1 Beyond Authentication Don’t Trust, Just Verify Eran Tromer BRCMF Inaguration Ceremony 21 Nov 2013.

Slides:



Advertisements
Similar presentations
1 Trust Evidence in Heterogeneous Environments: Towards a Research Agenda Ravi Sandhu Executive Director and Endowed Professor May 2010
Advertisements

1 Susan Alexander Chief Technology Officer for Information and Identity Assurance Office of the Assistant Secretary of Defense, Networks and Information.
Operating System Security
……+(4n-3) = n(2n-1) P 1 = 1(2(1)-1)=1 check.
Secure Systems Research Group - FAU Process Standards (and Process Improvement)
1 Information Security – Theory vs. Reality , Winter 2011 Lecture 2: Crypto review, fault attacks Eran Tromer (This lecture was given mostly.
1 Integrity for Car-Computing A cryptographic vision for integrity in vehicle networks Eran Tromer Transportation CybserSecurity 18 Feb 2014.
Chapter 6 Security Kernels.
Software Failure: Reasons Incorrect, missing, impossible requirements * Requirement validation. Incorrect specification * Specification verification. Faulty.
Software Certification and Attestation Rajat Moona Director General, C-DAC.
EEC 688/788 Secure and Dependable Computing Lecture 2 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
Fundamentals of Computer Security Geetika Sharma Fall 2008.
Data - Information - Knowledge
June 1, 2004Computer Security: Art and Science © Matt Bishop Slide #18-1 Chapter 18: Introduction to Assurance Overview Why assurance? Trust and.
Chapter 1 Introduction. Chapter Overview Overview of Operating Systems Secure Operating Systems Basic Concepts in Information Security Design of a Secure.
CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.
Distributed systems Module 2 -Distributed algorithms Teaching unit 1 – Basic techniques Ernesto Damiani University of Bozen Lesson 4 – Consensus and reliable.
Stephen S. Yau CSE465 & CSE591, Fall Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,
ELI BEN-SASSON, ALESSANDRO CHIESA, ERAN TROMER AND MADARS VIRZA USENIX SECURITY SYMPOSIUM 2014 Succinct Non-Interactive Zero Knowledge for a von Neumann.
The Systems Assurance Group Dr Jaspal Sagoo Systems Assurance Group QinetiQ Trusted Information Management Malvern Technology Centre.
DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
Public Key Infrastructure Ammar Hasayen ….
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
D ATABASE S ECURITY Proposed by Abdulrahman Aldekhelallah University of Scranton – CS521 Spring2015.
Unit Testing & Defensive Programming. F-22 Raptor Fighter.
ECE453 – Introduction to Computer Networks Lecture 18 – Network Security (I)
Patterns for Secure Boot and Secure Storage in Computer Systems By: Hans L¨ohr, Ahmad-Reza Sadeghi, Marcel Winandy Horst G¨ortz Institute for IT Security,
Hardware Support for Trustworthy Systems Ted Huffmire ACACES 2012 Fiuggi, Italy.
E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.
Software engineering. What is software engineering? Software engineering is an engineering discipline which is concerned with all aspects of software.
Computer Science and Engineering 1 Service-Oriented Architecture Security 2.
Center of Excellence for IT at Bellevue College. Cyber security and information assurance refer to measures for protecting computer systems, networks,
PAPER PRESENTATION ON NETWORK SECURITY ISSUES BY M.D SAMEER YASMEEN SULTHANA.
Cosc 4765 Trusted Platform Module. What is TPM The TPM hardware along with its supporting software and firmware provides the platform root of trust. –It.
Copyright 2014 Open Networking User Group. All Rights Reserved Confidential Not For Distribution Six Steps To A Common Open Networking Ecosystem Common.
1 Information Security – Theory vs. Reality , Winter Lecture 8: Integrity on untrusted platforms: Proof-Carrying Data Eran Tromer.
Secure Active Network Prototypes Sandra Murphy TIS Labs at Network Associates March 16,1999.
Scalable Distributed Service Integrity Attestation for Software-as-a-Service Clouds.
Summary of Distributed Computing Security Yifeng Zou Georgia State University
出處 :2010 2nd International Conference on Signal Processing Systems (ICSPS) 作者 :Zhidong Shen 、 Qiang Tong 演講者 : 碩研資管一甲 吳俊逸.
1 University of Palestine Information Security Principles ITGD 2202 Ms. Eman Alajrami 2 nd Semester
Chapter 7 – Confidentiality Using Symmetric Encryption.
Enhancing Security and Privacy in Online Social Networks Sonia Jahid University of Illinois at Urbana-Champaign PhD Forum.
COSC 513 Operating Systems Project Presentation: Internet Security Instructor: Dr. Anvari Student: Ying Zhou Spring 2003.
P ROTOCOL FOR COLLABORATING MOBILE AGENTS IN THE NETWORK INTRUSION DETECTION SYSTEMS. By Olumide Simeon Ogunnusi Shukor Abd Razak.
AUTHORS – X. NIE, D. FENG, J. CHE, X. WANG PRESENTED BY- PREOYATI KHAN KENT STATE UNIVERSITY Design and Implementation of Security Operating System based.
Ingredients of Security
Trusted Passages: Managing Trust Properties of Open Distributed Overlays Faculty: Mustaque Ahamad, Greg Eisenhauer, Wenke Lee and Karsten Schwan PhD Students:
Security Distributed Systems Lecture # 14. Why care about security? Authentication Use another person’s ID for sending Non-repudiation E-commerce.
Computer Security By Duncan Hall.
6.033 Quiz3 Review Spring How can we achieve security? Authenticate agent’s identity Verify the integrity of the request Check the agent’s authorization.
PREPARED BY: MS. ANGELA R.ICO & MS. AILEEN E. QUITNO (MSE-COE) COURSE TITLE: OPERATING SYSTEM PROF. GISELA MAY A. ALBANO PREPARED BY: MS. ANGELA R.ICO.
Slide #18-1 Introduction to Assurance CS461/ECE422 Fall 2008 Based on slides provided by Matt Bishop for use with Computer Security: Art and Science.
Modeling security 1. Models - encryption r Alice and Bob have the same key k r Alice and Bob exchange encrypted messages r Eve wants to get the plaintext.
Intrusion Tolerant Architectures
Outline Basic concepts in computer security
Network Security Basics: Malware and Attacks
Martin Casado, Nate Foster, and Arjun Guha CACM, October 2014
Chapter 18: Introduction to Assurance
Frequently asked questions about software engineering
Cloud Testing Shilpi Chugh.
Athith Amarnath, graduate Student Database and Security Research Group
IS4680 Security Auditing for Compliance
INFORMATION SYSTEMS SECURITY and CONTROL
Re(AC)t Reputation and Anonymous Credentials for Access Control (t=2)
How to Mitigate the Consequences What are the Countermeasures?
Computer Systems Key Revision Points.
Chapter -7 CRYPTOGRAPHIC HASH FUNCTIONS
Security in SDR & cognitive radio
Presentation transcript:

1 Beyond Authentication Don’t Trust, Just Verify Eran Tromer BRCMF Inaguration Ceremony 21 Nov 2013

2 Talking about… Principles authenticating users trusting devices Chinese counterfeit chips causing military hardware crashes […] Component failure reports from defense contractors worldwide, including Boeing, Raytheon, BAE, Northrop Grumman, and Lockheed […] and investigations have turned up a significant number of counterfeit parts, sometimes installed in mission- critical systems. People Things

3 Side-channel leakage Even if the software and hardware function correctly… electromagneticacoustic probing microarchitecture optical power

4 Talking about… policies and algorithms authenticating users trusting devices People Things Principles

5 The challenge Create general techniques to ensure integrity and confidentiality in computation done by components and parties that are untrustworthy, faulty, leaky & malicious. The approach: modern cryptography

6 Integrity of computation: SNARKs (Succint Noninteractive Arguments of Knowledge) v=DB[x]; w=func(v,y); return z; x z proof Current prototype: The correct execution of arbitrary C programs can be verified in 5 milliseconds using 230-byte proofs. Current prototype: The correct execution of arbitrary C programs can be verified in 5 milliseconds using 230-byte proofs. Verify DB,y

7 Integrity via Proof-Carrying Data m1m1 m2m2 m5m5 m6m6 Diverse network, containing untrustworthy parties and unreliable components. Impractical to verify internals of each node, so give up. Enforce only correctness of the messages and ultimate results. m3m3 m4m4 m7m7 m out 

8 Integrity via Proof-Carrying Data (cont.) m11m11 m22m22 m44m44 m55m55 m66m66 m77m77 m out  out m33m33 Every message is augmented with a proof attesting to its compliance” with a prescribed policy. Compliance can express any property that can be verified by locally checking every node. Proofs can be verified efficiently and retroactively.

9 Proof-Carrying Data Integrity for distributed computation Implementation underway. Seeking practical impact.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.