POPL 2026
Sun 11 - Sat 17 January 2026 Rennes, France
POPL 2026 (series) / PriSC 2026 (series) / PriSC 2026 /

Tooling Design and Lessons Learned from Systematic Evaluations of the Preservation of Low-level Security Properties by Compilers with BinSec

Yanis Sellami, Frédéric Recoules, Sébastien Bardin
PriSC 2026
Sun 11 Jan 2026 14:18 - 14:36 at Salle 19 - Timing Side Channels Chair(s): Cătălin Hriţcu

Modern critical software such as cryptographic libraries must be protected against a large range low-level attacks. While a lot of programming strategies and security measures can be applied at source level, on which developers will focus most of the time, low-level security property must eventually be verified on the code that is actually executed, which will at best correspond to the compiled binary code.

While a large set of tools and systems exists to help perform the verification of low-level security property, leveraging them for systematic evaluations tends to remain a tedious process, in particular as their configuration might depend on information that is not preserved by compilation, and will likely require some form of extensive manual work. These limitations complexify the work required to create large-scale automated verification processes.

This talk will discuss the experience we’ve had with the binary-level symbolic execution engine BinSec in the design and implementation of such processes, what we’ve learned in the exercise and what we think could be done to help simplify their construction.

small-avatar
Yanis Sellami
CEA, List, Univ. Grenoble Alpes
small-avatar
Frédéric Recoules
CEA, List
Sébastien Bardin
Sébastien Bardin
CEA LIST, University Paris-Saclay
France

Sun 11 Jan

Displayed time zone: Brussels, Copenhagen, Madrid, Paris change

14:00 - 15:30
Timing Side ChannelsPriSC at Salle 19
Chair(s): Cătălin Hriţcu MPI-SP
14:00
18m
Talk
Efficient Dependency Resolution in IFC-aware Decentralized Programming
PriSC
Steffan Sølvsten Aarhus University, Aslan Askarov Aarhus University
File Attached
14:18
18m
Talk
Tooling Design and Lessons Learned from Systematic Evaluations of the Preservation of Low-level Security Properties by Compilers with BinSec
PriSC
Yanis Sellami CEA, List, Univ. Grenoble Alpes, Frédéric Recoules CEA, List, Sébastien Bardin CEA LIST, University Paris-Saclay
14:36
18m
Talk
Decompiling for Constant-Time Analysis
PriSC
Sören van der Wall TU Braunschweig, Santiago Arranz Olmos Max Planck Institute for Security and Privacy, Gilles Barthe MPI-SP; IMDEA Software Institute, Lionel Blatter Max Planck Institute for Security and Privacy, Youcef Bouzid , Zhiyuan Zhang
14:54
18m
Talk
Modular Verification of Probabilistic Constant-Time
PriSC
Xingyu Xie MPI-SP
File Attached
15:12
18m
Talk
GnuZero: A Compiler-Based Zeroization Static Detection Tool for the Masses
PriSC
Pierrick Philippe Univ Rennes, CNRS, IRISA, Mohamed Sabt Univ Rennes, CNRS, IRISA, Pierre-Alain Fouque Univ Rennes, CNRS, IRISA
File Attached