Security Witnesses for Compiler Transformations
Compiler optimizations can be correct and yet be insecure. Program changes made during optimization may weaken security guarantees; for instance, by introducing new ways to leak secret data. This work presents a methodology for ensuring that security properties are preserved, at compile time. Properties are expressed as automata operating over a bundle of related program traces. A notion of automaton-based program refinement guarantees that the associated security property is preserved. In practice, such refinement relations can be generated by a compiler as it optimizes a source program, and validated with an independent refinement checker. This process formally establishes the security of every source-to-target transformation without, however, requiring a proof of correctness of the compiler implementation itself.
| Presentation (PriSC-2019-Kedar-Namjoshi.pdf) | 565KiB |
Sun 13 JanDisplayed time zone: Belfast change
14:00 - 15:30 | |||
14:00 30mTalk | Translation Validation for Security Properties PriSC Matteo Busi Università di Pisa - Dipartimento di Informatica, Pierpaolo Degano Università di Pisa - Dipartimento di Informatica, Letterio Galletta IMT School for Advanced Studies Pre-print File Attached | ||
14:30 30mTalk | Security Witnesses for Compiler Transformations PriSC File Attached | ||
15:00 30mTalk | A Data Layout Description Language for Cogent PriSC Zilin Chen Data61, CSIRO and UNSW, Matthew Di Meglio UNSW, Liam O'Connor UNSW, Partha Susarla Data61, CSIRO, Christine Rizkallah UNSW, Gabriele Keller Utrecht University | ||