Technical Report 2015-015

Formalizing a Secure Foreign Function Interface - Extended Version

Adriaan Larmuseau and Dave Clarke

May 2015

Many high-level functional programming languages provide programmers with the ability to interoperate with untyped and low-level languages such as C and assembly. Research into such interoperation has generally focused on a closed world scenario, one where both the high-level and low-level code are defined and analyzed statically. In practice, however, components are sometimes linked in at run-time through malicious means. In this paper we formalize an operational semantics that securely combines MiniML, a light-weight ML, with a model of a low-level attacker, without relying on any static checks. We prove that the operational semantics are secure by establishing that they preserve and reflect the equivalences of MiniML. To that end a notion of bisimulation for the interaction between the attacker and MiniML is developed.

Note: This technical report is an extended version of the paper of the same name that is to appear at SEFM 2015.

Available as PDF (443 kB, no cover)

Download BibTeX entry.