Trustworthy Systems

Can we prove time protection?

Authors

Gernot Heiser, Gerwin Klein and Toby Murray

DATA61

UNSW Sydney

University of Melbourne

Abstract

Timing channels are a significant and growing security threat in computer systems, with no established solution. We have recently argued that the OS must provide time protection, in analogy to the established memory protection, to protect applications from information leakage through timing channels. Based on a recently-proposed implementation of time protection in the seL4 microkernel, we investigate how such an implementation could be formally proved to prevent timing channels. We postulate that this should be possible by reasoning about a highly abstracted representation of the shared hardware resources that cause timing channels.

BibTeX Entry

  @inproceedings{Heiser_KM_19,
    address          = {Bertinoro, Italy},
    author           = {Heiser, Gernot and Klein, Gerwin and Murray, Toby},
    booktitle        = {Workshop on Hot Topics in Operating Systems (HotOS)},
    date             = {2019-5-12},
    doi              = {https://doi.org/10.1145/3317550.3321431},
    month            = may,
    pages            = {23-29},
    paperurl         = {https://trustworthy.systems/publications/full_text/Heiser_KM_19.pdf},
    publisher        = {ACM},
    title            = {Can We Prove Time Protection?},
    year             = {2019}
  }

Download