Securing a Compiler Transformation

Compiler transformations can be correct and yet be insecure. One example is the commonly applied optimization that removes dead (i.e., useless) store instructions, which can introduce new leaks of sensitive information. It is shown that determining a posteriori whether this transformation introduces a new leak is difficult: it is PSPACE-hard for finite-state programs, and undecidable in general. In contrast, checking correctness is in polynomial time. The alternative is to build security into the transformation; a polynomial-time algorithm for secure dead store elimination is presented and proved correct. Furthermore, a general proof technique for secure transformation is developed, and it is used to show that many compiler optimizations are indeed secure. The technique allows implementations of transformations to be tested for security at compile time. However, not all transformations are secure; in particular, it is shown that the important static single assignment optimization can introduce an information leak.

Recent Publications

August 09, 2017

A Cloud Native Approach to 5G Network Slicing

  • Francini A.
  • Miller R.
  • Sharma S.

5G networks will have to support a set of very diverse and often extreme requirements. Network slicing offers an effective way to unlock the full potential of 5G networks and meet those requirements on a shared network infrastructure. This paper presents a cloud native approach to network slicing. The cloud ...

August 01, 2017

Modeling and simulation of RSOA with a dual-electrode configuration

  • De Valicourt G.
  • Liu Z.
  • Violas M.
  • Wang H.
  • Wu Q.

Based on the physical model of a bulk reflective semiconductor optical amplifier (RSOA) used as a modulator in radio over fiber (RoF) links, the distributions of carrier density, signal photon density, and amplified spontaneous emission photon density are demonstrated. One of limits in the use of RSOA is the lower ...

July 12, 2017

PrivApprox: Privacy-Preserving Stream Analytics

  • Chen R.
  • Christof Fetzer
  • Le D.
  • Martin Beck
  • Pramod Bhatotia
  • Thorsten Strufe

How to preserve users' privacy while supporting high-utility analytics for low-latency stream processing? To answer this question: we describe the design, implementation and evaluation of PRIVAPPROX, a data analytics system for privacy-preserving stream processing. PRIVAPPROX provides three properties: (i) Privacy: zero-knowledge privacy (ezk) guarantees for users, a privacy bound tighter ...