{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,5]],"date-time":"2026-06-05T16:01:55Z","timestamp":1780675315752,"version":"3.54.1"},"reference-count":38,"publisher":"Association for Computing Machinery (ACM)","issue":"1","license":[{"start":{"date-parts":[[2014,11,18]],"date-time":"2014-11-18T00:00:00Z","timestamp":1416268800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["61303224"],"award-info":[{"award-number":["61303224"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000144","name":"Division of Computer and Network Systems","doi-asserted-by":"publisher","award":["CNS-11621776"],"award-info":[{"award-number":["CNS-11621776"]}],"id":[{"id":"10.13039\/100000144","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Des. Autom. Electron. Syst."],"published-print":{"date-parts":[[2014,11,18]]},"abstract":"<jats:p>High-assurance systems found in safety-critical infrastructures are facing steadily increasing cyber threats. These critical systems require rigorous guarantees in information flow security to prevent confidential information from leaking to an unclassified domain and the root of trust from being violated by an untrusted party. To enforce bit-tight information flow control, gate-level information flow tracking (GLIFT) has recently been proposed to precisely measure and manage all digital information flows in the underlying hardware, including implicit flows through hardware-specific timing channels. However, existing work in this realm either restricts to two-level security labels or essentially targets two-input primitive gates and several simple multilevel security lattices. This article provides a general way to expand the GLIFT method for multilevel security. Specifically, it formalizes tracking logic for an arbitrary Boolean gate under finite security lattices, presents a precise tracking logic generation method for eliminating false positives in GLIFT logic created in a constructive manner, and illustrates application scenarios of GLIFT for enforcing multilevel information flow security. Experimental results show various trade-offs in precision and performance of GLIFT logic created using different methods. It also reveals the area and performance overheads that should be expected when expanding GLIFT for multilevel security.<\/jats:p>","DOI":"10.1145\/2676548","type":"journal-article","created":{"date-parts":[[2014,11,24]],"date-time":"2014-11-24T15:29:41Z","timestamp":1416842981000},"page":"1-25","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":37,"title":["Gate-Level Information Flow Tracking for Security Lattices"],"prefix":"10.1145","volume":"20","author":[{"given":"Wei","family":"Hu","sequence":"first","affiliation":[{"name":"Northwestern Polytechnical University, Shaanxi, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Dejun","family":"Mu","sequence":"additional","affiliation":[{"name":"Northwestern Polytechnical University, Shaanxi, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Jason","family":"Oberg","sequence":"additional","affiliation":[{"name":"University of California, San Diego, La Jolla, CA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Baolei","family":"Mao","sequence":"additional","affiliation":[{"name":"Northwestern Polytechnical University, Shaanxi, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Mohit","family":"Tiwari","sequence":"additional","affiliation":[{"name":"University of Texas, Austin, TX"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Timothy","family":"Sherwood","sequence":"additional","affiliation":[{"name":"University of California, Santa Barbara, CA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Ryan","family":"Kastner","sequence":"additional","affiliation":[{"name":"University of California, San Diego, La Jolla, CA"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2014,11,18]]},"reference":[{"key":"e_1_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1007\/11967668_15"},{"key":"e_1_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10207-010-0115-0"},{"key":"e_1_2_1_3_1","volume-title":"LaPadula","author":"Elliott Bell D.","year":"1973","unstructured":"D. Elliott Bell and Leonard J . LaPadula . 1973 . Secure computer systems: Mathematical foundations. http:\/\/www.albany.edu\/acc\/courses\/ia\/classics\/belllapadula1.pdf. D. Elliott Bell and Leonard J. LaPadula. 1973. Secure computer systems: Mathematical foundations. http:\/\/www.albany.edu\/acc\/courses\/ia\/classics\/belllapadula1.pdf."},{"key":"e_1_2_1_4_1","unstructured":"Daniel J. Bernstein. 2005. Cache-timing attacks on aes. http:\/\/cr.yp.to\/antiforgery\/cachetiming-20050414.pdf.  Daniel J. Bernstein. 2005. Cache-timing attacks on aes. http:\/\/cr.yp.to\/antiforgery\/cachetiming-20050414.pdf."},{"key":"e_1_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.5555\/2028067.2028073"},{"key":"e_1_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/1250662.1250722"},{"key":"e_1_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/360051.360056"},{"key":"e_1_2_1_8_1","volume-title":"Cryptography and Data Security","author":"Denning Dorothy E. R.","unstructured":"Dorothy E. R. Denning . 1982. Cryptography and Data Security . Addison Wesley Longman , Boston, MA . Dorothy E. R. Denning. 1982. Cryptography and Data Security. Addison Wesley Longman, Boston, MA."},{"key":"e_1_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1147\/rd.92.0090"},{"key":"e_1_2_1_10_1","volume-title":"Proceedings of the IEEE Symposium on Security and Privacy (S&P'82)","author":"Joseph","unstructured":"Joseph A. Goguen and Jose Meseguer. 1982. Security policies and security models . In Proceedings of the IEEE Symposium on Security and Privacy (S&P'82) . 11--20. Joseph A. Goguen and Jose Meseguer. 1982. Security policies and security models. In Proceedings of the IEEE Symposium on Security and Privacy (S&P'82). 11--20."},{"key":"e_1_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2008.31"},{"key":"e_1_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1109\/TCAD.2011.2120970"},{"key":"e_1_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1109\/LES.2013.2261572"},{"key":"e_1_2_1_14_1","unstructured":"IWLS. 2005. IWLS benchmarks ver. 3.0. http:\/\/iwls.org\/iwls2005\/benchmarks.html.  IWLS. 2005. IWLS benchmarks ver. 3.0. http:\/\/iwls.org\/iwls2005\/benchmarks.html."},{"key":"e_1_2_1_15_1","volume-title":"Proceedings of the International Conference on Engineering of Reconfigurable Systems and Algorithms (ERSA'11)","author":"Kastner Ryan","year":"2011","unstructured":"Ryan Kastner , Jason K. Oberg , Wei Hu , and Ali Irturk . 2011 . Enforcing information flow guarantees in reconfigurable systems with mix-trusted ip . In Proceedings of the International Conference on Engineering of Reconfigurable Systems and Algorithms (ERSA'11) . Ryan Kastner, Jason K. Oberg, Wei Hu, and Ali Irturk. 2011. Enforcing information flow guarantees in reconfigurable systems with mix-trusted ip. In Proceedings of the International Conference on Engineering of Reconfigurable Systems and Algorithms (ERSA'11)."},{"key":"e_1_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.5555\/646761.706156"},{"key":"e_1_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/1323293.1294293"},{"key":"e_1_2_1_18_1","volume-title":"Proceedings of the 13th IEEE International Conference on e-Health Networking Applications and Services (Healthcom'11)","author":"Li Chunxiao","unstructured":"Chunxiao Li , Anand Raghunathan , and Niraj K. Jha . 2011. Hijacking an insulin pump: Security attacks and defenses for a diabetes therapy system . In Proceedings of the 13th IEEE International Conference on e-Health Networking Applications and Services (Healthcom'11) . 150--156. Chunxiao Li, Anand Raghunathan, and Niraj K. Jha. 2011. Hijacking an insulin pump: Security attacks and defenses for a diabetes therapy system. In Proceedings of the 13th IEEE International Conference on e-Health Networking Applications and Services (Healthcom'11). 150--156."},{"key":"e_1_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1109\/43.402497"},{"key":"e_1_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.5555\/1296200"},{"key":"e_1_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1109\/JPROC.2011.2161428"},{"key":"e_1_2_1_22_1","volume-title":"Proceedings of the 12th Annual Network and Distributed System Security Symposium (NDSS'05)","author":"Newsome James","year":"2005","unstructured":"James Newsome and Dawn Song . 2005 . Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software . In Proceedings of the 12th Annual Network and Distributed System Security Symposium (NDSS'05) . James Newsome and Dawn Song. 2005. Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. In Proceedings of the 12th Annual Network and Distributed System Security Symposium (NDSS'05)."},{"key":"e_1_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1109\/TCAD.2014.2331332"},{"key":"e_1_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/2024724.2024782"},{"key":"e_1_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.5555\/2485288.2485595"},{"key":"e_1_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1109\/MDT.2013.2247457"},{"key":"e_1_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1016\/S0004-3702(99)00035-1"},{"key":"e_1_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/596980.596983"},{"key":"e_1_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1109\/JSAC.2002.806121"},{"key":"e_1_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/584091.584093"},{"key":"e_1_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/1037187.1024404"},{"key":"e_1_2_1_32_1","unstructured":"Synopsys. 2007. SAED edk90 core - 90nm digital standard cell library. http:\/\/www.synopsys.com\/community\/universityprogram\/pages\/library.aspx.  Synopsys. 2007. SAED edk90 core - 90nm digital standard cell library. http:\/\/www.synopsys.com\/community\/universityprogram\/pages\/library.aspx."},{"key":"e_1_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/1669112.1669174"},{"key":"e_1_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/1508244.1508258"},{"key":"e_1_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/2000064.2000087"},{"key":"e_1_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/1314299.1314302"},{"key":"e_1_2_1_37_1","volume-title":"Securing Electronic Business Processes: Highlights of the Information Security Solutions Europe Conference, H. Reimer, N. Pohlmann, and W. Schneider Eds., Springer, 316--325","author":"Vishik Claire","year":"2012","unstructured":"Claire Vishik , Ruby B. Lee , and Fred Chong . 2012 . Building technologies that help cyber-defense: Hardware-enabled trust . In Securing Electronic Business Processes: Highlights of the Information Security Solutions Europe Conference, H. Reimer, N. Pohlmann, and W. Schneider Eds., Springer, 316--325 . Claire Vishik, Ruby B. Lee, and Fred Chong. 2012. Building technologies that help cyber-defense: Hardware-enabled trust. In Securing Electronic Business Processes: Highlights of the Information Security Solutions Europe Conference, H. Reimer, N. Pohlmann, and W. Schneider Eds., Springer, 316--325."},{"key":"e_1_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.5555\/353629.353648"}],"container-title":["ACM Transactions on Design Automation of Electronic Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2676548","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2676548","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T07:28:16Z","timestamp":1750231696000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2676548"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2014,11,18]]},"references-count":38,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2014,11,18]]}},"alternative-id":["10.1145\/2676548"],"URL":"https:\/\/doi.org\/10.1145\/2676548","relation":{},"ISSN":["1084-4309","1557-7309"],"issn-type":[{"value":"1084-4309","type":"print"},{"value":"1557-7309","type":"electronic"}],"subject":[],"published":{"date-parts":[[2014,11,18]]},"assertion":[{"value":"2013-09-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2014-07-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2014-11-18","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}