Verified secure compilation for mixed-sensitivity concurrent programs

Proving only over source code that programs do not leak sensitive data leaves a gap between reasoning and reality can be filled by accounting for the behaviour of compiler. Furthermore, software does always have luxury limiting itself to single-threaded computation with resources statically dedicated each user ensure confidentiality their data. This results in mixed-sensitivity concurrent programs, which might reuse memory shared threads hold different sensitivity levels at times; such compiler must preserve value-dependent coordination despite impact concurrency. Here we demonstrate, using Isabelle/HOL, it is feasible verify preserves noninterference, strictest kind property, programs. First, present notions refinement notion noninterference designed support As proving noninterference-preserving considerably more complex than standard refinements typically used semantics-preserving compilation, our include decomposition principle separates semantics-preservation from security-preservation concerns. Second, demonstrate these are applicable verified secure exercising them on single-pass synchronise mutex locks, generic imperative language RISC-style assembly language. Finally, execute nontrivial program modelling real-world use case, thus preserving its source-level properties down an assembly-level model automatically. (Full abstract paper)