Verifying constant-time implementations in a verified compilation toolchain

Alix Trieu 1, 2
Abstract : Side-channel attacks are an especially dangerous form of attack. In this thesis, we focus on the timing side-channel. A program is said to be constant-time if it is not vulnerable to timing attacks. We present in this thesis two methods relying on static analysis in order to ensure that a program is constant-time. These methods use formal verification in order to gain the highest possible level of assurance by relying on a verified compilation toolchain made up of the CompCert compiler and the Verasco static analyzer. We also propose a proof methodology in order to ensure that a compiler preserves constant-time security during compilation.
Document type :
Theses
Complete list of metadatas

Cited literature [78 references]  Display  Hide  Download

https://hal.inria.fr/tel-01944510
Contributor : Abes Star <>
Submitted on : Monday, June 17, 2019 - 9:53:08 AM
Last modification on : Wednesday, June 19, 2019 - 1:19:17 AM

File

TRIEU_Alix.pdf
Files produced by the author(s)

Identifiers

  • HAL Id : tel-01944510, version 3

Citation

Alix Trieu. Verifying constant-time implementations in a verified compilation toolchain. Cryptography and Security [cs.CR]. Université Rennes 1, 2018. English. ⟨NNT : 2018REN1S099⟩. ⟨tel-01944510v3⟩

Share

Metrics

Record views

123

Files downloads

235