The constant-time programming discipline is an effective countermeasure against timing attacks, which can lead to complete breaks of otherwise secure systems. However, adhering to constant-time programming is hard on its own, and extremely hard under additional efficiency and legacy constraints. This makes automated verification of constant-time code an essential component for building secure software. We propose a novel approach for verifying constant- time security of real-world code. Our approach is able to validate implementations that locally and intentionally violate the constant-time policy, when such violations are benign and leak no more information than the pub- lic outputs of the computation. Such implementations, which are used...
International audienceSoftware-based countermeasures provide effective mitigation against side-chann...
Part 1: Full PapersInternational audienceConstant-time programming is a countermeasure to prevent ca...
18 pages, 7 figures, accepted at IEEE Symposium on Security and Privacy 2020International audienceTh...
The constant-time programming discipline is an effective countermeasure against timing attacks, whic...
International audienceCryptographic constant-time (CT) is a popular programming discipline used by c...
International audienceConstant-time programming is an established discipline to secure programs agai...
International audienceConstant-time programming is an established discipline to secure programs agai...
Les attaques par canaux cachés sont une forme d'attaque particulièrement dangereuse. Dans cette thès...
The constant-time discipline is a software-based countermeasure used for protecting high assurance c...
International audienceTiming side-channels are arguably one of the main sources of vulnerabilities i...
Side-channel attacks try to gain information about the secret data in sensitiveprograms through leve...
Side-channel attacks are an especially dangerous form of attack. In this thesis, we focus on the tim...
To be secure, cryptographic algorithms crucially rely on the underlying hardwareto avoid inadvertent...
International audienceCache-based attacks are a class of side-channel attacks that are particularly ...
International audienceSoftware-based countermeasures provide effective mitigation against side-chann...
Part 1: Full PapersInternational audienceConstant-time programming is a countermeasure to prevent ca...
18 pages, 7 figures, accepted at IEEE Symposium on Security and Privacy 2020International audienceTh...
The constant-time programming discipline is an effective countermeasure against timing attacks, whic...
International audienceCryptographic constant-time (CT) is a popular programming discipline used by c...
International audienceConstant-time programming is an established discipline to secure programs agai...
International audienceConstant-time programming is an established discipline to secure programs agai...
Les attaques par canaux cachés sont une forme d'attaque particulièrement dangereuse. Dans cette thès...
The constant-time discipline is a software-based countermeasure used for protecting high assurance c...
International audienceTiming side-channels are arguably one of the main sources of vulnerabilities i...
Side-channel attacks try to gain information about the secret data in sensitiveprograms through leve...
Side-channel attacks are an especially dangerous form of attack. In this thesis, we focus on the tim...
To be secure, cryptographic algorithms crucially rely on the underlying hardwareto avoid inadvertent...
International audienceCache-based attacks are a class of side-channel attacks that are particularly ...
International audienceSoftware-based countermeasures provide effective mitigation against side-chann...
Part 1: Full PapersInternational audienceConstant-time programming is a countermeasure to prevent ca...
18 pages, 7 figures, accepted at IEEE Symposium on Security and Privacy 2020International audienceTh...