{"id":20745516,"url":"https://github.com/secure-compilation/when-good-components-go-bad","last_synced_at":"2025-04-24T06:34:17.991Z","repository":{"id":55581593,"uuid":"119944164","full_name":"secure-compilation/when-good-components-go-bad","owner":"secure-compilation","description":"Coq formalization for \"When Good Components Go Bad\" paper","archived":false,"fork":false,"pushed_at":"2025-04-10T16:25:57.000Z","size":5382,"stargazers_count":7,"open_issues_count":2,"forks_count":1,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-04-10T18:04:04.968Z","etag":null,"topics":["compartmentalization","coq","secure-compilation","software-fault-isolation","tagged-architectures","undefined-behavior"],"latest_commit_sha":null,"homepage":"https://arxiv.org/abs/1802.00588","language":"Coq","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/secure-compilation.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2018-02-02T06:49:08.000Z","updated_at":"2025-02-04T15:54:23.000Z","dependencies_parsed_at":"2024-02-09T14:44:18.014Z","dependency_job_id":"f6f0d2b8-991d-4502-9c65-a7f21fc147c6","html_url":"https://github.com/secure-compilation/when-good-components-go-bad","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/secure-compilation%2Fwhen-good-components-go-bad","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/secure-compilation%2Fwhen-good-components-go-bad/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/secure-compilation%2Fwhen-good-components-go-bad/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/secure-compilation%2Fwhen-good-components-go-bad/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/secure-compilation","download_url":"https://codeload.github.com/secure-compilation/when-good-components-go-bad/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":250579892,"owners_count":21453520,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["compartmentalization","coq","secure-compilation","software-fault-isolation","tagged-architectures","undefined-behavior"],"created_at":"2024-11-17T07:20:54.405Z","updated_at":"2025-04-24T06:34:17.969Z","avatar_url":"https://github.com/secure-compilation.png","language":"Coq","funding_links":[],"categories":[],"sub_categories":[],"readme":"# When Good Components Go Bad #\n\nThis repository contains the Coq development of the paper:\n- Carmine Abate, Arthur Azevedo de Amorim, Roberto Blanco, Ana Nora Evans,\n Guglielmo Fachini, Catalin Hritcu, Théo Laurent, Benjamin C. Pierce,\n Marco Stronati, Andrew Tolmach.\n **[When Good Components Go Bad: Formally Secure Compilation Despite\n Dynamic Compromise](https://arxiv.org/abs/1802.00588)**.\n In 25th ACM Conference on Computer and Communications Security\n (CCS 2018), October 2018.\n\n### Prerequisites ###\n\nThis development has been built and tested under Coq 8.12.2, using Mathematical Components 1.11.0,\nExtensional Structures 0.3.0 and Coq Utils commit #81eaf5b6c2ed5.\n\nWe recommend the installation via the OCaml package manager, OPAM:\n- Create a new switch for this development: `opam switch create wgcgb ocaml-base-compiler.4.10.2`\n (don't forget to run `eval $(opam env)` as instructed by the command).\n- Add the Coq OPAM repositories: `opam repo add coq-released https://coq.inria.fr/opam/released/` then\n `opam repo add coq-extra-dev https://coq.inria.fr/opam/extra-dev`.\n- Pin Coq to 8.12.2: `opam pin add coq 8.12.2`.\n- Pin the Mathematical Components library to 1.11.0:\n `opam pin add coq-mathcomp-ssreflect 1.11.0` then `opam install coq-mathcomp-fingroup coq-mathcomp-algebra`.\n- Pin the Extensional Structures to 0.3.0: `opam pin add coq-extructures 0.3.0`. This should install `coq-deriving` version\n 0.1.1 automatically (as a dependency). Otherwise, pin `coq-deriving` to 0.1.1: `opam pin add coq-deriving 0.1.1`.\n- With that, you have everything required to build the Coq Utils version we are using:\n first, pin it to the commit 81eaf5b6c2ed5:\n `opam pin add -e coq-utils git@github.com:arthuraa/coq-utils.git#81eaf5b6c2ed5`. Then, remove the two lines \n for the dependency on `coq-extructures` and `coq-deriving`. Then add at the end `version: \"81eaf5b6c2ed5\"`.\n\n### Replaying the proofs ###\n\n $ make -j4\n\n### Running the tests ###\n\nIn order to run our tests, the following additional dependencies are needed:\n\nCoq 8.12.0\n- QuickChick 1.4.0\n\nStable releases of QuickChick (package `coq-quickchick`) are available through\nthe Coq OPAM repository.\n\nRunning the tests (to be simplified):\n\n $ make clean\n $ make -j4\n $ ./run_extracted_examples.sh --force-extraction\n $ rm sfi_safety_properties.exe\n $ ./run_sfi_tests.sh\n\nMore thorough mutation tests are on the `nora-testing-experiments` branch.\n\n### Top-level theorems ###\n\nAt the top level, the development provides high-level proofs with the following\nentry points:\n- `RSC_DC_MD.v`: generic secure compilation proof\n against the assumptions in `RSC_DC_MD_Sigs.v` (Section 3.5)\n- `RSC_DC_MD_Instance.v`: an instantiation of the assumptions\n from `RSC_DC_MD_Sigs.v` to our compilation chain (Section 4.3)\n- `RSC_DC.v`: general proofs about the class of properties preserved\n by RSC^DC (Appendix A)\n- `RSC_DC_4_compcert.v`: proofs in `RSC_DC.v` adapted to the general CompCert\n trace model (Appendix A)\n\nThe correspondences between the main definitions and results in the paper and\nin Coq are as follows.\n\nDefinition 3.2: Robustly Safe Compilation with Dynamic Compromise (RSC^DC)\n- `RSC_DC.RSC_dc` in the simple trace model\n- `RSC_DC_4_compcert.RSC_dc` in the CompCert trace model\n\nDefinition 3.3: Robustly Safe Compilation with Dynamic Compromise and Mutual\nDistrust (RSC^DC_MD)\n- `RSC_DC_MD.RSC_DC_MD`\n\nDefinition A.1: Z_P class of safety properties preserved by RSC^DC\n- `RSC_DC.Z_class` (proof-friendly definition)\n and `RSC_DC.Z_p_equivalent`\n (proof of equivalence between the proof-friendly and the paper definitions)\n in the simple trace model\n- `RSC_DC_4_compcert.Z_class` (proof-friendly definition)\n and `RSC_DC_4_compcert.Z_p_equivalent`\n (proof of equivalence between the proof-friendly and the paper definitions)\n in the CompCert trace model\n\nTheorem A.2: RSC^DC characterization via Z_P\n- `RSC_DC.main_thm` in the simple trace model\n- `RSC_DC_4_compcert.main_thm` in the CompCert trace model\n\n### License ###\n- This code is licensed under the Apache License, Version 2.0 (see `LICENSE`)\n- The code in the `CompCert` dir is adapted based on files in the\n `common` and `lib` dirs of CompCert and is thus dual-licensed under\n the INRIA Non-Commercial License Agreement and the GNU General\n Public License version 2 or later (see `Compcert/LICENSE`)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsecure-compilation%2Fwhen-good-components-go-bad","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsecure-compilation%2Fwhen-good-components-go-bad","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsecure-compilation%2Fwhen-good-components-go-bad/lists"}