CS350: Secure Compilation

Instructor: Marco Patrignani (follow link for website and MAIL)

Below you will find the following information for the course:

-- general course information,

-- prerequisites and interest,

-- location and timeslots,

-- evaluation and grading,

-- high-level syllabus outline,

-- class and lecture outline.

Some entries are still TBD, please contact the instructor if you have questions.

Piazza and CANVAS links:

Canvas: https://canvas.stanford.edu/courses/117207

Piazza: https://piazza.com/class/k8eqw4gsmfh2ug

General course information:

This course will explore the nascent field of secure compilation, which sits at the intersection between security and programming languages. The perspective from which we teach this field is that of formal methods and foundations of computer security.

The goal of a secure compiler is to compile programs in order to preserve source security properties like data confidentiality and code integrity. This is challenging because attackers operating at the level of the compiler output are inherently more powerful than attackers in the source language. For example, target attackers can mount buffer overflows that bypass compiled code security abstractions that derive e.g., from compiled source level type annotations.

This course will describe:

- the threat model that secure compilers consider

-correctness criteria for secure compilation,
-specific instances of secure compilers
-proof techniques for secure compilation.

Correctness criteria define that a compiler is secure. The course will explain why can we be sure that presented criteria have security meaning (i.e., what kinds of attacks can be defended against and which not).

Secondly, the course will discuss specific instances of secure compilers and how they achieve security (i.e., what mechanism — including types, crypto, security architecture, etc.— do these compilers exploit to realise one of the presented criteria and what are their tradeoffs).

Finally the course will cover proof techniques for secure compilation, i.e., how do you formally prove that a compiler adheres to one of the presented criteria and therefore is secure.

Prerequisites and interests:

Students should have a basic understanding of programming and of how

a compiler works (CS143, CS243). A background in formal languages and semantics is a plus (CS358, CS242)

Given the formal view on the subject, this course should appeal to students

with interest in security, formal methods, foundations of computer science.

Location and Time Slots:

Location:

on zoom, link on piazza

Time slot:

T-TH 10:30 - 11:50

Evaluation and Grading:

Evaluation will be based on:

-6 optional assignments:

[ ass1.pdf ] [ ass2.pdf ] [ ass3.pdf ] [ ass4.pdf ] [ ass6.pdf ] [ ass7.pdf ]

-1 non-optional student presentation

[ ass5.pdf ] of a paper chosen from this list: [ paper-list-20.pdf ]

-1 final exam consisting of a written text + oral discussion (which we’ll run on zoom)

[ exam.pdf ]

Depending on the student’s interest, part of the evaluation can also be based on a project (research- or educational-focussed) related to the topics discussed in class. This can be discussed with the instructor and will be adjudicated based on student motivation and interest.

Please note that depending on the amount of attendees, some modification in the evaluation criteria may be necessary. All changes will be communicated to the students at the beginning of the class when the number of attendees is known.

High-level Syllabus Outline:

Below is a more precise outline of what we will cover in class, grouped by notions. Please note that there is not a direct mapping between notions and lectures, so covering a notion may take 1 lecture while covering another one may take 5. Also, some topics here may vary, though lightly.

Mostly we will follow my preliminary lecture notes:

• 350-bt.pdf main notes

The original .tex files for this document are here [ bt.tex | cmds.tex ]

• 350-asm-lang.pdf assembly language formalisation.

And the following recommended reading: (no deadline, do during first 2 weeks)

Formal Approaches to Secure Compilation. [ .pdf ]

Secure Compilation and Hyperproperty Preservation. [ .pdf ]

Journey Beyond Full Abstraction. [ .pdf ]

Robustly Safe Compilation. [ .pdf ]

Fully-Abstract Compilation by Approximate Back-Translation. [ .pdf ]

all these papers are available on my homepage -> publications

•Notions 1: motivation behind secure compilation
•Notions 2: program equivalences for security; expressing security properties with equivalences, classic examples. Traces for security: expressing security properties and hyperproperties (HP) with traces, HP diagram (safety, liveness, hypersafety). Examples: confidentiality, integrity, noninterference, specific properties
•Notions 3: full abstraction (FAC) theory: definition, justification for security, attacks and threat model, violations of FAC, common mistakes. Proving FAC: approaches, what is a backtranslation, context and traces backtranslation, when to use what
•Notions 4: trace preserving compilation: definition, justification, attacks, analogy with FAC, threat model
•Notions 5: Proving FAC. Recap of PL semantics notions: syntax/semantics, reading rules. Source language, target language: syntax and semantics, examples of equivalent programs. Compiler definition, compiler correctness. Backtranslation definition, backtranslation correctness. Target extension with context inspection, target traces, change backtranslation from context-based to trace-based
•Notions 6: Robustness, Robust property preservation, property-ful and -free criteria and their equivalence, different backtranslation classes. Robustly safe compilation (RSP) RSP in detail.
•Notions 7: Proving RSP starting from what we saw in Notions 5, comparison with FAC proof
•Notions 8: Advanced Robust Criteria: RHSP in detail, example of preserving NI, RSCHP, RHP. Relational (hyper)properties and their reason to exist.

Class (and Lectures) Outline:

w1: apr 7 9

lecture 1:

introduction & details

recap PL: source lang with types, target language without types, compiler