We present Security Relaxed Separation Logic (SecRSL), a separation logic for proving information-flow security of C11 programs in the Release-Acquire fragment with relaxed accesses. SecRSL is the first security logic that (1) supports weak-memory reasoning about programs in a high-level language; (2) inherits separation logic's virtues of compositional, local reasoning about (3) expressive security policies like value-dependent classification. SecRSL is also, to our knowledge, the first security logic developed over an axiomatic memory model. Thus we also present the first definitions of information-flow security for an axiomatic weak memory model, against which we prove SecRSL sound. SecRSL ensures that programs satisfy a constant-time security guarantee, while being free of undefined behaviour. We apply SecRSL to implement and verify the functional correctness and constant-time security of a range of concurrency primitives, including a spinlock module, a mixed-sensitivity mutex, and multiple synchronous channel implementations. Empirical performance evaluations of the latter demonstrate SecRSL's power to support the development of secure and performant concurrent C programs.

中文翻译：

---

SecRSL：C11 Release-Acquire Concurrency的安全分离逻辑（扩展版附技术附录）

我们提出了安全宽松分离逻辑 (SecRSL)，这是一种分离逻辑，用于证明具有宽松访问权限的 Release-Acquire 片段中的 C11 程序的信息流安全性。SecRSL 是第一个安全逻辑，它 (1) 支持高级语言程序的弱内存推理；(2) 继承了分离逻辑的组合、局部推理的优点 (3) 表达安全策略，如依赖值的分类。据我们所知，SecRSL 也是第一个基于公理存储模型开发的安全逻辑。因此，我们还提出了公理弱记忆模型的信息流安全性的第一个定义，我们证明了 SecRSL 的合理性。SecRSL 确保程序满足恒定时间安全保证，同时没有未定义的行为。我们应用 SecRSL 来实现和验证一系列并发原语的功能正确性和恒定时间安全性，包括自旋锁模块、混合敏感互斥锁和多个同步通道实现。后者的实证性能评估证明了 SecRSL 支持安全和高性能并发 C 程序开发的能力。