Conference on Computer and Communications Security : proceedings of the ... conference on computer and communications security. ACM Conference on Computer and Communications Security最新文献
Wenhao Wang, Guoxing Chen, Xiaorui Pan, Yinqian Zhang, XiaoFeng Wang, Vincent Bindschaedler, Haixu Tang, Carl A Gunter
{"title":"Leaky Cauldron on the Dark Land: Understanding Memory Side-Channel Hazards in SGX.","authors":"Wenhao Wang, Guoxing Chen, Xiaorui Pan, Yinqian Zhang, XiaoFeng Wang, Vincent Bindschaedler, Haixu Tang, Carl A Gunter","doi":"10.1145/3133956.3134038","DOIUrl":"https://doi.org/10.1145/3133956.3134038","url":null,"abstract":"<p><p>Side-channel risks of Intel's SGX have recently attracted great attention. Under the spotlight is the newly discovered page-fault attack, in which an OS-level adversary induces page faults to observe the page-level access patterns of a protected process running in an SGX enclave. With almost all proposed defense focusing on this attack, little is known about whether such efforts indeed raises the bar for the adversary, whether a simple variation of the attack renders all protection ineffective, not to mention an in-depth understanding of other attack surfaces in the SGX system. In the paper, we report the first step toward systematic analyses of side-channel threats that SGX faces, focusing on the risks associated with its memory management. Our research identifies 8 potential attack vectors, ranging from TLB to DRAM modules. More importantly, we highlight the common misunderstandings about SGX memory side channels, demonstrating that high frequent AEXs can be avoided when recovering EdDSA secret key through a new page channel and fine-grained monitoring of enclave programs (at the level of 64B) can be done through combining both cache and cross-enclave DRAM channels. Our findings reveal the gap between the ongoing security research on SGX and its side-channel weaknesses, redefine the side-channel threat model for secure enclaves, and can provoke a discussion on when to use such a system and how to use it securely.</p>","PeriodicalId":72687,"journal":{"name":"Conference on Computer and Communications Security : proceedings of the ... conference on computer and communications security. ACM Conference on Computer and Communications Security","volume":"2017 ","pages":"2421-2434"},"PeriodicalIF":0.0,"publicationDate":"2017-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1145/3133956.3134038","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"37041209","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"15th Workshop on Privacy in the Electronic Society (WPES 2016)","authors":"S. Vimercati","doi":"10.1145/2976749.2990491","DOIUrl":"https://doi.org/10.1145/2976749.2990491","url":null,"abstract":"The advancements in the Information and Communication Technologies (ICTs) have introduced new computing paradigms (e.g., cloud computing, pervasive and ubiquitous computing, ambient intelligence and aware-computing) where the techniques for processing, storing, communicating, sharing, and disseminating information have radically changed. These novel computing paradigms bring enormous benefits: the availability of a universal access to data; the reduction in power, storage, hardware, and software costs; and the availability of elastic storage and computation services. While these advantages are appealing, as a side effect there is a tremendous risk of exposure of confidential or sensitive information to privacy breaches. WPES is a yearly forum, this year at its 15th edition, aiming at discussing the open privacy challenges, emerging directions, and original novel approaches for guaranteeing privacy in today's global interconnected society.","PeriodicalId":72687,"journal":{"name":"Conference on Computer and Communications Security : proceedings of the ... conference on computer and communications security. ACM Conference on Computer and Communications Security","volume":"423 1","pages":"1879-1880"},"PeriodicalIF":0.0,"publicationDate":"2016-10-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"78174983","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Le rythme et la voix, premiers défis d’un traducteur de Claude Simon","authors":"K. Holter","doi":"10.4000/CCS.940","DOIUrl":"https://doi.org/10.4000/CCS.940","url":null,"abstract":"Pour tout lecteur il y a des rencontres textuelles plus decisives que d’autres. A plus forte raison pour un etudiant ou doctorant, puisque cela peut determiner la direction de sa vie professionnelle. Cela a ete mon cas, a ma premiere lecture de la premiere phrase de La Route des Flandres : Il tenait une lettre a la main, il leva les yeux me regarda puis de nouveau la lettre puis de nouveau moi, derriere lui je pouvais voir aller et venir passer les taches rouges acajou ocre des chevaux qu’on ...","PeriodicalId":72687,"journal":{"name":"Conference on Computer and Communications Security : proceedings of the ... conference on computer and communications security. ACM Conference on Computer and Communications Security","volume":"12 1","pages":"21-30"},"PeriodicalIF":0.0,"publicationDate":"2015-04-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"89387102","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Simon au pays des soviets. Notes sur la réception de l’œuvre simonienne en Russie","authors":"Alexey Vishnyakov","doi":"10.4000/CCS.911","DOIUrl":"https://doi.org/10.4000/CCS.911","url":null,"abstract":"Quel ecrivain pourrait ignorer un pays avec un heritage litteraire si brillant (Gogol, Tourgueniev, Tolstoi et Dostoievski)et qui ne peut etre nomme autrement que monumental ? Et puis – comment ne pas s’interesser a ce meme pays devenu un polygone pour la doctrine (l’utopie ?) marxiste […],le pays ou sont apparues des personnalites aussi monumentales(dans le mal comme dans le bien) que Lenine, Trotski ou Staline ? La Russie occupe dans l’ethnographie imaginaire de Simon l’une des premieres pl...","PeriodicalId":72687,"journal":{"name":"Conference on Computer and Communications Security : proceedings of the ... conference on computer and communications security. ACM Conference on Computer and Communications Security","volume":"74 1","pages":"145-168"},"PeriodicalIF":0.0,"publicationDate":"2014-05-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"91396130","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Nonlinear Phenomena and Resonant Parametric Perturbation Control in QR-ZCS Buck DC-DC Converters","authors":"Fei-Hu Hsieh, Fengxia Liu, Hui-Chang Hsieh","doi":"10.1007/978-3-642-33914-1_13","DOIUrl":"https://doi.org/10.1007/978-3-642-33914-1_13","url":null,"abstract":"","PeriodicalId":72687,"journal":{"name":"Conference on Computer and Communications Security : proceedings of the ... conference on computer and communications security. ACM Conference on Computer and Communications Security","volume":"3 1","pages":"105-109"},"PeriodicalIF":0.0,"publicationDate":"2013-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"89368682","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Optical Spectrum Analysis of Chaotic Synchronization in a Bidirectional Coupled Semiconductor Laser System","authors":"I. Andrei, G. Popescu, C. Ticoș, M. Pascu","doi":"10.1007/978-3-642-33914-1_60","DOIUrl":"https://doi.org/10.1007/978-3-642-33914-1_60","url":null,"abstract":"","PeriodicalId":72687,"journal":{"name":"Conference on Computer and Communications Security : proceedings of the ... conference on computer and communications security. ACM Conference on Computer and Communications Security","volume":"74 1","pages":"425-429"},"PeriodicalIF":0.0,"publicationDate":"2013-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"91396123","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
M. Heiderich, Tilman Frosch, Meiko Jensen, Thorsten Holz
{"title":"Crouching tiger - hidden payload: security risks of scalable vectors graphics","authors":"M. Heiderich, Tilman Frosch, Meiko Jensen, Thorsten Holz","doi":"10.1145/2046707.2046735","DOIUrl":"https://doi.org/10.1145/2046707.2046735","url":null,"abstract":"Scalable Vector Graphics (SVG) images so far played a rather small role on the Internet, mainly due to the lack of proper browser support. Recently, things have changed: the W3C and WHATWG draft specifications for HTML5 require modern web browsers to support SVG images to be embedded in a multitude of ways. Now SVG images can be embedded through the classical method via specific tags such as or , or in novel ways, such as with tags, CSS or inline in any HTML5 document. SVG files are generally considered to be plain images or animations, and security-wise, they are being treated as such (e.g., when an embedment of local or remote SVG images into websites or uploading these files into rich web applications takes place). Unfortunately, this procedure poses great risks for the web applications and the users utilizing them, as it has been proven that SVG files must be considered fully functional, one-file web applications potentially containing HTML, JavaScript, Flash, and other interactive code structures. We found that even more severe problems have resulted from the often improper handling of complex and maliciously prepared SVG files by the browsers.\u0000 In this paper, we introduce several novel attack techniques targeted at major websites, as well as modern browsers, email clients and other comparable tools. In particular, we illustrate that SVG images embedded via tag and CSS can execute arbitrary JavaScript code. We examine and present how current filtering techniques are circumventable by using SVG files and subsequently propose an approach to mitigate these risks. The paper showcases our research into the usage of SVG images as attack tools, and determines its impact on state-of-the-art web browsers such as Firefox 4, Internet Explorer 9, and Opera 11.","PeriodicalId":72687,"journal":{"name":"Conference on Computer and Communications Security : proceedings of the ... conference on computer and communications security. ACM Conference on Computer and Communications Security","volume":"88 1","pages":"239-250"},"PeriodicalIF":0.0,"publicationDate":"2011-10-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"74882847","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"PaperSpeckle: microscopic fingerprinting of paper","authors":"Ashlesh Sharma, L. Subramanian, E. Brewer","doi":"10.1145/2046707.2046721","DOIUrl":"https://doi.org/10.1145/2046707.2046721","url":null,"abstract":"Paper forgery is among the leading causes of corruption in many developing regions. In this paper, we introduce PaperSpeckle, a robust system that leverages the natural randomness property present in paper to generate a fingerprint for any piece of paper. Our goal in developing PaperSpeckle is to build a low-cost paper based authentication mechanism for applications in rural regions such as microfinance, healthcare, land ownership records, supply chain services and education which heavily rely on paper based records. Unlike prior paper fingerprinting techniques that have extracted fingerprints based on the fiber structure of paper, PaperSpeckle uses the texture speckle pattern, a random bright/dark region formation at the microscopic level when light falls on to the paper, to extract a unique fingerprint to identify paper. In PaperSpeckle, we show how to extract a \"repeatable\" texture speckle pattern of a microscopic region of a paper using low-cost machinery involving paper, pen and a cheap microscope. Using extensive testing on different types of paper, we show that PaperSpeckle can produce a robust repeatable fingerprint even if paper is damaged due to crumpling, printing or scribbling, soaking in water or aging with time.","PeriodicalId":72687,"journal":{"name":"Conference on Computer and Communications Security : proceedings of the ... conference on computer and communications security. ACM Conference on Computer and Communications Security","volume":"106 1","pages":"99-110"},"PeriodicalIF":0.0,"publicationDate":"2011-10-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"75297430","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Poster: shaping network topology for privacy and performance","authors":"Nayantara Mallesh, M. Wright","doi":"10.1145/2046707.2093500","DOIUrl":"https://doi.org/10.1145/2046707.2093500","url":null,"abstract":"While it is important to design anonymity systems to be robust against attacks, it is also important to provide good performance to users. We explore ways to improve the security and performance of anonymity systems by building both security and performance properties into the network topology. In particular, we study an expander graph based network topology and apply link-based performance metrics in order to build the topology graph. Such a network can be constructed to have enhanced performance and similar security properties to restricted route topologies with random links. Results show that a sparse, D-regular expander graph topology provides nearly the same security, as measured by the likelihood of an incoming stream exiting through any node in the network, as with a fully-connected graph. Further, when the expander graph is constructed with a bias towards faster links, there is a considerable gain in performance without much loss of security.","PeriodicalId":72687,"journal":{"name":"Conference on Computer and Communications Security : proceedings of the ... conference on computer and communications security. ACM Conference on Computer and Communications Security","volume":"186 1","pages":"813-816"},"PeriodicalIF":0.0,"publicationDate":"2011-10-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"73941447","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Automatically optimizing secure computation","authors":"F. Kerschbaum","doi":"10.1145/2046707.2046786","DOIUrl":"https://doi.org/10.1145/2046707.2046786","url":null,"abstract":"On the one hand, compilers for secure computation protocols, such as FairPlay or FairPlayMP, have significantly simplified the development of such protocols. On the other hand, optimized protocols with high performance for special problems demand manual development and security verification. The question considered in this paper is: Can we construct a compiler that produces optimized protocols? We present an optimization technique based on logic inference about what is known from input and output. Using the example of median computation we can show that our program analysis and rewriting technique translates a FairPlay program into an equivalent -- in functionality and security -- program that corresponds to the protocol by Aggarwal et al. Nevertheless our technique is general and can be applied to optimize a wide variety of secure computation protocols.","PeriodicalId":72687,"journal":{"name":"Conference on Computer and Communications Security : proceedings of the ... conference on computer and communications security. ACM Conference on Computer and Communications Security","volume":"90 23","pages":"703-714"},"PeriodicalIF":0.0,"publicationDate":"2011-10-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1145/2046707.2046786","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"72375197","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}