Part 1: Full PapersInternational audienceConstant-time programming is a countermeasure to prevent cache based attacks where programs should not perform memory accesses that depend on secrets. In some cases this policy can be safely relaxed if one can prove that the program does not leak more information than the public outputs of the computation. We propose a novel approach for verifying constant-time programming based on a new information flow property, called output-sensitive non-interference. Noninterference states that a public observer cannot learn anything about the private data. Since real systems need to intentionally declassify some information, this property is too strong in practice. In order to take into account public outputs w...
Non-interference is typically used as a baseline security policy to formalize confidentiality of sec...
International audienceConstant-time is a programming discipline which protects security sensitive co...
International audienceIn recent years, quantitative security techniques have been providing effectiv...
Part 1: Full PapersInternational audienceConstant-time programming is a countermeasure to prevent ca...
Current tools for analysing information flow in programs build upon ideas going back to Denning\u27s...
Current tools for analysing information flow in programs build upon ideas going back to Denning's wo...
In today's information-based society, guaranteeing information security plays an important role in a...
Standard access control mechanisms are often insufficient to enforce compliance of programs with sec...
We give a formal definition of the notion of information flow for a simple guarded command language....
Doctor of PhilosophyDepartment of Computing and Information SciencesDavid A. Schmidt, Anindya Banerj...
Classical quantitative information flow analysis often considers a system as an information-theoreti...
Recent interest in methods for certifying programs for secure information flow (noninterference) ha...
With the intensification of communication in information systems, interest in security has increased...
This thesis improves the current state of the art on information-flow control of interactive and obj...
Noninterference, a strong security property for a computation process, informally says that the proc...
Non-interference is typically used as a baseline security policy to formalize confidentiality of sec...
International audienceConstant-time is a programming discipline which protects security sensitive co...
International audienceIn recent years, quantitative security techniques have been providing effectiv...
Part 1: Full PapersInternational audienceConstant-time programming is a countermeasure to prevent ca...
Current tools for analysing information flow in programs build upon ideas going back to Denning\u27s...
Current tools for analysing information flow in programs build upon ideas going back to Denning's wo...
In today's information-based society, guaranteeing information security plays an important role in a...
Standard access control mechanisms are often insufficient to enforce compliance of programs with sec...
We give a formal definition of the notion of information flow for a simple guarded command language....
Doctor of PhilosophyDepartment of Computing and Information SciencesDavid A. Schmidt, Anindya Banerj...
Classical quantitative information flow analysis often considers a system as an information-theoreti...
Recent interest in methods for certifying programs for secure information flow (noninterference) ha...
With the intensification of communication in information systems, interest in security has increased...
This thesis improves the current state of the art on information-flow control of interactive and obj...
Noninterference, a strong security property for a computation process, informally says that the proc...
Non-interference is typically used as a baseline security policy to formalize confidentiality of sec...
International audienceConstant-time is a programming discipline which protects security sensitive co...
International audienceIn recent years, quantitative security techniques have been providing effectiv...