Verifying Constant-Time Implementations in a Verified Compilation Toolchain

Alix Trieu 1
1 CELTIQUE - Software certification with semantic analysis
Inria Rennes – Bretagne Atlantique , IRISA_D4 - LANGAGE ET GÉNIE LOGICIEL
Abstract : Side-channel attacks are an especially dangerous form of attack. In this thesis, we focus on the timing side-channel. A program is said to be constant-time if it is not vulnerable to timing attacks. We present in this thesis two methods relying on static analysis in order to ensure that a program is constant-time. These methods use formal verification in order to gain the highest possible level of assurance by relying on a verified compilation toolchain made up of the CompCert compiler and the Verasco static analyzer. We also propose a proof methodology in order to ensure that a compiler preserves constant-time security during compilation.
Complete list of metadatas

https://hal.inria.fr/tel-01944510
Contributor : Alix Trieu <>
Submitted on : Thursday, December 20, 2018 - 3:55:43 PM
Last modification on : Tuesday, February 19, 2019 - 2:50:03 PM

File

thesis_Alix_Trieu.pdf
Files produced by the author(s)

Identifiers

  • HAL Id : tel-01944510, version 2

Citation

Alix Trieu. Verifying Constant-Time Implementations in a Verified Compilation Toolchain. Computer Science [cs]. Université Rennes 1, 2018. English. ⟨tel-01944510v2⟩

Share

Metrics

Record views

182

Files downloads

500