Robustly Safe Compilation or, Efficient, Provably Secure Compilation

Secure compilers generate compiled code that withstands many targetlevel attacks such as alteration of control flow, data leaks or memory corruption. Many existing secure compilers are proven to be fully abstract, meaning that they reflect and preserve observational equivalence. While this is a strong property, it comes at the cost of requiring expensive runtime constructs in compiled code that may have no relevance for security, but are needed to accommodate differences between the source language and the target language. As an alternative, this paper explores a different compiler security criterion called robustly safe compilation or RSC . Briefly, this criterion means that the compiled code preserves relevant safety properties of the source program against all adversarial contexts. We show that RSC can be attained easily and results in code that is much more efficient than that generated by fully abstract compilers. We also develop two illustrative RSC -attaining compilers and, through them, develop two different proof techniques for establishing that a compiler attains RSC . To better explain and clarify notions, this paper uses colours. For a better experience, please print or view this paper in colours.