CS350: Secure Compilation


Instructor: Marco Patrignani (follow link for website and MAIL)

Below you will find the following information for the course:

-- general course information,

-- prerequisites and interest,

-- location and timeslots,

-- evaluation and grading,

-- high-level syllabus outline,

-- class and lecture outline.

Some entries are still TBD, please contact the instructor if you have questions.

General course information:

This course will explore the nascent field of secure compilation, which sits at the intersection between security and programming languages. The perspective from which we teach this field is that of formal methods and  foundations of computer security.

The goal of a secure compiler is to compile programs in order to preserve  source security properties like data confidentiality and code integrity. This  is challenging because attackers operating at the level of the compiler output are inherently more powerful than attackers in the source language. For example, target attackers can mount buffer overflows that bypass compiled code security abstractions that derive e.g., from compiled source level type annotations.

This course will describe:

- the threat model that secure compilers consider

  1. -correctness criteria for secure compilation,

  2. -specific instances of secure compilers

  3. -proof techniques for secure compilation.

Correctness criteria define that a compiler is secure. The course will explain why can we be sure that presented criteria have security meaning (i.e., what kinds of attacks can be defended against and which not).

Secondly, the course will discuss specific instances of secure compilers and how they achieve security (i.e., what mechanism — including types, crypto, security architecture, etc.— do these compilers exploit to realise one of the presented criteria and what are their tradeoffs).

Finally the course will cover proof techniques for secure compilation, i.e., how do you formally prove that a compiler adheres to one of the presented criteria and therefore is secure.

Prerequisites and interests:

Students should have a basic understanding of programming and of how

a compiler works. A background in formal languages and semantics is a

plus, but this material will also be covered in class.

Given the formal view on the subject, this course should appeal to students

with interest in security, formal methods, foundations of computer science.

Location and Time Slots:

Location: Green Earth Science Building, Rm 134 ( GESB 134 )

Time slot: WF 9:30 -- 11:20

Evaluation and Grading:

Evaluation will be based on:

  1. (40%)   Presentation of papers on the topic of secure compilation

  2. (40%)   Summaries of papers presented by all students

  3. (20%)   In class discussion

Depending on the student’s interest, part of the evaluation can also be based on a project (research- or educational-focussed) related to the topics discussed in class. This can be discussed with the instructor and will be adjudicated based on student motivation and interest.

Please note that depending on the amount of attendees, some modification in the evaluation criteria may be necessary. All changes will be communicated to the students at the beginning of the class when the number of attendees is known.

High-level Syllabus Outline:

Below is a more precise outline of what we will cover in class, grouped by notions. Please note that there is not a direct mapping between notions and lectures, so covering a notion may take 1 lecture while covering another one may take 5. Also, some topics here may vary, though lightly.

  1. Notions 1: motivation behind secure compilation

  2. Notions 2: program equivalences for security; expressing security properties with equivalences, classic examples. Traces for security

expressing security properties and hyperproperties (HP) with traces, HP diagram (safety, liveness, hypersafety), new examples: confidentiality, integrity, noninterference, specific properties

  1. Notions 3: full abstraction (FAC) theory: definition, justification for security, attacks and threat model, violations of FAC, common mistakes. Proving FAC: approaches, what is a backtranslation, context and traces backtranslation, when to use what

  2. Notions 4: trace preserving compilation: definition, justification, attacks, analogy with FAC, threat model

  3. Notions 5: Proving FAC. Recap of PL semantics notions: syntax/semantics, reading rules. Source language, target language: syntax and semantics, examples of equivalent programs. Compiler definition, compiler correctness. Backtranslation definition, backtranslation correctness. Target extension with context inspection, target traces, change backtranslation from context-based to trace-based

  4. Notions 6: Robustness, Robust property preservation, property-ful and -free criteria and their equivalence, different backtranslation classes. Robustly safe compilation (RSP) RSP in detail.

------------- Depending on time we may cover possible other topics which include:

  1. Notions 7: Proving RSP starting from what we saw in Notions 5 to prove RSP (much simpler), detail difference with FAC

  2. Notions 8: Advanced Robust Criteria: RHSP in detail, example of preserving NI, RSCHP, RHP. Relational (hyper)properties and their reason to exist: R2RHP and the relation with RTEP, RFRSP and its backtranslation proof, RRHP in detail. (acronyms from “Exploring Robust Property Preservation for Secure Compilation”, see my publications page year 2019.

Class (and Lectures) Outline:

Jan 9th: course outline, practicalities, exam grading, papers list

    Lecture 1 slides [ pdf ]

    Program equivalence and fully abstract compilation

    Lecture 1b slides [ pdf ]

Jan 11th, 16th, 18th, 23rd:

    no class, instructor away on conference, read some papers

Jan 25th: proving fully abstract compilation (plus properties and hyperproperties from the lecture 3 batch)

    Lecture 2 slides [ pdf ]

    Suggested reading:

        Formal Approaches to Secure Compilation. Patrignani et al. ’19

         citations [1, 58, 67, 97]

Jan 30th: program traces, hyperproperties and their preservation

    Lecture 3 slides [ pdf ]

    Suggested reading:

        Journey beyond full abstraction.

        Abate et al. ’18 (title has changed, it was known as

         Exploring Robust Property Preservation for Secure Compilation)

Feb 1st: cont’d from previous and translating the meaning of safety

    Lecture 3 slides [ pdf ]

    Suggested reading:

        Secure Compilation as Hyperproperty Preservation. Patrignani et al.’17

Feb 6th:

    no class, instructor away

Feb 8th: while language formalisation and program equivalences

    Suggested reading:

        These lecture notes (though they use a different notation)

Feb 13th: --

Feb 15th: cont’d: advanced while language features. Backtranslation example: languages, compiler and correctness

        My lecture notes on advanced while lang.

        Lecture notes on backtranslation.

Feb 20th: cont’d: compiler correctness proof and context backtranslation

        Assignment 1 due on February 27th.

Feb 22nd: cont’d: backtranslation, backtranslation correctness proof and language reflection

Feb 27th: cont’d: trace-based backtranslation proof and shared state

            Assignment evaluation and discussion in class

Mar 1st: cont’d: adding a heap, proving robustly safe compilation, adding I/O traces

       Lecture notes on RSC.

       Lecture notes on RSC with I/O traces.

       Rescheduled on Mar 5th, 14:15 - 15:45 @ Gates 459

            Each student decides which papers to present.

Mar 6th: cont’d comparison with full abstraction, multiple calls-returns

Mar 8th: SC for PMA (SGX): goals, attacks, language formalisations.

    Suggested reading

        Secure Compilation to Protected Module Architectures.

        On Modular and Fully Abstract Compilation.

        Patrignani et al. ’15 & ’16

       Rescheduled on Mar 12th, 14:15 - 15:45 @ Gates 459

        Lecture notes on FAC for PMA.

Mar 13th: presentations S

Mar 15th: presentations P