When Good Components Go Bad: Formally Secure Compilation Despite Dynamic Compromise

29 Nov 2019 Abate Carmine de Amorim Arthur Azevedo Blanco Roberto Evans Ana Nora Fachini Guglielmo Hritcu Catalin Laurent Théo Pierce Benjamin C. Stronati Marco Thibault Jérémy Tolmach Andrew

We propose a new formal criterion for evaluating secure compilation schemes for unsafe languages, expressing end-to-end security guarantees for software components that may become compromised after encountering undefined behavior---for example, by accessing an array out of bounds. Our criterion is the first to model dynamic compromise in a system of mutually distrustful components with clearly specified privileges... (read more)

PDF Abstract