158 research outputs found
Increased security through open source
In this paper we discuss the impact of open source on both the security and
transparency of a software system. We focus on the more technical aspects of
this issue, combining and extending arguments developed over the years. We
stress that our discussion of the problem only applies to software for general
purpose computing systems. For embedded systems, where the software usually
cannot easily be patched or upgraded, different considerations may apply
Countering Trusting Trust through Diverse Double-Compiling
An Air Force evaluation of Multics, and Ken Thompson's famous Turing award
lecture "Reflections on Trusting Trust," showed that compilers can be subverted
to insert malicious Trojan horses into critical software, including themselves.
If this attack goes undetected, even complete analysis of a system's source
code will not find the malicious code that is running, and methods for
detecting this particular attack are not widely known. This paper describes a
practical technique, termed diverse double-compiling (DDC), that detects this
attack and some compiler defects as well. Simply recompile the source code
twice: once with a second (trusted) compiler, and again using the result of the
first compilation. If the result is bit-for-bit identical with the untrusted
binary, then the source code accurately represents the binary. This technique
has been mentioned informally, but its issues and ramifications have not been
identified or discussed in a peer-reviewed work, nor has a public demonstration
been made. This paper describes the technique, justifies it, describes how to
overcome practical challenges, and demonstrates it.Comment: 13 pages
Recommended from our members
Data assurance in opaque computations
The chess endgame is increasingly being seen through the lens of, and therefore effectively defined by, a data ‘model’ of itself. It is vital that such models are clearly faithful to the reality they purport to represent. This paper examines that issue and systems engineering responses to it, using the chess endgame as the exemplar scenario. A structured survey has been carried out of the intrinsic challenges and complexity of creating endgame data by reviewing the past pattern of errors during work in progress, surfacing in publications and occurring after the data was generated. Specific measures are proposed to counter observed classes of error-risk, including a preliminary survey of techniques for using state-of-the-art verification tools to generate EGTs that are correct by construction. The approach may be applied generically beyond the game domain
Choosing IT Platforms In The Age Of Stuxnet
This paper addresses the question of choosing/investing in IT (hardware/software) platforms that avoid quick obsolescence and the underlying dilemmas of choosing proprietary software versus open source software, and opting for managed services such as public cloud computing versus in-house hardware/communication infrastructures. These dilemmas in strategic information systems planning have become more significant in light of the recent revelations of security backdoors in commercial software, encryption backdoors in communication software, and governmental access to private data on managed services for national security reasons. This paper considers enterprise-wide challenges and strategies for adopting open source software/hardware in response to these security concerns
Vulnerability analysis of three remote voting methods
This article analyses three methods of remote voting in an uncontrolled
environment: postal voting, internet voting and hybrid voting. It breaks down
the voting process into different stages and compares their vulnerabilities
considering criteria that must be respected in any democratic vote:
confidentiality, anonymity, transparency, vote unicity and authenticity.
Whether for safety or reliability, each vulnerability is quantified by three
parameters: size, visibility and difficulty to achieve. The study concludes
that the automatisation of treatments combined with the dematerialisation of
the objects used during an election tends to substitute visible vulnerabilities
of a lesser magnitude by invisible and widespread vulnerabilities.Comment: 15 page
México, el voto electrónico y el 2012
México es un paÃs que, a lo largo de su historia, ha sufrido fraudes y otros malos manejos electorales, por medio de diferentes esquemas. Los mexicanos frecuentemente nos sentimos autoridades mundiales en este tema; la constante respecto a nuestras autoridades electorales ha sido más de duda y cuestionamiento que de confianza. Hubo un breve periodo, los últimos años de la década de los 1990 y los primeros de los 2000, en que parecÃa que se consolidaba una institución sólida y confiable, pero las dudas –fundadas o no– que surgieron tras la elección del 2006 devolvieron a las autoridades electorales a los niveles desconfianza tradicional que han sostenido a lo largo de buena parte de nuestra historia como nación independiente.
Y un reclamo muchas veces escuchado es que, dado que es imposible confiar en los individuos, corruptibles por naturaleza, la responsabilidad del escrutinio de los votos deberÃa recaer en un sistema computarizado, siempre limpio, eficiente y honesto.
En este artÃculo, analizo varios de los argumentos empleados para favorecer a las urnas electrónicas, explicando por qué no solucionan ninguno de los problemas que supuestamente resolverÃan, y por qué –de adoptarlas– terminarÃamos teniendo un proceso electoral más frágil que el preexistent
A Swiss Pocket Knife for Computability
This research is about operational- and complexity-oriented aspects of
classical foundations of computability theory. The approach is to re-examine
some classical theorems and constructions, but with new criteria for success
that are natural from a programming language perspective.
Three cornerstones of computability theory are the S-m-ntheorem; Turing's
"universal machine"; and Kleene's second recursion theorem. In today's
programming language parlance these are respectively partial evaluation,
self-interpretation, and reflection. In retrospect it is fascinating that
Kleene's 1938 proof is constructive; and in essence builds a self-reproducing
program.
Computability theory originated in the 1930s, long before the invention of
computers and programs. Its emphasis was on delimiting the boundaries of
computability. Some milestones include 1936 (Turing), 1938 (Kleene), 1967
(isomorphism of programming languages), 1985 (partial evaluation), 1989 (theory
implementation), 1993 (efficient self-interpretation) and 2006 (term register
machines).
The "Swiss pocket knife" of the title is a programming language that allows
efficient computer implementation of all three computability cornerstones,
emphasising the third: Kleene's second recursion theorem. We describe
experiments with a tree-based computational model aiming for both fast program
generation and fast execution of the generated programs.Comment: In Proceedings Festschrift for Dave Schmidt, arXiv:1309.455
Unveiling Single-Bit-Flip Attacks on DNN Executables
Recent research has shown that bit-flip attacks (BFAs) can manipulate deep
neural networks (DNNs) via DRAM Rowhammer exploitations. Existing attacks are
primarily launched over high-level DNN frameworks like PyTorch and flip bits in
model weight files. Nevertheless, DNNs are frequently compiled into low-level
executables by deep learning (DL) compilers to fully leverage low-level
hardware primitives. The compiled code is usually high-speed and manifests
dramatically distinct execution paradigms from high-level DNN frameworks.
In this paper, we launch the first systematic study on the attack surface of
BFA specifically for DNN executables compiled by DL compilers. We design an
automated search tool to identify vulnerable bits in DNN executables and
identify practical attack vectors that exploit the model structure in DNN
executables with BFAs (whereas prior works make likely strong assumptions to
attack model weights). DNN executables appear more "opaque" than models in
high-level DNN frameworks. Nevertheless, we find that DNN executables contain
extensive, severe (e.g., single-bit flip), and transferrable attack surfaces
that are not present in high-level DNN models and can be exploited to deplete
full model intelligence and control output labels. Our finding calls for
incorporating security mechanisms in future DNN compilation toolchains.Comment: Fix typ
Password cracking: a game of wits
Journal ArticleA password cracking algorithm seems like a slow and bulky item to put in a worm, but the worm makes this work by being persistent and efficient. The worm is aided by some unfortunate statistics about typical password choices
- …