发布求助
文献互助 智能选刊 最新文献

2017 IEEE 30th Computer Security Foundations Symposium (CSF)最新文献

筛选
英文 中文
Rethinking Large-Scale Consensus 重新思考大规模共识
2017 IEEE 30th Computer Security Foundations Symposium (CSF) Pub Date : 2017-08-01 DOI: 10.1109/CSF.2017.37
R. Pass, E. Shi
{"title":"Rethinking Large-Scale Consensus","authors":"R. Pass, E. Shi","doi":"10.1109/CSF.2017.37","DOIUrl":"https://doi.org/10.1109/CSF.2017.37","url":null,"abstract":"In this position paper, we initiate a systematic treatment of reaching consensus in a permissionless network. We prove several simple but hopefully insightful lower bounds that demonstrate exactly why reaching consensus in a permission-less setting is fundamentally more difficult than the classical, permissioned setting. We then present a simplified proof of Nakamoto's blockchain which we recommend for pedagogical purposes. Finally, we survey recent results including how to avoid well-known painpoints in permissionless consensus, and how to apply core ideas behind blockchains to solve consensus in the classical, permissioned setting and meanwhile achieve new properties that are not attained by classical approaches.","PeriodicalId":269696,"journal":{"name":"2017 IEEE 30th Computer Security Foundations Symposium (CSF)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130330862","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 64
UC-Secure Non-interactive Public-Key Encryption UC-Secure非交互式公钥加密
2017 IEEE 30th Computer Security Foundations Symposium (CSF) Pub Date : 2017-08-01 DOI: 10.1109/CSF.2017.14
J. Camenisch, Anja Lehmann, G. Neven, Kai Samelin
{"title":"UC-Secure Non-interactive Public-Key Encryption","authors":"J. Camenisch, Anja Lehmann, G. Neven, Kai Samelin","doi":"10.1109/CSF.2017.14","DOIUrl":"https://doi.org/10.1109/CSF.2017.14","url":null,"abstract":"The universal composability (UC) framework enables the modular design of cryptographic protocols by allowing arbitrary compositions of lower-level building blocks. Public-key encryption is unarguably a very important such building block. However, so far no UC-functionality exists that offers non-interactive encryption necessary for modular protocol construction. We provide an ideal functionality for non-committing encryption (i.e., public-key encryption secure against adaptive corruptions) with locally generated, and therefore non-interactive, ciphertexts. As a sanity check, we also provide a property-based security notion that we prove to be equivalent to the UC notion. We then show that the encryption scheme of Camenisch et al. (SCN '16) based on trapdoor permutations securely implements our notion in the random-oracle model without assuming secure erasures. This is the best one can hope to achieve as standard-model constructions do not exist due to the uninstantiability of round-optimal adaptively secure message transfer in the standard model (Nielsen, Crypto '02). We illustrate the modular reusability of our functionality by constructing the first non-interactive signcryption scheme secure against adaptive corruptions without secure erasures in the UC framework.","PeriodicalId":269696,"journal":{"name":"2017 IEEE 30th Computer Security Foundations Symposium (CSF)","volume":"66 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133049329","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
Differential Privacy in Quantum Computation 量子计算中的差分隐私
2017 IEEE 30th Computer Security Foundations Symposium (CSF) Pub Date : 2017-08-01 DOI: 10.1109/CSF.2017.23
Li Zhou, M. Ying
{"title":"Differential Privacy in Quantum Computation","authors":"Li Zhou, M. Ying","doi":"10.1109/CSF.2017.23","DOIUrl":"https://doi.org/10.1109/CSF.2017.23","url":null,"abstract":"More and more quantum algorithms have been designed for solving problems in machine learning, database search and data analytics. An important problem then arises: how privacy can be protected when these algorithms are used on private data? For classical computing, the notion of differential privacy provides a very useful conceptual framework in which a great number of mechanisms that protect privacy by introducing certain noises into algorithms have been successfully developed. This paper defines a notion of differential privacy for quantum information processing. We carefully examine how the mechanisms using three important types of quantum noise, the amplitude/phase damping and depolarizing, can protect differential privacy. A composition theorem is proved that enables us to combine multiple privacy-preserving operations in quantum information processing.","PeriodicalId":269696,"journal":{"name":"2017 IEEE 30th Computer Security Foundations Symposium (CSF)","volume":"26 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114978965","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 32
SAT-Equiv: An Efficient Tool for Equivalence Properties SAT-Equiv:等效性质的有效工具
2017 IEEE 30th Computer Security Foundations Symposium (CSF) Pub Date : 2017-07-21 DOI: 10.1109/CSF.2017.15
V. Cortier, Antoine Dallon, S. Delaune
{"title":"SAT-Equiv: An Efficient Tool for Equivalence Properties","authors":"V. Cortier, Antoine Dallon, S. Delaune","doi":"10.1109/CSF.2017.15","DOIUrl":"https://doi.org/10.1109/CSF.2017.15","url":null,"abstract":"Automatic tools based on symbolic models have been successful in analyzing security protocols. Such tools are particularly adapted for trace properties (e.g. secrecy or authentication), while they often fail to analyse equivalence properties.Equivalence properties can express a variety of security properties, including in particular privacy properties (vote privacy, anonymity, untraceability). Several decision procedures have already been proposed but the resulting tools are rather inefficient.In this paper, we propose a novel algorithm, based on graph planning and SAT-solving, which significantly improves the efficiency of the analysis of equivalence properties. The resulting implementation, SAT-Equiv, can analyze several sessions where most tools have to stop after one or two sessions.","PeriodicalId":269696,"journal":{"name":"2017 IEEE 30th Computer Security Foundations Symposium (CSF)","volume":"48 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-07-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126749631","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 26
Securing Databases from Probabilistic Inference 从概率推理中保护数据库
2017 IEEE 30th Computer Security Foundations Symposium (CSF) Pub Date : 2017-06-08 DOI: 10.1109/CSF.2017.30
M. Guarnieri, Srdjan Marinovic, D. Basin
{"title":"Securing Databases from Probabilistic Inference","authors":"M. Guarnieri, Srdjan Marinovic, D. Basin","doi":"10.1109/CSF.2017.30","DOIUrl":"https://doi.org/10.1109/CSF.2017.30","url":null,"abstract":"Databases can leak confidential information when users combine query results with probabilistic data dependencies and prior knowledge. Current research offers mechanisms that either handle a limited class of dependencies or lack tractable enforcement algorithms. We propose a foundation for Database Inference Control based on ProbLog, a probabilistic logic programming language. We leverage this foundation to develop Angerona, a provably secure enforcement mechanism that prevents information leakage in the presence of probabilistic dependencies. We then provide a tractable inference algorithm for a practically relevant fragment of ProbLog. We empirically evaluate Angerona's performance showing that it scales to relevant security-critical problems.","PeriodicalId":269696,"journal":{"name":"2017 IEEE 30th Computer Security Foundations Symposium (CSF)","volume":"44 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-06-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125644305","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 22
Types for Location and Data Security in Cloud Environments 云环境中的位置和数据安全类型
2017 IEEE 30th Computer Security Foundations Symposium (CSF) Pub Date : 2017-06-06 DOI: 10.1109/CSF.2017.25
I. Gazeau, Tom Chothia, Dominic Duggan
{"title":"Types for Location and Data Security in Cloud Environments","authors":"I. Gazeau, Tom Chothia, Dominic Duggan","doi":"10.1109/CSF.2017.25","DOIUrl":"https://doi.org/10.1109/CSF.2017.25","url":null,"abstract":"Cloud service providers are often trusted to be genuine, the damage caused by being discovered to be attacking their own customers outweighs any benefits such attacks could reap. On the other hand, it is expected that some cloud service users may be actively malicious. In such an open system, each location may run code which has been developed independently of other locations (and which may be secret). In this paper, we present a typed language which ensures that the access restrictions put on data on a particular device will be observed by all other devices running typed code. Untyped, compromised devices can still interact with typed devices without being able to violate the policies, except in the case when a policy directly places trust in untyped locations. Importantly, our type system does not need a middleware layer or all users to register with a preexisting PKI, and it allows for devices to dynamically create new identities. The confidentiality property guaranteed by the language is defined for any kind of intruder: we consider labeled bisimilarity i.e. an attacker cannot distinguish two scenarios that differ by the change of a protected value. This shows our main result that, for a device that runs well typed code and only places trust in other well typed devices, programming errors cannot cause a data leakage.","PeriodicalId":269696,"journal":{"name":"2017 IEEE 30th Computer Security Foundations Symposium (CSF)","volume":"60 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-06-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129135960","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Towards a Flow- and Path-Sensitive Information Flow Analysis 面向流和路径敏感的信息流分析
2017 IEEE 30th Computer Security Foundations Symposium (CSF) Pub Date : 2017-06-05 DOI: 10.1109/CSF.2017.17
Peixuan Li, Danfeng Zhang
{"title":"Towards a Flow- and Path-Sensitive Information Flow Analysis","authors":"Peixuan Li, Danfeng Zhang","doi":"10.1109/CSF.2017.17","DOIUrl":"https://doi.org/10.1109/CSF.2017.17","url":null,"abstract":"This paper investigates a flow- and path-sensitive static information flow analysis. Compared with security type systems with fixed labels, it has been shown that flow-sensitive type systems accept more secure programs. We show that an information flow analysis with fixed labels can be both flow- and path-sensitive. The novel analysis has two major components: 1) a general-purpose program transformation that removes false dataflow dependencies in a program that confuse a fixed-label type system, and 2) a fixed-label type system that allows security types to depend on path conditions. We formally prove that the proposed analysis enforces a rigorous security property: noninterference. Moreover, we show that the analysis is strictly more precise than a classic flow-sensitive type system, and it allows sound control of information flow in the presence of mutable variables without resorting to run-time mechanisms.","PeriodicalId":269696,"journal":{"name":"2017 IEEE 30th Computer Security Foundations Symposium (CSF)","volume":"181 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-06-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130533560","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 13
A Sound Flow-Sensitive Heap Abstraction for the Static Analysis of Android Applications 用于Android应用程序静态分析的可靠的流敏感堆抽象
2017 IEEE 30th Computer Security Foundations Symposium (CSF) Pub Date : 2017-05-30 DOI: 10.1109/CSF.2017.19
Stefano Calzavara, Ilya Grishchenko, Adrien Koutsos, Matteo Maffei
{"title":"A Sound Flow-Sensitive Heap Abstraction for the Static Analysis of Android Applications","authors":"Stefano Calzavara, Ilya Grishchenko, Adrien Koutsos, Matteo Maffei","doi":"10.1109/CSF.2017.19","DOIUrl":"https://doi.org/10.1109/CSF.2017.19","url":null,"abstract":"The present paper proposes the first static analysis for Android applications which is both flow-sensitive on the heap abstraction and provably sound with respect to a rich formal model of the Android platform. We formulate the analysis as a set of Horn clauses defining a sound over-approximation of the semantics of the Android application to analyse, borrowing ideas from recency abstraction and extending them to our concurrent setting. Moreover, we implement the analysis in HornDroid, a state-of-the-art information flow analyser for Android applications. Our extension allows HornDroid to perform strong updates on heap-allocated data structures, thus significantly increasing its precision, without sacrificing its soundness guarantees. We test our implementation on DroidBench, a popular benchmark of Android applications developed by the research community, and we show that our changes to HornDroid lead to an improvement in the precision of the tool, while having only a moderate cost in terms of efficiency. Finally, we assess the scalability of our tool to the analysis of real applications.","PeriodicalId":269696,"journal":{"name":"2017 IEEE 30th Computer Security Foundations Symposium (CSF)","volume":"11 7","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-05-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132605760","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
Synthesis of Adaptive Side-Channel Attacks 自适应侧信道攻击的综合
2017 IEEE 30th Computer Security Foundations Symposium (CSF) Pub Date : 2017-05-09 DOI: 10.1109/CSF.2017.8
Quoc-Sang Phan, Lucas Bang, C. Pasareanu, P. Malacaria, T. Bultan
{"title":"Synthesis of Adaptive Side-Channel Attacks","authors":"Quoc-Sang Phan, Lucas Bang, C. Pasareanu, P. Malacaria, T. Bultan","doi":"10.1109/CSF.2017.8","DOIUrl":"https://doi.org/10.1109/CSF.2017.8","url":null,"abstract":"We present symbolic analysis techniques for detecting vulnerabilities that are due to adaptive side-channel attacks, and synthesizing inputs that exploit the identified vulnerabilities. We start with a symbolic attack model that encodes succinctly all the side-channel attacks that an adversary can make. Using symbolic execution over this model, we generate a set of mathematical constraints, where each constraint characterizes the set of secret values that lead to the same sequence of side-channel measurements. We then compute the optimal attack, i.e, the attack that yields maximum leakage over the secret, by solving an optimization problem over the computed constraints. We use information-theoretic concepts such as channel capacity and Shannon entropy to quantify the leakage over multiple runs in the attack, where the measurements over the side channels form the observations that an adversary can use to try to infer the secret. We also propose greedy heuristics that generate the attack by exploring a portion of the symbolic attack model in each step. We implemented the techniques in Symbolic PathFinder and applied them to Java programs encoding web services, string manipulations and cryptographic functions, demonstrating how to synthesize optimal side-channel attacks.","PeriodicalId":269696,"journal":{"name":"2017 IEEE 30th Computer Security Foundations Symposium (CSF)","volume":"10 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-05-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115962926","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 56
Formal Computational Unlinkability Proofs of RFID Protocols RFID协议的形式化计算不可链接性证明
2017 IEEE 30th Computer Security Foundations Symposium (CSF) Pub Date : 2017-05-05 DOI: 10.1109/CSF.2017.9
Hubert Comon-Lundh, Adrien Koutsos
{"title":"Formal Computational Unlinkability Proofs of RFID Protocols","authors":"Hubert Comon-Lundh, Adrien Koutsos","doi":"10.1109/CSF.2017.9","DOIUrl":"https://doi.org/10.1109/CSF.2017.9","url":null,"abstract":"We set up a framework for the formal proofs of RFID protocols in the computational model. We rely on the so-called computationally complete symbolic attacker model. Our contributions are: 1) to design (and prove sound) axioms reflecting the properties of hash functions (Collision-Resistance, PRF). 2) to formalize computational unlinkability in the model. 3) to illustrate the method, providing the first formal proofs of unlinkability of RFID protocols, in the omputational model.","PeriodicalId":269696,"journal":{"name":"2017 IEEE 30th Computer Security Foundations Symposium (CSF)","volume":"389 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-05-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132441109","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 16
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信