First year review WP4 overview. Trento - September 24th, 2007
|
|
- Lucas McDaniel
- 5 years ago
- Views:
Transcription
1 First year review WP4 overview Trento - September 24th, 2007
2 Goal of WP4 Trust and Security Analysis of the various SW-based and combined HW/SW-based methods for the RE-TRUST problem 2
3 Participants UNITN (WP leader) Team: - Yoram OFEK - Bruno CRISPO - Amitabh SAXENA - Jasvir NAGRA - Paolo TONELLA
4 Participants UNITN (WP leader) KUL Team: - Bart Preneel - Brecht WYSEUR
5 Participants UNITN (WP leader) KUL GEM Team: - Jean-Daniel AUSSEL - Jerome D ANNOVILLED
6 Participants UNITN (WP leader) KUL GEM POLITO Team: - Mario BALDI - Stefano DI CARLO - Paolo FALCARIN
7 Participants UNITN (WP leader) KUL GEM POLITO SPIIRAS Team: - Igor KOTENKO - Vasily DESNITSKY - Victor VORONTSOV - Vitaly BOGDANOV
8 WP4 Tasks 4.1: Trust and security analysis of the various SW-based methods [POLITO] M24 4.2: Trust analysis of combined HW/SW-based and HW-based methods [POLITO] M30 4.3: Analysis of reverse engineering complexity [UNITN] - M24 4.4: Comparative analysis of RE-TRUST with Trusted Computing (TC) [UNITN] - M36 4.5: Analysis of interaction of RE-TRUST with security protocols [SPIIRAS] - M30
9 WP4 Tasks M1 M2 M3 M4 M5 M6 M7 M8 M9 M10 M11 M12 M13 M14 M15 M16... T4.3 T4.1 T4.2 T4.5 T4.4 9
10 WP4 Tasks M17 M18 M19 M20 M21 M22 M23 M24 M25 M26 M27 M28 M29 M30 M31 M32... T4.1 T4.3 T4.2 T4.4 T4.5 10
11 T4.1 Task 4.1 Goal: Trust and Security Analysis of the various SW-based methods Deliverable: D-4.1 Delivery Date: M24 11
12 Trust Model Untrusted platform HW OS Trusted platform P M TAG seq. Monitor replacement TAG seq. Monitor replacement TAG Validation Monitor factory 12
13 T4.1 Possible Attacks Reverse engineering and direct modification of the code of program Modification of the execution environment (eg. Emulators, debuggers) Dynamic change of program s state without modifying program Execute multiple copies, some modified Intercept/modify network messages 13
14 Proposed Solutions T4.1 (Software-based) Checksum Based Techniques (POLITO) Invariants Monitoring (POLITO) Assertions Based Techniques (UNITN) Barrier Slicing (UNITN) Code obfuscation (KUL, GEM) Dynamic replacement (POLITO) Obfuscated Virtual Machine (UNITN, KUL) 14
15 Checksum Approaches (Analysis) T4.1 Overcomes attack based on direct code modification Fails under Memory copy attack Attacker keeps a good copy of program along with tampered one For checksums, uses good copy Possible because easy to separate execution and data mode access of program code Timing information is difficult to measure across network 15
16 T4.1 Invariants Monitoring (Analysis) Overcomes state modfication With a given level of confidence Fails if attacker can guess the invariant Attacker carries out static/dynamic anaylsis Guesses and maintains some subset of these invariants Possible because some invariants are easy to guess Possible to use trusted hardware to assist invariant monitoring 16
17 Assertion-based Techniques (Analysis) Overcomes state-modification attacks More general than invariants monitoring T4.1 Some states cannot be protected (unsafe states) Scales poorly in programs where state history is important All relevant state must be maintained to apply the assertion.
18 Barrier Slicing (Analysis) T4.1 Overcomes state-modification and code-modification attacks Attacker does not have access to vulnerable code and data Scales poorly because server must execute a large amount of code Some slices may be quite large Defeats one of the objectives of RE-TRUST of performing the most of the computation on the client Tradeoff between efficiency and security Research required to establish a theoretical model to evaluate Security properties of the scheme Amount of work performed by the server and client 18
19 Code Obfuscation (Analysis) T4.1 May increase the effort required by an attacker Metrics required to measure effort Empirical analysis required to evaluate techniques Even empirical studies provide feedback on averageattacker effort, not best-attacker effort Significant problem with class attacks Theoretical results of limited value Indicate limitations on what is possible 19
20 Dynamic replacement (Analysis) T4.1 Early analysis indicates: To be effective, monitor must be replaced before the time attacker takes to reverse-engineer it Metrics needed for this time measurement Requires a monitor factory that can manufacture diverse monitors Monitor must be strongly integrated with program to prevent separation 20
21 Obfuscated Virtual Machine (Analysis) T4.1 If feasible, would allow for a theorectically sound solution to RE-TRUST Early research: Depends on the existence of a secure obfuscator for the virtual machine Feasibility (UNITN, KUL) 21
22 T4.3 Task 4.3 Goal: To analyze the complexity (difficulty) of reverse engineering programs after some obfuscating transformations are applied to it Responsible: UNITN Deliverable: D-4.3 Delivery Date: M24 22
23 Reverse Engineering T4.3 Examples: Learning the algorithm Deducing the source Extracting embedded (cryptographic) key Removing a watermark Discovering some property Eg. Is this code watermarked? Bypassing sections of code Alter behavior in other meaningful ways 23
24 T4.3 Reverse Engineering (Analysis) Research required to understand the efficacy of proposed techniques Theorectical Evaluation Empirical Evaluation (UNITN/POLITO) 24
25 Empirical Study T4.3 (underway) Scenarios: Low level code only / Low + High level code Reverse Engineering Goals: Extract key / watermark, bypass sections of code, alter behavior Obfuscation techniques used: Renaming / Flattening / Opaque predicates / Snippets, etc Languages: Java, C/C++ Tools / training / information available to attacker: Debuggers, de-compilers, emulators, slicers, compilers, etc Partial information of program to be reverse engineered 25
26 T4.5 Task 4.5 Goal: Analysis of interaction of RE-TRUST with security protocols Deliverable: D-4.5 Delivery date: M30 26
27 Security Protocols T4.5 WP2 and WP3 provide the basic blocks which constitute components in a complete system Insufficient to show the security of each component Protocol analysis will be required to investigate the security of the system An attacker may not adhere to the proposed models RE-TRUST is about the man-in-the-end attack 27
Third year review WP3 overview HW/SW-based methods. Riva del Garda October 2 nd, 2009
Third year review WP3 overview HW/SW-based methods Riva del Garda October 2 nd, 2009 Tasks D3.3 D3.4 D3.1 D3.2 D3.5 M0 M3 M6 M9 M12 M15 M18 M21 M24 M27 M30 M33 M36 T3.1 T3.4 T3.3 T3.5 2 Task 3.2 M23 M24
More informationRemote Entrusting by Orthogonal Client Replacement. Ceccato Mariano 1, Mila Dalla Preda 2, Anirban Majumbar 3, Paolo Tonella 1.
Remote Entrusting by Orthogonal Client Replacement Ceccato Mariano, Mila Dalla Preda 2, Anirban Majumbar 3, Paolo Tonella Fondazione Bruno Kessler, Trento, Italy 2 University of Verona, Italy 3 University
More informationRemote Entrusting by Orthogonal Client Replacement
Remote Entrusting by Orthogonal Client Replacement Mariano Ceccato 1, Mila Dalla Preda 2, Anirban Majumdar 3, Paolo Tonella 1 1 Fondazione Bruno Kessler, Trento, Italy 2 University of Verona, Italy 3 University
More informationObfuscating Transformations. What is Obfuscator? Obfuscation Library. Obfuscation vs. Deobfuscation. Summary
? Obfuscating Outline? 1? 2 of Obfuscating 3 Motivation: Java Virtual Machine? difference between Java and others? Most programming languages: Java: Source Code Machine Code Predefined Architecture Java
More informationMan in the Middle Attacks and Secured Communications
FEBRUARY 2018 Abstract This document will discuss the interplay between Man in The Middle (MiTM/ MITM) attacks and the security technologies that are deployed to prevent them. The discussion will follow
More informationUniversity of East London Institutional Repository:
University of East London Institutional Repository: http://roar.uel.ac.uk This paper is made available online in accordance with publisher policies. Please scroll down to view the document itself. Please
More informationCertification Report
Certification Report Symantec Security Information Manager 4.8.1 Issued by: Communications Security Establishment Certification Body Canadian Common Criteria Evaluation and Certification Scheme Government
More informationC and C++ Secure Coding 4-day course. Syllabus
C and C++ Secure Coding 4-day course Syllabus C and C++ Secure Coding 4-Day Course Course description Secure Programming is the last line of defense against attacks targeted toward our systems. This course
More informationRemote software protection by orthogonal client replacement
Remote software protection by orthogonal client replacement Mariano Ceccato, Paolo Tonella Fondazione Bruno Kessler IRST Trento, Italy {ceccato,tonella@fbk.eu Mila Dalla Preda University of Verona Verona,
More informationCertification Report
Certification Report Standard Edition v2.8.2 RELEASE Issued by: Communications Security Establishment Canada Certification Body Canadian Common Criteria Evaluation and Certification Scheme Government of
More informationCode Obfuscation 10**2+(2*a+3)%2. When 2018/11/29 Where JSecIn Who Gaetan Ferry Why For fun!
Code Obfuscation 10**2+(2*a+3)%2 When 2018/11/29 Where JSecIn Who Gaetan Ferry Why For fun! me@jsecin:/ $ whoami Gaetan Ferry @mabo^w Not on twitter Security expert @Synacktiv : Offensive security company
More informationResearch Institute in Secure Hardware & Embedded Systems (RISE) Professor Máire O Neill
Research Institute in Secure Hardware & Embedded Systems (RISE) Professor Máire O Neill Source: Ericsson Mobility Report, Nov 2016 Need for Hardware Security Demand for Hardware Security research & innovation
More informationDistributed Systems. Lecture 14: Security. Distributed Systems 1
06-06798 Distributed Systems Lecture 14: Security Distributed Systems 1 What is security? policies and mechanisms threats and attacks Overview Security of electronic transactions secure channels authentication
More informationHIRP OPEN 2018 Compiler & Programming Language. An Efficient Framework for Optimizing Tensors
An Efficient Framework for Optimizing Tensors 1 Theme: 2 Subject: Compiler Technology List of Abbreviations NA 3 Background Tensor computation arises frequently in machine learning, graph analytics and
More informationCertification Report
Certification Report Issued by: Communications Security Establishment Certification Body Canadian Common Criteria Evaluation and Certification Scheme Government of Canada, Communications Security Establishment,
More informationDistributed Systems. Lecture 14: Security. 5 March,
06-06798 Distributed Systems Lecture 14: Security 5 March, 2002 1 What is security? policies and mechanisms threats and attacks Overview Security of electronic transactions secure channels authentication
More informationOverview. Handling Security Incidents. Attack Terms and Concepts. Types of Attacks
Overview Handling Security Incidents Chapter 7 Lecturer: Pei-yih Ting Attacks Security Incidents Handling Security Incidents Incident management Methods and Tools Maintaining Incident Preparedness Standard
More informationCertification Report
Certification Report Security Intelligence Platform 4.0.5 Issued by: Communications Security Establishment Certification Body Canadian Common Criteria Evaluation and Certification Scheme Government of
More informationHow to secure your mobile application with RASP
How to secure your mobile application with RASP Webinar - 13 December 2016 Agenda 1. Mobile Application Security Risk categories Protection layers including RASP Dirk Denayer Enterprise & Application Security
More informationSoftware Protection: How to Crack Programs, and Defend Against Cracking Lecture 7: Tamperproofing II Minsk, Belarus, Spring 2014
Software Protection: How to Crack Programs, and Defend Against Cracking Lecture 7: Tamperproofing II Minsk, Belarus, Spring 2014 Christian Collberg University of Arizona www.cs.arizona.edu/ collberg c
More informationModel Checking Cryptoprocessors (or Why I Like the British Museum ) Mike Bond Computer Laboratory 12th November 2002
Model Checking Cryptoprocessors (or Why I Like the British Museum ) Mike Bond Computer Laboratory 12th November 2002 Contents The Problem : Analysing Security APIs Protocol Analysis Tools The Formalisation
More informationImpact of Dependency Graph in Software Testing
Impact of Dependency Graph in Software Testing Pardeep Kaur 1, Er. Rupinder Singh 2 1 Computer Science Department, Chandigarh University, Gharuan, Punjab 2 Assistant Professor, Computer Science Department,
More informationIMPACT OF DEPENDENCY GRAPH IN SOFTWARE TESTING
IMPACT OF DEPENDENCY GRAPH IN SOFTWARE TESTING Pardeep kaur 1 and Er. Rupinder Singh 2 1 Research Scholar, Dept. of Computer Science and Engineering, Chandigarh University, Gharuan, India (Email: Pardeepdharni664@gmail.com)
More informationINTRODUCTION TO CLOAKWARE/TRS TECHNOLOGY
INTRODUCTION TO CLOAKWARE/TRS TECHNOLOGY VERSION 2.2 OCTOBER 2001 SUMMARY Software is easy to tamper with and reverse engineer so unprotected software deployed on malicious hosts can t be trusted by corporations
More informationEmbedded/Connected Device Secure Coding. 4-Day Course Syllabus
Embedded/Connected Device Secure Coding 4-Day Course Syllabus Embedded/Connected Device Secure Coding 4-Day Course Course description Secure Programming is the last line of defense against attacks targeted
More informationExperience with Software Watermarking. Jens Palsberg, Sowmya Krishnaswamy, Minseok Kwon, Di Ma, Qiuyun Shao, Yi Zhang
Experience with Software Watermarking Jens Palsberg, Sowmya Krishnaswamy, Minseok Kwon, Di Ma, Qiuyun Shao, Yi Zhang Properties of Watermarks Easy to create Easy to verify Difficult to remove Difficult
More informationCertification Report
Certification Report Issued by: Communications Security Establishment Certification Body Canadian Common Criteria Evaluation and Certification Scheme Government of Canada, Communications Security Establishment,
More informationCertification Report
Certification Report EAL 2+ Evaluation of Netsight/Network Access Control v3.2.2 Issued by: Communications Security Establishment Canada Certification Body Canadian Common Criteria Evaluation and Certification
More informationCOMMON CRITERIA CERTIFICATION REPORT
COMMON CRITERIA CERTIFICATION REPORT Ixia NTO 7303 and Vision ONE v4.5.0.29 30 October 2017 383-4-409 1.0 Government of Canada. This document is the property of the Government of Canada. It shall not be
More informationPredicting the Resilience of Obfuscated Code Against Symbolic Execution Attacks via Machine Learning
Fakultät für Informatik Technische Universität München 26th USENIX Security Symposium Predicting the Resilience of Obfuscated Code Against Symbolic Execution Attacks via Machine Learning Sebastian Banescu
More informationWhite-Box Cryptography State of the Art. Paul Gorissen
White-Box Cryptography State of the Art Paul Gorissen paul.gorissen@philips.com Outline Introduction Attack models White-box cryptography How it is done Interesting properties State of the art Conclusion
More informationCertification Report
Certification Report HP 3PAR StoreServ Storage Systems Version 3.2.1 MU3 Issued by: Communications Security Establishment Certification Body Canadian Common Criteria Evaluation and Certification Scheme
More informationJoint Interpretation Library
Object: Define concept and methodology applicable to composite product evaluation. Version 1.5 October 2017 October 2017 Version1.5 Page 1/55 This page is intentionally left blank Page 2/55 Version 1.5
More informationCOMMON CRITERIA CERTIFICATION REPORT
COMMON CRITERIA CERTIFICATION REPORT WorkCentre 7525/7530/7535/7545/7556 with FIPS 140-2 Compliance over SNMPv3 25 July 2016 v1.0 383-4-371 Government of Canada. This document is the property of the Government
More informationNational Cyber R&D Framework: Changing The Game Recommendations from the NITRD Senior Steering Group on Cybersecurity R&D
Presentation to ACSAC 2009 National Cyber R&D Framework: Changing The Game Recommendations from the NITRD Senior Steering Group on Cybersecurity R&D Tomas Vagoun Technical Coordinator vagoun@nitrd.gov
More informationIndustrial Approach: Obfuscating Transformations
Industrial Approach: Obfuscating Transformations Yury Lifshits Steklov Institute of Mathematics, St.Petersburg, Russia yura@logic.pdmi.ras.ru Tartu University 17/03/2006 Yury Lifshits (Steklov Inst. of
More informationCertification Report
Certification Report EAL 4 Evaluation of Issued by: Communications Security Establishment Canada Certification Body Canadian Common Criteria Evaluation and Certification Scheme Government of Canada, Communications
More information14th ANNUAL WORKSHOP 2018 A NEW APPROACH TO SWITCHING NETWORK IMPLEMENTATION. Harold E. Cook. Director of Software Engineering Lightfleet Corporation
14th ANNUAL WORKSHOP 2018 A NEW APPROACH TO SWITCHING NETWORK IMPLEMENTATION Harold E. Cook Director of Software Engineering Lightfleet Corporation April 9, 2018 OBJECTIVES Discuss efficiency and reliability
More informationSteps for project success. git status. Milestones. Deliverables. Homework 1 submitted Homework 2 will be posted October 26.
git status Steps for project success Homework 1 submitted Homework 2 will be posted October 26 due November 16, 9AM Projects underway project status check-in meetings November 9 System-building project
More informationInitial recommendations of long-term secure post-quantum systems
Initial recommendations of long-term secure post-quantum systems Tanja Lange 07 September 2015 Dagstuhl Workshop on Quantum Cryptanalysis Post-Quantum Cryptography for Long-term Security Project funded
More informationVersion:1.1. Overview of speculation-based cache timing side-channels
Author: Richard Grisenthwaite Date: January 2018 Version 1.1 Introduction This whitepaper looks at the susceptibility of Arm implementations following recent research findings from security researchers
More informationHigh-Level Information Interface
High-Level Information Interface Deliverable Report: SRC task 1875.001 - Jan 31, 2011 Task Title: Exploiting Synergy of Synthesis and Verification Task Leaders: Robert K. Brayton and Alan Mishchenko Univ.
More informationCertification Report
Certification Report Curtiss-Wright Issued by: Communications Security Establishment Canada Certification Body Canadian Common Criteria Evaluation and Certification Scheme Government of Canada, Communications
More informationStatic Analysis Techniques
oftware Design (F28SD2): Static Analysis Techniques 1 Software Design (F28SD2) Static Analysis Techniques Andrew Ireland School of Mathematical and Computer Science Heriot-Watt University Edinburgh oftware
More informationCOMMON CRITERIA CERTIFICATION REPORT
COMMON CRITERIA CERTIFICATION REPORT EMC VPLEX v5.5 Version 1.0 11 May 2016 FOREWORD This certification report is an UNCLASSIFIED publication, issued under the authority of the Chief, Communications Security
More informationPacket-Level Diversity From Theory to Practice: An based Experimental Investigation
Packet-Level Diversity From Theory to Practice: An 802.11- based Experimental Investigation E. Vergetis, E. Pierce, M. Blanco and R. Guérin University of Pennsylvania Department of Electrical & Systems
More informationOutline More Security Protocols CS 239 Computer Security February 4, 2004
Outline More Security Protocols CS 239 Computer Security February 4, 2004 Combining key distribution and authentication Verifying security protocols Page 1 Page 2 Combined Key Distribution and Authentication
More informationCertification Report
Certification Report Issued by: Communications Security Establishment Certification Body Canadian Common Criteria Evaluation and Certification Scheme Government of Canada, Communications Security Establishment,
More informationCertification Report
Certification Report McAfee File and Removable Media Protection 4.3.1 and epolicy Orchestrator 5.1.2 Issued by: Communications Security Establishment Certification Body Canadian Common Criteria Evaluation
More informationQiang Li && Zhibin Hu/Qihoo 360 Gear Team Ruxcon 2016
Qiang Li && Zhibin Hu/Qihoo 360 Gear Team Ruxcon 2016 Who are we Security researcher in Qihoo 360 Inc(Gear Team) Vulnerability discovery and analysis Specialize in QEMU currently 50+ security issues, 33
More informationExample: Configuring DHCP Snooping and DAI to Protect the Switch from ARP Spoofing Attacks
Example: Configuring DHCP Snooping and DAI to Protect the Switch from ARP Spoofing Attacks In an ARP spoofing attack, the attacker associates its own MAC address with the IP address of a network device
More informationRISCV with Sanctum Enclaves. Victor Costan, Ilia Lebedev, Srini Devadas
RISCV with Sanctum Enclaves Victor Costan, Ilia Lebedev, Srini Devadas Today, privilege implies trust (1/3) If computing remotely, what is the TCB? Priviledge CPU HW Hypervisor trusted computing base OS
More informationProgram Partitioning for Secure Execution
Program Partitioning for Secure Execution Charles W. O Donnell G. Edward Suh Srini Devadas September 24, 2004 4 th MIT CSAIL Computer Architecture Workshop Licensing $oftware Licensing important Software
More informationCITS5501 Software Testing and Quality Assurance Formal methods
CITS5501 Software Testing and Quality Assurance Formal methods Unit coordinator: Arran Stewart May 1, 2018 1 / 49 Sources Pressman, R., Software Engineering: A Practitioner s Approach, McGraw-Hill, 2005
More informationSEL-3021 Serial Encrypting Transceiver Security Policy Document Version 1.9
SEL-3021 Serial Encrypting Transceiver Security Policy Document Version 1.9 Schweitzer Engineering Laboratories, Inc. May 21, 2007 Copyright 2005-2007 Schweitzer Engineering Laboratories, Inc. May be reproduced
More informationUnboxing the whitebox. Jasper van CTO Riscure North America ICMC 16
Unboxing the whitebox Jasper van Woudenberg @jzvw CTO Riscure North America ICMC 16 Riscure Certification Pay TV, EMVco, smart meter, CC Evaluation & consultancy Mobile (TEE/HCE/WBC) Secure architecture
More informationDIOGENE (Digital I/O GENerator Engine) Project Requirements
SCO-DIOGENE-0-- 1 of 13 DIOGENE (Digital I/O GENerator Engine) Project Requirements Document : SCO-DIOGENE-0-.doc Revision : SCO-DIOGENE-0-- 2 of 13 APPROVAL Name Signature Date Prepared by Sergio Cigoli
More informationCOMMON CRITERIA CERTIFICATION REPORT
COMMON CRITERIA CERTIFICATION REPORT CA Technologies CA API Gateway v9.2 10 October 2017 383-4-417 V 1.0 Government of Canada. This document is the property of the Government of Canada. It shall not be
More informationNational Information Assurance Partnership. Common Criteria Evaluation and Validation Scheme Validation Report
National Information Assurance Partnership TM Common Criteria Evaluation and Validation Scheme Validation Report Delta Security Technologies Sentinel Model III Computer Security System Report Number: CCEVS-VR-02-0023
More informationCertification Report
Certification Report Issued by: Communications Security Establishment Certification Body Canadian Common Criteria Evaluation and Certification Scheme Government of Canada, Communications Security Establishment,
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 14: Software Security Department of Computer Science and Engineering University at Buffalo 1 Software Security Exploiting software vulnerabilities is paramount
More informationThe H2020 PQCRYPTO project
The H2020 PQCRYPTO project Andreas Hülsing 05 October 2015 3rd ETSI/IQC Workshop on Quantum-Safe Cryptography Post-Quantum Cryptography for Long-term Security Project funded by EU in Horizon 2020. Starting
More informationMarket Trends and Challenges in Vehicle Security
Market Trends and Challenges in Vehicle Security FTF-AUT-F0080 Richard Soja Automotive MCU Systems Engineer A P R. 2 0 1 4 TM External Use Microcontrollers and Digital Networking Processors A Global Leader
More informationCisco Secure Boot and Trust Anchor Module Differentiation
Solution Overview Cisco Secure Boot and Trust Anchor Module Differentiation Cisco Trust Anchor Technologies provide the foundation for Cisco Trustworthy Systems. Cisco Secure Boot helps ensure that the
More informationParallel Assertion Processing using Memory Snapshots
Parallel Assertion Processing using Memory Snapshots Junaid Haroon Siddiqui Muhammad Faisal Iqbal Derek Chiou UCAS5 26 April 2009 Motivation Importance of Assertions Parallel Assertion Processing Memory
More informationCOMMON CRITERIA CERTIFICATION REPORT
COMMON CRITERIA CERTIFICATION REPORT WorkCentre 7845/7845i/7855/7855i 2016 Xerox ConnectKey Technology 12 August 2016 v1.0 383-4-382 Government of Canada. This document is the property of the Government
More informationMetodologie di Progettazione Hardware e Software
POLITECNICO DI MILANO Metodologie di Progettazione Hardware e Software Reconfigurable Computing - Design Flow - Marco D. Santambrogio marco.santabrogio@polimi.it Outline 2 Retargetable Compiler Basic Idea
More informationIOT FLAGSHIP PROJECT. Dr. Mario Drobics, AIT
IOT FLAGSHIP PROJECT Dr. Mario Drobics, AIT Challenge Digitalization over the entire product lifecycle accelerates the development, validation, instrumentation and deployment of complex industrial products
More informationVerfying the SSH TLP with ProVerif
A Demo Alfredo Pironti Riccardo Sisto Politecnico di Torino, Italy {alfredo.pironti,riccardo.sisto}@polito.it CryptoForma Bristol, 7-8 April, 2010 Outline Introduction 1 Introduction 2 3 4 Introduction
More informationJava A Prototype Dynamic Diversity for Protecting Java Software
Copyright c The Institute of Electronics, Information and Communication Engineers SCIS 2012 The 29th Symposium on Cryptography and Information Security Kanazawa, Japan, Jan. 30 - Feb. 2, 2012 The Institute
More informationAre Your Mobile Apps Well Protected? Daniel Xiapu Luo Department of Computing The Hong Kong Polytechnic Unviersity
Are Your Mobile Apps Well Protected? Daniel Xiapu Luo csxluo@comp.polyu.edu.hk Department of Computing The Hong Kong Polytechnic Unviersity 1 What if your mobile app is reverse-engineered by others? Core
More informationCertification Report
Certification Report EMC Issued by: Communications Security Establishment Certification Body Canadian Common Criteria Evaluation and Certification Scheme Government of Canada, Communications Security Establishment,
More informationIDIOSYNCRATIC SIGNATURES FOR AUTHENTICATED EXECUTION The TrustedFlow Protocol and its Application to TCP
IDIOSYNCRATIC SIGNATURES FOR AUTHENTICATED EXECUTION The TrustedFlow Protocol and its Application to TCP Mario Baldi Computer Engineering Department Torino Polytechnic Torino, Italy mario.baldi@polito.it
More informationCERT Development EFFECTIVE RESPONSE
CERT Development EFFECTIVE RESPONSE CERT Development: EFFECTIVE RESPONSE 2 Effective Response Effective Response Well funded, organized attackers threaten your network IT attacks can result in: Loss of
More informationFormal verification of program obfuscations
Formal verification of program obfuscations Sandrine Blazy joint work with Roberto Giacobazzi and Alix Trieu IFIP WG 2.11, 2015-11-10 1 Background: verifying a compiler Compiler + proof that the compiler
More informationSemantic Security Analysis of SCADA Networks to Detect Malicious Control Commands in Power Grids
Semantic Security Analysis of SCADA Networks to Detect Malicious Control Commands in Power Grids Hui Lin, Adam Slagell, Zbigniew Kalbarczyk, Peter W. Sauer, and Ravishankar K. Iyer Department of Electrical
More informationMobile Payment Application Security. Security steps to take while developing Mobile Application s. SISA Webinar.
Mobile Payment Application Security Security steps to take while developing Mobile Application s About SISA Payment Security Specialists PCI Certification Body (PCI Qualified Security Assessor) Payment
More informationTHE POWER AND RISK OF MOBILE. White paper
THE POWER AND RISK OF MOBILE White paper TABLE OF CONTENTS Executive Summary - 3 Introduction - 4 The Power and Risk of Mobile - 4 Growing Dominance of Android - 5 Best Practices to Develop Secure Mobile
More informationTable 1 lists the projects and teams. If you want to, you can switch teams with other students.
University of Arizona, Department of Computer Science CSc 620 Assignment 3 40% Christian Collberg August 27, 2008 1 Introduction This is your main project for the class. The project is worth 40% of your
More informationCOMMON CRITERIA CERTIFICATION REPORT
COMMON CRITERIA CERTIFICATION REPORT VMware Horizon 6 version 6.2.2 and Horizon Client 3.5.2 12 August 2016 v1.0 File Number 383-4-356 Government of Canada. This document is the property of the Government
More informationAPPLICATION OF WATERMARKING TO SOFTWARE PIRACY
APPLICATION OF WATERMARKING TO SOFTWARE PIRACY Ekene Frank Ozioko Department of Computer and Information Science, Enugu State University of Science and Technology, Enugu.(ekene.ozioko@esut.edu.ng) ABSTRACT
More informationWhoamI. Attacking WBC Implementations No con Name 2017
Attacking WBC Implementations No con Name 2017 1 WHO I AM EDUCATION: Computer Science MSc in IT security COMPANY & ROLES: HCE Security Evaluator R&D Engineer WBC project Responsible of Android security
More informationFY97 ICCS Prototype Specification
FY97 ICCS Prototype Specification John Woodruff 02/20/97 DISCLAIMER This document was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government
More informationCertification Report
Certification Report EAL 4+ Evaluation of Firewall Enterprise v8.2.0 and Firewall Enterprise Control Center v5.2.0 Issued by: Communications Security Establishment Canada Certification Body Canadian Common
More informationCOTS Commercial is not always advertising Monica Alderighi
COTS Commercial is not always advertising Monica Alderighi Astro-Siesta, 30/01/2014 M. Alderigh, Astro-Siesta, 30/01/2014 1 COTS - Definition By Commercial Off-The-Shelf (COTS) is meant software or hardware
More information3GPP TS V4.0.0 ( )
TS 35.205 V4.0.0 (2001-04) Technical Specification 3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; 3G Security; Specification of the MILENAGE Algorithm Set:
More informationOutline. More Security Protocols CS 239 Security for System Software April 22, Needham-Schroeder Key Exchange
Outline More Security Protocols CS 239 Security for System Software April 22, 2002 Combining key distribution and authentication Verifying security protocols Page 1 Page 2 Combined Key Distribution and
More informationSuggesting Potency Measures for Obfuscated Arrays and Usage of Source Code Obfuscators for Intellectual Property Protection of Java Products
2011 International Conference on Information and Network Technology IPCSIT vol.4 (2011) (2011) IACSIT Press, Singapore Suggesting Potency Measures for Obfuscated Arrays and Usage of Source Code Obfuscators
More informationReview Software Engineering October, 7, Adrian Iftene
Review Software Engineering October, 7, 2013 Adrian Iftene adiftene@info.uaic.ro Software engineering Basics Definition Development models Development activities Requirement analysis Modeling (UML Diagrams)
More informationCOMMON CRITERIA CERTIFICATION REPORT
COMMON CRITERIA CERTIFICATION REPORT McAfee Policy Auditor 6.4 with epolicy Orchestrator 5.10 5 November 2018 383-4-455 V1.0 Government of Canada. This document is the property of the Government of Canada.
More informationMobile Application Protection
Mobile Application Protection Bill Horne, VP and GM Intertrust Secure Systems November 9, 2017 Over 25 years of experience in security and trusted computing Headquartered in Silicon Valley with global
More informationAn Attack Surface Driven Approach to Evaluation
An Attack Surface Driven Approach to Evaluation Helmut Kurth atsec information security corp. 10th ICCC, Tromso - atsec information security Content What is the attack surface? Attack surface and TSFI
More informationImplementation of an Obfuscation Tool for C/C++ Source Code Protection on the XScale Architecture *
Implementation of an Obfuscation Tool for C/C++ Source Code Protection on the XScale Architecture * Seongje Cho 1, Hyeyoung Chang 1, and Yookun Cho 2 1 Dept. of Computer Science & Engineering, Dankook
More informationObfuscation Studio Executive
PROCEEDINGS OF WORLD ACADEMY OF SCIENCE, ENGINEERING AND TECHNOLOGY VOLUME 1 DECEMBER 25 ISSN 137-6884 Obfuscation Studio Executive Siarhei Petryk, and Vyacheslav Yarmolik Abstract New software protection
More informationPart 1: Anatomy of an Insider Threat Attack
Part 1: Anatomy of an Insider Threat Attack Shiri Margel Data Security Research Team Lead Imperva Carrie McDaniel Emerging Products Team Lead Imperva Shiri Margel Data Security Research Team Lead Masters
More informationSecure boot under attack: Simulation to enhance fault injection & defenses
Secure boot under attack: Simulation to enhance fault injection & defenses Martijn Bogaard Senior Security Analyst martijn@riscure.com / @jmartijnb Niek Timmers Principal Security Analyst niek@riscure.com
More informationSynthesis of Fault-Attack Countermeasures for Cryptographic Circuits
Synthesis of Fault-Attack Countermeasures for Cryptographic Circuits Hassan Eldib, Meng Wu, and Chao Wang CAV, July 23, 2016 Cryptographic Algorithm: an example Plaintext Chip Ciphertext 0110 1001 1011
More informationUNCLASSIFIED R-1 ITEM NOMENCLATURE FY 2013 OCO
Exhibit R-2, RDT&E Budget Item Justification: PB 2013 Office of Secretary Of Defense DATE: February 2012 0400: Research,, Test & Evaluation, Defense-Wide BA 3: Advanced Technology (ATD) COST ($ in Millions)
More informationEARLY PREDICTION OF HARDWARE COMPLEXITY IN HLL-TO-HDL TRANSLATION
UNIVERSITA DEGLI STUDI DI NAPOLI FEDERICO II Facoltà di Ingegneria EARLY PREDICTION OF HARDWARE COMPLEXITY IN HLL-TO-HDL TRANSLATION Alessandro Cilardo, Paolo Durante, Carmelo Lofiego, and Antonino Mazzeo
More informationDETERMINISTIC VARIATION FOR ANTI-TAMPER APPLICATIONS
DETERMINISTIC VARIATION FOR ANTI-TAMPER APPLICATIONS J. Todd McDonald, Yong C. Kim, Daniel Koranek Dr. Jeffrey Todd McDonald, Ph.D. Center for Forensics, Information Technology, and Security School of
More information