Reconciling Security and Performance for Concurrent Programs
Project Leader: Toby Murray
Collaborators: Robert Sison (UNSW) Kai Engelhardt (UNSW)
Primary Contact: Toby Murray (firstname.lastname@example.org)
Keywords: computer security; cryptography; programming languages
Disciplines: Computing and Information Systems
Security and performance seem always at odds. The recent Spectre attacks are but the latest revelation in a continuing battle between these fundamental concerns. Security controls and mechanisms naturally impede performance, and performance optimisations all too often introduce unforseen security vulnerabilities.
This trade-off is especially stark in modern compilers. Everybody wants their code to run as fast as possible, yet compiler optimisations are a known source of subtle security vulnerabilities. A good example are optimisations that introduce subtle information leaks into cryptographic code (here is a tiny example).
This project builds on recent advances in how to logically specify what it means for compilation to be secure, and aims to develop methods for proving whether compiler optimisations aimed at maximising performance do not introduce insecurity. Potential topics for investigation include high-performance aspects of modern target instruction set architectures, such as weak memory and speculative execution, and thier impact on information leakage for concurrent programs.