End-host runtime monitors (eg, CFI, system call IDS) flag processes in response to
symptoms of a possible attack. Unfortunately, the symptom (eg, invalid control transfer) may …

The security of isolated execution architectures such as Intel SGX has been significantly
threatened by the recent emergence of side-channel attacks. Cache side-channel attacks …

Cryptography secures our online interactions, transactions, and trust. To achieve this goal,
not only do the cryptographic primitives and protocols need to be secure in theory, they also …

We propose ProSpeCT, a generic formal processor model providing provably secure
speculation for the constant-time policy. For constant-time programs under a non …

This article tackles the problem of designing efficient binary-level verification for a subset of
information flow properties encompassing constant-time and secret-erasure. These …

Cache side-channel attacks extract secrets by examining how victim software accesses
cache. To date, practical attacks on crypto systems and media libraries are demonstrated …

云计算具有高性能, 服务化, 弹性伸缩, 环境友好等优点, 已经成为广泛采用的新型IT 基础设施.
资源外包与资源租赁的服务化本质, 导致安全与隐私需求尤为突出, 传统安全技术方案无法有效 …

Differential privacy is an information theoretic constraint on algorithms and code. It provides
quantification of privacy leakage and formal privacy guarantees that are currently …

Side-channel attacks allow adversaries to infer sensitive information from non-functional
characteristics. Prior side-channel detection work is able to identify numerous potential …

Confidential computing aims to secure the code and data in use by providing a Trusted
Execution Environment (TEE) for applications using hardware features such as Intel SGX …