51,236 research outputs found
Investigating SRAM PUFs in large CPUs and GPUs
Physically unclonable functions (PUFs) provide data that can be used for
cryptographic purposes: on the one hand randomness for the initialization of
random-number generators; on the other hand individual fingerprints for unique
identification of specific hardware components. However, today's off-the-shelf
personal computers advertise randomness and individual fingerprints only in the
form of additional or dedicated hardware.
This paper introduces a new set of tools to investigate whether intrinsic
PUFs can be found in PC components that are not advertised as containing PUFs.
In particular, this paper investigates AMD64 CPU registers as potential PUF
sources in the operating-system kernel, the bootloader, and the system BIOS;
investigates the CPU cache in the early boot stages; and investigates shared
memory on Nvidia GPUs. This investigation found non-random non-fingerprinting
behavior in several components but revealed usable PUFs in Nvidia GPUs.Comment: 25 pages, 6 figures. Code in appendi
Verifying Safety Properties With the TLA+ Proof System
TLAPS, the TLA+ proof system, is a platform for the development and
mechanical verification of TLA+ proofs written in a declarative style requiring
little background beyond elementary mathematics. The language supports
hierarchical and non-linear proof construction and verification, and it is
independent of any verification tool or strategy. A Proof Manager uses backend
verifiers such as theorem provers, proof assistants, SMT solvers, and decision
procedures to check TLA+ proofs. This paper documents the first public release
of TLAPS, distributed with a BSD-like license. It handles almost all the
non-temporal part of TLA+ as well as the temporal reasoning needed to prove
standard safety properties, in particular invariance and step simulation, but
not liveness properties
Why Do Developers Get Password Storage Wrong? A Qualitative Usability Study
Passwords are still a mainstay of various security systems, as well as the
cause of many usability issues. For end-users, many of these issues have been
studied extensively, highlighting problems and informing design decisions for
better policies and motivating research into alternatives. However, end-users
are not the only ones who have usability problems with passwords! Developers
who are tasked with writing the code by which passwords are stored must do so
securely. Yet history has shown that this complex task often fails due to human
error with catastrophic results. While an end-user who selects a bad password
can have dire consequences, the consequences of a developer who forgets to hash
and salt a password database can lead to far larger problems. In this paper we
present a first qualitative usability study with 20 computer science students
to discover how developers deal with password storage and to inform research
into aiding developers in the creation of secure password systems
Gathering realistic authentication performance data through field trials
Most evaluations of novel authentication mechanisms have been conducted under laboratory conditions. We argue that the results of short-term usage under laboratory conditions do not predict user performance âin the wildâ, because there is insufficient time between enrolment and testing, the number of authentications is low, and authentication is presented as a primary task, rather then the secondary task as it is âin the wildâ. User generated reports of performance on the other hand provide subjective data, so reports on frequency of use, time intervals, and success or failure of authentication are subject to the vagaries of users â memories. Studies on authentication that provide objective performance data under real-world conditions are rare. In this paper, we present our experiences with a study method that tries to control frequency and timing of authentication, and collects reliable performance data, while maintaining ecological validity of the authentication context at the same time. We describe the development of an authentication server called APET, which allows us to prompt users enrolled in trial cohorts to authenticate at controlled intervals, and report our initial experiences with trials. We conclude by discussing remaining challenges in obtaining reliable performance data through a field trial method such as this one
What did I really vote for? On the usability of verifiable e-voting schemes
E-voting has been embraced by a number of countries, delivering benefits in terms of efficiency and accessibility. End-to-end verifiable e-voting schemes facilitate verification of the integrity of individual votes during the election process. In particular, methods for cast-as-intended verification enable voters to confirm that their cast votes have not been manipulated by the voting client. A well-known technique for effecting cast-as-intended verification is the Benaloh Challenge. The usability of this challenge is crucial because voters have to be actively engaged in the verification process. In this paper, we report on a usability evaluation of three different approaches of the Benaloh Challenge in the remote e-voting context. We performed a comparative user study with 95 participants. We conclude with a recommendation for which approaches should be provided to afford verification in real-world elections and suggest usability improvements
Do we really need to write documentation for a system? CASE tool add-ons: generator+editor for a precise documentation
One of the common problems of system development projects is that the system
documentation is often outdated and does not describe the latest version of the
system. The situation is even more complicated if we are speaking not about a
natural language description of the system, but about its formal specification.
In this paper we discuss how the problem could be solved by updating the
documentation automatically, by generating a new formal specification from the
model if the model is frequently changed.Comment: In Proceedings International Conference on Model-Driven Engineering
and Software Development (MODELSWARD'13
FollowMe: A Bigraphical Approach
In this paper we illustrate the use of modelling techniques using bigraphs to specify and refine elementary aspects of the FollowMe framework. This framework provides the seamless migration of bi-directional user interfaces for users as they navigate between zones within an intelligent environment
- âŠ