Fault-Resilient Non-interference

Tedesco, Filippo Del; Sands, David; Russo, Alejandro

doi:10.1109/csf.2016.35

Cited by 5 publications

(11 citation statements)

References 33 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Other works focus on type-preservation for type systems which enforce secure information flow [Barthe et al 2006;Chen et al 2010;Tedesco et al 2016]. It is worth noting that the two approaches are incomparable, since the type systems are incomplete and therefore preservation of information-flow typing does not entail preservation of non-interference nor the converse for similar reasons.…”

Section: Related Workmentioning

confidence: 99%

Formal verification of a constant-time preserving C compiler

Barthe

Blazy

Grégoire

et al. 2019

Proc. ACM Program. Lang.

View full text Add to dashboard Cite

Timing side-channels are arguably one of the main sources of vulnerabilities in cryptographic implementations. One effective mitigation against timing side-channels is to write programs that do not perform secret-dependent branches and memory accesses. This mitigation, known as łcryptographic constant-timež, is adopted by several popular cryptographic libraries. This paper focuses on compilation of cryptographic constant-time programs, and more specifically on the following question: is the code generated by a realistic compiler for a constant-time source program itself provably constant-time? Surprisingly, we answer the question positively for a mildly modified version of the CompCert compiler, a formally verified and moderately optimizing compiler for C. Concretely, we modify the CompCert compiler to eliminate sources of potential leakage. Then, we instrument the operational semantics of CompCert intermediate languages so as to be able to capture cryptographic constant-time. Finally, we prove that the modified CompCert compiler preserves constant-time. Our mechanization maximizes reuse of the CompCert correctness proof, through the use of new proof techniques for proving preservation of constant-time. These techniques achieve complementary trade-offs between generality and tractability of proof effort, and are of independent interest. CCS Concepts: • Security and privacy → Logic and verification.

show abstract

Section: Related Workmentioning

confidence: 99%

Formal verification of a constant-time preserving C compiler

Barthe

Blazy

Grégoire

et al. 2019

Proc. ACM Program. Lang.

View full text Add to dashboard Cite

show abstract

“…It ensures that the first n steps (or fewer if the program terminates before that) are safe and preserve -equivalence of the heap locations specified initially in P , but in a way that is compositional across multiple execution steps, across multiple threads of execution and across different parts of the heap. It is somewhat akin, although more precise than, prior characterizations based on strong low bisimulation [16,45].…”

Section: Security Definition and Soundnessmentioning

confidence: 94%

“…(abusing notation to let the semantic stand for some expression that denotes it). Property (16) encodes that constants do not depend on any state; again the security level expression e l must be meaningful, but trivially c :: when is constant, too. Value sensitivity is congruent with function application (17).…”

Section: Propositionmentioning

confidence: 99%

SecCSL: Security Concurrent Separation Logic

Ernst

Murray

2019

Computer Aided Verification

View full text Add to dashboard Cite

We present SecCSL, a concurrent separation logic for proving expressive, data-dependent information flow security properties of low-level programs. SecCSL is considerably more expressive, while being simpler, than recent compositional information flow logics that cannot reason about pointers, arrays etc. To capture security concerns, SecCSL adopts a relational semantics for its assertions. At the same time it inherits the structure of traditional concurrent separation logics; thus SecCSL reasoning can be automated via symbolic execution. We demonstrate this by implementing SecC, an automatic verifier for a subset of the C programming language, which we apply to a range of benchmarks.

show abstract

“…Here we introduce RISC with mutex locks (hereafter RISC), the target of our compiler, based on the RISC architecture targeted by the compilation scheme of Tedesco et al (2016):…”

Section: Initial Conditions Ensuring Global Modes Compatibilitymentioning

confidence: 99%

“…Apart from this notational adaptation to the configuration triple format for CVDNI proofs, the RISC language's evaluation semantics follows that of the RISC target architecture of Tedesco et al (2016), to which we relegate further details. For the new LockAcq k and LockRel k operations, the program counter is incremented by the RISC equivalents for the LOCKACQ and LOCKREL evaluation rules for the While language, and left unchanged by those for LOCKSPIN and LOCKINVALID (these were described by Section 3.1).…”

Section: Initial Conditions Ensuring Global Modes Compatibilitymentioning

confidence: 99%

Verified Secure Compilation for Mixed-Sensitivity Concurrent Programs

Sison,

Murray

2020

Preprint

View full text Add to dashboard Cite

Proving only over source code that programs do not leak sensitive data leaves a gap between reasoning and reality that can only be filled by accounting for the behaviour of the compiler. Furthermore, software does not always have the luxury of limiting itself to single-threaded computation with resources statically dedicated to each user to ensure the confidentiality of their data. This results in mixed-sensitivity concurrent programs, which might reuse memory shared between their threads to hold data of different sensitivity levels at different times; for such programs, a compiler must preserve the value-dependent coordination of such mixed-sensitivity reuse despite the impact of concurrency.Here we demonstrate, using Isabelle/HOL, that it is feasible to verify that a compiler preserves noninterference, the strictest kind of confidentiality property, for mixed-sensitivity concurrent programs. First, we present notions of refinement that preserve a concurrent value-dependent notion of noninterference that we have designed to support such programs. As proving noninterferencepreserving refinement can be considerably more complex than the standard refinements typically used to verify semantics-preserving compilation, our notions include a decomposition principle that separates the semantics-from the security-preservation concerns. Second, we demonstrate that these refinement notions are applicable to verified secure compilation, by exercising them on a singlepass compiler for mixed-sensitivity concurrent programs that synchronise using mutex locks, from a generic imperative language to a generic RISC-style assembly language. Finally, we execute our compiler on a nontrivial mixed-sensitivity concurrent program modelling a real-world use case, thus preserving its source-level noninterference properties down to an assembly-level model automatically. All results are formalised and proved in the Isabelle/HOL interactive proof assistant.Our work paves the way for more fully featured compilers to offer verified secure compilation support to developers of multithreaded software that must handle data of multiple sensitivity levels.

show abstract

Fault-Resilient Non-interference

Cited by 5 publications

References 33 publications

Formal verification of a constant-time preserving C compiler

Formal verification of a constant-time preserving C compiler

SecCSL: Security Concurrent Separation Logic

Verified Secure Compilation for Mixed-Sensitivity Concurrent Programs

Contact Info

Product

Resources

About