VeriPhy: verified controller executables from verified cyber-physical system models
We present VeriPhy, a verified pipeline which automatically transforms verified high-level
models of safety-critical cyber-physical systems (CPSs) in differential dynamic logic (dL) to …
models of safety-critical cyber-physical systems (CPSs) in differential dynamic logic (dL) to …
When good components go bad: Formally secure compilation despite dynamic compromise
We propose a new formal criterion for evaluating secure compilation schemes for unsafe
languages, expressing end-to-end security guarantees for software components that may …
languages, expressing end-to-end security guarantees for software components that may …
Lord of the x86 rings: A portable user mode privilege separation architecture on x86
Modern applications often involve processing of sensitive information. However, the lack of
privilege separation within the user space leaves sensitive application secret such as …
privilege separation within the user space leaves sensitive application secret such as …
Modular verification of programs with effects and effect handlers in Coq
T Letan, Y Régis-Gianas, P Chifflier, G Hiet - … , FM 2018, Held as Part of the …, 2018 - Springer
Modern computing systems have grown in complexity, and the attack surface has increased
accordingly. Even though system components are generally carefully designed and even …
accordingly. Even though system components are generally carefully designed and even …
Mobilizing the micro-ops: Exploiting context sensitive decoding for security and energy efficiency
Modern instruction set decoders feature translation of native instructions into internal micro-
ops to simplify CPU design and improve instruction-level parallelism. However, this …
ops to simplify CPU design and improve instruction-level parallelism. However, this …
From debugging-information based binary-level type inference to CFG generation
Binary-level Control-Flow Graph (CFG) construction is essential for applications such as
control-flow integrity. There are two main approaches: the binary-analysis approach and the …
control-flow integrity. There are two main approaches: the binary-analysis approach and the …
Bidirectional grammars for machine-code decoding and encoding
G Tan, G Morrisett - Journal of Automated Reasoning, 2018 - Springer
Binary analysis, which analyzes machine code, requires a decoder for converting bits into
abstract syntax of machine instructions. Binary rewriting requires an encoder for converting …
abstract syntax of machine instructions. Binary rewriting requires an encoder for converting …
Modular software fault isolation as abstract interpretation
Abstract Software Fault Isolation (SFI) consists in transforming untrusted code so that it runs
within a specific address space,(called the sandbox) and verifying at load-time that the …
within a specific address space,(called the sandbox) and verifying at load-time that the …
Protecting instruction set randomization from code reuse attacks
R Guanciale - Secure IT Systems: 23rd Nordic Conference, NordSec …, 2018 - Springer
Abstract Instruction Set Randomization (ISR) prevents code injection by randomizing the
instruction encoding used by programs, thus preventing an attacker from preparing a …
instruction encoding used by programs, thus preventing an attacker from preparing a …
Adding 32-bit Mode to the ACL2 Model of the x86 ISA
A Coglio, S Goel - arXiv preprint arXiv:1810.04313, 2018 - arxiv.org
The ACL2 model of the x86 Instruction Set Architecture was built for the 64-bit mode of
operation of the processor. This paper reports on our work to extend the model with support …
operation of the processor. This paper reports on our work to extend the model with support …