[Busec] busec this week: Rafael Pass (Wed 9:30), Andrea Bittau (Wed 11)

Sharon Goldberg goldbe at cs.bu.edu
Mon Mar 17 17:12:24 EDT 2014

We have a full BUSEC morning on Wednesday this week.  First, Rafael Pass
from Cornell will talk about cryptography with tamperable randomness from
9:30-11am. Following that, Andrea Bittau from Stanford will give a CS
colloquium on software security from 11-12:15 in Hariri.  Following that,
we'll have lunch with both speakers at 12:15 in the BUsec lab.  Abstracts

Note the unusual time of the talk and lunch! We start at 9:30 and lunch is
at 12:15. See you there!


 BUsec Calendar:  http://www.bu.edu/cs/busec/
 BUsec Mailing list: http://cs-mailman.bu.edu/mailman/listinfo/busec
 How to get to BU from MIT: The CT2 bus or MIT's "Boston Daytime Shuttle"

On the Impossibility of Cryptography with Tamperable Randomness
Rafael Pass, Cornell
Wed, March 19, 9:30am - 11:00am

We initiate a study of the security of cryptographic primitives in the
presence of efficient tampering attacks to the randomness of honest
parties. More precisely, we consider p-tampering attackers that may
efficiently tamper with each bit of the honest parties' random tape with
probability p, but have to do so in an "online" fashion. Our main result is
a strong negative result: We show that any secure encryption scheme, bit
commitment scheme, or zero-knowledge protocol can be "broken" with
probability O(p) by a p-tampering attacker. The core of this result is a
new Fourier analytic technique for biasing the output of bounded-value
functions, which may be of independent interest.

We also show that this result cannot be extended to primitives such as
signature schemes and identification protocols: assuming the existence of
one-way functions, such primitives can be made resilient to
1/poly-tampering attacks where n is the security parameter.

Joint work with Per Austrin, Kai-Min Chung, Mohammad Mahmoody, Karn Seth

Practical and Principled Security
Andrea Bittau.Stanford.
Wednesday, March 19, 2014 11:00-12:15
Location: Hariri Institute

Most deployed defenses in software security are point solutions to specific
attacks, leading to an arms race. Unfortunately many principled solutions
remain undeployed partly due to complexity, but possibly also because of
the false sense of security people perceive from point solutions. So are
deployed solutions really good enough in practice? If not, how can we make
principled solutions more practical and deployable? Modern deployed
protection mechanisms can in fact be defeated, as we show with our new
Blind Return Oriented Programming (BROP) attack. Using BROP we exploited a
recent vulnerability in the nginx web server, running on 64-bit Linux with
ASLR, NX and canaries enabled. BROP also shows that hackers can sometimes
exploit proprietary services for which the source and binary are unknown.
While there are established security principles that could have prevented
BROP, unfortunately they are not deployed. For example, privilege
separation suggests to split high-privilege applications into multiple
lesser-privilege components. How to achieve this ideal in practice is not
obvious: how do we split existing code, and how do we make the resulting
decomposed system run fast? I'll briefly present Wedge, a privilege
separation system that helps splitting existing code, and then focus on
Dune, a generic platform that makes principled security practical: Dune
leverages modern CPU hardware to make systems like Wedge run fast. Dune
enables practical performance improvements in a range of applications
beyond security, as well.

Host: Rich West.

CPSA: An Accessible Protocol Analysis and Design Tool
Moses Liskov. MITRE.
Wed, March 26, 10am - 11am

The Cryptographic Protocol Shapes Analyzer (CPSA) is an open-source tool
that attempts to enumerate all essentially different possible executions of
a protocol given some initial assumptions.  We call such executions the
"shapes" of the protocol.  Many naturally occurring protocols have only
finitely many, indeed very few shapes.  Flaws in a protocol's design can be
observed clearly in the shapes.  This allows a protocol designer to obtain
frequent feedback during the design process, even without a rigorous
articulation of the protocol's security goals.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cs-mailman.bu.edu/pipermail/busec/attachments/20140317/274325ac/attachment.html>

More information about the Busec mailing list