By Topic

2010 23rd IEEE Computer Security Foundations Symposium

Date 17-19 July 2010

Filter Results

Displaying Results 1 - 25 of 33
  • [Front cover]

    Publication Year: 2010, Page(s): C1
    Request permission for commercial reuse | PDF file iconPDF (1581 KB)
    Freely Available from IEEE
  • [Title page i]

    Publication Year: 2010, Page(s): i
    Request permission for commercial reuse | PDF file iconPDF (14 KB)
    Freely Available from IEEE
  • [Title page iii]

    Publication Year: 2010, Page(s): iii
    Request permission for commercial reuse | PDF file iconPDF (59 KB)
    Freely Available from IEEE
  • [Copyright notice]

    Publication Year: 2010, Page(s): iv
    Request permission for commercial reuse | PDF file iconPDF (109 KB)
    Freely Available from IEEE
  • Table of contents

    Publication Year: 2010, Page(s):v - vii
    Request permission for commercial reuse | PDF file iconPDF (91 KB)
    Freely Available from IEEE
  • Preface

    Publication Year: 2010, Page(s): viii
    Request permission for commercial reuse | PDF file iconPDF (72 KB) | HTML iconHTML
    Freely Available from IEEE
  • Committees

    Publication Year: 2010, Page(s):ix - x
    Request permission for commercial reuse | PDF file iconPDF (80 KB)
    Freely Available from IEEE
  • list-reviewer

    Publication Year: 2010, Page(s): xi
    Request permission for commercial reuse | PDF file iconPDF (51 KB)
    Freely Available from IEEE
  • Approximation and Randomization for Quantitative Information-Flow Analysis

    Publication Year: 2010, Page(s):3 - 14
    Cited by:  Papers (7)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (253 KB) | HTML iconHTML

    Quantitative information-flow analysis (QIF) is an emerging technique for establishing information-theoretic confidentiality properties. Automation of QIF is an important step towards ensuring its practical applicability, since manual reasoning about program security has been shown to be a tedious and expensive task. Existing automated techniques for QIF fall short of providing full coverage of al... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Quantitative Information Flow - Verification Hardness and Possibilities

    Publication Year: 2010, Page(s):15 - 27
    Cited by:  Papers (12)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (465 KB) | HTML iconHTML

    Researchers have proposed formal definitions of quantitative information flow based on information theoretic notions such as the Shannon entropy, the min entropy, the guessing entropy, and channel capacity. This paper investigates the hardness and possibilities of precisely checking and inferring quantitative information flow according to such definitions. We prove that, even for just comparing tw... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Quantification of Integrity

    Publication Year: 2010, Page(s):28 - 43
    Cited by:  Papers (7)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (285 KB) | HTML iconHTML

    Two kinds of integrity measures-contamination and suppression-are introduced. Contamination measures how much untrusted information reaches trusted outputs; it is the dual of information-flow confidentiality. Suppression measures how much information is lost from outputs; it does not have a confidentiality dual. Two forms of suppression are considered: programs and channels. Program suppression me... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Vulnerability Bounds and Leakage Resilience of Blinded Cryptography under Timing Attacks

    Publication Year: 2010, Page(s):44 - 56
    Cited by:  Papers (15)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (289 KB) | HTML iconHTML

    We establish formal bounds for the number of min-entropy bits that can be extracted in a timing attack against a cryptosystem that is protected by blinding, the state-of-the art countermeasure against timing attacks. Compared with existing bounds, our bounds are both tighter and of greater operational significance, in that they directly address the key's one-guess vulnerability. Moreover, we show ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Modeling and Verifying Ad Hoc Routing Protocols

    Publication Year: 2010, Page(s):59 - 74
    Cited by:  Papers (4)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (379 KB) | HTML iconHTML

    Mobile ad hoc networks consist of mobile wireless devices which autonomously organize their infrastructure. In such networks, a central issue, ensured by routing protocols, is to find a route from one device to another. Those protocols use cryptographic mechanisms in order to prevent malicious nodes from compromising the discovered route. Our contribution is twofold. We first propose a calculus fo... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Formal Verification of Privacy for RFID Systems

    Publication Year: 2010, Page(s):75 - 88
    Cited by:  Papers (8)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (423 KB) | HTML iconHTML

    RFID tags are being widely employed in a variety of applications, ranging from barcode replacement to electronic passports. Their extensive use, however, in combination with their wireless nature, introduces privacy concerns as a tag could leak information about the owner's behaviour. In this paper we define two privacy notions, unlinkability and forward privacy, using a formal model based on the ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Robustness Guarantees for Anonymity

    Publication Year: 2010, Page(s):91 - 106
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (392 KB) | HTML iconHTML

    Anonymous communication protocols must achieve two seemingly contradictory goals: privacy (informally, they must guarantee the anonymity of the parties that send/receive information), and robustness (informally, they must ensure that the messages are not tampered). However, the long line of research that defines and analyzes the security of such mechanisms focuses almost exclusively on the former ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Analysing Unlinkability and Anonymity Using the Applied Pi Calculus

    Publication Year: 2010, Page(s):107 - 121
    Cited by:  Papers (8)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (394 KB) | HTML iconHTML

    An attacker that can identify messages as coming from the same source, can use this information to build up a picture of targets' behaviour, and so, threaten their privacy. In response to this danger, unlinkable protocols aim to make it impossible for a third party to identify two runs of a protocol as coming from the same device. We present a framework for analysing unlinkability and anonymity in... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A Game-Based Definition of Coercion-Resistance and Its Applications

    Publication Year: 2010, Page(s):122 - 136
    Cited by:  Papers (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (332 KB) | HTML iconHTML

    Coercion-resistance is one of the most important and intricate security requirements for voting protocols. Several definitions of coercion-resistance have been proposed in the literature, both in cryptographic settings and more abstract, symbolic models. However, unlike symbolic approaches, only very few voting protocols have been rigorously analyzed within the cryptographic setting. A major obsta... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Towards Quantitative Analysis of Proofs of Authorization: Applications, Framework, and Techniques

    Publication Year: 2010, Page(s):139 - 153
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (593 KB) | HTML iconHTML

    Although policy compliance testing is generally treated as a binary decision problem, the evidence gathered during the trust management process can actually be used to examine these outcomes within a more continuous space. In this paper, we develop a formal model that allows us to quantitatively reason about the outcomes of the policy enforcement process in both absolute (i.e., user to ideal case)... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Constraining Credential Usage in Logic-Based Access Control

    Publication Year: 2010, Page(s):154 - 168
    Cited by:  Papers (5)  |  Patents (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (327 KB) | HTML iconHTML

    Authorization logics allow concise specification of flexible access-control policies, and are the basis for logic-based access-control systems. In such systems, resource owners issue credentials to specify policies, and the consequences of these policies are derived using logical inference rules. Proofs in authorization logics can serve as capabilities for gaining access to resources. Because a pr... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Information Flow in Credential Systems

    Publication Year: 2010, Page(s):171 - 185
    Cited by:  Papers (2)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (383 KB) | HTML iconHTML

    This paper proposes a systematic study of information flow in credential-based declarative authorization policies. It argues that a treatment in terms of information flow is needed to adequately describe, analyze and mitigate a class of probing attacks which allow an adversary to infer any confidential fact within a policy. Two information flow properties that have been studied in the context of s... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Dynamic vs. Static Flow-Sensitive Security Analysis

    Publication Year: 2010, Page(s):186 - 199
    Cited by:  Papers (23)  |  Patents (5)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (379 KB) | HTML iconHTML

    This paper seeks to answer fundamental questions about trade-offs between static and dynamic security analysis. It has been previously shown that flow-sensitive static information-flow analysis is a natural generalization of flow-insensitive static analysis, which allows accepting more secure programs. It has been also shown that sound purely dynamic information-flow enforcement is more permissive... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Information Flow Monitor Inlining

    Publication Year: 2010, Page(s):200 - 214
    Cited by:  Papers (5)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (309 KB) | HTML iconHTML

    In recent years it has been shown that dynamic monitoring can be used to soundly enforce information flow policies. For programs distributed in source or bytecode form, the use of just-in-time (JIT) compilation makes it difficult to implement monitoring by modifying the language runtime system. An inliner avoids this problem and also serves to provide monitoring for more than one runtime. We show ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Required Information Release

    Publication Year: 2010, Page(s):215 - 227
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (393 KB) | HTML iconHTML

    Many computer systems have a functional requirement to release information. Such requirements are an important part of a system's information security requirements. Current information-flow control techniques are able to reason about permitted information flows, but not required information flows. In this paper, we introduce and explore the specification and enforcement of required information rel... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Strong Invariants for the Efficient Construction of Machine-Checked Protocol Security Proofs

    Publication Year: 2010, Page(s):231 - 245
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (345 KB) | HTML iconHTML

    We embed an operational semantics for security protocols in the interactive theorem prover Isabelle/HOL and derive two strong protocol-independent invariants. These invariants allow us to reason about the possible origin of messages and justify a local typing assumption for the otherwise untyped protocol variables. The two rules form the core of a theory that is well-suited for interactively const... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A Machine-Checked Formalization of Sigma-Protocols

    Publication Year: 2010, Page(s):246 - 260
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (400 KB) | HTML iconHTML

    Zero-knowledge proofs have a vast applicability in the domain of cryptography, stemming from the fact that they can be used to force potentially malicious parties to abide by the rules of a protocol, without forcing them to reveal their secrets. Σ-protocols are a class of zero-knowledge proofs that can be implemented efficiently and that suffice for a great variety of practical applicati... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.