20,026 research outputs found
Cryptographically Secure Information Flow Control on Key-Value Stores
We present Clio, an information flow control (IFC) system that transparently
incorporates cryptography to enforce confidentiality and integrity policies on
untrusted storage. Clio insulates developers from explicitly manipulating keys
and cryptographic primitives by leveraging the policy language of the IFC
system to automatically use the appropriate keys and correct cryptographic
operations. We prove that Clio is secure with a novel proof technique that is
based on a proof style from cryptography together with standard programming
languages results. We present a prototype Clio implementation and a case study
that demonstrates Clio's practicality.Comment: Full version of conference paper appearing in CCS 201
Strong and Provably Secure Database Access Control
Existing SQL access control mechanisms are extremely limited. Attackers can
leak information and escalate their privileges using advanced database features
such as views, triggers, and integrity constraints. This is not merely a
problem of vendors lagging behind the state-of-the-art. The theoretical
foundations for database security lack adequate security definitions and a
realistic attacker model, both of which are needed to evaluate the security of
modern databases. We address these issues and present a provably secure access
control mechanism that prevents attacks that defeat popular SQL database
systems.Comment: A short version of this paper has been published in the proceedings
of the 1st IEEE European Symposium on Security and Privacy (EuroS&P 2016
Wavelet-Based High-Order Adaptive Modeling of Lossy Interconnects
AbstractâThis paper presents a numerical-modeling strategy for simulation of fast transients in lossy electrical interconnects. The proposed algorithm makes use of wavelet representations of voltages and currents along the structure, with the aim of reducing the computational complexity of standard time-domain solvers. A special weak procedure for the implementation of possibly dynamic and nonlinear boundary conditions allows to preserve stability as well as a high approximation order, thus leading to very accurate schemes. On the other hand, the wavelet expansion allows the computation of the solution by using few significant coefficients which are automatically determined at each time step. A dynamically refinable mesh is then used to perform a sparse time-stepping. Several numerical results illustrate the high efficiency of the proposed algorithm, which has been tuned and optimized for best performance in fast digital applications typically found on modern PCB structures. Index TermsâFinite difference methods, time-domain analysis, transmission lines, wavelet transforms. I
Practical Fine-grained Privilege Separation in Multithreaded Applications
An inherent security limitation with the classic multithreaded programming
model is that all the threads share the same address space and, therefore, are
implicitly assumed to be mutually trusted. This assumption, however, does not
take into consideration of many modern multithreaded applications that involve
multiple principals which do not fully trust each other. It remains challenging
to retrofit the classic multithreaded programming model so that the security
and privilege separation in multi-principal applications can be resolved.
This paper proposes ARBITER, a run-time system and a set of security
primitives, aimed at fine-grained and data-centric privilege separation in
multithreaded applications. While enforcing effective isolation among
principals, ARBITER still allows flexible sharing and communication between
threads so that the multithreaded programming paradigm can be preserved. To
realize controlled sharing in a fine-grained manner, we created a novel
abstraction named ARBITER Secure Memory Segment (ASMS) and corresponding OS
support. Programmers express security policies by labeling data and principals
via ARBITER's API following a unified model. We ported a widely-used, in-memory
database application (memcached) to ARBITER system, changing only around 100
LOC. Experiments indicate that only an average runtime overhead of 5.6% is
induced to this security enhanced version of application
A Parameterization Scheme for Lossy Transmission Line Macromodels with Application to High Speed Interconnects in Mobile Devices
We introduce a novel parameterization scheme based on the generalized method of characteristics (MoC) formacromodels of transmission-line structures having a cross section depending on several free geometrical and material parameters. This situation is common in early design stages, when the physical structures still have to be finalized and optimized under signal integrity and electromagnetic compatibility constraints. The topology of the adopted line macromodels has been demonstrated to guarantee excellent accuracy and efficiency. The key factors are propagation delay extraction and rational approximations, which intrinsically lead to a SPICE-compatible macromodel stamp. We introduce a scheme that parameterizes this stamp as a function of geometrical and material parameters such as conductor-width and separation, dielectric thickness, and permettivity. The parameterization is performed via multidimensional interpolation of the residue matrices in the rational approximation of characteristic admittance and propagation operators. A significant advantage of this approach consists of the possibility of efficiently utilizing the MoC methodology in an optimization scheme and eventually helping the design of interconnects.We apply the proposed scheme to flexible printed interconnects that are typically found in portable devices having moving parts. Several validations demonstrate the effectiveness of the approac
- âŠ