Binsec/rel: Efficient relational symbolic execution for constant-time at binary-level
The constant-time programming discipline (CT) is an efficient countermeasure against timing
side-channel attacks, requiring the control flow and the memory accesses to be independent …
side-channel attacks, requiring the control flow and the memory accesses to be independent …
Constant-time foundations for the new spectre era
S Cauligi, C Disselkoen, K Gleissenthall… - Proceedings of the 41st …, 2020 - dl.acm.org
The constant-time discipline is a software-based countermeasure used for protecting high
assurance cryptographic implementations against timing side-channel attacks. Constant …
assurance cryptographic implementations against timing side-channel attacks. Constant …
Detecting privileged side-channel attacks in shielded execution with Déjá Vu
Intel Software Guard Extension (SGX) protects the confidentiality and integrity of an
unprivileged program running inside a secure enclave from a privileged attacker who has …
unprivileged program running inside a secure enclave from a privileged attacker who has …
Verifying constant-time implementations by abstract interpretation
Constant-time programming is an established discipline to secure programs against timing
attackers. Several real-world secure C libraries such as NaCl, mbedTLS, or Open Quantum …
attackers. Several real-world secure C libraries such as NaCl, mbedTLS, or Open Quantum …
Verifying {Constant-Time} Implementations
The constant-time programming discipline is an effective countermeasure against timing
attacks, which can lead to complete breaks of otherwise secure systems. However, adhering …
attacks, which can lead to complete breaks of otherwise secure systems. However, adhering …
Constantine: Automatic side-channel resistance using efficient control and data flow linearization
In the era of microarchitectural side channels, vendors scramble to deploy mitigations for
transient execution attacks, but leave traditional side-channel attacks against sensitive …
transient execution attacks, but leave traditional side-channel attacks against sensitive …
Fact: A flexible, constant-time programming language
We argue that C is unsuitable for writing timing-channel free cryptographic code that is both
fast and readable. Readable implementations of crypto routines would contain highlevel …
fast and readable. Readable implementations of crypto routines would contain highlevel …
Verifiable side-channel security of cryptographic implementations: constant-time MEE-CBC
We provide further evidence that implementing software countermeasures against timing
attacks is a non-trivial task and requires domain-specific software development processes …
attacks is a non-trivial task and requires domain-specific software development processes …
Hunting the haunter-efficient relational symbolic execution for spectre with haunted relse
Spectre are microarchitectural attacks which were made public in January 2018. They allow
an attacker to recover secrets by exploiting speculations. Detection of Spectre is particularly …
an attacker to recover secrets by exploiting speculations. Detection of Spectre is particularly …
The last mile: High-assurance and high-speed cryptographic implementations
We develop a new approach for building cryptographic implementations. Our approach
goes the last mile and delivers assembly code that is provably functionally correct, protected …
goes the last mile and delivers assembly code that is provably functionally correct, protected …