English
Related papers

Related papers: VST-Flow: Fine-grained low-level reasoning about r…

200 papers

Confidential computing is a key technology for isolating high-assurance applications from the large amounts of untrusted code typical in modern systems. Existing confidential computing systems cannot be certified for use in critical…

Cryptography and Security · Computer Science 2023-11-02 Wojciech Ozga , Guerney D. H. Hunt , Michael V. Le , Elaine R. Palmer , Avraham Shinnar

We present a light formalism for proofs that encodes their inferential structure, along with a system that transforms these representations into flow-chart diagrams. Such diagrams should improve the comprehensibility of proofs. We discuss…

Digital Libraries · Computer Science 2012-02-06 Steven A. Kieffer

We present the Flow-Limited Authorization First-Order Logic (FLAFOL), a logic for reasoning about authorization decisions in the presence of information-flow policies. We formalize the FLAFOL proof system, characterize its proof-theoretic…

Cryptography and Security · Computer Science 2020-12-11 Andrew K. Hirsch , Pedro H. Azevedo de Amorim , Ethan Cecchetti , Ross Tate , Owen Arden

The paper studies dynamic information flow security policies in an automaton-based model. Two semantic interpretations of such policies are developed, both of which generalize the notion of TA-security [van der Meyden ESORICS 2007] for…

Cryptography and Security · Computer Science 2016-01-21 Sebastian Eggert , Ron van der Meyden

Subverting the flow of instructions (e.g., by use of code-reuse attacks) still poses a serious threat to the security of today's systems. Various control flow integrity (CFI) schemes have been proposed as a powerful technique to detect and…

Hardware Architecture · Computer Science 2021-03-09 Mario Telesklav , Stefan Tauner

The Rust programming language provides a powerful type system that checks linearity and borrowing, allowing code to safely manipulate memory without garbage collection and making Rust ideal for developing low-level, high-assurance systems.…

Logic in Computer Science · Computer Science 2023-03-14 Andrea Lattuada , Travis Hance , Chanhee Cho , Matthias Brun , Isitha Subasinghe , Yi Zhou , Jon Howell , Bryan Parno , Chris Hawblitzel

Security of information flow is commonly understood as preventing any information leakage, regardless of how grave or harmless consequences the leakage can have. In this work, we suggest that information security is not a goal in itself,…

Cryptography and Security · Computer Science 2016-08-09 Wojciech Jamroga , Masoud Tabatabaei

Expressive static typing disciplines are a powerful way to achieve high-quality software. However, the adoption cost of such techniques should not be under-estimated. Just like gradual typing allows for a smooth transition from…

Programming Languages · Computer Science 2015-08-25 Éric Tanter , Nicolas Tabareau

A security policy specifies a security property as the maximal information flow. A distributed system composed of interacting processes implicitly defines an intransitive security policy by repudiating direct information flow between…

Cryptography and Security · Computer Science 2013-10-15 Jean Quilbeuf , Georgeta Igna , Denis Bytschkow , Harald Ruess

Security graphs model attacks, defenses, mitigations, and vulnerabilities on computer networks and systems. With proper attributes, they provide security metrics using standard graph algorithms. A hyperflow graph is a register-transfer…

Cryptography and Security · Computer Science 2023-04-18 Andres Meza , Ryan Kastner

We present a Hoare logic that extends program specifications with regular expressions that capture behaviors in terms of sequences of events that arise during the execution. The idea is similar to session types or process-like behavioral…

Logic in Computer Science · Computer Science 2022-05-16 Gidon Ernst , Alexander Knapp , Toby Murray

Lower-end IoT devices typically have strict cost constraints that rule out usual security mechanisms available in general-purpose computers or higher-end devices. To secure low-end devices, various low-cost security architectures have been…

Cryptography and Security · Computer Science 2024-01-12 Ivan De Oliveira Nunes , Sashidhar Jakkamsetti , Norrathep Rattanavipanon , Gene Tsudik

We present the Foundational Cryptography Framework (FCF) for developing and checking complete proofs of security for cryptographic schemes within a proof assistant. This is a general-purpose framework that is capable of modeling and…

Programming Languages · Computer Science 2014-10-15 Adam Petcher , Greg Morrisett

In order to help students learn how to write mathematical proofs, we adapt the Coq proof assistant into an educational tool we call Waterproof. Like with other interactive theorem provers, students write out their proofs inside the software…

Proof-carrying-code was proposed as a solution to ensure a trust relationship between two parties: a (heavyweight) analyzer and a (lightweight) checker. The analyzer verifies the conformance of a given application to a specified property…

Programming Languages · Computer Science 2018-08-06 Mohamed Nassim Seghir

Information flow analysis prevents secret or untrusted data from flowing into public or trusted sinks. Existing mechanisms cover a wide array of options, ranging from lightweight taint analysis to heavyweight information flow control that…

Cryptography and Security · Computer Science 2019-06-28 Cristian-Alexandru Staicu , Daniel Schoepe , Musard Balliu , Michael Pradel , Andrei Sabelfeld

Despite its ever-increasing impact, security is not considered as a design objective in commercial electronic design automation (EDA) tools. This results in vulnerabilities being overlooked during the software-hardware design process.…

Cryptography and Security · Computer Science 2023-08-08 Lennart M. Reimann , Jonathan Wiesner , Dominik Sisejkovic , Farhad Merchant , Rainer Leupers

Informal arguments that cryptographic protocols are secure can be made rigorous using inductive definitions. The approach is based on ordinary predicate calculus and copes with infinite-state systems. Proofs are generated using…

Cryptography and Security · Computer Science 2021-05-14 Lawrence C. Paulson

The importance of information security dramatically increased and will further grow due to the shape and nature of the modern computing industry. Software is published at a continuously increasing pace. The Internet of Things and security…

Cryptography and Security · Computer Science 2022-05-10 Mattia Paccamiccio , Leonardo Mostarda

Security analysis is an essential activity in security engineering to identify potential system vulnerabilities and achieve security requirements in the early design phases. Due to the increasing complexity of modern systems, traditional…

Cryptography and Security · Computer Science 2021-02-10 Jinghua Yu , Stefan Wagner , Feng Luo