Zobrazeno 1 - 10
of 137
pro vyhledávání: '"Murray, Toby"'
We consider the problem of how to verify the security of probabilistic oblivious algorithms formally and systematically. Unfortunately, prior program logics fail to support a number of complexities that feature in the semantics and invariant needed t
Externí odkaz:
http://arxiv.org/abs/2407.00514
In this paper, we investigate the naturalness of semantic-preserving transformations and their impacts on the evaluation of NPR. To achieve this, we conduct a two-stage human study, including (1) interviews with senior software developers to establis
Externí odkaz:
http://arxiv.org/abs/2402.11892
Autor:
Bembenek, Aaron, Murray, Toby
To handle AI tasks that combine perception and logical reasoning, recent work introduces Neurosymbolic Deep Neural Networks (NS-DNNs), which contain -- in addition to traditional neural layers -- symbolic layers: symbolic expressions (e.g., SAT formu
Externí odkaz:
http://arxiv.org/abs/2402.03663
Autor:
Jin, Jiankai, Chuengsatiansup, Chitchanok, Murray, Toby, Rubinstein, Benjamin I. P., Yarom, Yuval, Ohrimenko, Olga
Current implementations of differentially-private (DP) systems either lack support to track the global privacy budget consumed on a dataset, or fail to faithfully maintain the state continuity of this budget. We show that failure to maintain a privac
Externí odkaz:
http://arxiv.org/abs/2401.17628
Autor:
Buckley, Scott, Sison, Robert, Wistoff, Nils, Millar, Curtis, Murray, Toby, Klein, Gerwin, Heiser, Gernot
Microarchitectural timing channels are a major threat to computer security. A set of OS mechanisms called time protection was recently proposed as a principled way of preventing information leakage through such channels and prototyped in the seL4 mic
Externí odkaz:
http://arxiv.org/abs/2310.17046
We consider the problem of specifying and proving the security of non-trivial, concurrent programs that intentionally leak information. We present a method that decomposes the problem into (a) proving that the program only leaks information it has de
Externí odkaz:
http://arxiv.org/abs/2309.03442
APIs often transmit far more data to client applications than they need, and in the context of web applications, often do so over public channels. This issue, termed Excessive Data Exposure (EDE), was OWASP's third most significant API vulnerability
Externí odkaz:
http://arxiv.org/abs/2301.09258
We present a Hoare logic that extends program specifications with regular expressions that capture behaviors in terms of sequences of events that arise during the execution. The idea is similar to session types or process-like behavioral contracts, t
Externí odkaz:
http://arxiv.org/abs/2205.06584
The statefulness property of network protocol implementations poses a unique challenge for testing and verification techniques, including Fuzzing. Stateful fuzzers tackle this challenge by leveraging state models to partition the state space and assi
Externí odkaz:
http://arxiv.org/abs/2112.15498
Autor:
Yan, Pengbo, Murray, Toby
We present Security Relaxed Separation Logic (SecRSL), a separation logic for proving information-flow security of C11 programs in the Release-Acquire fragment with relaxed accesses. SecRSL is the first security logic that (1) supports weak-memory re
Externí odkaz:
http://arxiv.org/abs/2109.03602