English
Related papers

Related papers: Formalizing Stack Safety as a Security Property

200 papers

A hyperproperty relates executions of a program and is used to formalize security objectives such as confidentiality, non-interference, privacy, and anonymity. Formally, a hyperproperty is a collection of allowable sets of executions. A…

Logic in Computer Science · Computer Science 2023-01-30 Ali Bajwa , Minjian Zhang , Rohit Chadha , Mahesh Viswanathan

We introduce a framework for reasoning about the security of computer systems using modal logic. This framework is sufficiently expressive to capture a variety of known security properties, while also being intuitive and independent of…

Cryptography and Security · Computer Science 2023-09-19 Matvey Soloviev , Musard Balliu , Roberto Guanciale

A security policy states the acceptable actions of an information system, as the actions bear on security. There is a pressing need for organizations to declare their security policies, even informal statements would be better than the…

Cryptography and Security · Computer Science 2007-05-23 James A. Hoagland , Raju Pandey , Karl N. Levitt

Confidentiality, integrity, availability, authenticity, authorization, and accountability are known as security properties that secure systems should preserve. They are usually considered as security final goals that are achieved by system…

Software Engineering · Computer Science 2025-05-21 Imen Sayar , Nan Messe , Sophie Ebersold , Jean-Michel Bruel

We give a rigorous characterization of what it means for a programming language to be memory safe, capturing the intuition that memory safety supports local reasoning about state. We formalize this principle in two ways. First, we show how…

Programming Languages · Computer Science 2018-04-10 Arthur Azevedo de Amorim , Catalin Hritcu , Benjamin C. Pierce

Safety and liveness stand as fundamental concepts in formal languages, playing a key role in verification. The safety-liveness classification of boolean properties characterizes whether a given property can be falsified by observing a…

Formal Languages and Automata Theory · Computer Science 2025-04-16 Udi Boker , Thomas A. Henzinger , Nicolas Mazzocchi , N. Ege Saraç

Manipulations of return addresses on the stack are the basis for a variety of attacks on programs written in memory unsafe languages. Dual stack schemes for protecting return addresses promise an efficient and effective defense against such…

Cryptography and Security · Computer Science 2018-06-26 Philipp Zieris , Julian Horsch

Language-based information flow security aims to decide whether an action-observable program can unintentionally leak confidential information if it has the authority to access confidential data. Recent concerns about declassification…

Cryptography and Security · Computer Science 2016-11-18 Cong Sun , Liyong Tang , Zhong Chen

Due to their interesting features, blockchains have become popular in recent years. They are full-stack systems where security is a critical factor for their success. The main focus of this work is to systematize knowledge about security…

Cryptography and Security · Computer Science 2019-04-16 Ivan Homoliak , Sarad Venugopalan , Qingze Hum , Pawel Szalachowski

A program that maintains key safety properties even when interacting with arbitrary untrusted code is said to enjoy \emph{robust safety}. Proving that a program written in a mainstream language is robustly safe is typically challenging…

Programming Languages · Computer Science 2022-05-16 Marco Patrignani , Sam Blackshear

It is common to prove by reasoning over source code that programs do not leak sensitive data. But doing so leaves a gap between reasoning and reality that can only be filled by accounting for the behaviour of the compiler. This task is…

Logic in Computer Science · Computer Science 2020-10-23 Robert Sison , Toby Murray

A security policy specifies a security property as the maximal information flow. A distributed system composed of interacting processes implicitly defines an intransitive security policy by repudiating direct information flow between…

Cryptography and Security · Computer Science 2013-10-15 Jean Quilbeuf , Georgeta Igna , Denis Bytschkow , Harald Ruess

Secure Multi-Party Computation (MPC) is an important enabling technology for data privacy in modern distributed applications. Currently, proof methods for low-level MPC protocols are primarily manual and thus tedious and error-prone, and…

Cryptography and Security · Computer Science 2024-07-24 Christian Skalka , Joseph P. Near

We propose a new formal criterion for secure compilation, providing strong security guarantees for components written in unsafe, low-level languages with C-style undefined behavior. Our criterion goes beyond recent proposals, which protect…

The distinction between safety and liveness properties is a fundamental classification with immediate implications on the feasibility and complexity of various monitoring, model checking, and synthesis problems. In this paper, we revisit…

Formal Languages and Automata Theory · Computer Science 2011-06-08 Rüdiger Ehlers , Bernd Finkbeiner

Enforcing security requirements in networked information systems relies on security controls to mitigate the risks from increasingly dangerous threats. Configuring security controls is challenging; even nowadays, administrators must perform…

Cryptography and Security · Computer Science 2025-01-14 Cataldo Basile , Gabriele Gatti , Francesco Settanni

We propose a new formal criterion for evaluating secure compilation schemes for unsafe languages, expressing end-to-end security guarantees for software components that may become compromised after encountering undefined behavior---for…

Stack-based memory corruption vulnerabilities have long been exploited by attackers to execute arbitrary code or perform unauthorized memory operations. Various defense mechanisms have been introduced to mitigate stack memory errors, but…

Cryptography and Security · Computer Science 2025-03-24 Lei Chong

Considering asynchronous shared memory systems in which any number of processes may crash, this work identifies and formally defines relaxations of queues and stacks that can be non-blocking or wait-free while being implemented using only…

Distributed, Parallel, and Cluster Computing · Computer Science 2020-11-05 Armando Castañeda , Sergio Rajsbaum , Michel Raynal

The advent of large-scale, complex computing systems has dramatically increased the difficulties of securing accesses to systems' resources. To ensure confidentiality and integrity, the exploitation of access control mechanisms has thus…

Software Engineering · Computer Science 2015-08-18 Andrea Margheri , Rosario Pugliese , Francesco Tiezzi
‹ Prev 1 2 3 10 Next ›