Hardware Information Flow Tracking

2021 ◽  
Vol 54 (4) ◽  
pp. 1-39
Author(s):  
Wei Hu ◽  
Armaiti Ardeshiricham ◽  
Ryan Kastner
Keyword(s):  
Access Control ◽  
Computer Security ◽  
Information Flow ◽  
Hardware Security ◽  
Computing System ◽  
Security Vulnerabilities ◽  
Information Flow Tracking ◽  
Side Channels ◽  
Security Properties ◽  
Tools And Techniques

Information flow tracking (IFT) is a fundamental computer security technique used to understand how information moves through a computing system. Hardware IFT techniques specifically target security vulnerabilities related to the design, verification, testing, manufacturing, and deployment of hardware circuits. Hardware IFT can detect unintentional design flaws, malicious circuit modifications, timing side channels, access control violations, and other insecure hardware behaviors. This article surveys the area of hardware IFT. We start with a discussion on the basics of IFT, whose foundations were introduced by Denning in the 1970s. Building upon this, we develop a taxonomy for hardware IFT. We use this to classify and differentiate hardware IFT tools and techniques. Finally, we discuss the challenges yet to be resolved. The survey shows that hardware IFT provides a powerful technique for identifying hardware security vulnerabilities, as well as verifying and enforcing hardware security properties.

Centralized, Distributed, and Everything in between

2022 ◽  
Vol 54 (7) ◽  
pp. 1-34
Author(s):  
Sophie Dramé-Maigné ◽  
Maryline Laurent ◽  
Laurent Castillo ◽  
Hervé Ganem
Keyword(s):  
Access Control ◽  
Future Research ◽  
The Internet ◽  
Research Directions ◽  
Security Issues ◽  
Security Properties ◽  
Future Research Directions ◽  
Iot Devices ◽  
The Internet Of Things ◽  
Security Of Iot

The Internet of Things is taking hold in our everyday life. Regrettably, the security of IoT devices is often being overlooked. Among the vast array of security issues plaguing the emerging IoT, we decide to focus on access control, as privacy, trust, and other security properties cannot be achieved without controlled access. This article classifies IoT access control solutions from the literature according to their architecture (e.g., centralized, hierarchical, federated, distributed) and examines the suitability of each one for access control purposes. Our analysis concludes that important properties such as auditability and revocation are missing from many proposals while hierarchical and federated architectures are neglected by the community. Finally, we provide an architecture-based taxonomy and future research directions: a focus on hybrid architectures, usability, flexibility, privacy, and revocation schemes in serverless authorization.

scholarly journals Information Flow Tracking for Linux Handling Concurrent System Calls and Shared Memory

2017 ◽  
pp. 1-16 ◽  
Author(s):  
Laurent Georget ◽  
Mathieu Jaume ◽  
Guillaume Piolle ◽  
Frédéric Tronel ◽  
Valérie Viet Triem Tong
Keyword(s):  
Shared Memory ◽  
Information Flow ◽  
Concurrent System ◽  
Information Flow Tracking ◽  
System Calls

MODEL CHECKING FOR VERIFICATION OF MANDATORY ACCESS CONTROL MODELS AND PROPERTIES

2011 ◽  
Vol 21 (01) ◽  
pp. 103-127 ◽  
Author(s):  
VINCENT C. HU ◽  
D. RICHARD KUHN ◽  
TAO XIE ◽  
JEEHYUN HWANG
Keyword(s):  
Access Control ◽  
Test Cases ◽  
Covering Array ◽  
Model Checker ◽  
Challenging Problem ◽  
Automated Generation ◽  
Mandatory Access Control ◽  
Access Control Models ◽  
Security Properties ◽  
Property Verification

Mandatory access control (MAC) mechanisms control which users or processes have access to which resources in a system. MAC policies are increasingly specified to facilitate managing and maintaining access control. However, the correct specification of the policies is a very challenging problem. To formally and precisely capture the security properties that MAC should adhere to, MAC models are usually written to bridge the rather wide gap in abstraction between policies and mechanisms. In this paper, we propose a general approach for property verification for MAC models. The approach defines a standardized structure for MAC models, providing for both property verification and automated generation of test cases. The approach expresses MAC models in the specification language of a model checker and expresses generic access control properties in the property language. Then the approach uses the model checker to verify the integrity, coverage, and confinement of these properties for the MAC models and finally generates test cases via combinatorial covering array for the system implementations of the models.

scholarly journals Towards a hardware-assisted information flow tracking ecosystem for ARM processors

2016 ◽  
Author(s):  
Muhammad Abdul Wahab ◽  
Pascal Cotret ◽  
Mounir Nasr Allah ◽  
Guillaume Hiet ◽  
Vianney Lapotre ◽  
...  
Keyword(s):  
Information Flow ◽  
Information Flow Tracking

scholarly journals A Unified Model to Detect Information Flow and Access Control Violations in Software Architectures

2021 ◽  
Author(s):  
Stephan Seifermann ◽  
Robert Heinrich ◽  
Dominik Werle ◽  
Ralf Reussner
Keyword(s):  
Access Control ◽  
Information Flow ◽  
Unified Model ◽  
Software Architectures
Sign in / Sign up

Export Citation Format

Share Document