47,273 research outputs found
Combining behavioural types with security analysis
Today's software systems are highly distributed and interconnected, and they
increasingly rely on communication to achieve their goals; due to their
societal importance, security and trustworthiness are crucial aspects for the
correctness of these systems. Behavioural types, which extend data types by
describing also the structured behaviour of programs, are a widely studied
approach to the enforcement of correctness properties in communicating systems.
This paper offers a unified overview of proposals based on behavioural types
which are aimed at the analysis of security properties
Beyond Good and Evil: Formalizing the Security Guarantees of Compartmentalizing Compilation
Compartmentalization is good security-engineering practice. By breaking a
large software system into mutually distrustful components that run with
minimal privileges, restricting their interactions to conform to well-defined
interfaces, we can limit the damage caused by low-level attacks such as
control-flow hijacking. When used to defend against such attacks,
compartmentalization is often implemented cooperatively by a compiler and a
low-level compartmentalization mechanism. However, the formal guarantees
provided by such compartmentalizing compilation have seen surprisingly little
investigation.
We propose a new security property, secure compartmentalizing compilation
(SCC), that formally characterizes the guarantees provided by
compartmentalizing compilation and clarifies its attacker model. We reconstruct
our property by starting from the well-established notion of fully abstract
compilation, then identifying and lifting three important limitations that make
standard full abstraction unsuitable for compartmentalization. The connection
to full abstraction allows us to prove SCC by adapting established proof
techniques; we illustrate this with a compiler from a simple unsafe imperative
language with procedures to a compartmentalized abstract machine.Comment: Nit
The discourse of Olympic security 2012 : London 2012
This paper uses a combination of CDA and CL to investigate the discursive realization of the security operation for the 2012 London Olympic Games. Drawing on Didier Bigoâs (2008) conceptualisation of the âbanopticonâ, it address two questions: what distinctive
linguistic features are used in documents relating to security for London 2012; and, how is Olympic security realized as a discursive practice in these documents? Findings suggest that the documents indeed realized key banoptic features of the banopticon: exceptionalism, exclusion and prediction, as well as what we call âpedagogisationâ. Claims were made for the
exceptional scale of the Olympic events; predictive technologies were proposed to assess the
threat from terrorism; and documentary evidence suggests that access to Olympic venues
was being constituted to resemble transit through national boundarie
Information Security as Strategic (In)effectivity
Security of information flow is commonly understood as preventing any
information leakage, regardless of how grave or harmless consequences the
leakage can have. In this work, we suggest that information security is not a
goal in itself, but rather a means of preventing potential attackers from
compromising the correct behavior of the system. To formalize this, we first
show how two information flows can be compared by looking at the adversary's
ability to harm the system. Then, we propose that the information flow in a
system is effectively information-secure if it does not allow for more harm
than its idealized variant based on the classical notion of noninterference
SensorCloud: Towards the Interdisciplinary Development of a Trustworthy Platform for Globally Interconnected Sensors and Actuators
Although Cloud Computing promises to lower IT costs and increase users'
productivity in everyday life, the unattractive aspect of this new technology
is that the user no longer owns all the devices which process personal data. To
lower scepticism, the project SensorCloud investigates techniques to understand
and compensate these adoption barriers in a scenario consisting of cloud
applications that utilize sensors and actuators placed in private places. This
work provides an interdisciplinary overview of the social and technical core
research challenges for the trustworthy integration of sensor and actuator
devices with the Cloud Computing paradigm. Most importantly, these challenges
include i) ease of development, ii) security and privacy, and iii) social
dimensions of a cloud-based system which integrates into private life. When
these challenges are tackled in the development of future cloud systems, the
attractiveness of new use cases in a sensor-enabled world will considerably be
increased for users who currently do not trust the Cloud.Comment: 14 pages, 3 figures, published as technical report of the Department
of Computer Science of RWTH Aachen Universit
- âŠ