International audienceConstant-time programming is an established discipline to secure programs against timing attackers. Several real-world secure C libraries such as NaCl, mbedTLS, or Open Quantum Safe, follow this discipline. We propose an advanced static analysis, based on state-of-the-art techniques from abstract interpretation, to report time leakage during programming. To that purpose, we analyze source C programs and use full context-sensitive and arithmetic-aware alias analyses to track the tainted flows.We give semantic evidence of the correctness of our approach on a core language. We also present a prototype implementation for C programs that is based on the CompCert compiler toolchain and its companion Verasco static analyzer. ...
Part 1: Full PapersInternational audienceConstant-time programming is a countermeasure to prevent ca...
Abstract. We present a static analysis by Abstract Interpretation to check for run-time errors in pa...
18 pages, 7 figures, accepted at IEEE Symposium on Security and Privacy 2020International audienceTh...
International audienceConstant-time programming is an established discipline to secure programs agai...
International audienceConstant-time programming is an established discipline to secure programs agai...
Les attaques par canaux cachés sont une forme d'attaque particulièrement dangereuse. Dans cette thès...
Side-channel attacks are an especially dangerous form of attack. In this thesis, we focus on the tim...
International audienceTiming side-channels are arguably one of the main sources of vulnerabilities i...
The constant-time programming discipline is an effective countermeasure against timing attacks, whic...
International audienceCryptographic constant-time (CT) is a popular programming discipline used by c...
Constant-time implementations are a popular approach for defending against cache-timing attacks. It ...
The constant-time discipline is a software-based countermeasure used for protecting high assurance c...
Side-channel attacks try to gain information about the secret data in sensitiveprograms through leve...
We present a static analysis by Abstract Interpretation to check for run-timeerrors in parallel and ...
Software security vulnerabilities are a major threat for software systems. In the worst case, vulner...
Part 1: Full PapersInternational audienceConstant-time programming is a countermeasure to prevent ca...
Abstract. We present a static analysis by Abstract Interpretation to check for run-time errors in pa...
18 pages, 7 figures, accepted at IEEE Symposium on Security and Privacy 2020International audienceTh...
International audienceConstant-time programming is an established discipline to secure programs agai...
International audienceConstant-time programming is an established discipline to secure programs agai...
Les attaques par canaux cachés sont une forme d'attaque particulièrement dangereuse. Dans cette thès...
Side-channel attacks are an especially dangerous form of attack. In this thesis, we focus on the tim...
International audienceTiming side-channels are arguably one of the main sources of vulnerabilities i...
The constant-time programming discipline is an effective countermeasure against timing attacks, whic...
International audienceCryptographic constant-time (CT) is a popular programming discipline used by c...
Constant-time implementations are a popular approach for defending against cache-timing attacks. It ...
The constant-time discipline is a software-based countermeasure used for protecting high assurance c...
Side-channel attacks try to gain information about the secret data in sensitiveprograms through leve...
We present a static analysis by Abstract Interpretation to check for run-timeerrors in parallel and ...
Software security vulnerabilities are a major threat for software systems. In the worst case, vulner...
Part 1: Full PapersInternational audienceConstant-time programming is a countermeasure to prevent ca...
Abstract. We present a static analysis by Abstract Interpretation to check for run-time errors in pa...
18 pages, 7 figures, accepted at IEEE Symposium on Security and Privacy 2020International audienceTh...