Abstract

Whether verified dynamically (at runtime) or statically (by prior analysis), typing is an essential aspect of high-level programming languages. The lecture explored the contributions of typing to software security, from the basic guarantees (value and memory safety) essential for software isolation to finer-grained integrity guarantees based on type abstraction and the static typing of resources and their ownership(ownership and borrowing, as in the Rust language). We then show how static typing can be applied to mobile code, by verifying intermediate code (such as Java's JVM bytecode ) or machine code, right up to the very general notion ofproof-carrying code.

Typing and safety

Abstract

Documents and media

Speaker(s)

Xavier Leroy

Events

Software security : introduction and case studies

Information flow

Influence of specification quality on software security

Software isolation

Differential Privacy: From the Central Model to the Local Model and their Generalization

Tempus fugit : time observation attacks

Verified Implementations for Real-World Cryptographic Protocols

Typing and safety

Fault injection attacks and software protection

Compilation and safety

Software obfuscation : scrambling code to protect programs

Calculate with figures or private data

Transient Execution Attacks and Defenses

See also