English
Related papers

Related papers: Verifying and Synthesizing Constant-Resource Imple…

200 papers

Constant-time programming is a countermeasure to prevent cache based attacks where programs should not perform memory accesses that depend on secrets. In some cases this policy can be safely relaxed if one can prove that the program does…

Cryptography and Security · Computer Science 2023-06-22 Cristian Ene , Laurent Mounier , Marie-Laure Potet

Many important security properties can be formulated in terms of flows of tainted data, and improved taint analysis tools to prevent such flows are of critical need. Most existing taint analyses use whole-program static analysis, leading to…

Programming Languages · Computer Science 2025-05-02 Nima Karimipour , Kanak Das , Manu Sridharan , Behnaz Hassanshahi

We propose TOPL automata as a new method for runtime verification of systems with unbounded resource generation. Paradigmatic such systems are object-oriented programs which can dynamically generate an unbounded number of fresh object…

Formal Languages and Automata Theory · Computer Science 2015-01-21 Radu Grigore , Dino Distefano , Rasmus Lerchedahl Petersen , Nikos Tzevelekos

Realizing flow security in a concurrent environment is extremely challenging, primarily due to non-deterministic nature of execution. The difficulty is further exacerbated from a security angle if sequential threads disclose control…

Programming Languages · Computer Science 2021-03-04 Sandip Ghosal , R. K. Shyamasundar

Resource-aware type systems statically approximate not only the expected result type of a program, but also the way external resources are used, e.g., how many times the value of a variable is needed. We extend the type system of…

Programming Languages · Computer Science 2023-02-16 Riccardo Bianchini , Francesco Dagnino , Paola Giannini , Elena Zucca

Rust has become a popular system programming language that strikes a balance between memory safety and performance. Rust's type system ensures the safety of low-level memory controls; however, a well-typed Rust program is not guaranteed to…

Programming Languages · Computer Science 2025-02-28 Qihao Lian , Di Wang

The constant-time discipline is a software-based countermeasure used for protecting high assurance cryptographic implementations against timing side-channel attacks. Constant-time is effective (it protects against many known attacks),…

Cryptography and Security · Computer Science 2020-05-12 Sunjay Cauligi , Craig Disselkoen , Klaus v. Gleissenthall , Dean Tullsen , Deian Stefan , Tamara Rezk , Gilles Barthe

In concurrent and distributed systems, software components are expected to communicate according to predetermined protocols and APIs - and if a component does not observe them, the system's reliability is compromised. Furthermore, isolating…

Programming Languages · Computer Science 2021-05-25 Christian Batrolo Burlò , Adrian Francalanza , Alceste Scalas

Toman et al. have proposed a type system for automatic verification of low-level programs, which combines ownership types and refinement types to enable strong updates of refinement types in the presence of pointer aliases. We extend their…

Programming Languages · Computer Science 2023-12-12 Izumi Tanaka , Ken Sakayori , Naoki Kobayashi

Type-and-effect systems are a widely-used approach to program verification, verifying the result of a computation using types, and the behavior using effects. This paper extends an effect system for verifying temporal, value-dependent…

Programming Languages · Computer Science 2022-07-22 Taro Sekiyama , Hiroshi Unno

The dramatic increase of autonomous systems subject to variable environments has given rise to the pressing need to consider risk in both the synthesis and verification of policies for these systems. This paper aims to address a few…

Artificial Intelligence · Computer Science 2022-04-22 Prithvi Akella , Anushri Dixit , Mohamadreza Ahmadi , Joel W. Burdick , Aaron D. Ames

We claim that existing techniques and tools for generating and verifying constant-time code are incomplete, since they rely on assumptions that compiler optimization passes do not break constant-timeness or that certain operations execute…

Cryptography and Security · Computer Science 2023-11-27 Garrett Gu , Hovav Shacham

In this dissertation we focus on providing effective adaptations that can be localised and applied to specific concurrent actors, thereby only causing a temporary disruption to the parts of the system requiring mitigation, while leaving the…

Programming Languages · Computer Science 2017-09-08 Ian Cassar

Timing side-channel attacks exploit variations in program execution time to recover sensitive information. Cryptographic implementations are especially vulnerable to these attacks, since even small timing differences in operations such as…

Cryptography and Security · Computer Science 2026-04-21 Nges Brian Njungle , Edwin P. Kayang , Mishel J. Paul , Michel A. Kinsy

Precisely modeling complex systems like cyber-physical systems is challenging, which often render model-based system verification techniques like model checking infeasible. To overcome this challenge, we propose a method called LAR to…

Software Engineering · Computer Science 2019-11-21 Jingyi Wang , Jun Sun , Shengchao Qin , Cyrille Jegourel

The Automatic Amortized Resource Analysis (AARA) derives program-execution cost bounds using types. To do so, AARA often makes use of cost-free types, which are critical for the composition of types and cost bounds. However, inferring…

Programming Languages · Computer Science 2025-09-30 David M Kahn , Jan Hoffmann , Thomas Reps , Jessie Grosen

This article presents a type-based analysis for deriving upper bounds on the expected execution cost of probabilistic programs. The analysis is naturally compositional, parametric in the cost model, and supports higher order functions and…

Programming Languages · Computer Science 2020-09-23 Di Wang , David M Kahn , Jan Hoffmann

When scripts in untyped languages grow into large programs, maintaining them becomes difficult. A lack of explicit type annotations in typical scripting languages forces programmers to must (re)discover critical pieces of design information…

Programming Languages · Computer Science 2011-06-15 Sam Tobin-Hochstadt , Matthias Felleisen

The Windows Vista operating system implements an interesting model of multi-level integrity. We observe that in this model, trusted code can be blamed for any information-flow attack; thus, it is possible to eliminate such attacks by static…

Cryptography and Security · Computer Science 2008-12-18 Avik Chaudhuri , Prasad Naldurg , Sriram Rajamani

Strategy languages enable programmers to compose rewrite rules into strategies and control their application. This is useful in programming languages, e.g., for describing program transformations compositionally, but also in automated…

Programming Languages · Computer Science 2023-04-28 Rongxiao Fu , Ornela Dardha , Michel Steuwer