发布求助
文献互助 智能选刊 最新文献

2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)最新文献

筛选
英文 中文
Ostraka: Secure Blockchain Scaling by Node Sharding Ostraka:通过节点分片实现安全的区块链扩展
2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW) Pub Date : 2019-07-07 DOI: 10.1109/EuroSPW51379.2020.00060
Alex Manuskin, Michael Mirkin, Ittay Eyal
{"title":"Ostraka: Secure Blockchain Scaling by Node Sharding","authors":"Alex Manuskin, Michael Mirkin, Ittay Eyal","doi":"10.1109/EuroSPW51379.2020.00060","DOIUrl":"https://doi.org/10.1109/EuroSPW51379.2020.00060","url":null,"abstract":"Cryptocurrencies, implemented with blockchain protocols, promise to become a global payment system if they can overcome performance limitations. Rapidly advancing architectures improve on latency and throughput, but most require all participating servers to process all transactions. Several recent works propose to shard the system, such that each machine would only process a subset of the transactions.However, we identify a denial-of-service attack that is exposed by these solutions – an attacker can generate transactions that would overload a single shard, thus delaying processing in the entire system. Moreover, we show that in common scenarios, these protocols require most node operators to process almost all blockchain transactions.We present Ostraka, a blockchain node architecture that shards (parallelizes) the nodes themselves. We prove that replacing a unified node with an Ostraka node does not affect the security of the underlying consensus mechanism.We evaluate analytically and experimentally block propagation and processing in various settings. Ostraka allows nodes in the network to scale, without costly coordination. In our experiments, Ostraka nodes transaction processing rate grows linearly with the addition of resources.","PeriodicalId":405252,"journal":{"name":"2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)","volume":"186 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-07-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123012228","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 34
Explainable Security 可辩解的安全
2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW) Pub Date : 2018-07-11 DOI: 10.1109/EuroSPW51379.2020.00045
L. Viganò, D. Magazzeni
{"title":"Explainable Security","authors":"L. Viganò, D. Magazzeni","doi":"10.1109/EuroSPW51379.2020.00045","DOIUrl":"https://doi.org/10.1109/EuroSPW51379.2020.00045","url":null,"abstract":"In 2017, the Defense Advanced Research Projects Agency (DARPA) launched the Explainable Artificial Intelligence (XAI) program that aims to create a suite of new AI techniques that enable end users to understand, appropriately trust, and effectively manage the emerging generation of AI systems. In this paper, inspired by DARPA’s XAI program, we propose a new paradigm in security research: Explainable Security (XSec). We discuss the \"Six Ws\" of XSec (Who? What? Where? When? Why? and How?) and argue that XSec has unique and complex characteristics: XSec involves several different stakeholders (i.e., the system’s developers, analysts, users and attackers) and is multi-faceted by nature (as it requires reasoning about system model, threat model and properties of security, privacy and trust as well as concrete attacks, vulnerabilities and countermeasures). We define a roadmap for XSec that identifies several possible research directions.","PeriodicalId":405252,"journal":{"name":"2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)","volume":"5 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-07-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134296185","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 52
Nethammer: Inducing Rowhammer Faults through Network Requests Nethammer:通过网络请求诱导Rowhammer故障
2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW) Pub Date : 2018-05-13 DOI: 10.1109/EuroSPW51379.2020.00102
Moritz Lipp, Misiker Tadesse Aga, Michael Schwarz, D. Gruss, Clémentine Maurice, Lukas Raab, Lukas Lamster
{"title":"Nethammer: Inducing Rowhammer Faults through Network Requests","authors":"Moritz Lipp, Misiker Tadesse Aga, Michael Schwarz, D. Gruss, Clémentine Maurice, Lukas Raab, Lukas Lamster","doi":"10.1109/EuroSPW51379.2020.00102","DOIUrl":"https://doi.org/10.1109/EuroSPW51379.2020.00102","url":null,"abstract":"In this paper, we present Nethammer, a remote Rowhammer attack without a single attacker-controlled line of code on the targeted system, i.e., not even JavaScript. Nethammer works on commodity consumer-grade systems that either are protected with quality-of-service techniques like Intel CAT or that use uncached memory, flush instructions, or non-temporal instructions while handling network requests (e.g., for interaction with the network device). We demonstrate that the frequency of the cache misses is in all three cases high enough to induce bit flips. Our evaluation showed that depending on the location, the bit flip compromises either the security and integrity of the system and the data of its users, or it can leave persistent damage on the system, i.e., persistent denial of service. We invalidate threat models of Rowhammer defenses building upon the assumption of a local attacker. Consequently, we show that most state-of-the-art defenses do not affect our attack. In particular, we demonstrate that target-row-refresh (TRR) implemented in DDR4 has no aggravating effect on local or remote Rowhammer attacks.","PeriodicalId":405252,"journal":{"name":"2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)","volume":"87 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-05-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116751693","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 94
首页 上一页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信