Robustly Safe Compilation or, Efficient, Provably Secure Compilation

Secure compilers generate compiled code that withstands many target-level attacks such as alteration of control flow, data leaks or memory corruption. Many existing secure compilers are proven to be fully abstract, meaning that they reflect and preserve observational equivalence. Fully abstract compilation is a strong and useful property that, in certain cases, comes at the cost of requiring expensive runtime constructs in compiled code. These constructs may have no relevance for security, but are needed to accommodate differences between the source language and the target language that fully abstract compilation necessarily regards. As an alternative to fully abstract compilation, this paper explores a different criterion for secure compilation called robustly safe compilation or RSC. Briefly, this criterion means that the compiled code preserves relevant safety properties of the source program against all adversarial contexts interacting with said program. We show that RSC can be attained easily and results in code that is more efficient than that generated by fully abstract compilers. We also develop three illustrative robustly-safe compilers and, through them, develop two different proof techniques for establishing that a compiler attains RSC. Through these, we also establish that proving RSC is simpler than proving fully abstraction.