Write a Blog >>
POPL 2021
Sun 17 - Fri 22 January 2021 Online
Sun 17 Jan 2021 16:18 - 16:36 at PriSC - Secure compilers & cryptography Chair(s): Fraser Brown, Aastha Mehta

There is a gap between correct compilation and secure compilation. Compared to just testing correctness, testing the security of compiled programs is harder for three reasons. First, the introduced security bugs tend to be silent, so that they may not be observable when we run the compiled programs. Second, the optimizations of compilers have become extremely complicated, it is hard to verify or validate their security. Third, the occurrences of security bugs also depend on environments such as the architecture; only analyzing the optimizations themselves may not reveal the bugs. The silent security bugs introduced by compilers, once triggered, can incur critical impacts and hide in the programs for a long time. Therefore,it is important to develop a new approach that can effectively discover the security bugs introduced by compilers.

In this paper, we propose a new approach—cross-arch testing—that automatically discovers compiler-introduced security bugs, without the need of understanding the complicated optimization logic or modeling the environments.The idea is based on an observation that today’s compilers have supported many architectures. For example, the Linux kernel can be compiled for more than 25 different architectures. The significant number of architectures allows us to cross-check the compilation security. In particular, some optimizations strategies and the implementations for different architectures are mainly independent. However, in most cases, the compilation results regarding security-related states should be consistent. If the optimization of a specific architecture handles security-related states differently, we report it as a potential security bug. That is, we identify security-related deviations across the architectures as insecure compilation. We plan to apply our testing to widely used multi-architecture software like the Linux kernel, and expect to discover previously-unknown insecure compilation cases.

slides (PriSC21_XJH.pdf)502KiB

Sun 17 Jan
Times are displayed in time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change

16:00 - 17:30
Secure compilers & cryptographyPriSC at PriSC
Chair(s): Fraser BrownStanford University, USA, Aastha MehtaMPI-SWS, Germany and University of British Columbia, Canada
16:00
18m
Talk
High-level high-speed high-assurance crypto
PriSC
Jonathan CoganStanford, Fraser BrownStanford University, USA, Alex OzdemirStanford, Riad S. WahbyStanford University, USA
Media Attached
16:18
18m
Talk
Cross-Architecture Testing for Compiler-Introduced Security Bugs
PriSC
Jianhao XuNanjing University, Kangjie LuUniversity of Minnesota, Bing MaoNanjing University
Media Attached File Attached
16:36
18m
Talk
High-Assurance Cryptography in the Spectre Era
PriSC
Gilles BartheMPI-SP, Germany / IMDEA Software Institute, Spain, Sunjay CauligiUniversity of California at San Diego, USA, Benjamin GregoireINRIA, Adrien KoutsosINRIA Paris, Kevin LiaoMax Planck Institute for Security and Privacy, Tiago OliveiraUniversity of Porto (FCUP) and INESC TEC, Swarn PriyaPurdue University, Tamara RezkInria, France, Peter SchwabeMax Planck Institute for Security and Privacy
Media Attached
16:54
18m
Talk
Compilation as Multi-Language Semantics
PriSC
William J. BowmanUniversity of British Columbia
Pre-print Media Attached
17:12
18m
Talk
Viaduct: An Optimizing, Extensible Compiler for Secure Distributed Programs
PriSC
Coşku AcayCornell University, Rolph Recto, Joshua GancherCornell University, Andrew C. MyersCornell University, Elaine ShiCornell University
Media Attached