Abstract
Many high-level functional programming languages provide programmers with the ability to interoperate with untyped and low-level languages such as C and assembly. Research into the security of such interoperation has generally focused on a closed world scenario, one where both the high-level and low-level code are defined and analyzed statically. In practice, however, components are sometimes linked in at run-time through malicious means. In this paper we formalize an operational semantics that securely combines \(\mathrm{MiniML}\), a light-weight ML, with a model of a low-level attacker, without relying on any static checks on the attacker. We prove that the operational semantics are secure by establishing that they preserve and reflect the equivalences of \(\mathrm{MiniML}\). To that end a notion of bisimulation for the interaction between the attacker and \(\mathrm{MiniML}\) is developed.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Abadi, M.: Protection in programming-language translations. In: Vitek, J. (ed.) Secure Internet Programming. LNCS, vol. 1603. Springer, Heidelberg (1999)
Felleisen, M., Hieb, R.: The revised report on the syntactic theories of sequential control and state. Theor. Comput. Sci. 103(2), 235–271 (1992)
Furr, M., Foster, J.S.: Checking type safety of foreign function calls. TOPLAS 30(4), 1–63 (2008)
Gordon, A.: Bisimilarity as a Theory of Functional Programming: Mini-Course. BRICS Notes Series. Computer Science Department, Aarhus (1995)
Jagadeesan, R., Pitcher, C., Rathke, J., Riely, J.: Local memory via layout randomization. In: CSF 2011. IEEE (2011)
Jeffrey, A., Rathke, J.: Towards a theory of bisimulation for local names. Computer Science Report 02–2000, University of Sussex (2000)
Laird, J.: A fully abstract trace semantics for general references. In: Arge, L., Cachin, C., Jurdziński, T., Tarlecki, A. (eds.) ICALP 2007. LNCS, vol. 4596, pp. 667–679. Springer, Heidelberg (2007)
Larmuseau, A., Clarke, D.: Formalizing a secure foreign function interface - extended version. Technical report 2015–015, Uppsala University, May 2015
Larmuseau, A., Patrignani, M., Clarke, D.: Operational semantics for secure interoperation. In: PLAS Workshop 2014. ACM (2014)
Matthews, J., Findler, R.B.: Operational semantics for multi-language programs. TOPLAS 31(3), 1–44 (2009)
Patrignani, M., Agten, P., Strackx, R., Jacobs, B., Clarke, D., Piessens, F.: Secure compilation to protected module architectures. ACM TOPLAS 37, 6:1–6:50 (2015)
Sangiorgi, D., Kobayashi, N., Sumii, E.: Environmental bisimulations for higher-order languages. ACM TOPLAS 33(1), 5:1–5:69 (2011)
Tan, G., Chakradhar, S., Srivaths, R., Wang, R.D.: Safe Java native interface. In: ESSoS, pp. 97–106, March 2006
Wadler, P., Findler, R.B.: Well-typed programs can’t be blamed. In: Castagna, G. (ed.) ESOP 2009. LNCS, vol. 5502, pp. 1–16. Springer, Heidelberg (2009)
Wand, M.: The theory of fexprs is trivial. Lisp Symbolic Comput. 10(3), 189–199 (1998)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Larmuseau, A., Clarke, D. (2015). Formalizing a Secure Foreign Function Interface. In: Calinescu, R., Rumpe, B. (eds) Software Engineering and Formal Methods. SEFM 2015. Lecture Notes in Computer Science(), vol 9276. Springer, Cham. https://doi.org/10.1007/978-3-319-22969-0_16
Download citation
DOI: https://doi.org/10.1007/978-3-319-22969-0_16
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-22968-3
Online ISBN: 978-3-319-22969-0
eBook Packages: Computer ScienceComputer Science (R0)