Abstract
Many high-level functional programming languages provide programmers with the ability to interoperate with untyped and low-level languages such as C and assembly. Research into the security of such interoperation has generally focused on a closed world scenario, one where both the high-level and low-level code are defined and analyzed statically. In practice, however, components are sometimes linked in at run-time through malicious means. In this paper we formalize an operational semantics that securely combines \(\mathrm{MiniML}\), a light-weight ML, with a model of a low-level attacker, without relying on any static checks on the attacker. We prove that the operational semantics are secure by establishing that they preserve and reflect the equivalences of \(\mathrm{MiniML}\). To that end a notion of bisimulation for the interaction between the attacker and \(\mathrm{MiniML}\) is developed.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Abadi, M.: Protection in programming-language translations. In: Vitek, J. (ed.) Secure Internet Programming. LNCS, vol. 1603. Springer, Heidelberg (1999)
Felleisen, M., Hieb, R.: The revised report on the syntactic theories of sequential control and state. Theor. Comput. Sci. 103(2), 235–271 (1992)
Furr, M., Foster, J.S.: Checking type safety of foreign function calls. TOPLAS 30(4), 1–63 (2008)
Gordon, A.: Bisimilarity as a Theory of Functional Programming: Mini-Course. BRICS Notes Series. Computer Science Department, Aarhus (1995)
Jagadeesan, R., Pitcher, C., Rathke, J., Riely, J.: Local memory via layout randomization. In: CSF 2011. IEEE (2011)
Jeffrey, A., Rathke, J.: Towards a theory of bisimulation for local names. Computer Science Report 02–2000, University of Sussex (2000)
Laird, J.: A fully abstract trace semantics for general references. In: Arge, L., Cachin, C., Jurdziński, T., Tarlecki, A. (eds.) ICALP 2007. LNCS, vol. 4596, pp. 667–679. Springer, Heidelberg (2007)
Larmuseau, A., Clarke, D.: Formalizing a secure foreign function interface - extended version. Technical report 2015–015, Uppsala University, May 2015
Larmuseau, A., Patrignani, M., Clarke, D.: Operational semantics for secure interoperation. In: PLAS Workshop 2014. ACM (2014)
Matthews, J., Findler, R.B.: Operational semantics for multi-language programs. TOPLAS 31(3), 1–44 (2009)
Patrignani, M., Agten, P., Strackx, R., Jacobs, B., Clarke, D., Piessens, F.: Secure compilation to protected module architectures. ACM TOPLAS 37, 6:1–6:50 (2015)
Sangiorgi, D., Kobayashi, N., Sumii, E.: Environmental bisimulations for higher-order languages. ACM TOPLAS 33(1), 5:1–5:69 (2011)
Tan, G., Chakradhar, S., Srivaths, R., Wang, R.D.: Safe Java native interface. In: ESSoS, pp. 97–106, March 2006
Wadler, P., Findler, R.B.: Well-typed programs can’t be blamed. In: Castagna, G. (ed.) ESOP 2009. LNCS, vol. 5502, pp. 1–16. Springer, Heidelberg (2009)
Wand, M.: The theory of fexprs is trivial. Lisp Symbolic Comput. 10(3), 189–199 (1998)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Larmuseau, A., Clarke, D. (2015). Formalizing a Secure Foreign Function Interface. In: Calinescu, R., Rumpe, B. (eds) Software Engineering and Formal Methods. SEFM 2015. Lecture Notes in Computer Science(), vol 9276. Springer, Cham. https://doi.org/10.1007/978-3-319-22969-0_16
Download citation
DOI: https://doi.org/10.1007/978-3-319-22969-0_16
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-22968-3
Online ISBN: 978-3-319-22969-0
eBook Packages: Computer ScienceComputer Science (R0)