FRINK Linked Data Fragments server

Matches in SemOpenAlex for { <https://semopenalex.org/work/W2942211720> ?p ?o ?g. }

• W2942211720 abstract "Severe low-level vulnerabilities abound in today's computer systems,allowing cyber-attackers to remotely gain full control. This happensin big part because our programming languages, compilation chains, andarchitectures too often trade off security for efficiency. The semanticsof mainstream low-level languages like C is inherently insecure, andeven for safer languages, all guarantees are lost when interactingwith low-level code, for instance when using low-level libraries.This habilitation presents my ongoing quest to build formally securecompartmentalizing compilation chains that defend against suchattacks. In particular, we propose several formal definitions thatcharacterize what it means for a compartmentalizing compilation chainto be secure, both in the case of safe and of unsafe source languages.We start by investigating what it means for a compilation chain toprovide secure interoperability between a safe source language andlinked target-level code that is adversarial. In this model, a securecompilation chain ensures that even linked adversarial target-levelcode cannot break the security properties of a compiled program anymore than some linked source-level code could. However, the preciseclass of security properties one chooses to preserve crucially impactsnot only the supported security goals and the strength of the attackermodel, but also the kind of protections the compilation chain has tointroduce and the kind of proof techniques one can use to make surethat the protections are watertight. We are the first to thoroughlyexplore a large space of secure compilation criteria based on thepreservation against adversarial contexts of various classes of traceproperties such as safety, of hyperproperties such as noninterference,and of relational hyperproperties such as trace equivalence.We then extend secure compartmentalizing compilation to unsafelanguages like C and C++. We propose a new formal criterion forsecure compilation schemes from such unsafe languages, expressingend-to-end security guarantees for software components that may becomecompromised after encountering undefined behavior---for example, byaccessing an array out of bounds. Our criterion is the first to modeldynamic compromise in a system of mutually distrustful components withclearly specified privileges. It articulates how each component shouldbe protected from all the others---in particular, from components thathave encountered undefined behavior and become compromised.To illustrate this model, we construct a secure compilation chain fora small unsafe language with buffers, procedures, and components,targeting a simple abstract machine with built-in compartmentalization.We give a careful proof (mostly machine-checked in Coq) that thiscompiler satisfies our secure compilation criterion. We, moreover,show that the protection guarantees offered by the compartmentalizedabstract machine can be achieved at the machine-code level usingeither software fault isolation or a tag-based reference monitor.Finally, we discuss the perspectives of scaling such formally securecompilation to realistic low-level programming languages like C." @default.
• W2942211720 created "2019-05-03" @default.
• W2942211720 creator A5009220862 @default.
• W2942211720 date "2019-01-29" @default.
• W2942211720 modified "2023-10-16" @default.
• W2942211720 title "The Quest for Formally Secure Compartmentalizing Compilation" @default.
• W2942211720 hasPublicationYear "2019" @default.
• W2942211720 type Work @default.
• W2942211720 sameAs 2942211720 @default.
• W2942211720 citedByCount "1" @default.
• W2942211720 countsByYear W29422117202019 @default.
• W2942211720 crossrefType "dissertation" @default.
• W2942211720 hasAuthorship W2942211720A5009220862 @default.
• W2942211720 hasConcept C154945302 @default.
• W2942211720 hasConcept C177264268 @default.
• W2942211720 hasConcept C199360897 @default.
• W2942211720 hasConcept C2776760102 @default.
• W2942211720 hasConcept C37736160 @default.
• W2942211720 hasConcept C38652104 @default.
• W2942211720 hasConcept C41008148 @default.
• W2942211720 hasConcept C43126263 @default.
• W2942211720 hasConceptScore W2942211720C154945302 @default.
• W2942211720 hasConceptScore W2942211720C177264268 @default.
• W2942211720 hasConceptScore W2942211720C199360897 @default.
• W2942211720 hasConceptScore W2942211720C2776760102 @default.
• W2942211720 hasConceptScore W2942211720C37736160 @default.
• W2942211720 hasConceptScore W2942211720C38652104 @default.
• W2942211720 hasConceptScore W2942211720C41008148 @default.
• W2942211720 hasConceptScore W2942211720C43126263 @default.
• W2942211720 hasLocation W29422117201 @default.
• W2942211720 hasOpenAccess W2942211720 @default.
• W2942211720 hasPrimaryLocation W29422117201 @default.
• W2942211720 hasRelatedWork W1236288001 @default.
• W2942211720 hasRelatedWork W129805619 @default.
• W2942211720 hasRelatedWork W141003461 @default.
• W2942211720 hasRelatedWork W1582983062 @default.
• W2942211720 hasRelatedWork W1775920529 @default.
• W2942211720 hasRelatedWork W1940493318 @default.
• W2942211720 hasRelatedWork W1994278052 @default.
• W2942211720 hasRelatedWork W2033929305 @default.
• W2942211720 hasRelatedWork W2104658241 @default.
• W2942211720 hasRelatedWork W2135249212 @default.
• W2942211720 hasRelatedWork W2224510601 @default.
• W2942211720 hasRelatedWork W2280788621 @default.
• W2942211720 hasRelatedWork W2415236938 @default.
• W2942211720 hasRelatedWork W2765997315 @default.
• W2942211720 hasRelatedWork W2898994781 @default.
• W2942211720 hasRelatedWork W2962785744 @default.
• W2942211720 hasRelatedWork W2963888572 @default.
• W2942211720 hasRelatedWork W3047199768 @default.
• W2942211720 hasRelatedWork W3174898988 @default.
• W2942211720 hasRelatedWork W97681556 @default.
• W2942211720 isParatext "false" @default.
• W2942211720 isRetracted "false" @default.
• W2942211720 magId "2942211720" @default.
• W2942211720 workType "dissertation" @default.