A System-Level Semantics

TL;DR

This paper introduces a novel game semantics model for a C-like language where the Opponent has omnipotence but limited knowledge, combining operational and game semantics to analyze system-level attacks and preserve language equivalences.

Contribution

It proposes a new semantic framework with an epistemic restriction, enabling analysis of system attacks and maintaining language equivalences in a simplified, combined semantics.

Findings

Semantic model captures system-level attack traces.

Secrets in Proponent preserve language equivalences.

Combines operational and game semantics effectively.

Abstract

Game semantics is a trace-like denotational semantics for programming languages where the notion of legal observable behaviour of a term is defined combinatorially, by means of rules of a game between the term (the "Proponent") and its context (the "Opponent"). In general, the richer the computational features a language has, the less constrained the rules of the semantic game. In this paper we consider the consequences of taking this relaxation of rules to the limit, by granting the Opponent omnipotence, that is, permission to play any move without combinatorial restrictions. However, we impose an epistemic restriction by not granting Opponent omniscience, so that Proponent can have undisclosed secret moves. We introduce a basic C-like programming language and we define such a semantic model for it. We argue that the resulting semantics is an appealingly simple combination of operational and game semantics and we show how certain traces explain system-level attacks, i.e. plausible attacks that are realizable outside of the programming language itself. We also show how allowing Proponent to have secrets ensures that some desirable equivalences in the programming language are preserved.