2018 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)最新文献

筛选

英文中文

Ledger design language: designing and deploying formally verified public ledgers 分类账设计语言:设计和部署正式验证的公共分类账

2018 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW) Pub Date : 2018-04-01 DOI: 10.1109/EuroSPW.2018.8429049

Nadim Kobeissi, Natalia Kulatova

{"title":"Ledger design language: designing and deploying formally verified public ledgers","authors":"Nadim Kobeissi, Natalia Kulatova","doi":"10.1109/EuroSPW.2018.8429049","DOIUrl":"https://doi.org/10.1109/EuroSPW.2018.8429049","url":null,"abstract":"Cryptocurrencies have popularized public ledgers, known colloquially as “blockchains”. While the Bitcoin blockchain is relatively simple to reason about as, effectively, a hash chain, more complex public ledgers are largely designed without any formalization of desired cryptographic properties such as authentication or integrity. These designs are then implemented without assurances against real-world bugs leading to little assurance with regards to practical, real-world security. Ledger Design Language (LDL) is a modeling language for describing public ledgers. The LDL compiler produces two outputs. The first output is a an applied-pi calculus symbolic model representing the public ledger as a protocol. Using ProVerif, the protocol can be played against an active attacker, whereupon we can query for block integrity, authenticity and other properties. The second output is a formally verified read/write API for interacting with the public ledger in the real world, written in the F* programming language. F* features such as dependent types allow us to validate a block on the public ledger, for example, by type-checking it so that its signing public key be a point on a curve. Using LDL’s outputs, public ledger designers obtain automated assurances on the theoretical coherence and the real-world security of their designs with a single framework based on a single modeling language.","PeriodicalId":326280,"journal":{"name":"2018 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2018-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129251446","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 1

A First Look at Browser-Based Cryptojacking 首先看看基于浏览器的加密劫持

2018 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW) Pub Date : 2018-03-07 DOI: 10.1109/EuroSPW.2018.00014

Shayan Eskandari, Andreas Leoutsarakos, Troy Mursch, Jeremy Clark

{"title":"A First Look at Browser-Based Cryptojacking","authors":"Shayan Eskandari, Andreas Leoutsarakos, Troy Mursch, Jeremy Clark","doi":"10.1109/EuroSPW.2018.00014","DOIUrl":"https://doi.org/10.1109/EuroSPW.2018.00014","url":null,"abstract":"In this paper, we examine the recent trend to- wards in-browser mining of cryptocurrencies; in particular, the mining of Monero through Coinhive and similar code- bases. In this model, a user visiting a website will download a JavaScript code that executes client-side in her browser, mines a cryptocurrency—typically without her consent or knowledge—and pays out the seigniorage to the website. Websites may consciously employ this as an alternative or to supplement advertisement revenue, may offer premium content in exchange for mining, or may be unwittingly serving the code as a result of a breach (in which case the seigniorage is collected by the attacker). The cryptocurrency Monero is preferred seemingly for its unfriendliness to large-scale ASIC mining that would drive browser-based efforts out of the market, as well as for its purported privacy features. In this paper, we survey this landscape, conduct some measurements to establish its prevalence and profitability, outline an ethical framework for considering whether it should be classified as an attack or business opportunity, and make suggestions for the detection, mitigation and/or prevention of browser-based mining for non- consenting users.","PeriodicalId":326280,"journal":{"name":"2018 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2018-03-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129744270","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 129

首页上一页