Securing Compilation Against Memory Probing - Archive ouverte HAL Access content directly
Conference Papers Year : 2018

Securing Compilation Against Memory Probing

(1) , (1) , (1)
1

Abstract

A common security recommendation is to reduce the in-memory lifetime of secret values, in order to reduce the risk that an attacker can obtain secret data by probing memory. To mitigate this risk, secret values can be overwritten, at source level, after their last use. The problem we address here is how to ensure that a compiler preserve these mitigation efforts and thus that secret values are not easier to obtain at assembly level than at source level. We propose a formal definition of Information Flow Preserving program Transformations in which we model the information leak of a program using the notion of Attacker Knowledge. Program transformations are validated by relating the knowledge of the attacker before and after the transformation. We consider two classic compiler passes (Dead Store Elimination and Register Allocation) and show how to validate and, if needed, modify these transformations in order to be information flow preserving.
Fichier principal
Vignette du fichier
main.pdf (974.81 Ko) Télécharger le fichier
Origin : Files produced by the author(s)
Loading...

Dates and versions

hal-01901765 , version 1 (23-10-2018)

Identifiers

Cite

Frédéric Besson, Alexandre Dang, Thomas Jensen. Securing Compilation Against Memory Probing. PLAS '18 - 13th Workshop on Programming Languages and Analysis for Security, Oct 2018, Toronto, Canada. pp.29-40, ⟨10.1145/3264820.3264822⟩. ⟨hal-01901765⟩
301 View
265 Download

Altmetric

Share

Gmail Facebook Twitter LinkedIn More