English
Related papers

Related papers: When Good Components Go Bad: Formally Secure Compi…

200 papers

We propose a new formal criterion for secure compilation, providing strong security guarantees for components written in unsafe, low-level languages with C-style undefined behavior. Our criterion goes beyond recent proposals, which protect…

Undefined behavior in C often causes devastating security vulnerabilities. One practical mitigation is compartmentalization, which allows developers to structure large programs into mutually distrustful compartments with clearly specified…

Compartmentalization is good security-engineering practice. By breaking a large software system into mutually distrustful components that run with minimal privileges, restricting their interactions to conform to well-defined interfaces, we…

Cryptography and Security · Computer Science 2017-04-18 Yannis Juglaret , Catalin Hritcu , Arthur Azevedo de Amorim , Boris Eng , Benjamin C. Pierce

Secure compilation prevents all low-level attacks on compiled code and allows for sound reasoning about security in the source language. In this work we propose a new attacker model for secure compilation that extends the well-known notion…

Secure compilers generate compiled code that withstands many target-level attacks such as alteration of control flow, data leaks or memory corruption. Many existing secure compilers are proven to be fully abstract, meaning that they reflect…

Programming Languages · Computer Science 2020-11-30 Marco Patrignani , Deepak Garg

Memory corruption vulnerabilities are endemic to unsafe languages, such as C, and they can even be found in safe languages that themselves are implemented in unsafe languages or linked with libraries implemented in unsafe languages. Robust…

Cryptography and Security · Computer Science 2018-02-06 Ana Nora Evans

Secure compilation studies compilers that generate target-level components that are as secure as their source-level counterparts. Full abstraction is the most widely-proven property when defining a secure compiler. A compiler is modular if…

Programming Languages · Computer Science 2016-04-19 Marco Patrignani , Dominique Devriese , Frank Piessens

Environmental noise (e.g.heat, ionized particles, etc.) causes transient faults in hardware, which lead to corruption of stored values. Mission-critical devices require such faults to be mitigated by fault-tolerance --- a combination of…

Cryptography and Security · Computer Science 2014-10-28 Filippo Del Tedesco , David Sands , Alejandro Russo

Microarchitectural attacks exploit the abstraction gap between the Instruction Set Architecture (ISA) and how instructions are actually executed by processors to compromise the confidentiality and integrity of a system. To secure systems…

Cryptography and Security · Computer Science 2020-12-29 Marco Guarnieri , Marco Patrignani

Developing secure distributed systems is difficult, and even harder when advanced cryptography must be used to achieve security goals. Following prior work, we advocate using secure program partitioning to synthesize cryptographic…

Cryptography and Security · Computer Science 2024-01-10 Coşku Acay , Joshua Gancher , Rolph Recto , Andrew C. Myers

Content composition vulnerabilities remain among the most prevalent and persistent classes of security weakness in deployed software. Prior mitigations, including developer training, static analysis tools, and domain-specific template…

Programming Languages · Computer Science 2026-05-19 Mike Samuel , Tom Palmer , Shaw Summa , Robert Grayson

The most prominent formal criterion for secure compilation is full abstraction, the preservation and reflection of contextual equivalence. Recent work introduced robust compilation, defined as the preservation of robust satisfaction of…

Programming Languages · Computer Science 2021-09-21 Carmine Abate , Matteo Busi , Stelios Tsampas

Attackers can access sensitive information of programs by exploiting the side-effects of speculatively-executed instructions using Spectre attacks. To mitigate theses attacks, popular compilers deployed a wide range of countermeasures. The…

Programming Languages · Computer Science 2021-09-13 Marco Patrignani , Marco Guarnieri

To ensure that secure applications do not leak their secrets, they are required to uphold several security properties such as spatial and temporal memory safety as well as cryptographic constant time. Existing work shows how to enforce…

Cryptography and Security · Computer Science 2024-10-10 Matthis Kruse , Michael Backes , Marco Patrignani

(CROPPED TO FIT IN ARXIV'S SILLY LIMIT. SEE PDF FOR COMPLETE ABSTRACT.) We are the first to thoroughly explore a large space of formal secure compilation criteria based on robust property preservation, i.e., the preservation of properties…

Programming Languages · Computer Science 2020-11-18 Carmine Abate , Roberto Blanco , Deepak Garg , Catalin Hritcu , Marco Patrignani , Jérémy Thibault

Secure compilation aims to build compilation chains that preserve security properties when translating programs from a source to a target language. Recent research led to the definition of secure compilation principles that, if met,…

Programming Languages · Computer Science 2019-01-17 Matteo Busi , Pierpaolo Degano , Letterio Galletta

Program safety (i.e., absence of undefined behaviors) is critical for correct operation of computer systems. It is usually verified at the source level (e.g., by separation logics) and preserved to the target by verified compilers (e.g.,…

Programming Languages · Computer Science 2025-10-14 Jinhua Wu , Yuting Wang , Liukun Yu , Linglong Meng

Closed-loop verification of cyber-physical systems with neural network controllers offers strong safety guarantees under certain assumptions. It is, however, difficult to determine whether these guarantees apply at run time because…

Logic in Computer Science · Computer Science 2022-05-09 Ivan Ruchkin , Matthew Cleaveland , Radoslav Ivanov , Pengyuan Lu , Taylor Carpenter , Oleg Sokolsky , Insup Lee

We introduce a novel approach to secure compilation based on maps of distributive laws. We demonstrate through four examples that the coherence criterion for maps of distributive laws can potentially be a viable alternative for compiler…

Programming Languages · Computer Science 2020-04-22 Stelios Tsampas , Andreas Nuyts , Dominique Devriese , Frank Piessens

Biometric systems, while offering convenient authentication, often fall short in providing rigorous security assurances. A primary reason is the ad-hoc design of protocols and components, which hinders the establishment of comprehensive…

Cryptography and Security · Computer Science 2024-11-27 Sam Grierson , William J Buchanan , Craig Thomson , Baraq Galeb , Chris Eckl
‹ Prev 1 2 3 10 Next ›