Fault-Tolerant Non-interference. Del Tedesco, F.; Russo, A.; and Sands, D. In Engineering Secure Software and Systems (ESSoS'14), volume 8364, of LNCS, pages 60--76. Springer International Publishing, 2014.
Paper abstract bibtex This paper is about ensuring security in unreliable systems. We study systems which are subject to transient faults -– soft errors that cause stored values to be corrupted. The classic problem of fault tolerance is to modify a system so that it works despite a limited number of faults. We introduce a novel variant of this problem. Instead of demanding that the system works despite faults, we simply require that it remains secure: wrong answers may be given but secrets will not be revealed. We develop a software-based technique to achieve this fault- tolerant non-interference property. The method is defined on a simple assembly language, and guarantees security for any assembly program provided as input. The security property is defined on top of a formal model that encompasses both the fault-prone machine and the faulty environment. A precise characterization of the class of programs for which the method guarantees transparency is provided.
@incollection{DelTedesco:Russo:Sands:ESSOS14,
title={Fault-Tolerant Non-interference},
author={Del Tedesco, Filippo and Russo, Alejandro and Sands, David},
booktitle={Engineering Secure Software and Systems (ESSoS'14)},
pages={60--76},
volume={8364},
series={LNCS},
year={2014},
publisher={Springer International Publishing},
url_Paper = {http://www.cse.chalmers.se/~dave/papers/essos14.pdf},
abstract = {This paper is about ensuring security in unreliable systems. We study systems which are subject to transient faults -– soft errors that cause stored values to be corrupted. The classic problem of fault tolerance is to modify a system so that it works despite a limited number of faults. We introduce a novel variant of this problem. Instead of demanding that the system works despite faults, we simply require that it remains secure: wrong answers may be given but secrets will not be revealed. We develop a software-based technique to achieve this fault- tolerant non-interference property. The method is defined on a simple assembly language, and guarantees security for any assembly program provided as input. The security property is defined on top of a formal model that encompasses both the fault-prone machine and the faulty environment. A precise characterization of the class of programs for which the method guarantees transparency is provided.}
}