Filters








350 Hits in 5.8 sec

Towards Automated Augmentation and Instrumentation of Legacy Cryptographic Executables: Extended Version [article]

Karim Eldefrawy, Michael Locasto, Norrathep Rattanavipanon, Hassen Saidi
2020 arXiv   pre-print
This paper explores feasibility of designing and implementing a toolchain for Augmentation and Legacy-software Instrumentation of Cryptographic Executables (ALICE).  ...  We demonstrate practical feasibility of our approach on cryptographic hash functions with several popular cryptographic libraries and real-world programs of various levels of complexity.  ...  Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of DHS and should not be interpreted as necessarily  ... 
arXiv:2004.09713v2 fatcat:dpug4wftgvdpdoiz2wx7hozmdu

Replacement attacks against VM-protected applications

Sudeep Ghosh, Jason Hiser, Jack W. Davidson
2012 Proceedings of the 8th ACM SIGPLAN/SIGOPS conference on Virtual Execution Environments - VEE '12  
This dynamic protection, combined with its flexibility, ease in handling legacy systems and low performance overhead, has made process-level virtualization a popular approach for providing software protection  ...  We present a general description of the replacement attack methodology and two attack implementations against a protected application using freely available tools.  ...  The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of the  ... 
doi:10.1145/2151024.2151051 dblp:conf/vee/GhoshHD12 fatcat:pnkjc54cnbgjva6gtrtguyi5n4

Extracting and Verifying Cryptographic Models from C Protocol Code by Symbolic Execution [article]

Mihhail Aizatulin and Andrew D.Gordon and Jan Jürjens
2011 arXiv   pre-print
Consider the problem of verifying security properties of a cryptographic protocol coded in C.  ...  The results in this paper provide the first computationally sound verification of weak secrecy and authentication for (single execution paths of) C code.  ...  We also thank George Danezis, François Dupressoir, and Jean Goubault-Larrecq for giving us access to the code of minexplib, RPC, and CSur, respectively.  ... 
arXiv:1107.1017v1 fatcat:vkpdvm3vnfhjnac4jwirl756im

Cross-architecture bug search in binary executables

Jannik Pewny, Behrad Garmany, Robert Gawlik, Christian Rossow, Thorsten Holz
2017 it - Information Technology  
AbstractWith the general availability of closed-source software for various CPU architectures, there is a need to identify security-critical vulnerabilities at the binary level.  ...  The list of affected software is still growing and there is no automated way to identify vulnerable software versions.  ...  varies between the CPU architectures: x86 features 8 such registers, legacy ARM 15, and MIPS 32.  ... 
doi:10.1515/itit-2016-0040 fatcat:vjedtlsdhvb2pjfzvv6vgk3qs4

Cross-Architecture Bug Search in Binary Executables

Jannik Pewny, Behrad Garmany, Robert Gawlik, Christian Rossow, Thorsten Holz
2015 2015 IEEE Symposium on Security and Privacy  
We define a metric to compare code structures like sub-CFGs and functions, which enables us to search for bug signatures in arbitrary software binaries. • We empirically demonstrate the viability of our  ...  The list of affected software is still growing and there is no automated way to identify vulnerable software versions.  ...  varies between the CPU architectures: x86 features 8 such registers, legacy ARM 15, and MIPS 32.  ... 
doi:10.1109/sp.2015.49 dblp:conf/sp/PewnyGGRH15 fatcat:ghprij537bcf3iifk7shgkthtu

Run-Time Security Traceability for Evolving Systems

A. Bauer, J. Jurjens, Y. Yu
2010 Computer journal  
The extra effort for it is small as most of the computation is automated; however, additional resources at run-time may be required.  ...  A lot of vulnerabilities have been found in current software systems both at the specification and the implementation levels.  ...  Acknowledgements Discussions with Martin Leucker about a draft of this paper are gratefully acknowledged, as well as constructive comments by the reviewers which helped improving the presentation significantly  ... 
doi:10.1093/comjnl/bxq042 fatcat:5atpkvz7d5gufpvphwjno65lsa

Replacement attacks against VM-protected applications

Sudeep Ghosh, Jason Hiser, Jack W. Davidson
2012 SIGPLAN notices  
This dynamic protection, combined with its flexibility, ease in handling legacy systems and low performance overhead, has made process-level virtualization a popular approach for providing software protection  ...  We present a general description of the replacement attack methodology and two attack implementations against a protected application using freely available tools.  ...  The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of the  ... 
doi:10.1145/2365864.2151051 fatcat:ybiejivn7ng4pebpavlpzizj64

Forensic discovery auditing of digital evidence containers

Golden G. Richard, Vassil Roussev, Lodovico Marziale
2007 Digital Investigation. The International Journal of Digital Forensics and Incident Response  
Auditing of a digital investigation, from identification and seizure of evidence through duplication and investigation is, essentially, ad hoc, recorded in separate log files or in an investigator's case  ...  This allows the immediate, safe, and verifiable use of any tool deemed necessary by the examiner.  ...  As a simple example, earlier versions of many tools could be fooled into believing that a text file was a Microsoft Windows executable by starting the file with the string 'MZ'.  ... 
doi:10.1016/j.diin.2007.04.002 fatcat:7x3g7icvnnbv3bivypubhpdvca

An Exhaustive Survey on P4 Programmable Data Plane Switches: Taxonomy, Applications, Challenges, and Future Trends

Elie F. Kfoury, Jorge Crichigno, Elias Bou-Harb
2021 IEEE Access  
The networking industry in the upcoming years may be shifting towards the closed-loop control architecture (Fig. 30) Note that it is not easy to realize the vision of completely automating networks.  ...  Generally, cryptographic functions are executed externally (e.g., on a CPU) and invoked from the data plane. 2) External Cryptography The authors in [191] argue on the need to implement cryptographic  ...  Bou-Harb holds a Ph.D. degree in computer science from Concordia University in Montreal, Canada, which was executed in collaboration with Public Safety Canada, Industry Canada and NCFTA Canada.  ... 
doi:10.1109/access.2021.3086704 fatcat:2jgbxj2cbfbp7fawkxwrztbbia

An Exhaustive Survey on P4 Programmable Data Plane Switches: Taxonomy, Applications, Challenges, and Future Trends [article]

Elie F. Kfoury, Jorge Crichigno, Elias Bou-Harb
2021 arXiv   pre-print
advantages over Software-defined Networking (SDN) and legacy devices.  ...  To this end, this paper provides a background encompassing an overview of the evolution of networks from legacy to programmable, describing the essentials of programmable switches, and summarizing their  ...  Generally, cryptographic functions are executed externally (e.g., on a CPU) and invoked from the data plane. 2) External Cryptography The authors in [191] argue on the need to implement cryptographic  ... 
arXiv:2102.00643v2 fatcat:izxi645kozdc5ibfsqp2y2foau

Automating Privacy Enforcement in Cloud Platforms [chapter]

Peng Yu, Jakub Sendor, Gabriel Serme, Anderson Santana de Oliveira
2013 Lecture Notes in Computer Science  
In this context, the compliance with regards to policies and regulations about personal data protection is essential, but hard to achieve, as the implementation of privacy controls is subject to diverse  ...  kinds of errors.  ...  Many thanks to Theodoor Scholte for his valuable comments on a previous version of this paper.  ... 
doi:10.1007/978-3-642-35890-6_12 fatcat:wgvfmafgczbbnf4duwfj25du3u

Unchaining Collective Intelligence for Science, Research, and Technology Development by Blockchain-Boosted Community Participation

Jens Ducrée, Martin Etzrodt, Sönke Bartling, Ray Walshe, Tomás Harrington, Neslihan Wittek, Sebastian Posth, Kevin Wittek, Andrei Ionita, Wolfgang Prinz, Dimitrios Kogias, Tiago Paixão (+2 others)
2021 Frontiers in Blockchain  
crowdfunding, and prediction markets, can be applied to substantially innovate the legacy organization of science, research, and technology development (RTD).  ...  On the analogy of its current blockbusters like peer-to-peer structured decentralized finance ("DeFi"), blockchain technology can seminally enhance the efficiency of science and RTD initiatives, even permitting  ...  executed in existing blockchain projects. 54,55 By offering a broad range of involvement and commitment staked by reputation and cryptoassets, pivotal flywheel effects can be unleashed toward creating  ... 
doi:10.3389/fbloc.2021.631648 fatcat:k3uqidrh4fg2he4ou2niq7v7si

Distributed Ledger Technology in Payments, Clearing, and Settlement

David Mills, Kathy Wang, Brendan Malone, Anjana Ravi, Jeff Marquardt, Clinton Chen, Anton Badev, Timothy Brezinski, Linda Fahy, Kimberley Liao, Vanessa Kargenian, Max Ellithorpe (+2 others)
2016 Finance and Economics Discussion Series  
In effect, the protocol defines a set of procedures for proposing a payments path and cryptographically escrowing funds across a series of interoperable ledgers and then subsequently executing the escrowed  ...  Others may augment or even replace the services of existing financial intermediaries.  ... 
doi:10.17016/feds.2016.095 fatcat:ueklof3zc5ba5jxxwep4tfqga4

STACCO

Yuan Xiao, Mengyuan Li, Sanchuan Chen, Yinqian Zhang
2017 Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security - CCS '17  
Surprisingly, we found exploitable vulnerabilities in the latest versions of all the SSL/TLS libraries we have examined.  ...  , and showed that it only needs 48388 and 25717 queries, respectively, to break one block of AES ciphertext.  ...  Generally speaking, a DCFG shows the portion of a CFG that has been executed. An edge in a DCFG is augmented with a counter, which records the number of times this edge is executed.  ... 
doi:10.1145/3133956.3134016 dblp:conf/ccs/XiaoLCZ17 fatcat:smeafct6pjhyzka23kxg57ej5e

Donky: Domain Keys - Efficient In-Process Isolation for RISC-V and x86

David Schrammel, Samuel Weiser, Stefan Steinegger, Martin Schwarzl, Michael Schwarz, Stefan Mangard, Daniel Gruss
2020 USENIX Security Symposium  
Efficient and secure in-process isolation is in great demand, as evidenced in the shift towards JavaScript and the recent revival of memory protection keys.  ...  Fully protecting the mbedTLS cryptographic operations has a 4 % overhead.  ...  Excellent Technologies by BMVIT, BMWFW, and Styria, and via the project ESPRESSO, which is funded by the province of Styria and the Business Promotion Agencies of Styria and Carinthia.  ... 
dblp:conf/uss/SchrammelWSS0MG20 fatcat:f3rywxsejbdgbpomcyhhzre42q
« Previous Showing results 1 — 15 out of 350 results