Principles of Secure Compilation (PriSC)Follow @infosec_events
InfoSec Conference Summary
The description was submitted by the Conference Organizer. We sometimes edit it to enhance the listing.
Today’s computer systems are insecure. The semantics of mainstream low-level languages like C provide no security against devastating attacks like buffer overflows and control-flow hijacking. Even for safer languages, establishing security with respect to the language’s semantics does not prevent low-level attacks. All the abstraction and security guarantees of the source language are currently lost when interacting with low-level code, e.g., when using libraries.
The secure compilation is an emerging field that puts together advances in programming languages, security, verification, systems, compilers, and hardware architectures in order to devise secure compiler chains that eliminate many of today’s low-level vulnerabilities. Secure compilation aims to protect high-level language abstractions in compiled code, even against adversarial low-level contexts, and to allow sound reasoning about security in the source language. The emerging secure compilation community aims to achieve this by: (1) identifying and formalizing properties that secure compilers must possess; (2) devising efficient enforcement mechanisms; and (3) developing effective formal verification techniques.
The aim of this informal workshop is to identify interesting research directions and open challenges and to bring together practitioners and researchers interested in working on building secure compilation chains, on developing proof techniques and verification tools, and on designing enforcement mechanisms for secure compilation.