| Title | Security across abstraction layers: old and new examples |
| Publication Type | Conference Paper |
| Year of Publication | 2020 |
| Authors | Piessens, F. |
| Conference Name | 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS PW) |
| Date Published | sep |
| Keywords | abstraction layers, compiler security, compositionality, Computer languages, Context modeling, cross-layer issues, cross-layer nature, cross-layer security issues, Hardware, higher level abstractions, ICT application, ICT system, instruction set architecture, Instruction sets, ISA, Java, Metrics, Operating systems, program compilers, pubcrawl, Resiliency, Scalability, secure compilation, security, security issues, security of data, single level, source code level, source programming language, successive layers |
| Abstract | A common technique for building ICT systems is to build them as successive layers of bstraction: for instance, the Instruction Set Architecture (ISA) is an abstraction of the hardware, and compilers or interpreters build higher level abstractions on top of the ISA.The functionality of an ICT application can often be understood by considering only a single level of abstraction. For instance the source code of the application defines the functionality using the level of abstraction of the source programming language. Functionality can be well understood by just studying this source code.Many important security issues in ICT system however are cross-layer issues: they can not be understood by considering the system at a single level of abstraction, but they require understanding how multiple levels of abstraction are implemented. Attacks may rely on, or exploit, implementation details of one or more layers below the source code level of abstraction.The purpose of this paper is to illustrate this cross-layer nature of security by discussing old and new examples of cross-layer security issues, and by providing a classification of these issues. |
| DOI | 10.1109/EuroSPW51379.2020.00043 |
| Citation Key | piessens_security_2020 |
Security across abstraction layers: old and new examples