Analysing Flow Security Properties in Virtualised Computing Systems
Chunyan Mu
TL;DR
This paper introduces a formal language and type system to analyze and enforce flow security properties in virtualised computing systems, addressing information leakage through process interactions and cache side channels.
Contribution
It proposes CSP_{4v}, a distributed process algebra with security labels, and a cache flow policy to model and control information flow in virtualised environments.
Findings
A formal model for flow security in virtualised systems.
A type system to enforce flow policies and prevent leakage.
Identification of cache side channels as a security concern.
Abstract
This paper studies the problem of reasoning about flow security properties in virtualised computing networks with mobility from perspective of formal language. We propose a distributed process algebra CSP_{4v} with security labelled processes for the purpose of formal modelling of virtualised computing systems. Specifically, information leakage can come from observations on process executions, communications and from cache side channels in the virtualised environment. We describe a cache flow policy to identify such flows. A type system of the language is presented to enforce the flow policy and control the leakage introduced by observing behaviours of communicating processes and behaviours of virtual machine (VM) instances during accessing shared memory cache.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsSecurity and Verification in Computing · Distributed systems and fault tolerance · Advanced Memory and Neural Computing