International audienceConstant-time programming is an established discipline to secure programs against timing attacks. Several real-world secure C libraries such as NaCl, mbedTLS, or Open Quantum Safe, follow this discipline. We propose an advanced static analysis, based on state-of-the-art techniques from abstract interpretation, to report time leakage during programming. To that purpose, we analyze source C programs and use full context-sensitive and arithmetic-aware alias analyses to track the tainted flows.We give semantic evidences of the correctness of our approach on a core language. We also present a prototype implementation for C programs that is based on the CompCert compiler toolchain and its companion Verasco static analyzer. W...
Abstract. We present a static analysis by Abstract Interpretation to check for run-time errors in pa...
Part 1: Full PapersInternational audienceConstant-time programming is a countermeasure to prevent ca...
18 pages, 7 figures, accepted at IEEE Symposium on Security and Privacy 2020International audienceTh...
International audienceConstant-time programming is an established discipline to secure programs agai...
International audienceConstant-time programming is an established discipline to secure programs agai...
Side-channel attacks are an especially dangerous form of attack. In this thesis, we focus on the tim...
Les attaques par canaux cachés sont une forme d'attaque particulièrement dangereuse. Dans cette thès...
International audienceTiming side-channels are arguably one of the main sources of vulnerabilities i...
International audienceCryptographic constant-time (CT) is a popular programming discipline used by c...
The constant-time programming discipline is an effective countermeasure against timing attacks, whic...
Constant-time implementations are a popular approach for defending against cache-timing attacks. It ...
The constant-time discipline is a software-based countermeasure used for protecting high assurance c...
Side-channel attacks try to gain information about the secret data in sensitiveprograms through leve...
We present a static analysis by Abstract Interpretation to check for run-timeerrors in parallel and ...
Software security vulnerabilities are a major threat for software systems. In the worst case, vulner...
Abstract. We present a static analysis by Abstract Interpretation to check for run-time errors in pa...
Part 1: Full PapersInternational audienceConstant-time programming is a countermeasure to prevent ca...
18 pages, 7 figures, accepted at IEEE Symposium on Security and Privacy 2020International audienceTh...
International audienceConstant-time programming is an established discipline to secure programs agai...
International audienceConstant-time programming is an established discipline to secure programs agai...
Side-channel attacks are an especially dangerous form of attack. In this thesis, we focus on the tim...
Les attaques par canaux cachés sont une forme d'attaque particulièrement dangereuse. Dans cette thès...
International audienceTiming side-channels are arguably one of the main sources of vulnerabilities i...
International audienceCryptographic constant-time (CT) is a popular programming discipline used by c...
The constant-time programming discipline is an effective countermeasure against timing attacks, whic...
Constant-time implementations are a popular approach for defending against cache-timing attacks. It ...
The constant-time discipline is a software-based countermeasure used for protecting high assurance c...
Side-channel attacks try to gain information about the secret data in sensitiveprograms through leve...
We present a static analysis by Abstract Interpretation to check for run-timeerrors in parallel and ...
Software security vulnerabilities are a major threat for software systems. In the worst case, vulner...
Abstract. We present a static analysis by Abstract Interpretation to check for run-time errors in pa...
Part 1: Full PapersInternational audienceConstant-time programming is a countermeasure to prevent ca...
18 pages, 7 figures, accepted at IEEE Symposium on Security and Privacy 2020International audienceTh...