Robust Hyperproperty Preservation for Secure Compilation

We map the space of soundness criteria for secure compilation based on the preservation of hyperproperties in arbitrary adversarial contexts, which we call robust hyperproperty preservation. For this, we study the preservation of several classes of hyperproperties and for each class we propose an equivalent "property-free" characterization of secure compilation that is generally better tailored for proofs. Even the strongest of our soundness criteria, the robust preservation of all hyperproperties, seems achievable for simple transformations and provable using context back-translation techniques previously developed for showing fully abstract compilation. While proving the robust preservation of hyperproperties that are not safety requires such powerful context back-translation techniques, for preserving safety hyperproperties robustly, translating each finite trace prefix back to a source context seems to suffice.

[1]  Orna Kupferman,et al.  Robust Satisfaction , 1999, CONCUR.

[2]  Andrew D. Gordon,et al.  Types and effects for asymmetric cryptographic protocols , 2002, Proceedings 15th IEEE Computer Security Foundations Workshop. CSFW-15.

[3]  Marco Patrignani,et al.  Fully abstract trace semantics for protected module architectures , 2015, Comput. Lang. Syst. Struct..

[4]  Benjamin C. Pierce,et al.  Beyond Good and Evil: Formalizing the Security Guarantees of Compartmentalizing Compilation , 2016, 2016 IEEE 29th Computer Security Foundations Symposium (CSF).

[5]  Martín Abadi,et al.  Protection in Programming-Language Translations , 1998, ICALP.

[6]  Dominique Devriese,et al.  Fully-abstract compilation by approximate back-translation , 2016, POPL.

[7]  Max S. New,et al.  Fully abstract compilation via universal embedding , 2016, ICFP.

[8]  Michael R. Clarkson,et al.  Hyperproperties , 2008, 2008 21st IEEE Computer Security Foundations Symposium.

[9]  Xavier Leroy,et al.  A Formally Verified Compiler Back-end , 2009, Journal of Automated Reasoning.

[10]  Julian Rathke,et al.  Java Jr: Fully Abstract Trace Semantics for a Core Java Language , 2005, ESOP.