论文标题
合同意识的安全汇编
Contract-Aware Secure Compilation
论文作者
论文摘要
微体系式攻击利用了指令集体系结构(ISA)之间的抽象差距以及处理器实际执行指令以损害系统的机密性和完整性。为了保护系统免受微构造攻击,程序员需要对这些微体系副作用进行推理和编程。但是,我们不能 - 也不应该 - 期望程序员能够为特定处理器及其安全保证手动量身定制程序。取而代之的是,我们可以依靠编译器(以及安全的编译社区),因为它们可以在弥合此差距中发挥重要作用:编译器应针对特定处理器微体系安全保证,并且应该利用这些担保来生成安全的代码。为了实现这一目标,我们概述了合同意识安全汇编(CASCO)的想法,其中编译器与硬件/软件安全合同有关,这是一个捕获处理器的安全保证的抽象。也就是说,编译器将自动利用合同中正式的保证,以确保在微体系层面上保留计划级别的安全属性。
Microarchitectural attacks exploit the abstraction gap between the Instruction Set Architecture (ISA) and how instructions are actually executed by processors to compromise the confidentiality and integrity of a system. To secure systems against microarchitectural attacks, programmers need to reason about and program against these microarchitectural side-effects. However, we cannot -- and should not -- expect programmers to manually tailor programs for specific processors and their security guarantees. Instead, we could rely on compilers (and the secure compilation community), as they can play a prominent role in bridging this gap: compilers should target specific processors microarchitectural security guarantees and they should leverage these guarantees to produce secure code. To achieve this, we outline the idea of Contract-Aware Secure COmpilation (CASCO) where compilers are parametric with respect to a hardware/software security-contract, an abstraction capturing a processor's security guarantees. That is, compilers will automatically leverage the guarantees formalized in the contract to ensure that program-level security properties are preserved at microarchitectural level.
