Formal verification of software and compilers has been used to rule out large
classes of security-critical issues, but risk of unintentional information
leakage has received much less consideration. It is a key requirement for
formal specifications to leave some details of a system’s behavior unspecified
so that future implementation changes can be accommodated, and yet it is
nonetheless expected that these choices would not be made based on confidential
information the system handles. This paper formalizes that notion using
omnisemantics and plain single-copy assertions, giving for the first time a
specification of what it means for a nondeterministic program to be
constant-time or more generally to avoid leaking (a part of) its inputs. We use
this theory to prove data-leak-free execution of core cryptographic routines
compiled from Bedrock2 C to RISC-V machine code, showing that the smooth
specification and proof experience omnisemantics provides for nondeterminism
extends to constant-time properties in the same setting. We also study variants
of the key program-compiler contract, highlighting pitfalls of tempting
simplifications and subtle consequences of how inputs to nondeterministic
choices are constrained. Our results are backed by modular program-logic and
compiler-correctness theorems, and they integrate into a neat end-to-end
theorem in the Coq proof assistant.

Este artículo explora los viajes en el tiempo y sus implicaciones.

Descargar PDF: