7,897 research outputs found
Time Protection: the Missing OS Abstraction
Timing channels enable data leakage that threatens the security of computer
systems, from cloud platforms to smartphones and browsers executing untrusted
third-party code. Preventing unauthorised information flow is a core duty of
the operating system, however, present OSes are unable to prevent timing
channels. We argue that OSes must provide time protection in addition to the
established memory protection. We examine the requirements of time protection,
present a design and its implementation in the seL4 microkernel, and evaluate
its efficacy as well as performance overhead on Arm and x86 processors
Higher-order CIS codes
We introduce {\bf complementary information set codes} of higher-order. A
binary linear code of length and dimension is called a complementary
information set code of order (-CIS code for short) if it has
pairwise disjoint information sets. The duals of such codes permit to reduce
the cost of masking cryptographic algorithms against side-channel attacks. As
in the case of codes for error correction, given the length and the dimension
of a -CIS code, we look for the highest possible minimum distance. In this
paper, this new class of codes is investigated. The existence of good long CIS
codes of order is derived by a counting argument. General constructions
based on cyclic and quasi-cyclic codes and on the building up construction are
given. A formula similar to a mass formula is given. A classification of 3-CIS
codes of length is given. Nonlinear codes better than linear codes are
derived by taking binary images of -codes. A general algorithm based on
Edmonds' basis packing algorithm from matroid theory is developed with the
following property: given a binary linear code of rate it either provides
disjoint information sets or proves that the code is not -CIS. Using
this algorithm, all optimal or best known codes where and are shown to be -CIS for all
such and , except for with and with .Comment: 13 pages; 1 figur
Privacy-Preserving Secret Shared Computations using MapReduce
Data outsourcing allows data owners to keep their data at \emph{untrusted}
clouds that do not ensure the privacy of data and/or computations. One useful
framework for fault-tolerant data processing in a distributed fashion is
MapReduce, which was developed for \emph{trusted} private clouds. This paper
presents algorithms for data outsourcing based on Shamir's secret-sharing
scheme and for executing privacy-preserving SQL queries such as count,
selection including range selection, projection, and join while using MapReduce
as an underlying programming model. Our proposed algorithms prevent an
adversary from knowing the database or the query while also preventing
output-size and access-pattern attacks. Interestingly, our algorithms do not
involve the database owner, which only creates and distributes secret-shares
once, in answering any query, and hence, the database owner also cannot learn
the query. Logically and experimentally, we evaluate the efficiency of the
algorithms on the following parameters: (\textit{i}) the number of
communication rounds (between a user and a server), (\textit{ii}) the total
amount of bit flow (between a user and a server), and (\textit{iii}) the
computational load at the user and the server.\BComment: IEEE Transactions on Dependable and Secure Computing, Accepted 01
Aug. 201
- …