International audienceConstant-time programming is an established discipline to secure programs against timing attacks. Several real-world secure C libraries such as NaCl, mbedTLS, or Open Quantum Safe, follow this discipline. We propose an advanced static analysis, based on state-of-the-art techniques from abstract interpretation, to report time leakage during programming. To that purpose, we analyze source C programs and use full context-sensitive and arithmetic-aware alias analyses to track the tainted flows.We give semantic evidences of the correctness of our approach on a core language. We also present a prototype implementation for C programs that is based on the CompCert compiler toolchain and its companion Verasco static analyzer. W...
The constant-time discipline is a software-based countermeasure used for protecting high assurance c...
Side-channel attacks try to gain information about the secret data in sensitiveprograms through leve...
International audienceTiming attacks are among the most devastating side-channel attacks, allowing r...
International audienceConstant-time programming is an established discipline to secure programs agai...
International audienceConstant-time programming is an established discipline to secure programs agai...
The constant-time programming discipline is an effective countermeasure against timing attacks, whic...
Les attaques par canaux cachés sont une forme d'attaque particulièrement dangereuse. Dans cette thès...
Side-channel attacks are an especially dangerous form of attack. In this thesis, we focus on the tim...
International audienceCryptographic constant-time (CT) is a popular programming discipline used by c...
Part 1: Full PapersInternational audienceConstant-time programming is a countermeasure to prevent ca...
International audienceTiming side-channels are arguably one of the main sources of vulnerabilities i...
Constant-time implementations are a popular approach for defending against cache-timing attacks. It ...
The constant-time discipline is a software-based countermeasure used for protecting high assurance c...
Side-channel attacks try to gain information about the secret data in sensitiveprograms through leve...
International audienceTiming attacks are among the most devastating side-channel attacks, allowing r...
International audienceConstant-time programming is an established discipline to secure programs agai...
International audienceConstant-time programming is an established discipline to secure programs agai...
The constant-time programming discipline is an effective countermeasure against timing attacks, whic...
Les attaques par canaux cachés sont une forme d'attaque particulièrement dangereuse. Dans cette thès...
Side-channel attacks are an especially dangerous form of attack. In this thesis, we focus on the tim...
International audienceCryptographic constant-time (CT) is a popular programming discipline used by c...
Part 1: Full PapersInternational audienceConstant-time programming is a countermeasure to prevent ca...
International audienceTiming side-channels are arguably one of the main sources of vulnerabilities i...
Constant-time implementations are a popular approach for defending against cache-timing attacks. It ...
The constant-time discipline is a software-based countermeasure used for protecting high assurance c...
Side-channel attacks try to gain information about the secret data in sensitiveprograms through leve...
International audienceTiming attacks are among the most devastating side-channel attacks, allowing r...