English
Related papers

Related papers: Serberus: Protecting Cryptographic Code from Spect…

200 papers

This paper introduces Triosecuris, a formally verified defense against Spectre BTB, RSB, and PHT that combines CET-style hardware-assisted control-flow integrity with compiler-inserted speculative load hardening (SLH). Triosecuris is based…

Cryptography and Security · Computer Science 2026-04-03 Jonathan Baumann , Yonghyun Kim , Yan Farba , Catalin Hritcu , Julay Leatherman-Brooks

Spectre v1 attacks pose a substantial threat to security-critical software, particularly cryptographic implementations. Existing software mitigations, however, often introduce excessive overhead by indiscriminately hardening instructions…

Cryptography and Security · Computer Science 2025-06-10 Yiming Zhu , Wenchao Huang , Yan Xiong

Attackers can access sensitive information of programs by exploiting the side-effects of speculatively-executed instructions using Spectre attacks. To mitigate theses attacks, popular compilers deployed a wide range of countermeasures. The…

Programming Languages · Computer Science 2021-09-13 Marco Patrignani , Marco Guarnieri

The Spectre speculative side-channel attacks pose formidable threats for security. Research has shown that code following the cryptographic constant-time discipline can be efficiently protected against Spectre v1 using a selective variant…

Cryptography and Security · Computer Science 2026-01-07 Jonathan Baumann , Roberto Blanco , Léon Ducruet , Sebastian Harwig , Catalin Hritcu

Since the advent of Spectre attacks, researchers and practitioners have developed a range of hardware and software measures to counter transient execution attacks. A prime example of such mitigation is speculative load hardening in LLVM,…

Cryptography and Security · Computer Science 2023-12-18 Tiziano Marinaro , Pablo Buiras , Andreas Lindner , Roberto Guanciale , Hamed Nemati

Constant-time (CT) verification tools are commonly used for detecting potential side-channel vulnerabilities in cryptographic libraries. Recently, a new class of tools, called speculative constant-time (SCT) tools, has also been used for…

Programming Languages · Computer Science 2026-03-02 Santiago Arranz-Olmos , Gilles Barthe , Lionel Blatter , Xingyu Xie , Zhiyuan Zhang

Cryptographic libraries are a main target of timing side-channel attacks. A practical means to protect against these attacks is to adhere to the constant-time (CT) policy. However, it is hard to write constant-time code, and even…

Programming Languages · Computer Science 2025-10-15 Santiago Arranz-Olmos , Gilles Barthe , Lionel Blatter , Youcef Bouzid , Sören van der Wall , Zhiyuan Zhang

Speculative attacks are still an active threat today that, even if initially focused on the x86 platform, reach across all modern hardware architectures. RISC-V is a newly proposed open instruction set architecture that has seen traction…

Cryptography and Security · Computer Science 2023-11-08 Ruxandra Bălucea , Paul Irofti

In several software development scenarios, it is desirable to detect runtime errors and exceptions in code snippets without actual execution. A typical example is to detect runtime exceptions in online code snippets before integrating them…

Software Engineering · Computer Science 2025-12-29 Hridya Dhulipala , Xiaokai Rong , Tien N. Nguyen

Authors of cryptographic software are well aware that their code should not leak secrets through its timing behavior, and, until 2018, they believed that following industry-standard constant-time coding guidelines was sufficient. However,…

Cryptography and Security · Computer Science 2025-09-11 Shixin Song , Tingzhen Dong , Kosi Nwabueze , Julian Zanders , Andres Erbsen , Adam Chlipala , Mengjia Yan

New speculation-based attacks that affect large numbers of modern systems are disclosed regularly. Currently, CPU vendors regularly fall back to heavy-handed mitigations like using barriers or enforcing strict programming guidelines…

Cryptography and Security · Computer Science 2023-06-21 Ali Hajiabadi , Archit Agarwal , Andreas Diavastos , Trevor E. Carlson

Using cryptography to protect information and communication has bacically two major drawbacks. First, the specific entropy profile of encrypted data makes their detection very easy. Second, the use of cryptography can be more or less…

Cryptography and Security · Computer Science 2015-03-17 Eric Filiol

Spectre attacks and their many subsequent variants are a new vulnerability class affecting modern CPUs. The attacks rely on the ability to misguide speculative execution, generally by exploiting the branch prediction structures, to execute…

Cryptography and Security · Computer Science 2019-12-06 Esmaeil Mohammadian Koruyeh , Shirin Haji Amin Shirazi , Khaled N. Khasawneh , Chengyu Song , Nael Abu-Ghazaleh

Cyber-physical systems are prone to sensor attacks that can compromise safety. A common approach to synthesizing controllers robust to sensor attacks is secure state reconstruction (SSR) -- but this is computationally expensive, hindering…

Systems and Control · Electrical Eng. & Systems 2025-03-03 Xiao Tan , Pio Ong , Paulo Tabuada , Aaron D. Ames

The Spectre vulnerability in modern processors has been widely reported. The key insight in this vulnerability is that speculative execution in processors can be misused to access the secrets. Subsequently, even though the speculatively…

Cryptography and Security · Computer Science 2019-11-13 Guanhua Wang , Sudipta Chattopadhyay , Ivan Gotovchits , Tulika Mitra , Abhik Roychoudhury

The recent Spectre attacks exploit speculative execution, a pervasively used feature of modern microprocessors, to allow the exfiltration of sensitive data across protection boundaries. In this paper, we introduce a new Spectre-class attack…

Cryptography and Security · Computer Science 2018-07-23 Esmaeil Mohammadian Koruyeh , Khaled Khasawneh , Chengyu Song , Nael Abu-Ghazaleh

High-performance IO demands low-overhead communication between user- and kernel space. This demand can no longer be fulfilled by traditional system calls. Linux's extended Berkeley Packet Filter (BPF) avoids user-/kernel transitions by…

Cryptography and Security · Computer Science 2025-01-09 Luis Gerhorst , Henriette Herzog , Peter Wägemann , Maximilian Ott , Rüdiger Kapitza , Timo Hönig

Timing side-channel attacks exploit secret-dependent execution time to fully or partially recover secrets of cryptographic implementations, posing a severe threat to software security. Constant-time programming discipline is an effective…

Cryptography and Security · Computer Science 2024-02-22 Luwei Cai , Fu Song , Taolue Chen

Users regularly enter sensitive data, such as passwords, credit card numbers, or tax information, into the browser window. While modern browsers provide powerful client-side privacy measures to protect this data, none of these defenses…

Self-supervised learning (SSL) is a prevalent approach for encoding data representations. Using a pre-trained SSL image encoder and subsequently training a downstream classifier, impressive performance can be achieved on various tasks with…

Cryptography and Security · Computer Science 2024-07-18 Mengxin Zheng , Jiaqi Xue , Zihao Wang , Xun Chen , Qian Lou , Lei Jiang , Xiaofeng Wang
‹ Prev 1 2 3 10 Next ›