Export Citations
Save this search
Please login to be able to save your searches and receive alerts for new content matching your search criteria.
- research-articleOctober 2008
Cryptographically verified implementations for TLS
CCS '08: Proceedings of the 15th ACM conference on Computer and communications securityPages 459–468https://doi.org/10.1145/1455770.1455828We intend to narrow the gap between concrete implementations of cryptographic protocols and their verified models. We develop and verify a small functional implementation of the Transport Layer Security protocol (TLS 1.0). We make use of the same ...
- research-articleOctober 2008
Authenticated hash tables
CCS '08: Proceedings of the 15th ACM conference on Computer and communications securityPages 437–448https://doi.org/10.1145/1455770.1455826Hash tables are fundamental data structures that optimally answer membership queries. Suppose a client stores n elements in a hash table that is outsourced at a remote server so that the client can save space or achieve load balancing. Authenticating ...
- research-articleOctober 2008
Tupni: automatic reverse engineering of input formats
CCS '08: Proceedings of the 15th ACM conference on Computer and communications securityPages 391–402https://doi.org/10.1145/1455770.1455820Recent work has established the importance of automatic reverse engineering of protocol or file format specifications. However, the formats reverse engineered by previous tools have missed important information that is critical for security ...
- research-articleOctober 2008
Privacy oracle: a system for finding application leaks with black box differential testing
CCS '08: Proceedings of the 15th ACM conference on Computer and communications securityPages 279–288https://doi.org/10.1145/1455770.1455806We describe the design and implementation of Privacy Oracle, a system that reports on application leaks of user information via the network traffic that they send. Privacy Oracle treats each application as a black box, without access to either its ...
- research-articleOctober 2008
Information leaks in structured peer-to-peer anonymous communication systems
CCS '08: Proceedings of the 15th ACM conference on Computer and communications securityPages 267–278https://doi.org/10.1145/1455770.1455805We analyze information leaks in the lookup mechanisms of structured peer-to-peer anonymous communication systems and how these leaks can be used to compromise anonymity. We show that the techniques that are used to combat active attacks on the lookup ...
- research-articleOctober 2008
FairplayMP: a system for secure multi-party computation
CCS '08: Proceedings of the 15th ACM conference on Computer and communications securityPages 257–266https://doi.org/10.1145/1455770.1455804We present FairplayMP (for "Fairplay Multi-Party"), a system for secure multi-party computation. Secure computation is one of the great achievements of modern cryptography, enabling a set of untrusting parties to compute any function of their private ...
- research-articleOctober 2008
Enforcing authorization policies using transactional memory introspection
CCS '08: Proceedings of the 15th ACM conference on Computer and communications securityPages 223–234https://doi.org/10.1145/1455770.1455800Correct enforcement of authorization policies is a difficult task, especially for multi-threaded software. Even in carefully-reviewed code, unauthorized access may be possible in subtle corner cases. We introduce Transactional Memory Introspection (TMI),...
- research-articleOctober 2008
Verifiable functional purity in java
CCS '08: Proceedings of the 15th ACM conference on Computer and communications securityPages 161–174https://doi.org/10.1145/1455770.1455793Proving that particular methods within a code base are functionally pure--deterministic and side-effect free--would aid verification of security properties including function invertibility, reproducibility of computation, and safety of untrusted code ...
- research-articleOctober 2008
Reducing protocol analysis with XOR to the XOR-free case in the horn theory based approach
CCS '08: Proceedings of the 15th ACM conference on Computer and communications securityPages 129–138https://doi.org/10.1145/1455770.1455788In the Horn theory based approach for cryptographic protocol analysis, cryptographic protocols and (Dolev-Yao) intruders are modeled by Horn theories and security analysis boils down to solving the derivation problem for Horn theories. This approach and ...
- research-articleOctober 2008
Computational soundness of observational equivalence
CCS '08: Proceedings of the 15th ACM conference on Computer and communications securityPages 109–118https://doi.org/10.1145/1455770.1455786Many security properties are naturally expressed as indistinguishability between two versions of a protocol. In this paper, we show that computational proofs of indistinguishability can be considerably simplified, for a class of processes that covers ...
- research-articleOctober 2008
Extending logical attack graphs for efficient vulnerability analysis
CCS '08: Proceedings of the 15th ACM conference on Computer and communications securityPages 63–74https://doi.org/10.1145/1455770.1455780Attack graph illustrates all possible multi-stage, multi-host attacks in an enterprise network and is essential for vulnerability analysis tools. Recently, researchers have addressed the problem of scalable generation of attack graph by logical ...