首页 > 最新文献

2014 IEEE 27th Computer Security Foundations Symposium最新文献

英文 中文
Declarative Policies for Capability Control 用于能力控制的声明性策略
Pub Date : 2014-07-19 DOI: 10.1109/CSF.2014.9
Christos Dimoulas, Scott Moore, Aslan Askarov, Stephen Chong
In capability-safe languages, components can access a resource only if they possess a capability for that resource. As a result, a programmer can prevent an untrusted component from accessing a sensitive resource by ensuring that the component never acquires the corresponding capability. In order to reason about which components may use a sensitive resource it is necessary to reason about how capabilities propagate through a system. This may be difficult, or, in the case of dynamically composed code, impossible to do before running the system. To counter this situation, we propose extensions to capability-safe languages that restrict the use of capabilities according to declarative policies. We introduce two independently useful semantic security policies to regulate capabilities and describe language-based mechanisms that enforce them. Access control policies restrict which components may use a capability and are enforced using higher-order contracts. Integrity policies restrict which components may influence (directly or indirectly) the use of a capability and are enforced using an information-flow type system. Finally, we describe how programmers can dynamically and soundly combine components that enforce access control or integrity policies with components that enforce different policies or even no policy at all.
在功能安全的语言中,组件只有在拥有该资源的功能时才能访问该资源。因此,程序员可以通过确保组件永远不会获得相应的功能来防止不受信任的组件访问敏感资源。为了推断哪些组件可能使用敏感资源,有必要推断功能如何在系统中传播。这可能很困难,或者在动态组合代码的情况下,在运行系统之前不可能这样做。为了应对这种情况,我们建议对功能安全语言进行扩展,这些语言根据声明性策略限制功能的使用。我们引入两个独立的有用的语义安全策略来规范功能,并描述基于语言的执行机制。访问控制策略限制哪些组件可以使用某个功能,并使用高阶契约强制执行。完整性策略限制哪些组件可能(直接或间接)影响功能的使用,并使用信息流类型系统强制执行。最后,我们描述了程序员如何动态地、合理地将执行访问控制或完整性策略的组件与执行不同策略甚至根本不执行策略的组件组合在一起。
{"title":"Declarative Policies for Capability Control","authors":"Christos Dimoulas, Scott Moore, Aslan Askarov, Stephen Chong","doi":"10.1109/CSF.2014.9","DOIUrl":"https://doi.org/10.1109/CSF.2014.9","url":null,"abstract":"In capability-safe languages, components can access a resource only if they possess a capability for that resource. As a result, a programmer can prevent an untrusted component from accessing a sensitive resource by ensuring that the component never acquires the corresponding capability. In order to reason about which components may use a sensitive resource it is necessary to reason about how capabilities propagate through a system. This may be difficult, or, in the case of dynamically composed code, impossible to do before running the system. To counter this situation, we propose extensions to capability-safe languages that restrict the use of capabilities according to declarative policies. We introduce two independently useful semantic security policies to regulate capabilities and describe language-based mechanisms that enforce them. Access control policies restrict which components may use a capability and are enforced using higher-order contracts. Integrity policies restrict which components may influence (directly or indirectly) the use of a capability and are enforced using an information-flow type system. Finally, we describe how programmers can dynamically and soundly combine components that enforce access control or integrity policies with components that enforce different policies or even no policy at all.","PeriodicalId":285965,"journal":{"name":"2014 IEEE 27th Computer Security Foundations Symposium","volume":"27 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-07-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134104386","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 30
Actor Key Compromise: Consequences and Countermeasures 行动者关键妥协:后果和对策
Pub Date : 2014-07-19 DOI: 10.1109/CSF.2014.25
D. Basin, C. Cremers, Marko Horvat
Despite Alice's best efforts, her long-term secret keys may be revealed to an adversary. Possible reasons include weakly generated keys, compromised key storage, subpoena, and coercion. However, Alice may still be able to communicate securely with other parties, depending on the protocol used. We call the associated property resilience against Actor Key Compromise (AKC). We formalise this property in a symbolic model and identify conditions under which it can and cannot be achieved. In case studies that include TLS and SSH, we find that many protocols are not resilient against AKC. We implement a concrete AKC attack on the mutually authenticated TLS protocol.
尽管爱丽丝尽了最大的努力,但她的长期密钥可能会泄露给对手。可能的原因包括弱生成的密钥、损坏的密钥存储、传票和强制。但是,根据所使用的协议,Alice仍然可以安全地与其他方进行通信。我们将相关属性称为针对参与者密钥泄露(AKC)的弹性。我们在一个符号模型中形式化了这个属性,并确定了它可以实现和不能实现的条件。在包括TLS和SSH在内的案例研究中,我们发现许多协议对AKC没有弹性。我们对相互认证的TLS协议实现了一个具体的AKC攻击。
{"title":"Actor Key Compromise: Consequences and Countermeasures","authors":"D. Basin, C. Cremers, Marko Horvat","doi":"10.1109/CSF.2014.25","DOIUrl":"https://doi.org/10.1109/CSF.2014.25","url":null,"abstract":"Despite Alice's best efforts, her long-term secret keys may be revealed to an adversary. Possible reasons include weakly generated keys, compromised key storage, subpoena, and coercion. However, Alice may still be able to communicate securely with other parties, depending on the protocol used. We call the associated property resilience against Actor Key Compromise (AKC). We formalise this property in a symbolic model and identify conditions under which it can and cannot be achieved. In case studies that include TLS and SSH, we find that many protocols are not resilient against AKC. We implement a concrete AKC attack on the mutually authenticated TLS protocol.","PeriodicalId":285965,"journal":{"name":"2014 IEEE 27th Computer Security Foundations Symposium","volume":"133 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-07-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127297690","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 12
Stateful Declassification Policies for Event-Driven Programs 事件驱动程序的有状态解密策略
Pub Date : 2014-07-19 DOI: 10.1109/CSF.2014.28
M. Vanhoef, Willem De Groef, Dominique Devriese, F. Piessens, Tamara Rezk
We propose a novel mechanism for enforcing information flow policies with support for declassification on event-driven programs. Declassification policies consist of two functions. First, a projection function specifies for each confidential event what information in the event can be declassified directly. This generalizes the traditional security labelling of inputs. Second, a stateful release function specifies the aggregate information about all confidential events seen so far that can be declassified. We provide evidence that such declassification policies are useful in the context of Java Script web applications. An enforcement mechanism for our policies is presented and its soundness and precision is proven. Finally, we give evidence of practicality by implementing and evaluating the mechanism in a browser.
我们提出了一种新的机制来执行信息流策略,支持事件驱动程序的解密。解密策略包括两个功能。首先,投影函数为每个机密事件指定事件中的哪些信息可以直接解密。这概括了输入的传统安全标签。其次,有状态发布函数指定迄今为止可以解密的所有机密事件的汇总信息。我们提供的证据表明,这种解密策略在Java Script web应用程序的上下文中是有用的。提出了我国政策的执行机制,并证明了其合理性和精确性。最后,我们通过在浏览器中实现和评估该机制来证明其实用性。
{"title":"Stateful Declassification Policies for Event-Driven Programs","authors":"M. Vanhoef, Willem De Groef, Dominique Devriese, F. Piessens, Tamara Rezk","doi":"10.1109/CSF.2014.28","DOIUrl":"https://doi.org/10.1109/CSF.2014.28","url":null,"abstract":"We propose a novel mechanism for enforcing information flow policies with support for declassification on event-driven programs. Declassification policies consist of two functions. First, a projection function specifies for each confidential event what information in the event can be declassified directly. This generalizes the traditional security labelling of inputs. Second, a stateful release function specifies the aggregate information about all confidential events seen so far that can be declassified. We provide evidence that such declassification policies are useful in the context of Java Script web applications. An enforcement mechanism for our policies is presented and its soundness and precision is proven. Finally, we give evidence of practicality by implementing and evaluating the mechanism in a browser.","PeriodicalId":285965,"journal":{"name":"2014 IEEE 27th Computer Security Foundations Symposium","volume":"72 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-07-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132488635","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 41
Information Flow Monitoring as Abstract Interpretation for Relational Logic 作为关系逻辑抽象解释的信息流监控
Pub Date : 2014-07-19 DOI: 10.1109/CSF.2014.12
A. Chudnov, George Kuan, D. Naumann
A number of systems have been developed for dynamic information flow control (IFC). In such systems, the security policy is expressed by labeling input and output channels, it is enforced by tracking and checking labels on data. Systems have been proven to enforce some form of noninterference (NI), formalized as a property of two runs of the program. In practice, NI is too strong and it is desirable to enforce some relaxation of NI that allows downgrading under constraints that have been classified as 'what', 'where', 'who', or 'when' policies. To encompass a broad range of policies, relational logic has been proposed as a means to specify and statically enforce policy. This paper shows how relational logic policies can be dynamically checked. To do so, we provide a new account of monitoring, in which the monitor state is viewed as an abstract interpretation of sets of pairs of program runs.
为动态信息流控制(IFC)开发了许多系统。在这样的系统中,安全策略通过标记输入和输出通道来表示,通过跟踪和检查数据上的标签来执行。系统已被证明可以强制执行某种形式的不干扰(NI),形式化为两次运行程序的属性。在实践中,NI过于强大,需要对NI进行一些放松,允许在分类为“什么”、“在哪里”、“谁”或“何时”政策的约束下降级。为了包含广泛的策略,关系逻辑被提议作为一种指定和静态执行策略的方法。本文展示了如何动态检查关系逻辑策略。为此,我们提供了一种新的监控描述,在这种描述中,监控状态被视为一组程序运行对的抽象解释。
{"title":"Information Flow Monitoring as Abstract Interpretation for Relational Logic","authors":"A. Chudnov, George Kuan, D. Naumann","doi":"10.1109/CSF.2014.12","DOIUrl":"https://doi.org/10.1109/CSF.2014.12","url":null,"abstract":"A number of systems have been developed for dynamic information flow control (IFC). In such systems, the security policy is expressed by labeling input and output channels, it is enforced by tracking and checking labels on data. Systems have been proven to enforce some form of noninterference (NI), formalized as a property of two runs of the program. In practice, NI is too strong and it is desirable to enforce some relaxation of NI that allows downgrading under constraints that have been classified as 'what', 'where', 'who', or 'when' policies. To encompass a broad range of policies, relational logic has been proposed as a means to specify and statically enforce policy. This paper shows how relational logic policies can be dynamically checked. To do so, we provide a new account of monitoring, in which the monitor state is viewed as an abstract interpretation of sets of pairs of program runs.","PeriodicalId":285965,"journal":{"name":"2014 IEEE 27th Computer Security Foundations Symposium","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-07-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130902822","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 23
Modeling Diffie-Hellman Derivability for Automated Analysis 自动分析的Diffie-Hellman可导性建模
Pub Date : 2014-07-19 DOI: 10.1109/CSF.2014.24
Moses D. Liskov, F. Thayer
Automated analysis of protocols involving Diffie-Hellman key exchange is challenging, in part because of the undecidability of the unification problem in relevant theories. In this paper, we justify the use of a more restricted theory that includes multiplication of exponents but not addition, providing unitary and efficient unification. To justify this theory, we compare it to a computational model of non-uniform circuit complexity through several incremental steps. First, we give a model closely analogous to the computational model, in which derivability is modeled by closure under simple algebraic transformations. This model retains many of the complex features of the computational model, including defining success based on asymptotic probability for a non-uniform family of strategies. We describe an intermediate model based on formal polynomial manipulations, in which success is exact and there is no longer a parametrized notion of the strategy. Despite the many differences in form, we are able to prove an equivalence between the asymptotic and intermediate models by showing that a sufficiently successful asymptotic strategy implies the existence of a perfect strategy. Finally, we describe a symbolic model in which addition of exponents is not modeled, and prove that (for expressible problems), the symbolic model is equivalent to the intermediate model.
对涉及Diffie-Hellman密钥交换的协议进行自动分析是具有挑战性的,部分原因是相关理论中统一问题的不可判定性。在本文中,我们证明了使用一个更有限的理论,包括指数的乘法而不是加法,提供了统一和有效的统一。为了证明这一理论,我们通过几个增量步骤将其与非均匀电路复杂性的计算模型进行比较。首先,我们给出了一个非常类似于计算模型的模型,其中可导性在简单代数变换下用闭包来建模。该模型保留了计算模型的许多复杂特征,包括基于非均匀策略族的渐近概率来定义成功。我们描述了一个基于形式多项式操作的中间模型,其中成功是精确的,不再有策略的参数化概念。尽管在形式上有许多不同,我们能够证明渐近模型和中间模型之间的等价性,通过表明一个足够成功的渐近策略意味着一个完美策略的存在。最后,我们描述了一个不考虑指数相加的符号模型,并证明了(对于可表达问题)符号模型等价于中间模型。
{"title":"Modeling Diffie-Hellman Derivability for Automated Analysis","authors":"Moses D. Liskov, F. Thayer","doi":"10.1109/CSF.2014.24","DOIUrl":"https://doi.org/10.1109/CSF.2014.24","url":null,"abstract":"Automated analysis of protocols involving Diffie-Hellman key exchange is challenging, in part because of the undecidability of the unification problem in relevant theories. In this paper, we justify the use of a more restricted theory that includes multiplication of exponents but not addition, providing unitary and efficient unification. To justify this theory, we compare it to a computational model of non-uniform circuit complexity through several incremental steps. First, we give a model closely analogous to the computational model, in which derivability is modeled by closure under simple algebraic transformations. This model retains many of the complex features of the computational model, including defining success based on asymptotic probability for a non-uniform family of strategies. We describe an intermediate model based on formal polynomial manipulations, in which success is exact and there is no longer a parametrized notion of the strategy. Despite the many differences in form, we are able to prove an equivalence between the asymptotic and intermediate models by showing that a sufficiently successful asymptotic strategy implies the existence of a perfect strategy. Finally, we describe a symbolic model in which addition of exponents is not modeled, and prove that (for expressible problems), the symbolic model is equivalent to the intermediate model.","PeriodicalId":285965,"journal":{"name":"2014 IEEE 27th Computer Security Foundations Symposium","volume":"27 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-07-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123898689","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
TUC: Time-Sensitive and Modular Analysis of Anonymous Communication 匿名通信的时间敏感和模块化分析
Pub Date : 2014-07-19 DOI: 10.1109/CSF.2014.34
M. Backes, Praveen Manoharan, Esfandiar Mohammadi
The anonymous communication protocol Tor constitutes the most widely deployed technology for providing anonymity for user communication over the Internet. Several frameworks have been proposed that show strong anonymity guarantees, none of these, however, are capable of modeling the class of traffic-related timing attacks against Tor, such as traffic correlation and website fingerprinting. In this work, we present TUC: the first framework that allows for establishing strong anonymity guarantees in the presence of time-sensitive adversaries that mount traffic-related timing attacks. TUC incorporates a comprehensive notion of time in an asynchronous communication model with sequential activation, while offering strong compositionality properties for security proofs. We apply TUC to evaluate a novel countermeasure for Tor against website fingerprinting attacks. Our analysis relies on a formalization of the onion routing protocol that underlies Tor and proves rigorous anonymity guarantees in the presence of traffic-related timing attacks.
匿名通信协议Tor构成了在互联网上为用户通信提供匿名性的最广泛部署的技术。已经提出了几个框架,显示出强大的匿名性保证,然而,这些框架都不能对针对Tor的流量相关定时攻击进行建模,例如流量关联和网站指纹。在这项工作中,我们提出了TUC:第一个框架,它允许在时间敏感的对手存在时建立强大的匿名保证,这些对手会发起与流量相关的定时攻击。TUC在具有顺序激活的异步通信模型中集成了全面的时间概念,同时为安全性证明提供了强大的组合性属性。我们应用TUC来评估Tor对抗网站指纹攻击的新对策。我们的分析依赖于洋葱路由协议的形式化,洋葱路由协议是Tor的基础,并证明了在与流量相关的定时攻击存在时严格的匿名保证。
{"title":"TUC: Time-Sensitive and Modular Analysis of Anonymous Communication","authors":"M. Backes, Praveen Manoharan, Esfandiar Mohammadi","doi":"10.1109/CSF.2014.34","DOIUrl":"https://doi.org/10.1109/CSF.2014.34","url":null,"abstract":"The anonymous communication protocol Tor constitutes the most widely deployed technology for providing anonymity for user communication over the Internet. Several frameworks have been proposed that show strong anonymity guarantees, none of these, however, are capable of modeling the class of traffic-related timing attacks against Tor, such as traffic correlation and website fingerprinting. In this work, we present TUC: the first framework that allows for establishing strong anonymity guarantees in the presence of time-sensitive adversaries that mount traffic-related timing attacks. TUC incorporates a comprehensive notion of time in an asynchronous communication model with sequential activation, while offering strong compositionality properties for security proofs. We apply TUC to evaluate a novel countermeasure for Tor against website fingerprinting attacks. Our analysis relies on a formalization of the onion routing protocol that underlies Tor and proves rigorous anonymity guarantees in the presence of traffic-related timing attacks.","PeriodicalId":285965,"journal":{"name":"2014 IEEE 27th Computer Security Foundations Symposium","volume":"142 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-07-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115393114","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 15
Malleable Signatures: New Definitions and Delegatable Anonymous Credentials 可延展签名:新定义和可委派匿名凭证
Pub Date : 2014-07-19 DOI: 10.1109/CSF.2014.22
Melissa Chase, Markulf Kohlweiss, Anna Lysyanskaya, S. Meiklejohn
A signature scheme is malleable if, on input a message and a signature, it is possible to efficiently compute a signature on a related message, for a transformation that is allowed with respect to this signature scheme. In this paper, we first provide new definitions for malleable signatures that allow us to capture a broader range of transformations than was previously possible. We then give a generic construction based on malleable zero-knowledge proofs that allows us to construct malleable signatures for a wide range of transformation classes, with security properties that are stronger than those that have been achieved previously. Finally, we construct delegatable anonymous credentials from signatures that are malleable with respect to an appropriate class of transformations (that we show our malleable signature supports). The resulting instantiation satisfies a stronger security notion than previous schemes while also scaling linearly with the number of delegations.
如果在输入消息和签名时,可以有效地计算相关消息上的签名,则签名方案是可延展性的,因为该签名方案允许进行转换。在本文中,我们首先为可塑签名提供了新的定义,使我们能够捕获比以前更广泛的转换。然后,我们给出了一个基于可塑零知识证明的通用构造,它允许我们为广泛的转换类构造可塑签名,具有比以前实现的更强的安全属性。最后,我们从签名中构造可委托的匿名凭证,这些签名相对于适当的转换类具有延展性(我们展示了我们的延展性签名支持)。结果实例化满足比以前的方案更强的安全概念,同时还随委托数量线性扩展。
{"title":"Malleable Signatures: New Definitions and Delegatable Anonymous Credentials","authors":"Melissa Chase, Markulf Kohlweiss, Anna Lysyanskaya, S. Meiklejohn","doi":"10.1109/CSF.2014.22","DOIUrl":"https://doi.org/10.1109/CSF.2014.22","url":null,"abstract":"A signature scheme is malleable if, on input a message and a signature, it is possible to efficiently compute a signature on a related message, for a transformation that is allowed with respect to this signature scheme. In this paper, we first provide new definitions for malleable signatures that allow us to capture a broader range of transformations than was previously possible. We then give a generic construction based on malleable zero-knowledge proofs that allows us to construct malleable signatures for a wide range of transformation classes, with security properties that are stronger than those that have been achieved previously. Finally, we construct delegatable anonymous credentials from signatures that are malleable with respect to an appropriate class of transformations (that we show our malleable signature supports). The resulting instantiation satisfies a stronger security notion than previous schemes while also scaling linearly with the number of delegations.","PeriodicalId":285965,"journal":{"name":"2014 IEEE 27th Computer Security Foundations Symposium","volume":"3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-07-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130545642","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 47
Who's Afraid of Which Bad Wolf? A Survey of IT Security Risk Awareness 谁害怕哪只坏狼?IT安全风险意识调查
Pub Date : 2014-07-19 DOI: 10.1109/CSF.2014.15
M. Harbach, S. Fahl, Matthew Smith
The perception of risk has been established as an important part of the study of human aspects of security research. Similarly, risk awareness is often considered a central precursor for the adoption of security mechanisms and how people use them and interact with them. However, the state of risk awareness in users during their everyday use of the modern Internet has not been studied in detail. While it is well known that users have a limited "budget" for security behavior and that trying to coerce them into considering additional risks does not work well, it remains unclear which risks are on users' minds and therefore already accounted for in terms of their budget. Hence, assessing which risks and which consequences users currently perceive when using information technology is an important and currently overlooked foundation to shape usability aspects of IT security mechanisms. In this paper, we present a survey of risk and consequence awareness in users, analyze how this may influence the current lack of adoption for improved security measures, and make recommendations how this situation can be alleviated.
风险感知已被确立为安全研究中人的方面研究的重要组成部分。类似地,风险意识通常被认为是采用安全机制以及人们如何使用它们并与它们交互的核心前兆。然而,用户在日常使用现代互联网过程中的风险意识状况却没有得到详细的研究。众所周知,用户对安全行为的“预算”是有限的,试图强迫他们考虑额外的风险并不能很好地发挥作用,但仍然不清楚哪些风险是用户所考虑的,因此已经在他们的预算中考虑到了。因此,在使用信息技术时,评估用户当前感知到的风险和后果是塑造IT安全机制可用性方面的一个重要但目前被忽视的基础。在本文中,我们对用户的风险和后果意识进行了调查,分析了这可能如何影响目前缺乏采用改进的安全措施,并提出了如何缓解这种情况的建议。
{"title":"Who's Afraid of Which Bad Wolf? A Survey of IT Security Risk Awareness","authors":"M. Harbach, S. Fahl, Matthew Smith","doi":"10.1109/CSF.2014.15","DOIUrl":"https://doi.org/10.1109/CSF.2014.15","url":null,"abstract":"The perception of risk has been established as an important part of the study of human aspects of security research. Similarly, risk awareness is often considered a central precursor for the adoption of security mechanisms and how people use them and interact with them. However, the state of risk awareness in users during their everyday use of the modern Internet has not been studied in detail. While it is well known that users have a limited \"budget\" for security behavior and that trying to coerce them into considering additional risks does not work well, it remains unclear which risks are on users' minds and therefore already accounted for in terms of their budget. Hence, assessing which risks and which consequences users currently perceive when using information technology is an important and currently overlooked foundation to shape usability aspects of IT security mechanisms. In this paper, we present a survey of risk and consequence awareness in users, analyze how this may influence the current lack of adoption for improved security measures, and make recommendations how this situation can be alleviated.","PeriodicalId":285965,"journal":{"name":"2014 IEEE 27th Computer Security Foundations Symposium","volume":"23 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-07-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133585279","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 32
Certified Synthesis of Efficient Batch Verifiers 高效批验证器的认证合成
Pub Date : 2014-07-19 DOI: 10.1109/CSF.2014.19
Joseph A. Akinyele, G. Barthe, B. Grégoire, Benedikt Schmidt, Pierre-Yves Strub
Many algorithms admit very efficient batch versions that compute simultaneously the output of the algorithms on a set of inputs. Batch algorithms are widely used in cryptography, especially in the setting of pairing-based computations, where they deliver significant speed-ups. AutoBatch is an automated tool that computes highly optimized batch verification algorithms for pairing-based signature schemes. Thanks to finely tuned heuristics, AutoBatch is able to rediscover efficient batch verifiers for several signature schemes of interest, and in some cases to output batch verifiers that outperform the best known verifiers from the literature. However, AutoBatch only provides weak guarantees (in the form of a LaTeX proof) of the correctness of the batch algorithms it outputs. In this paper, we verify the correctness and security of these algorithms using the EasyCrypt framework. To achieve this goal, we define a domain-specific language to describe verification algorithms based on pairings and provide an efficient algorithm for checking (approximate) observational equivalence between expressions of this language. By translating the output of AutoBatch to this language and applying our verification procedure, we obtain machine-checked correctness proofs of the batch verifiers. Moreover, we formalize notions of security for batch verifiers and we provide a generic proof in EasyCrypt that batch verifiers satisfy a security property called screening, provided they are correct and the original signature is unforgeable against chosen-message attacks. We apply our techniques to several well-known pairing-based signature schemes from the literature, and to Groth-Sahai zero-knowledge proofs.
许多算法都有非常高效的批处理版本,可以在一组输入上同时计算算法的输出。批处理算法在密码学中被广泛使用,特别是在基于配对的计算中,它们提供了显著的加速。AutoBatch是一个自动化工具,它为基于配对的签名方案计算高度优化的批验证算法。得益于精细调优的启发式算法,AutoBatch能够为几个感兴趣的签名方案重新发现有效的批处理验证器,并且在某些情况下,输出的批处理验证器的性能优于文献中最知名的验证器。然而,AutoBatch只提供了它输出的批处理算法正确性的弱保证(以LaTeX证明的形式)。在本文中,我们使用EasyCrypt框架验证了这些算法的正确性和安全性。为了实现这一目标,我们定义了一种特定于领域的语言来描述基于配对的验证算法,并提供了一种有效的算法来检查该语言表达式之间的(近似)观察等效性。通过将AutoBatch的输出翻译成这种语言并应用我们的验证过程,我们获得了批验证器的机器检查正确性证明。此外,我们形式化了批验证器的安全概念,并在EasyCrypt中提供了一个通用证明,即批验证器满足称为筛选的安全属性,前提是它们是正确的,并且原始签名对选择消息攻击是不可伪造的。我们将我们的技术应用于文献中几个著名的基于配对的签名方案,以及Groth-Sahai零知识证明。
{"title":"Certified Synthesis of Efficient Batch Verifiers","authors":"Joseph A. Akinyele, G. Barthe, B. Grégoire, Benedikt Schmidt, Pierre-Yves Strub","doi":"10.1109/CSF.2014.19","DOIUrl":"https://doi.org/10.1109/CSF.2014.19","url":null,"abstract":"Many algorithms admit very efficient batch versions that compute simultaneously the output of the algorithms on a set of inputs. Batch algorithms are widely used in cryptography, especially in the setting of pairing-based computations, where they deliver significant speed-ups. AutoBatch is an automated tool that computes highly optimized batch verification algorithms for pairing-based signature schemes. Thanks to finely tuned heuristics, AutoBatch is able to rediscover efficient batch verifiers for several signature schemes of interest, and in some cases to output batch verifiers that outperform the best known verifiers from the literature. However, AutoBatch only provides weak guarantees (in the form of a LaTeX proof) of the correctness of the batch algorithms it outputs. In this paper, we verify the correctness and security of these algorithms using the EasyCrypt framework. To achieve this goal, we define a domain-specific language to describe verification algorithms based on pairings and provide an efficient algorithm for checking (approximate) observational equivalence between expressions of this language. By translating the output of AutoBatch to this language and applying our verification procedure, we obtain machine-checked correctness proofs of the batch verifiers. Moreover, we formalize notions of security for batch verifiers and we provide a generic proof in EasyCrypt that batch verifiers satisfy a security property called screening, provided they are correct and the original signature is unforgeable against chosen-message attacks. We apply our techniques to several well-known pairing-based signature schemes from the literature, and to Groth-Sahai zero-knowledge proofs.","PeriodicalId":285965,"journal":{"name":"2014 IEEE 27th Computer Security Foundations Symposium","volume":"54 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-07-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124346835","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 10
From Input Private to Universally Composable Secure Multi-party Computation Primitives 从输入私有到普遍可组合的安全多方计算原语
Pub Date : 2014-07-19 DOI: 10.1109/CSF.2014.21
D. Bogdanov, Peeter Laud, S. Laur, Pille Pullonen
Secure multi-party computation systems are commonly built from a small set of primitive components. The compos ability of security notions has a central role in the analysis of such systems, as it allows us to deduce security properties of complex protocols from the properties of its components. We show that the standard notions of universally compos able security are overly restrictive in this context and can lead to protocols with sub-optimal performance. As a remedy, we introduce a weaker notion of privacy that is satisfied by simpler protocols and is preserved by composition. After that we fix a passive security model and show how to convert a private protocol into a universally compos able protocol. As a result, we obtain modular security proofs without performance penalties.
安全的多方计算系统通常由一小组基本组件构建而成。安全概念的组合能力在此类系统的分析中具有核心作用,因为它允许我们从其组件的属性推断复杂协议的安全属性。我们表明,普遍可组合安全性的标准概念在这种情况下过于严格,并且可能导致具有次优性能的协议。作为补救措施,我们引入了一种较弱的隐私概念,它可以通过更简单的协议来满足,并通过组合来保护。之后,我们修复了一个被动安全模型,并展示了如何将私有协议转换为通用可组合的协议。因此,我们在没有性能损失的情况下获得了模块化的安全性证明。
{"title":"From Input Private to Universally Composable Secure Multi-party Computation Primitives","authors":"D. Bogdanov, Peeter Laud, S. Laur, Pille Pullonen","doi":"10.1109/CSF.2014.21","DOIUrl":"https://doi.org/10.1109/CSF.2014.21","url":null,"abstract":"Secure multi-party computation systems are commonly built from a small set of primitive components. The compos ability of security notions has a central role in the analysis of such systems, as it allows us to deduce security properties of complex protocols from the properties of its components. We show that the standard notions of universally compos able security are overly restrictive in this context and can lead to protocols with sub-optimal performance. As a remedy, we introduce a weaker notion of privacy that is satisfied by simpler protocols and is preserved by composition. After that we fix a passive security model and show how to convert a private protocol into a universally compos able protocol. As a result, we obtain modular security proofs without performance penalties.","PeriodicalId":285965,"journal":{"name":"2014 IEEE 27th Computer Security Foundations Symposium","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-07-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131223568","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 27
期刊
2014 IEEE 27th Computer Security Foundations Symposium
全部 Acc. Chem. Res. ACS Applied Bio Materials ACS Appl. Electron. Mater. ACS Appl. Energy Mater. ACS Appl. Mater. Interfaces ACS Appl. Nano Mater. ACS Appl. Polym. Mater. ACS BIOMATER-SCI ENG ACS Catal. ACS Cent. Sci. ACS Chem. Biol. ACS Chemical Health & Safety ACS Chem. Neurosci. ACS Comb. Sci. ACS Earth Space Chem. ACS Energy Lett. ACS Infect. Dis. ACS Macro Lett. ACS Mater. Lett. ACS Med. Chem. Lett. ACS Nano ACS Omega ACS Photonics ACS Sens. ACS Sustainable Chem. Eng. ACS Synth. Biol. Anal. Chem. BIOCHEMISTRY-US Bioconjugate Chem. BIOMACROMOLECULES Chem. Res. Toxicol. Chem. Rev. Chem. Mater. CRYST GROWTH DES ENERG FUEL Environ. Sci. Technol. Environ. Sci. Technol. Lett. Eur. J. Inorg. Chem. IND ENG CHEM RES Inorg. Chem. J. Agric. Food. Chem. J. Chem. Eng. Data J. Chem. Educ. J. Chem. Inf. Model. J. Chem. Theory Comput. J. Med. Chem. J. Nat. Prod. J PROTEOME RES J. Am. Chem. Soc. LANGMUIR MACROMOLECULES Mol. Pharmaceutics Nano Lett. Org. Lett. ORG PROCESS RES DEV ORGANOMETALLICS J. Org. Chem. J. Phys. Chem. J. Phys. Chem. A J. Phys. Chem. B J. Phys. Chem. C J. Phys. Chem. Lett. Analyst Anal. Methods Biomater. Sci. Catal. Sci. Technol. Chem. Commun. Chem. Soc. Rev. CHEM EDUC RES PRACT CRYSTENGCOMM Dalton Trans. Energy Environ. Sci. ENVIRON SCI-NANO ENVIRON SCI-PROC IMP ENVIRON SCI-WAT RES Faraday Discuss. Food Funct. Green Chem. Inorg. Chem. Front. Integr. Biol. J. Anal. At. Spectrom. J. Mater. Chem. A J. Mater. Chem. B J. Mater. Chem. C Lab Chip Mater. Chem. Front. Mater. Horiz. MEDCHEMCOMM Metallomics Mol. Biosyst. Mol. Syst. Des. Eng. Nanoscale Nanoscale Horiz. Nat. Prod. Rep. New J. Chem. Org. Biomol. Chem. Org. Chem. Front. PHOTOCH PHOTOBIO SCI PCCP Polym. Chem.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1