The majority of computer users download software from the Internet and run it directly on their machine. They expect applications to work as advertised, and implicitly trust them not to perform any malicious activities. For security-sensitive applications though, users need the assurance that what they downloaded is what has been officially released by the developers, and that it comes directly from audited sources to avoid surreptitious backdoors. However, the compilation process from source code to binary files, and more generally, the toolchain used in software packaging, has not been designed with verifiability in mind. Rather, the output of compilers is often dependent on parameters that can be strongly tied to the building environment...
Software is pervasive in our daily lives and we rely on it for many critical tasks. Despite the abun...
We present a computer-aided framework for proving concrete security bounds for cryptographic machine...
Software-update mechanisms are critical to the security of modern systems, but their typically centr...
The majority of computer users download compiled software and run it directly on their machine. Appa...
International audienceAlthough it is possible to increase confidence in Free and Open Source Softwar...
Deterministic builds, where the compile and build processes are reproducible, can be used to achieve...
There is implicit trust involved when using computer software. Open-source software attempts to insp...
We apply state-of-the art deductive verification tools to check security-relevant properties of cryp...
This paper presents techniques developed to check program equivalences in the context of cryptograph...
Workshop proceedings with local publication by the University of OsloThis paper discusses the (often...
According to experts, one third of all IT vulnerabilities today are due to inadequate software verif...
We report on the application of an off-the-shelf verification platform to the RC4 stream cipher cryp...
International audienceThe formal verification of programs have progressed tremendously in the last d...
While many theoretical arguments against or in favor of open source and closed source software devel...
Modern cloud computing systems distribute software executables over a network to keep the software s...
Software is pervasive in our daily lives and we rely on it for many critical tasks. Despite the abun...
We present a computer-aided framework for proving concrete security bounds for cryptographic machine...
Software-update mechanisms are critical to the security of modern systems, but their typically centr...
The majority of computer users download compiled software and run it directly on their machine. Appa...
International audienceAlthough it is possible to increase confidence in Free and Open Source Softwar...
Deterministic builds, where the compile and build processes are reproducible, can be used to achieve...
There is implicit trust involved when using computer software. Open-source software attempts to insp...
We apply state-of-the art deductive verification tools to check security-relevant properties of cryp...
This paper presents techniques developed to check program equivalences in the context of cryptograph...
Workshop proceedings with local publication by the University of OsloThis paper discusses the (often...
According to experts, one third of all IT vulnerabilities today are due to inadequate software verif...
We report on the application of an off-the-shelf verification platform to the RC4 stream cipher cryp...
International audienceThe formal verification of programs have progressed tremendously in the last d...
While many theoretical arguments against or in favor of open source and closed source software devel...
Modern cloud computing systems distribute software executables over a network to keep the software s...
Software is pervasive in our daily lives and we rely on it for many critical tasks. Despite the abun...
We present a computer-aided framework for proving concrete security bounds for cryptographic machine...
Software-update mechanisms are critical to the security of modern systems, but their typically centr...