English
Related papers

Related papers: When Good Components Go Bad: Formally Secure Compi…

200 papers

Determining if two protocols can be securely composed requires analyzing not only their additive properties but also their destructive properties. In this paper we propose a new composition method for constructing protocols based on…

Cryptography and Security · Computer Science 2009-09-01 Bela Genge , Iosif Ignat , Piroska Haller

Weird machines---the computational models accessible by exploiting security vulnerabilities---arise from the difference between the model a programmer has in her head of how her program should run and the implementation that actually…

Cryptography and Security · Computer Science 2019-11-04 Jennifer Paykin , Eric Mertens , Mark Tullsen , Luke Maurer , Benoît Razet , Alexander Bakst , Scott Moore

We present a composably secure protocol allowing $n$ parties to test an entanglement generation resource controlled by a possibly dishonest party. The test consists only in local quantum operations and authenticated classical communication…

Quantum Physics · Physics 2021-05-26 Raja Yehia , Eleni Diamanti , Iordanis Kerenidis

It is common to prove by reasoning over source code that programs do not leak sensitive data. But doing so leaves a gap between reasoning and reality that can only be filled by accounting for the behaviour of the compiler. This task is…

Logic in Computer Science · Computer Science 2020-10-23 Robert Sison , Toby Murray

We introduce SCIO*, a formally secure compilation framework for statically verified partial programs performing input-output (IO). The source language is an F* subset in which a verified program interacts with its IO-performing context via…

Mainstream compilers implement different countermeasures to prevent specific classes of speculative execution attacks. Unfortunately, these countermeasures either lack formal guarantees or come with proofs restricted to speculative…

Programming Languages · Computer Science 2025-03-06 Xaver Fabian , Marco Patrignani , Marco Guarnieri , Michael Backes

Encrypted computing is an emerging technology based on a processor that `works encrypted', taking encrypted inputs to encrypted outputs while data remains in encrypted form throughout. It aims to secure user data against possible insider…

Cryptography and Security · Computer Science 2019-02-19 Peter T. Breuer

Proving only over source code that programs do not leak sensitive data leaves a gap between reasoning and reality that can only be filled by accounting for the behaviour of the compiler. Furthermore, software does not always have the luxury…

Programming Languages · Computer Science 2023-06-22 Robert Sison , Toby Murray

Formal verification of software and compilers has been used to rule out large classes of security-critical issues, but risk of unintentional information leakage has received much less consideration. It is a key requirement for formal…

Programming Languages · Computer Science 2025-04-23 Owen Conoly , Andres Erbsen , Adam Chlipala

When implementing secure software, developers must ensure certain requirements, such as the erasure of secret data after its use and execution in real time. Such requirements are not explicitly captured by the C language and could…

Cryptography and Security · Computer Science 2019-07-08 A. P. Shivarpatna Venkatesh , A. Bhat Handadi , M. Mory

Traditional security mechanisms isolate resources from users who should not access them. We reflect the compositional nature of such security mechanisms back into the structure of LLMs to build a provably secure LLM; that we term SecureLLM.…

Computation and Language · Computer Science 2024-06-14 Abdulrahman Alabdulkareem , Christian M Arnold , Yerim Lee , Pieter M Feenstra , Boris Katz , Andrei Barbu

The disastrous vulnerabilities in smart contracts sharply remind us of our ignorance: we do not know how to write code that is secure in composition with malicious code. Information flow control has long been proposed as a way to achieve…

Cryptography and Security · Computer Science 2023-07-21 Ethan Cecchetti , Siqiu Yao , Haobin Ni , Andrew C. Myers

An `obfuscation' for encrypted computing is quantified exactly here, leading to an argument that security against polynomial-time attacks has been achieved for user data via the deliberately `chaotic' compilation required for security…

Cryptography and Security · Computer Science 2019-04-30 Peter T. Breuer

Secure software architecture is increasingly important in a data-driven world. When security is neglected sensitive information might leak through unauthorized access. To mitigate this software architects needs tools and methods to quantify…

Software Engineering · Computer Science 2024-01-17 Rasmus Carl Rønneberg

Computer systems often provide hardware support for isolation mechanisms like privilege levels, virtual memory, or enclaved execution. Over the past years, several successful software-based side-channel attacks have been developed that…

Cryptography and Security · Computer Science 2020-01-30 Matteo Busi , Job Noorman , Jo Van Bulck , Letterio Galletta , Pierpaolo Degano , Jan Tobias Mühlberg , Frank Piessens

We present a framework to formally describe probabilistic system behavior and symbolically reason about it. In particular we aim at reasoning about possible failures and fault tolerance. We regard systems which are composed of different…

Software Engineering · Computer Science 2015-03-20 Jan Olaf Blech

Automatic security protocol analysis is currently feasible only for small protocols. Since larger protocols quite often are composed of many small protocols, compositional analysis is an attractive, but non-trivial approach. We have…

Cryptography and Security · Computer Science 2007-05-23 Suzana Andova , Cas Cremers , Kristian Gjosteen , Sjouke Mauw , Stig F. Mjolsnes , Sasa Radomirovic

Hybrid systems are integrations of discrete computation and continuous physical evolution. The physical components of such systems introduce safety requirements, the achievement of which asks for the correct monitoring and control from the…

Logic in Computer Science · Computer Science 2014-03-28 Shuling Wang , Flemming Nielson , Hanne Riis Nielson

This article provides formal definitions characterizing well-formed composition of components in order to guarantee their safe deployment and execution. Our work focuses on the structural aspects of component composition; it puts together…

Distributed, Parallel, and Cluster Computing · Computer Science 2015-02-13 Ludovic Henrio , Oleksandra Kulankhina , Dongqian Liu , Eric Madelaine

This paper discusses the relationship between two frameworks: universal composability (UC) and robust compilation (RC). In cryptography, UC is a framework for the specification and analysis of cryptographic protocols with a strong…

Programming Languages · Computer Science 2022-12-16 Marco Patrignani , Robert Künnemann , Riad S. Wahby