Project description DEENESFRITPL Secure compilers for realistic programming languages Today's compilation chains are non-secure, which results in numerous severe vulnerabilities in computer systems. Yet, secure compilation would be difficult to achieve using the coarse-grained protection mechanisms provided by mainstream hardware architectures. Funded by the European Research Council, the SECOMP project aims to leverage emerging tagged architectures in order to develop the first efficient secure compilation chains for realistic programming languages, such as C and F*. To achieve an unprecedented level of security and provide high confidence for it, the project will mathematically define what it means for compartmentalised applications to be compiled securely. Moreover, it will verify that the developed compilation chains satisfy this formal security definition using a combination of machine-checked proofs and property-based testing. Show the project objective Hide the project objective Objective Severe low-level vulnerabilities abound in today’s computer systems, allowing cyber-attackers to remotely gainfull control. This happens in big part because our programming languages, compilers, and architectures weredesigned in an era of scarce hardware resources and too often trade off security for efficiency. The semantics ofmainstream low-level languages like C is inherently insecure, and even for safer languages, establishing securitywith respect to a high-level semantics does not guarantee the absence of low-level attacks. Secure compilationusing the coarse-grained protection mechanisms provided by mainstream hardware architectures would be tooinefficient for most practical scenarios. This project is aimed at leveraging emerging hardware capabilitiesfor fine-grained protection to build the first, efficient secure compilers for realistic programming languages,both low-level (the C language) and high-level (ML and a dependently-typed variant). These compilers willprovide a secure semantics for all programs and will ensure that high-level abstractions cannot be violatedeven when interacting with untrusted low-level code. To achieve this level of security without sacrificingefficiency, our secure compilers will target a tagged architecture, which associates a metadata tag to each wordand efficiently propagates and checks tags according to software-defined rules. We will experimentally evaluateand carefully optimize the efficiency of our secure compilers on realistic workloads and standard benchmarksuites. We will use property-based testing and formal verification to provide high confidence that our compilersare indeed secure. Formally, we will construct machine-checked proofs of full abstraction with respect toa secure high-level semantics. This strong property complements compiler correctness and ensures that nomachine-code attacker can do more harm to securely compiled components than a component in the securesource language already could. Fields of science natural sciencescomputer and information sciencessoftwaresoftware developmentnatural sciencescomputer and information sciencescomputer security Keywords security compilers programming low-level attacks memory safety sandboxing full abstraction dynamic monitoring tagged hardware composition formal methods formal verification testing Programme(s) H2020-EU.1.1. - EXCELLENT SCIENCE - European Research Council (ERC) Main Programme Topic(s) ERC-2016-STG - ERC Starting Grant Call for proposal ERC-2016-STG See other projects for this call Funding Scheme ERC-STG - Starting Grant Host institution MAX-PLANCK-GESELLSCHAFT ZUR FORDERUNG DER WISSENSCHAFTEN EV Net EU contribution € 368 220,25 Address HOFGARTENSTRASSE 8 80539 Munchen Germany See on map Region Bayern Oberbayern München, Kreisfreie Stadt Activity type Research Organisations Links Contact the organisation Opens in new window Website Opens in new window Participation in EU R&I programmes Opens in new window HORIZON collaboration network Opens in new window Total cost € 368 220,25 Beneficiaries (2) Sort alphabetically Sort by Net EU contribution Expand all Collapse all MAX-PLANCK-GESELLSCHAFT ZUR FORDERUNG DER WISSENSCHAFTEN EV Germany Net EU contribution € 368 220,25 Address HOFGARTENSTRASSE 8 80539 Munchen See on map Region Bayern Oberbayern München, Kreisfreie Stadt Activity type Research Organisations Links Contact the organisation Opens in new window Website Opens in new window Participation in EU R&I programmes Opens in new window HORIZON collaboration network Opens in new window Total cost € 368 220,25 INSTITUT NATIONAL DE RECHERCHE EN INFORMATIQUE ET AUTOMATIQUE Participation ended France Net EU contribution € 1 130 223,75 Address DOMAINE DE VOLUCEAU ROCQUENCOURT 78153 Le Chesnay Cedex See on map Region Ile-de-France Ile-de-France Yvelines Activity type Research Organisations Links Contact the organisation Opens in new window Website Opens in new window Participation in EU R&I programmes Opens in new window HORIZON collaboration network Opens in new window Total cost € 1 130 223,75