[PDF][PDF] Verified security for the Morello capability-enhanced prototype Arm architecture
T Bauereiss, B Campbell, T Sewell… - European …, 2022 - library.oapen.org
Memory safety bugs continue to be a major source of security vulnerabilities in our critical
infrastructure. The CHERI project has proposed extending conventional architectures with …
infrastructure. The CHERI project has proposed extending conventional architectures with …
Le temps des cerises: efficient temporal stack safety on capability machines using directed capabilities
Capability machines are a type of CPUs that support fine-grained privilege separation using
capabilities, machine words that include forms of authority. Formal models of capability …
capabilities, machine words that include forms of authority. Formal models of capability …
SECOMP: Formally Secure Compilation of Compartmentalized C Programs
Undefined behavior in C often causes devastating security vulnerabilities. One practical
mitigation is compartmentalization, which allows developers to structure large programs into …
mitigation is compartmentalization, which allows developers to structure large programs into …
Securing Verified IO Programs Against Unverified Code in F
We introduce SCIO*, a formally secure compilation framework for statically verified programs
performing input-output (IO). The source language is an F* subset in which a verified …
performing input-output (IO). The source language is an F* subset in which a verified …
Cerise: Program verification on a capability machine in the presence of untrusted code
AL Georges*, A Guéneau*, T Van Strydonck… - Journal of the …, 2024 - dl.acm.org
A capability machine is a type of CPU allowing fine-grained privilege separation using
capabilities, machine words that represent certain kinds of authority. We present a …
capabilities, machine words that represent certain kinds of authority. We present a …
SecurePtrs: Proving secure compilation with data-flow back-translation and turn-taking simulation
Proving secure compilation of partial programs typically requires back-translating an attack
against the compiled program to an attack against the source program. To prove back …
against the compiled program to an attack against the source program. To prove back …
Fully abstract and robust compilation: and how to reconcile the two, abstractly
The most prominent formal criterion for secure compilation is full abstraction, the
preservation and reflection of contextual equivalence. Recent work introduced robust …
preservation and reflection of contextual equivalence. Recent work introduced robust …
Towards End-to-End Verified TEEs via Verified Interface Conformance and Certified Compilers
F Derakhshan, Z Zhang… - 2023 IEEE 36th …, 2023 - ieeexplore.ieee.org
Trusted Execution Environments (TEE) are ubiq-uitous. They form the highest privileged
software component of the platform with full access to the system and associated devices …
software component of the platform with full access to the system and associated devices …
Secure composition of robust and optimising compilers
To ensure that secure applications do not leak their secrets, they are required to uphold
several security properties such as spatial and temporal memory safety as well as …
several security properties such as spatial and temporal memory safety as well as …
Universal composability is robust compilation
M Patrignani, R Künnemann, RS Wahby - arXiv preprint arXiv:1910.08634, 2019 - arxiv.org
This paper discusses the relationship between two frameworks: universal composability
(UC) and robust compilation (RC). In cryptography, UC is a framework for the specification …
(UC) and robust compilation (RC). In cryptography, UC is a framework for the specification …