Abstract
Secure compilation is a discipline aimed at developing compilers that preserve the security properties of the source programs they take as input in the target programs they produce as output. This discipline is broad in scope, targeting languages with a variety of features (including objects, higher-order functions, dynamic memory allocation, call/cc, concurrency) and employing a range of different techniques to ensure that source-level security is preserved at the target level. This article provides a survey of the existing literature on formal approaches to secure compilation with a focus on those that prove fully abstract compilation, which has been the criterion adopted by much of the literature thus far. This article then describes the formal techniques employed to prove secure compilation in existing work, introducing relevant terminology, and discussing the merits and limitations of each work. Finally, this article discusses open challenges and possible directions for future work in secure compilation.
Supplemental Material
Available for Download
Supplemental movie, appendix, image and software files for, Formal Approaches to Secure Compilation: A Survey of Fully Abstract Compilation and Related Work
- Martín Abadi. 1999. Protection in programming-language translations. In Secure Internet Programming. Springer, 19--34. Google ScholarDigital Library
- Martín Abadi, Anindya Banerjee, Nevin Heintze, and Jon G. Riecke. 1999. A core calculus of dependency. In Proceedings of the 26th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL’99). ACM, 147--160. Google ScholarDigital Library
- Martín Abadi, Mihai Budiu, Úlfar Erlingsson, and Jay Ligatti. 2005. A theory of secure control flow. In Proceedings of the 7th International Conference on Formal Methods and Software Engineering (ICFEM’05). Springer-Verlag, 111--124. Google ScholarDigital Library
- Martín Abadi, Mihai Budiu, Úlfar Erlingsson, and Jay Ligatti. 2009. Control-flow integrity principles, implementations, and applications. ACM Trans. Inf. Syst. Secur. 13, 1, Article 4 (2009). Google ScholarDigital Library
- Martín Abadi, Cédric Fournet, and Georges Gonthier. 1999. Secure communications processing for distributed languages. In Proceedings of the IEEE Symposium on Security and Privacy. 74--88.Google Scholar
- Martín Abadi, Cédric Fournet, and Georges Gonthier. 2000. Authentication primitives and their compilation. In Proceedings of the 27th Symposium on Principles of Programming Languages (POPL’00). ACM, 302--315. Google ScholarDigital Library
- Martín Abadi, Cédric Fournet, and Georges Gonthier. 2002. Secure implementation of channel abstractions. Info. Comput. 174 (2002), 37--83. Google ScholarDigital Library
- Martín Abadi and Gordon D. Plotkin. 2012. On protection by layout randomization. ACM Trans. Info. Syst. Secur. 15, Article 8 (July 2012). Google ScholarDigital Library
- Carmine Abate, Arthur Azevedo de Amorim, Roberto Blanco, Ana Nora Evans, Guglielmo Fachini, Cătălin Hriţcu, Théo Laurent, Benjamin C. Pierce, Marco Stronati, and Andrew Tolmach. 2018. When Good Components Go Bad: Formally Secure Compilation Despite Dynamic Compromise. arXiv:1802.00588. Retrieved from https://arxiv.org/abs/1802.00588.Google Scholar
- Carmine Abate, Roberto Blanco, Deepak Garg, Cătălin Hriţcu, Marco Patrignani, and Jeremy Thibault. 2018. Exploring Robust Property Preservation for Secure Compilation. arXiv:1807.04603. Retrieved from https://arxiv.org/abs/1807.04603.Google Scholar
- Samson Abramsky. 1990. The lazy lambda calculus. In Research Topics in Functional Programming, David A. Turner (Ed.). Addison-Wesley Longman Publishing Co., Inc., 65--116. Google ScholarDigital Library
- Pedro Adão and Cédric Fournet. 2006. Cryptographically sound implementations for communicating processes. In Proceedings of the International Colloquium on Automata, Languages and Programming (ICALP’06).Google ScholarDigital Library
- Pieter Agten, Raoul Strackx, Bart Jacobs, and Frank Piessens. 2012. Secure compilation to modern processors. In Proceedings of the IEEE Computer Security Foundations Symposium (CSF’12). IEEE, 171--185. Google ScholarDigital Library
- Amal Ahmed. 2006. Step-indexed syntactic logical relations for recursive and quantified types. In Proceedings of the European Symposium on Programming (ESOP’06). 69--83. Google ScholarDigital Library
- Amal Ahmed and Matthias Blume. 2008. Typed closure conversion preserves observational equivalence. In Proceedings of the 13th ACM SIGPLAN International Conference on Functional Programming (ICFP’08). ACM, 157--168. Google ScholarDigital Library
- Amal Ahmed and Matthias Blume. 2011. An equivalence-preserving CPS translation via multi-language semantics. In Proceedings of the 16th ACM SIGPLAN International Conference on Functional Programming (ICFP’11). ACM, 431--444. Google ScholarDigital Library
- Arthur Azevedo de Amorim, Nathan Collins, André DeHon, Delphine Demange, Cătălin Hriţcu, David Pichardie, Benjamin C. Pierce, Randy Pollack, and Andrew Tolmach. 2014. A verified information-flow architecture. SIGPLAN Not. 49 (Jan. 2014), 165--178. Google ScholarDigital Library
- Ioannis G. Baltopoulos and Andrew D. Gordon. 2009. Secure compilation of a multi-tier web language. In Proceedings of the 4th International Workshop on Types in Language Design and Implementation (TLDI’09). ACM, 27--38. Google ScholarDigital Library
- Gilles Barthe, Tamara Rezk, and Amitabh Basu. 2007. Security types preserving compilation. Comput. Lang. Syst. Struct. 33 (2007), 35--59. Google ScholarDigital Library
- Gilles Barthe, Tamara Rezk, Alejandro Russo, and Andrei Sabelfeld. 2010. Security of multithreaded programs by compilation. ACM Trans. Info. Syst. Secur. 13, Article 21 (2010). Google ScholarDigital Library
- Nick Benton and Chung-Kil Hur. 2009. Biorthogonality, step-indexing and compiler correctness. SIGPLAN Not. 44 (Aug. 2009), 97--108. Google ScholarDigital Library
- Nick Benton and Chung-kil Hur. 2010. Realizability and Compositional Compiler Correctness for a Polymorphic Language. Technical Report. MSR.Google Scholar
- William J. Bowman and Amal Ahmed. 2015. Noninterference for free. In Proceedings of the ACM SIGPLAN International Conference on Functional Programming (ICFP’15). 13. Google ScholarDigital Library
- Michele Bugliesi and Marco Giunti. 2007. Secure implementations of typed channel abstractions. In Proceedings of the ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL’07). Google ScholarDigital Library
- Nicholas P. Carter, Stephen W. Keckler, and William J. Dally. 1994. Hardware support for fast capability-based addressing. SIGPLAN Not. 29 (1994), 319--327. Google ScholarDigital Library
- Giuseppe Castagna, Mariangiola Dezani-Ciancaglini, Elena Giachino, and Luca Padovani. 2009. Foundations of session types. In International ACM SIGPLAN Conference on Principles and Practice of Declarative Programming (PPDP’09). Google ScholarDigital Library
- Juan Chen, Ravi Chugh, and Nikhil Swamy. 2010. Type-preserving compilation of end-to-end verification of security enforcement. In Proceedings of the Programming Language Design and Implementation Conference (PLDI’10). ACM, 412--423. Google ScholarDigital Library
- Andrey Chudnov and David A. Naumann. 2015. Inlined information flow monitoring for javascript. In Proceedings of the ACM Conference on Computer and Communications Security (CCS’15). Google ScholarDigital Library
- Michael R. Clarkson and Fred B. Schneider. 2010. Hyperproperties. J. Comput. Secur. 18, 6 (Sept. 2010), 1157--1210. Google ScholarDigital Library
- Ricardo Corin, Pierre-Malo Deniélou, Cédric Fournet, Karthikeyan Bhargavan, and James Leifer. 2008. A secure compiler for session abstractions. J. Comput. Secur. 16 (2008), 573--636. Google ScholarDigital Library
- Pierre-Louis Curien. 2007. Definability and full abstraction. Electron. Notes Theor. Comput. Sci. 172 (2007), 301--310. Google ScholarDigital Library
- Jack B. Dennis and Earl C. Van Horn. 1966. Programming semantics for multiprogrammed computations. Commun. ACM 9 (Mar. 1966), 143--155. Google ScholarDigital Library
- Dominique Devriese, Marco Patrignani, Steven Keuchel, and Frank Piessens. 2017. Modular, fully-abstract compilation by approximate back-translation. Logical Methods in Computer Science, Vol. 13, Issue 4 (Oct. 2017).Google Scholar
- Dominique Devriese, Marco Patrignani, and Frank Piessens. 2016. Secure compilation by approximate back-translation. In Proceedings of the ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL’16).Google Scholar
- Dominique Devriese, Marco Patrignani, and Frank Piessens. 2018. Parametricity versus the universal type. In Proceedings of the ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL’18). Google ScholarDigital Library
- Udit Dhawan, Catalin Hritcu, Raphael Rubin, Nikos Vasilakis, Silviu Chiricescu, Jonathan M. Smith, Thomas F. Knight, Jr., Benjamin C. Pierce, and Andre DeHon. 2015. Architectural support for software-defined metadata processing. In Proceedings of the International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS’15). Google ScholarDigital Library
- Udit Dhawan, Nikos Vasilakis, Raphael Rubin, Silviu Chiricescu, Jonathan M. Smith, Thomas F. Knight, Jr., Benjamin C. Pierce, and André DeHon. 2014. PUMP: A programmable unit for metadata processing. In Proceedings of the Hardware and Architectural Support for Security and Privacy Conference (HASP’14). 8:1--8:8. Google ScholarDigital Library
- D. Dolev and A. C. Yao. 1981. On the security of public key protocols. In Proceedings of the Annual IEEE Symposium on Foundations of Computer Science (SFCS’81). IEEE Computer Society, 350--357. Google ScholarDigital Library
- Vijay D’silva, Daniel Kroening, and Georg Weissenbacher. 2008. A survey of automated techniques for formal software verification. IEEE Trans. Comput.-aided Design Integr. Circ. Syst. 27 (2008). Google ScholarDigital Library
- Dominic Duggan. 2004. Type-based cryptographic operations. J. Comput. Secur. 12 (May 2004), 485--550. Google ScholarDigital Library
- Úlfar Erlingsson. 2004. The Inlined Reference Monitor Approach to Security Policy Enforcement. Ph.D. Dissertation. Advisor(s) Schneider, Fred B. AAI3114521.Google Scholar
- Úlfar Erlingsson and Fred B. Schneider{n.d.}. SASI enforcement of security policies: A retrospective. In Proceedings of the New Security Paradigms Workshop (NSPW’99).Google ScholarDigital Library
- Úlfar Erlingsson and Fred B. Schneider. 2000. IRM enforcement of java stack inspection. In Proceedings of the IEEE Symposium on Security and Privacy (IEEE S&P’’’00). 246--255. Google ScholarDigital Library
- Guglielmo Fachini, Cătălin Hriţcu, Marco Stronati, Ana Nora Evans, Theo Laurent, Arthur Azevedo de Amorim, Benjamin C. Pierce, and Andrew Tolmach. 2018. Formally secure compilation of unsafe low-level components. In Proceedings of the Workshop on Principles of Secure Compilation (PRISC’18).Google Scholar
- Cédric Fournet and Georges Gonthier. 1996. The reflexive CHAM and the join-calculus. In Proceedings of the ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL’96). 372--385. Google ScholarDigital Library
- Cedric Fournet, Andrew Gordon, and Sergio Maffeis. 2007. A type discipline for authorization in distributed systems. In Proceedings of the 20th IEEE Computer Security Foundations Symposium (CSF’07). IEEE Computer Society, 31--48. Google ScholarDigital Library
- Cédric Fournet, Gurvan Le Guernic, and Tamara Rezk. 2009. A security-preserving compiler for distributed programs: From information-flow policies to cryptographic mechanisms. In Proceedings of the ACM Conference on Computer and Communications Security (CCS’09). Google ScholarDigital Library
- Cédric Fournet and Tamara Rezk. {n.d.}. Cryptographically sound implementations for typed information-flow security. In Proceedings of the ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL’08). Google ScholarDigital Library
- Cedric Fournet, Nikhil Swamy, Juan Chen, Pierre-Evariste Dagand, Pierre-Yves Strub, and Benjamin Livshits. {n. d.}. Fully abstract compilation to javascript. In Proceedings of the ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL’13). Google ScholarDigital Library
- D. Garg, C. Hritcu, M. Patrignani, M. Stronati, and D. Swasey. 2017. Robust hyperproperty preservation for secure compilation (extended abstract). ArXiv e-prints (Oct. 2017). arxiv:cs.CR/1710.07309.Google Scholar
- Dan R Ghica and Zaid Al-Zobaidi. 2012. Coherent minimisation: Towards efficient tamper-proof compilation. In Proceedings of the 5th Interaction and Concurrency Experience Workshop (ICE’12). 16.Google ScholarCross Ref
- Dan R. Ghica and Nikos Tzevelekos. 2012. A system-level game semantics. Electr. Notes Theo. Comp. Sci. 286 (2012). Google ScholarDigital Library
- Ian Goldberg, David Wagner, Randi Thomas, and Eric A. Brewer. 1996. A secure environment for untrusted helper applications confining the wily hacker. In Proceedings of the 6th Conference on USENIX Security Symposium. Google ScholarDigital Library
- Andrew D. Gordon and Alan Jeffrey. 2002. Authenticity by typing for security protocols. J. Comput. Secur. 11, 4 (2002). Google ScholarDigital Library
- Daniele Gorla and Uwe Nestman. 2016. Full abstraction for expressiveness: History, myths and facts. Math. Struct. Comput. Sci. 26, 4 (2016), 639--654.Google ScholarCross Ref
- Chung-Kil Hur and Derek Dreyer. 2011. A Kripke logical relation between ML and assembly. SIGPLAN Not. 46 (2011). Google ScholarDigital Library
- Radha Jagadeesan, Corin Pitcher, Julian Rathke, and James Riely. 2011. Local memory via layout randomization. In Proceedings of the 2011 IEEE 24th Computer Security Foundations Symposium (CSF’11). IEEE Computer Society, 161--174. Google ScholarDigital Library
- Alan Jeffrey and Julian Rathke. {n.d.}. Java Jr.: Fully abstract trace semantics for a core Java language. In Proceedings of the European Symposium on Programming (ESOP’05). Google ScholarDigital Library
- Einar Broch Johnsen, Reiner Hähnle, Jan Schäfer, Rudolf Schlatte, and Martin Steffen. 2011. ABS: A core language for abstract behavioral specification. In Proceedings of the International Symposium on Formal Methods for Components and Objects (FMCO’10). 142--164. Google ScholarDigital Library
- Yannis Juglaret, Cătălin Hriţcu, Arthur Azevedo de Amorim, and Benjamin C. Pierce. 2016. Beyond good and evil: Formalizing the security guarantees of compartmentalizing compilation. In Proceedings of the IEEE Computer Security Foundations Symposium (CSF’16).Google Scholar
- Yannis Juglaret, Catalin Hritcu, Arthur Azevedo de Amorim, Benjamin C. Pierce, Antal Spector-Zabusky, and Andrew Tolmach. 2015. Towards a fully abstract compiler using micro-policies: Secure compilation for mutually distrustful components. CoRR abs/1510.00697 (2015). Retrieved from http://arxiv.org/abs/1510.00697.Google Scholar
- Jeehoon Kang, Yoonseung Kim, Chung-Kil Hur, Derek Dreyer, and Viktor Vafeiadis. 2016. Lightweight verification of separate compilation. In Proceedings of the ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL’16). 178--190. Google ScholarDigital Library
- Andrew Kennedy. 2006. Securing the .NET programming model. Theoret. Comput. Sci. 364 (2006), 311--317. Google ScholarDigital Library
- Ramana Kumar, Magnus O. Myreen, Michael Norrish, and Scott Owens. 2014. CakeML: A verified implementation of ML. In Proceedings of the ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL’14). 179--192. Google ScholarDigital Library
- Volodymyr Kuznetsov, László Szekeres, Mathias Payer, George Candea, R. Sekar, and Dawn Song. 2014. Code-pointer integrity. In Proceedings of the USENIX Symposium on Operating Systems Design and Implementation (OSDI’14). USENIX Association, 147--163. Google ScholarDigital Library
- Adriaan Larmuseau and Dave Clarke. 2015. Formalizing a secure foreign function interface. In Proceedings of the Conference on Software Engineering and Formal Methods (SEFM’15) (LNCS).Google ScholarCross Ref
- Adriaan Larmuseau, Marco Patrignani, and Dave Clarke. 2014. Operational semantics for secure interoperation. In Proceedings of the Programming Languages and Analysis for Security Conference (PLAS’14). ACM. Google ScholarDigital Library
- Adriaan Larmuseau, Marco Patrignani, and Dave Clarke. 2016. Implementing a secure abstract machine. In Proceedings of the ACM Symposium on Applied Computing (SAC’16). Google ScholarDigital Library
- Peeter Laud. 2012. Secure implementation of asynchronous method calls and futures. In Trusted Systems, Chris J. Mitchell and Allan Tomlinson (Eds.). LNCS, Vol. 7711. Springer, Berlin, 25--47.Google Scholar
- Christopher League, Zhong Shao, and Valery Trifonov. 2002. Type-preserving compilation of featherweight java. ACM Trans. Program. Lang. Syst. 24 (2002), 112--152. Google ScholarDigital Library
- Xavier Leroy. 2006. Formal certification of a compiler back-end or: Programming a compiler with a proof assistant. In Proceedings of the ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL’06). 42--54. Google ScholarDigital Library
- Xavier Leroy. 2009. A formally verified compiler back-end. J. Autom. Reason. 43, 4 (2009), 363--446. Google ScholarDigital Library
- Andreas Lochbihler. 2010. Verifying a compiler for java threads. In Proceedings of the European Symposium on Programming (ESOP’10). Springer-Verlag, 427--447. Google ScholarDigital Library
- Jacob Matthews and Amal Ahmed. 2008. Parametric polymorphism through run-time sealing or, theorems for low, low prices!. In Proceedings of the European Symposium on Programming (ESOP’08/ETAPS’08). Springer-Verlag, 16--31. Google ScholarDigital Library
- Jacob Matthews and Robert Bruce Findler. 2009. Operational semantics for multi-language programs. ACM Trans. Program. Lang. Syst. 31, Article 12 (Apr. 2009). Google ScholarDigital Library
- Jonathan M. McCune, Yanlin Li, Ning Qu, Zongwei Zhou, Anupam Datta, Virgil Gligor, and Adrian Perrig. 2010. TrustVisor: Efficient TCB reduction and attestation. In Proceedings of the IEEE Security and Privacy Workshops (SP’10). IEEE, 143--158. Google ScholarDigital Library
- Jonathan M. McCune, Bryan J. Parno, Adrian Perrig, Michael K. Reiter, and Hiroshi Isozaki. 2008. Flicker: An execution infrastructure for TCB minimization. SIGOPS Oper. Syst. Rev. 42, Article 24 (Apr. 2008). Google ScholarDigital Library
- Frank McKeen, Ilya Alexandrovich, Alex Berenzon, Carlos V. Rozas, Hisham Shafi, Vedvyas Shanbhogue, and Uday R. Savagaonkar. 2013. Innovative instructions and software model for isolated execution. In Proceedings of the Hardware and Architectural Support for Security and Privacy Conference (HASP’13). Google ScholarDigital Library
- Ricardo Medel, Adriana B. Compagnoni, and Eduardo Bonelli. 2005. A typed assembly language for non-interference. In Proceedings of the Italian Conference on Theoretical Computer Science (ICTCS’05). 360--374. Google ScholarDigital Library
- Robin Milner. 1977. Fully abstract models of typed calculi. Theoret. Comput. Sci. 4, 1 (1977), 1--22.Google ScholarCross Ref
- Robin Milner. 1999. Communicating and Mobile Systems—The Pi-calculus. Cambridge University Press. Google ScholarDigital Library
- John C. Mitchell. 1993. On abstraction and the expressive power of programming languages. Sci. Comput. Program. 21, 2 (1993), 141--163. Google ScholarDigital Library
- Eugenio Moggi. 1989. Computational lambda-calculus and monads. In Proceedings of the ACM/IEEE Symposium on Logic in Computer Science (LICS’89). IEEE Press, 14--23. Google ScholarDigital Library
- Greg Morrisett, David Walker, Karl Crary, and Neal Glew. 1999. From system F to typed assembly language. ACM Trans. Program. Lang. Syst. 21 (1999), 527--568. Google ScholarDigital Library
- Magnus O. Myreen. 2010. Verified just-in-time compiler on x86. SIGPLAN Not. 45 (Jan. 2010), 107--118. Google ScholarDigital Library
- George C. Necula. 1997. Proof-carrying code. In Proceedings of the ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL’97). ACM, 106--119. Google ScholarDigital Library
- Georg Neis, Chung-Kil Hur, Jan-Oliver Kaiser, Craig McLaughlin, Derek Dreyer, and Viktor Vafeiadis. 2015. Pilsner: A compositionally verified compiler for a higher-order imperative language. In Proceedings of the 16th ACM SIGPLAN International Conference on Functional Programming (ICFP’15). ACM, 166--178. Google ScholarDigital Library
- Max S. New, William J. Bowman, and Amal Ahmed. 2016. Fully abstract compilation via universal embedding. In Proceedings of the 21st ACM SIGPLAN International Conference on Functional Programming (ICFP’16). ACM. Google ScholarDigital Library
- Job Noorman, Pieter Agten, Wilfried Daniels, Raoul Strackx, Anthony Van Herrewege, Christophe Huygens, Bart Preneel, Ingrid Verbauwhede, and Frank Piessens. 2013. Sancus: Low-cost trustworthy extensible networked devices with a zero-software trusted computing base. In Proceedings of the 22nd USENIX Conference on Security Symposium. Google ScholarDigital Library
- Joachim Parrow. 2008. Expressiveness of process algebras. Electr. Notes Theo. Comput. Sci. 209 (2008), 173--186. Google ScholarDigital Library
- Joachim Parrow. 2014. General conditions for full abstraction. Math. Struct. Comput. Sci. (2014).Google Scholar
- Marco Patrignani, Pieter Agten, Raoul Strackx, Bart Jacobs, Dave Clarke, and Frank Piessens. 2015. Secure compilation to protected module architectures. ACM Trans. Program. Lang. Syst. 37, Article 6 (Apr. 2015). Google ScholarDigital Library
- Marco Patrignani and Dave Clarke. 2015. Fully abstract trace semantics for protected module architectures. Comput. Lang. Syst. Struct. 42, 0 (2015), 22--45. Google ScholarCross Ref
- Marco Patrignani, Dave Clarke, and Frank Piessens. 2013. Secure compilation of object-oriented components to protected module architectures. In Proceedings of the Asian Symposium on Programming Languages and Systems (APLAS’13). 176--191. Google ScholarDigital Library
- Marco Patrignani, Dominique Devriese, and Frank Piessens. 2016. On modular and fully abstract compilation. In Proceedings of the 29th IEEE Computer Security Foundations Symposium (CSF’16).Google ScholarCross Ref
- Marco Patrignani and Deepak Garg. 2017. Secure compilation as hyperproperty preservation. In Proceedings of the IEEE Computer Security Foundations Symposium (CSF’17).Google ScholarCross Ref
- Marco Patrignani and Deepak Garg. 2018. Robustly safe compilation or, efficient, provably secure compilation. CoRR abs/1804.00489 (2018). arxiv:1804.00489. Retrieved from http://arxiv.org/abs/1804.00489.Google Scholar
- Daniel Patterson and Amal Ahmed. 2018. On compositional compiler correctness and fully abstract compilation. In Proceedings of the Workshop on Principles of Secure Compilation (PRISC’18).Google Scholar
- James T. Perconti and Amal Ahmed. 2014. Verifying an open compiler using multi-language semantics. In Proceedings of the European Symposium on Programming (ESOP’14) (Lecture Notes in Computer Science), Vol. 8410. 128--148. Google ScholarDigital Library
- Benjamin Pierce. 2002. Types and Programming Languages. MIT Press. Google ScholarDigital Library
- Benjamin Pierce and Eijiro Sumii. 2000. Relating Cryptography and Polymorphism. CiteSeer.Google Scholar
- Frank Piessens, Dominique Devriese, Jan Tobias Muhlberg, and Raoul Strackx. 2016. Security guarantees for the execution infrastructure of software applications. In Proceedings of the IEEE Cybersecurity Development Conference (SecDev’16).Google ScholarCross Ref
- Gordon D. Plotkin. 1977. LCF considered as a programming language. Theoret. Comput. Sci. 5 (1977), 223--255.Google ScholarCross Ref
- Jon G. Riecke. 1991. Fully abstract translations between functional languages. In Proceedings of the ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL’91). Google ScholarDigital Library
- Eike Ritter and Andrew M. Pitts. 1995. A fully abstract translation between a lambda-calculus with reference types and standard ML. In Proceedings of the Typed Lambda Calculi and Applications Conference (TLCA’95). Springer-Verlag, 397--413. Google ScholarDigital Library
- Davide Sangiorgi. 2012. Introduction to Bisimulation and Coinduction. Cambridge University Press. Google Scholar
- Davide Sangiorgi and David Walker. 2001. The Pi-Calculus—A Theory of Mobile Processes. Cambridge University Press. Google ScholarDigital Library
- Fred B. Schneider. 2000. Enforceable security policies. ACM TISSEC 3, 1 (2000), 30--50. Google ScholarDigital Library
- Jaroslav Sevcik, Viktor Vafeiadis, Francesco Zappa Nardelli, Suresh Jagannathan, and Peter Sewell. 2011. Relaxed-memory concurrency and verified compilation. SIGPLAN Not. 46 (Jan. 2011), 43--54. Google ScholarDigital Library
- Naokata Shikuma and Atsushi Igarashi. 2007. Proving noninterference by a fully complete translation to the simply typed λ-calculus. In Advances in Computer Science (ASIAN’06). Vol. 4435. 301--315. Google ScholarDigital Library
- Jeremy G. Siek and Walid Taha. 2007. Gradual typing for objects. In Proceedings of the European Conference on Object-Oriented Programming (ECOOP’07). 2--27. Google ScholarDigital Library
- Rohit Sinha, Manuel Costa, Akash Lal, Nuno P. Lopes, Sriram Rajamani, Sanjit A. Seshia, and Kapil Vaswani. 2016. A design and verification methodology for secure isolated regions. SIGPLAN Not. 51, 6 (June 2016), 665--681. Google ScholarDigital Library
- Gordon Stewart, Lennart Beringer, Santiago Cuellar, and Andrew W. Appel. 2015. Compositional compcert. In Proceedings of the ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL’15). ACM, 275--287. Google ScholarDigital Library
- Raoul Strackx and Frank Piessens. 2012. Fides: Selectively hardening software application components against kernel-level or process-level malware. In Proceedings of the ACM Conference on Computer and Communications Security (CCS’12). ACM, 2--13. Google ScholarDigital Library
- Eijiro Sumii and Benjamin C. Pierce. 2004. A bisimulation for dynamic sealing. In Proceedings of the ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL’04). 161--172. Google ScholarDigital Library
- Nikhil Swamy, Juan Chen, Cédric Fournet, Pierre-Yves Strub, Karthikeyan Bhargavan, and Jean Yang. 2011. Secure distributed programming with value-dependent types. In Proceedings of the 16th ACM SIGPLAN International Conference on Functional Programming (ICFP’11). ACM, 266--278. Google ScholarDigital Library
- Nikhil Swamy, Cedric Fournet, Aseem Rastogi, Karthikeyan Bhargavan, Juan Chen, Pierre-Yves Strub, and Gavin Bierman. 2014. Gradual typing embedded securely in javascript. SIGPLAN Not. 49, 1 (Jan. 2014), 425--437. Google ScholarDigital Library
- D. Tarditi, G. Morrisett, P. Cheng, C. Stone, R. Harper, and P. Lee. 1996. TIL: A type-directed optimizing compiler for ML. 181--192. https://www.cs.cmu.edu/∼rwh/papers/til/tr.pdf. Google ScholarDigital Library
- Stelios Tsampas, Akram El-Korashy, Marco Patrignani, Dominique Devriese, Deepak Garg, and Frank Piessens. 2017. Towards automatic compartmentalization of C programs on capability machines. In Proceedings of the International Conference on Foundations of Computer Science (FCS’17).Google Scholar
- Stephen Tse and Steve Zdancewic. 2004. Translating dependency into parametricity. SIGPLAN Not. 39 (2004), 115--125. Google ScholarDigital Library
- Stephen Tse and Steve Zdancewic. 2007. Run-time principals in information-flow type systems. ACM Trans. Program. Lang. Syst. 30, Article 6 (Nov. 2007). Google ScholarDigital Library
- Dennis Volpano, Cynthia Irvine, and Geoffrey Smith. 1996. A sound type system for secure flow analysis. J. Comput. Secur. 4 (1996), 167--187. Issue 2-3. Google ScholarDigital Library
- Robert Wahbe, Steven Lucco, Thomas E. Anderson, and Susan L. Graham. 1993. Efficient software-based fault isolation. SIGOPS Oper. Syst. Rev. 27, 5 (Dec. 1993), 203--216. Google ScholarDigital Library
- David Walker. 2000. A type system for expressive security policies. In Proceedings of the ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL’00). Google ScholarDigital Library
- Mitchell Wand. 1998. The theory of fexprs is trivial. Lisp Symbol. Comput. 10 (1998), 189--199. Google ScholarDigital Library
- Xiaoyun Wang and Hongbo Yu. 2005. How to break MD5 and other hash functions. In Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques (EUROCRYPT’05). 19--35. Google ScholarDigital Library
- Robert N. M. Watson, Jonathan Anderson, Ben Laurie, and Kris Kennaway. 2010. Capsicum: Practical capabilities for UNIX. In Proceedings of the USENIX Security Symposium. USENIX Association, 29--46. Google ScholarDigital Library
- Jonathan Woodruff, Robert N. M. Watson, David Chisnall, Simon W. Moore, Jonathan Anderson, Brooks Davis, Ben Laurie, Peter G. Neumann, Robert Norton, and Michael Roe. 2014. The CHERI capability model: Revisiting RISC in an age of risk. In Proceedings of the International Symposium on Computer Architecture (ISCA’14). 457--468. Google ScholarDigital Library
- Dachuan Yu and Nayeem Islam. 2006. A typed assembly language for confidentiality. In Proceedings of the European Symposium on Programming (ESOP’06). Google ScholarDigital Library
- Stephan A. Zdancewic. 2002. Programming Languages for Information Security. Ph.D. Dissertation. Cornell University. Google ScholarDigital Library
- Bin Zeng, Gang Tan, and Greg Morrisett. 2011. Combining control-flow integrity and static analysis for efficient and validated data sandboxing. In Proceedings of the ACM Conference on Computer and Communications Security (CCS’11). ACM, 29--40. Google ScholarDigital Library
- Jianzhou Zhao, Qi Zhang, and Steve Zdancewic. 2010. Relational parametricity for a polymorphic linear lambda calculus. In Proceedings of the Asian Symposium on Programming Languages and Systems (APLAS’10). 344--359. Google ScholarDigital Library
Index Terms
Formal Approaches to Secure Compilation: A Survey of Fully Abstract Compilation and Related Work
Recommendations
Robustly Safe Compilation, an Efficient Form of Secure Compilation
Security-preserving compilers generate compiled code that withstands target-level attacks such as alteration of control flow, data leaks, or memory corruption. Many existing security-preserving compilers are proven to be fully abstract, meaning that they ...
Fully abstract compilation via universal embedding
ICFP 2016: Proceedings of the 21st ACM SIGPLAN International Conference on Functional ProgrammingA fully abstract compiler guarantees that two source components are observationally equivalent in the source language if and only if their translations are observationally equivalent in the target. Full abstraction implies the translation is secure: ...
Secure Compilation to Protected Module Architectures
A fully abstract compiler prevents security features of the source language from being bypassed by an attacker operating at the target language level. Unfortunately, developing fully abstract compilers is very complex, and it is even more so when the ...
Comments