research-article

Operational Semantics for Secure Interoperation

Authors:

Adriaan Larmuseau,

Marco Patrignani,

Dave ClarkeAuthors Info & Claims

PLAS'14: Proceedings of the Ninth Workshop on Programming Languages and Analysis for Security

Pages 40 - 52

https://doi.org/10.1145/2637113.2637118

Published: 28 July 2014 Publication History

Abstract

Modern software systems are commonly programmed in multiple languages. Research into the security and correctness of such multi-language programs has generally relied on static methods that check both the individual components as well as the interoperation between them. In practice, however, components are sometimes linked in at run-time through malicious means. In this paper we introduce a technique to specify operational semantics that securely combine an abstraction-rich language with a model of an arbitrary attacker, without relying on any static checks. The resulting operational semantics, instead, lifts a proven memory isolation mechanism into the resulting multi-language system. We establish the security benefits of our technique by proving that the obtained multi-language system preserves and reflects the equivalences of the abstraction-rich language. To that end a notion of bisimilarity for this new type of multi-language system is developed.

References

[1]

M. Abadi. Protection in programming-language translations. In Secure Internet Programming, volume 1603 of LNCS, 1999.

Digital Library

[2]

M. Abadi and G. Plotkin. On protection by layout randomization. In CSF '10. IEEE, 2010.

Digital Library

[3]

S. Abramsky. The lazy lambda calculus. In Research Topics in Functional Programming, pages 65--116. Addison-Wesley, 1990.

Digital Library

[4]

P. Agten, R. Strackx, B. Jacobs, and F. Piessens. Secure compilation to modern processors. In 2012 IEEE 25th Computer Security Foundations Symposium, CSF 2012. IEEE, 2012.

Digital Library

[5]

P.-L. Curien. Definability and full abstraction. Electronic Notes on Theoretical Computer Science, 172, Apr. 2007.

Digital Library

[6]

M. Felleisen and R. Hieb. The revised report on the syntactic theories of sequential control and state. Theor. Comput. Sci., 103(2):235--271, Sept. 1992.

Digital Library

[7]

C. Fournet, N. Swamy, J. Chen, P.-E. Dagand, P.-Y. Strub, and B. Livshits. Fully abstract compilation to JavaScript. In POPL '13, New York, NY, USA, 2013. ACM.

Digital Library

[8]

M. Furr and J. S. Foster. Checking type safety of foreign function calls. In Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation, PLDI '05, New York, NY, USA, 2005. ACM.

Digital Library

[9]

A. Gampe and J. von Ronne. Security completeness: Towards noninterference in composed languages. In Proceedings of the Eighth ACM SIGPLAN Workshop on Programming Languages and Analysis for Security, PLAS '13, pages 27--38, New York, NY, USA, 2013. ACM.

Digital Library

[10]

A. Gordon. Bisimilarity as a Theory of Functional Programming: Mini-course. BRICS notes series. Computer Science Department, 1995.

[11]

D. J. Howe. Equality in lazy computation systems. In Proceedings of the Fourth Annual IEEE Symposium on Logic in Computer Science (LICS 1989), pages 198--203. IEEE Computer Society Press, June 1989.

Digital Library

[12]

R. Jagadeesan, C. Pitcher, J. Rathke, and J. Riely. Local memory via layout randomization. In CSF '11. IEEE, 2011.

Digital Library

[13]

A. Jeffrey and J. Rathke. Towards a theory of bisimulation for local names. Computer Science Report 02-2000, University of Sussex, 2000.

[14]

A. Jeffrey and J. Rathke. Java JR: fully abstract trace semantics for a core Java language. In Proceedings of the 14th European conference on Programming Languages and Systems, ESOP'05, Berlin, Heidelberg, 2005. Springer-Verlag.

Digital Library

[15]

J. Matthews and R. B. Findler. Operational semantics for multi-language programs. ACM Transactions on Programming Languages and Systems, 31(3), Apr. 2009.

Digital Library

[16]

F. McKeen, I. Alexandrovich, A. Berenzon, C. V. Rozas, H. Shafi, V. Shanbhogue, and U. R. Savagaonkar. Innovative instructions and software model for isolated execution. In HASP '13. ACM, 2013.

Digital Library

[17]

M. Milenković, A. Milenković, and E. Jovanov. Using instruction block signatures to counter code injection attacks. SIGARCH Comput. Archit. News, 33(1):108--117, Mar. 2005.

Digital Library

[18]

J. Noorman, P. Agten, W. Daniels, R. Strackx, A. Van Herrewege, C. Huygens, B. Preneel, I. Verbauwhede, and F. Piessens. Sancus: Low-cost trustworthy extensible networked devices with a zero-software trusted computing base. In Proceedings of the 22nd USENIX conference on Security symposium. USENIX Association, 2013.

Digital Library

[19]

M. Patrignani, D. Clarke, and F. Piessens. Secure compilation of object-oriented components to protected module architectures. In APLAS, volume 8301 of Lecture Notes in Computer Science, pages 176--191. Springer, 2013.

Digital Library

[20]

G. D. Plotkin. LCF considered as a programming language. Theoretical Computer Science, 5, 1977.

[21]

R. Strackx, F. Piessens, and B. Preneel. Efficient isolation of trusted subsystems in embedded systems. In S. Jajodia and J. Zhou, editors, Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering: Security and Privacy in Communication Networks,. Springer, Sept. 2010.

[22]

E. Sumii and B. C. Pierce. A bisimulation for dynamic sealing. In Proceedings of the 31st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL '04, pages 161--172, New York, NY, USA, 2004. ACM.

Digital Library

[23]

G. Tan, S. Chakradhar, R. Srivaths, and R. D. Wang. Safe Java native interface. In In Proceedings of the 2006 IEEE International Symposium on Secure Software Engineering, 2006.

[24]

P. Wadler and R. B. Findler. Well-typed programs can't be blamed. In Proceedings of the 18th European Symposium on Programming Languages and Systems: Held As Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2009, ESOP '09, pages 1--16, Berlin, Heidelberg, 2009. Springer-Verlag.

Digital Library

[25]

M. Wand. The theory of fexprs is trivial. Lisp and Symbolic Computation, 10(3):189--199, 1998.

Digital Library

[26]

S. Zdancewic, D. Grossman, and G. Morrisett. Principals in programming languages: a syntactic proof technique. In Proceedings of the fourth ACM SIGPLAN international conference on Functional programming, ICFP '99, New York, NY, USA, 1999. ACM.

Digital Library

Cited By

Patrignani MAhmed AClarke D(2019)Formal Approaches to Secure CompilationACM Computing Surveys10.1145/328098451:6(1-36)Online publication date: 4-Feb-2019
https://dl.acm.org/doi/10.1145/3280984
Larmuseau AClarke D(2015)Formalizing a Secure Foreign Function InterfaceSoftware Engineering and Formal Methods10.1007/978-3-319-22969-0_16(215-230)Online publication date: 21-Aug-2015
https://doi.org/10.1007/978-3-319-22969-0_16

Index Terms

Operational Semantics for Secure Interoperation
1. Software and its engineering
  1. Software notations and tools
    1. Formal language definitions
      1. Semantics
2. Theory of computation
  1. Semantics and reasoning
    1. Program semantics

Recommendations

Fully abstract compilation via universal embedding
ICFP 2016: Proceedings of the 21st ACM SIGPLAN International Conference on Functional Programming

A fully abstract compiler guarantees that two source components are observationally equivalent in the source language if and only if their translations are observationally equivalent in the target. Full abstraction implies the translation is secure: ...
Fully abstract compilation via universal embedding
ICFP '16

A fully abstract compiler guarantees that two source components are observationally equivalent in the source language if and only if their translations are observationally equivalent in the target. Full abstraction implies the translation is secure: ...
An equivalence-preserving CPS translation via multi-language semantics
ICFP '11

Language-based security relies on the assumption that all potential attacks follow the rules of the language in question. When programs are compiled into a different language, this is true only if the translation process preserves observational ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

PLAS'14: Proceedings of the Ninth Workshop on Programming Languages and Analysis for Security

July 2014

83 pages

ISBN:9781450328623

DOI:10.1145/2637113

General Chairs:
Alejandro Russo
Chalmers University of Technology
,
Omer Tripp
IBM T. J. Watson Research Center

Copyright © 2014 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

In-Cooperation

Uppsala University, Department of Information Science: Uppsala University, Department of Information Science
SIGPLAN: ACM Special Interest Group on Programming Languages
SIGSOFT: ACM Special Interest Group on Software Engineering
AITO: Assoc Internationale por les Technologies Objects

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 28 July 2014

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

ECOOP '14

ECOOP '14: European Conference on Object-Oriented Programming

July 28 - August 1, 2014

Uppsala, Sweden

Acceptance Rates

PLAS'14 Paper Acceptance Rate 6 of 10 submissions, 60%;

Overall Acceptance Rate 43 of 77 submissions, 56%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
102
Total Downloads

Downloads (Last 12 months)5
Downloads (Last 6 weeks)0

Reflects downloads up to 06 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Patrignani MAhmed AClarke D(2019)Formal Approaches to Secure CompilationACM Computing Surveys10.1145/328098451:6(1-36)Online publication date: 4-Feb-2019
https://dl.acm.org/doi/10.1145/3280984
Larmuseau AClarke D(2015)Formalizing a Secure Foreign Function InterfaceSoftware Engineering and Formal Methods10.1007/978-3-319-22969-0_16(215-230)Online publication date: 21-Aug-2015
https://doi.org/10.1007/978-3-319-22969-0_16

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents