Cross-Architecture Testing for Compiler-Introduced Security Bugs
There is a gap between correct compilation and secure compilation. Compared to just testing correctness, testing the security of compiled programs is harder for three reasons. First, the introduced security bugs tend to be silent, so that they may not be observable when we run the compiled programs. Second, the optimizations of compilers have become extremely complicated, it is hard to verify or validate their security. Third, the occurrences of security bugs also depend on environments such as the architecture; only analyzing the optimizations themselves may not reveal the bugs. The silent security bugs introduced by compilers, once triggered, can incur critical impacts and hide in the programs for a long time. Therefore,it is important to develop a new approach that can effectively discover the security bugs introduced by compilers.
In this paper, we propose a new approach—cross-arch testing—that automatically discovers compiler-introduced security bugs, without the need of understanding the complicated optimization logic or modeling the environments.The idea is based on an observation that today’s compilers have supported many architectures. For example, the Linux kernel can be compiled for more than 25 different architectures. The significant number of architectures allows us to cross-check the compilation security. In particular, some optimizations strategies and the implementations for different architectures are mainly independent. However, in most cases, the compilation results regarding security-related states should be consistent. If the optimization of a specific architecture handles security-related states differently, we report it as a potential security bug. That is, we identify security-related deviations across the architectures as insecure compilation. We plan to apply our testing to widely used multi-architecture software like the Linux kernel, and expect to discover previously-unknown insecure compilation cases.
slides (PriSC21_XJH.pdf) | 502KiB |
Sun 17 Jan Times are displayed in time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change
16:00 - 17:30: Secure compilers & cryptographyPriSC at PriSC Chair(s): Fraser BrownStanford University, USA, Aastha MehtaMPI-SWS, Germany and University of British Columbia, Canada | |||
16:00 - 16:18 Talk | High-level high-speed high-assurance crypto PriSC Jonathan CoganStanford, Fraser BrownStanford University, USA, Alex OzdemirStanford, Riad S. WahbyStanford University, USA Media Attached | ||
16:18 - 16:36 Talk | Cross-Architecture Testing for Compiler-Introduced Security Bugs PriSC Media Attached File Attached | ||
16:36 - 16:54 Talk | High-Assurance Cryptography in the Spectre Era PriSC Gilles BartheMPI-SP, Germany / IMDEA Software Institute, Spain, Sunjay CauligiUniversity of California at San Diego, USA, Benjamin GregoireINRIA, Adrien KoutsosINRIA Paris, Kevin LiaoMax Planck Institute for Security and Privacy, Tiago OliveiraUniversity of Porto (FCUP) and INESC TEC, Swarn PriyaPurdue University, Tamara RezkInria, France, Peter SchwabeMax Planck Institute for Security and Privacy Media Attached | ||
16:54 - 17:12 Talk | Compilation as Multi-Language Semantics PriSC William J. BowmanUniversity of British Columbia Pre-print Media Attached | ||
17:12 - 17:30 Talk | Viaduct: An Optimizing, Extensible Compiler for Secure Distributed Programs PriSC Coşku AcayCornell University, Rolph Recto, Joshua GancherCornell University, Andrew C. MyersCornell University, Elaine ShiCornell University Media Attached |