首页 > 最新文献

2014 IEEE 27th Computer Security Foundations Symposium最新文献

英文 中文
Additive and Multiplicative Notions of Leakage, and Their Capacities 泄漏的加法和乘法概念及其容量
Pub Date : 2014-07-19 DOI: 10.1109/CSF.2014.29
M. Alvim, K. Chatzikokolakis, Annabelle McIver, Carroll Morgan, C. Palamidessi, Geoffrey Smith
Protecting sensitive information from improper disclosure is a fundamental security goal. It is complicated, and difficult to achieve, often because of unavoidable or even unpredictable operating conditions that can lead to breaches in planned security defences. An attractive approach is to frame the goal as a quantitative problem, and then to design methods that measure system vulnerabilities in terms of the amount of information they leak. A consequence is that the precise operating conditions, and assumptions about prior knowledge, can play a crucial role in assessing the severity of any measured vunerability. We develop this theme by concentrating on vulnerability measures that are robust in the sense of allowing general leakage bounds to be placed on a program, bounds that apply whatever its operating conditions and whatever the prior knowledge might be. In particular we propose a theory of channel capacity, generalising the Shannon capacity of information theory, that can apply both to additive- and to multiplicative forms of a recently-proposed measure known as g-leakage. Further, we explore the computational aspects of calculating these (new) capacities: one of these scenarios can be solved efficiently by expressing it as a Kantorovich distance, but another turns out to be NP-complete. We also find capacity bounds for arbitrary correlations with data not directly accessed by the channel, as in the scenario of Dalenius's Desideratum.
保护敏感信息不被不当泄露是一个基本的安全目标。这很复杂,很难实现,通常是因为不可避免甚至不可预测的操作条件可能导致计划的安全防御遭到破坏。一种有吸引力的方法是将目标定义为定量问题,然后设计方法,根据泄漏的信息量来度量系统漏洞。其结果是,精确的操作条件和对先验知识的假设,可以在评估任何可测量脆弱性的严重程度方面发挥至关重要的作用。我们通过关注漏洞度量来发展这个主题,这些漏洞度量在允许将一般泄漏边界置于程序上的意义上是稳健的,这些边界适用于任何操作条件和任何先验知识。特别地,我们提出了一个信道容量理论,推广了信息论的香农容量,它可以应用于最近提出的一种称为g泄漏的测量的加法和乘法形式。此外,我们探索了计算这些(新)能力的计算方面:其中一种情况可以通过将其表示为坎托罗维奇距离来有效地解决,但另一种情况证明是np完全的。我们还发现了与通道不直接访问的数据的任意相关性的容量界限,如在Dalenius's Desideratum的场景中。
{"title":"Additive and Multiplicative Notions of Leakage, and Their Capacities","authors":"M. Alvim, K. Chatzikokolakis, Annabelle McIver, Carroll Morgan, C. Palamidessi, Geoffrey Smith","doi":"10.1109/CSF.2014.29","DOIUrl":"https://doi.org/10.1109/CSF.2014.29","url":null,"abstract":"Protecting sensitive information from improper disclosure is a fundamental security goal. It is complicated, and difficult to achieve, often because of unavoidable or even unpredictable operating conditions that can lead to breaches in planned security defences. An attractive approach is to frame the goal as a quantitative problem, and then to design methods that measure system vulnerabilities in terms of the amount of information they leak. A consequence is that the precise operating conditions, and assumptions about prior knowledge, can play a crucial role in assessing the severity of any measured vunerability. We develop this theme by concentrating on vulnerability measures that are robust in the sense of allowing general leakage bounds to be placed on a program, bounds that apply whatever its operating conditions and whatever the prior knowledge might be. In particular we propose a theory of channel capacity, generalising the Shannon capacity of information theory, that can apply both to additive- and to multiplicative forms of a recently-proposed measure known as g-leakage. Further, we explore the computational aspects of calculating these (new) capacities: one of these scenarios can be solved efficiently by expressing it as a Kantorovich distance, but another turns out to be NP-complete. We also find capacity bounds for arbitrary correlations with data not directly accessed by the channel, as in the scenario of Dalenius's Desideratum.","PeriodicalId":285965,"journal":{"name":"2014 IEEE 27th Computer Security Foundations Symposium","volume":"118 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-07-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124411633","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 75
Attribute-Based Encryption for Access Control Using Elementary Operations 基于属性的基于基本操作的访问控制加密
Pub Date : 2014-07-19 DOI: 10.1109/CSF.2014.17
J. Crampton, A. Pinto
Attribute-based encryption (ABE) has attracted considerable attention in the research community in recent years. It has a number of applications such as broadcast encryption and the cryptographic enforcement of access control policies. Existing instantiations of ABE make use of access structures encoded either as trees of Shamir threshold secret-sharing schemes or monotone span programs. In both cases, the appropriate computations for these schemes are interleaved with the standard operations for cryptographic pairings. Moreover, the resulting schemes are not particularly appropriate for access control policies. In this paper, therefore, we start by examining the representation of access control policies and investigate alternative secret-sharing schemes that could be used to enforce them. We develop new ABE schemes based on the Benaloh-Leichter scheme, which employs only elementary arithmetic operations, and then extend this to arbitrary linear secret-sharing schemes. We then compare the complexity of existing schemes with our scheme based on Benaloh-Leichter.
近年来,基于属性的加密(ABE)受到了学术界的广泛关注。它有许多应用程序,如广播加密和访问控制策略的加密实施。现有的ABE实例使用了编码为Shamir阈值秘密共享方案树或单调跨度程序的访问结构。在这两种情况下,这些方案的适当计算与加密配对的标准操作交织在一起。此外,生成的方案并不特别适合于访问控制策略。因此,在本文中,我们首先检查访问控制策略的表示,并研究可用于执行它们的替代秘密共享方案。我们在只使用初等算术运算的Benaloh-Leichter方案的基础上开发了新的ABE方案,并将其推广到任意线性秘密共享方案。然后,我们将现有方案的复杂性与基于Benaloh-Leichter的方案进行比较。
{"title":"Attribute-Based Encryption for Access Control Using Elementary Operations","authors":"J. Crampton, A. Pinto","doi":"10.1109/CSF.2014.17","DOIUrl":"https://doi.org/10.1109/CSF.2014.17","url":null,"abstract":"Attribute-based encryption (ABE) has attracted considerable attention in the research community in recent years. It has a number of applications such as broadcast encryption and the cryptographic enforcement of access control policies. Existing instantiations of ABE make use of access structures encoded either as trees of Shamir threshold secret-sharing schemes or monotone span programs. In both cases, the appropriate computations for these schemes are interleaved with the standard operations for cryptographic pairings. Moreover, the resulting schemes are not particularly appropriate for access control policies. In this paper, therefore, we start by examining the representation of access control policies and investigate alternative secret-sharing schemes that could be used to enforce them. We develop new ABE schemes based on the Benaloh-Leichter scheme, which employs only elementary arithmetic operations, and then extend this to arbitrary linear secret-sharing schemes. We then compare the complexity of existing schemes with our scheme based on Benaloh-Leichter.","PeriodicalId":285965,"journal":{"name":"2014 IEEE 27th Computer Security Foundations Symposium","volume":"588 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-07-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123178915","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
Certificates for Verifiable Forensics 可验证取证证书
Pub Date : 2014-07-19 DOI: 10.1109/CSF.2014.11
R. Jagadeesan, C. Lubinski, Corin Pitcher, J. Riely, Charles Winebrinner
Digital forensics reports typically document the search process that has led to a conclusion, the primary means to verify the report is to repeat the search process. We believe that, as a result, the Trusted Computing Base for digital forensics is unnecessarily large and opaque. We advocate the use of forensic certificates as intermediate artifacts between search and verification. Because a forensic certificate has a precise semantics, it can be verified without knowledge of the search process and forensic tools used to create it. In addition, this precision opens up avenues for the analysis of forensic specifications. We present a case study using the specification of a deleted file. We propose a verification architecture that addresses the enormous size of digital forensics data sets. As a proof of concept, we consider a computer intrusion case study, drawn from the Honey net project. Our Coq formalization yields a verifiable certificate of the correctness of the underlying forensic analysis.
数字取证报告通常记录得出结论的搜索过程,验证报告的主要方法是重复搜索过程。我们认为,其结果是,用于数字取证的可信计算基础过于庞大和不透明。我们提倡使用法医证书作为搜索和验证之间的中间工件。由于取证证书具有精确的语义,因此可以在不了解用于创建它的搜索过程和取证工具的情况下对其进行验证。此外,这种精确性为法医规范的分析开辟了道路。我们提出了一个使用已删除文件规范的案例研究。我们提出了一个验证架构,以解决数字取证数据集的巨大规模。作为概念的证明,我们考虑了一个计算机入侵案例研究,从蜂蜜网项目。我们的Coq形式化产生了底层取证分析正确性的可验证证书。
{"title":"Certificates for Verifiable Forensics","authors":"R. Jagadeesan, C. Lubinski, Corin Pitcher, J. Riely, Charles Winebrinner","doi":"10.1109/CSF.2014.11","DOIUrl":"https://doi.org/10.1109/CSF.2014.11","url":null,"abstract":"Digital forensics reports typically document the search process that has led to a conclusion, the primary means to verify the report is to repeat the search process. We believe that, as a result, the Trusted Computing Base for digital forensics is unnecessarily large and opaque. We advocate the use of forensic certificates as intermediate artifacts between search and verification. Because a forensic certificate has a precise semantics, it can be verified without knowledge of the search process and forensic tools used to create it. In addition, this precision opens up avenues for the analysis of forensic specifications. We present a case study using the specification of a deleted file. We propose a verification architecture that addresses the enormous size of digital forensics data sets. As a proof of concept, we consider a computer intrusion case study, drawn from the Honey net project. Our Coq formalization yields a verifiable certificate of the correctness of the underlying forensic analysis.","PeriodicalId":285965,"journal":{"name":"2014 IEEE 27th Computer Security Foundations Symposium","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-07-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122671226","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Compositional Information-Flow Security for Interactive Systems 交互式系统的组合信息流安全
Pub Date : 2014-07-19 DOI: 10.1109/CSF.2014.27
Willard Rafnsson, A. Sabelfeld
To achieve end-to-end security in a system built from parts, it is important to ensure that the composition of secure components is itself secure. This work investigates the compositionality of two popular conditions of possibilistic noninterference. The first condition, progress-insensitive noninterference (PINI), is the security condition enforced by practical tools like JSFlow, Paragon, sequential LIO, Jif, Flow Caml, and SPARK Examiner. We show that this condition is not preserved under fair parallel composition: composing a PINI system fairly with another PINI system can yield an insecure system. We explore constraints that allow recovering compositionality for PINI. Further, we develop a theory of compositional reasoning. In contrast to PINI, we show what PSNI behaves well under composition, with and without fairness assumptions. Our work is performed within a general framework for nondeterministic interactive systems.
要在由部件构建的系统中实现端到端安全性,必须确保安全组件的组合本身是安全的。这项工作调查了两种流行的可能性不干涉条件的组合性。第一个条件,进程不敏感的不干扰(PINI),是由诸如JSFlow、Paragon、顺序LIO、Jif、Flow Caml和SPARK Examiner等实用工具强制执行的安全条件。我们证明了这个条件在公平并行组合下不成立:一个PINI系统与另一个PINI系统公平组合会产生一个不安全的系统。我们探索允许恢复PINI的组合性的约束。进一步,我们发展了一个组合推理理论。与PINI相反,我们展示了PSNI在有和没有公平性假设的情况下在组合下的良好表现。我们的工作是在不确定交互系统的一般框架内执行的。
{"title":"Compositional Information-Flow Security for Interactive Systems","authors":"Willard Rafnsson, A. Sabelfeld","doi":"10.1109/CSF.2014.27","DOIUrl":"https://doi.org/10.1109/CSF.2014.27","url":null,"abstract":"To achieve end-to-end security in a system built from parts, it is important to ensure that the composition of secure components is itself secure. This work investigates the compositionality of two popular conditions of possibilistic noninterference. The first condition, progress-insensitive noninterference (PINI), is the security condition enforced by practical tools like JSFlow, Paragon, sequential LIO, Jif, Flow Caml, and SPARK Examiner. We show that this condition is not preserved under fair parallel composition: composing a PINI system fairly with another PINI system can yield an insecure system. We explore constraints that allow recovering compositionality for PINI. Further, we develop a theory of compositional reasoning. In contrast to PINI, we show what PSNI behaves well under composition, with and without fairness assumptions. Our work is performed within a general framework for nondeterministic interactive systems.","PeriodicalId":285965,"journal":{"name":"2014 IEEE 27th Computer Security Foundations Symposium","volume":"19 4","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-07-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114031367","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 21
Decidability for Lightweight Diffie-Hellman Protocols 轻量级Diffie-Hellman协议的可判定性
Pub Date : 2014-07-19 DOI: 10.1109/CSF.2014.23
Daniel J. Dougherty, J. Guttman
Many protocols use Diffie-Hellman key agreement, combined with certified long-term values or digital signatures for authentication. These protocols aim at security goals such as key secrecy, forward secrecy, resistance to key compromise attacks, and various flavors of authentication. However, these protocols are challenging to analyze, both in computational and symbolic models. An obstacle in the symbolic model is the undecidability of unification in many theories in the signature of rings. In this paper, we develop an algebraic version of the symbolic approach, working directly within finite fields, the natural structures for the protocols. The adversary, in giving an attack on a protocol goal in a finite field, may rely on any identity in that field. He defeats the protocol if there are attacks in infinitely many finite fields. We prove that, even for this strong adversary, security goals for a wide class of protocols are decidable.
许多协议使用Diffie-Hellman密钥协议,结合经过认证的长期值或数字签名进行身份验证。这些协议旨在实现安全目标,例如密钥保密、前向保密、抵抗密钥泄露攻击以及各种类型的身份验证。然而,无论是在计算模型还是符号模型中,分析这些协议都具有挑战性。符号模型的一个障碍是许多环签名理论中统一的不可判定性。在本文中,我们开发了符号方法的代数版本,直接在有限域内工作,协议的自然结构。攻击者在对有限域中的协议目标进行攻击时,可以依赖该域中的任何身份。如果在无限多个有限域中存在攻击,他就会破坏协议。我们证明,即使对于这个强大的对手,广泛协议的安全目标也是可确定的。
{"title":"Decidability for Lightweight Diffie-Hellman Protocols","authors":"Daniel J. Dougherty, J. Guttman","doi":"10.1109/CSF.2014.23","DOIUrl":"https://doi.org/10.1109/CSF.2014.23","url":null,"abstract":"Many protocols use Diffie-Hellman key agreement, combined with certified long-term values or digital signatures for authentication. These protocols aim at security goals such as key secrecy, forward secrecy, resistance to key compromise attacks, and various flavors of authentication. However, these protocols are challenging to analyze, both in computational and symbolic models. An obstacle in the symbolic model is the undecidability of unification in many theories in the signature of rings. In this paper, we develop an algebraic version of the symbolic approach, working directly within finite fields, the natural structures for the protocols. The adversary, in giving an attack on a protocol goal in a finite field, may rely on any identity in that field. He defeats the protocol if there are attacks in infinitely many finite fields. We prove that, even for this strong adversary, security goals for a wide class of protocols are decidable.","PeriodicalId":285965,"journal":{"name":"2014 IEEE 27th Computer Security Foundations Symposium","volume":"96 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-07-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132305092","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 15
The Complexity of Estimating Systematic Risk in Networks 网络系统风险评估的复杂性
Pub Date : 2014-07-19 DOI: 10.1109/CSF.2014.30
Benjamin Johnson, Aron Laszka, Jens Grossklags
This risk of catastrophe from an attack is a consequence of a network's structure formed by the connected individuals, businesses and computer systems. Understanding the likelihood of extreme events, or, more generally, the probability distribution of the number of compromised nodes is an essential requirement to provide risk-mitigation or cyber-insurance. However, previous network security research has not considered features of these distributions beyond their first central moments, while previous cyber-insurance research has not considered the effect of topologies on the supply side. We provide a mathematical basis for bridging this gap: we study the complexity of computing these loss-number distributions, both generally and for special cases of common real-world networks. In the case of scale-free networks, we demonstrate that expected loss alone cannot determine the riskiness of a network, and that this riskiness cannot be naively estimated from smaller samples, which highlights the lack/importance of topological data in security incident reporting.
这种由攻击带来的灾难风险是由相互连接的个人、企业和计算机系统构成的网络结构的结果。了解极端事件发生的可能性,或者更一般地说,了解受损节点数量的概率分布,是提供风险缓解或网络保险的基本要求。然而,之前的网络安全研究并没有考虑到这些分布在第一个中心时刻之外的特征,而之前的网络保险研究也没有考虑到拓扑结构对供给端的影响。我们为弥合这一差距提供了数学基础:我们研究了计算这些损失数分布的复杂性,既包括一般情况,也包括现实世界中常见网络的特殊情况。在无标度网络的情况下,我们证明了预期损失本身不能决定网络的风险,并且这种风险不能从较小的样本中天真地估计,这突出了拓扑数据在安全事件报告中的缺乏/重要性。
{"title":"The Complexity of Estimating Systematic Risk in Networks","authors":"Benjamin Johnson, Aron Laszka, Jens Grossklags","doi":"10.1109/CSF.2014.30","DOIUrl":"https://doi.org/10.1109/CSF.2014.30","url":null,"abstract":"This risk of catastrophe from an attack is a consequence of a network's structure formed by the connected individuals, businesses and computer systems. Understanding the likelihood of extreme events, or, more generally, the probability distribution of the number of compromised nodes is an essential requirement to provide risk-mitigation or cyber-insurance. However, previous network security research has not considered features of these distributions beyond their first central moments, while previous cyber-insurance research has not considered the effect of topologies on the supply side. We provide a mathematical basis for bridging this gap: we study the complexity of computing these loss-number distributions, both generally and for special cases of common real-world networks. In the case of scale-free networks, we demonstrate that expected loss alone cannot determine the riskiness of a network, and that this riskiness cannot be naively estimated from smaller samples, which highlights the lack/importance of topological data in security incident reporting.","PeriodicalId":285965,"journal":{"name":"2014 IEEE 27th Computer Security Foundations Symposium","volume":"302 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-07-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134290380","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 19
How Task Familiarity and Cognitive Predispositions Impact Behavior in a Security Game of Timing 任务熟悉度和认知倾向如何影响时序安全游戏中的行为
Pub Date : 2014-07-19 DOI: 10.1109/CSF.2014.16
Jens Grossklags, D. Reitter
This paper addresses security and safety choices that involve a decision on the timing of an action. Examples of such decisions include when to check log files for intruders and when to monitor financial accounts for fraud or errors. To better understand how performance in timing-related security situations is shaped by individuals' cognitive predispositions, we effectively combine survey measures with economic experiments. Two behavioral experiments are presented in which the timing of online security actions is the critical decision-making factor. The feedback modality in the decision-environment is varied between visual feedback with history (Experiment 1), and temporal feedback without history (Experiment 2). Using psychometric scales, we study the role of individual difference variables, specifically risk propensity and need for cognition. The analysis is based on the data from over 450 participants. We find that risk propensity is not a hindrance in timing tasks. Participants of average risk propensity generally benefit from a reflective disposition (high need for cognition), particularly when visual feedback is given. Overall, participants benefit from need for cognition, however, in the more difficult, temporal-estimation task, this requires familiarity with the task.
本文讨论了涉及对动作时间的决定的安全性和安全性选择。此类决策的示例包括何时检查日志文件以查找入侵者,以及何时监视财务帐户以查找欺诈或错误。为了更好地理解个体在与时间相关的安全情境中的表现如何受到认知倾向的影响,我们将调查措施与经济实验有效地结合起来。提出了两个行为实验,其中网络安全行动的时机是关键决策因素。决策环境中的反馈模式在有历史的视觉反馈(实验1)和无历史的时间反馈(实验2)之间存在差异。我们使用心理测量量表研究了个体差异变量,特别是风险倾向和认知需求的作用。该分析基于450多名参与者的数据。我们发现风险倾向并不会阻碍任务的时间安排。平均风险倾向的参与者通常受益于反思倾向(对认知的高需求),特别是在给予视觉反馈时。总的来说,参与者从认知需求中受益,然而,在更困难的,时间估计任务中,这需要熟悉任务。
{"title":"How Task Familiarity and Cognitive Predispositions Impact Behavior in a Security Game of Timing","authors":"Jens Grossklags, D. Reitter","doi":"10.1109/CSF.2014.16","DOIUrl":"https://doi.org/10.1109/CSF.2014.16","url":null,"abstract":"This paper addresses security and safety choices that involve a decision on the timing of an action. Examples of such decisions include when to check log files for intruders and when to monitor financial accounts for fraud or errors. To better understand how performance in timing-related security situations is shaped by individuals' cognitive predispositions, we effectively combine survey measures with economic experiments. Two behavioral experiments are presented in which the timing of online security actions is the critical decision-making factor. The feedback modality in the decision-environment is varied between visual feedback with history (Experiment 1), and temporal feedback without history (Experiment 2). Using psychometric scales, we study the role of individual difference variables, specifically risk propensity and need for cognition. The analysis is based on the data from over 450 participants. We find that risk propensity is not a hindrance in timing tasks. Participants of average risk propensity generally benefit from a reflective disposition (high need for cognition), particularly when visual feedback is given. Overall, participants benefit from need for cognition, however, in the more difficult, temporal-estimation task, this requires familiarity with the task.","PeriodicalId":285965,"journal":{"name":"2014 IEEE 27th Computer Security Foundations Symposium","volume":"99 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-07-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122588331","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 18
Automated Analysis and Synthesis of Block-Cipher Modes of Operation 分组密码操作模式的自动分析与综合
Pub Date : 2014-07-19 DOI: 10.1109/CSF.2014.18
A. Malozemoff, Jonathan Katz, M. Green
Block ciphers such as AES are deterministic, keyed functions that operate on small, fixed-size blocks. Block-cipher modes of operation define a mechanism for probabilistic encryption of arbitrary length messages using any underlying block cipher. A mode of operation can be proven secure (say, against chosen-plaintext attacks) based on the assumption that the underlying block cipher is a pseudorandom function. Such proofs are complex and error-prone, however, and must be done from scratch whenever a new mode of operation is developed. We propose an automated approach for the security analysis of block-cipher modes of operation based on a "local" analysis of the steps carried out by the mode when handling a single message block. We model these steps as a directed, acyclic graph, with nodes corresponding to instructions and edges corresponding to intermediate values. We then introduce a set of labels and constraints on the edges, and prove a meta-theorem showing that any mode for which there exists a labeling of the edges satisfying these constraints is secure (against chosen-plaintext attacks). This allows us to reduce security of a given mode to a constraint-satisfaction problem, which in turn can be handled using an SMT solver. We couple our security-analysis tool with a routine that automatically generates viable modes, together, these allow us to synthesize hundreds of secure modes.
像AES这样的块密码是确定的、键控的函数,它在小的、固定大小的块上操作。块密码操作模式定义了使用任何底层块密码对任意长度的消息进行概率加密的机制。基于底层分组密码是伪随机函数的假设,可以证明一种操作模式是安全的(例如,针对选择明文攻击)。然而,这样的证明既复杂又容易出错,每当开发出一种新的操作模式时,都必须从头开始。我们提出了一种基于处理单个消息块时对该模式执行的步骤进行“本地”分析的块密码操作模式安全分析的自动化方法。我们将这些步骤建模为一个有向的无环图,其中节点对应于指令,边对应于中间值。然后,我们在边上引入了一组标签和约束,并证明了一个元定理,表明存在满足这些约束的边的标记的任何模式都是安全的(反对选择明文攻击)。这允许我们将给定模式的安全性降低为约束满足问题,而这个问题又可以使用SMT求解器来处理。我们将我们的安全分析工具与自动生成可行模式的程序相结合,使我们能够合成数百种安全模式。
{"title":"Automated Analysis and Synthesis of Block-Cipher Modes of Operation","authors":"A. Malozemoff, Jonathan Katz, M. Green","doi":"10.1109/CSF.2014.18","DOIUrl":"https://doi.org/10.1109/CSF.2014.18","url":null,"abstract":"Block ciphers such as AES are deterministic, keyed functions that operate on small, fixed-size blocks. Block-cipher modes of operation define a mechanism for probabilistic encryption of arbitrary length messages using any underlying block cipher. A mode of operation can be proven secure (say, against chosen-plaintext attacks) based on the assumption that the underlying block cipher is a pseudorandom function. Such proofs are complex and error-prone, however, and must be done from scratch whenever a new mode of operation is developed. We propose an automated approach for the security analysis of block-cipher modes of operation based on a \"local\" analysis of the steps carried out by the mode when handling a single message block. We model these steps as a directed, acyclic graph, with nodes corresponding to instructions and edges corresponding to intermediate values. We then introduce a set of labels and constraints on the edges, and prove a meta-theorem showing that any mode for which there exists a labeling of the edges satisfying these constraints is secure (against chosen-plaintext attacks). This allows us to reduce security of a given mode to a constraint-satisfaction problem, which in turn can be handled using an SMT solver. We couple our security-analysis tool with a routine that automatically generates viable modes, together, these allow us to synthesize hundreds of secure modes.","PeriodicalId":285965,"journal":{"name":"2014 IEEE 27th Computer Security Foundations Symposium","volume":"261 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-07-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122899408","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 33
Noninterference under Weak Memory Models 弱内存模型下的非干扰
Pub Date : 2014-07-19 DOI: 10.1109/CSF.2014.14
H. Mantel, Matthias Perner, Jens Sauer
Research on information flow security for concurrent programs usually assumes sequential consistency although modern multi-core processors often support weaker consistency guarantees. In this article, we clarify the impact that relaxations of sequential consistency have on information flow security. We consider four memory models and prove for each of them that information flow security under this model does not imply information flow security in any of the other models. This result suggests that research on security needs to pay more attention to the consistency guarantees provided by contemporary hardware. The other main technical contribution of this article is a program transformation that soundly enforces information flow security under different memory models. This program transformation is significantly less restrictive than a transformation that first establishes sequential consistency and then applies a traditional information flow analysis for concurrent programs.
尽管现代多核处理器通常支持较弱的一致性保证,但对并发程序信息流安全性的研究通常采用顺序一致性。在本文中,我们阐明了顺序一致性松弛对信息流安全性的影响。我们考虑了四种内存模型,并证明了每种模型下的信息流安全并不意味着任何其他模型下的信息流安全。这一结果表明,安全研究需要更多地关注当代硬件提供的一致性保证。本文的另一个主要技术贡献是一个程序转换,它可以在不同的内存模型下有效地执行信息流安全性。与首先建立顺序一致性,然后对并发程序应用传统信息流分析的转换相比,这种程序转换的限制要少得多。
{"title":"Noninterference under Weak Memory Models","authors":"H. Mantel, Matthias Perner, Jens Sauer","doi":"10.1109/CSF.2014.14","DOIUrl":"https://doi.org/10.1109/CSF.2014.14","url":null,"abstract":"Research on information flow security for concurrent programs usually assumes sequential consistency although modern multi-core processors often support weaker consistency guarantees. In this article, we clarify the impact that relaxations of sequential consistency have on information flow security. We consider four memory models and prove for each of them that information flow security under this model does not imply information flow security in any of the other models. This result suggests that research on security needs to pay more attention to the consistency guarantees provided by contemporary hardware. The other main technical contribution of this article is a program transformation that soundly enforces information flow security under different memory models. This program transformation is significantly less restrictive than a transformation that first establishes sequential consistency and then applies a traditional information flow analysis for concurrent programs.","PeriodicalId":285965,"journal":{"name":"2014 IEEE 27th Computer Security Foundations Symposium","volume":"56 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-07-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114803164","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
Automated Generation of Attack Trees 自动生成攻击树
Pub Date : 2014-07-19 DOI: 10.1109/CSF.2014.31
R. Vigo, F. Nielson, H. R. Nielson
Attack trees are widely used to represent threat scenarios in a succinct and intuitive manner, suitable for conveying security information to non-experts. The manual construction of such objects relies on the creativity and experience of specialists, and therefore it is error-prone and impracticable for large systems. Nonetheless, the automated generation of attack trees has only been explored in connection to computer networks and levering rich models, whose analysis typically leads to an exponential blow-up of the state space. We propose a static analysis approach where attack trees are automatically inferred from a process algebraic specification in a syntax-directed fashion, encompassing a great many application domains and avoiding incurring systematically an exponential explosion. Moreover, we show how the standard propositional denotation of an attack tree can be used to phrase interesting quantitative problems, that can be solved through an encoding into Satisfiability Modulo Theories. The flexibility and effectiveness of the approach is demonstrated on the study of a national-scale authentication system, whose attack tree is computed thanks to a Java implementation of the framework.
攻击树被广泛使用,以简洁直观的方式表示威胁场景,适合向非专家传达安全信息。这些对象的手工构建依赖于专家的创造力和经验,因此对于大型系统来说容易出错且不切实际。尽管如此,攻击树的自动生成只在与计算机网络和利用丰富模型的连接中进行了探索,这些模型的分析通常会导致状态空间的指数级爆炸。我们提出了一种静态分析方法,其中攻击树以语法导向的方式从过程代数规范中自动推断出来,涵盖了许多应用领域,避免了系统的指数爆炸。此外,我们还展示了如何使用攻击树的标准命题表示来表达有趣的定量问题,这些问题可以通过编码到可满足模理论中来解决。通过对一个国家规模的认证系统的研究,证明了该方法的灵活性和有效性,并通过Java实现了该框架的攻击树计算。
{"title":"Automated Generation of Attack Trees","authors":"R. Vigo, F. Nielson, H. R. Nielson","doi":"10.1109/CSF.2014.31","DOIUrl":"https://doi.org/10.1109/CSF.2014.31","url":null,"abstract":"Attack trees are widely used to represent threat scenarios in a succinct and intuitive manner, suitable for conveying security information to non-experts. The manual construction of such objects relies on the creativity and experience of specialists, and therefore it is error-prone and impracticable for large systems. Nonetheless, the automated generation of attack trees has only been explored in connection to computer networks and levering rich models, whose analysis typically leads to an exponential blow-up of the state space. We propose a static analysis approach where attack trees are automatically inferred from a process algebraic specification in a syntax-directed fashion, encompassing a great many application domains and avoiding incurring systematically an exponential explosion. Moreover, we show how the standard propositional denotation of an attack tree can be used to phrase interesting quantitative problems, that can be solved through an encoding into Satisfiability Modulo Theories. The flexibility and effectiveness of the approach is demonstrated on the study of a national-scale authentication system, whose attack tree is computed thanks to a Java implementation of the framework.","PeriodicalId":285965,"journal":{"name":"2014 IEEE 27th Computer Security Foundations Symposium","volume":"31 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-07-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114346094","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 76
期刊
2014 IEEE 27th Computer Security Foundations Symposium
全部 Acc. Chem. Res. ACS Applied Bio Materials ACS Appl. Electron. Mater. ACS Appl. Energy Mater. ACS Appl. Mater. Interfaces ACS Appl. Nano Mater. ACS Appl. Polym. Mater. ACS BIOMATER-SCI ENG ACS Catal. ACS Cent. Sci. ACS Chem. Biol. ACS Chemical Health & Safety ACS Chem. Neurosci. ACS Comb. Sci. ACS Earth Space Chem. ACS Energy Lett. ACS Infect. Dis. ACS Macro Lett. ACS Mater. Lett. ACS Med. Chem. Lett. ACS Nano ACS Omega ACS Photonics ACS Sens. ACS Sustainable Chem. Eng. ACS Synth. Biol. Anal. Chem. BIOCHEMISTRY-US Bioconjugate Chem. BIOMACROMOLECULES Chem. Res. Toxicol. Chem. Rev. Chem. Mater. CRYST GROWTH DES ENERG FUEL Environ. Sci. Technol. Environ. Sci. Technol. Lett. Eur. J. Inorg. Chem. IND ENG CHEM RES Inorg. Chem. J. Agric. Food. Chem. J. Chem. Eng. Data J. Chem. Educ. J. Chem. Inf. Model. J. Chem. Theory Comput. J. Med. Chem. J. Nat. Prod. J PROTEOME RES J. Am. Chem. Soc. LANGMUIR MACROMOLECULES Mol. Pharmaceutics Nano Lett. Org. Lett. ORG PROCESS RES DEV ORGANOMETALLICS J. Org. Chem. J. Phys. Chem. J. Phys. Chem. A J. Phys. Chem. B J. Phys. Chem. C J. Phys. Chem. Lett. Analyst Anal. Methods Biomater. Sci. Catal. Sci. Technol. Chem. Commun. Chem. Soc. Rev. CHEM EDUC RES PRACT CRYSTENGCOMM Dalton Trans. Energy Environ. Sci. ENVIRON SCI-NANO ENVIRON SCI-PROC IMP ENVIRON SCI-WAT RES Faraday Discuss. Food Funct. Green Chem. Inorg. Chem. Front. Integr. Biol. J. Anal. At. Spectrom. J. Mater. Chem. A J. Mater. Chem. B J. Mater. Chem. C Lab Chip Mater. Chem. Front. Mater. Horiz. MEDCHEMCOMM Metallomics Mol. Biosyst. Mol. Syst. Des. Eng. Nanoscale Nanoscale Horiz. Nat. Prod. Rep. New J. Chem. Org. Biomol. Chem. Org. Chem. Front. PHOTOCH PHOTOBIO SCI PCCP Polym. Chem.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1