19,348 Hits in 4.2 sec

Modular Protections against Non-control Data Attacks

Cole Schlesinger, Karthik Pattabiraman, Nikhil Swamy, David Walker, Benjamin Zorn
2011 2011 IEEE 24th Computer Security Foundations Symposium  
This paper introduces YARRA, a conservative extension to C to protect applications from non-control data attacks.  ...  We evaluate a prototype implementation of a compiler and runtime system for YARRA by using it to harden four common server applications against known non-control data vulnerabilities.  ...  As such, this frame rule captures the essence of YARRA's modular protections against non-control data attacks.  ... 
doi:10.1109/csf.2011.16 dblp:conf/csfw/SchlesingerPSWZ11 fatcat:uq5gw6j5ffbnfkoets55iqhsze

Modular protections against non-control data attacks

Cole Schlesinger, Karthik Pattabiraman, Nikhil Swamy, David Walker, Benjamin Zorn, Michael Backes, Steve Zdancewic
2014 Journal of Computer Security  
This paper introduces YARRA, a conservative extension to C to protect applications from non-control data attacks.  ...  We evaluate a prototype implementation of a compiler and runtime system for YARRA by using it to harden four common server applications against known non-control data vulnerabilities.  ...  As such, this frame rule captures the essence of YARRA's modular protections against non-control data attacks.  ... 
doi:10.3233/jcs-140502 fatcat:oi7hhxgmtjhzpbeb4iozy6mbye

SoK: Eternal War in Memory

L. Szekeres, M. Payer, Tao Wei, Dawn Song
2013 2013 IEEE Symposium on Security and Privacy  
Non-executable Data / Instruction Set Randomization VII.A.  ...  The lack of safety in these languages allows attackers to alter the program's behavior or take full control over it by hijacking its control flow.  ...  They aim to protect against both control data (hijacking) and non-control data attacks, but not against e.g., information leaks.  ... 
doi:10.1109/sp.2013.13 dblp:conf/sp/SzekeresPWS13 fatcat:slxnjwdqhrcx3crwc7dtjyxpqq

VoIP SEAL: A Research Prototype for Protecting Voice-over-IP Networks and Users

Jan Seedorf, Nico d'Heureuse, Saverio Niccolini, Thilo Ewald
2008 Sicherheit  
Using a modular approach, different protection mechanism can be combined and interact with each other. This allows for flexible protection against diverse types of VoIP attacks.  ...  Thus, there is a need for protecting VoIP systems and its users against attacks.  ...  In this paper we present our prototype implementation of this modular protection approach against different VoIP threats.  ... 
dblp:conf/sicherheit/SeedorfdNE08 fatcat:lru7vddju5cqxphhgnoh72ydyi

A Leak Resistant Architecture Against Side Channel Attacks

Daniel Mesquita, Benoit Badrignans, Lionel Torres, Gilles Sassattell, Michel Robert, Jean-claude Bajard, Fernando Moraes
2006 2006 International Conference on Field Programmable Logic and Applications  
This work combines reconfigurable techniques with the recently proposed Leak Resistant Arithmetic (LRA) to thwart some Side Channel Attacks (SCA).  ...  The introduced architecture outcomes the performance of classical implementation of modular multiplication, for key size exceeding 2048 bits, with a reasonable extra area overhead.  ...  It is not rare that the defense against one attack may benefit another kind of attack.  ... 
doi:10.1109/fpl.2006.311335 dblp:conf/fpl/MesquitaBTSRBM06 fatcat:o6f7pdy6yrdrfg5tjoltyxdmi4

A Cryptographic Coarse Grain Reconfigurable Architecture Robust Against DPA

Daniel Mesquita, Benoit Badrignans, Lionel Torres, Gilles Sassatelli, Michel Robert, Fernando Moraes
2007 2007 IEEE International Parallel and Distributed Processing Symposium  
The results issue of prototyping shows that our coarse grained reconfigurable architecture is robust against power analysis attacks. .  ...  Is not rare that defend against one attack may benefit another kind of attack.  ...  Based on the same principle of the DPA, if the data change during an operation, consequently the power consumption becomes non constant, thwarting DPA attacks.  ... 
doi:10.1109/ipdps.2007.370380 dblp:conf/ipps/MesquitaBTSRM07 fatcat:w6i4tmsvoza6vcytfbctn47x2q

Custom Instruction Support for Modular Defense against Side-channel and Fault Attacks [article]

Pantea Kiaei, Darius Mercadier, Pierre-Évariste Dagand, Karine Heydemann, Patrick Schaumont
2020 IACR Cryptology ePrint Archive  
attacks.  ...  Based on bitslice programming and recent advances in the literature, SKIVA offers a flexible and modular combination of countermeasures against power-based and timing-based side-channel leakage and fault  ...  masking to protect against power side-channel leakage; (c) intra-instruction redundancy to protect against data faults and (d) temporal redundancy to protect against control faults.  ... 
dblp:journals/iacr/KiaeiMDHS20 fatcat:ju5lmfibhjchjlfu3ydhgowaoq

Product lines can jeopardize their trade secrets

Mathieu Acher, Guillaume Bécan, Benoit Combemale, Benoit Baudry, Jean-Marc Jézéquel
2015 Proceedings of the 2015 10th Joint Meeting on Foundations of Software Engineering - ESEC/FSE 2015  
For instance, an attacker can identify hidden constraints and bypass the product line to get access to features or copyrighted data.  ...  This paper warns against possible naive modeling, implementation, and testing of variability leading to the existence of product lines that jeopardize their trade secrets.  ...  An important lesson learned is that the modularity of data (video variants) poses a problem from a protection perspective.  ... 
doi:10.1145/2786805.2803210 dblp:conf/sigsoft/AcherBCBJ15 fatcat:q6t2ti2kljhqlndc4crizvgd4m

Fine-Grained Control-Flow Integrity Through Binary Hardening [chapter]

Mathias Payer, Antonio Barresi, Thomas R. Gross
2015 Lecture Notes in Computer Science  
We present Lockdown, a modular, fine-grained CFI policy that protects binary-only applications and libraries without requiring sourcecode.  ...  COOP [40] presents an attack against CFI mechanisms that are unaware of C++ semantics for virtual function calls. Both MCFI and COOP were developed concurrently with Lockdown.  ...  As with any other CFI defense mechanism, non-control data attacks [10] are out of scope.  ... 
doi:10.1007/978-3-319-20550-2_8 fatcat:imb2l3voebeqxbwkg4dvwvubjq

CopyCat: Controlled Instruction-Level Attacks on Enclaves [article]

Daniel Moghimi, Jo Van Bulck, Nadia Heninger, Frank Piessens, Berk Sunar
2020 arXiv   pre-print
We demonstrate the improved resolution and practicality of CopyCat on Intel SGX in an extensive study of single-trace and deterministic attacks against cryptographic implementations, and give novel algorithmic  ...  One particularly powerful class of controlled-channel attacks abuses page-table modifications to reliably track enclave memory accesses at a page-level granularity.  ...  were insufficient to protect against COPYCAT.  ... 
arXiv:2002.08437v3 fatcat:5epnn447mjfq3hk6mqk35hlewm

Side-Channel Evaluation Methodology on Software

Sylvain Guilley, Khaled Karray, Thomas Perianin, Ritu-Ranjan Shrivastwa, Youssef Souissi, Sofiane Takarabt
2020 Cryptography  
Cryptographic implementations need to be robust amidst the widespread use of crypto-libraries and attacks targeting their implementation, such as side-channel attacks (SCA).  ...  Research works mostly tackle sophisticated attacks with simple use-cases, which is not the reality where end-to-end evaluation is not trivial.  ...  of protecting against such attacks) built on top of an insecure RSA.  ... 
doi:10.3390/cryptography4040027 fatcat:cmdy3ij6nzgrpe3b6avfvjwniq

Sequential Circuit Design for Embedded Cryptographic Applications Resilient to Adversarial Faults

G. Gaubatz, E. Savas, B. Sunar
2008 IEEE transactions on computers  
Motivated by a hypothetical yet realistic fault analysis attack that, in principle, could be mounted against any modular exponentiation engine, even one with appropriate data path protection, we set out  ...  To date, however, we have not found any work that aims at protecting the control logic of these circuits against fault attacks, which thus remains the proverbial Achilles' heel.  ...  CONCLUSION In this paper, we addressed the importance of not only protecting the data path of cryptographic circuits against fault attacks but also the control logic itself.  ... 
doi:10.1109/tc.2007.70784 fatcat:l5mtnidjandobaaxq7ustrcixq

Asynchronous Charge Sharing Power Consistent Montgomery Multiplier

Jiaoyan Chen, Arnaud Tisserand, Emanuel Popovici, Sorin Cotofana
2015 2015 21st IEEE International Symposium on Asynchronous Circuits and Systems  
Keywords -asynchronous; modular arithmetic; charge sharing logic; side channel attack; input data independent energy circuits I. Avg. Power (uW) 500 1046 1970 Avg. Cycle (ns) 1.9 2.0 2.1 Avg.  ...  The proposed logic provides input data independent low-power/energy consumption which is attributed to interleaved charge sharing stages with non-static elements involved in the data path.  ...  INTRODUCTION Embedded cryptographic systems must be protected against Side Channel Attacks (SCAs).  ... 
doi:10.1109/async.2015.26 dblp:conf/async/ChenTPC15 fatcat:by3ablzdhjf2xbaqbouh2ul6by

A Systematic Expository Review of Schmidt-Samoa Cryptosystem

Qasem Abu Al-Haija, Mohamad M.Asad, Ibrahim Marouf
2018 International Journal of Mathematical Sciences and Computing  
/decryption, digital signature and data integrity.  ...  The implementation of SSC to secure different recent communication technologies such as cloud and fog computing is on demand due to the assorted security services offered by SSC such as data encryption  ...  a user's identity or data from being read, data integrity: To help protect data from being changed, authentication: To ensure that data is originated from a certain user, and non-repudiation: To prevent  ... 
doi:10.5815/ijmsc.2018.02.02 fatcat:kgj2cgo7jfgsxd6e26xyc2rgly

Quad-Core RSA Processor with Countermeasure Against Power Analysis Attacks [article]

Javad Bagherzadeh, Vishishtha Bothra, Disha Gujar, Sugandha Gupta, Jinal Shah
2020 arXiv   pre-print
We also implement a True Random Number Generator based resilience block to protect the coprocessor against power attacks.  ...  Rivest-Shamir-Adleman (RSA) cryptosystem uses modular multiplication for encryption and decryption. So, performance of RSA can be drastically improved by optimizing modular multiplication.  ...  The two methods mentioned for power attack resilience will be simulated against the core and considered against performance, area and power tradeoffs.  ... 
arXiv:2009.03468v1 fatcat:qgxx5zd7anb6vpzx5wogzhffyu
« Previous Showing results 1 — 15 out of 19,348 results