UW Comp Sci Header
Useful InformationUW CS PeopleUW CS Graduate ProgramUW CS Undergraduate ProgramResearch at UW CSUseful Resources

Computer Security and Cryptography
Reading Group
March 2003 List

Date &
Location
Reading
5 March 2003
1304 CS
2:30 - 3:30 PM

Andrei Sabelfeld, Andrew C. Myers
Cornell

Language-Based Information-Flow Security

URL: http://www.cs.cornell.edu/andru/papers/jsac/sm-jsac03.ps

Current standard security practices do not provide substantial assurance that the end-to-end behavior of a computing system satisfies important security policies such as confidentiality. An end-to-end confidentiality policy might assert that secret input data cannot be inferred by an attacker through the attacker's observations of system output; this policy regulates information flow.

Conventional security mechanisms such as access control and encryption do not directly address the enforcement of information-flow policies. Recently, a promising new approach has been developed: the use of programming-language techniques for specifying and enforcing information-flow policies. In this article we survey the past three decades of research on information-flow security, particularly focusing on work that uses static program analysis to enforce information-flow policies. We give a structured view of recent work in the area and identify some important open challenges.

26 March 2003
1304 CS
2:30 - 3:30 PM

D. Boneh, D. Brumley
Stanford

Remote timing attacks are practical

URL: http://crypto.stanford.edu/~dabo/abstracts/ssl-timing.html

Timing attacks are usually used to attack weak computing devices such as smartcards. We show that timing attacks apply to general software systems. Specifically, we devise a timing attack against OpenSSL. Our experiments show that we can extract private keys from an OpenSSL-based web server running on a machine in the local network. Our results demonstrate that timing attacks against network servers are practical and therefore all security systems should defend against them.


< Back to the Sec & Crypto reading group page

Computer Sciences Department, University of Wisconsin - Madison
5355a Computer Sciences and Statistics | 1210 West Dayton Street, Madison, WI 53706
cs@cs.wisc.edu / voice: 608-262-1204 / fax: 608-262-9777