Formal Approaches to Secure Compilation

Patrignani, Marco; Ahmed, Amal; Clarke, Dave

doi:10.1145/3280984

Cited by 42 publications

(14 citation statements)

References 101 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…That is, we would rather construct a program logic for a high-level programming language, so we can reason about the programs in the language we actually write them in and at the same time get guarantees about the compiled program. To achieve this, we would have to construct a secure compilation [Patrignani et al 2019] that preserves the security abstraction of the high-level language.…”

Section: Related Workmentioning

confidence: 99%

Reasoning about a Machine with Local Capabilities

Skorstengaard

Devriese

Birkedal

2019

ACM Trans. Program. Lang. Syst.

View full text Add to dashboard Cite

Capability machines provide security guarantees at machine level which makes them an interesting target for secure compilation schemes that provably enforce properties such as control-flow correctness and encapsulation of local state. We provide a formalization of a representative capability machine with local capabilities and study a novel calling convention. We provide a logical relation that semantically captures the guarantees provided by the hardware (a form of capability safety) and use it to prove control-flow correctness and encapsulation of local state. The logical relation is not specific to our calling convention and can be used to reason about arbitrary programs.

show abstract

Section: Related Workmentioning

confidence: 99%

Reasoning about a Machine with Local Capabilities

Skorstengaard

Devriese

Birkedal

2019

ACM Trans. Program. Lang. Syst.

View full text Add to dashboard Cite

show abstract

“…But none of these works consider timing-sensitivity or interrupts: they study compilations higher up the software stack than what we consider in this paper. Patrignani et al [44] have provided a good survey of this entire line of work on secure compilation.…”

Section: Related Workmentioning

confidence: 99%

Provably Secure Isolation for Interruptible Enclaved Execution on Small Microprocessors

Busi

Noorman

Bulck

et al. 2020

2020 IEEE 33rd Computer Security Foundations Symposium (CSF)

View full text Add to dashboard Cite

Computer systems often provide hardware support for isolation mechanisms like privilege levels, virtual memory, or enclaved execution. Over the past years, several successful software-based side-channel attacks have been developed that break, or at least significantly weaken the isolation that these mechanisms offer. Extending a processor with new architectural or micro-architectural features, brings a risk of introducing new such side-channel attacks. This paper studies the problem of extending a processor with new features without weakening the security of the isolation mechanisms that the processor offers. We propose to use full abstraction as a formal criterion for the security of a processor extension, and we instantiate that criterion to the concrete case of extending a microprocessor that supports enclaved execution with secure interruptibility of these enclaves. This is a very relevant instantiation as several recent papers have shown that interruptibility of enclaves leads to a variety of software-based side-channel attacks. We propose a design for interruptible enclaves, and prove that it satisfies our security criterion. We also implement the design on an open-source enclave-enabled microprocessor, and evaluate the cost of our design in terms of performance and hardware size. This is the extended version of the paper [1] that includes both the original paper as well as the technical appendix with the proofs.

show abstract

“…To formalize secure compilation, we use the property of fully abstract compilation [Abadi 1999], like many previous results [e.g., Abadi and Plotkin 2012;Devriese et al 2016;Fournet et al 2013;New et al 2016;Patrignani et al 2015;Skorstengaard et al 2019]. We refer to Patrignani et al [2019] for an overview of the field. Recent research has investigated other formal characterisations of secure compilation: robust safety preservation [Patrignani and Garg 2018;, tracepreserving compilation and robust hyperproperty preservation ].…”

Section: Related Workmentioning

confidence: 99%

Linear capabilities for fully abstract compilation of separation-logic-verified code

Strydonck

Piessens

Devriese

2019

Proc. ACM Program. Lang.

View full text Add to dashboard Cite

Separation logic is a powerful program logic for the static modular verification of imperative programs. However, dynamic checking of separation logic contracts on the boundaries between verified and untrusted modules is hard, because it requires one to enforce (among other things) that outcalls from a verified to an untrusted module do not access memory resources currently owned by the verified module.This paper proposes an approach to dynamic contract checking by relying on support for capabilities, a well-studied form of unforgeable memory pointers that enables fine-grained, efficient memory access control. More specifically, we rely on a form of capabilities called linear capabilities for which the hardware enforces that they cannot be copied.We formalize our approach as a fully abstract compiler from a statically verified source language to an unverified target language with support for linear capabilities. The key insight behind our compiler is that memory resources described by spatial separation logic predicates can be represented at run time by linear capabilities. The compiler is separation-logic-proof-directed: it uses the separation logic proof of the source program to determine how memory accesses in the source program should be compiled to linear capability accesses in the target program.The full abstraction property of the compiler essentially guarantees that compiled verified modules can interact with untrusted target language modules as if they were compiled from verified code as well.

show abstract

Formal Approaches to Secure Compilation

Cited by 42 publications

References 101 publications

Reasoning about a Machine with Local Capabilities

Reasoning about a Machine with Local Capabilities

Provably Secure Isolation for Interruptible Enclaved Execution on Small Microprocessors

Linear capabilities for fully abstract compilation of separation-logic-verified code

Contact Info

Product

Resources

About