Méthodes logicielles formelles pour la sécurité des implémentations cryptographiques

Implementations of cryptosystems are vulnerable to physical attacks, and thus need to be protected against them.Of course, malfunctioning protections are useless.Formal methods help to develop systems while assessing their conformity to a rigorous specification.The first goal of my thesis, and its innovative aspect, is to show that formal methods can be used to prove not only the principle of the countermeasures according to a model,but also their implementations, as it is where the physical vulnerabilities are exploited.My second goal is the proof and the automation of the protection techniques themselves, because handwritten security code is error-prone.Les implémentations cryptographiques sont vulnérables aux attaques physiques, et ont donc besoin d'en être protégées.Bien sûr, des protections défectueuses sont inutiles.L'utilisation des méthodes formelles permet de développer des systèmes tout en garantissant leur conformité à des spécifications données.Le premier objectif de ma thèse, et son aspect novateur, est de montrer que les méthodes formelles peuvent être utilisées pour prouver non seulement les principes des contre-mesures dans le cadre d'un modèle, mais aussi leurs implémentations, étant donné que c'est là que les vulnérabilités physiques sont exploitées.Mon second objectif est la preuve et l'automatisation des techniques de protection elles-même, car l'écriture manuelle de code est sujette à de nombreuses erreurs, particulièrement lorsqu'il s'agit de code de sécurité

Mistakes Are Proof That You Are Trying: On Verifying Software Encoding Schemes\u27 Resistance to Fault Injection Attacks

Software encoding countermeasures are becoming increasingly popular among researchers proposing code-level prevention against data-dependent leakage allowing an attacker to mount a side-channel attack. Recent trends show that it is possible to design a solution that does not require excessive overhead and yet provides a reasonable security level. However, if the device leakage is hard to be observed, attacker can simply switch to a different class of physical attacks, such as fault injection attack. Instead of stacking several layers of countermeasures, it is always more convenient to choose one that provides decent protection against several attack methods. Therefore, in our paper we use our custom designed code analyzer to formally inspect a recently proposed software encoding countermeasure based on device-specific encoding function, and compare it with other solutions, either based on balanced look-up tables or balanced encoding. We also provide an experimental validation, using the laser fault injection setup. Our results show that the device-specific encoding scheme provides a good protection against fault injection attacks, being capable of preventing majority of faults using different fault models

Trade’s Hidden Costs: Worker Rights in a Changing World Economy

[Excerpt] For decades, the U.S. foreign assistance program has sought with limited results to further economic development and growth in Third World countries. We have witnessed some countries making real progress toward development through industrialization, only to find more of their people trapped in hunger and poverty. Hopefully, it is apparent that for development to be effective, it must benefit the broadest sectors of the population within any society. Why are worker rights crucial to the development process? The capacity to form unions and to bargain collectively to achieve higher wages and safer working conditions is essential to the overall struggle of working people everywhere to achieve minimally decent living standards and to overcome hunger and poverty. The denial of worker rights, especially in Third World countries, tends to perpetuate poverty, to limit the benefits of economic development and growth to narrow, privileged elites and to sow the seeds of social instability and political rebellion

Political transitions in EU-Russia shared neighbourhood: geopolitics and values as opportunities or challenges for the Quality of Democracy

1Dottorato di Ricerca in Politics: History, Theory, Science (XXXII ciclo), Luiss Guido Carli, Roma, 2020. Relatori: Prof. Leonardo Morlino (Luiss) e Prof. Jean Michel De Waele (Université libre de Bruxelles). European Joint Doctorate in "Globalisation, Europe & Multilateralism - Sophistication of the Transnational Order, Networks, and European Strategies - GEM STONES. PhD Program in partnership: Luiss Guido Carli and l'Université libre de Bruxelles (ULB).openTheory and methodology. Rule of law. Interconstitutional accountability. Electoral accountability.openDottorato di ricerca in Politics: History, Theory, ScienceMatrakova, MartaMatrakova, Mart

Balanced Encoding to Mitigate Power Analysis: A Case Study

Most side channel countermeasures for software implementations of cryptography either rely on masking or randomize the execution order of the cryptographic implementation. This work proposes a countermeasure that has constant leakage in common linear leakage models. Constant leakage is achieved not only for internal state values, but also for their transitions. The proposed countermeasure provides perfect protection in the theoretical leakage model. To study the practical relevance of the proposed countermeasure, it is applied to a software implementation of the block cipher Prince. This case study allows us to give realistic values for resulting implementation overheads as well as for the resulting side channel protection levels that can be achieved in realistic implementation scenarios

Tools and Algorithms for the Construction and Analysis of Systems

This open access two-volume set constitutes the proceedings of the 26th International Conference on Tools and Algorithms for the Construction and Analysis of Systems, TACAS 2020, which took place in Dublin, Ireland, in April 2020, and was held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2020. The total of 60 regular papers presented in these volumes was carefully reviewed and selected from 155 submissions. The papers are organized in topical sections as follows: Part I: Program verification; SAT and SMT; Timed and Dynamical Systems; Verifying Concurrent Systems; Probabilistic Systems; Model Checking and Reachability; and Timed and Probabilistic Systems. Part II: Bisimulation; Verification and Efficiency; Logic and Proof; Tools and Case Studies; Games and Automata; and SV-COMP 2020

Skeptical Internationalism: A Study of Whether International Law Is Law

Should international law be understood as a form of law at all? The premise here is that if we are to get some purchase on that question, we should consult the experience of international law in operation. The analysis proceeds in two steps. First, the Article takes up the litigation connected to the Israeli/West Bank barrier, asking whether that case was or could have been addressed in such a way as to keep faith with minimal principles of legality. It wasn’t, the Article finds, but it could have been. Second, the Article specifies four values that are constitutive elements of the experience of law as law: that law have the capacity to give rise to events in the world (law’s efficacy); that it obligate as a matter of legitimate authority (law’s normativity); that it obligate as a matter of moral rationality (normativity again); and that it maintain a character distinct from the political or partisan (law’s objectivity). International law as seen in the Barrier case is then put to the test with respect to each of the four—and again the outcome is that nothing intrinsic to international law deprived it of the character of law, but that the courts and other institutions of the international system fell short of the law’s promise. These conclusions suggest a position this Article terms “skeptical internationalism”—a position that affirms international law’s project and doctrinal content, but is rebuttably skeptical of the courts and other institutions charged with interpreting that content and carrying that project out. The jurisprudential implications of such a view are explored

The Putin Paradox

The Putin phenomenon is a response to the challenges facing Russia, but it is also the outcome of the complex reaction between the man and the system. Putin reflects the contradictions and paradoxes of contemporary Russia, but he is also a unique leader who is both more and less than the country that he rules. He is more, because of the extraordinary powers vested in the presidency by the December 1993 constitution. The president is designated as the ‘guarantor of the constitution’ (Art. 80.2), suggesting that they stand outside of the constitution in order to protect it, a paradox of power that cuts through the whole system. This helps explain the emergence from the very early days of a self-designated power system focused on the presidency but not limited to it, which effectively claimed supervisory or tutelary rights over the management of public affairs. The administrative regime derives its power and legitimacy from the constitution, but it is not effectively constrained by it. A ‘dual state’ emerged in which administrative and democratic rationality are entwined. This is why it is misleading to call Russia an ‘autocracy’. The authoritarian features are rooted in a non-democratic technocratic appeal to the pursuit of the public good. The priority under Boris Yeltsin in the 1990s was economic and political reform, and then under Putin from 2000 as economic development, state sovereignty, national unity and international status. Putin’s ability to articulate an agenda of progress, although in contrast to the Soviet years no longer embedded in a coherent vision of the future, helps explain his extraordinary and enduring popularity, which with some ups and downs has been maintained at levels far exceeding those normally found in liberal democracies

Proceedings of the First NASA Formal Methods Symposium

Topics covered include: Model Checking - My 27-Year Quest to Overcome the State Explosion Problem; Applying Formal Methods to NASA Projects: Transition from Research to Practice; TLA+: Whence, Wherefore, and Whither; Formal Methods Applications in Air Transportation; Theorem Proving in Intel Hardware Design; Building a Formal Model of a Human-Interactive System: Insights into the Integration of Formal Methods and Human Factors Engineering; Model Checking for Autonomic Systems Specified with ASSL; A Game-Theoretic Approach to Branching Time Abstract-Check-Refine Process; Software Model Checking Without Source Code; Generalized Abstract Symbolic Summaries; A Comparative Study of Randomized Constraint Solvers for Random-Symbolic Testing; Component-Oriented Behavior Extraction for Autonomic System Design; Automated Verification of Design Patterns with LePUS3; A Module Language for Typing by Contracts; From Goal-Oriented Requirements to Event-B Specifications; Introduction of Virtualization Technology to Multi-Process Model Checking; Comparing Techniques for Certified Static Analysis; Towards a Framework for Generating Tests to Satisfy Complex Code Coverage in Java Pathfinder; jFuzz: A Concolic Whitebox Fuzzer for Java; Machine-Checkable Timed CSP; Stochastic Formal Correctness of Numerical Algorithms; Deductive Verification of Cryptographic Software; Coloured Petri Net Refinement Specification and Correctness Proof with Coq; Modeling Guidelines for Code Generation in the Railway Signaling Context; Tactical Synthesis Of Efficient Global Search Algorithms; Towards Co-Engineering Communicating Autonomous Cyber-Physical Systems; and Formal Methods for Automated Diagnosis of Autosub 6000