发布求助
文献互助 智能选刊 最新文献

2015 IEEE 28th Computer Security Foundations Symposium最新文献

筛选
英文 中文
Information Flow Control for Event Handling and the DOM in Web Browsers Web浏览器中事件处理的信息流控制和DOM
2015 IEEE 28th Computer Security Foundations Symposium Pub Date : 2015-07-13 DOI: 10.1109/CSF.2015.32
Vineet Rajani, Abhishek Bichhawat, D. Garg, Christian Hammer
{"title":"Information Flow Control for Event Handling and the DOM in Web Browsers","authors":"Vineet Rajani, Abhishek Bichhawat, D. Garg, Christian Hammer","doi":"10.1109/CSF.2015.32","DOIUrl":"https://doi.org/10.1109/CSF.2015.32","url":null,"abstract":"Web browsers routinely handle private information. Owing to a lax security model, browsers and JavaScript in particular, are easy targets for leaking sensitive data. Prior work has extensively studied information flow control (IFC) as a mechanism for securing browsers. However, two central aspects of web browsers - the Document Object Model (DOM) and the event handling mechanism - have so far evaded thorough scrutiny in the context of IFC. This paper advances the state-of-the-art in this regard. Based on standard specifications and the code of an actual browser engine, we build formal models of both the DOM (up to Level 3) and the event handling loop of a typical browser, enhance the models with fine-grained taints and checks for IFC, prove our enhancements sound and test our ideas through an instrumentation of WebKit, an in-production browser engine. In doing so, we observe several channels for information leak that arise due to subtleties of the event loop and its interaction with the DOM.","PeriodicalId":210917,"journal":{"name":"2015 IEEE 28th Computer Security Foundations Symposium","volume":"18 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-07-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121500296","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 23
A Parametric Family of Attack Models for Proxy Re-encryption 代理重加密攻击模型的参数族
2015 IEEE 28th Computer Security Foundations Symposium Pub Date : 2015-07-13 DOI: 10.1109/CSF.2015.27
David Nuñez, Isaac Agudo, Javier López
{"title":"A Parametric Family of Attack Models for Proxy Re-encryption","authors":"David Nuñez, Isaac Agudo, Javier López","doi":"10.1109/CSF.2015.27","DOIUrl":"https://doi.org/10.1109/CSF.2015.27","url":null,"abstract":"Proxy Re-Encryption (PRE) is a type of Public-Key Encryption (PKE) that provides an additional re-encryption functionality. Although PRE is inherently more complex than PKE, attack models for PRE have not been developed further than those inherited from PKE. In this paper we address this gap and define a parametric family of attack models for PRE, based on the availability of both the decryption and re-encryption oracles during the security game. This family enables the definition of a set of intermediate security notions for PRE that ranges from \"plain\" IND-CPA to \"full\" IND-CCA. We analyze some relations among these notions of security, and in particular, the separations that arise when the re-encryption oracle leaks re-encryption keys. In addition, we discuss which of these security notions represent meaningful adversarial models for PRE. Finally, we provide an example of a recent \"CCA1-secure\" scheme from PKC 2014 whose security model does not capture chosen-cipher text attacks through re-encryption and for which we describe an attack under a more realistic security notion. This attack emphasizes the fact that PRE schemes that leak re-encryption keys cannot achieve strong security notions.","PeriodicalId":210917,"journal":{"name":"2015 IEEE 28th Computer Security Foundations Symposium","volume":"9 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-07-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129151216","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 14
Symbolic Malleable Zero-Knowledge Proofs 符号可塑零知识证明
2015 IEEE 28th Computer Security Foundations Symposium Pub Date : 2015-07-13 DOI: 10.1109/CSF.2015.35
M. Backes, Fabian Bendun, Matteo Maffei, Esfandiar Mohammadi, Kim Pecina
{"title":"Symbolic Malleable Zero-Knowledge Proofs","authors":"M. Backes, Fabian Bendun, Matteo Maffei, Esfandiar Mohammadi, Kim Pecina","doi":"10.1109/CSF.2015.35","DOIUrl":"https://doi.org/10.1109/CSF.2015.35","url":null,"abstract":"Zero-knowledge (ZK) proofs have become a central building block for a variety of modern security protocols. Modern ZK constructions, such as the Groth-Sahai proof system, offer novel types of cryptographic flexibility: a participant is able to re-randomize existing ZK proofs to achieve, for instance, message unlink ability in anonymity protocols, she can hide public parts of a ZK proof statement to meet her specific privacy requirements, and she can logically compose ZK proofs in order to construct new proof statements. ZK proof systems that permit these transformations are called malleable. However, since these transformations are accessible also to the adversary, analyzing the security of these protocols requires one to cope with a much more comprehensive attacker model -- a challenge that automated protocol analysis thus far has not been capable of dealing with. In this work, we introduce the first symbolic abstraction of malleable ZK proofs. We further prove the computational soundness of our abstraction with respect to observational equivalence, which enables the computationally sound verification of privacy properties. Finally, we show that our symbolic abstraction is suitable for ProVerif, a state-of-the-art cryptographic protocol verifier, by verifying an improved version of the anonymous webs of trust protocol.","PeriodicalId":210917,"journal":{"name":"2015 IEEE 28th Computer Security Foundations Symposium","volume":"10 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-07-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132422459","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
Set-Pi: Set Membership p-Calculus Set- pi:集合隶属度p-微积分
2015 IEEE 28th Computer Security Foundations Symposium Pub Date : 2015-07-13 DOI: 10.1109/CSF.2015.20
Alessandro Bruni, S. Mödersheim, Flemming Nielson, H. R. Nielson
{"title":"Set-Pi: Set Membership p-Calculus","authors":"Alessandro Bruni, S. Mödersheim, Flemming Nielson, H. R. Nielson","doi":"10.1109/CSF.2015.20","DOIUrl":"https://doi.org/10.1109/CSF.2015.20","url":null,"abstract":"Communication protocols often rely on stateful mechanisms to ensure certain security properties. For example, counters and timestamps can be used to ensure authentication, or the security of communication can depend on whether a particular key is registered to a server or it has been revoked. ProVerif, like other state of the art tools for protocol analysis, achieves good performance by converting a formal protocol specification into a set of Horn clauses, that represent a monotonically growing set of facts that a Dolev-Yao attacker can derive from the system. Since this set of facts is not state-dependent, the category of protocols of our interest cannot be precisely analysed by such tools, as they would report false attacks due to the over-approximation. In this paper we present Set-π, an extension of the Applied π-calculus that includes primitives for handling databases of objects, and propose a translation from Set-π into Horn clauses that employs the set-membership abstraction to capture the non-monotonicity of the state. Furthermore, we give a characterisation of authentication properties in terms of the set properties in the language, and prove the correctness of our approach. Finally we showcase our method with three examples, a simple authentication protocol based on counters, a key registration protocol, and a model of the Yubikey security device.","PeriodicalId":210917,"journal":{"name":"2015 IEEE 28th Computer Security Foundations Symposium","volume":"268 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-07-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123483385","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 18
A Logic of Programs with Interface-Confined Code 具有接口限制代码的程序逻辑
2015 IEEE 28th Computer Security Foundations Symposium Pub Date : 2015-07-13 DOI: 10.1109/CSF.2015.38
Limin Jia, S. Sen, D. Garg, Anupam Datta
{"title":"A Logic of Programs with Interface-Confined Code","authors":"Limin Jia, S. Sen, D. Garg, Anupam Datta","doi":"10.1109/CSF.2015.38","DOIUrl":"https://doi.org/10.1109/CSF.2015.38","url":null,"abstract":"Interface-confinement is a common mechanism that secures untrusted code by executing it inside a sandbox. The sandbox limits (confines) the code's interaction with key system resources to a restricted set of interfaces. This practice is seen in web browsers, hypervisors, and other security-critical systems. Motivated by these systems, we present a program logic, called System M, for modeling and proving safety properties of systems that execute adversary-supplied code via interface-confinement. In addition to using computation types to specify effects of computations, System M includes a novel invariant type to specify the properties of interface-confined code. The interpretation of invariant type includes terms whose effects satisfy an invariant. We construct a step-indexed model built over traces and prove the soundness of System M relative to the model. System M is the first program logic that allows proofs of safety for programs that execute adversary-supplied code without forcing the adversarial code to be available for deep static analysis. System M can be used to model and verify protocols as well as system designs. We demonstrate the reasoning principles of System M by verifying the state integrity property of the design of Memoir, a previously proposed trusted computing system.","PeriodicalId":210917,"journal":{"name":"2015 IEEE 28th Computer Security Foundations Symposium","volume":"96 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-07-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114075697","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 16
Analyzing First-Order Role Based Access Control 基于一阶角色的访问控制分析
2015 IEEE 28th Computer Security Foundations Symposium Pub Date : 2015-07-13 DOI: 10.1109/CSF.2015.8
C. C. Jiménez, Thilo Weghorn, D. Basin, M. Clavel
{"title":"Analyzing First-Order Role Based Access Control","authors":"C. C. Jiménez, Thilo Weghorn, D. Basin, M. Clavel","doi":"10.1109/CSF.2015.8","DOIUrl":"https://doi.org/10.1109/CSF.2015.8","url":null,"abstract":"We propose FORBAC, an extension of Role-Based Access Control (RBAC) based on first-order logic. FORBAC is expressive enough to formalize a wide range of access control policies. However, it is simple enough so that relevant policy analysis queries can be analyzed in NP, which we argue is a natural complexity class for this problem. To analyze queries efficiently, we reduce them to the problem of satisfiability modulo appropriate theories, and use off-the-shelf SMT solvers. We evaluate FORBAC's expressiveness and our approach to policy analysis in a case study, analyzing access control in a European bank.","PeriodicalId":210917,"journal":{"name":"2015 IEEE 28th Computer Security Foundations Symposium","volume":"22 7 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-07-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130095981","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 9
Understanding and Enforcing Opacity 理解和执行不透明度
2015 IEEE 28th Computer Security Foundations Symposium Pub Date : 2015-07-13 DOI: 10.1109/CSF.2015.41
Daniel Schoepe, A. Sabelfeld
{"title":"Understanding and Enforcing Opacity","authors":"Daniel Schoepe, A. Sabelfeld","doi":"10.1109/CSF.2015.41","DOIUrl":"https://doi.org/10.1109/CSF.2015.41","url":null,"abstract":"This paper puts a spotlight on the specification and enforcement of opacity, a security policy for protecting sensitive properties of system behavior. We illustrate the fine granularity of the opacity policy by location privacy and privacy-preserving aggregation scenarios. We present a general framework for opacity and explore its key differences and formal connections with such well-known information-flow models as non-interference, knowledge-based security, and declassification. Our results are machine-checked and parameterized in the observational power of the attacker, including progress-insensitive, progress-sensitive, and timing-sensitive attackers. We present two approaches to enforcing opacity: a whitebox monitor and a blackbox sampling-based enforcement. We report on experiments with prototypes that utilize state-of-the-art Satisfiability Modulo Theories (SMT) solvers and the random testing tool QuickCheck to establish opacity for the location and aggregation-based scenarios.","PeriodicalId":210917,"journal":{"name":"2015 IEEE 28th Computer Security Foundations Symposium","volume":"2 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-07-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127139790","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 13
Reasoning about Policy Behavior in Logic-Based Trust Management Systems: Some Complexity Results and an Operational Framework 基于逻辑的信任管理系统中策略行为的推理:一些复杂性结果和一个操作框架
2015 IEEE 28th Computer Security Foundations Symposium Pub Date : 2015-07-13 DOI: 10.1109/CSF.2015.23
E. Pasarella, Jorge Lobo
{"title":"Reasoning about Policy Behavior in Logic-Based Trust Management Systems: Some Complexity Results and an Operational Framework","authors":"E. Pasarella, Jorge Lobo","doi":"10.1109/CSF.2015.23","DOIUrl":"https://doi.org/10.1109/CSF.2015.23","url":null,"abstract":"In this paper we show that the logical framework proposed by Becker et al. [1] to reason about security policy behavior in a trust management context can be captured by an operational framework that is based on the language proposed by Miller in 1989 to deal with scoping and/or modules in logic programming. The framework of Becker et al. uses propositional Horn clauses to represent both policies and credentials, implications in clauses are interpreted in counterfactual logic, a Hilbert-style proof system is defined and a system based on SAT is used to prove whether properties about credentials, permissions and policies are valid, i.e. true under all possible policies. Our contributions in this paper are three. First, we show that this kind of validation can rely on an operational semantics (derivability relation) of a language very similar to Miller's language, which is very close to derivability in logic programs. Second, we are able to establish that, as in propositional logic, validity of formulas is a co-NP-complete problem. And third, we present a provably correct implementation of a goal-oriented algorithm for validity.","PeriodicalId":210917,"journal":{"name":"2015 IEEE 28th Computer Security Foundations Symposium","volume":"74 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-07-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134628838","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
An Analysis of Universal Information Flow Based on Self-Composition 基于自合成的通用信息流分析
2015 IEEE 28th Computer Security Foundations Symposium Pub Date : 2015-07-13 DOI: 10.1109/CSF.2015.33
C. Müller, Máté Kovács, H. Seidl
{"title":"An Analysis of Universal Information Flow Based on Self-Composition","authors":"C. Müller, Máté Kovács, H. Seidl","doi":"10.1109/CSF.2015.33","DOIUrl":"https://doi.org/10.1109/CSF.2015.33","url":null,"abstract":"We introduce a novel way of proving information flow properties of a program based on its self-composition. Similarly to the universal information flow type system of Hunt and Sands, our analysis explicitly computes the dependencies of variables in the final state on variables in the initial state. Accordingly, the analysis result is independent of specific information flow lattices, and allows to derive information flow w.r.t. any of these. While our analysis runs in polynomial time, we prove that it never loses precision against the type system of Hunt and Sands, and may gain extra precision by taking similarities between different branches of conditionals into account. Also, we indicate how it can be smoothly generalized to an interprocedural analysis.","PeriodicalId":210917,"journal":{"name":"2015 IEEE 28th Computer Security Foundations Symposium","volume":"209 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-07-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114321879","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 10
Hybrid Monitors for Concurrent Noninterference 并行无干扰的混合监视器
2015 IEEE 28th Computer Security Foundations Symposium Pub Date : 2015-07-13 DOI: 10.1109/CSF.2015.17
Aslan Askarov, Stephen Chong, H. Mantel
{"title":"Hybrid Monitors for Concurrent Noninterference","authors":"Aslan Askarov, Stephen Chong, H. Mantel","doi":"10.1109/CSF.2015.17","DOIUrl":"https://doi.org/10.1109/CSF.2015.17","url":null,"abstract":"Controlling confidential information in concurrent systems is difficult, due to covert channels resulting from interaction between threads. This problem is exacerbated if threads share resources at fine granularity. In this work, we propose a novel monitoring framework to enforce strong information security in concurrent programs. Our monitors are hybrid, combining dynamic and static program analysis to enforce security in a sound and rather precise fashion. In our framework, each thread is guarded by its own local monitor, and there is a single global monitor. We instantiate our monitoring framework to support rely-guarantee style reasoning about the use of shared resources, at the granularity of individual memory locations, and then specialize local monitors further to enforce flow-sensitive progress-sensitive information-flow control. Our local monitors exploit rely-guarantee-style reasoning about shared memory to achieve high precision. Soundness of rely-guarantee-style reasoning is guaranteed by all monitors cooperatively. The global monitor is invoked only when threads synchronize, and so does not needlessly restrict concurrency. We prove that our hybrid monitoring approach enforces a knowledge-based progress-sensitive non-interference security condition.","PeriodicalId":210917,"journal":{"name":"2015 IEEE 28th Computer Security Foundations Symposium","volume":"75 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-07-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115775826","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 29
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信