Organizer: CASED, CROSSING and EC SPRIDE
Much of our computing infrastructure is still built using C and C++, in spite of overwhelming language-level problems that lead to security exploits. I will discuss a range of compiler-oriented techniques that researchers have explored to try and harden C/C++ code.
In one corner, we have techniques such as Software Fault Isolation (SFI) that have low overhead, and guarantee to enforce a particular security policy. However, the SFI policy is relatively coarse-grained, and as such doesn't block important attacks. In another corner is the Secure Virtual Architecture (SVA) which enforces a fine-grained integrity policy and manages to thwart a wide range of attacks. However, SVA and related techniques can have high overhead for some code, and will generally break more programs than SFI.
All of these techniques depend upon compiler transformations, optimizations, and/or analyses that could lead to a large trusted computing base (TCB). So I will also discuss recent research that helps to minimize the TCB via machine-checked proofs of correctness.