To preserve confidentiality, information-flow control (IFC) restricts how untrusted code handles secret data. While promising, IFC systems are not perfect; they can still leak sensitive information via covert channels. In this work, we describe a novel exploit of lazy evaluation to reveal secrets in IFC systems. Specifically, we show that lazy evaluation might transport information through the internal timing covert channel, a channel present in systems with concurrency and shared resources. We illustrate our claim with an attack for LIO, a concurrent IFC system for Haskell. We propose a countermeasure based on restricting the implicit sharing caused by lazy evaluation. © 2013 Springer-Verlag.
CITATION STYLE
Buiras, P., & Russo, A. (2013). Lazy programs leak secrets. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 8208 LNCS, pp. 116–122). Springer Verlag. https://doi.org/10.1007/978-3-642-41488-6_8
Mendeley helps you to discover research relevant for your work.