English
Related papers

Related papers: VST-Flow: Fine-grained low-level reasoning about r…

200 papers

Static data-flow analysis has proven its effectiveness in assessing security of applications. One major challenge it faces is scalability to large software. This issue is even exacerbated when additional limitations on computing and storage…

Software Engineering · Computer Science 2018-08-08 Mohamed Nassim Seghir

We consider the automatic verification of information flow security policies of web-based workflows, such as conference submission systems like EasyChair. Our workflow description language allows for loops, non-deterministic choice, and an…

Logic in Computer Science · Computer Science 2017-08-31 Bernd Finkbeiner , Christian Müller , Helmut Seidl , Eugen Zălinescu

In workflows and business processes, there are often security requirements on both the data, i.e. confidentiality and integrity, and the process, e.g. separation of duty. Graphical notations exist for specifying both workflows and…

Cryptography and Security · Computer Science 2014-04-09 Thomas Bauereiss , Dieter Hutter

Many security- and performance-critical domains, such as cryptography, rely on low-level verification to minimize the trusted computing surface and allow code to be written directly in assembly. However, verifying assembly code against a…

Logic in Computer Science · Computer Science 2025-05-21 Denis Mazzucato , Abdalrhman Mohamed , Juneyoung Lee , Clark Barrett , Jim Grundy , John Harrison , Corina S. Pasareanu

Programmers of cryptographic applications written in C need to avoid common mistakes such as sending private data over public channels, modifying trusted data with untrusted functions, or improperly ordering protocol steps. These secrecy,…

Cryptography and Security · Computer Science 2019-07-04 Darion Cassel , Yan Huang , Limin Jia

VeriFast is a powerful tool for verification of various correctness properties of C programs using symbolic execution. However, VeriFast itself has not been verified. We present a proof-of-concept extension which generates a correctness…

Logic in Computer Science · Computer Science 2023-08-31 Stefan Wils , Bart Jacobs

Security protocols are essential building blocks of modern IT systems. Subtle flaws in their design or implementation may compromise the security of entire systems. It is, thus, important to prove the absence of such flaws through formal…

Cryptography and Security · Computer Science 2023-09-12 Linard Arquint , Malte Schwerhoff , Vaibhav Mehta , Peter Müller

Rust aims to be a safe programming language applicable to systems programming applications. In particular, its type system has strong guardrails to prevent a variety of issues, such as memory safety bugs and data races. However, these…

Programming Languages · Computer Science 2024-10-04 Alex Le Blanc , Patrick Lam

Acceleration in symbolic verification consists in computing the exact effect of some control-flow loops in order to speed up the iterative fix-point computation of reachable states. Even if no termination guarantee is provided in theory,…

Data Structures and Algorithms · Computer Science 2008-12-11 Jérôme Leroux , Gregoire Sutre

When computation is outsourced, the data owner would like to be assured that the desired computation has been performed correctly by the service provider. In theory, proof systems can give the necessary assurance, but prior work is not…

Databases · Computer Science 2011-10-03 Graham Cormode , Justin Thaler , Ke Yi

Knowledge flow analysis offers a simple and flexible way to find flaws in security protocols. A protocol is described by a collection of rules constraining the propagation of knowledge amongst principals. Because this characterization…

Cryptography and Security · Computer Science 2007-05-23 Emina Torlak , Marten van Dijk , Blaise Gassend , Daniel Jackson , Srinivas Devadas

The design of tiny trust anchors has received significant attention over the past decade, to secure low-end MCU-s that cannot afford expensive security mechanisms. In particular, hardware/software (hybrid) co-designs offer low hardware…

Cryptography and Security · Computer Science 2020-12-16 Ivan De Oliveira Nunes , Sashidhar Jakkamsetti , Gene Tsudik

Behavioral software contracts are a widely used mechanism for governing the flow of values between components. However, run-time monitoring and enforcement of contracts imposes significant overhead and delays discovery of faulty components…

Programming Languages · Computer Science 2014-06-17 Phuc C. Nguyen , Sam Tobin-Hochstadt , David Van Horn

We extend the Stainless deductive verifier with floating-point support, providing the first automated verification support for floating-point numbers for a subset of Scala that includes polymorphism, recursion and higher-order functions. We…

Programming Languages · Computer Science 2026-01-21 Andrea Gilot , Axel Bergström , Eva Darulova

Security policies are naturally dynamic. Reflecting this, there has been a growing interest in studying information-flow properties which change during program execution, including concepts such as declassification, revocation, and…

Cryptography and Security · Computer Science 2015-01-13 Bart van Delft , Sebastian Hunt , David Sands

Static analysis remains one of the most popular approaches for detecting and correcting poor or vulnerable program code. It involves the examination of code listings, test results, or other documentation to identify errors, violations of…

Artificial Intelligence · Computer Science 2021-08-27 Fitzroy D. Nembhard , Marco M. Carvalho

The enormous amount of code required to design modern hardware implementations often leads to critical vulnerabilities being overlooked. Especially vulnerabilities that compromise the confidentiality of sensitive data, such as cryptographic…

Cryptography and Security · Computer Science 2021-12-23 Lennart M. Reimann , Luca Hanel , Dominik Sisejkovic , Farhad Merchant , Rainer Leupers

In this paper, we present a Hoare-style logic for reasoning about quantum programs with classical variables. Our approach offers several improvements over previous work: (1) Enhanced expressivity of the programming language: Our logic…

Programming Languages · Computer Science 2026-04-21 Mingsheng Ying

We study a proof methodology for verifying the safety of data invariants of highly-available distributed applications that replicate state. The proof is (1) modular: one can reason about each individual operation separately, and (2)…

Distributed, Parallel, and Cluster Computing · Computer Science 2019-03-08 Sreeja Nair , Gustavo Petri , Marc Shapiro

We propose a light-weight approach for certification of monitor inlining for sequential Java bytecode using proof-carrying code. The goal is to enable the use of monitoring for quality assurance at development time, while minimizing the…

Logic in Computer Science · Computer Science 2010-12-15 Mads Dam , Andreas Lundblad