Protection in programming-language translations. Secure Internet Programming, vol.77, p.78, 1999. ,
Access control based on execution history, vol.82, 2003. ,
On layout randomization for arrays and functions ,
On protection by layout randomization, ACM TISSEC, vol.15, issue.2, p.79, 2012. ,
Secure implementation of channel abstractions. Information and Computation, vol.174, p.79, 2002. ,
The applied pi calculus: Mobile values, new names, and secure communication, J. ACM, vol.65, issue.1, p.44, 2018. ,
URL : https://hal.archives-ouvertes.fr/hal-01423924
When good components go bad: Formally secure compilation despite dynamic compromise. CCS, vol.45, p.81, 2018. ,
URL : https://hal.archives-ouvertes.fr/hal-01949202
Journey beyond full abstraction: Exploring robust property preservation for secure compilation, vol.48, p.81, 2011. ,
Secure compilation to modern processors ,
Sound modular veriication of C code executing in an unveriied context, vol.43, p.48, 2015. ,
Dijkstra monads for free, 2017. ,
URL : https://hal.archives-ouvertes.fr/hal-01424794
Recalling a witness: Foundations and applications of monotonic state, vol.2, 2018. ,
URL : https://hal.archives-ouvertes.fr/hal-01672733
Veriied compilers for a multi-language world, vol.19, p.78 ,
Typed closure conversion preserves observational equivalence, vol.42, p.79, 2008. ,
An equivalence-preserving CPS translation via multi-language semantics. ICFP, vol.42, p.79, 2011. ,
Deening liveness, vol.IPL, p.29, 1985. ,
Instruction sets should be free: The case for RISC-V, p.12, 2014. ,
Termination-insensitive noninterference leaks more than just a bit, vol.15, p.28, 2008. ,
A methodology for micro-policies, vol.74, p.82, 2017. ,
A veriied information-ow architecture, POPL, p.83, 2014. ,
Micro-policies: Formally veriied, tag-based security monitors. Oakland S&P, vol.46, p.83, 2015. ,
A veriied information-ow architecture, Journal of Computer Security (JCS ,
, Special Issue on Veriied Information Flow Security, vol.24, issue.6, p.12, 2016.
The meaning of memory safety, 7th International Conference on Principles of Security and Trust (POST), vol.76, p.82, 2018. ,
URL : https://hal.archives-ouvertes.fr/hal-01949201
Type-checking zero-knowledge. CCS, p.44, 2008. ,
Achieving security despite compromise using zero-knowledge. CSF, p.80, 2009. ,
DOI : 10.1109/csf.2009.24
URL : http://www.infsec.cs.uni-saarland.de/~hritcu/publications/zk-compromise-wits.pdf
Union and intersection types for secure protocol implementations. TOSCA (precursor of POST), 2011. ,
URL : https://hal.archives-ouvertes.fr/hal-01102192
A reduced semantics for deciding trace equivalence, LMCS, vol.13, issue.2, p.44, 2017. ,
URL : https://hal.archives-ouvertes.fr/hal-01906639
Secure compilation of side-channel countermeasures: the case of cryptographic "constant-time, vol.14, p.84, 2018. ,
URL : https://hal.archives-ouvertes.fr/hal-01959560
Know your enemy: Compromising adversaries in protocol analysis, TISSEC, vol.17, issue.2, p.80, 2014. ,
HACL* in Mozilla Firefox: Formal methods and high assurance applications for the web, Real World Crypto Symposium, issue.13, 2018. ,
, , 2017.
Implementing and proving the TLS 1.3 record layer, IEEE Security & Privacy, vol.10, issue.8, p.13, 2017. ,
URL : https://hal.archives-ouvertes.fr/hal-01674096
Wedge: Splitting applications into reducedprivilege compartments, USENIX NSDI, vol.10, p.46, 2008. ,
Practical byzantine fault tolerance and proactive recovery, TOCS, vol.20, issue.4, p.80, 2002. ,
DOI : 10.1145/571637.571640
Nonmalleable information ow control, vol.28, p.84, 2017. ,
DOI : 10.1145/3133956.3134054
Deciding equivalence-based properties using constraint solving, TCS, vol.492, p.45, 2013. ,
DOI : 10.1016/j.tcs.2013.04.016
URL : https://hal.archives-ouvertes.fr/hal-00881060
DEEPSEC: Deciding equivalence properties in security protocols theory and practice, S&P, vol.30, p.44, 2018. ,
URL : https://hal.archives-ouvertes.fr/hal-01698177
Beyond the PDP-11: Architectural support for a memory-safe C abstract machine, ASPLOS, vol.10, p.46, 2015. ,
QuickCheck: a lightweight tool for random testing of Haskell programs, 2000. ,
, Hyperproperties. JCS, vol.18, issue.6, p.79, 2010.
Losing control: On the eeectiveness of control-ow integrity under stack attacks, 2015. ,
Testing equivalences for processes, TCS, vol.34, p.31, 1984. ,
A survey of symbolic methods for establishing equivalence-based properties in cryptographic protocols, JLAMP, vol.87, p.44, 2017. ,
URL : https://hal.archives-ouvertes.fr/hal-01906634
Fully-abstract compilation by approximate backtranslation. POPL, vol.37, p.78, 2016. ,
Reasoning about object capabilities with logical relations and eeect parametricity, EuroS&P, p.83, 2016. ,
Modular, fully-abstract compilation by approximate back-translation, LMCS, vol.13, issue.4, p.79 ,
, , vol.14, p.79, 2018.
Area-eecient near-associative memories on FPGAs. FPGA, 2013. ,
Hardware support for safety interlocks and introspection, SASO Workshop on Adaptive Host and Network Security, 2012. ,
Architectural support for software-deened metadata processing, ASPLOS, vol.74, p.84, 2015. ,
Architectural support for software-deened metadata processing, ASPLOS, vol.7, p.74, 2015. ,
The correctness-security gap in compiler optimization. S&P Workshops, p.19, 2015. ,
EEectiveSan: Type and memory error detection using dynamically typed C/C++. PLDI, vol.9, p.47, 2018. ,
, The matter of Heartbleed. IMC, vol.9, p.13, 2014.
Compiling a secure variant of C to capabilities. Dagstuhl Seminar 18201 on Secure Compilation, p.19, 2018. ,
Determinacy implies (observation equivalence = trace equivalence), TCS, vol.36, p.45, 1985. ,
Simple high-level code for cryptographic arithmetic-with proofs, without compromises, IEEE S&P, issue.13, 2019. ,
, , 2015.
Memoryless subsystems, The Computer Journal, vol.17, issue.2, p.28, 1974. ,
A taxonomy of security properties for process algebras, JCS, vol.3, issue.1, p.17, 1995. ,
A type discipline for authorization policies, ACM Trans. Program. Lang. Syst, vol.29, issue.5, p.80, 2007. ,
Fully abstract compilation to JavaScript, vol.42, p.79 ,
URL : https://hal.archives-ouvertes.fr/hal-00780803
Security policies and security models, S&P, vol.15, p.26, 1982. ,
Building secure SGX enclaves using F*, C/C++ and X64. 2nd Workshop on Principles of Secure Compilation (PriSC), vol.10, p.46, 2018. ,
Typing correspondence assertions for communication protocols, TCS, vol.300, issue.1-3, p.53, 2003. ,
Types and eeects for asymmetric cryptographic protocols, JCS, vol.12, issue.3-4, p.79, 2004. ,
Secrecy despite compromise: Types, cryptography, and the picalculus. CONCUR, p.80, 2005. ,
A monadic framework for relational veriication: Applied to information security, program equivalence, and optimizations, CPP, issue.8, 2018. ,
Clean application compartmentalization with SOAAP. CCS, vol.10, p.82, 2015. ,
Bringing the web up to speed with WebAssembly, vol.10, p.46, 2017. ,
TypeSan: Practical type confusion detection, CCS, vol.9, p.47, 2016. ,
Deening the undeenedness of C. PLDI, vol.9, p.47, 2015. ,
The Heartbleed bug, p.47, 2014. ,
SPEC CPU2006 benchmark descriptions, SIGARCH Comput. Archit. News, vol.34, issue.4, p.81, 2006. ,
All your IFCException are belong to us. Oakland S&P, 2013. ,
, Testing noninterference, quickly. ICFP. 2013b. 6, vol.7
Testing noninterference, quickly, JFP, vol.26, issue.6, p.4, 2016. ,
Software guard extensions (SGX) programming reference, vol.10, p.78, 2014. ,
, IEC, vol.9899, p.47, 2011.
Local memory via layout randomization. CSF, vol.14, p.79, 2011. ,
DOI : 10.1109/csf.2011.18
URL : http://fpl.cs.depaul.edu/rjagadeesan/ftp/layout.pdf
Java Jr: Fully abstract trace semantics for a core Java language, ESOP, vol.36, p.79, 2005. ,
A fully abstract may testing semantics for concurrent objects, TCS, vol.338, issue.1-3, p.44, 2005. ,
A logic of programs with interface-connned code, p.83, 2015. ,
Towards a fully abstract compiler using micro-policies: Secure compilation for mutually distrustful components, vol.46, p.77, 2011. ,
Beyond good and evil: Formalizing the security guarantees of compartmentalizing compilation. CSF, vol.79, p.81, 2016. ,
URL : https://hal.archives-ouvertes.fr/hal-01424795
Lightweight veriication of separate compilation, POPL, vol.60, p.62, 1920. ,
Securing the .net programming model, Theoretical Computer Science, vol.364, issue.3, p.78, 2006. ,
Privman: A library for partitioning applications. USENIX FREENIX, vol.10, p.46, 2003. ,
SAFE ISA (version 3.0 with interrupts per thread), p.76, 2012. ,
The C Standard Formalized in Coq, vol.9, p.47, 2015. ,
Portable software fault isolation. CSF, p.80, 2014. ,
CakeML: a veriied implementation of ML, The 41st Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL, vol.10, p.21, 2014. ,
Robust satisfaction. CONCUR, vol.15, p.79, 1999. ,
Specifying systems: the TLA+ language and tools for hardware and software engineers, vol.18, p.21, 2002. ,
Formal foundation for speciication and veriication, Distributed Systems: Methods and Tools for Speciication, An Advanced Course, vol.48, p.53, 1984. ,
The byzantine generals problem, ACM Transactions on Programming Languages and Systems, vol.4, issue.3, p.80, 1982. ,
Beginner's Luck: A language for random generators, 2017. ,
Generating good generators for inductive relations, PACMPL, vol.2, issue.8, 2018. ,
A secure compiler for ML modules, APLAS, vol.14, p.78, 2015. ,
What every C programmer should know about undeened behavior #1/3. LLVM Project Blog, p.47, 2011. ,
, Taming undeened behavior in LLVM. PLDI, p.67, 2017.
Formal veriication of a realistic compiler, CACM, vol.52, issue.7, p.71, 2009. ,
Formal veriication of a realistic compiler, CACM, vol.52, issue.7, p.82, 2009. ,
Formal veriication of a C-like memory model and its uses for verifying program transformations, JAR, vol.41, issue.1, p.67, 2008. ,
Temporal veriication of reactive systems: safety, vol.18, p.21, 2012. ,
, Proof automation with SMT, tactics, and metaprograms, 2018.
Proving noninterference and functional correctness using traces, Journal of Computer Security, vol.1, issue.1, p.28, 1992. ,
A theory of information-ow labels. CSF, 2013. ,
RockSalt: better, faster, stronger SFI for the x86, vol.73, p.80 ,
, Veriied peephole optimizations for CompCert. PLDI, p.66, 2016.
CETS: compiler enforced temporal safety for C. ISMM, vol.9, p.82, 2010. ,
Everything you want to know about pointer-based checking ,
Pilsner: a compositionally veriied compiler for a higher-order imperative language ,
Fully abstract compilation via universal embedding, ICFP, vol.78, p.79, 2016. ,
Foundational property-based testing, ITP, vol.8, p.73, 2015. ,
URL : https://hal.archives-ouvertes.fr/hal-01162898
Fully abstract trace semantics for protected module architectures, CL, vol.42, p.79, 2015. ,
Secure compilation and hyperproperty preservation, p.44, 2017. ,
Robustly safe compilation. CoRR, vol.14, p.79, 2018. ,
Secure compilation to protected module architectures, TOPLAS, vol.69, p.78, 2015. ,
On modular and fully-abstract compilation, vol.43, p.78, 2016. ,
Formal approaches to secure compilation: A survey of fully abstract compilation and related work, ACM Computing Surveys, vol.14, p.45, 2019. ,
Verifying an open compiler using multi-language semantics, ESOP, 1920. ,
, , vol.17, p.81, 2017.
Preventing privilege escalation, 12th USENIX Security Symposium, vol.10, p.46, 2003. ,
Timing-sensitive noninterference through composition, Principles of Security and Trust-6th International Conference, POST 2017, Held as Part of the European Joint Conferences on Theory and Practice of Software, p.84, 2017. ,
A guide to undeened behavior in C and C++, part 3. Embedded in Academia blog, vol.47, p.65, 2010. ,
Isolating web programs in modern browser architectures, EuroSys, vol.10, p.82, 2009. ,
Protecting the stack with metadata policies and tagged hardware, IEEE S&P, p.82, 2018. ,
CSP and determinism in security modelling, S&P, p.28, 1995. ,
Language-based information-ow security, IEEE Journal on Selected Areas in Communications, vol.21, issue.1, p.26, 2003. ,
A PER model of secure information ow in sequential programs, HOSC, vol.14, issue.1, p.28, 2001. ,
On Concurrent Programming. Texts in Computer Science, vol.18, p.21, 1997. ,
What you get is what you C: Controlling side eeects in mainstream C compilers, EuroS&P, p.19, 2018. ,
Reasoning about a machine with local capabilities-provably safe stack and return pointer management, ESOP, vol.10, p.80, 2018. ,
Enforcing well-bracketed control ow and stack encapsulation using linear capabilities ,
, Compositional CompCert. POPL, 1920.
SAFE: A clean-slate architecture for secure systems, Proceedings of the IEEE International Conference on Technologies for Homeland Security, 2013. ,
, Dependent types and multi-monadic eeects in F*. POPL, vol.8, p.10, 2016.
Robust and compositional veriication of object capability patterns, vol.44, p.79, 2017. ,
SoK: Eternal war in memory, IEEE S&P, vol.13, issue.9, p.73, 2013. ,
Principles and implementation techniques of software-based fault isolation, FTSEC, vol.1, issue.3, p.46, 2017. ,
Towards automatic compartmentalization of C programs on capability machines, vol.11, p.46, 2017. ,
Towards safe enclaves. HotSpot, vol.11, p.46, 2016. ,
Linear capabilities for modular fully-abstract compilation of veriied code, vol.11, p.46, 2018. ,
BreakApp: Automated, exible application compartmentalization ,
EEcient software-based fault isolation, SOSP, vol.46, p.72, 1993. ,
Towards optimization-safe systems: Analyzing the impact of undeened behavior ,
, CHERI: A hybrid capability-system architecture for scalable software compartmentalization. S&P, p.82, 2015.
CHERI: A hybrid capability-system architecture for scalable software compartmentalization, IEEE S&P, vol.10, p.66, 2015. ,
CompCert for software fault isolation, Secure Compilation Meeting (SCM ,
A semantic model for authentication protocols, IEEE S&P, p.53, 1993. ,
Ethereum: A secure decentralised generalised transaction ledger. Ethereum project yellow paper, vol.151, p.25, 2014. ,
Native Client: A sandbox for portable, vol.53, p.82, 2010. ,
A general theory of security properties, p.17, 1997. ,
Observational determinism for concurrent program security, vol.15, p.28, 2003. ,
ARMor: Fully veriied software fault isolation. EMSOFT, p.80, 2011. ,
HACL*: A veriied modern cryptographic library, vol.10, p.13, 2017. ,
, The results presented in this habilitation have previously appeared in a series of research papers that are appended below. I have substantially contributed to each of these papers, which I coauthored with my students and several external collaborations
Journey beyond full abstraction: Exploring robust property preservation for secure compilation, 2018. ,
When good components go bad: Formally secure compilation despite dynamic compromise, 25th ACM Conference on Computer and Communications Security (CCS 2018), pp.1351-1368, 2018. ,
URL : https://hal.archives-ouvertes.fr/hal-01949202
Beyond good and evil: Formalizing the security guarantees of compartmentalizing compilation, 29th IEEE Symposium on Computer Security Foundations (CSF), pp.45-60, 2016. ,
URL : https://hal.archives-ouvertes.fr/hal-01424795
Micro-Policies: Formally veriied, tag-based security monitors, 36th IEEE Symposium on Security and Privacy (Oakland S&P), pp.813-830, 2015. ,
A veriied information-ow architecture, Journal of Computer Security (JCS); Special Issue on Veriied Information Flow Security, vol.24, issue.6, pp.689-734, 2016. ,