2016 IEEE 29th Computer Security Foundations Symposium (CSF) 2016
DOI: 10.1109/csf.2016.9
|View full text |Cite
|
Sign up to set email alerts
|

On Modular and Fully-Abstract Compilation

Abstract: Secure compilation studies compilers that generate target-level components that are as secure as their source-level counterparts. Full abstraction is the most widely-proven property when defining a secure compiler.A compiler is modular if it allows different components to be compiled independently and then to be linked together to form a whole program.Unfortunately, many existing fully-abstract compilers to untyped machine code are not modular. So, while fully-abstractly compiled components are secure from mal… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1
1

Citation Types

0
65
0

Year Published

2016
2016
2021
2021

Publication Types

Select...
4
2
1

Relationship

7
0

Authors

Journals

citations
Cited by 22 publications
(65 citation statements)
references
References 50 publications
0
65
0
Order By: Relevance
“…Unfortunately, they do not have traces, though were one to add them, the logical relation on values would serve as the basis for the trace relation and therefore their result would attain CC ∼ . Some secure compilation results do not rely on traces for their security criterion (instead proving compiler full abstraction [1,40]) but they rely on target-level traces as a proof technique [3,18,20,38,39]. Most of these results consider a cross-language relation that could be lifted to source traces (were they added), so they can be proved to attain one of the criteria from Figure 3.…”
Section: Related Workmentioning
confidence: 99%
“…Unfortunately, they do not have traces, though were one to add them, the logical relation on values would serve as the basis for the trace relation and therefore their result would attain CC ∼ . Some secure compilation results do not rely on traces for their security criterion (instead proving compiler full abstraction [1,40]) but they rely on target-level traces as a proof technique [3,18,20,38,39]. Most of these results consider a cross-language relation that could be lifted to source traces (were they added), so they can be proved to attain one of the criteria from Figure 3.…”
Section: Related Workmentioning
confidence: 99%
“…Full-abstraction as stated in Theorem 6.3 is not a correct criterion for modular compilers, as it is stated for closed terms. Instead, a generalisation exists for modular compilers: modular full-abstraction [Patrignani et al, 2016]. Modular full-abstraction forces one to reason about linking of programs when developing a fully-abstract compiler.…”
Section: Modular Fully-abstract Compilationmentioning
confidence: 99%
“…An earlier version of this paper, published at POPL 2016, introduced the technique of approximate back-translations, and applied it to prove full abstraction for a whole-program compiler from λ τ to λ u [Devriese et al, 2016]. This journal version extends the conference version in two ways.…”
Section: Introductionmentioning
confidence: 99%
“…When the target language is low-level, hiding code attributes can be difficult: it may require padding the code segment of the compiled program to a fixed size, and cleaning or hiding any code-layout-dependent data like code pointers from memory and registers when passing control to the context. These complex protections are not necessary for any non-relational preservation criteria (even RHP), but are already known to be necessary for fully abstract compilation to low-level code [55,57,76,77]. They can also be trivially circumvented if the context has access to any side-channels, e.g., it can measure time via a different thread.…”
Section: Separation Between Relational and Non-relationalmentioning
confidence: 99%
“…They were interested in proving full abstraction for so-called trace semantics. This technique was then adapted to show full abstraction of compilation chains to low-level target languages [6,73,76,77]. In §6.4, we showed how these trace-based techniques can be extended to prove all the criteria below RFrXP in Figure 1, which includes robust preservation of safety, of noninterference, and in a determinate setting also of observational equivalence.…”
Section: Hypersafety Preservationmentioning
confidence: 99%