Quantifying Information Leakage for Security Verification of Compiler Optimizations

被引：3

作者：

Panigrahi, Priyanka ^{[1
]}

Paul, Abhik ^{[1
]}

Karfa, Chandan ^{[1
]}

机构：

[1] Indian Inst Technol Guwahati, Dept Comp Sci & Engn, Gauhati 781039, India

来源：

IEEE TRANSACTIONS ON COMPUTER-AIDED DESIGN OF INTEGRATED CIRCUITS AND SYSTEMS | 2022年 / 41卷 / 11期

关键词：

Optimization; Security; Program processors; Codes; Arithmetic; Sparks; Resource management; Compiler optimization; information flow; information leakage; leak propagation; static analysis; taint analysis; STATIC ANALYSIS;

D O I：

10.1109/TCAD.2022.3200914

中图分类号：

TP3 [计算技术、计算机技术];

学科分类号：

0812 ;

摘要：

Compiler optimizations can be functionally correct but not secure. In this work, we attempt to quantify the information leakage in a program for the security verification of compiler optimizations. Our work has the following contributions. We demonstrate that static taint analysis is applicable for security verification of compile optimizations. We develop a completely automated approach for quantifying the information leak in a program in the context of compiler optimizations. Our method avoids many false-positives scenarios due to implicit flow. It can handle leaks in a loop and propagates leaks over paths using the leak propagation vector. With our quantification parameters, we verify the relative security of source and transformed programs considering the optimizations phase of a compiler as a black box. Our experimental evaluations on benchmarks for various compiler optimizations in SPARK show that the SPARK compiler is actually leaky.

引用

页码：4385 / 4396

页数：12

共 37 条

[1]

[Anonymous], 2007, Secure programming with static analysis

[2]

Arzt S, 2014, ACM SIGPLAN NOTICES, V49, P259, DOI [10.1145/2594291.2594299, 10.1145/2666356.2594299]

[3]

Babic D., 2011, P 2011 INT S SOFTW T, P12, DOI DOI 10.1145/2001420.2001423

[4] Verification of Code Motion Techniques Using Value Propagation [J].

Banerjee, Kunal ;

Karfa, Chandan ;

Sarkar, Dipankar ;

Mandal, Chittaranjan .

IEEE TRANSACTIONS ON COMPUTER-AIDED DESIGN OF INTEGRATED CIRCUITS AND SYSTEMS, 2014, 33 (08) :1180-1193

[5]

Bell D. E., 1973, Tech. Rep. 2547

[6] Information-Flow Preservation in Compiler Optimisations [J].

Besson, Frederic ;

Dang, Alexandre ;

Jensen, Thomas .

2019 IEEE 32ND COMPUTER SECURITY FOUNDATIONS SYMPOSIUM (CSF 2019), 2019, :230-242

[7] Securing Compilation Against Memory Probing [J].

Besson, Frederic ;

Dang, Alexandre ;

Jensen, Thomas .

PLAS'18: PROCEEDINGS OF THE 13TH WORKSHOP ON PROGRAMMING LANGUAGES AND ANALYSIS FOR SECURITY, 2018, :29-40

[8] An empirical study of static program slice size [J].

Binkley, David ;

Gold, Nicolas ;

Harman, Mark .

ACM TRANSACTIONS ON SOFTWARE ENGINEERING AND METHODOLOGY, 2007, 16 (02)

[9] Collusive Data Leak and More: Large-scale Threat Analysis of Inter-app Communications [J].

Bosu, Amiangshu ;

Liu, Fang ;

Yao, Danfeng ;

Wang, Gang .

PROCEEDINGS OF THE 2017 ACM ASIA CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY (ASIA CCS'17), 2017, :71-85

[10]

Ceara Dumitru, 2010, Proceedings of the IEEE Third International Conference on Software Testing Verification and Validation - Workshops (ICSTW 2010), P371, DOI 10.1109/ICSTW.2010.28

← 1 2 3 4 →