Visible to the public Biblio

Filters: Keyword is compilers  [Clear All Filters]
2019-12-02
Kelly, Daniel M., Wellons, Christopher C., Coffman, Joel, Gearhart, Andrew S..  2019.  Automatically Validating the Effectiveness of Software Diversity Schemes. 2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks – Supplemental Volume (DSN-S). :1–2.
Software diversity promises to invert the current balance of power in cybersecurity by preventing exploit reuse. Nevertheless, the comparative evaluation of diversity techniques has received scant attention. In ongoing work, we use the DARPA Cyber Grand Challenge (CGC) environment to assess the effectiveness of diversifying compilers in mitigating exploits. Our approach provides a quantitative comparison of diversity strategies and demonstrates wide variation in their effectiveness.
Simon, Laurent, Chisnall, David, Anderson, Ross.  2018.  What You Get is What You C: Controlling Side Effects in Mainstream C Compilers. 2018 IEEE European Symposium on Security and Privacy (EuroS P). :1–15.
Security engineers have been fighting with C compilers for years. A careful programmer would test for null pointer dereferencing or division by zero; but the compiler would fail to understand, and optimize the test away. Modern compilers now have dedicated options to mitigate this. But when a programmer tries to control side effects of code, such as to make a cryptographic algorithm execute in constant time, the problem remains. Programmers devise complex tricks to obscure their intentions, but compiler writers find ever smarter ways to optimize code. A compiler upgrade can suddenly and without warning open a timing channel in previously secure code. This arms race is pointless and has to stop. We argue that we must stop fighting the compiler, and instead make it our ally. As a starting point, we analyze the ways in which compiler optimization breaks implicit properties of crypto code; and add guarantees for two of these properties in Clang/LLVM. Our work explores what is actually involved in controlling side effects on modern CPUs with a standard toolchain. Similar techniques can and should be applied to other security properties; achieving intentions by compiler commands or annotations makes them explicit, so we can reason about them. It is already understood that explicitness is essential for cryptographic protocol security and for compiler performance; it is essential for language security too. We therefore argue that this should be only the first step in a sustained engineering effort.
2019-02-14
Zhang, Feng, Zhai, Jidong, Shen, Xipeng, Mutlu, Onur, Chen, Wenguang.  2018.  Zwift: A Programming Framework for High Performance Text Analytics on Compressed Data. Proceedings of the 2018 International Conference on Supercomputing. :195-206.
Today's rapidly growing document volumes pose pressing challenges to modern document analytics frameworks, in both space usage and processing time. Recently, a promising method, called text analytics directly on compressed data (TADOC), was proposed for improving both the time and space efficiency of text analytics. The main idea of the technique is to enable direct document analytics on compressed data. This paper focuses on the programming challenges for developing efficient TADOC programs. It presents Zwift, the first programming framework for TADOC, which consists of a Domain Specific Language, a compiler and runtime, and a utility library. Experiments show that Zwift significantly improves programming productivity, while effectively unleashing the power of TADOC, producing code that reduces storage usage by 90.8% and execution time by 41.0% on six text analytics problems.
2018-11-28
Vaziri, Mandana, Mandel, Louis, Shinnar, Avraham, Siméon, Jérôme, Hirzel, Martin.  2017.  Generating Chat Bots from Web API Specifications. Proceedings of the 2017 ACM SIGPLAN International Symposium on New Ideas, New Paradigms, and Reflections on Programming and Software. :44–57.

Companies want to offer chat bots to their customers and employees which can answer questions, enable self-service, and showcase their products and services. Implementing and maintaining chat bots by hand costs time and money. Companies typically have web APIs for their services, which are often documented with an API specification. This paper presents a compiler that takes a web API specification written in Swagger and automatically generates a chat bot that helps the user make API calls. The generated bot is self-documenting, using descriptions from the API specification to answer help requests. Unfortunately, Swagger specifications are not always good enough to generate high-quality chat bots. This paper addresses this problem via a novel in-dialogue curation approach: the power user can improve the generated chat bot by interacting with it. The result is then saved back as an API specification. This paper reports on the design and implementation of the chat bot compiler, the in-dialogue curation, and working case studies.

2018-05-09
Yaneva, Vanya, Rajan, Ajitha, Dubach, Christophe.  2017.  Compiler-Assisted Test Acceleration on GPUs for Embedded Software. Proceedings of the 26th ACM SIGSOFT International Symposium on Software Testing and Analysis. :35–45.

Embedded software is found everywhere from our highly visible mobile devices to the confines of our car in the form of smart sensors. Embedded software companies are under huge pressure to produce safe applications that limit risks, and testing is absolutely critical to alleviate concerns regarding safety and user privacy. This requires using large test suites throughout the development process, increasing time-to-market and ultimately hindering competitivity. Speeding up test execution is, therefore, of paramount importance for embedded software developers. This is traditionally achieved by running, in parallel, multiple tests on large-scale clusters of computers. However, this approach is costly in terms of infrastructure maintenance and energy consumed, and is at times inconvenient as developers have to wait for their tests to be scheduled on a shared resource. We propose to look at exploiting GPUs (Graphics Processing Units) for running embedded software testing. GPUs are readily available in most computers and offer tremendous amounts of parallelism, making them an ideal target for embedded software testing. In this paper, we demonstrate, for the first time, how test executions of embedded C programs can be automatically performed on a GPU, without involving the end user. We take a compiler-assisted approach which automatically compiles the C program into GPU kernels for parallel execution of the input tests. Using this technique, we achieve an average speedup of 16× when compared to CPU execution of input tests across nine programs from an industry standard embedded benchmark suite.

2018-01-10
Frieslaar, Ibraheem, Irwin, Barry.  2017.  Investigating the Effects Various Compilers Have on the Electromagnetic Signature of a Cryptographic Executable. Proceedings of the South African Institute of Computer Scientists and Information Technologists. :15:1–15:10.

This research investigates changes in the electromagnetic (EM) signatures of a cryptographic binary executable based on compile-time parameters to the GNU and clang compilers. The source code was compiled and executed on a Raspberry Pi 2, which utilizes the ARMv7 CPU. Various optimization flags are enabled at compile-time and the output of the binary executable's EM signatures are captured at run-time. It is demonstrated that GNU and clang compilers produced different EM signature on program execution. The results indicated while utilizing the O3 optimization flag, the EM signature of the program changes. Additionally, the g++ compiler demonstrated fewer instructions were required to run the executable; this related to fewer EM emissions leaked. The EM data from the various compilers under different optimization levels was used as input data for a correlation power analysis attack. The results indicated that partial AES-128 encryption keys was possible. In addition, the fewest subkeys recovered was when the clang compiler was used with level O2 optimization. Finally, the research was able to recover 15 of 16 AES-128 cryptographic algorithm's subkeys, from the the Pi.

2017-11-01
De Sutter, Bjorn, Basile, Cataldo, Ceccato, Mariano, Falcarin, Paolo, Zunke, Michael, Wyseur, Brecht, d'Annoville, Jerome.  2016.  The ASPIRE Framework for Software Protection. Proceedings of the 2016 ACM Workshop on Software PROtection. :91–92.
In the ASPIRE research project, a software protection tool flow was designed and prototyped that targets native ARM Android code. This tool flow supports the deployment of a number of protections against man-at-the-end attacks. In this tutorial, an overview of the tool flow will be presented and attendants will participate to a hands-on demonstration. In addition, we will present an overview of the decision support systems developed in the project to facilitate the use of the protection tool flow.