1,663 research outputs found
XML data integrity based on concatenated hash function
Data integrity is the fundamental for data authentication. A major problem for XML data authentication is that signed XML data can be copied to another document but still keep signature valid. This is caused by XML data integrity protecting. Through investigation, the paper discovered that besides data content integrity, XML data integrity should also protect element location information, and context referential integrity under fine-grained security situation. The aim of this paper is to propose a model for XML data integrity considering XML data features. The paper presents an XML data integrity model named as CSR (content integrity, structure integrity, context referential integrity) based on a concatenated hash function. XML data content integrity is ensured using an iterative hash process, structure integrity is protected by hashing an absolute path string from root node, and context referential integrity is ensured by protecting context-related elements. Presented XML data integrity model can satisfy integrity requirements under situation of fine-grained security, and compatible with XML signature. Through evaluation, the integrity model presented has a higher efficiency on digest value-generation than the Merkle hash tree-based integrity model for XML data
Tree-formed Verification Data for Trusted Platforms
The establishment of trust relationships to a computing platform relies on
validation processes. Validation allows an external entity to build trust in
the expected behaviour of the platform based on provided evidence of the
platform's configuration. In a process like remote attestation, the 'trusted'
platform submits verification data created during a start up process. These
data consist of hardware-protected values of platform configuration registers,
containing nested measurement values, e.g., hash values, of loaded or started
components. Commonly, the register values are created in linear order by a
hardware-secured operation. Fine-grained diagnosis of components, based on the
linear order of verification data and associated measurement logs, is not
optimal. We propose a method to use tree-formed verification data to validate a
platform. Component measurement values represent leaves, and protected
registers represent roots of a hash tree. We describe the basic mechanism of
validating a platform using tree-formed measurement logs and root registers and
show an logarithmic speed-up for the search of faults. Secure creation of a
tree is possible using a limited number of hardware-protected registers and a
single protected operation. In this way, the security of tree-formed
verification data is maintained.Comment: 15 pages, 11 figures, v3: Reference added, v4: Revised, accepted for
publication in Computers and Securit
Lex-Partitioning: A New Option for BDD Search
For the exploration of large state spaces, symbolic search using binary
decision diagrams (BDDs) can save huge amounts of memory and computation time.
State sets are represented and modified by accessing and manipulating their
characteristic functions. BDD partitioning is used to compute the image as the
disjunction of smaller subimages.
In this paper, we propose a novel BDD partitioning option. The partitioning
is lexicographical in the binary representation of the states contained in the
set that is represented by a BDD and uniform with respect to the number of
states represented. The motivation of controlling the state set sizes in the
partitioning is to eventually bridge the gap between explicit and symbolic
search.
Let n be the size of the binary state vector. We propose an O(n) ranking and
unranking scheme that supports negated edges and operates on top of precomputed
satcount values. For the uniform split of a BDD, we then use unranking to
provide paths along which we partition the BDDs. In a shared BDD representation
the efforts are O(n). The algorithms are fully integrated in the CUDD library
and evaluated in strongly solving general game playing benchmarks.Comment: In Proceedings GRAPHITE 2012, arXiv:1210.611
F-HASH: Securing Hash Functions Using Feistel Chaining
The Feistel structure is well-known as a good structure for building block ciphers, due to its property of invertibility. It can be made non-invertible by fixing the left half of the input to 0, and by discarding the left half of the output bits. It then becomes suitable as a hash function construction. This paper uses the structure to build a hash function called F-Hash, which is immune to recent attack styles. In this paper, a more precise evaluation method, based upon conditional probability, is given
Size-Change Termination as a Contract
Termination is an important but undecidable program property, which has led
to a large body of work on static methods for conservatively predicting or
enforcing termination. One such method is the size-change termination approach
of Lee, Jones, and Ben-Amram, which operates in two phases: (1) abstract
programs into "size-change graphs," and (2) check these graphs for the
size-change property: the existence of paths that lead to infinite decreasing
sequences.
We transpose these two phases with an operational semantics that accounts for
the run-time enforcement of the size-change property, postponing (or entirely
avoiding) program abstraction. This choice has two key consequences: (1)
size-change termination can be checked at run-time and (2) termination can be
rephrased as a safety property analyzed using existing methods for systematic
abstraction.
We formulate run-time size-change checks as contracts in the style of Findler
and Felleisen. The result compliments existing contracts that enforce partial
correctness specifications to obtain contracts for total correctness. Our
approach combines the robustness of the size-change principle for termination
with the precise information available at run-time. It has tunable overhead and
can check for nontermination without the conservativeness necessary in static
checking. To obtain a sound and computable termination analysis, we apply
existing abstract interpretation techniques directly to the operational
semantics, avoiding the need for custom abstractions for termination. The
resulting analyzer is competitive with with existing, purpose-built analyzers
CloudAnchor Smart Contracts
The CloudAnchor platform allows the negotiation of IaaS Cloud resources for Small and Medium Sized Enterprises (SME), either as resource providers or consumers. This project entails the research, design, and implementation of a solution based on smart contracts, with the goal of permanently recording and managing the contracts on a blockchain network. The usage of smart contracts enables safe contract code execution and raises the level of trust, integrity, and traceability of the platform contracts by keeping the data stored in a decentralised manner. To do so, a method to coordinate and submit transactions to the blockchain network must be implemented. The tests carried out indicate that the solution has been successfully implemented, with contract registration saved in a decentralised and safe manner. As a result, there was an increase in the platform’s execution time, caused by the new transactions made to the blockchain.A plataforma CloudAnchor permite a negociação e contratualização de recursos Cloud do tipo IaaS a pequenas e médias empresas, sejam elas fornecedoras ou clientes. Este trabalho inclui o estudo, projeto e implementação de uma solução baseada em smart contracts, com o objetivo de administrar e registar de forma permanente os contratos celebrados numa rede blockchain. A utilização de smart contracts permite executar o respetivo código de forma segura e aumentar o nível de confiança, integridade e rastreabilidade dos contratos celebrados na plataforma, guardando-os de forma descentralizada. Para tal, é necessário implementar um mecanismo de coordenação e submissão de transações para a rede blockchain. Os testes realizados permitiram concluir que a implementação da solução foi bem sucedida, passando os contratos a ficar guardados de forma descentralizada e segura. Em consequência, verificou-se um aumento do tempo de execução da plataforma provocado pelas novas transações com a blockchain
MELT - a Translated Domain Specific Language Embedded in the GCC Compiler
The GCC free compiler is a very large software, compiling source in several
languages for many targets on various systems. It can be extended by plugins,
which may take advantage of its power to provide extra specific functionality
(warnings, optimizations, source refactoring or navigation) by processing
various GCC internal representations (Gimple, Tree, ...). Writing plugins in C
is a complex and time-consuming task, but customizing GCC by using an existing
scripting language inside is impractical. We describe MELT, a specific
Lisp-like DSL which fits well into existing GCC technology and offers
high-level features (functional, object or reflexive programming, pattern
matching). MELT is translated to C fitted for GCC internals and provides
various features to facilitate this. This work shows that even huge, legacy,
software can be a posteriori extended by specifically tailored and translated
high-level DSLs.Comment: In Proceedings DSL 2011, arXiv:1109.032
- …