We interact with computer systems daily if not hourly, trusting them with our sensitive data. Computer scientists build these systems and, as we do, we introduce often unintended sources of information leakage into our creations. Some of these appear benign, but in this increasingly connected world, information leaks have consequences. Side channels in software are a nuanced yet potentially devastating mechanism for information leakage. In this thesis, I address key concerns about side channel vulnerabilities in software: how they arise, how much information they leak, and whether their detection and mitigation can be automated. I develop techniques to detect, quantify and mitigate side-channel vulnerabilities. I draw on an array of program...
The discrepancy between the abstract model used to reason about the security of computer systems and...
Side-channel attacks try to gain information about the secret data in sensitiveprograms through leve...
International audienceDeployed widely and embedding sensitive data, IoT devices depend on the reliab...
Software side-channel attacks are able to recover confidential information by observing non-function...
Side-channel attacks allow adversaries to infer sensitive information from non-functional characteri...
Side channel analysis is the process of examining information leaked by a computing device during us...
We introduce new methods for detecting control-flow side channel attacks, transforming C source code...
The complexity of computer programs has been increasing for multiple decades. As a result, the numbe...
Developers of high-security systems (e.g., cryptographic libraries, web browsers) mustnot allow sens...
Context. In applications such as cryptography or real-time systems, formal methods are used to prove...
A crucial problem in software security is the detection of side-channels. Information gained by obse...
algorithms which are proven to be secure may become vulnerable after it is implemented in some progr...
A common attack point in a program is the input exposed to the user. The adversary crafts a maliciou...
Side-channel attacks try to gain information about the secret data in sensitiveprograms through leve...
Side-channels are unanticipated information flows that present a significant threatto security of sy...
The discrepancy between the abstract model used to reason about the security of computer systems and...
Side-channel attacks try to gain information about the secret data in sensitiveprograms through leve...
International audienceDeployed widely and embedding sensitive data, IoT devices depend on the reliab...
Software side-channel attacks are able to recover confidential information by observing non-function...
Side-channel attacks allow adversaries to infer sensitive information from non-functional characteri...
Side channel analysis is the process of examining information leaked by a computing device during us...
We introduce new methods for detecting control-flow side channel attacks, transforming C source code...
The complexity of computer programs has been increasing for multiple decades. As a result, the numbe...
Developers of high-security systems (e.g., cryptographic libraries, web browsers) mustnot allow sens...
Context. In applications such as cryptography or real-time systems, formal methods are used to prove...
A crucial problem in software security is the detection of side-channels. Information gained by obse...
algorithms which are proven to be secure may become vulnerable after it is implemented in some progr...
A common attack point in a program is the input exposed to the user. The adversary crafts a maliciou...
Side-channel attacks try to gain information about the secret data in sensitiveprograms through leve...
Side-channels are unanticipated information flows that present a significant threatto security of sy...
The discrepancy between the abstract model used to reason about the security of computer systems and...
Side-channel attacks try to gain information about the secret data in sensitiveprograms through leve...
International audienceDeployed widely and embedding sensitive data, IoT devices depend on the reliab...