Beyond Good and Evil: Formalizing the Security Guarantees of Compartmentalizing Compilation

Compartmentalization is good security-engineering practice. By breaking a large software system into mutually distrustful components that run with minimal privileges, restricting their interactions to conform to well-defined interfaces, we can limit the damage caused by low-level attacks such as control-flow hijacking. When used to defend against such attacks, compartmentalization is often implemented cooperatively by a compiler and a low-level compartmentalization mechanism. However, the formal guarantees provided by such compartmentalizing compilation have seen surprisingly little investigation. We propose a new security property, secure compartmentalizing compilation (SCC), that formally characterizes the guarantees provided by compartmentalizing compilation and clarifies its attacker model. We reconstruct our property by starting from the well-established notion of fully abstract compilation, then identifying and lifting three important limitations that make standard full abstraction unsuitable for compartmentalization. The connection to full abstraction allows us to prove SCC by adapting established proof techniques; we illustrate this with a compiler from a simple unsafe imperative language with procedures to a compartmentalized abstract machine.Comment: Nit

PROSET — A Language for Prototyping with Sets

We discuss the prototyping language PROSET(Prototyping with Sets) as a language for experimental and evolutionary prototyping, focusing its attention on algorithm design. Some of PROSET’s features include generative communication, flexible exception handling and the integration of persistence. A discussion of some issues pertaining to the compiler and the programming environment conclude the pape

HAL/S-360 compiler system specification

A three phase language compiler is described which produces IBM 360/370 compatible object modules and a set of simulation tables to aid in run time verification. A link edit step augments the standard OS linkage editor. A comprehensive run time system and library provide the HAL/S operating environment, error handling, a pseudo real time executive, and an extensive set of mathematical, conversion, I/O, and diagnostic routines. The specifications of the information flow and content for this system are also considered

PCG: A prototype incremental compilation facility for the SAGA environment, appendix F

A programming environment supports the activity of developing and maintaining software. New environments provide language-oriented tools such as syntax-directed editors, whose usefulness is enhanced because they embody language-specific knowledge. When syntactic and semantic analysis occur early in the cycle of program production, that is, during editing, the use of a standard compiler is inefficient, for it must re-analyze the program before generating code. Likewise, it is inefficient to recompile an entire file, when the editor can determine that only portions of it need updating. The pcg, or Pascal code generation, facility described here generates code directly from the syntax trees produced by the SAGA syntax directed Pascal editor. By preserving the intermediate code used in the previous compilation, it can limit recompilation to the routines actually modified by editing

PHOTOS Interface in C++; Technical and Physics Documentation

For five years now, PHOTOS Monte Carlo for bremsstrahlung in the decay of particles and resonances has been available with an interface to the C++ HepMC event record. The main purpose of the present paper is to document the technical aspects of the PHOTOS Monte Carlo installation and present version use. A multitude of test results and examples are distributed together with the program code. The PHOTOS C++ physics precision is better than its FORTRAN predecessor and more convenient steering options are also available. An algorithm for the event record interface necessary for process dependent photon emission kernel is implemented. It is used in Z and W decays for kernels of complete first order matrix elements of the decays. Additional emission of final state lepton pairs is also available. Physics assumptions used in the program and properties of the solution are reviewed. In particular, it is explained how the second order matrix elements were used in design and validation of the program iteration procedure. Also, it is explained that the phase space parametrization used in the program is exact.Comment: Updated version; for the program as of April 201

The C++0x "Concepts" Effort

C++0x is the working title for the revision of the ISO standard of the C++ programming language that was originally planned for release in 2009 but that was delayed to 2011. The largest language extension in C++0x was "concepts", that is, a collection of features for constraining template parameters. In September of 2008, the C++ standards committee voted the concepts extension into C++0x, but then in July of 2009, the committee voted the concepts extension back out of C++0x. This article is my account of the technical challenges and debates within the "concepts" effort in the years 2003 to 2009. To provide some background, the article also describes the design space for constrained parametric polymorphism, or what is colloquially know as constrained generics. While this article is meant to be generally accessible, the writing is aimed toward readers with background in functional programming and programming language theory. This article grew out of a lecture at the Spring School on Generic and Indexed Programming at the University of Oxford, March 2010