2016
DOI: 10.1145/2980983.2908100
|View full text |Cite
|
Sign up to set email alerts
|

End-to-end verification of information-flow security for C and assembly programs

Abstract: Protecting the confidentiality of information manipulated by a computing system is one of the most important challenges facing today's cybersecurity community. A promising step toward conquering this challenge is to formally verify that the end-to-end behavior of the computing system really satisfies various information-flow policies. Unfortunately, because today's system software still consists of both C and assembly programs, the end-to-end verification necessarily requires that we not only prove the securit… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1
1

Citation Types

0
29
0

Year Published

2016
2016
2023
2023

Publication Types

Select...
5
1
1

Relationship

3
4

Authors

Journals

citations
Cited by 25 publications
(29 citation statements)
references
References 28 publications
0
29
0
Order By: Relevance
“…There are three other criteria for secure compilation that we would like to mention: securely compartmentalised compilation (SCC) [39], trace-preserving compilation (TPC) [60] and non-interference-preserving compilation (NIPC) [12,15,16,27]. SCC is a re-statement of the "hard" part of full abstraction (the forward implication), but adapted to languages with undefined behaviour and a strict notion of components.…”
Section: Related Workmentioning
confidence: 99%
“…There are three other criteria for secure compilation that we would like to mention: securely compartmentalised compilation (SCC) [39], trace-preserving compilation (TPC) [60] and non-interference-preserving compilation (NIPC) [12,15,16,27]. SCC is a re-statement of the "hard" part of full abstraction (the forward implication), but adapted to languages with undefined behaviour and a strict notion of components.…”
Section: Related Workmentioning
confidence: 99%
“…The new concurrency framework (to specify, build, and link certified concurrent abstraction layers) took about one person-year to develop. We extended the certified sequential mCertiKOS kernel 5,8,10 (which took another two person-years to develop in total) with various features, such as dynamic memory management, container support for controlling resource consumption, Intel hardware virtualization support, shared memory IPC, two-copy synchronous IPC, ticket and MCS locks, new schedulers, condition variables, etc. Some of these features were initially added in the sequential setting but later ported to the concurrent setting.…”
Section: Evaluation 51 Proof Effort and Cost Of Changementioning
confidence: 99%
“…Based on this idea, Gu et al 10 developed new languages and tools for building certified abstraction layers with deep specifications, and showed how to apply the layered methodology to construct certified (sequential) OS kernels in Coq. Costanzo et al 8 showed how to prove security properties over a deep specification of a certified OS kernel, and then propagate these properties from the specification level to its correct assembly-level implementation. Chen et al 5 extended the layer methodology to build certified kernels and device drivers running on multiple logical CPUs.…”
Section: Concurrency Overheadmentioning
confidence: 99%
“…In this section, we describe the formal proof that security is preserved across simulation. Most of the technical details are omitted here for clarity of presentation, but can be found in the companion technical report [4].…”
Section: End-to-end Security Formalizationmentioning
confidence: 99%
“…The three kinds of behaviors are faulting (getting stuck), safe termination, and safe divergence. The definitions can be found in the TR [4]; the main point here is that behaviors use the machine's observation function as a building block. For example, a behavior might say "an execution from σ terminates with final observation o", or "an execution from σ diverges, producing an infinite stream of observations os".…”
Section: Definition 4 (Behavioral Machine)mentioning
confidence: 99%