Project description
Secure compilers for realistic programming languages
Today's compilation chains are non-secure, which results in numerous severe vulnerabilities in computer systems. Yet, secure compilation would be difficult to achieve using the coarse-grained protection mechanisms provided by mainstream hardware architectures. Funded by the European Research Council, the SECOMP project aims to leverage emerging tagged architectures in order to develop the first efficient secure compilation chains for realistic programming languages, such as C and F*. To achieve an unprecedented level of security and provide high confidence for it, the project will mathematically define what it means for compartmentalised applications to be compiled securely. Moreover, it will verify that the developed compilation chains satisfy this formal security definition using a combination of machine-checked proofs and property-based testing.
Objective
Severe low-level vulnerabilities abound in today’s computer systems, allowing cyber-attackers to remotely gain
full control. This happens in big part because our programming languages, compilers, and architectures were
designed in an era of scarce hardware resources and too often trade off security for efficiency. The semantics of
mainstream low-level languages like C is inherently insecure, and even for safer languages, establishing security
with respect to a high-level semantics does not guarantee the absence of low-level attacks. Secure compilation
using the coarse-grained protection mechanisms provided by mainstream hardware architectures would be too
inefficient for most practical scenarios. This project is aimed at leveraging emerging hardware capabilities
for fine-grained protection to build the first, efficient secure compilers for realistic programming languages,
both low-level (the C language) and high-level (ML and a dependently-typed variant). These compilers will
provide a secure semantics for all programs and will ensure that high-level abstractions cannot be violated
even when interacting with untrusted low-level code. To achieve this level of security without sacrificing
efficiency, our secure compilers will target a tagged architecture, which associates a metadata tag to each word
and efficiently propagates and checks tags according to software-defined rules. We will experimentally evaluate
and carefully optimize the efficiency of our secure compilers on realistic workloads and standard benchmark
suites. We will use property-based testing and formal verification to provide high confidence that our compilers
are indeed secure. Formally, we will construct machine-checked proofs of full abstraction with respect to
a secure high-level semantics. This strong property complements compiler correctness and ensures that no
machine-code attacker can do more harm to securely compiled components than a component in the secure
source language already could.
Fields of science (EuroSciVoc)
CORDIS classifies projects with EuroSciVoc, a multilingual taxonomy of fields of science, through a semi-automatic process based on NLP techniques. See: The European Science Vocabulary.
CORDIS classifies projects with EuroSciVoc, a multilingual taxonomy of fields of science, through a semi-automatic process based on NLP techniques. See: The European Science Vocabulary.
- natural sciences computer and information sciences software software development
- natural sciences computer and information sciences computer security
You need to log in or register to use this function
We are sorry... an unexpected error occurred during execution.
You need to be authenticated. Your session might have expired.
Thank you for your feedback. You will soon receive an email to confirm the submission. If you have selected to be notified about the reporting status, you will also be contacted when the reporting status will change.
Keywords
Project’s keywords as indicated by the project coordinator. Not to be confused with the EuroSciVoc taxonomy (Fields of science)
Project’s keywords as indicated by the project coordinator. Not to be confused with the EuroSciVoc taxonomy (Fields of science)
Programme(s)
Multi-annual funding programmes that define the EU’s priorities for research and innovation.
Multi-annual funding programmes that define the EU’s priorities for research and innovation.
-
H2020-EU.1.1. - EXCELLENT SCIENCE - European Research Council (ERC)
MAIN PROGRAMME
See all projects funded under this programme
Topic(s)
Calls for proposals are divided into topics. A topic defines a specific subject or area for which applicants can submit proposals. The description of a topic comprises its specific scope and the expected impact of the funded project.
Calls for proposals are divided into topics. A topic defines a specific subject or area for which applicants can submit proposals. The description of a topic comprises its specific scope and the expected impact of the funded project.
Funding Scheme
Funding scheme (or “Type of Action”) inside a programme with common features. It specifies: the scope of what is funded; the reimbursement rate; specific evaluation criteria to qualify for funding; and the use of simplified forms of costs like lump sums.
Funding scheme (or “Type of Action”) inside a programme with common features. It specifies: the scope of what is funded; the reimbursement rate; specific evaluation criteria to qualify for funding; and the use of simplified forms of costs like lump sums.
ERC-STG - Starting Grant
See all projects funded under this funding scheme
Call for proposal
Procedure for inviting applicants to submit project proposals, with the aim of receiving EU funding.
Procedure for inviting applicants to submit project proposals, with the aim of receiving EU funding.
(opens in new window) ERC-2016-STG
See all projects funded under this callHost institution
Net EU financial contribution. The sum of money that the participant receives, deducted by the EU contribution to its linked third party. It considers the distribution of the EU financial contribution between direct beneficiaries of the project and other types of participants, like third-party participants.
80539 Munchen
Germany
The total costs incurred by this organisation to participate in the project, including direct and indirect costs. This amount is a subset of the overall project budget.