SecRSL: Security Separation Logic for C11 Release-Acquire Concurrency (Extended version with technical appendices)

09/08/2021
by   Pengbo Yan, et al.
0

We present Security Relaxed Separation Logic (SecRSL), a separation logic for proving information-flow security of C11 programs in the Release-Acquire fragment with relaxed accesses. SecRSL is the first security logic that (1) supports weak-memory reasoning about programs in a high-level language; (2) inherits separation logic's virtues of compositional, local reasoning about (3) expressive security policies like value-dependent classification. SecRSL is also, to our knowledge, the first security logic developed over an axiomatic memory model. Thus we also present the first definitions of information-flow security for an axiomatic weak memory model, against which we prove SecRSL sound. SecRSL ensures that programs satisfy a constant-time security guarantee, while being free of undefined behaviour. We apply SecRSL to implement and verify the functional correctness and constant-time security of a range of concurrency primitives, including a spinlock module, a mixed-sensitivity mutex, and multiple synchronous channel implementations. Empirical performance evaluations of the latter demonstrate SecRSL's power to support the development of secure and performant concurrent C programs.

READ FULL TEXT
research
01/30/2020

VERONICA: Expressive and Precise Concurrent Information Flow Security (Extended Version with Technical Appendices)

Methods for proving that concurrent software does not leak its secrets h...
research
11/22/2018

Verifying C11 Programs Operationally

This paper develops an operational semantics for a release-acquire fragm...
research
07/12/2021

Incremental Vulnerability Detection with Insecurity Separation Logic

We present the first compositional, incremental static analysis for dete...
research
07/01/2019

Verifying that a compiler preserves concurrent value-dependent information-flow security

It is common to prove by reasoning over source code that programs do not...
research
04/11/2018

A denotational account of C11-style memory

We introduce a denotational semantic framework for shared-memory concurr...
research
06/11/2019

Polymorphic Relaxed Noninterference

Information-flow security typing statically preserves confidentiality by...
research
10/27/2020

Verified Secure Compilation for Mixed-Sensitivity Concurrent Programs

Proving only over source code that programs do not leak sensitive data l...

Please sign up or login with your details

Forgot password? Click here to reset