Cryptographically Secure Information Flow Control on Key-Value Stores

We present Clio, an information flow control (IFC) system that transparently incorporates cryptography to enforce confidentiality and integrity policies on untrusted storage. Clio insulates developers from explicitly manipulating keys and cryptographic primitives by leveraging the policy language of the IFC system to automatically use the appropriate keys and correct cryptographic operations. We prove that Clio is secure with a novel proof technique that is based on a proof style from cryptography together with standard programming languages results. We present a prototype Clio implementation and a case study that demonstrates Clio's practicality.Comment: Full version of conference paper appearing in CCS 201

Strong and Provably Secure Database Access Control

Existing SQL access control mechanisms are extremely limited. Attackers can leak information and escalate their privileges using advanced database features such as views, triggers, and integrity constraints. This is not merely a problem of vendors lagging behind the state-of-the-art. The theoretical foundations for database security lack adequate security definitions and a realistic attacker model, both of which are needed to evaluate the security of modern databases. We address these issues and present a provably secure access control mechanism that prevents attacks that defeat popular SQL database systems.Comment: A short version of this paper has been published in the proceedings of the 1st IEEE European Symposium on Security and Privacy (EuroS&P 2016

Wavelet-Based High-Order Adaptive Modeling of Lossy Interconnects

Abstract—This paper presents a numerical-modeling strategy for simulation of fast transients in lossy electrical interconnects. The proposed algorithm makes use of wavelet representations of voltages and currents along the structure, with the aim of reducing the computational complexity of standard time-domain solvers. A special weak procedure for the implementation of possibly dynamic and nonlinear boundary conditions allows to preserve stability as well as a high approximation order, thus leading to very accurate schemes. On the other hand, the wavelet expansion allows the computation of the solution by using few significant coefficients which are automatically determined at each time step. A dynamically refinable mesh is then used to perform a sparse time-stepping. Several numerical results illustrate the high efficiency of the proposed algorithm, which has been tuned and optimized for best performance in fast digital applications typically found on modern PCB structures. Index Terms—Finite difference methods, time-domain analysis, transmission lines, wavelet transforms. I

Practical Fine-grained Privilege Separation in Multithreaded Applications

An inherent security limitation with the classic multithreaded programming model is that all the threads share the same address space and, therefore, are implicitly assumed to be mutually trusted. This assumption, however, does not take into consideration of many modern multithreaded applications that involve multiple principals which do not fully trust each other. It remains challenging to retrofit the classic multithreaded programming model so that the security and privilege separation in multi-principal applications can be resolved. This paper proposes ARBITER, a run-time system and a set of security primitives, aimed at fine-grained and data-centric privilege separation in multithreaded applications. While enforcing effective isolation among principals, ARBITER still allows flexible sharing and communication between threads so that the multithreaded programming paradigm can be preserved. To realize controlled sharing in a fine-grained manner, we created a novel abstraction named ARBITER Secure Memory Segment (ASMS) and corresponding OS support. Programmers express security policies by labeling data and principals via ARBITER's API following a unified model. We ported a widely-used, in-memory database application (memcached) to ARBITER system, changing only around 100 LOC. Experiments indicate that only an average runtime overhead of 5.6% is induced to this security enhanced version of application

A Parameterization Scheme for Lossy Transmission Line Macromodels with Application to High Speed Interconnects in Mobile Devices

We introduce a novel parameterization scheme based on the generalized method of characteristics (MoC) formacromodels of transmission-line structures having a cross section depending on several free geometrical and material parameters. This situation is common in early design stages, when the physical structures still have to be finalized and optimized under signal integrity and electromagnetic compatibility constraints. The topology of the adopted line macromodels has been demonstrated to guarantee excellent accuracy and efficiency. The key factors are propagation delay extraction and rational approximations, which intrinsically lead to a SPICE-compatible macromodel stamp. We introduce a scheme that parameterizes this stamp as a function of geometrical and material parameters such as conductor-width and separation, dielectric thickness, and permettivity. The parameterization is performed via multidimensional interpolation of the residue matrices in the rational approximation of characteristic admittance and propagation operators. A significant advantage of this approach consists of the possibility of efficiently utilizing the MoC methodology in an optimization scheme and eventually helping the design of interconnects.We apply the proposed scheme to flexible printed interconnects that are typically found in portable devices having moving parts. Several validations demonstrate the effectiveness of the approac