Precise Detection of Side-Channel Vulnerabilities using Quantitative Cartesian Hoare Logic
暂无分享,去创建一个
Isil Dillig | Jia Chen | Yu Feng | Jia Chen | Yu Feng | Işıl Dillig
[1] Edward W. Felten,et al. Timing attacks on Web privacy , 2000, CCS.
[2] Roberto Gorrieri,et al. A Taxonomy of Security Properties for Process Algebras , 1995, J. Comput. Secur..
[3] Danfeng Zhang,et al. Language-based control and mitigation of timing channels , 2012, PLDI.
[4] Simha Sethumadhavan,et al. TimeWarp: Rethinking timekeeping and performance monitoring mechanisms to mitigate side-channel attacks , 2012, 2012 39th Annual International Symposium on Computer Architecture (ISCA).
[5] Mohammad Abdullah Al Faruque,et al. Side Channels of Cyber-Physical Systems: Case Study in Additive Manufacturing , 2017, IEEE Des. Test.
[6] David Brumley,et al. Remote timing attacks are practical , 2003, Comput. Networks.
[7] Nick Benton,et al. Simple relational correctness proofs for static analyses and program transformations , 2004, POPL.
[8] Mira Mezini,et al. Taming reflection: Aiding static analysis in the presence of reflection and custom class loaders , 2011, 2011 33rd International Conference on Software Engineering (ICSE).
[9] K. Rustan M. Leino,et al. Houdini, an Annotation Assistant for ESC/Java , 2001, FME.
[10] Reiner Hähnle,et al. Resource Analysis of Complex Programs with Cost Equations , 2014, APLAS.
[11] J. Meseguer,et al. Security Policies and Security Models , 1982, 1982 IEEE Symposium on Security and Privacy.
[12] Francis Olivier,et al. Electromagnetic Analysis: Concrete Results , 2001, CHES.
[13] Nikolaj Bjørner,et al. Z3: An Efficient SMT Solver , 2008, TACAS.
[14] Andrew C. Myers,et al. Jif: java information flow , 1999 .
[15] Amir Herzberg,et al. Cross-Site Search Attacks , 2015, CCS.
[16] Elaine Shi,et al. GhostRider: A Hardware-Software System for Memory Trace Oblivious Computation , 2015, ASPLOS.
[17] Martin Hofmann,et al. Static prediction of heap space usage for first-order functional programs , 2003, POPL '03.
[18] Christel Baier,et al. Proceedings of the 21st International Conference on Tools and Algorithms for the Construction and Analysis of Systems - Volume 9035 , 2015 .
[19] Jürgen Giesl,et al. Analyzing Runtime and Size Complexity of Integer Programs , 2016, ACM Trans. Program. Lang. Syst..
[20] Helmut Veith,et al. A simple and scalable static analysis for bound analysis and amortized complexity analysis , 2014, Software Engineering.
[21] Gilles Barthe,et al. System-level Non-interference for Constant-time Cryptography , 2014, IACR Cryptol. ePrint Arch..
[22] Paul C. Kocher,et al. Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.
[23] R.,et al. A Classiication of Security Properties for Process Algebras a Classification of Security Properties for Process Algebras 1 , 2007 .
[24] Zhong Shao,et al. Type-Based Amortized Resource Analysis with Integers and Arrays , 2014, FLOPS.
[25] Kenneth G. Paterson,et al. Lucky Thirteen: Breaking the TLS and DTLS Record Protocols , 2013, 2013 IEEE Symposium on Security and Privacy.
[26] Michael Hicks,et al. Decomposition instead of self-composition for proving the absence of timing channels , 2017, PLDI.
[27] Corina S. Pasareanu,et al. Multi-run Side-Channel Analysis Using Symbolic Execution and Max-SMT , 2016, 2016 IEEE 29th Computer Security Foundations Symposium (CSF).
[28] Vitaly Shmatikov,et al. Privacy-preserving deep learning , 2015, 2015 53rd Annual Allerton Conference on Communication, Control, and Computing (Allerton).
[29] Amir Pnueli,et al. CoVaC: Compiler Validation by Program Analysis of the Cross-Product , 2008, FM.
[30] Andreas Haeberlen,et al. Differential Privacy Under Fire , 2011, USENIX Security Symposium.
[31] Zhong Shao,et al. Compositional certified resource bounds , 2015, PLDI.
[32] Helmut Veith,et al. Complexity and Resource Bound Analysis of Imperative Programs Using Difference Constraints , 2017, Journal of Automated Reasoning.
[33] Dan Boneh,et al. Exposing private information by timing web applications , 2007, WWW '07.
[34] Serge Vaudenay,et al. Security Flaws Induced by CBC Padding - Applications to SSL, IPSEC, WTLS , 2002, EUROCRYPT.
[35] Stephan Krenn,et al. Cache Games -- Bringing Access-Based Cache Attacks on AES to Practice , 2011, 2011 IEEE Symposium on Security and Privacy.
[36] François Pottier,et al. Information flow inference for ML , 2003, TOPL.
[37] Andrew C. Myers,et al. Language-based information-flow security , 2003, IEEE J. Sel. Areas Commun..
[38] Ashay Rane,et al. Secure, Precise, and Fast Floating-Point Operations on x86 Processors , 2016, USENIX Security Symposium.
[39] Isil Dillig,et al. Cartesian hoare logic for verifying k-safety properties , 2016, PLDI.
[40] Greg Nelson,et al. Extended static checking for Java , 2002, PLDI '02.
[41] Martin Hofmann,et al. Multivariate amortized resource analysis , 2012, TOPL.
[42] Shuvendu K. Lahiri,et al. Complexity and Algorithms for Monomial and Clausal Predicate Abstraction , 2009, CADE.
[43] Laurie Hendren,et al. Soot: a Java bytecode optimization framework , 2010, CASCON.
[44] David A. Naumann. From Coupling Relations to Mated Invariants for Checking Information Flow , 2006, ESORICS.
[45] Daniel Genkin,et al. Get your hands off my laptop: physical side-channel key-extraction attacks on PCs , 2015, Journal of Cryptographic Engineering.
[46] Sumit Gulwani,et al. Bound Analysis of Imperative Programs with the Size-Change Abstraction , 2011, SAS.
[47] Matt Fredrikson,et al. J an 2 01 8 Verifying and Synthesizing Constant-Resource Implementations with Types , 2018 .
[48] Zhou Li,et al. Sidebuster: automated detection and quantification of side-channel leaks in web application development , 2010, CCS '10.
[49] Pedro R. D'Argenio,et al. Secure information flow by self-composition , 2004, Proceedings. 17th IEEE Computer Security Foundations Workshop, 2004..
[50] Stan Matwin,et al. Privacy-Sensitive Information Flow with JML , 2005, CADE.
[51] Rupak Majumdar,et al. Tools and Algorithms for the Construction and Analysis of Systems , 1997, Lecture Notes in Computer Science.
[52] James W. Gray,et al. Toward a mathematical foundation for information flow security , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.
[53] Ashay Rane,et al. Raccoon: Closing Digital Side-Channels through Obfuscated Execution , 2015, USENIX Security Symposium.
[54] Alexander Aiken,et al. A Data Driven Approach for Algebraic Loop Invariants , 2013, ESOP.
[55] Bertrand Jeannet,et al. Apron: A Library of Numerical Abstract Domains for Static Analysis , 2009, CAV.
[56] Elvira Albert,et al. Non-cumulative Resource Analysis , 2015, TACAS.
[57] Onur Aciiçmez,et al. A Vulnerability in RSA Implementations Due to Instruction Cache Analysis and Its Demonstration on OpenSSL , 2008, CT-RSA.
[58] Martin Hofmann,et al. Amortized Resource Analysis with Polynomial Potential , 2010, ESOP.
[59] Gilles Barthe,et al. Verifying Constant-Time Implementations , 2016, USENIX Security Symposium.
[60] Michael Hicks,et al. Decomposition Instead of Self-Composition for k-Safety , 2016 .
[61] Yuval Yarom,et al. CacheBleed: a timing attack on OpenSSL constant-time RSA , 2016, Journal of Cryptographic Engineering.
[62] Armando Solar-Lezama,et al. A language for automatically enforcing privacy policies , 2012, POPL '12.
[63] Jean-Pierre Seifert,et al. On the power of simple branch prediction analysis , 2007, ASIACCS '07.
[64] David Schultz,et al. The Program Counter Security Model: Automatic Detection and Removal of Control-Flow Side Channel Attacks , 2005, ICISC.
[65] Tevfik Bultan,et al. String analysis for side channels with segmented oracles , 2016, SIGSOFT FSE.
[66] Gilles Barthe,et al. Beyond 2-Safety: Asymmetric Product Programs for Relational Program Verification , 2013, LFCS.
[67] Fernando Magno Quintão Pereira,et al. Sparse representation of implicit flows with applications to side-channel detection , 2016, CC.
[68] Rui Wang,et al. Side-Channel Leaks in Web Applications: A Reality Today, a Challenge Tomorrow , 2010, 2010 IEEE Symposium on Security and Privacy.
[69] Gilles Barthe,et al. Relational Verification Using Product Programs , 2011, FM.
[70] Alexander Aiken,et al. Secure Information Flow as a Safety Problem , 2005, SAS.
[71] Ankush Das,et al. Towards automatic resource bound analysis for OCaml , 2016, POPL.
[72] Marco Gaboardi,et al. Relational cost analysis , 2017, POPL.
[73] Jacques Klein,et al. FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps , 2014, PLDI.
[74] Sumit Gulwani,et al. SPEED: precise and efficient static estimation of program computational complexity , 2009, POPL '09.
[75] Samir Genaim,et al. On the Limits of the Classical Approach to Cost Analysis , 2012, SAS.