1,198 research outputs found
Information Flow Model for Commercial Security
Information flow in Discretionary Access Control (DAC) is a well-known difficult problem. This paper formalizes the fundamental concepts and establishes a theory of information flow security. A DAC system is information flow secure (IFS), if any data never flows into the hands of owner’s enemies (explicitly denial access list.
Cyber-crime Science = Crime Science + Information Security
Cyber-crime Science is an emerging area of study aiming to prevent cyber-crime by combining security protection techniques from Information Security with empirical research methods used in Crime Science. Information security research has developed techniques for protecting the confidentiality, integrity, and availability of information assets but is less strong on the empirical study of the effectiveness of these techniques. Crime Science studies the effect of crime prevention techniques empirically in the real world, and proposes improvements to these techniques based on this. Combining both approaches, Cyber-crime Science transfers and further develops Information Security techniques to prevent cyber-crime, and empirically studies the effectiveness of these techniques in the real world. In this paper we review the main contributions of Crime Science as of today, illustrate its application to a typical Information Security problem, namely phishing, explore the interdisciplinary structure of Cyber-crime Science, and present an agenda for research in Cyber-crime Science in the form of a set of suggested research questions
A Touch of Evil: High-Assurance Cryptographic Hardware from Untrusted Components
The semiconductor industry is fully globalized and integrated circuits (ICs)
are commonly defined, designed and fabricated in different premises across the
world. This reduces production costs, but also exposes ICs to supply chain
attacks, where insiders introduce malicious circuitry into the final products.
Additionally, despite extensive post-fabrication testing, it is not uncommon
for ICs with subtle fabrication errors to make it into production systems.
While many systems may be able to tolerate a few byzantine components, this is
not the case for cryptographic hardware, storing and computing on confidential
data. For this reason, many error and backdoor detection techniques have been
proposed over the years. So far all attempts have been either quickly
circumvented, or come with unrealistically high manufacturing costs and
complexity.
This paper proposes Myst, a practical high-assurance architecture, that uses
commercial off-the-shelf (COTS) hardware, and provides strong security
guarantees, even in the presence of multiple malicious or faulty components.
The key idea is to combine protective-redundancy with modern threshold
cryptographic techniques to build a system tolerant to hardware trojans and
errors. To evaluate our design, we build a Hardware Security Module that
provides the highest level of assurance possible with COTS components.
Specifically, we employ more than a hundred COTS secure crypto-coprocessors,
verified to FIPS140-2 Level 4 tamper-resistance standards, and use them to
realize high-confidentiality random number generation, key derivation, public
key decryption and signing. Our experiments show a reasonable computational
overhead (less than 1% for both Decryption and Signing) and an exponential
increase in backdoor-tolerance as more ICs are added
Recommended from our members
Virtual Private Services: Coordinated Policy Enforcement for Distributed Applications
Large scale distributed applications combine network access with multiple storage and computational elements. The distributed responsibility for resource control creates new security issues, caused by the complexity of the operating environment. In particular, policies at multiple layers and locations force conventional mechanisms such as firewalls and compartmented file storage into roles where they are clumsy and failure-prone. Our approach relies on two functional divisions. First, we split policy specification and policy enforcement, providing local autonomy within the constraints of the global security policy. Second, we create virtual security domains each with its own security policy. Every domain has an associated set of privileges and permissions restricting it to the resources it needs to use and the services it must perform. Virtual private services ensure security and privacy policies are adhered to through coordinated policy enforcement points
InversOS: Efficient Control-Flow Protection for AArch64 Applications with Privilege Inversion
With the increasing popularity of AArch64 processors in general-purpose
computing, securing software running on AArch64 systems against control-flow
hijacking attacks has become a critical part toward secure computation. Shadow
stacks keep shadow copies of function return addresses and, when protected from
illegal modifications and coupled with forward-edge control-flow integrity,
form an effective and proven defense against such attacks. However, AArch64
lacks native support for write-protected shadow stacks, while software
alternatives either incur prohibitive performance overhead or provide weak
security guarantees.
We present InversOS, the first hardware-assisted write-protected shadow
stacks for AArch64 user-space applications, utilizing commonly available
features of AArch64 to achieve efficient intra-address space isolation (called
Privilege Inversion) required to protect shadow stacks. Privilege Inversion
adopts unconventional design choices that run protected applications in the
kernel mode and mark operating system (OS) kernel memory as user-accessible;
InversOS therefore uses a novel combination of OS kernel modifications,
compiler transformations, and another AArch64 feature to ensure the safety of
doing so and to support legacy applications. We show that InversOS is secure by
design, effective against various control-flow hijacking attacks, and
performant on selected benchmarks and applications (incurring overhead of 7.0%
on LMBench, 7.1% on SPEC CPU 2017, and 3.0% on Nginx web server).Comment: 18 pages, 9 figures, 4 table
Securing Cloud File Systems using Shielded Execution
Cloud file systems offer organizations a scalable and reliable file storage
solution. However, cloud file systems have become prime targets for
adversaries, and traditional designs are not equipped to protect organizations
against the myriad of attacks that may be initiated by a malicious cloud
provider, co-tenant, or end-client. Recently proposed designs leveraging
cryptographic techniques and trusted execution environments (TEEs) still force
organizations to make undesirable trade-offs, consequently leading to either
security, functional, or performance limitations. In this paper, we introduce
TFS, a cloud file system that leverages the security capabilities provided by
TEEs to bootstrap new security protocols that meet real-world security,
functional, and performance requirements. Through extensive security and
performance analyses, we show that TFS can ensure stronger security guarantees
while still providing practical utility and performance w.r.t. state-of-the-art
systems; compared to the widely-used NFS, TFS achieves up to 2.1X speedups
across micro-benchmarks and incurs <1X overhead for most macro-benchmark
workloads. TFS demonstrates that organizations need not sacrifice file system
security to embrace the functional and performance advantages of outsourcing
- …