发布求助
文献互助 智能选刊 最新文献

Proceedings of the 15th ACM conference on Computer and communications security最新文献

筛选
英文 中文
Cryptographically verified implementations for TLS TLS的加密验证实现
Proceedings of the 15th ACM conference on Computer and communications security Pub Date : 2008-10-27 DOI: 10.1145/1455770.1455828
K. Bhargavan, C. Fournet, R. Corin, E. Zalinescu
{"title":"Cryptographically verified implementations for TLS","authors":"K. Bhargavan, C. Fournet, R. Corin, E. Zalinescu","doi":"10.1145/1455770.1455828","DOIUrl":"https://doi.org/10.1145/1455770.1455828","url":null,"abstract":"We intend to narrow the gap between concrete implementations of cryptographic protocols and their verified models. We develop and verify a small functional implementation of the Transport Layer Security protocol (TLS 1.0). We make use of the same executable code for interoperability testing against mainstream implementations, for automated symbolic cryptographic verification, and for automated computational cryptographic verification. We rely on a combination of recent tools, and we also develop a new tool for extracting computational models from executable code. We obtain strong security guarantees for TLS as used in typical deployments.","PeriodicalId":440730,"journal":{"name":"Proceedings of the 15th ACM conference on Computer and communications security","volume":"123 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123763174","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 117
Session details: Formal methods 2 会话细节:正式方法
Proceedings of the 15th ACM conference on Computer and communications security Pub Date : 2008-10-27 DOI: 10.1145/3260812
A. Fournet
{"title":"Session details: Formal methods 2","authors":"A. Fournet","doi":"10.1145/3260812","DOIUrl":"https://doi.org/10.1145/3260812","url":null,"abstract":"","PeriodicalId":440730,"journal":{"name":"Proceedings of the 15th ACM conference on Computer and communications security","volume":"19 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134461330","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Session details: Access control 会话详细信息:访问控制
Proceedings of the 15th ACM conference on Computer and communications security Pub Date : 2008-10-27 DOI: 10.1145/3260810
Ting Yu
{"title":"Session details: Access control","authors":"Ting Yu","doi":"10.1145/3260810","DOIUrl":"https://doi.org/10.1145/3260810","url":null,"abstract":"","PeriodicalId":440730,"journal":{"name":"Proceedings of the 15th ACM conference on Computer and communications security","volume":"4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124466267","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
A class of probabilistic models for role engineering 一类用于角色工程的概率模型
Proceedings of the 15th ACM conference on Computer and communications security Pub Date : 2008-10-27 DOI: 10.1145/1455770.1455809
Mario Frank, D. Basin, J. Buhmann
{"title":"A class of probabilistic models for role engineering","authors":"Mario Frank, D. Basin, J. Buhmann","doi":"10.1145/1455770.1455809","DOIUrl":"https://doi.org/10.1145/1455770.1455809","url":null,"abstract":"Role Engineering is a security-critical task for systems using role-based access control (RBAC). Different role-mining approaches have been proposed that attempt to automatically infer appropriate roles from existing user-permission assignments. However, these approaches are mainly combinatorial and lack an underlying probabilistic model of the domain. We present the first probabilistic model for RBAC. Our model defines a general framework for expressing user permission assignments and can be specialized to different domains by limiting its degrees of freedom with appropriate constraints. For one practically important instance of this framework, we show how roles can be inferred from data using a state-of-the-art machine-learning algorithm. Experiments on both randomly generated and real-world data provide evidence that our approach not only creates meaningful roles but also identifies erroneous user-permission assignments in given data.","PeriodicalId":440730,"journal":{"name":"Proceedings of the 15th ACM conference on Computer and communications security","volume":"9 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128914429","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 64
Identity-based encryption with efficient revocation 具有有效撤销的基于身份的加密
Proceedings of the 15th ACM conference on Computer and communications security Pub Date : 2008-10-27 DOI: 10.1145/1455770.1455823
A. Boldyreva, Vipul Goyal, Virendra Kumar
{"title":"Identity-based encryption with efficient revocation","authors":"A. Boldyreva, Vipul Goyal, Virendra Kumar","doi":"10.1145/1455770.1455823","DOIUrl":"https://doi.org/10.1145/1455770.1455823","url":null,"abstract":"Identity-based encryption (IBE) is an exciting alternative to public-key encryption, as IBE eliminates the need for a Public Key Infrastructure (PKI). The senders using an IBE do not need to look up the public keys and the corresponding certificates of the receivers, the identities (e.g. emails or IP addresses) of the latter are sufficient to encrypt. Any setting, PKI- or identity-based, must provide a means to revoke users from the system. Efficient revocation is a well-studied problem in the traditional PKI setting. However in the setting of IBE, there has been little work on studying the revocation mechanisms. The most practical solution requires the senders to also use time periods when encrypting, and all the receivers (regardless of whether their keys have been compromised or not) to update their private keys regularly by contacting the trusted authority. We note that this solution does not scale well -- as the number of users increases, the work on key updates becomes a bottleneck. We propose an IBE scheme that significantly improves key-update efficiency on the side of the trusted party (from linear to logarithmic in the number of users), while staying efficient for the users. Our scheme builds on the ideas of the Fuzzy IBE primitive and binary tree data structure, and is provably secure.","PeriodicalId":440730,"journal":{"name":"Proceedings of the 15th ACM conference on Computer and communications security","volume":"25 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126597020","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 759
Enforcing authorization policies using transactional memory introspection 使用事务性内存自省强制执行授权策略
Proceedings of the 15th ACM conference on Computer and communications security Pub Date : 2008-10-27 DOI: 10.1145/1455770.1455800
Arnar Birgisson, Mohan Dhawan, Ú. Erlingsson, V. Ganapathy, L. Iftode
{"title":"Enforcing authorization policies using transactional memory introspection","authors":"Arnar Birgisson, Mohan Dhawan, Ú. Erlingsson, V. Ganapathy, L. Iftode","doi":"10.1145/1455770.1455800","DOIUrl":"https://doi.org/10.1145/1455770.1455800","url":null,"abstract":"Correct enforcement of authorization policies is a difficult task, especially for multi-threaded software. Even in carefully-reviewed code, unauthorized access may be possible in subtle corner cases. We introduce Transactional Memory Introspection (TMI), a novel reference monitor architecture that builds on Software Transactional Memory--a new, attractive alternative for writing correct, multi-threaded software. TMI facilitates correct security enforcement by simplifying how the reference monitor integrates with software functionality. TMI can ensure complete mediation of security-relevant operations, eliminate race conditions related to security checks, and simplify handling of authorization failures. We present the design and implementation of a TMI-based reference monitor and experiment with its use in enforcing authorization policies on four significant servers. Our experiments confirm the benefits of the TMI architecture and show that it imposes an acceptable runtime overhead.","PeriodicalId":440730,"journal":{"name":"Proceedings of the 15th ACM conference on Computer and communications security","volume":"114 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128188729","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 39
Session details: Applied cryptography 2 会话详情:应用密码学
Proceedings of the 15th ACM conference on Computer and communications security Pub Date : 2008-10-27 DOI: 10.1145/3260817
P. Golle
{"title":"Session details: Applied cryptography 2","authors":"P. Golle","doi":"10.1145/3260817","DOIUrl":"https://doi.org/10.1145/3260817","url":null,"abstract":"","PeriodicalId":440730,"journal":{"name":"Proceedings of the 15th ACM conference on Computer and communications security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125799129","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Computational soundness of observational equivalence 观测等效的计算合理性
Proceedings of the 15th ACM conference on Computer and communications security Pub Date : 2008-06-26 DOI: 10.1145/1455770.1455786
Hubert Comon-Lundh, V. Cortier
{"title":"Computational soundness of observational equivalence","authors":"Hubert Comon-Lundh, V. Cortier","doi":"10.1145/1455770.1455786","DOIUrl":"https://doi.org/10.1145/1455770.1455786","url":null,"abstract":"Many security properties are naturally expressed as indistinguishability between two versions of a protocol. In this paper, we show that computational proofs of indistinguishability can be considerably simplified, for a class of processes that covers most existing protocols. More precisely, we show a soundness theorem, following the line of research launched by Abadi and Rogaway in 2000: computational indistinguishability in presence of an active attacker is implied by the observational equivalence of the corresponding symbolic processes. We prove our result for symmetric encryption, but the same techniques can be applied to other security primitives such as signatures and public-key encryption. The proof requires the introduction of new concepts, which are general and can be reused in other settings.","PeriodicalId":440730,"journal":{"name":"Proceedings of the 15th ACM conference on Computer and communications security","volume":"35 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-06-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129069348","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 96
Multi-use unidirectional proxy re-signatures 多用途单向代理重签名
Proceedings of the 15th ACM conference on Computer and communications security Pub Date : 2008-02-08 DOI: 10.1145/1455770.1455835
Benoît Libert, Damien Vergnaud
{"title":"Multi-use unidirectional proxy re-signatures","authors":"Benoît Libert, Damien Vergnaud","doi":"10.1145/1455770.1455835","DOIUrl":"https://doi.org/10.1145/1455770.1455835","url":null,"abstract":"In 1998, Blaze, Bleumer, and Strauss suggested a cryptographic primitive termed proxy re-signature in which a proxy transforms a signature computed under Alice's secret key into one from Bob on the same message. The proxy is only semi-trusted in that it cannot learn any signing key or sign arbitrary messages on behalf of Alice or Bob. At CCS 2005, Ateniese and Hohenberger revisited this primitive by providing appropriate security definitions and efficient constructions in the random oracle model. Nonetheless, they left open the problem of constructing a multi-use unidirectional scheme where the proxy is only able to translate in one direction and signatures can be re-translated several times. This paper provides the first steps towards efficiently solving this problem, suggested for the first time 10 years ago, and presents the first multi-hop unidirectional proxy re-signature schemes. Although our proposals feature a linear signature size in the number of translations, they are the first multi-use realizations of the primitive that satisfy the requirements of the Ateniese-Hohenberger security model. The first scheme is secure in the random oracle model. Using the same underlying idea, it readily extends into a secure construction in the standard model (i.e. the security proof of which avoids resorting to the random oracle idealization). Both schemes are computationally efficient but require newly defined Diffie-Hellman-like assumptions in bilinear groups.","PeriodicalId":440730,"journal":{"name":"Proceedings of the 15th ACM conference on Computer and communications security","volume":"15 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-02-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134099652","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 102
首页 上一页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信