English
Related papers

Related papers: Countering Trusting Trust through Diverse Double-C…

200 papers

An Air Force evaluation of Multics, and Ken Thompson's Turing award lecture ("Reflections on Trusting Trust"), showed that compilers can be subverted to insert malicious Trojan horses into critical software, including themselves. If this…

Cryptography and Security · Computer Science 2010-05-03 David A. Wheeler

In his 1984 Turing Award lecture, Ken Thompson showed that a compiler could be maliciously altered to insert backdoors into programs it compiles and perpetuate this behavior by modifying any compiler it subsequently builds. Thompson's hack…

Programming Languages · Computer Science 2025-08-19 Guilherme de Oliveira Silva , Fernando Magno Quintão Pereira

We present a new type of attack in which source code is maliciously encoded so that it appears different to a compiler and to the human eye. This attack exploits subtleties in text-encoding standards such as Unicode to produce source code…

Cryptography and Security · Computer Science 2023-03-09 Nicholas Boucher , Ross Anderson

This paper explores the parallels between Thompson's "Reflections on Trusting Trust" and modern challenges in LLM-based code generation. We examine how Thompson's insights about compiler backdoors take on new relevance in the era of large…

Software Engineering · Computer Science 2025-02-25 Bradley McDanel

The implementations of most hardened cryptographic libraries use defensive programming techniques for side-channel resistance. These techniques are usually specified as guidelines to developers on specific code patterns to use or avoid.…

Cryptography and Security · Computer Science 2025-09-03 Moritz Schneider , Daniele Lain , Ivan Puddu , Nicolas Dutly , Srdjan Capkun

Fault injection attacks can cause errors in software for malicious purposes. Oftentimes, vulnerable points of a program are detected after its development. It is therefore critical for the user of the program to be able to apply last-minute…

Cryptography and Security · Computer Science 2020-12-01 Pantea Kiaei , Cees-Bart Breunesse , Mohsen Ahmadi , Patrick Schaumont , Jasper van Woudenberg

Deep learning (DL) compilers are core infrastructure in modern DL systems, offering flexibility and scalability beyond vendor-specific libraries. This work uncovers a fundamental vulnerability in their design: can an official, unmodified…

Cryptography and Security · Computer Science 2025-10-28 Simin Chen , Jinjun Peng , Yixin He , Junfeng Yang , Baishakhi Ray

Fault attacks against embedded circuits enabled to define many new attack paths against secure circuits. Every attack path relies on a specific fault model which defines the type of faults that the attacker can perform. On embedded…

Cryptography and Security · Computer Science 2014-02-27 Nicolas Moro , Karine Heydemann , Emmanuelle Encrenaz , Bruno Robisson

While vulnerability research often focuses on technical findings and post-public release industrial response, we provide an analysis of the rest of the story: the coordinated disclosure process from discovery through public release. The…

Cryptography and Security · Computer Science 2022-09-23 Nicholas Boucher , Ross Anderson

Traditional redundancy (lockstep, TMR) executes identical binaries with identical memory layouts. A single correlated fault - for example, an arbitrary program counter value or a perturbation delta-PC in all replicas - redirects all…

Programming Languages · Computer Science 2026-05-14 Petro Baran Yrievich

A Digital Twin (DT) is a digital representation of a physical object used to simulate it before it is built or to predict failures after the object is deployed. In this article, we introduce our approach, which applies the concept of a…

Cryptography and Security · Computer Science 2021-10-01 Ana Cristina Franco da Silva , Stefan Wagner , Eddie Lazebnik , Eyal Traitel

Environmental noise (e.g.heat, ionized particles, etc.) causes transient faults in hardware, which lead to corruption of stored values. Mission-critical devices require such faults to be mitigated by fault-tolerance --- a combination of…

Cryptography and Security · Computer Science 2014-10-28 Filippo Del Tedesco , David Sands , Alejandro Russo

Third-party intellectual property cores are essential building blocks of modern system-on-chip and integrated circuit designs. However, these design components usually come from vendors of different trust levels and may contain undocumented…

Cryptography and Security · Computer Science 2025-09-09 Wei Hu , Beibei Li , Lingjuan Wu , Yiwei Li , Xuefei Li , Liang Hong

Proving secure compilation of partial programs typically requires back-translating an attack against the compiled program to an attack against the source program. To prove back-translation, one can syntactically translate the target…

Programming Languages · Computer Science 2022-06-06 Akram El-Korashy , Roberto Blanco , Jérémy Thibault , Adrien Durier , Deepak Garg , Catalin Hritcu

Modern software deployment process produces software that is uniform, and hence vulnerable to large-scale code-reuse attacks. Compiler-based diversification improves the resilience and security of software systems by automatically…

Cryptography and Security · Computer Science 2020-07-20 Rodothea Myrsini Tsoupidi , Roberto Castañeda Lozano , Benoit Baudry

Random testing has proven to be an effective technique for compiler validation. However, the debugging of bugs identified through random testing presents a significant challenge due to the frequent occurrence of duplicate test programs that…

Software Engineering · Computer Science 2026-01-28 Xintong Zhou , Zhenyang Xu , Yongqiang Tian , Chengnian Sun

The identification of vulnerabilities is an important element in the software development life cycle to ensure the security of software. While vulnerability identification based on the source code is a well studied field, the identification…

Cryptography and Security · Computer Science 2022-12-05 Andreas Schaad , Dominik Binder

In this paper, we take a deep dive into microarchitectural security from a hardware designer's perspective by reviewing the existing approaches to detect hardware vulnerabilities during the design phase. We show that a protection gap…

Weird machines---the computational models accessible by exploiting security vulnerabilities---arise from the difference between the model a programmer has in her head of how her program should run and the implementation that actually…

Cryptography and Security · Computer Science 2019-11-04 Jennifer Paykin , Eric Mertens , Mark Tullsen , Luke Maurer , Benoît Razet , Alexander Bakst , Scott Moore

Recently, it has been shown that deep learning models are vulnerable to Trojan attacks, where an attacker can install a backdoor during training time to make the resultant model misidentify samples contaminated with a small trigger patch.…

Computer Vision and Pattern Recognition · Computer Science 2020-06-11 Haripriya Harikumar , Vuong Le , Santu Rana , Sourangshu Bhattacharya , Sunil Gupta , Svetha Venkatesh
‹ Prev 1 2 3 10 Next ›