5 research outputs found
Privacy-Preserving Shortest Path Computation
Navigation is one of the most popular cloud computing services. But in
virtually all cloud-based navigation systems, the client must reveal her
location and destination to the cloud service provider in order to learn the
fastest route. In this work, we present a cryptographic protocol for navigation
on city streets that provides privacy for both the client's location and the
service provider's routing data. Our key ingredient is a novel method for
compressing the next-hop routing matrices in networks such as city street maps.
Applying our compression method to the map of Los Angeles, for example, we
achieve over tenfold reduction in the representation size. In conjunction with
other cryptographic techniques, this compressed representation results in an
efficient protocol suitable for fully-private real-time navigation on city
streets. We demonstrate the practicality of our protocol by benchmarking it on
real street map data for major cities such as San Francisco and Washington,
D.C.Comment: Extended version of NDSS 2016 pape
Layout Randomization and Nondeterminism
In security, layout randomization is a popular, effective attack mitigation technique. Recent work has aimed to explain it rigorously, focusing on deterministic systems. In this paper, we study layout randomization in the presence of nondeterministic choice. We develop a semantic approach based on denotational models and simulation relations. This approach abstracts from language details, and helps manage the delicate interaction between probabilities and nondeterminism. Keywords: security, semantics, probabilities, nondeterminism, full abstraction
Typage, compilation, et cryptographie pour la programmation repartie securisée
Mes travaux s'articulent principalement autour de trois axes concernant la programmation sécurisée, plus particulièrement dans le cadre d'applications distribuées. Ainsi, nous considérons plusieurs participants ne se faisant pas mutuellement confiance et ayant des niveaux de sécurité différents. On s'intéresse alors au garanties restantes lorsque certains de ces participants sont compromis. Par exemple, lors d'une opération de commerce électronique, le client, le serveur, et la banque ne se font pas mutuellement confiance et font encore moins confiance aux machines intermédiaires du réseau; on veut pourtant qu'une transaction sécurisée puisse avoir lieuWe are more and more dependent on our computing infrastructure, and yet its security is challenged every day. From a research viewpoint, a lot of progress in security has been made, using in particular formal methods and programming language techniques. This has lead us to a first few small, exemplary verified systems and protocols. In spite of these results, it is still hard to gain strong confidence that a program is correct and secure, and most of the software that we depend upon offers very few guarantees. In this thesis, we focus on language-based security by construction. We take as input the specification of a distributed computation involving multiple participants, together with its expected security properties. We then verify that this specification is sound, using static verification techniques such as type systems, and we then automatically generate a program for each participant. During this compilation process, we select adequate cryptographic and hardware mechanisms, such that the compiled programs correctly implement the computation with the required security propertiesPALAISEAU-Polytechnique (914772301) / SudocSudocFranceF