Security guarantees for the execution infrastructure of software applications

© 2016 IEEE. Software applications run on top of infrastructure consisting of hardware (processors, devices, communication networks,⋯) and software (operating systems, compilers, virtual machines, language runtimes, databases,⋯). In many cases, attacks against application software rely at least to some extent on aspects of that infrastructure, and in some cases vulnerabilities can be fixed by strengthening the infrastructure, as well as by patching the application code. This paper argues that it is beneficial for secure software development if the security guarantees offered by the execution infrastructure are explicit and precisely defined. More specifically, a developer writing source code that will be executed on the infrastructure should know what guarantees the infrastructure offers against what class of attackers. We survey existing proposals for precise statements of such security guarantees, and argue that the notion of full abstraction proposed by Martin Abadi as a correctness condition for secure implementation of abstractions is the key notion for specifying security guarantees of execution infrastructure. We give a brief overview of how full abstraction has already been used to specify and prove security for important building blocks of an execution infrastructure, and we sketch a research agenda identifying several interesting open research problems that, when solved, could contribute to a more secure design of execution infrastructure for distributed software applications, and to a better understanding of the security properties of these infrastructures.status: publishe