English
Related papers

Related papers: Detecting speculative leaks with compositional sem…

200 papers

Recently efficient model-checking tools have been developed to find flaws in security protocols specifications. These flaws can be interpreted as potential attacks scenarios but the feasability of these scenarios need to be confirmed at the…

Cryptography and Security · Computer Science 2013-08-01 Hatem Ghabri , Ghazi Maatoug , Michael Rusinowitch

This paper presents SgxPectre Attacks that exploit the recently disclosed CPU bugs to subvert the confidentiality and integrity of SGX enclaves. Particularly, we show that when branch prediction of the enclave code can be influenced by…

Cryptography and Security · Computer Science 2019-09-12 Guoxing Chen , Sanchuan Chen , Yuan Xiao , Yinqian Zhang , Zhiqiang Lin , Ten H. Lai

Transient execution side-channel attacks, such as Spectre, have been shown to break almost all isolation primitives. We introduce a new security property we call relaxed microarchitectural isolation (RMI) that allows sensitive programs that…

Cryptography and Security · Computer Science 2025-02-10 Jules Drean , Miguel Gomez-Garcia , Fisher Jepsen , Thomas Bourgeat , Srinivas Devadas

Quantitative information flow analyses measure how much information on secrets is leaked by publicly observable outputs. One area of interest is to quantify and estimate the information leakage of composed systems. Prior work has focused on…

Cryptography and Security · Computer Science 2015-09-30 Yusuke Kawamoto , Thomas Given-Wilson

Automated vulnerability detection in critical-infrastructure software confronts a fundamental barrier: industrial software is routinely deployed as stripped, symbol-free binaries that deprive conventional Software Composition Analysis of…

Software Engineering · Computer Science 2026-05-11 Bowei Ning , Xuejun Zong , Lian Lian , Kan He , Yifei Sun , Yuxiang Lei , Plamen Vasilev

Large Language Models (LLMs) excel at code-related tasks but often struggle in realistic software repositories, where project-specific APIs and cross-file dependencies are crucial. Retrieval-augmented methods mitigate this by injecting…

Software Engineering · Computer Science 2026-04-22 George Ma , Anurag Koul , Qi Chen , Yawen Wu , Sachit Kuhar , Yu Yu , Aritra Sengupta , Varun Kumar , Murali Krishna Ramanathan

Authors of cryptographic software are well aware that their code should not leak secrets through its timing behavior, and, until 2018, they believed that following industry-standard constant-time coding guidelines was sufficient. However,…

Cryptography and Security · Computer Science 2025-09-11 Shixin Song , Tingzhen Dong , Kosi Nwabueze , Julian Zanders , Andres Erbsen , Adam Chlipala , Mengjia Yan

Modern out-of-order CPUs heavily rely on speculative execution for performance optimization, with branch prediction serving as a cornerstone to minimize stalls and maximize efficiency. Whenever shared branch prediction resources lack proper…

Cryptography and Security · Computer Science 2025-06-10 Yuhui Zhu , Alessandro Biondi

Out-of-order speculation, a technique ubiquitous since the early 1990s, remains a fundamental security flaw. Via attacks such as Spectre and Meltdown, an attacker can trick a victim, in an otherwise entirely correct program, into leaking…

Cryptography and Security · Computer Science 2021-09-10 Sam Ainsworth

Despite extensive efforts to align Large Language Models (LLMs) with human values and safety rules, jailbreak attacks that exploit certain vulnerabilities continuously emerge, highlighting the need to strengthen existing LLMs with…

Machine Learning · Computer Science 2025-09-30 Xuekang Wang , Shengyu Zhu , Xueqi Cheng

Quantitative theories of information flow give us an approach to relax the absolute confidentiality properties that are difficult to satisfy for many practical programs. The classical information-theoretic approaches for sequential…

Cryptography and Security · Computer Science 2013-06-13 Tri Minh Ngo , Marieke Huisman

A desired but challenging property of compiler verification is compositionality, in the sense that the compilation correctness of a program can be deduced incrementally from that of its substructures ranging from statements, functions, and…

Programming Languages · Computer Science 2026-03-31 Zhang Cheng , Jiyang Wu , Di Wang , Qinxiang Cao

We describe a novel approach to monitoring high level behaviors using concepts from AI planning. Our goal is to understand what a program is doing based on its system call trace. This ability is particularly important for detecting malware.…

Artificial Intelligence · Computer Science 2017-09-12 Alexandre Cukier , Ronen I. Brafman , Yotam Perkal , David Tolpin

Secure applications implement software protections against side-channel and physical attacks. Such protections are meaningful at machine code or micro-architectural level, but they typically do not carry observable semantics at source…

Cryptography and Security · Computer Science 2021-01-18 Son Tuan Vu , Albert Cohen , Karine Heydemann , Arnaud de Grandmaison , Christophe Guillon

Vulnerability of Frontier language models to misuse and jailbreaks has prompted the development of safety measures like filters and alignment training in an effort to ensure safety through robustness to adversarially crafted prompts. We…

Cryptography and Security · Computer Science 2024-10-31 David Glukhov , Ziwen Han , Ilia Shumailov , Vardan Papyan , Nicolas Papernot

Information leakage is a significant problem in modern software systems. Information leaks due to side channels are especially hard to detect and analyze. In this paper, we present techniques for automated synthesis of adaptive side-channel…

Software Engineering · Computer Science 2019-05-15 Seemanta Saha , William Eiers , Ismet Burak Kadron , Lucas Bang , Tevfik Bultan

Many security and software testing applications require checking whether certain properties of a program hold for any possible usage scenario. For instance, a tool for identifying software vulnerabilities may need to rule out the existence…

Software Engineering · Computer Science 2018-05-03 Roberto Baldoni , Emilio Coppa , Daniele Cono D'Elia , Camil Demetrescu , Irene Finocchi

We propose a symbolic execution method for analyzing the safety of software under fault attacks both accurately and efficiently. Fault attacks leverage physically injected hardware faults in an embedded system to break the safety of a…

Software Engineering · Computer Science 2026-04-27 Yuzhou Fang , Chenyu Zhou , Jingbo Wang , Chao Wang

We present a framework for symbolically executing and model checking higher-order programs with external (open) methods. We focus on the client-library paradigm and in particular we aim to check libraries with respect to any definable…

Programming Languages · Computer Science 2020-02-24 Yu-Yang Lin , Nikos Tzevelekos

As a result of decades of research, Windows malware detection is approached through a plethora of techniques. However, there is an ongoing mismatch between academia -- which pursues an optimal performances in terms of detection rate and low…

Cryptography and Security · Computer Science 2024-12-20 Andrea Ponte , Dmitrijs Trizna , Luca Demetrio , Battista Biggio , Ivan Tesfai Ogbu , Fabio Roli
‹ Prev 1 4 5 6 7 8 10 Next ›