Write a Blog >>
POPL 2021
Sun 17 - Fri 22 January 2021 Online
Sun 17 Jan 2021 16:18 - 16:36 at PriSC - Secure compilers & cryptography Chair(s): Fraser Brown, Aastha Mehta

There is a gap between correct compilation and secure compilation. Compared to just testing correctness, testing the security of compiled programs is harder for three reasons. First, the introduced security bugs tend to be silent, so that they may not be observable when we run the compiled programs. Second, the optimizations of compilers have become extremely complicated, it is hard to verify or validate their security. Third, the occurrences of security bugs also depend on environments such as the architecture; only analyzing the optimizations themselves may not reveal the bugs. The silent security bugs introduced by compilers, once triggered, can incur critical impacts and hide in the programs for a long time. Therefore,it is important to develop a new approach that can effectively discover the security bugs introduced by compilers.

In this paper, we propose a new approach—cross-arch testing—that automatically discovers compiler-introduced security bugs, without the need of understanding the complicated optimization logic or modeling the environments.The idea is based on an observation that today’s compilers have supported many architectures. For example, the Linux kernel can be compiled for more than 25 different architectures. The significant number of architectures allows us to cross-check the compilation security. In particular, some optimizations strategies and the implementations for different architectures are mainly independent. However, in most cases, the compilation results regarding security-related states should be consistent. If the optimization of a specific architecture handles security-related states differently, we report it as a potential security bug. That is, we identify security-related deviations across the architectures as insecure compilation. We plan to apply our testing to widely used multi-architecture software like the Linux kernel, and expect to discover previously-unknown insecure compilation cases.

slides (PriSC21_XJH.pdf)502KiB

Sun 17 Jan

Displayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change

16:00 - 17:30
Secure compilers & cryptographyPriSC at PriSC
Chair(s): Fraser Brown Stanford University, USA, Aastha Mehta MPI-SWS, Germany and University of British Columbia, Canada
16:00
18m
Talk
High-level high-speed high-assurance crypto
PriSC
Jonathan Cogan Stanford, Fraser Brown Stanford University, USA, Alex Ozdemir Stanford, Riad S. Wahby Stanford University, USA
Media Attached
16:18
18m
Talk
Cross-Architecture Testing for Compiler-Introduced Security Bugs
PriSC
Jianhao Xu Nanjing University, Kangjie Lu University of Minnesota, Bing Mao Nanjing University
Media Attached File Attached
16:36
18m
Talk
High-Assurance Cryptography in the Spectre Era
PriSC
Gilles Barthe MPI-SP, Germany / IMDEA Software Institute, Spain, Sunjay Cauligi University of California at San Diego, USA, Benjamin Gregoire INRIA, Adrien Koutsos INRIA Paris, Kevin Liao Max Planck Institute for Security and Privacy, Tiago Oliveira University of Porto (FCUP) and INESC TEC, Swarn Priya Purdue University, Tamara Rezk Inria, France, Peter Schwabe Max Planck Institute for Security and Privacy
Media Attached
16:54
18m
Talk
Compilation as Multi-Language Semantics
PriSC
William J. Bowman University of British Columbia
Pre-print Media Attached
17:12
18m
Talk
Viaduct: An Optimizing, Extensible Compiler for Secure Distributed Programs
PriSC
Coşku Acay Cornell University, Rolph Recto , Joshua Gancher Cornell University, Andrew C. Myers Cornell University, Elaine Shi Cornell University
Media Attached