Verified Translation Validation of Static Analyses

被引:3
作者
Barthe, Gilles [1 ]
Blazy, Sandrine [2 ]
Laporte, Vincent [1 ]
Pichardie, David [3 ]
Trieu, Alix [2 ]
机构
[1] IMDEA Software Inst, Madrid, Spain
[2] Univ Rennes 1, INRIA, CNRS IRISA, Rennes, France
[3] ENS Rennes, CNRS IRISA, INRIA, Rennes, France
来源
2017 IEEE 30TH COMPUTER SECURITY FOUNDATIONS SYMPOSIUM (CSF) | 2017年
关键词
verified compilation; Coq proof assistant; program analysis; constant-time programming; SECURE INFORMATION-FLOW; EQUIVALENCE; SAFETY;
D O I
10.1109/CSF.2017.16
中图分类号
TP301 [理论、方法];
学科分类号
081202 ;
摘要
Motivated by applications to security and high efficiency, we propose an automated methodology for validating on low-level intermediate representations the results of a source-level static analysis. Our methodology relies on two main ingredients: a relative-safety checker, an instance of a relational verifier which proves that a program is "safer" than another, and a transformation of programs into defensive form which verifies the analysis results at runtime. We prove the soundness of the methodology, and provide a formally verified instantiation based on the Verasco verified C static analyzer and the CompCert verified C compiler. We experiment with the effectiveness of our approach with client optimizations at RTL level, and static analyses for cache-based timing side-channels and memory usage at pre-assembly levels.
引用
收藏
页码:405 / 419
页数:15
相关论文
共 48 条
[1]  
Almeida Jose Carlos Bacelar, 2016, 25 USENIX SEC S USEN
[2]   WYSINWYX: What You See Is Not What You eXecute [J].
Balakrishnan, Gogul ;
Reps, Thomas .
ACM TRANSACTIONS ON PROGRAMMING LANGUAGES AND SYSTEMS, 2010, 32 (06)
[3]   Secure information flow by self-composition [J].
Barthe, G ;
D'Argenio, PR ;
Rezk, T .
17TH IEEE COMPUTER SECURITY FOUNDATIONS WORKSHOP, PROCEEDINGS, 2004, :100-114
[4]  
Barthe Gilles, 2011, FM 2011: Formal Methods. Proceedings 17th International Symposium on Formal Methods, P200, DOI 10.1007/978-3-642-21437-0_17
[5]  
Barthe G., 2014, ACM SIGSAC C COMP CO
[6]   An Abstract Model of Certificate Translation [J].
Barthe, Gilles ;
Kunz, Cesar .
ACM TRANSACTIONS ON PROGRAMMING LANGUAGES AND SYSTEMS, 2011, 33 (04)
[7]   Certificate Translation for Optimizing Compilers [J].
Barthe, Gilles ;
Gregoire, Benjamin ;
Kunz, Cesar ;
Rezk, Tamara .
ACM TRANSACTIONS ON PROGRAMMING LANGUAGES AND SYSTEMS, 2009, 31 (05)
[8]  
Bernstein Daniel J., 2012, Progress in Cryptology - LATINCRYPT 2012. Proceedings of the 2nd International Conference on Cryptology and Information Security in Latin America, P159, DOI 10.1007/978-3-642-33481-8_9
[9]  
Bertot Yves, 2008, LANGUAGE ENG RIGOROU, P153, DOI Springer
[10]  
Blazy S., 2016, P 21 ACM SIGPLAN INT
12345