From Secure Messaging to Secure Collaboration

© 2018, Springer Nature Switzerland AG. We examine the security of collaboration systems, where several users access and contribute to some shared resource, document, or database. To protect such systems against malicious servers, we can build upon existing secure messaging protocols that provide end-to-end security. However, if we want to ensure the consistency of the shared data in the presence of malicious users, we require features that are not available in existing messaging protocols. We investigate the protocol failures that may arise when a new collaborator is added to a group, and discuss approaches for enforcing the integrity of the shared data

nsroot: Minimalist Process Isolation Tool Implemented With Linux Namespaces

Data analyses in the life sciences are moving from tools run on a personal computer to services run on large computing platforms. This creates a need to package tools and dependencies for easy installation, configuration and deployment on distributed platforms. In addition, for secure execution there is a need for process isolation on a shared platform. Existing virtual machine and container technologies are often more complex than traditional Unix utilities, like chroot, and often require root privileges in order to set up or use. This is especially challenging on HPC systems where users typically do not have root access. We therefore present nsroot, a lightweight Linux namespaces based process isolation tool. It allows restricting the runtime environment of data analysis tools that may not have been designed with security as a top priority, in order to reduce the risk and consequences of security breaches, without requiring any special privileges. The codebase of nsroot is small, and it provides a command line interface similar to chroot. It can be used on all Linux kernels that implement user namespaces. In addition, we propose combining nsroot with the AppImage format for secure execution of packaged applications. nsroot is open sourced and available at: https://github.com/uit-no/nsroo

Property as Prophesy: Legal Realism and the Indeterminacy of Ownership

Property law, like all law, is indeterminate. This means that ownership itself is indeterminate and every owner is vulnerable to challenges based on unexpected legal rules or newly created ones. Even the most seemingly secure rights can be defeated or compromised if a clever-enough lawyer is retained to mount a challenge. The casebooks used in first-year property courses are full of examples. In the case of particularly valuable property, such as works of art, the motivation to fashion arguments to support ownership challenges is obvious. Short and strictly interpreted statutes of limitations can mitigate the risks to ownership by cabining the timeframes from which title challengers can draw facts to support their claims

Food Insecurity and Produce Behaviors of Adults with Children in Rural, Appalachian Mississippi

Adults living in food insecure households consume fewer fruits and vegetables than adults living in food secure households (Hanson & Connor, 2014). The purpose of this study was to examine differences in fruit and vegetable behaviors (intakes; perceptions) of parents of elementary school children by food security status (food secure compared to food insecure; fully food secure compared to not fully food secure) in rural, Appalachian Mississippi. A cross-sectional survey of parents (n=1144) recruited from three elementary schools in rural, Appalachian Mississippi utilized validated measures of produce behaviors: 1) fruit, vegetable, and total produce intakes; 2) perceived benefits of barriers to, and control of produce intake; 3) stage of readiness to change fruit and vegetable intakes; and 4) 7-item fruit and vegetable scale score (a measure of produce intake frequency and variety). Differences between food security groups for the measures were assessed using a series of two-tailed independent samples t-tests. Overall, 455 surveys were returned (40%), provided from individual response rates of 168 surveys (46%), 140 surveys (37%), and 147 surveys (37%). Results shothat participants among the three schools were 34 ± 8 years, primarily Caucasian (n=258/452, 57%), female (n=416/450, 92%), living in food secure households (n=367/455, 81%), and low-income areas (n=318/328, 97%). Perceived control (p=.006), perceived barriers (p=.017), the 7-item fruit and vegetable scale score (p=.022), and fruit intake (p=.003) were significantly greater among those in fully food secure households compared to those in food insecure households. Perceived control (p=.001), perceived barriers (p\u3c.001), stage of readiness for fruit intake (p\u3c.001), stage of readiness for vegetable intake (p=.032), the 7-item fruit/vegetable scale score (p\u3c.001), fruit (p\u3c.001) and total produce (p=.001) intakes were significantly greater among those living in fully food secure households, compared to those in not fully food secure households. No other measures differed between groups (p\u3e.05). Overall, food insecurity (food insecure; not fully food secure) was associated with decreased produce intakes (fruit, vegetable, total) and behaviors (perceptions; lower 7-item fruit and vegetables scale scores) compared to the more food secure counterparts (food secure; fully food secure). Nutrition interventions that address food insecurity and produce intake is warranted

Complexity and Unwinding for Intransitive Noninterference

The paper considers several definitions of information flow security for intransitive policies from the point of view of the complexity of verifying whether a finite-state system is secure. The results are as follows. Checking (i) P-security (Goguen and Meseguer), (ii) IP-security (Haigh and Young), and (iii) TA-security (van der Meyden) are all in PTIME, while checking TO-security (van der Meyden) is undecidable, as is checking ITO-security (van der Meyden). The most important ingredients in the proofs of the PTIME upper bounds are new characterizations of the respective security notions, which also lead to new unwinding proof techniques that are shown to be sound and complete for these notions of security, and enable the algorithms to return simple counter-examples demonstrating insecurity. Our results for IP-security improve a previous doubly exponential bound of Hadj-Alouane et al

Digital and Mobile Security for Mexican Journalists and Bloggers

A new survey of 102 journalists and bloggers in 20 Mexican states shows nearly 70 percent have been threatened or have suffered attacks because of their work. In addition, 96 percent say they know of colleagues who have been attacked. Respondents to the survey also say they view cyber-espionage and email-account cracking as the most serious digital risks they face. And while nearly all have access to and rely on the Internet, social networks, mobile phones and blogging platforms for their work, they also admit that they have little or no command of digital security tools such as encryption, use of virtual private networks (VPNs), anonymous Internet navigation and secure file removal. The results of this survey show the urgent need to introduce Mexican journalists and bloggers to new technologies and protocols and help newsrooms develop a culture of digital-security awareness to counter increasingly sophisticated threats and attacks from both governmental agencies and criminal organizations

Certified computer-aided cryptography: efficient provably secure machine code from high-level implementations

We present a computer-aided framework for proving concrete security bounds for cryptographic machine code implementations. The front-end of the framework is an interactive verification tool that extends the EasyCrypt framework to reason about relational properties of C-like programs extended with idealised probabilistic operations in the style of code-based security proofs. The framework also incorporates an extension of the CompCert certified compiler to support trusted libraries providing complex arithmetic calculations or instantiating idealized components such as sampling operations. This certified compiler allows us to carry to executable code the security guarantees established at the high-level, and is also instrumented to detect when compilation may interfere with side-channel countermeasures deployed in source code. We demonstrate the applicability of the framework by applying it to the RSA-OAEP encryption scheme, as standard- ized in PKCS#1 v2.1. The outcome is a rigorous analysis of the advantage of an adversary to break the security of as- sembly implementations of the algorithms specified by the standard. The example also provides two contributions of independent interest: it bridges the gap between computer-assisted security proofs and real-world cryptographic implementations as described by standards such as PKCS,and demonstrates the use of the CompCert certified compiler in the context of cryptographic software development.ONR -Office of Naval Research(N000141210914