Abstract When data maintained in a decentralized fashion needs to be synchronized or exchanged between different databases, related data sets usually get associated with a unique identifier. While this approach facilitates cross-domain data exchange, it also comes with inherent drawbacks in terms of controllability. As data records can easily be linked, no central authority can
Abstract Different methods have been proposed to mine attribute-based access control (ABAC) rules from logs. However, in many scenarios these methods mine and validate overly permissive rules. We define a novel measure, reliability, that improves upon other standard measures like accuracy and entropy in quantifying how overly permissive a rule is. We build upon subgroup
Abstract Security architectures such as Intel SGX need protection against rollback attacks, where the adversary violates the integrity of a protected application state by replaying old persistently stored data or by starting multiple instances of the same application. Successful rollback attacks would have serious consequences on applications such as financial services. In this paper, we
Abstract The Trusted Platform Module (TPM) is an international standard for a security chip that can be used for instance of the management of cryptographic keys and for remote attestation. The specification of the most recent TPM 2.0 interfaces for direct anonymous attestation unfortunately has a number of severe shortcomings. First of all, they do
Abstract: In recent years, encrypted databases have emerged as a promising direction that provides data confidentiality without sacrificing functionality: queries are executed on encrypted data. However, existing practical proposals rely on a set of weak encryption schemes that have been shown to leak sensitive data. In this talk, I will present a new system Arx,
Abstract: Micropayments are payments that are worth a few pennies. A challenge in achieving them is that payment networks charge fees that are high compared to “micro” sums of money. Wheeler (1996) and Rivest (1997) proposed probabilistic payments as a technique to achieve micropayments: a merchant receives a macro-value payment with a given probability so
Abstract Telephones remain a trusted platform for bootstrapping and conducting some of our most sensitive exchanges. From banking to taxes, wide swathes of industry and government rely on telephony as a secure fall-back when attempting to confirm the veracity of a transaction. In spite of this, authentication is poorly managed between disparate telephony systems, and
Abstract In an ideal Internet, every packet would be attributable to its sender, while host identities and transmitted content would remain private. Designing such a network is challenging be- cause source accountability and communication privacy are typically viewed as conflicting properties. In this paper, we propose an architecture that guarantees source accountability and privacy-preserving communication
Abstract In this talk, I will present a stepwise refinement framework for developing security protocols that are secure-by-construction. It is based on our previously proposed refinement strategy, which transforms abstract security goals into protocols that are secure when operating over an insecure channel controlled by a Dolev-Yao-style adversary. As intermediate levels of abstraction, we employ
Abstract Consensus algorithms are fundamental building blocks for fault-tolerant distributed systems and their correctness is critical. However, there are currently no fully-automated methods for their verification. The main difficulty is that the algorithms are parameterized: they should work for any given number of processes. We provide an expressive language for consensus algorithms and give cutoff