Files in this item
Semi-automatic ladderisation : improving code security through rewriting and dependent types
Item metadata
dc.contributor.author | Brown, Christopher | |
dc.contributor.author | Barwell, Adam David | |
dc.contributor.author | Marquer, Yoann | |
dc.contributor.author | Zendra, Olivier | |
dc.contributor.author | Richmond, Tania | |
dc.contributor.author | Gu, Chen | |
dc.contributor.editor | Ariola, Zena M. | |
dc.contributor.editor | Cong, Youyou | |
dc.date.accessioned | 2022-02-02T15:30:02Z | |
dc.date.available | 2022-02-02T15:30:02Z | |
dc.date.issued | 2022-01-17 | |
dc.identifier | 276805364 | |
dc.identifier | 954ad893-abf0-4ae1-838b-d5115a30849b | |
dc.identifier | 85124031704 | |
dc.identifier.citation | Brown , C , Barwell , A D , Marquer , Y , Zendra , O , Richmond , T & Gu , C 2022 , Semi-automatic ladderisation : improving code security through rewriting and dependent types . in Z M Ariola & Y Cong (eds) , PEPM 2022: Proceedings of the 2022 ACM SIGPLAN International Workshop on Partial Evaluation and Program Manipulation . ACM , New York , POPL '22: The 49th Annual ACM SIGPLAN Symposioum on Principles of Programming Languages , Philadephia , Pennsylvania , United States , 17/01/22 . https://doi.org/10.1145/3498886.3502202 | en |
dc.identifier.citation | conference | en |
dc.identifier.isbn | 9781450391887 | |
dc.identifier.other | ORCID: /0000-0001-6030-2885/work/107718157 | |
dc.identifier.other | ORCID: /0000-0003-1236-7160/work/107718269 | |
dc.identifier.uri | https://hdl.handle.net/10023/24797 | |
dc.description | Funding: This work was generously supported by the EU Horizon 2020 project, TeamPlay (https://www.teamplay-h2020.eu), grant number 779882, and UK EPSRC, Energise, grant number EP/V006290/1. | en |
dc.description.abstract | Cyber attacks become more and more prevalent every day.An arms race is thus engaged between cyber attacks and cyber defences.One type of cyber attack is known as a side channel attack, where attackers exploit information leakage from the physical execution of a program, e.g. timing or power leakage, to uncover secret information, such as encryption keys or other sensitive data. There have been various attempts at addressing the problem of side-channel attacks, often relying on various measures to decrease the discernibility of several code variants or code paths. Most techniques require a high-degree of expertise by the developer, who often employs ad hoc, hand-crafted code-patching in an attempt to make it more secure. In this paper, we take a different approach: building on the idea of ladderisation, inspired by Montgomery Ladders. We present a semi-automatic tool-supported technique, aimed at the non-specialised developer, which refactors (a class of) C programs into functionally (and even algorithmically) equivalent counterparts with improved security properties. Our approach provides refactorings that transform the source code into its ladderised equivalent, driven by an underlying verified rewrite system, based on dependent types. Our rewrite system automatically finds rewritings of selected C expressions, facilitating the production of their equivalent ladderised counterparts for a subset of C. Using our tool-supported technique, we demonstrate our approach on a number of representative examples from the cryptographic domain, showing increased security. | |
dc.format.extent | 13 | |
dc.format.extent | 937419 | |
dc.language.iso | eng | |
dc.publisher | ACM | |
dc.relation.ispartof | PEPM 2022: Proceedings of the 2022 ACM SIGPLAN International Workshop on Partial Evaluation and Program Manipulation | en |
dc.subject | Security | en |
dc.subject | Dependent types | en |
dc.subject | Idris | en |
dc.subject | Soundness | en |
dc.subject | Refactoring | en |
dc.subject | Rewriting | en |
dc.subject | Semantics | en |
dc.subject | Side-channel attacks | en |
dc.subject | Fault injection | en |
dc.subject | QA75 Electronic computers. Computer science | en |
dc.subject | Computational Theory and Mathematics | en |
dc.subject | 3rd-DAS | en |
dc.subject | NIS | en |
dc.subject.lcc | QA75 | en |
dc.title | Semi-automatic ladderisation : improving code security through rewriting and dependent types | en |
dc.type | Conference item | en |
dc.contributor.sponsor | EPSRC | en |
dc.contributor.sponsor | European Commission | en |
dc.contributor.institution | University of St Andrews. School of Computer Science | en |
dc.identifier.doi | https://doi.org/10.1145/3498886.3502202 | |
dc.identifier.grantnumber | EP/V006290/1 | en |
dc.identifier.grantnumber | 779882 | en |
This item appears in the following Collection(s)
Items in the St Andrews Research Repository are protected by copyright, with all rights reserved, unless otherwise indicated.