Eur. Phys. J. Special Topics 226, 2375-2392 (2017)
https://doi.org/10.1140/epjst/e2016-60402-0

Review

Complexity and information flow analysis for multi-threaded programs

¹ The University of Danang, University of Science and Technology, Danang, Vietnam
² The University of Twente, 7522 NB Enschede, The Netherlands

^a e-mail: tringominh@gmail.com
^b e-mail: Marieke.Huisman@ewi.utwente.nl

Received: 30 October 2016
Revised: 27 November 2016
Published online: 31 January 2017

Abstract

This paper studies the security of multi-threaded programs. We combine two methods, i.e., qualitative and quantitative security analysis, to check whether a multi-threaded program is secure or not. In this paper, besides reviewing classical analysis models, we present a novel model of quantitative analysis where the attacker is able to select the scheduling policy. This model does not follow the traditional information-theoretic channel setting. Our analysis first studies what extra information an attacker can get if he knows the scheduler's choices, and then integrates this information into the transition system modeling the program execution. Via a case study, we compare this approach with the traditional information-theoretic models, and show that this approach gives more intuitive-matching results.