2019 IEEE 32nd Computer Security Foundations Symposium (CSF)最新文献_第2页

How to Wrap it up - A Formally Verified Proposal for the use of Authenticated Wrapping in PKCS#11 如何包装它- pkcs# 11中使用身份验证包装的正式验证提案

2019 IEEE 32nd Computer Security Foundations Symposium (CSF) Pub Date : 2019-06-01 DOI: 10.1109/CSF.2019.00012

Alexander Dax, R. Künnemann, Sven Tangermann, M. Backes

{"title":"How to Wrap it up - A Formally Verified Proposal for the use of Authenticated Wrapping in PKCS#11","authors":"Alexander Dax, R. Künnemann, Sven Tangermann, M. Backes","doi":"10.1109/CSF.2019.00012","DOIUrl":"https://doi.org/10.1109/CSF.2019.00012","url":null,"abstract":"Being the most widely used and comprehensive standard for hardware security modules, cryptographic tokens and smart cards, PKCS#11 has been the subject of academic study for years. PKCS#11 provides a key store that is separate from the application, so that, ideally, an application never sees a key in the clear. Again and again, researchers have pointed out the need for an import/export mechanism that ensures the integrity of the permissions associated to a key. With version 2.40, for the first time, the standard included authenticated deterministic encryption schemes. The interface to this operation is insecure, however, so that an application can get the key in the clear, subverting the purpose of using a hardware security module. This work proposes a formal model for the secure use of authenticated deterministic encryption in PKCS#11, including concrete API changes to allow for secure policies to be implemented. Owing to the authenticated encryption mechanism, the policy we propose provides more functionality than any policy proposed so far and can be implemented without access to a random number generator. Our results cover modes of operation that rely on unique initialisation vectors (IVs), like GCM or CCM, but also modes that generate synthetic IVs. We furthermore provide a proof for the deduction soundness of our modelling of deterministic encryption in Böhl et.al.'s composable deduction soundness framework.","PeriodicalId":249093,"journal":{"name":"2019 IEEE 32nd Computer Security Foundations Symposium (CSF)","volume":"25 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126319825","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 6

Optimising Faceted Secure Multi-Execution 优化面安全多执行

2019 IEEE 32nd Computer Security Foundations Symposium (CSF) Pub Date : 2019-06-01 DOI: 10.1109/CSF.2019.00008

Maximilian Algehed, Alejandro Russo, C. Flanagan

{"title":"Optimising Faceted Secure Multi-Execution","authors":"Maximilian Algehed, Alejandro Russo, C. Flanagan","doi":"10.1109/CSF.2019.00008","DOIUrl":"https://doi.org/10.1109/CSF.2019.00008","url":null,"abstract":"Language-Based Information Flow Control (IFC) provides strong security guarantees for untrusted code, but often suffers from a non-negligible rate of false alarms. Multi-execution based techniques promise to provide security guarantees without raising any false alarms. However, all known multi-execution approaches introduce extraneous performance overheads which are rarely studied. In this work, we lay down the foundations for optimisation techniques aimed at reducing these overheads to a managable level, thus helping to make multi-execution more practical. We characterise our optimisations as data-and control-oriented. Data-oriented optimisations reduce storage overheads— which also helps to remove unnecessary repeated computations. In contrast, computation-oriented optimisations rely on program annotations in order to reduce needless computation. These annotations motivate the need for a new, stronger, theoretical notion of transparency— i.e., a stronger notion for characterising the lack of false alarms. To show the efficacy of our optimisation techniques, we apply them to two case-studies: a secure (faceted) database and a chat server written in a multi-execution based IFC framework. Our case-studies clearly show that our optimisations significantly reduce the storage and computational overhead, sometimes from exponential to polynomial order. All of our formal results are accompanied by mechanised proofs in Agda.","PeriodicalId":249093,"journal":{"name":"2019 IEEE 32nd Computer Security Foundations Symposium (CSF)","volume":"41 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128651907","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 7

Analysis of Deterministic Longest-Chain Protocols 确定性最长链协议分析

2019 IEEE 32nd Computer Security Foundations Symposium (CSF) Pub Date : 2019-06-01 DOI: 10.1109/CSF.2019.00016

E. Shi

{"title":"Analysis of Deterministic Longest-Chain Protocols","authors":"E. Shi","doi":"10.1109/CSF.2019.00016","DOIUrl":"https://doi.org/10.1109/CSF.2019.00016","url":null,"abstract":"Most classical consensus protocols rely on a leader to coordinate nodes' voting efforts. One novel idea that stems from blockchain-style consensus is to rely, instead, on a \"longestchain\" idea for such coordination. Such a longest-chain idea was initially considered in randomized protocols, where in each round, a node has some probability of being elected a leader who can propose the next block. Recently, well-known systems have started implementing the deterministic counterpart of such longest-chain protocols — the deterministic counterpart is especially attractive since it is even simpler to implement than their randomized cousins. A notable instantiation is the Aura protocol which is widely shipped with Parity's open-source Ethereum implementation. Interestingly, mathematical analyses of deterministic, longest-chain protocols are lacking even though there exist several analyses of randomized versions. In this paper, we provide the first formal analysis of deterministic, longest-chain-style consensus. We show that a variant of the Aura protocol can defend against a Byzantine adversary that controls fewer than 1 fraction of the nodes, and this resilience parameter is tight. 3 Based on insights gained through our mathematical treatment, we point out that Aura's concrete instantiation actually fails to achieve the resilience level they claim and thus clarify existing misconceptions. Finally, while our tight proof for the longest-chain protocol is rather involved and non-trivial; we show that a variant of the \"longest-chain\" idea which we call \"largest-set\" enables a textbook construction that admits a simple proof (albeit with slower confirmation).","PeriodicalId":249093,"journal":{"name":"2019 IEEE 32nd Computer Security Foundations Symposium (CSF)","volume":"5 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130870496","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 12

Timing Leaks and Coarse-Grained Clocks 时间泄漏和粗粒度时钟

2019 IEEE 32nd Computer Security Foundations Symposium (CSF) Pub Date : 2019-06-01 DOI: 10.1109/CSF.2019.00010

P. Vasilikos, H. R. Nielson, F. Nielson, Boris Köpf

{"title":"Timing Leaks and Coarse-Grained Clocks","authors":"P. Vasilikos, H. R. Nielson, F. Nielson, Boris Köpf","doi":"10.1109/CSF.2019.00010","DOIUrl":"https://doi.org/10.1109/CSF.2019.00010","url":null,"abstract":"Timing-based side-channel attacks have matured from an academic exercise to a powerful attack vector in the hand of real-world adversaries. A widely deployed countermeausure against such attacks is to reduce the accuracy of the clocks that are available to adversaries. While a number of high-profile attacks show that this mitigation can be side-stepped, there has not been a principled analysis of the degree of security it provides until now. In this paper, we perform the first information-flow analysis with respect to adversaries with coarse-grained clocks. To this end, we define an adversary model that is parametric in the granularity of the clock and connect it with a system model based on timed automata. We present algorithms for translating such a system to an information-theoretic channel, which enables us to analyze the leakage using standard techniques from quantitative information-flow analysis. We use our techniques to derive insights about the effect of reducing clock resolution on security. In particular, (1) we show that a coarse-grained clock might leak more than a fine-grained one, (2) we give a sufficient condition for when increasing the grain of the clock we achieve better security, and (3) we show that the attack techniques used in the literature form a strict hierarchy in terms of the information an adversary can extract using them. Finally, we illustrate the expressiveness of our development on a case study of a system that uses RSA signatures.","PeriodicalId":249093,"journal":{"name":"2019 IEEE 32nd Computer Security Foundations Symposium (CSF)","volume":"588 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116176138","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 7

BeleniosVS: Secrecy and Verifiability Against a Corrupted Voting Device BeleniosVS:针对腐败投票设备的保密性和可验证性

2019 IEEE 32nd Computer Security Foundations Symposium (CSF) Pub Date : 2019-06-01 DOI: 10.1109/CSF.2019.00032

V. Cortier, Alicia Filipiak, Joseph Lallemand

{"title":"BeleniosVS: Secrecy and Verifiability Against a Corrupted Voting Device","authors":"V. Cortier, Alicia Filipiak, Joseph Lallemand","doi":"10.1109/CSF.2019.00032","DOIUrl":"https://doi.org/10.1109/CSF.2019.00032","url":null,"abstract":"Electronic voting systems aim at two conflicting properties, namely privacy and verifiability, while trying to minimise the trust assumptions on the various voting components. Most existing voting systems either assume trust in the voting device or in the voting server. We propose a novel remote voting scheme BeleniosVS that achieves both privacy and verifiability against a dishonest voting server as well as a dishonest voting device. In particular, a voter does not leak her vote to her voting device and she can check that her ballot on the bulletin board does correspond to her intended vote. More specifically, we assume two elections authorities: the voting server and a registrar that acts only during the setup. Then BeleniosVS guarantees both privacy and verifiability against a dishonest voting device, provided that not both election authorities are corrupted. Additionally, our scheme guarantees receipt-freeness against an external adversary. We provide a formal proof of privacy, receipt-freeness, and verifiability using the tool ProVerif, covering a hundred cases of threat scenarios. Proving verifiability required to develop a set of sufficient conditions, that can be handled by ProVerif. This contribution is of independent interest.","PeriodicalId":249093,"journal":{"name":"2019 IEEE 32nd Computer Security Foundations Symposium (CSF)","volume":"7 4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132928411","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 21

Securing Cross-App Interactions in IoT Platforms 确保物联网平台中的跨应用交互

2019 IEEE 32nd Computer Security Foundations Symposium (CSF) Pub Date : 2019-06-01 DOI: 10.1109/CSF.2019.00029

Musard Balliu, Massimo Merro, Michele Pasqua

{"title":"Securing Cross-App Interactions in IoT Platforms","authors":"Musard Balliu, Massimo Merro, Michele Pasqua","doi":"10.1109/CSF.2019.00029","DOIUrl":"https://doi.org/10.1109/CSF.2019.00029","url":null,"abstract":"IoT platforms enable users to connect various smart devices and online services via reactive apps running on the cloud. These apps, often developed by third-parties, perform simple computations on data triggered by external information sources and actuate the results of computation on external information sinks. Recent research shows that unintended or malicious interactions between the different (even benign) apps of a user can cause severe security and safety risks. These works leverage program analysis techniques to build tools for unveiling unexpected interference across apps for specific use cases. Despite these initial efforts, we are still lacking a semantic framework for understanding interactions between IoT apps. The question of what security policy cross-app interference embodies remains largely unexplored. This paper proposes a semantic framework capturing the essence of cross-app interactions in IoT platforms. The framework generalizes and connects syntactic enforcement mechanisms to bisimulation-based notions of security, thus providing a baseline for formulating soundness criteria of these enforcement mechanisms. Specifically, we present a calculus that models the behavioral semantics of a system of apps executing concurrently, and use it to define desirable semantic policies in the security and safety context of IoT apps. To demonstrate the usefulness of our framework, we define static mechanisms for enforcing cross-app security and safety, and prove them sound with respect to our semantic conditions. Finally, we leverage real-world apps to validate the practical benefits of our policy framework.","PeriodicalId":249093,"journal":{"name":"2019 IEEE 32nd Computer Security Foundations Symposium (CSF)","volume":"37 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128427471","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 17

Temporal Safety for Stack Allocated Memory on Capability Machines 能力机器上堆栈分配内存的时间安全性

2019 IEEE 32nd Computer Security Foundations Symposium (CSF) Pub Date : 2019-06-01 DOI: 10.1109/CSF.2019.00024

Stelios Tsampas, Dominique Devriese, F. Piessens

引用次数: 9

Title Page ii 第2页

2019 IEEE 32nd Computer Security Foundations Symposium (CSF) Pub Date : 2019-06-01 DOI: 10.1016/S0074-6142(10)97038-1

A. Osborne

引用次数: 0

Re-Thinking Untraceability in the CryptoNote-Style Blockchain 重新思考密码笔记式区块链中的不可追溯性

2019 IEEE 32nd Computer Security Foundations Symposium (CSF) Pub Date : 2019-06-01 DOI: 10.1109/CSF.2019.00014

Jiangshan Yu, M. Au, P. Veríssimo

{"title":"Re-Thinking Untraceability in the CryptoNote-Style Blockchain","authors":"Jiangshan Yu, M. Au, P. Veríssimo","doi":"10.1109/CSF.2019.00014","DOIUrl":"https://doi.org/10.1109/CSF.2019.00014","url":null,"abstract":"We develop new foundations on transaction untraceability for CryptoNote-style blockchain systems. In particular, we observe new attacks; develop theoretical foundations to model transaction untraceability; provide the least upper bound of transaction untraceability guarantee; provide ways to efficiently and automatically verify whether a given ledger achieves optimal transaction untraceability; and provide a general solution that achieves provably optimal transaction untraceability. Unlike previous cascade effect attacks (ESORICS' 17 and PETS' 18) on CryptoNote-style transaction untraceability, we consider not only a passive attacker but also an active adaptive attacker. Our observed attacks allow both types of attacker to trace blockchain transactions that cannot be traced by using the existing attacks. We develop a series of new games, which we call \"The Sun-Tzu Survival Problem\", to model CryptoNote-style blockchain transaction untraceability and our identified attacks. In addition, we obtain seven novel results, where three of them are negative and the rest are positive. In particular, thanks to our abstract game, we are able to build bipartite graphs to model transaction untraceability, and provide reductions to formally relate the hardness of calculating untraceability to the hardness of calculating the number of perfect matchings in all possible bipartite graphs. We prove that calculating transaction untraceability is a #P-complete problem, which is believed to be even more difficult to solve than NP problems. In addition, we provide the first result on the least upper bound of transaction untraceability. Moreover, through our theoretical results, we are able to provide ways to efficiently and automatically verify whether a given ledger achieves optimal transaction untraceability. Furthermore, we propose a simple strategy for CryptoNote-style blockchain systems to achieve optimal untraceability. We take Monero as a concrete example to demonstrate how to apply this strategy to optimise the untraceability guarantee provided by Monero.","PeriodicalId":249093,"journal":{"name":"2019 IEEE 32nd Computer Security Foundations Symposium (CSF)","volume":"9 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125556557","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 17

A Formal Approach to Secure Speculation 确保投机的正式方法

2019 IEEE 32nd Computer Security Foundations Symposium (CSF) Pub Date : 2019-06-01 DOI: 10.1109/CSF.2019.00027

Kevin Cheang, Cameron Rasmussen, S. Seshia, Pramod Subramanyan

引用次数: 51