13,871 research outputs found
High-level Cryptographic Abstractions
The interfaces exposed by commonly used cryptographic libraries are clumsy,
complicated, and assume an understanding of cryptographic algorithms. The
challenge is to design high-level abstractions that require minimum knowledge
and effort to use while also allowing maximum control when needed.
This paper proposes such high-level abstractions consisting of simple
cryptographic primitives and full declarative configuration. These abstractions
can be implemented on top of any cryptographic library in any language. We have
implemented these abstractions in Python, and used them to write a wide variety
of well-known security protocols, including Signal, Kerberos, and TLS.
We show that programs using our abstractions are much smaller and easier to
write than using low-level libraries, where size of security protocols
implemented is reduced by about a third on average. We show our implementation
incurs a small overhead, less than 5 microseconds for shared key operations and
less than 341 microseconds (< 1%) for public key operations. We also show our
abstractions are safe against main types of cryptographic misuse reported in
the literature
A Flexible and Secure Deployment Framework for Distributed Applications
This paper describes an implemented system which is designed to support the
deployment of applications offering distributed services, comprising a number
of distributed components. This is achieved by creating high level placement
and topology descriptions which drive tools that deploy applications consisting
of components running on multiple hosts. The system addresses issues of
heterogeneity by providing abstractions over host-specific attributes yielding
a homogeneous run-time environment into which components may be deployed. The
run-time environments provide secure binding mechanisms that permit deployed
components to bind to stored data and services on the hosts on which they are
running.Comment: 2nd International Working Conference on Component Deployment (CD
2004), Edinburgh, Scotlan
Modeling Quantum Optical Components, Pulses and Fiber Channels Using OMNeT++
Quantum Key Distribution (QKD) is an innovative technology which exploits the
laws of quantum mechanics to generate and distribute unconditionally secure
cryptographic keys. While QKD offers the promise of unconditionally secure key
distribution, real world systems are built from non-ideal components which
necessitates the need to model and understand the impact these non-idealities
have on system performance and security. OMNeT++ has been used as a basis to
develop a simulation framework to support this endeavor. This framework,
referred to as "qkdX" extends OMNeT++'s module and message abstractions to
efficiently model optical components, optical pulses, operating protocols and
processes. This paper presents the design of this framework including how
OMNeT++'s abstractions have been utilized to model quantum optical components,
optical pulses, fiber and free space channels. Furthermore, from our toolbox of
created components, we present various notional and real QKD systems, which
have been studied and analyzed.Comment: Published in: A. F\"orster, C. Minkenberg, G. R. Herrera, M. Kirsche
(Eds.), Proc. of the 2nd OMNeT++ Community Summit, IBM Research - Zurich,
Switzerland, September 3-4, 201
Automatic Intent-Based Secure Service Creation Through a Multilayer SDN Network Orchestration
Growing traffic demands and increasing security awareness are driving the
need for secure services. Current solutions require manual configuration and
deployment based on the customer's requirements. In this work, we present an
architecture for an automatic intent-based provisioning of a secure service in
a multilayer - IP, Ethernet, and optical - network while choosing the
appropriate encryption layer using an open-source software-defined networking
(SDN) orchestrator. The approach is experimentally evaluated in a testbed with
commercial equipment. Results indicate that the processing impact of secure
channel creation on a controller is negligible. As the time for setting up
services over WDM varies between technologies, it needs to be taken into
account in the decision-making process.Comment: Parts of the presented work has received funding from the European
Commission within the H2020 Research and Innovation Programme, under grant
agreeement n.645127, project ACIN
Making the Distribution Subsystem Secure
This report presents how the Distribution Subsystem is made secure. A set of different security threats to a shared data programming system are identifed. The report presents the extensions nessesary to the DSS in order to cope with the identified security threats by maintaining reference security. A reference to a shared data structure cannot be forged or guessed; only by proper delegation can a thread acquire access to data originating at remote processes. Referential security is a requirement for secure distributed applications. By programmatically restricting access to distributed data to trusted nodes, a distributed application can be made secure. However, for this to be true, referential security must be supported on the level of the implementation
The role of concurrency in an evolutionary view of programming abstractions
In this paper we examine how concurrency has been embodied in mainstream
programming languages. In particular, we rely on the evolutionary talking
borrowed from biology to discuss major historical landmarks and crucial
concepts that shaped the development of programming languages. We examine the
general development process, occasionally deepening into some language, trying
to uncover evolutionary lineages related to specific programming traits. We
mainly focus on concurrency, discussing the different abstraction levels
involved in present-day concurrent programming and emphasizing the fact that
they correspond to different levels of explanation. We then comment on the role
of theoretical research on the quest for suitable programming abstractions,
recalling the importance of changing the working framework and the way of
looking every so often. This paper is not meant to be a survey of modern
mainstream programming languages: it would be very incomplete in that sense. It
aims instead at pointing out a number of remarks and connect them under an
evolutionary perspective, in order to grasp a unifying, but not simplistic,
view of the programming languages development process
Kompics: a message-passing component model for building distributed systems
The Kompics component model and programming framework was designedto simplify the development of increasingly complex distributed systems. Systems built with Kompics leverage multi-core machines out of the box and they can be dynamically reconfigured to support hot software upgrades. A simulation framework enables deterministic debugging and reproducible performance evaluation of unmodified Kompics distributed systems.
We describe the component model and show how to program and compose event-based distributed systems. We present the architectural patterns and abstractions that Kompics facilitates and we highlight a case study of a complex
distributed middleware that we have built with Kompics. We show how our approach enables systematic development and evaluation of large-scale and dynamic distributed systems
Validating a Web Service Security Abstraction by Typing
An XML web service is, to a first approximation, an RPC service in which
requests and responses are encoded in XML as SOAP envelopes, and transported
over HTTP. We consider the problem of authenticating requests and responses at
the SOAP-level, rather than relying on transport-level security. We propose a
security abstraction, inspired by earlier work on secure RPC, in which the
methods exported by a web service are annotated with one of three security
levels: none, authenticated, or both authenticated and encrypted. We model our
abstraction as an object calculus with primitives for defining and calling web
services. We describe the semantics of our object calculus by translating to a
lower-level language with primitives for message passing and cryptography. To
validate our semantics, we embed correspondence assertions that specify the
correct authentication of requests and responses. By appeal to the type theory
for cryptographic protocols of Gordon and Jeffrey's Cryptyc, we verify the
correspondence assertions simply by typing. Finally, we describe an
implementation of our semantics via custom SOAP headers.Comment: 44 pages. A preliminary version appears in the Proceedings of the
Workshop on XML Security 2002, pp. 18-29, November 200
- …