Aarhus Universitets segl

OblivIO: Securing reactive programs by oblivious execution with bounded traffic overheads

Publikation: KonferencebidragPaperForskningpeer review


  • paper

    Accepteret manuskript, 388 KB, PDF-dokument

Traffic analysis attacks remain a significant problem for online security. Communication between nodes can be observed by network level attackers as it inherently takes place in the open. Despite online services increasingly using encrypted traffic, the shape of the traffic is not hidden.
To prevent traffic analysis, the shape of a system's traffic must be independent of secrets.

We investigate adapting the data-oblivious approach the reactive setting and present OblivIO, a secure language for writing reactive programs driven by network events. Our approach pads with dummy messages to hide which program sends are genuinely executed. We use an information-flow type system to provably enforce timing-sensitive noninterference. The type system is extended with potentials to bound the overhead in traffic introduced by our approach.
We address challenges that arise from joining data-oblivious and reactive programming and demonstrate the feasibility of our resulting language by developing an interpreter that implements security critical operations as constant-time algorithms.
Antal sider16
StatusUdgivet - 2023
Begivenhed36th IEEE Computer Security Foundations Symposium - Dubrovnik, Kroatien
Varighed: 10 jul. 202314 jul. 2023


Konference36th IEEE Computer Security Foundations Symposium

Se relationer på Aarhus Universitet Citationsformater


Ingen data tilgængelig

ID: 304046170