AES-CBC Software Execution Optimization

With the proliferation of high-speed wireless networking, the necessity for efficient, robust and secure encryption modes is ever increasing. But, cryptography is primarily a computationally intensive process. This paper investigates the performance and efficiency of IEEE 802.11i approved Advanced Encryption Standard (AES)-Rijndael ciphering/deciphering software in Cipher Block Chaining (CBC) mode. Simulations are used to analyse the speed, resource consumption and robustness of AES-CBC to investigate its viability for image encryption usage on common low power devices. The detailed results presented in this paper provide a basis for performance estimation of AES cryptosystems implemented on wireless devices. The use of optimized AES-CBC software implementation gives a superior encryption speed performance by 12 - 30%, but at the cost of twice more memory for code size.Comment: 8 pages, IEEE 200

Self-composition by Symbolic Execution

This work is licensed under a CC-BY Creative Commons Attribution 3.0 Unported license (http://creativecommons.org/licenses/by/3.0/)urn: urn:nbn:de:0030-drops-42770urn: urn:nbn:de:0030-drops-42770Self-composition is a logical formulation of non-interference, a high-level security property that guarantees the absence of illicit information leakages through executing programs. In order to capture program executions, self-composition has been expressed in Hoare or modal logic, and has been proved (or refuted) by using theorem provers. These approaches require considerable user interaction, and verification expertise. This paper presents an automated technique to prove self-composition. We reformulate the idea of self-composition into comparing pairs of symbolic paths of the same program; the symbolic paths are given by Symbolic Execution. The result of our analysis is a logical formula expressing self-composition in first-order theories, which can be solved by off-the-shelf Satisfiability Modulo Theories solver

Bucklew v. Precythe: The Power of Assumptions and Lethal Injection

Once again, the Supreme Court of the United States has an opportunity to determine the extent to which death-row inmates can bring as-applied challenges to the states’ method of execution and prevent possible botched executions. In Bucklew v. Precythe, the Court will confront the assumptions that the execution team is equipped to handle any execution and that the procedure will go as planned. Additionally, the Court will determine whether the standard articulated in Glossip v. Gross, which requires inmates asserting facial challenges to the states’ method of execution to plead a readily available alternative method of execution, further extends to inmates asserting as-applied challenges. This commentary argues that inmates launching an as-applied challenge to the state’s method of execution should be given relevant discovery regarding the execution teams’ qualifications, that inmates should not have to provide a detailed alternative method of execution, and that summary judgment decisions should be made after considering the record as a whole. Only then will inmates be afforded complete and fair access to the protections of the Eighth Amendment in the interest of avoiding more botched executions. The Supreme Court should remand to the lower court for a further evidentiary hearing in Bucklew’s case to determine whether execution by lethal gas significantly reduces a substantial risk of severe pain compared to lethal injection

Transmission protocols for instruction streams

Threads as considered in thread algebra model behaviours to be controlled by some execution environment: upon each action performed by a thread, a reply from its execution environment -- which takes the action as an instruction to be processed -- determines how the thread proceeds. In this paper, we are concerned with the case where the execution environment is remote: we describe and analyse some transmission protocols for passing instructions from a thread to a remote execution environment.Comment: 13 page

Execution Integrity with In-Place Encryption

Instruction set randomization (ISR) was initially proposed with the main goal of countering code-injection attacks. However, ISR seems to have lost its appeal since code-injection attacks became less attractive because protection mechanisms such as data execution prevention (DEP) as well as code-reuse attacks became more prevalent. In this paper, we show that ISR can be extended to also protect against code-reuse attacks while at the same time offering security guarantees similar to those of software diversity, control-flow integrity, and information hiding. We present Scylla, a scheme that deploys a new technique for in-place code encryption to hide the code layout of a randomized binary, and restricts the control flow to a benign execution path. This allows us to i) implicitly restrict control-flow targets to basic block entries without requiring the extraction of a control-flow graph, ii) achieve execution integrity within legitimate basic blocks, and iii) hide the underlying code layout under malicious read access to the program. Our analysis demonstrates that Scylla is capable of preventing state-of-the-art attacks such as just-in-time return-oriented programming (JIT-ROP) and crash-resistant oriented programming (CROP). We extensively evaluate our prototype implementation of Scylla and show feasible performance overhead. We also provide details on how this overhead can be significantly reduced with dedicated hardware support