English
Related papers

Related papers: Contract-Aware Secure Compilation

200 papers
Towards a Fully Abstract Compiler Using Micro-Policies: Secure Compilation for Mutually Distrustful Components

Secure compilation prevents all low-level attacks on compiled code and allows for sound reasoning about security in the source language. In this work we propose a new attacker model for secure compilation that extends the well-known notion…

Programming Languages · Computer Science 2015-10-05 Yannis Juglaret , Catalin Hritcu , Arthur Azevedo de Amorim , Benjamin C. Pierce , Antal Spector-Zabusky , Andrew Tolmach
Robustly Safe Compilation or, Efficient, Provably Secure Compilation

Secure compilers generate compiled code that withstands many target-level attacks such as alteration of control flow, data leaks or memory corruption. Many existing secure compilers are proven to be fully abstract, meaning that they reflect…

Programming Languages · Computer Science 2020-11-30 Marco Patrignani , Deepak Garg
When Good Components Go Bad: Formally Secure Compilation Despite Dynamic Compromise

We propose a new formal criterion for evaluating secure compilation schemes for unsafe languages, expressing end-to-end security guarantees for software components that may become compromised after encountering undefined behavior---for…

Cryptography and Security · Computer Science 2019-12-02 Carmine Abate , Arthur Azevedo de Amorim , Roberto Blanco , Ana Nora Evans , Guglielmo Fachini , Catalin Hritcu , Théo Laurent , Benjamin C. Pierce , Marco Stronati , Jérémy Thibault , Andrew Tolmach
Beyond Good and Evil: Formalizing the Security Guarantees of Compartmentalizing Compilation

Compartmentalization is good security-engineering practice. By breaking a large software system into mutually distrustful components that run with minimal privileges, restricting their interactions to conform to well-defined interfaces, we…

Cryptography and Security · Computer Science 2017-04-18 Yannis Juglaret , Catalin Hritcu , Arthur Azevedo de Amorim , Boris Eng , Benjamin C. Pierce
Formally Secure Compilation of Unsafe Low-Level Components (Extended Abstract)

We propose a new formal criterion for secure compilation, providing strong security guarantees for components written in unsafe, low-level languages with C-style undefined behavior. Our criterion goes beyond recent proposals, which protect…

Cryptography and Security · Computer Science 2017-11-01 Guglielmo Fachini , Catalin Hritcu , Marco Stronati , Ana Nora Evans , Théo Laurent , Arthur Azevedo de Amorim , Benjamin C. Pierce , Andrew Tolmach
Synthesizing Hardware-Software Leakage Contracts for RISC-V Open-Source Processors

Microarchitectural attacks compromise security by exploiting software-visible artifacts of microarchitectural optimizations such as caches and speculative execution. Defending against such attacks at the software level requires an…

Cryptography and Security · Computer Science 2024-01-18 Gideon Mohr , Marco Guarnieri , Jan Reineke
Security Implications Of Compiler Optimizations On Cryptography -- A Review

When implementing secure software, developers must ensure certain requirements, such as the erasure of secret data after its use and execution in real time. Such requirements are not explicitly captured by the C language and could…

Cryptography and Security · Computer Science 2019-07-08 A. P. Shivarpatna Venkatesh , A. Bhat Handadi , M. Mory
On Modular and Fully-Abstract Compilation -- Technical Appendix

Secure compilation studies compilers that generate target-level components that are as secure as their source-level counterparts. Full abstraction is the most widely-proven property when defining a secure compiler. A compiler is modular if…

Programming Languages · Computer Science 2016-04-19 Marco Patrignani , Dominique Devriese , Frank Piessens
Exorcising Spectres with Secure Compilers

Attackers can access sensitive information of programs by exploiting the side-effects of speculatively-executed instructions using Spectre attacks. To mitigate theses attacks, popular compilers deployed a wide range of countermeasures. The…

Programming Languages · Computer Science 2021-09-13 Marco Patrignani , Marco Guarnieri
SECOMP: Formally Secure Compilation of Compartmentalized C Programs

Undefined behavior in C often causes devastating security vulnerabilities. One practical mitigation is compartmentalization, which allows developers to structure large programs into mutually distrustful compartments with clearly specified…

Programming Languages · Computer Science 2025-01-03 Jérémy Thibault , Roberto Blanco , Dongjae Lee , Sven Argo , Arthur Azevedo de Amorim , Aïna Linn Georges , Catalin Hritcu , Andrew Tolmach
Towards Assurance-Driven Architectural Decomposition of Software Systems

Computer systems are so complex, so they are usually designed and analyzed in terms of layers of abstraction. Complexity is still a challenge facing logical reasoning tools that are used to find software design flaws and implementation…

Software Engineering · Computer Science 2021-06-18 Ramy Shahin
Relational Models of Microarchitectures for Formal Security Analyses

There is a growing need for hardware-software contracts which precisely define the implications of microarchitecture on software security-i.e., security contracts. It is our view that such contracts should explicitly account for…

Cryptography and Security · Computer Science 2021-12-21 Nicholas Mosier , Hanna Lachnitt , Hamed Nemati , Caroline Trippel
Breaking Bad: How Compilers Break Constant-Time Implementations

The implementations of most hardened cryptographic libraries use defensive programming techniques for side-channel resistance. These techniques are usually specified as guidelines to developers on specific code patterns to use or avoid.…

Cryptography and Security · Computer Science 2025-09-03 Moritz Schneider , Daniele Lain , Ivan Puddu , Nicolas Dutly , Srdjan Capkun
Compiled Obfuscation for Data Structures in Encrypted Computing

Encrypted computing is an emerging technology based on a processor that `works encrypted', taking encrypted inputs to encrypted outputs while data remains in encrypted form throughout. It aims to secure user data against possible insider…

Cryptography and Security · Computer Science 2019-02-19 Peter T. Breuer
Securing Optimized Code Against Power Side Channels

Side-channel attacks impose a serious threat to cryptographic algorithms, including widely employed ones, such as AES and RSA. These attacks take advantage of the algorithm implementation in hardware or software to extract secret…

Cryptography and Security · Computer Science 2022-12-06 Rodothea Myrsini Tsoupidi , Roberto Castañeda Lozano , Elena Troubitsyna , Panagiotis Papadimitratos
Software-based Microarchitectural Attacks

Modern processors are highly optimized systems where every single cycle of computation time matters. Many optimizations depend on the data that is being processed. Software-based microarchitectural attacks exploit effects of these…

Cryptography and Security · Computer Science 2017-06-20 Daniel Gruss
Secure Composition of Robust and Optimising Compilers

To ensure that secure applications do not leak their secrets, they are required to uphold several security properties such as spatial and temporal memory safety as well as cryptographic constant time. Existing work shows how to enforce…

Cryptography and Security · Computer Science 2024-10-10 Matthis Kruse , Michael Backes , Marco Patrignani
Secure Optimization Through Opaque Observations

Secure applications implement software protections against side-channel and physical attacks. Such protections are meaningful at machine code or micro-architectural level, but they typically do not carry observable semantics at source…

Cryptography and Security · Computer Science 2021-01-18 Son Tuan Vu , Albert Cohen , Karine Heydemann , Arnaud de Grandmaison , Christophe Guillon
Software Fault Isolation for Robust Compilation

Memory corruption vulnerabilities are endemic to unsafe languages, such as C, and they can even be found in safe languages that themselves are implemented in unsafe languages or linked with libraries implemented in unsafe languages. Robust…

Cryptography and Security · Computer Science 2018-02-06 Ana Nora Evans
Fully Abstract and Robust Compilation and How to Reconcile the Two, Abstractly

The most prominent formal criterion for secure compilation is full abstraction, the preservation and reflection of contextual equivalence. Recent work introduced robust compilation, defined as the preservation of robust satisfaction of…

Programming Languages · Computer Science 2021-09-21 Carmine Abate , Matteo Busi , Stelios Tsampas
‹ Prev 1 2 3 10 Next ›