3,719 research outputs found
Cast-as-Intended Mechanism with Return Codes Based on PETs
We propose a method providing cast-as-intended verifiability for remote
electronic voting. The method is based on plaintext equivalence tests (PETs),
used to match the cast ballots against the pre-generated encrypted code tables.
Our solution provides an attractive balance of security and functional
properties. It is based on well-known cryptographic building blocks and relies
on standard cryptographic assumptions, which allows for relatively simple
security analysis. Our scheme is designed with a built-in fine-grained
distributed trust mechanism based on threshold decryption. It, finally, imposes
only very little additional computational burden on the voting platform, which
is especially important when voters use devices of restricted computational
power such as mobile phones. At the same time, the computational cost on the
server side is very reasonable and scales well with the increasing ballot size
Lockdown: Dynamic Control-Flow Integrity
Applications written in low-level languages without type or memory safety are
especially prone to memory corruption. Attackers gain code execution
capabilities through such applications despite all currently deployed defenses
by exploiting memory corruption vulnerabilities. Control-Flow Integrity (CFI)
is a promising defense mechanism that restricts open control-flow transfers to
a static set of well-known locations. We present Lockdown, an approach to
dynamic CFI that protects legacy, binary-only executables and libraries.
Lockdown adaptively learns the control-flow graph of a running process using
information from a trusted dynamic loader. The sandbox component of Lockdown
restricts interactions between different shared objects to imported and
exported functions by enforcing fine-grained CFI checks. Our prototype
implementation shows that dynamic CFI results in low performance overhead.Comment: ETH Technical Repor
Why Just Boogie? Translating Between Intermediate Verification Languages
The verification systems Boogie and Why3 use their respective intermediate
languages to generate verification conditions from high-level programs. Since
the two systems support different back-end provers (such as Z3 and Alt-Ergo)
and are used to encode different high-level languages (such as C# and Java),
being able to translate between their intermediate languages would provide a
way to reuse one system's features to verify programs meant for the other. This
paper describes a translation of Boogie into WhyML (Why3's intermediate
language) that preserves semantics, verifiability, and program structure to a
large degree. We implemented the translation as a tool and applied it to 194
Boogie-verified programs of various sources and sizes; Why3 verified 83% of the
translated programs with the same outcome as Boogie. These results indicate
that the translation is often effective and practically applicable
Modelling and verifying dynamic access control policies in workflow-based healthcare systems
Access control system is an important component to protect patients’ information from abuse in a health care system. It is a major concern in the management, design, and development of healthcare systems. Designing access control policies for healthcare systems is complicated due to the dynamic and inherent complexity of the tasks performed by the healthcare
personnel. Permissions in access control systems are usually granted on the basis of static policies. However, static policies are not enough to cope with various situations such as emergencies. Most often, the Break-the-glass mechanism is used to bypass static policies to handle emergency situations. Since healthcare systems are critical systems, where errors can be very costly in terms of lives, quality of life, and/or dollars, it is crucial to identify discrepancies between policy
specifications and their intended function to implement correctly a flexible access control system. Formal verifications are necessary for exhaustive verification and validation of policy specifications to ensure that the policy specifications
truly encapsulate the desires of the policy authors. We present a verifiable framework to enact a dynamic access control model by integrating the ANSI/INCTIS RBAC Reference Model in a workflow and an approach for property verifications of
the access control model. Access control policies are expressed by the formal semantics of a model checker and properties are verified by the DiVinE model checker
Time Protection: the Missing OS Abstraction
Timing channels enable data leakage that threatens the security of computer
systems, from cloud platforms to smartphones and browsers executing untrusted
third-party code. Preventing unauthorised information flow is a core duty of
the operating system, however, present OSes are unable to prevent timing
channels. We argue that OSes must provide time protection in addition to the
established memory protection. We examine the requirements of time protection,
present a design and its implementation in the seL4 microkernel, and evaluate
its efficacy as well as performance overhead on Arm and x86 processors
Parameterized Concurrent Multi-Party Session Types
Session types have been proposed as a means of statically verifying
implementations of communication protocols. Although prior work has been
successful in verifying some classes of protocols, it does not cope well with
parameterized, multi-actor scenarios with inherent asynchrony. For example, the
sliding window protocol is inexpressible in previously proposed session type
systems. This paper describes System-A, a new typing language which overcomes
many of the expressiveness limitations of prior work. System-A explicitly
supports asynchrony and parallelism, as well as multiple forms of
parameterization. We define System-A and show how it can be used for the static
verification of a large class of asynchronous communication protocols.Comment: In Proceedings FOCLASA 2012, arXiv:1208.432
A translator for automated code generation for service-based systems
Service based systems are playing a major role in industry today, everything from the verification of credit cards to booking airplane reservations are using some form of a service based approach. This unfortunately brings up a really big problem, how do we know that these services are actually doing what they are supposed to? Or, how do we know the service based system doesn\u27t get somehow compromised when handling sensitive information.;A collaborative project involving Arizona State University and West Virginia University began in 2004 to first create a language, called alpha-calculus. We can prove that the code written in alpha-calculus adheres to the requirements. The next step was to create a translator that could convert code written in alpha-calculus to Secure Operations Language (SOL), which could then be used to develop service-based systems.;While research has been done in this area, the alpha-calculus to SOL translator provides a real world solution to creating provable/verifiable service based systems
- …