396 research outputs found
Securing Databases from Probabilistic Inference
Databases can leak confidential information when users combine query results
with probabilistic data dependencies and prior knowledge. Current research
offers mechanisms that either handle a limited class of dependencies or lack
tractable enforcement algorithms. We propose a foundation for Database
Inference Control based on ProbLog, a probabilistic logic programming language.
We leverage this foundation to develop Angerona, a provably secure enforcement
mechanism that prevents information leakage in the presence of probabilistic
dependencies. We then provide a tractable inference algorithm for a practically
relevant fragment of ProbLog. We empirically evaluate Angerona's performance
showing that it scales to relevant security-critical problems.Comment: A short version of this paper has been accepted at the 30th IEEE
Computer Security Foundations Symposium (CSF 2017
Strong and Provably Secure Database Access Control
Existing SQL access control mechanisms are extremely limited. Attackers can
leak information and escalate their privileges using advanced database features
such as views, triggers, and integrity constraints. This is not merely a
problem of vendors lagging behind the state-of-the-art. The theoretical
foundations for database security lack adequate security definitions and a
realistic attacker model, both of which are needed to evaluate the security of
modern databases. We address these issues and present a provably secure access
control mechanism that prevents attacks that defeat popular SQL database
systems.Comment: A short version of this paper has been published in the proceedings
of the 1st IEEE European Symposium on Security and Privacy (EuroS&P 2016
Exorcising Spectres with Secure Compilers
Attackers can access sensitive information of programs by exploiting the
side-effects of speculatively-executed instructions using Spectre attacks. To
mitigate theses attacks, popular compilers deployed a wide range of
countermeasures. The security of these countermeasures, however, has not been
ascertained: while some of them are believed to be secure, others are known to
be insecure and result in vulnerable programs. To reason about the security
guarantees of these compiler-inserted countermeasures, this paper presents a
framework comprising several secure compilation criteria characterizing when
compilers produce code resistant against Spectre attacks. With this framework,
we perform a comprehensive security analysis of compiler-level countermeasures
against Spectre attacks implemented in major compilers. This work provides
sound foundations to formally reason about the security of compiler-level
countermeasures against Spectre attacks as well as the first proofs of security
and insecurity of said countermeasures
A geodatabase for multisource data applied to cultural heritage: The case study of Villa Revedin Bolasco
In this paper we present the results of the development of a Web-based archiving and documenting system aimed to the management of multisource and multitemporal data related to cultural heritage. As case study we selected the building complex of Villa Revedin Bolasco in Castefranco Veneto (Treviso, Italy) and its park. Buildings and park were built in XIX century after several restorations of the original XIV century area. The data management system relies on a geodatabase framework, in which different kinds of datasets were stored. More specifically, the geodatabase elements consist of historical information, documents, descriptions of artistic characteristics of the building and the park, in the form of text and images. In addition, we used also floorplans, sections and views of the outer facades of the building extracted by a TLS-based 3D model of the whole Villa. In order to manage and explore these rich dataset, we developed a geodatabase using PostgreSQL and PostGIS as spatial plugin. The Web-GIS platform, based on HTML5 and PHP programming languages, implements the NASA Web World Wind virtual globe, a 3D virtual globe we used to enable the navigation and interactive exploration of the park. Furthermore, through a specific timeline function, the user can explore the historical evolution of the building complex
Synthesizing Hardware-Software Leakage Contracts for RISC-V Open-Source Processors
Microarchitectural attacks compromise security by exploiting software-visible
artifacts of microarchitectural optimizations such as caches and speculative
execution. Defending against such attacks at the software level requires an
appropriate abstraction at the instruction set architecture (ISA) level that
captures microarchitectural leakage. Hardware-software leakage contracts have
recently been proposed as such an abstraction. In this paper, we propose a
semi-automatic methodology for synthesizing hardware-software leakage contracts
for open-source microarchitectures. For a given ISA, our approach relies on
human experts to (a) capture the space of possible contracts in the form of
contract templates and (b) devise a test-case generation strategy to explore a
microarchitecture's potential leakage. For a given implementation of an ISA,
these two ingredients are then used to automatically synthesize the most
precise leakage contract that is satisfied by the microarchitecture. We have
instantiated this methodology for the RISC-V ISA and applied it to the Ibex and
CVA6 open-source processors. Our experiments demonstrate the practical
applicability of the methodology and uncover subtle and unexpected leaks
A Turning Point for Verified Spectre Sandboxing
Spectre attacks enable an attacker to access restricted data in an
application's memory. Both the academic community and industry veterans have
developed several mitigations to block Spectre attacks, but to date, very few
have been formally vetted; most are "best effort" strategies. Formal guarantees
are particularly crucial for protecting isolated environments like sandboxing
against Spectre attacks. In such environments, a subtle flaw in the mitigation
would allow untrusted code to break out of the sandbox and access trusted
memory regions.
In our work, we develop principled foundations to build isolated environments
resistant against Spectre attacks. We propose a formal framework for reasoning
about sandbox execution and Spectre attacks. We formalize properties that sound
mitigation strategies must fulfill and we show how various existing mitigations
satisfy (or fail to satisfy!) these properties
Analysis of geospatial behaviour of visitors of urban gardens: is positioning via smartphones a valid solution?
Tracking locations is practical and speditive with smartphones, as they are
omnipresent devices, relatively cheap, and have the necessary sensors for
positioning and networking integrated in the same box. Nowadays recent models
have GNSS antennas capable of receiving multiple constellations. In the
proposed work we test the hypothesis that GNSS positions directly recorded by
smartphones can be a valid solution for spatial analysis of people's behaviour
in an urban garden. Particular behaviours can be linked to therapeutic spots
that promote health and well-being of visitors. Three parts are reported: (i)
assessment of the accuracy of the positions relative to a reference track, (ii)
implementation of a framework for automating transmission and processing of the
location information, (iii) analysis of preferred spots via spatial analytics.
Different devices were used to survey at different times and with different
methods, i.e. in the pocket of the owner or on a rigid frame. Accuracy was
estimated using distance of each located point to the reference track, and
precision was estimated with static multiple measures. A chat-bot through the
Telegram application was implemented to allow users to send their data to a
centralized computing environment thus automating the spatial analysis. Results
report a horizontal accuracy below ~2.3 m at 95% confidence level, without
significant difference between surveys, and very little differences between
devices. GNSS-only and assisted navigation with telephone cells also did not
show significant difference. Autocorrelation of the residuals over time and
space showed strong consistency of the residuals, thus proving a valid solution
for spatial analysis of walking behaviour
- …