A Secure Compiler for ML Modules

Many functional programming languages compile to low-level languages such as C or assembly. Numerous security properties of those compilers, however, apply only when the compiler compiles whole programs. This paper presents a compilation scheme that securely compiles a standalone module of \({\text {ModuleML}}\), a light-weight version of an ML with modules, into untyped assembly. The compilation scheme is secure in that it reflects the abstractions of a \({\text {ModuleML}}\) module, for every possible piece of assembly code that it interacts with. This is achieved by isolating the compiled module through a low-level memory isolation mechanism and by dynamically type checking its interactions. We evaluate an implementation of the compiler on relevant test scenarios.

[1]  Frank Piessens,et al.  Fides: selectively hardening software application components against kernel-level or process-level malware , 2012, CCS '12.

[2]  Adam Chlipala,et al.  A certified type-preserving compiler from lambda calculus to assembly language , 2007, PLDI '07.

[3]  Julian Rathke,et al.  Local Memory via Layout Randomization , 2011, 2011 IEEE 24th Computer Security Foundations Symposium.

[4]  Xavier Leroy,et al.  Manifest types, modules, and separate compilation , 1994, POPL '94.

[5]  Dave Clarke,et al.  Formalizing a Secure Foreign Function Interface , 2015, SEFM.

[6]  Carlos V. Rozas,et al.  Innovative instructions and software model for isolated execution , 2013, HASP '13.

[7]  Julian Rathke,et al.  A fully abstract may testing semantics for concurrent objects , 2002, Proceedings 17th Annual IEEE Symposium on Logic in Computer Science.

[8]  Chung-Kil Hur,et al.  A kripke logical relation between ML and assembly , 2011, POPL '11.

[9]  Christian Queinnec Lisp in small pieces , 1994 .

[10]  Amal Ahmed,et al.  Parametric Polymorphism through Run-Time Sealing or, Theorems for Low, Low Prices! , 2008, ESOP.

[11]  Juan Chen,et al.  Fully abstract compilation to JavaScript , 2013, POPL.

[12]  D. Clarke,et al.  A Secure Compiler for ML Modules – Extended Version , 2015 .

[13]  Philippe Codognet,et al.  WAMCC: Compiling Prolog to C , 1995, ICLP.

[14]  Marco Patrignani,et al.  Fully abstract trace semantics for low-level isolation mechanisms , 2013, SAC.

[15]  Karl Crary,et al.  Understanding and evolving the ml module system , 2005 .

[16]  Xavier Leroy,et al.  Formal verification of a realistic compiler , 2009, CACM.

[17]  Martín Abadi,et al.  Protection in Programming-Language Translations , 1998, ICALP.

[18]  W. Marsden I and J , 2012 .

[19]  Marco Patrignani,et al.  Secure Compilation to Protected Module Architectures , 2015, TOPL.