Séminaire SoSySec

Sécurité des logiciels et des systèmes

Accueil     Présentation     Archives

Aslan Askarov (Aarhus University)

Towards information-flow–aware automatic memory management

In this talk, I will discuss information flows via timing channels that occur the presence of automatic memory management. We will study a series of example attacks that illustrate that many existing garbage collectors form a shared resource that can be used to reliably leak sensitive information at a rate of up to 1byte/sec. The created channel is also observable across a network connection in a datacenter setting. I will subsequently present design constraints for automatic memory management that are provably resilient against such attacks. We also will discuss ramifications of leaks via automatic memory management in the context of modern dynamic and static techniques for language-based information flow control. Joint work with Mathias Pedersen.