English
Related papers

Related papers: Securing Verified IO Programs Against Unverified C…

200 papers

Shallow embeddings that use monads to represent effects are popular in proof-oriented languages because they are convenient for formal verification. Once shallowly embedded programs are verified, they are often extracted to mainstream…

Programming Languages · Computer Science 2026-03-31 Cezar-Constantin Andrici , Abigail Pribisova , Danel Ahman , Catalin Hritcu , Exequiel Rivas , Théo Winterhalter

We present Labeled Input Output in F* (LIO*), a verified framework that enforces information flow control (IFC) policies developed in F* and automatically extracted to C. Inspired by LIO, we encapsulated IFC policies into effects, but using…

Cryptography and Security · Computer Science 2020-04-29 Jean-Joseph Marty , Lucas Franceschino , Jean-Pierre Talpin , Niki Vazou

We propose a new formal criterion for secure compilation, providing strong security guarantees for components written in unsafe, low-level languages with C-style undefined behavior. Our criterion goes beyond recent proposals, which protect…

We propose a new formal criterion for evaluating secure compilation schemes for unsafe languages, expressing end-to-end security guarantees for software components that may become compromised after encountering undefined behavior---for…

We introduce SecRef*, a secure compilation framework protecting stateful programs verified in F* against linked unverified code, with which the program dynamically shares ML-style mutable references. To ease program verification in this…

We present the first formally-verified Internet router, which is part of the SCION Internet architecture. SCION routers run a cryptographic protocol for secure packet forwarding in an adversarial environment. We verify both the protocol's…

Ensuring the correct functionality of systems software, given its safety-critical and low-level nature, is a primary focus in formal verification research and applications. Despite advances in verification tooling, conventional programmers…

Programming Languages · Computer Science 2025-04-04 Yiyuan Cao , Jiayi Zhuang , Houjin Chen , Jinkai Fan , Wenbo Xu , Zhiyi Wang , Di Wang , Qinxiang Cao , Yingfei Xiong , Haiyan Zhao , Zhenjiang Hu

We present Low*, a language for low-level programming and verification, and its application to high-assurance optimized cryptographic libraries. Low* is a shallow embedding of a small, sequential, well-behaved subset of C in F*, a…

Microarchitectural attacks exploit the abstraction gap between the Instruction Set Architecture (ISA) and how instructions are actually executed by processors to compromise the confidentiality and integrity of a system. To secure systems…

Cryptography and Security · Computer Science 2020-12-29 Marco Guarnieri , Marco Patrignani

This paper presents the first machine-checked proof of noninterference for a language with gradual information-flow control, thereby establishing a rock solid foundation for secure programming languages that give programmers the choice…

Programming Languages · Computer Science 2022-11-30 Tianyu Chen , Jeremy G. Siek

For all the successes in verifying low-level, efficient, security-critical code, little has been said or studied about the structure, architecture and engineering of such large-scale proof developments. We present the design, implementation…

Programming Languages · Computer Science 2023-07-10 Son Ho , Aymeric Fromherz , Jonathan Protzenko

Undefined behavior in C often causes devastating security vulnerabilities. One practical mitigation is compartmentalization, which allows developers to structure large programs into mutually distrustful compartments with clearly specified…

We present Clio, an information flow control (IFC) system that transparently incorporates cryptography to enforce confidentiality and integrity policies on untrusted storage. Clio insulates developers from explicitly manipulating keys and…

Cryptography and Security · Computer Science 2017-08-30 Lucas Waye , Pablo Buiras , Owen Arden , Alejandro Russo , Stephen Chong

Program safety (i.e., absence of undefined behaviors) is critical for correct operation of computer systems. It is usually verified at the source level (e.g., by separation logics) and preserved to the target by verified compilers (e.g.,…

Programming Languages · Computer Science 2025-10-14 Jinhua Wu , Yuting Wang , Liukun Yu , Linglong Meng

Almost all groups involved in linear collider detector studies have their own simulation software framework. Using a common persistency scheme would allow to easily share results and compare reconstruction algorithms. We present such a…

Data Analysis, Statistics and Probability · Physics 2007-05-23 Frank Gaede , Ties Behnke , Norman Graf , Tony Johnson

Proving secure compilation of partial programs typically requires back-translating an attack against the compiled program to an attack against the source program. To prove back-translation, one can syntactically translate the target…

Programming Languages · Computer Science 2022-06-06 Akram El-Korashy , Roberto Blanco , Jérémy Thibault , Adrien Durier , Deepak Garg , Catalin Hritcu

Compartmentalization is good security-engineering practice. By breaking a large software system into mutually distrustful components that run with minimal privileges, restricting their interactions to conform to well-defined interfaces, we…

Cryptography and Security · Computer Science 2017-04-18 Yannis Juglaret , Catalin Hritcu , Arthur Azevedo de Amorim , Boris Eng , Benjamin C. Pierce

Secure compilers generate compiled code that withstands many target-level attacks such as alteration of control flow, data leaks or memory corruption. Many existing secure compilers are proven to be fully abstract, meaning that they reflect…

Programming Languages · Computer Science 2020-11-30 Marco Patrignani , Deepak Garg

Secure compilation prevents all low-level attacks on compiled code and allows for sound reasoning about security in the source language. In this work we propose a new attacker model for secure compilation that extends the well-known notion…

During the past few years, we have witnessed various efforts to provide confidentiality and integrity for applications running in untrusted environments such as public clouds. In most of these approaches, hardware extensions such as Intel…

Cryptography and Security · Computer Science 2025-11-25 Robert Krahn , Nikson Kanti Paul , Franz Gregor , Do Le Quoc , Andrey Brito , André Martin , Christof Fetzer
‹ Prev 1 2 3 10 Next ›