Execution Integrity with In-Place Encryption

Instruction set randomization (ISR) was initially proposed with the main goal of countering code-injection attacks. However, ISR seems to have lost its appeal since code-injection attacks became less attractive because protection mechanisms such as data execution prevention (DEP) as well as code-reuse attacks became more prevalent. In this paper, we show that ISR can be extended to also protect against code-reuse attacks while at the same time offering security guarantees similar to those of software diversity, control-flow integrity, and information hiding. We present Scylla, a scheme that deploys a new technique for in-place code encryption to hide the code layout of a randomized binary, and restricts the control flow to a benign execution path. This allows us to i) implicitly restrict control-flow targets to basic block entries without requiring the extraction of a control-flow graph, ii) achieve execution integrity within legitimate basic blocks, and iii) hide the underlying code layout under malicious read access to the program. Our analysis demonstrates that Scylla is capable of preventing state-of-the-art attacks such as just-in-time return-oriented programming (JIT-ROP) and crash-resistant oriented programming (CROP). We extensively evaluate our prototype implementation of Scylla and show feasible performance overhead. We also provide details on how this overhead can be significantly reduced with dedicated hardware support

Review on DNA Cryptography

Cryptography is the science that secures data and communication over the network by applying mathematics and logic to design strong encryption methods. In the modern era of e-business and e-commerce the protection of confidentiality, integrity and availability (CIA triad) of stored information as well as of transmitted data is very crucial. DNA molecules, having the capacity to store, process and transmit information, inspires the idea of DNA cryptography. This combination of the chemical characteristics of biological DNA sequences and classical cryptography ensures the non-vulnerable transmission of data. In this paper we have reviewed the present state of art of DNA cryptography.Comment: 31 pages, 12 figures, 6 table

Contract-Based General-Purpose GPU Programming

Using GPUs as general-purpose processors has revolutionized parallel computing by offering, for a large and growing set of algorithms, massive data-parallelization on desktop machines. An obstacle to widespread adoption, however, is the difficulty of programming them and the low-level control of the hardware required to achieve good performance. This paper suggests a programming library, SafeGPU, that aims at striking a balance between programmer productivity and performance, by making GPU data-parallel operations accessible from within a classical object-oriented programming language. The solution is integrated with the design-by-contract approach, which increases confidence in functional program correctness by embedding executable program specifications into the program text. We show that our library leads to modular and maintainable code that is accessible to GPGPU non-experts, while providing performance that is comparable with hand-written CUDA code. Furthermore, runtime contract checking turns out to be feasible, as the contracts can be executed on the GPU

THE DYNAMIC CIPHERS – NEW CONCEPT OF LONG-TERM CONTENT PROTECTING

In the paper the original concept of a new cipher, targeted at this moment forcivil applications in technology (e.g. measurement and control systems) and business (e.g.content protecting, knowledge-based companies or long-term archiving systems) is presented.The idea of the cipher is based on one-time pads and linear feedback shift registers. Therapidly changing hardware and software environment of cryptographic systems has beentaken into account during the construction of the cipher. The main idea of this work is tocreate a cryptosystem that can protect content or data for a long time, even more than onehundred years. The proposed algorithm can also simulate a stream cipher which makes itpossible to apply it in digital signal processing systems such as those within audio and videodelivery or telecommunication.Content protection, Cryptosystem, Dynamic cryptography, Linear Feedback ShiftRegisters, Object-oriented programming, One-time pad, Random key, random number generators,Statistical evaluation of ciphers.

SWI-Prolog and the Web

Where Prolog is commonly seen as a component in a Web application that is either embedded or communicates using a proprietary protocol, we propose an architecture where Prolog communicates to other components in a Web application using the standard HTTP protocol. By avoiding embedding in external Web servers development and deployment become much easier. To support this architecture, in addition to the transfer protocol, we must also support parsing, representing and generating the key Web document types such as HTML, XML and RDF. This paper motivates the design decisions in the libraries and extensions to Prolog for handling Web documents and protocols. The design has been guided by the requirement to handle large documents efficiently. The described libraries support a wide range of Web applications ranging from HTML and XML documents to Semantic Web RDF processing. To appear in Theory and Practice of Logic Programming (TPLP)Comment: 31 pages, 24 figures and 2 tables. To appear in Theory and Practice of Logic Programming (TPLP

FastFlow tutorial

FastFlow is a structured parallel programming framework targeting shared memory multicores. Its layered design and the optimized implementation of the communication mechanisms used to implement the FastFlow streaming networks provided to the application programmer as algorithmic skeletons support the development of efficient fine grain parallel applications. FastFlow is available (open source) at SourceForge (http://sourceforge.net/projects/mc-fastflow/). This work introduces FastFlow programming techniques and points out the different ways used to parallelize existing C/C++ code using FastFlow as a software accelerator. In short: this is a kind of tutorial on FastFlow.Comment: 49 pages + cove