Secure Virtualization and Multicore Platforms State-of-the-Art report

SVaM

Expanding the UK Secure by Design proposal for a usable consumer-focused IoT security label

No person whom has any knowledge of security in the Internet of Things (IoT) would claim the current landscape is desirable, as exceedingly poor security of devices is routinely exhibited in an ecosystem experiencing exponential growth of devices. If these devices follow past trends in Cyber Security, it is not unreasonable to assume that without intervention another decade of exponentially growing costs attributed to Cyber Crime may lay ahead. After the failure of the voluntary approach to IoT Security, works are now being taken to legislate a minimum security standard.Building from existing proposals, this paper outlines real improvements that could be made to current ongoing works, with the intention of providing incentive for manufacturers to improve device security in the IoT sector and reduce the timeline for routine deployment of secured devices.Incorporating strategies developed in other industries, as well as security requirements from across international borders, a point-of-sale user focused label is proposed, which can be easily interpreted by non-technical users. Intending to provoke curiosity and fully reassure the end-user, a two-layer system is chosen which allows the conveyance of more detailed information than could fit on a physical label

UniDA: Uniform Device Access Framework for Human Interaction Environments

Human interaction environments (HIE) must be understood as any place where people carry out their daily life, including their work, family life, leisure and social life, interacting with technology to enhance or facilitate the experience. The integration of technology in these environments has been achieved in a disorderly and incompatible way, with devices operating in isolated islands with artificial edges delimited by the manufacturers. In this paper we are presenting the UniDA framework, an integral solution for the development of systems that require the integration and interoperation of devices and technologies in HIEs. It provides developers and installers with a uniform conceptual framework capable of modelling an HIE, together with a set of libraries, tools and devices to build distributed instrumentation networks with support for transparent integration of other technologies. A series of use case examples and a comparison to many of the existing technologies in the field has been included in order to show the benefits of using UniDA

Human Factors in Secure Software Development

While security research has made significant progress in the development of theoretically secure methods, software and algorithms, software still comes with many possible exploits, many of those using the human factor. The human factor is often called ``the weakest link'' in software security. To solve this, human factors research in security and privacy focus on the users of technology and consider their security needs. The research then asks how technology can serve users while minimizing risks and empowering them to retain control over their own data. However, these concepts have to be implemented by developers whose security errors may proliferate to all of their software's users. For example, software that stores data in an insecure way, does not secure network traffic correctly, or otherwise fails to adhere to secure programming best practices puts all of the software's users at risk. It is therefore critical that software developers implement security correctly. However, in addition to security rarely being a primary concern while producing software, developers may also not have extensive awareness, knowledge, training or experience in secure development. A lack of focus on usability in libraries, documentation, and tools that they have to use for security-critical components may exacerbate the problem by blowing up the investment of time and effort needed to "get security right". This dissertation's focus is how to support developers throughout the process of implementing software securely. This research aims to understand developers' use of resources, their mindsets as they develop, and how their background impacts code security outcomes. Qualitative, quantitative and mixed methods were employed online and in the laboratory, and large scale datasets were analyzed to conduct this research. This research found that the information sources developers use can contribute to code (in)security: copying and pasting code from online forums leads to achieving functional code quickly compared to using official documentation resources, but may introduce vulnerable code. We also compared the usability of cryptographic APIs, finding that poor usability, unsafe (possibly obsolete) defaults and unhelpful documentation also lead to insecure code. On the flip side, well-thought out documentation and abstraction levels can help improve an API's usability and may contribute to secure API usage. We found that developer experience can contribute to better security outcomes, and that studying students in lieu of professional developers can produce meaningful insights into developers' experiences with secure programming. We found that there is a multitude of online secure development advice, but that these advice sources are incomplete and may be insufficient for developers to retrieve help, which may cause them to choose un-vetted and potentially insecure resources. This dissertation supports that (a) secure development is subject to human factor challenges and (b) security can be improved by addressing these challenges and supporting developers. The work presented in this dissertation has been seminal in establishing human factors in secure development research within the security and privacy community and has advanced the dialogue about the rigorous use of empirical methods in security and privacy research. In these research projects, we repeatedly found that usability issues of security and privacy mechanisms, development practices, and operation routines are what leads to the majority of security and privacy failures that affect millions of end users

An implementation of Deflate in Coq

The widely-used compression format "Deflate" is defined in RFC 1951 and is based on prefix-free codings and backreferences. There are unclear points about the way these codings are specified, and several sources for confusion in the standard. We tried to fix this problem by giving a rigorous mathematical specification, which we formalized in Coq. We produced a verified implementation in Coq which achieves competitive performance on inputs of several megabytes. In this paper we present the several parts of our implementation: a fully verified implementation of canonical prefix-free codings, which can be used in other compression formats as well, and an elegant formalism for specifying sophisticated formats, which we used to implement both a compression and decompression algorithm in Coq which we formally prove inverse to each other -- the first time this has been achieved to our knowledge. The compatibility to other Deflate implementations can be shown empirically. We furthermore discuss some of the difficulties, specifically regarding memory and runtime requirements, and our approaches to overcome them

Comparing Google's Android and Apple's iOS Mobile Software Development Environments

Mobile devices have become extremely popular during the past few years. They are used widely in business and everyday life by the young and the elderly. As the mobile devices and their operating systems have developed, the manufacturers have made it possible also for everyday users to create their own applications using specific Software Development Kits. For that reason, it is now common that applications are created not only by third party companies but also by everyone interested in the matter. The mobile business has come to a point where there are a few big companies respon-sible for developing the operating systems used by most hardware manufacturers. Of all the operating systems, there are two which have grown their market share during the past few years: Apple's iOS and Google's Android. The purpose of this thesis was to compare the two, finding out how easy they are to take into use, and to develop and publish applications with. The study was carried out as an empirical research. The research was made on both operating systems and the SDKs. Based on that knowledge, applications were created and published for both systems. The basic outline of the study was installing and work-ing with both SDKs, developing and publishing applications using the SDKs, and es-timating the costs of installing development kits in an educational environment. The objectives of this study were achieved as planned: both SDKs were successfully installed, four applications were created altogether, an estimation of costs was made and overall experience of both systems was gained

Offloading cryptographic services to the SIM card in smartphones

Smartphones have achieved ubiquitous presence in people’s everyday life as communication, entertainment and work tools. Touch screens and a variety of sensors offer a rich experience and make applications increasingly diverse, complex and resource demanding. Despite their continuous evolution and enhancements, mobile devices are still limited in terms of battery life, processing power, storage capacity and network bandwidth. Computation offloading stands out among the efforts to extend device capabilities and face the growing gap between demand and availability of resources. As most popular technologies, mobile devices are attractive targets for malicious at- tackers. They usually store sensitive private data of their owners and are increasingly used for security sensitive activities such as online banking or mobile payments. While computation offloading introduces new challenges to the protection of those assets, it is very uncommon to take security and privacy into account as the main optimization objectives of this technique. Mobile OS security relies heavily on cryptography. Available hardware and software cryptographic providers are usually designed to resist software attacks. This kind of protection is not enough when physical control over the device is lost. Secure elements, on the other hand, include a set of protections that make them physically tamper-resistant devices. This work proposes a computation offloading technique that prioritizes enhancing security capabilities in mobile phones by offloading cryptographic operations to the SIM card, the only universally present secure element in those devices. Our contributions include an architecture for this technique, a proof-of-concept prototype developed under Android OS and the results of a performance evaluation that was conducted to study its execution times and battery consumption. Despite some limitations, our approach proves to be a valid alternative to enhance security on any smartphone.Los smartphones están omnipresentes en la vida cotidiana de las personas como herramientas de comunicación, entretenimiento y trabajo. Las pantallas táctiles y una variedad de sensores ofrecen una experiencia superior y hacen que las aplicaciones sean cada vez más diversas, complejas y demanden más recursos. A pesar de su continua evolución y mejoras, los dispositivos móviles aún están limitados en duración de batería, poder de procesamiento, capacidad de almacenamiento y ancho de banda de red. Computation offloading se destaca entre los esfuerzos para ampliar las capacidades del dispositivo y combatir la creciente brecha entre demanda y disponibilidad de recursos. Como toda tecnología popular, los smartphones son blancos atractivos para atacantes maliciosos. Generalmente almacenan datos privados y se utilizan cada vez más para actividades sensibles como banca en línea o pagos móviles. Si bien computation offloading presenta nuevos desafíos al proteger esos activos, es muy poco común tomar seguridad y privacidad como los principales objetivos de optimización de dicha técnica. La seguridad del SO móvil depende fuertemente de la criptografía. Los servicios criptográficos por hardware y software disponibles suelen estar diseñados para resistir ataques de software, protección insuficiente cuando se pierde el control físico sobre el dispositivo. Los elementos seguros, en cambio, incluyen un conjunto de protecciones que los hacen físicamente resistentes a la manipulación. Este trabajo propone una técnica de computation offloading que prioriza mejorar las capacidades de seguridad de los teléfonos móviles descargando operaciones criptográficas a la SIM, único elemento seguro universalmente presente en los mismos. Nuestras contribuciones incluyen una arquitectura para esta técnica, un prototipo de prueba de concepto desarrollado bajo Android y los resultados de una evaluación de desempeño que estudia tiempos de ejecución y consumo de batería. A pesar de algunas limitaciones, nuestro enfoque demuestra ser una alternativa válida para mejorar la seguridad en cualquier smartphone

ACCESSIBLE ACCESS CONTROL: A VISUALIZATION SYSTEM FOR ACCESS CONTROL POLICY MANAGEMENT

Attacks on computers today present in many different forms, causing malfunction of operating systems, information leakage and loss of business and public trust. Access control is a technique that stands as the last line of protection restricting the access of users or processes to resources on computers. Throughout the years, many access control models have been implemented to accommodate security requirements under different circumstances. However, the learning of access control models and the management of access control policies are still challenging given its abstract nature, the lack of an environment for practice, and the intricacy of fulfilling complex security goals. These problems seriously reduce the usability of access control models. In this dissertation, we present a set of pedagogical systems that facilitates the teaching and studying of access control models and a visualization system that aids the authoring and analysis of access control policies. These systems are designed to tackle the usability problems in two steps. First, the pedagogical systems were designed for new learners to overcome the obstacles of learning access control and the lack of practicing environment at the very beginning. Contrary to the traditional lecture and in-paper homework method, the tool allows users to write/import a policy file, follow the visual steps to understand the concepts and access mechanisms of a model and conduct self-evaluation through Quiz and Query modules. Each of the four systems is specifically designed for a model of the Domain Type Enforcement, Multi-level Security, Role-based Access Control, or UNIX permissions. Through these systems, users are able to take an active role in exploring the effect of a policy with a safe and intact underlying operating systems. Second, writing and evaluating the effect of a policy could also be challenging and tedious even for security professionals when there are thousands of lines of rules. We believe that writing an access control policy should not include the complexity of learning a new language, and managing the policies should never be manual when automatic examination could take the place. In the aspect of policy writing, the visualization system kept the least number of key elements for specifying a rule: user, object, and action. They describe the active entity who takes the action, the file or directory which the action is applied to, and the type of accesses allowed, respectively. Because of its simple form without requiring the learning of a programming-like language, we hope that specifying policies using our language could be accomplished effortlessly not only by security professionals but also by anyone who is interested in access control. Moreover, policies can often be left unexamined when deployed. This is similar to releasing program which was untested and could lead to dangerous results. Therefore, the visualization system provides ways to explore and analyze access control policies to help confirm the effect of the policies. Through interactive textual and graphical illustrations, users could specify the accesses to check, and be notified when problems exist