English
Related papers

Related papers: Decompiling for Constant-Time Analysis

200 papers

Developers rely on constant-time programming to prevent timing side-channel attacks. But these efforts can be undone by compilers, whose optimizations may silently reintroduce leaks. While recent works have measured the extent of such…

Cryptography and Security · Computer Science 2025-07-09 Antoine Geimer , Clementine Maurice

Verification of microkernels, device drivers, and crypto routines requires analyses at the binary level. In order to automate these analyses, in the last years several binary analysis platforms have been introduced. These platforms share a…

Programming Languages · Computer Science 2019-01-23 Andreas Lindner , Roberto Guanciale , Roberto Metere

Decompilation is foundational to binary analysis, yet conventional tools prioritize human readability over strict recompilability and verifiable runtime correctness. While recent LLM-based approaches attempt to refine decompiled pseudocode,…

Software Engineering · Computer Science 2026-03-17 Yuxin Cui , Zeyu Gao , Shuxian He , Siliang Qin , Chao Zhang

Cache side-channel attacks exhibit severe threats to software security and privacy, especially for cryptosystems. In this paper, we propose CaType, a novel refinement type-based tool for detecting cache side channels in crypto software.…

Cryptography and Security · Computer Science 2022-10-20 Ke Jiang , Yuyan Bao , Shuai Wang , Zhibo Liu , Tianwei Zhang

Vulnerability prediction is valuable in identifying security issues efficiently, even though it requires the source code of the target software system, which is a restrictive hypothesis. This paper presents an experimental study to predict…

Cryptography and Security · Computer Science 2025-04-01 D. Cotroneo , F. C. Grasso , R. Natella , V. Orbinato

There is increasing interest in applying verification tools to programs that have bitvector operations. SMT solvers, which serve as a foundation for these tools, have thus increased support for bitvector reasoning through bit-blasting and…

Programming Languages · Computer Science 2021-11-05 Yuandong Cyrus Liu , Ton-Chanh Le , Eric Koskinen

Trusted execution environments (TEEs) provide an environment for running workloads in the cloud without having to trust cloud service providers, by offering additional hardware-assisted security guarantees. However, main memory encryption…

Cryptography and Security · Computer Science 2023-09-25 Jan Wichelmann , Anna Pätschke , Luca Wilke , Thomas Eisenbarth

Secret-dependent timing behavior in cryptographic implementations has resulted in exploitable vulnerabilities, undermining their security. Over the years, numerous tools to automatically detect timing leakage or even to prove their absence…

Cryptography and Security · Computer Science 2023-04-25 Jan Wichelmann , Florian Sieck , Anna Pätschke , Thomas Eisenbarth

Cryptographic libraries, an essential part of cybersecurity, are shown to be susceptible to different types of attacks, including side-channel and memory-corruption attacks. In this article, we examine popular cryptographic libraries in…

Cryptography and Security · Computer Science 2026-05-21 Rodothea Myrsini Tsoupidi , Elena Troubitsyna , Panos Papadimitratos

A common tool used by security professionals for reverse-engineering binaries found in the wild is the decompiler. A decompiler attempts to reverse compilation, transforming a binary to a higher-level language such as C. High-level…

Software Engineering · Computer Science 2021-08-17 Qibin Chen , Jeremy Lacomis , Edward J. Schwartz , Claire Le Goues , Graham Neubig , Bogdan Vasilescu

Formal verification of software and compilers has been used to rule out large classes of security-critical issues, but risk of unintentional information leakage has received much less consideration. It is a key requirement for formal…

Programming Languages · Computer Science 2025-04-23 Owen Conoly , Andres Erbsen , Adam Chlipala

Microarchitectural side channels expose unprotected software to information leakage attacks where a software adversary is able to track runtime behavior of a benign process and steal secrets such as cryptographic keys. As suggested by…

Cryptography and Security · Computer Science 2023-04-25 Jan Wichelmann , Ahmad Moghimi , Thomas Eisenbarth , Berk Sunar

Many cybersecurity attacks rely on analyzing a binary executable to find exploitable sections of code. Code obfuscation is used to prevent attackers from reverse engineering these executables. In this work, we focus on control flow…

Cryptography and Security · Computer Science 2019-08-28 Novak Boskov , Mihailo Isakov , Michel A. Kinsy

This paper tackles the problem of designing efficient binary-level verification for a subset of information flow properties encompassing constant-time and secret-erasure. These properties are crucial for cryptographic implementations, but…

Cryptography and Security · Computer Science 2022-09-05 Lesly-Ann Daniel , Sébastien Bardin , Tamara Rezk

We present Serberus, the first comprehensive mitigation for hardening constant-time (CT) code against Spectre attacks (involving the PHT, BTB, RSB, STL and/or PSF speculation primitives) on existing hardware. Serberus is based on three…

Cryptography and Security · Computer Science 2023-09-12 Nicholas Mosier , Hamed Nemati , John C. Mitchell , Caroline Trippel

We systematize software side-channel attacks with a focus on vulnerabilities and countermeasures in the cryptographic implementations. Particularly, we survey past research literature to categorize vulnerable implementations, and identify…

Cryptography and Security · Computer Science 2019-12-13 Tianwei Zhang , Jun Jiang , Yinqian Zhang

Transparency is crucial in security-critical applications that rely on authoritative information, as it provides a robust mechanism for holding these authorities accountable for their actions. A number of solutions have emerged in recent…

Cryptography and Security · Computer Science 2018-08-08 Mustafa Al-Bassam , Sarah Meiklejohn

Command and Control (C2) communication is a key component of any structured cyber-attack. As such, security operations actively try to detect this type of communication in their networks. This poses a problem for legitimate pentesters that…

Cryptography and Security · Computer Science 2022-09-05 Gonçalo Xavier , Carlos Novo , Ricardo Morla

Static and dynamic binary analysis techniques are actively used to reverse engineer software's behavior and to detect its vulnerabilities, even when only the binary code is available for analysis. To avoid analysis errors due to misreading…

Cryptography and Security · Computer Science 2021-08-24 Sami Kairajärvi , Andrei Costin , Timo Hämäläinen

To be secure, cryptographic algorithms crucially rely on the underlying hardware to avoid inadvertent leakage of secrets through timing side channels. Unfortunately, such timing channels are ubiquitous in modern hardware, due to its…

Cryptography and Security · Computer Science 2019-10-09 Klaus v. Gleissenthall , Rami Gökhan Kıcı , Deian Stefan , Ranjit Jhala