English
Related papers

Related papers: (Dis)Proving Spectre Security with Speculation-Pas…

200 papers

Cryptographic libraries are a main target of timing side-channel attacks. A practical means to protect against these attacks is to adhere to the constant-time (CT) policy. However, it is hard to write constant-time code, and even…

Programming Languages · Computer Science 2025-10-15 Santiago Arranz-Olmos , Gilles Barthe , Lionel Blatter , Youcef Bouzid , Sören van der Wall , Zhiyuan Zhang

This paper introduces Triosecuris, a formally verified defense against Spectre BTB, RSB, and PHT that combines CET-style hardware-assisted control-flow integrity with compiler-inserted speculative load hardening (SLH). Triosecuris is based…

Cryptography and Security · Computer Science 2026-04-03 Jonathan Baumann , Yonghyun Kim , Yan Farba , Catalin Hritcu , Julay Leatherman-Brooks

Speculative execution is crucial in enhancing modern processor performance but can introduce Spectre-type vulnerabilities that may leak sensitive information. Detecting Spectre gadgets from programs has been a research focus to enhance the…

Cryptography and Security · Computer Science 2024-12-30 Fangzheng Lin , Zhongfa Wang , Hiroshi Sasaki

Side-channel attacks such as Spectre that utilize speculative execution to steal application secrets pose a significant threat to modern computing systems. While program transformations can mitigate some Spectre attacks, more advanced…

Cryptography and Security · Computer Science 2019-03-27 Zhuojia Shen , Jie Zhou , Divya Ojha , John Criswell

Timing side-channel attacks exploit secret-dependent execution time to fully or partially recover secrets of cryptographic implementations, posing a severe threat to software security. Constant-time programming discipline is an effective…

Cryptography and Security · Computer Science 2024-02-22 Luwei Cai , Fu Song , Taolue Chen

SpecFuzz is the first tool that enables dynamic testing for speculative execution vulnerabilities (e.g., Spectre). The key is a novel concept of speculation exposure: The program is instrumented to simulate speculative execution in software…

Cryptography and Security · Computer Science 2020-03-11 Oleksii Oleksenko , Bohdan Trach , Mark Silberstein , Christof Fetzer

The Spectre speculative side-channel attacks pose formidable threats for security. Research has shown that code following the cryptographic constant-time discipline can be efficiently protected against Spectre v1 using a selective variant…

Cryptography and Security · Computer Science 2026-01-07 Jonathan Baumann , Roberto Blanco , Léon Ducruet , Sebastian Harwig , Catalin Hritcu

Since the advent of Spectre attacks, researchers and practitioners have developed a range of hardware and software measures to counter transient execution attacks. A prime example of such mitigation is speculative load hardening in LLVM,…

Cryptography and Security · Computer Science 2023-12-18 Tiziano Marinaro , Pablo Buiras , Andreas Lindner , Roberto Guanciale , Hamed Nemati

Speculative execution is a hardware optimisation technique where a processor, while waiting on the completion of a computation required for an instruction, continues to execute later instructions based on a predicted value of the pending…

Logic in Computer Science · Computer Science 2025-04-29 Graeme Smith

New speculation-based attacks that affect large numbers of modern systems are disclosed regularly. Currently, CPU vendors regularly fall back to heavy-handed mitigations like using barriers or enforcing strict programming guidelines…

Cryptography and Security · Computer Science 2023-06-21 Ali Hajiabadi , Archit Agarwal , Andreas Diavastos , Trevor E. Carlson

Sign-Perturbed Sum (SPS) is a powerful finite-sample system identification algorithm which can construct confidence regions for the true data generating system with exact coverage probabilities, for any finite sample size. SPS was developed…

Machine Learning · Statistics 2024-01-30 Szabolcs Szentpéteri , Balázs Csanád Csáji

The recent discovery of the Spectre and Meltdown attacks represents a watershed moment not just for the field of Computer Security, but also of Programming Languages. This paper explores speculative side-channel attacks and their…

Programming Languages · Computer Science 2019-02-15 Ross Mcilroy , Jaroslav Sevcik , Tobias Tebbi , Ben L. Titzer , Toon Verwaest

Transient execution attacks that exploit speculation have raised significant concerns in computer systems. Typically, branch predictors are leveraged to trigger mis-speculation in transient execution attacks. In this work, we demonstrate a…

Cryptography and Security · Computer Science 2021-11-02 Md Hafizul Islam Chowdhuryy , Fan Yao

Timing side-channel attacks exploit variations in program execution time to recover sensitive information. Cryptographic implementations are especially vulnerable to these attacks, since even small timing differences in operations such as…

Cryptography and Security · Computer Science 2026-04-21 Nges Brian Njungle , Edwin P. Kayang , Mishel J. Paul , Michel A. Kinsy

The constant-time discipline is a software-based countermeasure used for protecting high assurance cryptographic implementations against timing side-channel attacks. Constant-time is effective (it protects against many known attacks),…

Cryptography and Security · Computer Science 2020-05-12 Sunjay Cauligi , Craig Disselkoen , Klaus v. Gleissenthall , Dean Tullsen , Deian Stefan , Tamara Rezk , Gilles Barthe

We consider the problem of program clone search, i.e. given a target program and a repository of known programs (all in executable format), the goal is to find the program in the repository most similar to the target program - with…

Cryptography and Security · Computer Science 2023-09-04 Tristan Benoit , Jean-Yves Marion , Sébastien Bardin

Context: Static Application Security Testing Tools (SASTTs) identify software vulnerabilities to support the security and reliability of software applications. Interestingly, several studies have suggested that alternative solutions may be…

Software Engineering · Computer Science 2024-03-15 Matteo Esposito , Valentina Falaschi , Davide Falessi

Despite extensive efforts to align Large Language Models (LLMs) with human values and safety rules, jailbreak attacks that exploit certain vulnerabilities continuously emerge, highlighting the need to strengthen existing LLMs with…

Machine Learning · Computer Science 2025-09-30 Xuekang Wang , Shengyu Zhu , Xueqi Cheng

Software vulnerabilities remain a significant risk factor in achieving security objectives within software development organizations. This is especially true where either proprietary or open-source software (OSS) is included in the…

Software Engineering · Computer Science 2025-09-23 James J. Cusick

Spectre attacks exploit speculative execution to leak sensitive information. In the last few years, a number of static side-channel detectors have been proposed to detect cache leakage in the presence of speculative execution. However,…

Cryptography and Security · Computer Science 2022-11-28 Ali Sahraee
‹ Prev 1 2 3 10 Next ›