English
Related papers

Related papers: Smooth, Integrated Proofs of Cryptographic Constan…

200 papers

Nondeterministic choice is a useful program construct that provides a way to describe the behaviour of a program without specifying the details of possible implementations. It supports the stepwise refinement of programs, a method that has…

Logic in Computer Science · Computer Science 2023-02-17 Yuan Feng , Yingte Xu

The constant-time property is considered the security standard for cryptographic code. Code following the constant-time discipline is free from secret-dependent branches and memory accesses, and thus avoids leaking secrets through cache and…

Cryptography and Security · Computer Science 2023-11-13 Matthew Kolosick , Basavesh Ammanaghatta Shivakumar , Sunjay Cauligi , Marco Patrignani , Marco Vassena , Ranjit Jhala , Deian Stefan

We propose a new formal criterion for evaluating secure compilation schemes for unsafe languages, expressing end-to-end security guarantees for software components that may become compromised after encountering undefined behavior---for…

Developing secure distributed systems is difficult, and even harder when advanced cryptography must be used to achieve security goals. Following prior work, we advocate using secure program partitioning to synthesize cryptographic…

Cryptography and Security · Computer Science 2024-01-10 Coşku Acay , Joshua Gancher , Rolph Recto , Andrew C. Myers

The constant-time discipline is a software-based countermeasure used for protecting high assurance cryptographic implementations against timing side-channel attacks. Constant-time is effective (it protects against many known attacks),…

Cryptography and Security · Computer Science 2020-05-12 Sunjay Cauligi , Craig Disselkoen , Klaus v. Gleissenthall , Dean Tullsen , Deian Stefan , Tamara Rezk , Gilles Barthe

The PQDSS standardization process requires cryptographic primitives to be free from vulnerabilities, including timing and cache side-channels. Resistance to timing leakage is therefore an essential property, and achieving this typically…

We claim that existing techniques and tools for generating and verifying constant-time code are incomplete, since they rely on assumptions that compiler optimization passes do not break constant-timeness or that certain operations execute…

Cryptography and Security · Computer Science 2023-11-27 Garrett Gu , Hovav Shacham

We propose a new formal criterion for secure compilation, providing strong security guarantees for components written in unsafe, low-level languages with C-style undefined behavior. Our criterion goes beyond recent proposals, which protect…

A desired but challenging property of compiler verification is compositionality, in the sense that the compilation correctness of a program can be deduced incrementally from that of its substructures ranging from statements, functions, and…

Programming Languages · Computer Science 2026-03-31 Zhang Cheng , Jiyang Wu , Di Wang , Qinxiang Cao

The design and implementation of decision procedures for checking path feasibility in string-manipulating programs is an important problem, whose applications include symbolic execution and automated detection of cross-site scripting (XSS)…

Formal Languages and Automata Theory · Computer Science 2018-11-09 Taolue Chen , Matthew Hague , Anthony W. Lin , Philipp Rümmer , Zhilin Wu

Constant-time programming is a countermeasure to prevent cache based attacks where programs should not perform memory accesses that depend on secrets. In some cases this policy can be safely relaxed if one can prove that the program does…

Cryptography and Security · Computer Science 2023-06-22 Cristian Ene , Laurent Mounier , Marie-Laure Potet

Undefined behavior in C often causes devastating security vulnerabilities. One practical mitigation is compartmentalization, which allows developers to structure large programs into mutually distrustful compartments with clearly specified…

Numerical software are widely used in safety-critical systems such as aircrafts, satellites, car engines and so on, facilitating dynamics control of such systems in real time, it is therefore absolutely necessary to verify their…

Optimization and Control · Mathematics 2018-10-30 Bai Xue , Naijun Zhan , Yangjia Li , Qiuye Wang

Obfuscating compilers protect a software by obscuring its meaning and impeding the reconstruction of its original source code. The typical concern when defining such compilers is their robustness against reverse engineering and the…

Programming Languages · Computer Science 2020-03-13 Matteo Busi , Pierpaolo Degano , Letterio Galletta

Proving only over source code that programs do not leak sensitive data leaves a gap between reasoning and reality that can only be filled by accounting for the behaviour of the compiler. Furthermore, software does not always have the luxury…

Programming Languages · Computer Science 2023-06-22 Robert Sison , Toby Murray

It is common to prove by reasoning over source code that programs do not leak sensitive data. But doing so leaves a gap between reasoning and reality that can only be filled by accounting for the behaviour of the compiler. This task is…

Logic in Computer Science · Computer Science 2020-10-23 Robert Sison , Toby Murray

We define an extension of lambda-calculus with dependents types that enables us to encode transparent and opaque probabilistic programs and prove a strong normalisation result for it by a reducibility technique. While transparent…

Logic in Computer Science · Computer Science 2026-03-10 Francesco A. Genco

This article describes the development and formal verification (proof of semantic preservation) of a compiler back-end from Cminor (a simple imperative intermediate language) to PowerPC assembly code, using the Coq proof assistant both for…

Logic in Computer Science · Computer Science 2009-11-14 Xavier Leroy

In security-critical software applications, confidential information must be prevented from leaking to unauthorized sinks. Static analysis techniques are widespread to enforce a secure information flow by checking a program after…

Cryptography and Security · Computer Science 2022-08-05 Tobias Runge , Alexander Kittelmann , Marco Servetto , Alex Potanin , Ina Schaefer

We consider the problem of specifying and proving the security of non-trivial, concurrent programs that intentionally leak information. We present a method that decomposes the problem into (a) proving that the program only leaks information…

Cryptography and Security · Computer Science 2023-09-08 Toby Murray , Mukesh Tiwari , Gidon Ernst , David A. Naumann
‹ Prev 1 2 3 10 Next ›