SNIP：编译器转换的推测性执行和非干涉保护

arXiv - CS - Programming Languages Pub Date : 2024-07-21 DOI:arxiv-2407.15080

Sören van der Wall, Roland Meyer

{"title":"SNIP：编译器转换的推测性执行和非干涉保护","authors":"Sören van der Wall, Roland Meyer","doi":"arxiv-2407.15080","DOIUrl":null,"url":null,"abstract":"We address the problem of preserving non-interference across compiler\ntransformations under speculative semantics. We develop a proof method that\nensures the preservation uniformly across all source programs. The basis of our\nproof method is a new form of simulation relation. It operates over directives\nthat model the attacker's control over the micro-architectural state, and it\naccounts for the fact that the compiler transformation may change the influence\nof the micro-architectural state on the execution (and hence the directives).\nUsing our proof method, we show the correctness of dead code elimination. When\nwe tried to prove register allocation correct, we identified a previously\nunknown weakness that introduces violations to non-interference. We have\nconfirmed the weakness for a mainstream compiler on code from the libsodium\ncryptographic library. To reclaim security once more, we develop a novel static\nanalysis that operates on a product of source program and register-allocated\nprogram. Using the analysis, we present an automated fix to existing register\nallocation implementations. We prove the correctness of the fixed register\nallocations with our proof method.","PeriodicalId":501197,"journal":{"name":"arXiv - CS - Programming Languages","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2024-07-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"SNIP: Speculative Execution and Non-Interference Preservation for Compiler Transformations\",\"authors\":\"Sören van der Wall, Roland Meyer\",\"doi\":\"arxiv-2407.15080\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"We address the problem of preserving non-interference across compiler\\ntransformations under speculative semantics. We develop a proof method that\\nensures the preservation uniformly across all source programs. The basis of our\\nproof method is a new form of simulation relation. It operates over directives\\nthat model the attacker's control over the micro-architectural state, and it\\naccounts for the fact that the compiler transformation may change the influence\\nof the micro-architectural state on the execution (and hence the directives).\\nUsing our proof method, we show the correctness of dead code elimination. When\\nwe tried to prove register allocation correct, we identified a previously\\nunknown weakness that introduces violations to non-interference. We have\\nconfirmed the weakness for a mainstream compiler on code from the libsodium\\ncryptographic library. To reclaim security once more, we develop a novel static\\nanalysis that operates on a product of source program and register-allocated\\nprogram. Using the analysis, we present an automated fix to existing register\\nallocation implementations. We prove the correctness of the fixed register\\nallocations with our proof method.\",\"PeriodicalId\":501197,\"journal\":{\"name\":\"arXiv - CS - Programming Languages\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2024-07-21\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"arXiv - CS - Programming Languages\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/arxiv-2407.15080\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"arXiv - CS - Programming Languages","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/arxiv-2407.15080","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

摘要

我们探讨了在推测语义下，如何在编译器变换中保持互不干涉的问题。我们开发了一种证明方法，可以确保在所有源程序中统一地保持不干涉。我们的证明方法的基础是一种新形式的模拟关系。它作用于模拟攻击者对微体系结构状态控制的指令，并考虑到编译器转换可能会改变微体系结构状态对执行（以及指令）的影响这一事实。当我们试图证明寄存器分配的正确性时，我们发现了一个以前未知的弱点，它引入了违反互不干涉原则的行为。我们在 libsodium 密码库代码的主流编译器中证实了这一弱点。为了再次找回安全性，我们开发了一种新颖的静态分析方法，可对源程序和寄存器分配程序的乘积进行操作。利用该分析，我们对现有的寄存器分配实现进行了自动修复。我们用证明方法证明了固定寄存器分配的正确性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

SNIP: Speculative Execution and Non-Interference Preservation for Compiler Transformations

We address the problem of preserving non-interference across compiler transformations under speculative semantics. We develop a proof method that ensures the preservation uniformly across all source programs. The basis of our proof method is a new form of simulation relation. It operates over directives that model the attacker's control over the micro-architectural state, and it accounts for the fact that the compiler transformation may change the influence of the micro-architectural state on the execution (and hence the directives). Using our proof method, we show the correctness of dead code elimination. When we tried to prove register allocation correct, we identified a previously unknown weakness that introduces violations to non-interference. We have confirmed the weakness for a mainstream compiler on code from the libsodium cryptographic library. To reclaim security once more, we develop a novel static analysis that operates on a product of source program and register-allocated program. Using the analysis, we present an automated fix to existing register allocation implementations. We prove the correctness of the fixed register allocations with our proof method.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助