Physical Sciences and Mathematics Commons^™

Towards Formally Verified Compilation Of Tag-Based Policy Enforcement, Chr Chhak, Andrew Tolmach, Sean Anderson

Computer Science Faculty Publications and Presentations

Hardware-assisted reference monitoring is receiving increasing attention as a way to improve the security of existing software. One example is the PIPE architecture extension, which attaches metadata tags to register and memory values and executes tag-based rules at each machine instruction to enforce a software-defined security policy. To use PIPE effectively, engineers should be able to write security policies in terms of source-level concepts like functions, local variables, and structured control operators, which are not visible at machine level. It is the job of the compiler to generate PIPE-aware machine code that enforces these source-level policies. The compiler thus becomes …