Filters








105 Hits in 3.7 sec

A hands-on modular laboratory environment to foster learning in control system security

Pallavi P. Deshmukh, Cameron D. Patterson, William T. Baumann
2016 2016 IEEE Frontiers in Education Conference (FIE)  
There can be a significant disconnect between control system engineers with CPS engineering skills and network engineers with an IT background.  ...  We have developed hands-on courseware to show how an adversary can compromise a CPS in a Stuxnet-like manner by tunneling through a layered sequence of network protocol and interface weaknesses.  ...  Chapter 3 gives an overview of our mock CPS built with commercial off-the-shelf components and how it maps to the different layers of a CPS.  ... 
doi:10.1109/fie.2016.7757669 dblp:conf/fie/DeshmukhPB16 fatcat:jtypcpldgvd5hjlyfa5pis4qo4

Managing confidentiality leaks through private algorithms on Software Guard eXtensions (SGX) enclaves

Kubilay Ahmet Küçük, David Grawrock, Andrew Martin
2019 EURASIP Journal on Information Security  
Next, we present a case study on existing secret-code execution frameworks; which have bad TCB design due to processing secrets with commodity software in enclaves.  ...  To some extent, these problems can be addressed by ensuring the use of secure hardware in the execution environment; however, an insecure software-stack can only provide limited algorithm secrecy.  ...  We would also like to thank SE Bazley, OJ Sturrock, Y Ulaş, and L Bihr for their reviews. Funding None.  ... 
doi:10.1186/s13635-019-0091-5 fatcat:53lwbanrpjhv7buzrrm73tcjr4

Thwarting Web Censorship with Untrusted Messenger Discovery [chapter]

Nick Feamster, Magdalena Balazinska, Winston Wang, Hari Balakrishnan, David Karger
2003 Lecture Notes in Computer Science  
However, requiring clients to independently discover proxies from a large set makes it practically impossible to verify the trustworthiness of every proxy and creates the possibility of having untrusted  ...  We show how this separation, as well as in-band proxy discovery, can be applied to a variety of anti-censorship systems.  ...  Thanks also to Jean Camp and Daniel Rubenstein for thoughtful discussions, and to Sameer Ajmani, Kevin Fu, Stuart Schechter, and the anonymous reviewers for comments on drafts of this paper.  ... 
doi:10.1007/978-3-540-40956-4_9 fatcat:5d3q3x6kznekxmokwpxvzd47hy

Efficient user-space information flow control

Ben Niu, Gang Tan
2013 Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security - ASIA CCS '13  
Experiments demonstrate applications can be ported to duPro with negligible overhead, enhanced security, and with tight control over information flow.  ...  We describe the design and implementation of duPro, an efficient user-space information flow control framework. duPro adopts Software-based Fault Isolation (SFI [22]) to isolate protection domains within  ...  Before a domain communicates with an external object, an endpoint must be created; the endpoint serves as an intermediary between the domain and the external object.  ... 
doi:10.1145/2484313.2484328 dblp:conf/ccs/NiuT13 fatcat:dr4x5deohrgi3chyh3pxaukeby

Secure Multiparty Computation and Trusted Hardware: Examining Adoption Challenges and Opportunities

Joseph I. Choi, Kevin R. B. Butler
2019 Security and Communication Networks  
This paper revisits the history of improvements to SMC over the years and considers the possibility of coupling trusted hardware with SMC.  ...  When two or more parties need to compute a common result while safeguarding their sensitive inputs, they use secure multiparty computation (SMC) techniques such as garbled circuits.  ...  Acknowledgments Special thanks are due to Patrick Traynor and Thomas Shrimpton for their interest in and constructive criticisms of this work.  ... 
doi:10.1155/2019/1368905 fatcat:izynm6msrvehfa3ghkw7tykk34

A map of security risks associated with using COTS

U. Lindqvist, E. Jonsson
1998 Computer  
An ideal design goal would be to make the overall system security independent of how some untrusted components behave, but that is often difficult to accomplish in practice.  ...  With access to copies (disk or backups) of the two databases, it would be an easy task to identify all the secret records.  ... 
doi:10.1109/2.683009 fatcat:e4mafbvq6nhtlbgg4exki3q3oe

Babel

John Aycock, Daniel Medeiros Nunes de Castro, Michael E. Locasto, Chris Jarabek
2012 Proceedings of the 2012 ACM Workshop on Cloud computing security workshop - CCSW '12  
We propose a new model of the computer, Babel, that makes a user's computer appear as it normally would, but is actually untrusted to the point where it cannot run the code installed on it.  ...  The user gets continuous protection, and multiple kinds of protection, with no need for security updates or patches.  ...  . 2 Depending on the perceived level of risk, a verification server that can be queried by an adversary leaves open the possibility that an adversary will learn how they can circumvent the translation  ... 
doi:10.1145/2381913.2381922 dblp:conf/ccs/AycockCLJ12 fatcat:n3uusvujkbfnxa3cc7h7rp6bd4

A Distributed Secure System

J.M. Rushby, B. Randell
1983 1983 IEEE Symposium on Security and Privacy  
Two anonymous referees directed our attention to a number of vexatious technical problems with some of our mechanisms and led us to make several improvements.  ...  We very much appreciate the enthusiastic encouragement of Derek Barnes of RSRE and the stimulation of our many colleagues at Newcastle, particularly those involved with Unix United.  ...  The complexity of such an intermediary will depend on the generality of that service.  ... 
doi:10.1109/sp.1983.10019 dblp:conf/sp/RushbyR83 fatcat:bwxr7ba6q5eo7lkw53yq2eg7ju

A Distributed Secure System

Rushby, Randell
1983 Computer  
In the simplest case, an individual can choose other individuals or groups with whom he wishes to share his private information.  ...  When the individuals concerned are members of an organization, however, that organization may circumscribe their discretionary power to grant access to information by imposing a mandatory security policy  ...  Two anonymous referees directed our attention to a number of vexatious technical problems with some of our mechanisms and led us to make several improvements.  ... 
doi:10.1109/mc.1983.1654443 fatcat:2n5ldqtx2rgcpcazd4wcywwy5u

A pattern language for developing privacy enhancing technologies

Munawar Hafiz
2011 Software, Practice & Experience  
A Privacy Enhancement Technology (PET) is an application or a mechanism which allows users to protect the privacy of their personally identifiable information.  ...  These privacy patterns are not limited to a specific problem domain; they can be applied to design anonymity systems for various types of online communication, online data sharing, location monitoring,  ...  It is similar to using an alias in a covert organization; only a chosen few know the actual identity, an outsider does not.  ... 
doi:10.1002/spe.1131 fatcat:n3h4bq4yjvfxrj5rs7mlcwgyia

Distributed Secure Systems: Then and Now

Brian Randell, John Rushby
2007 Proceedings of the Computer Security Applications Conference  
One such system in particular was developed at Newcastle that allowed pre-existing applications and (Unix) systems to be used, completely unchanged, as components of an apparently standard large (multiprocessor  ...  In this retrospective, we provide the full original text of our DSS paper, prefaced by an introductory discussion of the DSS in the context of its time, and followed by an account of the subsequent implementation  ...  Acknowledgements The preparation of this reprise of our 1983 paper has provided us with a welcome opportunity to renew contact with Derek Barnes and Andy Bates, who have been very helpful to us regarding  ... 
doi:10.1109/acsac.2007.4412988 fatcat:zd2ha4ysszbfnop74r6zly76oe

Distributed Secure Systems: Then and Now

Brian Randell, John Rushby
2007 Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007)  
One such system in particular was developed at Newcastle that allowed pre-existing applications and (Unix) systems to be used, completely unchanged, as components of an apparently standard large (multiprocessor  ...  In this retrospective, we provide the full original text of our DSS paper, prefaced by an introductory discussion of the DSS in the context of its time, and followed by an account of the subsequent implementation  ...  Acknowledgements The preparation of this reprise of our 1983 paper has provided us with a welcome opportunity to renew contact with Derek Barnes and Andy Bates, who have been very helpful to us regarding  ... 
doi:10.1109/acsac.2007.48 dblp:conf/acsac/RandellR07 fatcat:u5igmhd5szdwlahhfzwyggkana

Pay as you browse

Ghassan O. Karame, Aurélien Francillon, Srdjan Čapkun
2011 Proceedings of the 20th international conference on World wide web - WWW '11  
In our model, a user that wishes to access online content offered by a website does not need to register or pay to access the website; instead, he will accept to run microcomputations on behalf of the  ...  website in exchange for access to the content.  ...  [29] propose a scheme to outsource cryptographic searches to untrusted nodes without these nodes learning information about the inputs nor the outputs of the search functions.  ... 
doi:10.1145/1963405.1963451 dblp:conf/www/KarameFC11 fatcat:5lldb5jxirdjnpzrhtzynz2abi

Wearable computing: toward humanistic intelligence

S. Mann
2001 IEEE Intelligent Systems  
He built the world's first covert fully functional wearable image processor with computer display and camera concealed in ordinary eyeglasses and was the first person to put his day-to-day life on the  ...  In the same way that ordinary clothing prevents others from seeing our naked bodies, an embodiment of HI might, for example, serve as an intermediary for interacting with untrusted systems, such as third-party  ...  learn.  ... 
doi:10.1109/5254.940020 fatcat:5bkfpuvfi5c45cdmlqn7hdpv3m

Vesper: Using Echo-Analysis to Detect Man-in-the-Middle Attacks in LANs [article]

Yisroel Mirsky, Naor Kalbo, Yuval Elovici, Asaf Shabtai
2018 arXiv   pre-print
Using this technique, Vesper is able to detect MitM attacks with high accuracy while incurring minimal network overhead.  ...  Analogous to how echoes in a cave capture the shape and construction of the environment, so to can a short and intense pulse of ICMP echo requests model the link between two network hosts.  ...  First, we will explain in detail how an autoencoder works, and then we will explain how the HP uses them to detect anomalies in the link with host j. 1) Autoencoders An autoencoder is an artificial neural  ... 
arXiv:1803.02560v1 fatcat:kvsxl2xqufcj7jzpapryzysz6i
« Previous Showing results 1 — 15 out of 105 results