knows the scheduler’s choices, and then integrates this information into the transition system modeling the program execution. Via a case study, we compare this approach with the traditional information-theoretic models, and show that this approach gives more intuitive-matching results.

AB - This paper studies the security of multi-threaded programs. We combine two methods, i.e., qualitative and quantitative security analysis, to check whether a multi-threaded program is secure or not. In this paper, besides reviewing classical analysis models, we present a novel model of quantitative analysis where the attacker is able to select the scheduling policy. This model does not follow the traditional information-theoretic channel setting. Our analysis first studies what extra information an attacker can get if he knows the scheduler’s choices, and then integrates this information into the transition system modeling the program execution. Via a case study, we compare this approach with the traditional information-theoretic models, and show that this approach gives more intuitive-matching results.

KW - IR-104403

KW - EWI-27665

U2 - 10.1140/epjst/e2016-60402-0

DO - 10.1140/epjst/e2016-60402-0

M3 - Article

VL - online pre-publication

SP - 1

EP - 18

JO - European physical journal. Special topics

T2 - European physical journal. Special topics

JF - European physical journal. Special topics

SN - 1951-6355

ER -