Towards Formally Verified Compilation of Tag-Based Policy Enforcement

Authors

CHR Chhak, Portland State University
Andrew Tolmach, Portland State UniversityFollow
Sean Anderson, Portland State University

Published In

Proceedings of the 10th ACM SIGPLAN International Conference on Certified Programs and Proofs

Document Type

Article

Publication Date

2021

Subjects

Computer science, Information storage and retrieval systems

Abstract

Hardware-assisted reference monitoring is receiving increasing attention as a way to improve the security of existing software. One example is the PIPE architecture extension, which attaches metadata tags to register and memory values and executes tag-based rules at each machine instruction to enforce a software-defined security policy. To use PIPE effectively, engineers should be able to write security policies in terms of source-level concepts like functions, local variables, and structured control operators, which are not visible at machine level. It is the job of the compiler to generate PIPE-aware machine code that enforces these source-level policies. The compiler thus becomes part of the monitored system’s trusted computing base---and hence a prime candidate for verification.

To formalize compiler correctness in this setting, we extend the source language semantics with its own form of user-specified tag-based monitoring, and show that the compiler preserves that monitoring behavior. The challenges of compilation include mapping source-level monitoring policies to instruction-level tag rules, preserving fail-stop behaviors, and satisfying the surprisingly complex preconditions for conventional optimizations. In this paper, we describe the design and verification of Tagine, a small prototype compiler that translates a simple tagged WHILE language to a tagged register transfer language and performs simple optimizations. Tagine is based on the RTLgen and Deadcode phases of the CompCert compiler, and hence is written and verified in Coq. This work is a first step toward verification of a full-scale compiler for a realistic tagged source language.

Rights

© 2021 Copyright held by the owner/author(s). Publication rights licensed to ACM.

Description

Publication rights licensed to ACM. ACM acknowledges that this contribution was authored or co-authored by an employee, contractor or affiliate of the United States government. As such, the Government retains a nonexclusive, royalty-free right to publish or reproduce this article, or to allow others to do so, for Government purposes only.

Locate the Document

https://doi-org/10.1145/3437992.3439929

DOI

10.1145/3437992.3439929

Persistent Identifier

https://archives.pdx.edu/ds/psu/36230

Citation Details

Chhak, C. H. R., Tolmach, A., & Anderson, S. (2021, January). Towards formally verified compilation of tag-based policy enforcement. In Proceedings of the 10th ACM SIGPLAN International Conference on Certified Programs and Proofs (pp. 137-151).