English
Related papers

Related papers: Exorcising Spectres with Secure Compilers

200 papers

Mainstream compilers implement different countermeasures to prevent specific classes of speculative execution attacks. Unfortunately, these countermeasures either lack formal guarantees or come with proofs restricted to speculative…

Programming Languages · Computer Science 2025-03-06 Xaver Fabian , Marco Patrignani , Marco Guarnieri , Michael Backes

Secure compilation prevents all low-level attacks on compiled code and allows for sound reasoning about security in the source language. In this work we propose a new attacker model for secure compilation that extends the well-known notion…

Secure compilers generate compiled code that withstands many target-level attacks such as alteration of control flow, data leaks or memory corruption. Many existing secure compilers are proven to be fully abstract, meaning that they reflect…

Programming Languages · Computer Science 2020-11-30 Marco Patrignani , Deepak Garg

We propose a new formal criterion for evaluating secure compilation schemes for unsafe languages, expressing end-to-end security guarantees for software components that may become compromised after encountering undefined behavior---for…

Secure compilation studies compilers that generate target-level components that are as secure as their source-level counterparts. Full abstraction is the most widely-proven property when defining a secure compiler. A compiler is modular if…

Programming Languages · Computer Science 2016-04-19 Marco Patrignani , Dominique Devriese , Frank Piessens

When implementing secure software, developers must ensure certain requirements, such as the erasure of secret data after its use and execution in real time. Such requirements are not explicitly captured by the C language and could…

Cryptography and Security · Computer Science 2019-07-08 A. P. Shivarpatna Venkatesh , A. Bhat Handadi , M. Mory

Spectre vulnerabilities violate our fundamental assumptions about architectural abstractions, allowing attackers to steal sensitive data despite previously state-of-the-art countermeasures. To defend against Spectre, developers of…

Cryptography and Security · Computer Science 2022-04-11 Sunjay Cauligi , Craig Disselkoen , Daniel Moghimi , Gilles Barthe , Deian Stefan

In this paper, we analyze the security of programming languages and their execution environments (compilers and interpreters) with respect to Spectre attacks. The analysis shows that only 16 out of 42 execution environments have mitigations…

Cryptography and Security · Computer Science 2021-11-25 Amir Naseredini , Stefan Gast , Martin Schwarzl , Pedro Miguel Sousa Bernardo , Amel Smajic , Claudio Canella , Martin Berger , Daniel Gruss

Spectre attacks enable an attacker to access restricted data in an application's memory. Both the academic community and industry veterans have developed several mitigations to block Spectre attacks, but to date, very few have been formally…

Cryptography and Security · Computer Science 2022-08-03 Sunjay Cauligi , Marco Guarnieri , Daniel Moghimi , Deian Stefan , Marco Vassena

Microarchitectural attacks exploit the abstraction gap between the Instruction Set Architecture (ISA) and how instructions are actually executed by processors to compromise the confidentiality and integrity of a system. To secure systems…

Cryptography and Security · Computer Science 2020-12-29 Marco Guarnieri , Marco Patrignani

We propose a new formal criterion for secure compilation, providing strong security guarantees for components written in unsafe, low-level languages with C-style undefined behavior. Our criterion goes beyond recent proposals, which protect…

The recent Spectre attacks has demonstrated the fundamental insecurity of current computer microarchitecture. The attacks use features like pipelining, out-of-order and speculation to extract arbitrary information about the memory contents…

Cryptography and Security · Computer Science 2020-08-18 Roberto Guanciale , Musard Balliu , Mads Dam

Undefined behavior in C often causes devastating security vulnerabilities. One practical mitigation is compartmentalization, which allows developers to structure large programs into mutually distrustful compartments with clearly specified…

Secure applications implement software protections against side-channel and physical attacks. Such protections are meaningful at machine code or micro-architectural level, but they typically do not carry observable semantics at source…

Cryptography and Security · Computer Science 2021-01-18 Son Tuan Vu , Albert Cohen , Karine Heydemann , Arnaud de Grandmaison , Christophe Guillon

Modern processors use branch prediction and speculative execution to maximize performance. For example, if the destination of a branch depends on a memory value that is in the process of being read, CPUs will try guess the destination and…

Cryptography and Security · Computer Science 2018-01-08 Paul Kocher , Daniel Genkin , Daniel Gruss , Werner Haas , Mike Hamburg , Moritz Lipp , Stefan Mangard , Thomas Prescher , Michael Schwarz , Yuval Yarom

Developing secure distributed systems is difficult, and even harder when advanced cryptography must be used to achieve security goals. Following prior work, we advocate using secure program partitioning to synthesize cryptographic…

Cryptography and Security · Computer Science 2024-01-10 Coşku Acay , Joshua Gancher , Rolph Recto , Andrew C. Myers

Compiler correctness is, in its simplest form, defined as the inclusion of the set of traces of the compiled program into the set of traces of the original program, which is equivalent to the preservation of all trace properties. Here…

Recent discovery of security attacks in advanced processors, known as Spectre and Meltdown, has resulted in high public alertness about security of hardware. The root cause of these attacks is information leakage across "covert channels"…

Cryptography and Security · Computer Science 2018-12-13 Mohammad Rahmani Fadiheh , Dominik Stoffel , Clark Barrett , Subhasish Mitra , Wolfgang Kunz

The implementations of most hardened cryptographic libraries use defensive programming techniques for side-channel resistance. These techniques are usually specified as guidelines to developers on specific code patterns to use or avoid.…

Cryptography and Security · Computer Science 2025-09-03 Moritz Schneider , Daniele Lain , Ivan Puddu , Nicolas Dutly , Srdjan Capkun

Since the discovery of Spectre, a large number of hardware mechanisms for secure speculation has been proposed. Intuitively, more defensive mechanisms are less efficient but can securely execute a larger class of programs, while more…

Cryptography and Security · Computer Science 2020-10-02 Marco Guarnieri , Boris Köpf , Jan Reineke , Pepe Vila
‹ Prev 1 2 3 10 Next ›