Abstract
Many high-level functional programming languages are compiled to or interoperate with, low-level languages such as C and assembly. Research into the security of these compilation and interoperation mechanisms often makes use of high-level attacker models to simplify formalisations. In practice, however, the validity of such high-level attacker models is frequently called into question. In this paper we formally prove that a light-weight ML equipped with a reflection operator can serve as an accurate model for malicious assembly language programs, when reasoning about the security threats such an attacker model poses to the abstractions of ML programs that reside within a protected memory space. The proof proceeds by relating bisimulations over the assembly language attacker and the high-level attacker.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Felleisen, M., Hieb, R.: The revised report on the syntactic theories of sequential control and state. Theoret. Comput. Sci. 103(2), 235–271 (1992)
Furr, M., Foster, J.S.: Checking type safety of foreign function calls. In: PLDI 2005, pp. 62–72. ACM (2005)
Jagadeesan, R., Pitcher, C., Rathke, J., Riely, J.: Local memory via layout randomization. In: CSF 2011, pp. 161–174. IEEE (2011)
Jeffrey, A., Rathke, J.: Towards a theory of bisimilarity for local names. In: Logic in Computer Science, pp. 56–66. IEEE (2000)
Larmuseau, A., Clarke, D.: Formalizing a secure foreign function interface. In: Calinescu, R., Rumpe, B. (eds.) SEFM 2015. LNCS, vol. 9276, pp. 215–230. Springer, Heidelberg (2015)
Larmuseau, A., Clarke, D.: Modelling an Assembly Attacker by Reflection. Technical Report 2015–026, Uppsala University (2015)
Leroy, X., Doligez, D., Garrigue, J., Rémy, D., Vôuillon, J.: The Objective Caml system, release 4.02. Technical report, INRIA, August 2014
Li, P., Zdancewic, S.: Arrows for secure information flow. Theoret. Comput. Sci. 411(19), 1974–1994 (2010)
Matthews, J., Findler, R.B.: Operational semantics for multi-language programs. TOPLAS, 31(3):12:1–12:44 (2009)
McKeen, F., Alexandrovich, I., Berenzon, A., Rozas, C.V., Shafi, H., hanbhogue, V., Savagaonkar, U.R.: Innovative instructions and software model for isolated execution. In: HASP 2013, pp. 10:1–10:1. ACM (2013)
Patrignani, M., Clarke, D.: Fully Abstract Trace Semantics of Low-level Isolation Mechanisms. In: SAC 2014, pp. 1562–1569. ACM (2014)
Plotkin, G.: LCF considered as a programming language. Theor. Comput. Science 5, 223–255 (1977)
Strackx, R., Piessens, F.: Fides: Selectively hardening software application components against kernel-level malware. In: CCS 2012, pp. 2–13. ACM
Sumii, E., Pierce, B.C.: A bisimulation for dynamic sealing. In: POPL 2004, pp. 161–172. ACM (2004)
Wand, M.: The theory of fexprs is trivial. Lisp and Symbolic Computation 10(3), 189–199 (1998)
Zdancewic, S., Grossman, D., Morrisett, G.: Principals in programming languages:a syntactic proof technique. In: ICFP 1999, pp. 197– 207. ACM
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Larmuseau, A., Patrignani, M., Clarke, D. (2015). A High-Level Model for an Assembly Language Attacker by Means of Reflection. In: Li, X., Liu, Z., Yi, W. (eds) Dependable Software Engineering: Theories, Tools, and Applications. SETTA 2015. Lecture Notes in Computer Science(), vol 9409. Springer, Cham. https://doi.org/10.1007/978-3-319-25942-0_11
Download citation
DOI: https://doi.org/10.1007/978-3-319-25942-0_11
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-25941-3
Online ISBN: 978-3-319-25942-0
eBook Packages: Computer ScienceComputer Science (R0)