Skip to main content
Conference Proceedings

Lazy programs leak secrets

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2013) 8208 LNCS 116-122
DOI: 10.1007/978-3-642-41488-6_8
10Citations
Citations of this article
6Readers
Mendeley users who have this article in their library.
Get full text

Abstract

To preserve confidentiality, information-flow control (IFC) restricts how untrusted code handles secret data. While promising, IFC systems are not perfect; they can still leak sensitive information via covert channels. In this work, we describe a novel exploit of lazy evaluation to reveal secrets in IFC systems. Specifically, we show that lazy evaluation might transport information through the internal timing covert channel, a channel present in systems with concurrency and shared resources. We illustrate our claim with an attack for LIO, a concurrent IFC system for Haskell. We propose a countermeasure based on restricting the implicit sharing caused by lazy evaluation. © 2013 Springer-Verlag.

Cite

CITATION STYLE

APA

Buiras, P., & Russo, A. (2013). Lazy programs leak secrets. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 8208 LNCS, pp. 116–122). Springer Verlag. https://doi.org/10.1007/978-3-642-41488-6_8

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free