Security-enhancing compilers (video)

Graham Markall

SECURE — Security Enhancing Compilation for use in Real Environments — is a 1-year project that is funded by Innovate UK to develop robust, production-ready implementations of security-enhancing compiler techniques. These implementations are being developed in open-source compilers, GCC and LLVM, to enable widespread access the tools for developing secure software.

The SECURE project focuses on implementing techniques in two areas:

  • Automation, where the compiler automatically implements transformations that would otherwise have to be done manually by the programmer changing their source code. The use of automation decreases programmer effort when developing secure software.
  • Warnings, where the compiler does static analysis to check security-specific properties, and informs the user when potentially unsafe constructs are found – for example, when control flow depends on sensitive variables, which can introduce a timing side channel. The use of warnings decreases programmer error when developing secure software.

The project builds on our academic and industrial connections and experience, in particular from the Leakage-Aware Design Automation (LADA) project in collaboration with Bristol University, and our work developing compiler toolchains for our customers’ secure processors.

In a recently published video Embecosm CEO, Dr Jeremy Bennett, introduces security-enhancing compilers, taking a look at the motivation and some of the techniques employed.

 

For further details also see Jeremy’s blog post from earlier this year.

As a key theme within Embecosm’s programme of original R&D, this is something that we will be providing further updates on in due course, both via this blog and presenting at industry and community events. As ever, please do get in touch if you would like to find out more.

Leave a Reply