Henning Sudbrock

Learn More
We propose an approach to certify the information flow security of multi-threaded programs independently from the scheduling algorithm. A scheduler-independent verification is desirable because the scheduler is part of the runtime environment and, hence, usually not known when a program is analyzed. Unlike for other system properties, it is not(More)
The idea of building secure systems by plugging together "secure'' components is appealing, but this requires a definition of security which, in addition to taking care of top-level security goals, is strengthened appropriately in order to be compositional. This approach has been previously studied for information-flow security of shared-variable concurrent(More)
In Germán Puebla (Ed.): Pre-Proceedings of 16th International Symposium on Logic Based Program Syntehsis and Transformation (LOPSTR 2006), Venice, Italy, 85–101, 2006. c © Springer-Verlag (to be transferred) Abstract. When giving a program access to secret information, one must ensure that the program does not leak the secrets to untrusted sinks. For(More)
Appeared in P. Degano et al. (Ed.): Preproceedings of FAST 2008; c © Springer-Verlag (to be transferred) Abstract. We present a formal model for analyzing the bandwidth of covert channels. The focus is on channels that exploit interrupt-driven communication, which have been shown to pose a serious threat in practical experiments. Our work builds on our(More)
Interrupt-driven communication with hardware devices can be exploited for establishing covert channels. In this article, we propose an information-theoretic framework for analyzing the bandwidth of such interrupt-related channels while taking aspects of noise into account. As countermeasures, we present mechanisms that are already implemented in some(More)
We empirically evaluate interrupt-related covert channels, in short IRCCs, a type of covert channel that leverages hardware interrupts for communication. The evaluation is based on an exploit of IRCCs that we implemented as a proof-of-concept. We use a combination of experimental evaluation and information-theoretic analysis to compute the bandwidth of the(More)
Type-based and PDG-based information flow analysis techniques are currently developed independently in a competing manner, with different strengths regarding coverage of language features and security policies. In this article, we study the relationship between these two approaches. One key insight is that a type-based information flow analysis need not be(More)
The combining calculus [MSK07] provides a framework for analyzing the information flow of multi-threaded programs. The calculus incorporates so called plug-in rules for integrating several previously existing analysis techniques. By applying a plug-in rule to a subprogram, one decides to analyze this subprogram with the given analysis technique, and not(More)
Before proving Lemma 1 from [MS13] we prove several propositions that relate paths in the graph PDG(CFG c ) where c is of the form if (e) then c1 else c2 fi, while (e) do c1 od, or c1; c2 to paths in the graphs PDG(CFG I,O c1 ) and (if applicable) PDG(CFG c2 ). In the proofs, we write p + k for the path that is obtained from p by adding k to each node on p(More)
  • 1