skip to main content
research-article
Open Access

Robustly Safe Compilation, an Efficient Form of Secure Compilation

Authors Info & Claims
Published:09 February 2021Publication History
Skip Abstract Section

Abstract

Security-preserving compilers generate compiled code that withstands target-level attacks such as alteration of control flow, data leaks, or memory corruption. Many existing security-preserving compilers are proven to be fully abstract, meaning that they reflect and preserve observational equivalence. Fully abstract compilation is strong and useful but, in certain cases, comes at the cost of requiring expensive runtime constructs in compiled code. These constructs may have no relevance for security, but are needed to accommodate differences between the source and target languages that fully abstract compilation necessarily needs.

As an alternative to fully abstract compilation, this article explores a different criterion for secure compilation called robustly safe compilation or RSC. Briefly, this criterion means that the compiled code preserves relevant safety properties of the source program against all adversarial contexts interacting with the compiled program. We show that RSC can be proved more easily than fully abstract compilation and also often results in more efficient code. We also present two different proof techniques for establishing that a compiler attains RSC and, to illustrate them, develop three illustrative robustly safe compilers that rely on different target-level protection mechanisms. We then proceed to turn one of our compilers into a fully abstract one and through this example argue that proving RSC can be simpler than proving full abstraction.

To better explain and clarify notions, this article uses syntax highlighting in a way that colourblind and black-8-white readers can benefit from Reference [58]. For a better experience, please print or view this article in colour.1

References

  1. Martín Abadi. 1999. Protection in programming-language translations. In Secure Internet Programming. Springer-Verlag, London, UK, 19--34. Retrieved from http://dl.acm.org/citation.cfm?id=380171.380174Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. Martín Abadi. 1999. Secrecy by typing in security protocols. J. ACM 46, 5 (Sept. 1999), 749--786. DOI:https://doi.org/10.1145/324133.324266Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. Martín Abadi, Mihai Budiu, Úlfar Erlingsson, and Jay Ligatti. 2009. Control-flow integrity principles, implementations, and applications. ACM Trans. Inf. Syst. Sec. 13, 1 (2009). DOI:https://doi.org/10.1145/1609956.1609960Google ScholarGoogle Scholar
  4. Martín Abadi, Cédric Fournet, and Georges Gonthier. 2000. Authentication primitives and their compilation. In Proceedings of the 27th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL’00). ACM, New York, NY, 302--315. DOI:https://doi.org/10.1145/325694.325734Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. Martín Abadi, Cédric Fournet, and Georges Gonthier. 2002. Secure implementation of channel abstractions. Inf. Comput. 174 (2002), 37--83. DOI:https://doi.org/10.1006/inco.2002.3086Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. Martín Abadi and Gordon D. Plotkin. 2012. On protection by layout randomization. ACM Trans. Inf. Syst. Sec. 15 (July 2012). DOI:https://doi.org/10.1145/2240276.2240279Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. Carmine Abate, Arthur Azevedo de Amorim, Roberto Blanco, Ana Nora Evans, Guglielmo Fachini, Catalin Hritcu, Théo Laurent, Benjamin C. Pierce, Marco Stronati, and Andrew Tolmach. 2018. When good components go bad: Formally secure compilation despite dynamic compromise. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS’18). Association for Computing Machinery, New York, NY, 1351--1368. DOI:https://doi.org/10.1145/3243734.3243745Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. Carmine Abate, Roberto Blanco, Stefan Ciobâcă, Adrien Durier, Deepak Garg, Cătălin Hritcu, Marco Patrignani, Éric Tanter, and Jérémy Thibault. 2020. Trace-relating compiler correctness and secure compilation. In Programming Languages and Systems, Peter Müller (Ed.). Springer International Publishing, Cham, 1--28.Google ScholarGoogle Scholar
  9. Carmine Abate, Roberto Blanco, Deepak Garg, Cătălin Hriţcu, Marco Patrignani, and Jérémy Thibault. 2019. Journey beyond full abstraction: Exploring robust property preservation for secure compilation. In Proceedings of the IEEE 32th Computer Security Foundations Symposium (CSF’19). DOI:https://doi.org/10.1109/CSF.2019.00025Google ScholarGoogle ScholarCross RefCross Ref
  10. Pieter Agten, Raoul Strackx, Bart Jacobs, and Frank Piessens. 2012. Secure compilation to modern processors. In Proceedings of the IEEE 25th Computer Security Foundations Symposium (CSF’12). IEEE, 171--185. DOI:https://doi.org/10.1109/CSF.2012.12Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. Amal Ahmed and Matthias Blume. 2008. Typed closure conversion preserves observational equivalence. In Proceedings of the 13th ACM SIGPLAN International Conference on Functional Programming (ICFP’08). ACM, New York, NY, 157--168. DOI:https://doi.org/10.1145/1411204.1411227Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. Amal Ahmed and Matthias Blume. 2011. An equivalence-preserving CPS translation via multi-language semantics. In Proceedings of the 16th ACM SIGPLAN International Conference on Functional Programming (ICFP’11). ACM, New York, NY, 431--444. DOI:https://doi.org/10.1145/2034773.2034830Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. José Bacelar Almeida, Manuel Barbosa, Gilles Barthe, Arthur Blot, Benjamin Grégoire, Vincent Laporte, Tiago Oliveira, Hugo Pacheco, Benedikt Schmidt, and Pierre-Yves Strub. 2017. Jasmin: High-assurance and high-speed cryptography. In Proceedings of the ACM Conference on Computer and Communications Security. ACM, 1807--1823.Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. Bowen Alpern and Fred B. Schneider. 1985. Defining liveness. Inf. Proc. Lett. 21, 4 (1985), 181--185. DOI:https://doi.org/10.1016/0020-0190(85)90056-0Google ScholarGoogle ScholarCross RefCross Ref
  15. Michael Backes, Catalin Hritcu, and Matteo Maffei. 2014. Union, intersection and refinement types and reasoning about type disjointness for secure protocol implementations. J. Comput. Sec. 22, 2 (2014), 301--353. DOI:https://doi.org/10.3233/JCS-130493Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. Antonio Barresi, Kaveh Razavi, Mathias Payer, and Thomas R. Gross. 2015. CAIN: Silently breaking ASLR in the cloud. In Proceedings of the 9th USENIX Workshop on Offensive Technologies (WOOT’15). USENIX Association, Washington, D.C. Retrieved from https://www.usenix.org/conference/woot15/workshop-program/presentation/barresi.Google ScholarGoogle Scholar
  17. G. Barthe, B. Grégoire, and V. Laporte. 2018. Secure compilation of side-channel countermeasures: The case of cryptographic “Constant-Time.” In Proceedings of the IEEE 31st Computer Security Foundations Symposium (CSF’18). 328--343. DOI:https://doi.org/10.1109/CSF.2018.00031Google ScholarGoogle Scholar
  18. Gilles Barthe, Tamara Rezk, and Amitabh Basu. 2007. Security types preserving compilation. Comput. Lang. Syst. Struct. 33 (2007), 35--59. DOI:https://doi.org/10.1016/j.cl.2005.05.002Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. Jesper Bengtson, Karthikeyan Bhargavan, Cédric Fournet, Andrew D. Gordon, and Sergio Maffeis. 2011. Refinement types for secure implementations. ACM Trans. Prog. Lang. Syst. 33, 2 (Feb. 2011). DOI:https://doi.org/10.1145/1890028.1890031Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. Nick Benton and Chung-kil Hur. 2010. Realizability and Compositional Compiler Correctness for a Polymorphic Language. Technical Report. MSR.Google ScholarGoogle Scholar
  21. Gérard Berry and Gérard Boudol. 1992. The chemical abstract machine. Theor. Comput. Sci. 96, 1 (1992), 217--248.Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. Gérard Boudol. 2009. In Secure Information Flow as a Safety Property. Springer-Verlag, Berlin, 20--34. DOI:https://doi.org/10.1007/978-3-642-01465-9_2Google ScholarGoogle Scholar
  23. William J. Bowman and Amal Ahmed. 2015. Noninterference for free. In Proceedings of the 20th ACM SIGPLAN International Conference on Functional Programming (ICFP’15). ACM, New York, NY.Google ScholarGoogle Scholar
  24. Michele Bugliesi and Marco Giunti. 2007. Secure implementations of typed channel abstractions. In Proceedings of the 34th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL’07). ACM, New York, NY, 251--262. DOI:https://doi.org/10.1145/1190216.1190253Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. Nicholas P. Carter, Stephen W. Keckler, and William J. Dally. 1994. Hardware support for fast capability-based addressing. SIGPLAN Not. 29 (1994), 319--327. DOI:https://doi.org/10.1145/195470.195579Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. Stephen Chong. 2008. Expressive and Enforceable Information Security Policies. Ph.D. Dissertation. Cornell University.Google ScholarGoogle Scholar
  27. Michael R. Clarkson and Fred B. Schneider. 2010. Hyperproperties. J. Comput. Sec. 18, 6 (Sept. 2010), 1157--1210.Google ScholarGoogle ScholarCross RefCross Ref
  28. Ricardo Corin, Pierre-Malo Deniélou, Cédric Fournet, Karthikeyan Bhargavan, and James Leifer. 2008. A secure compiler for session abstractions. J. Comput. Sec. 16 (2008), 573--636. Retrieved from http://dl.acm.org/citation.cfm?id=1454415.1454419.Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. David Costanzo, Zhong Shao, and Ronghui Gu. 2016. End-to-end verification of information-flow security for C and assembly programs. SIGPLAN Not. 51, 6 (2016), 648--664. DOI:https://doi.org/10.1145/2980983.2908100Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. Dominique Devriese, Marco Patrignani, Steven Keuchel, and Frank Piessens. 2017. Modular, fully-abstract compilation by approximate back-translation. Log. Meth. Comput. Sci. 13, 4 (Oct. 2017).Google ScholarGoogle Scholar
  31. Dominique Devriese, Marco Patrignani, and Frank Piessens. 2016. Fully-abstract compilation by approximate back-translation. SIGPLAN Not. 51, 1 (Jan. 2016), 164--177. DOI:https://doi.org/10.1145/2914770.2837618Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. Dominique Devriese, Marco Patrignani, and Frank Piessens. 2017. Parametricity versus the universal type. Proc. ACM Prog. Lang. 2, POPL (Dec. 2017). DOI:https://doi.org/10.1145/3158126Google ScholarGoogle Scholar
  33. Akram El-Korashy. 2016. A Formal Model for Capability Machines -- An Illustrative Case Study towards Secure Compilation to CHERI. Master’s thesis. Universitat des Saarlandes.Google ScholarGoogle Scholar
  34. Cédric Fournet, Andrew D. Gordon, and Sergio Maffeis. 2007. A type discipline for authorization policies. ACM Trans. Prog. Lang. Syst. 29, 5 (Aug. 2007). DOI:https://doi.org/10.1145/1275497.1275500Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. Cedric Fournet, Nikhil Swamy, Juan Chen, Pierre-Evariste Dagand, Pierre-Yves Strub, and Benjamin Livshits. 2013. Fully abstract compilation to JavaScript. In Proceedings of the 40th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL’13). ACM, New York, NY, 371--384. DOI:https://doi.org/10.1145/2429069.2429114Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. D. Garg, C. Hritcu, M. Patrignani, M. Stronati, and D. Swasey. 2017. Robust hyperproperty preservation for secure compilation (extended abstract). ArXiv e-prints (Oct. 2017). arxiv:cs.CR/1710.07309.Google ScholarGoogle Scholar
  37. Andrew D. Gordon and Alan Jeffrey. 2003. Authenticity by typing for security protocols. J. Comput. Sec. 11, 4 (July 2003), 451--519. Retrieved from http://dl.acm.org/citation.cfm?id=959088.959090.Google ScholarGoogle Scholar
  38. Daniele Gorla and Uwe Nestmann. 2016. Full abstraction for expressiveness: History, myths and facts. Math. Struct. Comput. Sci. 26, 4 (2016), 639--654. DOI:https://doi.org/10.1017/S0960129514000279Google ScholarGoogle ScholarCross RefCross Ref
  39. Chung-Kil Hur and Derek Dreyer. 2011. A Kripke logical relation between ML and assembly. SIGPLAN Not. 46, 1 (Jan. 2011), 133--146. DOI:https://doi.org/10.1145/1925844.1926402Google ScholarGoogle ScholarDigital LibraryDigital Library
  40. Radha Jagadeesan, Corin Pitcher, Julian Rathke, and James Riely. 2011. Local memory via layout randomization. In Proceedings of the IEEE 24th Computer Security Foundations Symposium (CSF’11). IEEE Computer Society, Washington, DC, 161--174. DOI:https://doi.org/10.1109/CSF.2011.18Google ScholarGoogle ScholarDigital LibraryDigital Library
  41. Yeongjin Jang, Sangho Lee, and Taesoo Kim. 2016. Breaking kernel address space layout randomization with Intel TSX. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS’16). ACM, New York, NY, 380--392. DOI:https://doi.org/10.1145/2976749.2978321Google ScholarGoogle ScholarDigital LibraryDigital Library
  42. Yannis Juglaret, Cătălin Hriţcu, Arthur Azevedo de Amorim, and Benjamin C. Pierce. 2016. Beyond good and evil: Formalizing the security guarantees of compartmentalizing compilation. In Proceedings of the 29th IEEE Symposium on Computer Security Foundations (CSF’16). IEEE Computer Society Press. Retrieved from http://arxiv.org/abs/1602.04503.Google ScholarGoogle Scholar
  43. Jeehoon Kang, Yoonseung Kim, Chung-Kil Hur, Derek Dreyer, and Viktor Vafeiadis. 2016. Lightweight verification of separate compilation. In Proceedings of the 43rd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL’16). Association for Computing Machinery, New York, NY, 178--190. DOI:https://doi.org/10.1145/2837614.2837642Google ScholarGoogle ScholarDigital LibraryDigital Library
  44. Volodymyr Kuznetsov, László Szekeres, Mathias Payer, George Candea, R. Sekar, and Dawn Song. 2014. Code-pointer integrity. In Proceedings of the 11th USENIX Conference on Operating Systems Design and Implementation (OSDI’14). USENIX Association, Berkeley, CA, 147--163. Retrieved from http://dl.acm.org/citation.cfm?id=2685048.2685061.Google ScholarGoogle ScholarDigital LibraryDigital Library
  45. Adriaan Larmuseau, Marco Patrignani, and Dave Clarke. 2015. A secure compiler for ML modules. In Proceedings of the 13th Asian Symposium on Programming Languages and Systems (APLAS’15). 29--48.Google ScholarGoogle ScholarCross RefCross Ref
  46. Xavier Leroy. 2006. Formal certification of a compiler back-end or: Programming a compiler with a proof assistant. SIGPLAN Not. 41, 1 (2006), 42--54. DOI:https://doi.org/10.1145/1111320.1111042Google ScholarGoogle ScholarDigital LibraryDigital Library
  47. Xavier Leroy. 2009. A formally verified compiler back-end. J. Autom. Reason. 43, 4 (Dec. 2009), 363--446. DOI:https://doi.org/10.1007/s10817-009-9155-4Google ScholarGoogle ScholarDigital LibraryDigital Library
  48. Sergio Maffeis, Martín Abadi, Cédric Fournet, and Andrew D. Gordon. 2008. Code-carrying Authorization. Springer Berlin, 563--579. DOI:https://doi.org/10.1007/978-3-540-88313-5_36Google ScholarGoogle Scholar
  49. Frank McKeen, Ilya Alexandrovich, Alex Berenzon, Carlos V. Rozas, Hisham Shafi, Vedvyas Shanbhogue, and Uday R. Savagaonkar. 2013. Innovative instructions and software model for isolated execution. In Proceedings of the Hardware and Architectural Support for Security and Privacy (HASP’13). ACM. DOI:https://doi.org/10.1145/2487726.2488368Google ScholarGoogle Scholar
  50. James H. Morris, Jr. 1973. Protection in programming languages. Commun. ACM 16 (1973), 15--21. DOI:https://doi.org/10.1145/361932.361937Google ScholarGoogle ScholarDigital LibraryDigital Library
  51. Kedar S. Namjoshi and Lucas M. Tabajara. 2020. Witnessing secure compilation. In Proceedings of the International Conference on Verification, Model Checking, and Abstract Interpretation (VMCAI’20) (Lecture Notes in Computer Science), Vol. 11990. Springer, 1--22. DOI:https://doi.org/10.1007/978-3-030-39322-9_1Google ScholarGoogle Scholar
  52. Georg Neis, Derek Dreyer, and Andreas Rossberg. 2009. Non-parametric parametricity. SIGPLAN Not. 44, 9 (Aug. 2009), 135--148. DOI:https://doi.org/10.1145/1631687.1596572Google ScholarGoogle ScholarDigital LibraryDigital Library
  53. Georg Neis, Chung-Kil Hur, Jan-Oliver Kaiser, Craig McLaughlin, Derek Dreyer, and Viktor Vafeiadis. 2015. Pilsner: A compositionally verified compiler for a higher-order imperative language. In Proceedings of the 20th ACM SIGPLAN International Conference on Functional Programming (ICFP’15). ACM, 166--178.Google ScholarGoogle ScholarDigital LibraryDigital Library
  54. Max S. New, William J. Bowman, and Amal Ahmed. 2016. Fully abstract compilation via universal embedding. In Proceedings of the 21st ACM SIGPLAN International Conference on Functional Programming (ICFP’16). ACM, New York, NY, 103--116. DOI:https://doi.org/10.1145/2951913.2951941Google ScholarGoogle ScholarDigital LibraryDigital Library
  55. Flemming Nielson, Hanne R. Nielson, and Chris Hankin. 1999. In Principles of Program Analysis. Springer-Verlag New York.Google ScholarGoogle Scholar
  56. Joachim Parrow. 2016. General conditions for full abstraction. Math. Struct. Comput. Sci. 26, 4 (2016), 655--657. DOI:https://doi.org/10.1017/S0960129514000280Google ScholarGoogle ScholarCross RefCross Ref
  57. Marco Patrignani. 2015. The Tome of Secure Compilation: Fully Abstract Compilation to Protected Modules Architectures. Ph.D. Dissertation. KU Leuven, Leuven, Belgium.Google ScholarGoogle Scholar
  58. Marco Patrignani. 2020. Why Should Anyone Use Colours? Or, Syntax Highlighting Beyond Code Snippets. arxiv:cs.SE/2001.11334 (2019).Google ScholarGoogle Scholar
  59. Marco Patrignani, Pieter Agten, Raoul Strackx, Bart Jacobs, Dave Clarke, and Frank Piessens. 2015. Secure compilation to protected module architectures. ACM Trans. Prog. Lang. Syst. 37 (Apr. 2015). DOI:https://doi.org/10.1145/2699503Google ScholarGoogle ScholarDigital LibraryDigital Library
  60. Marco Patrignani, Amal Ahmed, and Dave Clarke. 2019. Formal approaches to secure compilation a survey of fully abstract compilation and related work. ACM Comput. Surv. 51, 6 (Jan. 2019). DOI:https://doi.org/10.1145/3280984Google ScholarGoogle ScholarDigital LibraryDigital Library
  61. Marco Patrignani, Dave Clarke, and Frank Piessens. 2013. Secure compilation of object-oriented components to protected module architectures. In Proceedings of the 11th Asian Symposium on Programming Languages and Systems (APLAS’13) (LNCS), Vol. 8301. 176--191.Google ScholarGoogle ScholarDigital LibraryDigital Library
  62. Marco Patrignani, Dave Clarke, and Davide Sangiorgi. 2011. Ownership types for the join calculus. In Proceedings of the IFIP Joint International Conference on Formal Techniques for Distributed Systems (FMOODS/FORTE’11) (LNCS), Vol. 6722. 289--303.Google ScholarGoogle ScholarCross RefCross Ref
  63. Marco Patrignani, Dominique Devriese, and Frank Piessens. 2016. On modular and fully abstract compilation. In Proceedings of the 29th IEEE Computer Security Foundations Symposium (CSF’16).Google ScholarGoogle ScholarCross RefCross Ref
  64. Marco Patrignani and Deepak Garg. 2017. Secure compilation and hyperproperties preservation. In Proceedings of the 30th IEEE Computer Security Foundations Symposium (CSF’17).Google ScholarGoogle ScholarCross RefCross Ref
  65. Marco Patrignani and Deepak Garg. 2018. Robustly safe compilation or, efficient, provably secure compilation. CoRR abs/1804.00489 (2018).Google ScholarGoogle Scholar
  66. Marco Patrignani and Deepak Garg. 2019. Robustly safe compilation. In Proceedings of the 28th European Symposium on Programming -- Programming Languages and Systems(ESOP’19). Retrieved from https://arxiv.org/abs/1804.00489.Google ScholarGoogle ScholarCross RefCross Ref
  67. Andrei Sabelfeld and David Sands. 2009. Declassification: Dimensions and principles. J. Comput. Sec. 17, 5 (Oct. 2009), 517--548. Retrieved from http://dl.acm.org/citation.cfm?id=1662658.1662659.Google ScholarGoogle ScholarCross RefCross Ref
  68. Michael Sammler, Deepak Garg, Derek Dreyer, and Tadeusz Litak. 2020. The high-level benefits of low-level sandboxing. In Proceedings of the 47th ACM SIGPLAN Symposium on Principles of Programming Languages (POPL’20).Google ScholarGoogle ScholarDigital LibraryDigital Library
  69. Fred B. Schneider. 2000. Enforceable security policies. ACM Trans. Inf. Syst. Sec. 3, 1 (2000), 30--50. DOI:https://doi.org/10.1145/353323.353382Google ScholarGoogle ScholarDigital LibraryDigital Library
  70. Lau Skorstengaard, Dominique Devriese, and Lars Birkedal. 2018. Reasoning about a machine with local capabilities—Provably safe stack and return pointer management. In Proceedings of the 27th European Symposium on Programming (ESOP’18). 475--501. DOI:https://doi.org/10.1007/978-3-319-89884-1_17Google ScholarGoogle Scholar
  71. Lau Skorstengaard, Dominique Devriese, and Lars Birkedal. 2019. StkTokens: Enforcing well-bracketed control flow and stack encapsulation using linear capabilities. ACM Prog. Lang. 3, POPL (2019), 19:1--19:28. Retrieved from https://dl.acm.org/citation.cfm?id=3290332.Google ScholarGoogle Scholar
  72. Ian Stark. 1994. Names and Higher-order Functions. Ph.D. Dissertation. University of Cambridge. DOI:https://doi.org/10/cgnmGoogle ScholarGoogle Scholar
  73. Gordon Stewart, Lennart Beringer, Santiago Cuellar, and Andrew W. Appel. 2015. Compositional CompCert. In Proceedings of the 42d ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL’15). ACM, New York, NY, 275--287. DOI:https://doi.org/10.1145/2676726.2676985Google ScholarGoogle Scholar
  74. Eijiro Sumii and Benjamin C. Pierce. 2004. A bisimulation for dynamic sealing. SIGPLAN Not. 39, 1 (Jan. 2004), 161--172. DOI:https://doi.org/10.1145/982962.964015Google ScholarGoogle ScholarDigital LibraryDigital Library
  75. Nikhil Swamy, Cedric Fournet, Aseem Rastogi, Karthikeyan Bhargavan, Juan Chen, Pierre-Yves Strub, and Gavin Bierman. 2014. Gradual typing embedded securely in JavaScript. SIGPLAN Not. 49, 1 (Jan. 2014), 425--437. DOI:https://doi.org/10.1145/2578855.2535889Google ScholarGoogle ScholarDigital LibraryDigital Library
  76. David Swasey, Deepak Garg, and Derek Dreyer. 2017. Robust and compositional verification of object capability patterns. In Proceedings of the ACM SIGPLAN International Conference on Object-oriented Programming, Systems, Languages, and Applications (OOPSLA’17).Google ScholarGoogle ScholarDigital LibraryDigital Library
  77. ARM. ARMSecurity Technology. 2009. Building a Secure System using TrustZone Technology. ARM Technical White Paper.Google ScholarGoogle Scholar
  78. Stelios Tsampas, Akram El-Korashy, Marco Patrignani, Dominique Devriese, Deepak Garg, and Frank Piessens. 2017. Towards automatic compartmentalization of C programs on capability machines. In Proceedings of the Workshop on Foundations of Computer Security (FCS’17).Google ScholarGoogle Scholar
  79. Claudio Vasconcelos and Antonio Ravara. 2016. The While language. arxiv:cs.PL/1603.08949 (2016).Google ScholarGoogle Scholar
  80. Dennis Volpano, Cynthia Irvine, and Geoffrey Smith. 1996. A sound type system for secure flow analysis. J. Comput. Sec. 4, 2--3 (1996), 167--187.Google ScholarGoogle ScholarCross RefCross Ref
  81. Jonathan Woodruff, Robert N. M. Watson, David Chisnall, Simon W. Moore, Jonathan Anderson, Brooks Davis, Ben Laurie, Peter G. Neumann, Robert Norton, and Michael Roe. 2014. The CHERI capability model: Revisiting RISC in an age of risk. In Proceedings of the 41st International Symposium on Computer Architecuture (ISCA’14). IEEE Press, Piscataway, NJ, 457--468. Retrieved from http://dl.acm.org/citation.cfm?id=2665671.2665740.Google ScholarGoogle ScholarCross RefCross Ref
  82. Stephan Arthur Zdancewic. 2002. Programming Languages for Information Security. Ph.D. Dissertation. Cornell University.Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Robustly Safe Compilation, an Efficient Form of Secure Compilation

        Recommendations

        Comments

        Login options

        Check if you have access through your login credentials or your institution to get full access on this article.

        Sign in

        Full Access

        PDF Format

        View or Download as a PDF file.

        PDF

        eReader

        View online with eReader.

        eReader

        HTML Format

        View this article in HTML Format .

        View HTML Format
        About Cookies On This Site

        We use cookies to ensure that we give you the best experience on our website.

        Learn more

        Got it!