Filters








7,476 Hits in 6.2 sec

Quantitative Security Analysis (Dagstuhl Seminar 12481)

Boris Köpf, Paquale Malacaria, Catuscia Palamidessi, Marc Herbstritt
2013 Dagstuhl Reports  
Quantitative notions of security can express degrees of protection and thus enable reasoning about the trade-off between security and conflicting requirements.  ...  Unfortunately, security is often in conflict with requirements on the functionality or the performance of a system, making perfect security an impossible or overly expensive goal.  ...  A generative probabilistic model of mix network architectures is presented, that incorporates a number of attack techniques in the trace analysis literature.  ... 
doi:10.4230/dagrep.2.11.135 dblp:journals/dagstuhl-reports/KopfMP12 fatcat:zlrdsjynqnfv3ehvlybivdnwre

Key Agreement over Inter-Process Communication

Manami Suzuki, Dai Watanabe, Tsutomu Matsumoto, Naoki Yoshida, Junichi Sakamoto
2021 IEEE Access  
The proposed protocol is based on random number sharing using the messages that the attacker probabilistically fails to obtain and attacker detection who interrupts the protocol.  ...  We use an uncertain channel for secure key agreement over IPC and we found that the IPC channel behaves as the uncertain communication channel due to the process scheduling of the OS.  ...  side-channel attacks.  ... 
doi:10.1109/access.2021.3117337 fatcat:vusqwup5kzglfp353u4gik7en4

A Holistic Approach for Security Requirement Specification for Low-Cost, Distributed Ubiquitous Systems

Yanjun Zuo
2010 International Conference on Information Systems  
We applied Bayesian network and stochastic process algebra to incorporate probabilistic analysis to the framework.  ...  Rigorous security analysis needs both quantitative and qualitative approaches to produce the holistic view and the robust data regarding the security features that a system must have in order to meet users  ...  The author is thankful to Dr. Robert Herklotz for his support, which made this work possible.  ... 
dblp:conf/icis/Zuo10 fatcat:c6qupucncfeqpkzwyfml5bgoy4

Novel channel-hopping pattern-based wireless IoT networks in smart cities for reducing multi-access interference and jamming attacks

Yiming Liu, Qi Zeng, Yue Zhao, Kaijun Wu, Yao Hao
2021 EURASIP Journal on Wireless Communications and Networking  
In this paper, to reduce the mutual interference and external jamming attacks, multiple novel channel-hopping patterns, i.e., traditional no-hit-zone (NHZ) hopping pattern and generalized NHZ hopping pattern  ...  The extensive simulations show that the traditional/generalized NHZ hopping patterns are in favor of combating the mutual interference but with the limited capability of reducing jamming attacks, while  ...  Acknowledgements Not applicable.  ... 
doi:10.1186/s13638-021-02029-8 fatcat:5ojy2jg7i5dxfj2a4rezknymva

Tools for Active and Passive Network Side-Channel Detection for Web Applications

Michael Lescisin, Qusay H. Mahmoud
2018 Workshop on Offensive Technologies  
to a server with SSL/TLS, user privacy and web application behaviour integrity are guaranteed.  ...  In this paper, we discuss three design patterns that often result in side-channel information leaks along with three real-world websites which posses these vulnerabilities.  ...  Defences and Countermeasures In order to prevent both active and passive side-channel attacks on web applications and their users, two conditions must be satisfied; 1) network traffic patterns must be  ... 
dblp:conf/woot/LescisinM18 fatcat:ifozbwfu2jbh5f44yjamzeoouu

Multi-run Side-Channel Analysis Using Symbolic Execution and Max-SMT

Corina S. Pasareanu, Quoc-Sang Phan, Pasquale Malacaria
2016 2016 IEEE 29th Computer Security Foundations Symposium (CSF)  
Furthermore model counting and information-theoretic metrics are used to compute an attacker's remaining uncertainty about a secret after a certain number of side-channel measurements are made.  ...  We describe a program analysis that uses symbolic execution to quantify the information that is leaked to an attacker who makes multiple side-channel measurements.  ...  They use probabilistic programming to implement a model of information flow for probabilistic, interactive systems with adaptive adversaries and to compute the leakage.  ... 
doi:10.1109/csf.2016.34 dblp:conf/csfw/PasareanuPM16 fatcat:vvxw5cl2r5ebzivhc6nijzx57i

Algebraic Side-Channel Attacks Beyond the Hamming Weight Leakage Model [chapter]

Yossef Oren, Mathieu Renauld, François-Xavier Standaert, Avishai Wool
2012 Lecture Notes in Computer Science  
Algebraic side-channel attacks (ASCA) are a method of cryptanalysis which allow performing key recoveries with very low data complexity.  ...  In an ASCA, the side-channel leaks of a device under test (DUT) are represented as a system of equations, and a machine solver is used to find a key which satisfies these equations.  ...  The authors wish to thank the anonymous reviewers for their encouraging and insightful comments.  ... 
doi:10.1007/978-3-642-33027-8_9 fatcat:jae27n4zcjgldbdgkwjxf75cha

Exploitation as an inference problem

David A. Cock
2011 Proceedings of the 4th ACM workshop on Security and artificial intelligence - AISec '11  
In this position paper, we suggest that an adversary seeking to exploit a side channel should be viewed as performing inference under uncertainty.  ...  By deriving Boolean satisfiability as a special case of the marginalization problem, we justify that the measure is capable of capturing the complexity of the underlying deterministic decision problem.  ...  • Is it possible to automatically identify a control-flow-based side channel, and build a minimal corresponding inference model?  ... 
doi:10.1145/2046684.2046702 dblp:conf/ccs/Cock11 fatcat:qzbi3g5v2rhqffmxnyahgyusp4

Channel Capacity of Concurrent Probabilistic Programs

Khayyam Salehi, Jaber Karimpour, Habib Izadkhah, Ayaz Isazadeh
2019 Entropy  
This is called channel capacity. In this paper, two notions of capacity are defined for concurrent probabilistic programs using information theory.  ...  A fundamental issue in computing information leakage is that given a program and attackers with various knowledge of the secret information, what is the maximum amount of leakage of the program?  ...  Acknowledgments: Thanks go to Ali A. Noroozi, Javad Hajipour, and Shahriar Lotfi for helpful comments and feedback.  ... 
doi:10.3390/e21090885 fatcat:ehc4rhyovnacnh7bboguowzi64

Confidential Machine Learning Computation in Untrusted Environments: A Systems Security Perspective

Kha Dinh Duy, Taehyun Noh, Siwon Huh, Hojoon Lee
2021 IEEE Access  
In the domain of systems security, many endeavors have been made to ensure ML model and data confidentiality.  ...  As machine learning (ML) technologies and applications are rapidly changing many domains of computing, security issues associated with ML are also emerging.  ...  The existence of side-channel is becoming the most formidable challenge in providing security guarantees in ML and other general computations using SGX in the cloud. 1) Software Side-channel Attacks  ... 
doi:10.1109/access.2021.3136889 fatcat:scrytvepkjafxblcqg3gjk5vqu

Confidential Machine Learning Computation in Untrusted Environments: A Systems Security Perspective [article]

Kha Dinh Duy, Taehyun Noh, Siwon Huh, Hojoon Lee
2021 arXiv   pre-print
In the domain of systems security, many endeavors have been made to ensure ML model and data confidentiality.  ...  As machine learning (ML) technologies and applications are rapidly changing many domains of computing, security issues associated with ML are also emerging.  ...  The existence of side-channel is becoming the most formidable challenge in providing security guarantees in ML and other general computations using SGX in the cloud. 1) Software Side-channel Attacks  ... 
arXiv:2111.03308v2 fatcat:kmklsqvzureilldvr4ui4azrwi

String analysis for side channels with segmented oracles

Lucas Bang, Abdulbaki Aydin, Quoc-Sang Phan, Corina S. Păsăreanu, Tevfik Bultan
2016 Proceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering - FSE 2016  
We present an automated approach for detecting and quantifying side channels in Java programs, which uses symbolic execution, string analysis and model counting to compute information leakage for a single  ...  We further extend this approach to compute information leakage for multiple runs for a type of side channels called segmented oracles, where the attacker is able to explore each segment of a secret (for  ...  In applications of model counting (such as probabilistic symbolic execution) a model counting query is accompanied with a bound that limits the domain of the variable.  ... 
doi:10.1145/2950290.2950362 dblp:conf/sigsoft/BangAPPB16 fatcat:hnvp7oioxjc45f34htfiecr3qy

Synthesis of Adaptive Side-Channel Attacks

Quoc-Sang Phan, Lucas Bang, Corina S. Pasareanu, Pasquale Malacaria, Tevfik Bultan
2017 2017 IEEE 30th Computer Security Foundations Symposium (CSF)  
We start with a symbolic attack model that encodes succinctly all the side-channel attacks that an adversary can make.  ...  We present symbolic analysis techniques for detecting vulnerabilities that are due to adaptive side-channel attacks, and synthesizing inputs that exploit the identified vulnerabilities.  ...  ACKNOWLEDGMENT We thank Nikolaj Bjorner for useful discussions on MaxSMT and its generalization to the Maximal Satisfiable Subsets problem. We also thank the anonymous reviewers for their comments.  ... 
doi:10.1109/csf.2017.8 dblp:conf/csfw/PhanBPMB17 fatcat:vs7vpbmbwzdixenzmehbw5wzia

Fundamental And Practical Problems of QKD Security - the Actual and the Perceived Situation [article]

Horace P. Yuen
2011 arXiv   pre-print
Here we summarize briefly why this is not the case, from both the viewpoints of fundamental quantitative security and applicable models of security analysis, with some morals drawn.  ...  It is widely believed that quantum key distribution (QKD) has been proved unconditionally secure for realistic models applicable to various current experimental schemes.  ...  PROBLEMS OF MODELING VERSUS SIDE CHANNEL There are two kinds of mathematical modeling problems in QKD security analysis of concrete systems: (A) whether the model includes typical general features of a  ... 
arXiv:1109.1066v3 fatcat:kw2e2wleenb53o3cqick64pakq

Cryptanalysis of the Countermeasures Using Randomized Binary Signed Digits [chapter]

Dong-Guk Han, Katsuyuki Okeya, Tae Hyun Kim, Yoon Sung Hwang, Young-Ho Park, Souhwan Jung
2004 Lecture Notes in Computer Science  
Recently, side channel attacks (SCA) have been recognized as menaces to public key cryptosystems.  ...  In SCA, an attacker observes side channel information during cryptographic operations, and reveals the secret scalar using the side channel information.  ...  Side Channel Attacks Side channel attacks (SCA) are a serious menace for embedded devices which are running cryptographic applications and leaking critical information through side channels, like power  ... 
doi:10.1007/978-3-540-24852-1_29 fatcat:5w4tkn2fdvdyrdyznqt66slpwq
« Previous Showing results 1 — 15 out of 7,476 results