Trace properties, which have long been used for reasoning about systems, are sets of
execution traces. Hyperproperties, introduced here, are sets of trace properties …

Two new logics for verification of hyperproperties are proposed. Hyperproperties
characterize security policies, such as noninterference, as a property of sets of computation …

Information security can be compromised by leakage via low-level hardware features. One
recently prominent example is cache probing attacks, which rely on timing channels created …

Information flow policies are confidentiality policies that control information leakage through
program execution. A common way to enforce secure information flow is through information …

For over two decades, timing attacks have been an active area of research within applied
cryptography. These attacks exploit cryptosystem or protocol implementations that do not run …

Transient execution attacks like Spectre, Meltdown and Foreshadow have shown that
combinations of microarchitectural side-channels can be synergistically exploited to create …

We investigate techniques for general black-box mitigation of timing channels. The source of
events is wrapped by a timing mitigator that delays output events so that they contain only a …

We propose a new language-based approach to mitigating timing channels. In this
language, well-typed programs provably leak only a bounded amount of information over …

Information flow is an important security property that must be incorporated from the ground
up, including at hardware design time, to provide a formal basis for a system's root of trust …

Hardware-based mechanisms for software isolation are becoming increasingly popular, but
implementing these mechanisms correctly has proved difficult, undermining the root of …