Computer Security and Cryptography Reading Group
April 2005 List

G. Wurster

P.C. van Oorschot

A. Somayaji

URL: http://www.scs.carleton.ca/~paulv/papers/tamper.25feb05.pdf

Self-checking software tamper resistance mechanisms employing checksums, including advanced systems as recently proposed by Chang and Atallah (2002) and Horne et al. (2002), have been promoted as an alternative to other software integrity verification techniques. Appealing aspects include the promise of being able to verify the integrity of software independent of the external support environment, as well as the ability to automatically integrate checksumming code during program compilation or linking. In this paper, we show that the rich functionality of many modern processors, including UltraSparc and x86-compatible processors, facilitates automated attacks which defeat such checksumming by self-checking programs.

URL: http://portal.acm.org/citation.cfm?id=986661

The ability to analyze and modify binaries is often very useful from a security viewpoint. Security operations one would like to perform on binaries include the ability to extract models of program behavior and insert inline reference monitors. Unfortunately, the existing manner in which binary code is packaged prevents even the simplest of analyses, such as distinguishing code from data, from succeeding 100 percent of the time. In this paper, we propose SELF, a security-enhanced ELF (Executable and Linking Format), which is simply ELF with an extra section added. The extra section contains information about (among other things) the address, size, and alignment requirements of each code and static data item in the program. This information is somewhat similar to traditional debugging information, but contains additional information specifically needed for binary analysis that debugging information lacks. It is also smaller, compatible with optimization, and less likely to facilitate reverse engineering, which we believe makes it practical for use with commercial software products. SELF approach has three key benefits. First, the information for the extra section is easy for compilers to provide, so little work is required on behalf of compiler vendors. Second, the extra section is ignored by default, so SELF binaries will run perfectly on all systems, including ones not interested in leveraging the extra information. Third, the extra section provides sufficient information to perform many security-related operations on the binary code. We believe SELF to be a practical approach, allowing many security analyses to be performed while not requiring major changes to the existing compiler infrastructure. An application example of the utility of SELF to perform address obfuscation (in which the addresses of all code and data items are randomized to defeat memory-error exploits) is presented.

A. Perrig

M.K. Reiter

URL: http://sparrow.ece.cmu.edu/~adrian/projects/sib.pdf

Current mechanisms for authenticating communication between devices that share no prior context are inconvenient for ordinary users, without the assistance of a trusted authority. We present and analyze Seeing-Is-Believing, a system that utilizes 2D barcodes and cameraphones to implement a visual channel for authentication and demonstrative identification of devices. We apply this visual channel to several problems in computer security, including authenticated key exchange between devices that share no prior context, establishment of a trusted path for configuration of a TCG-compliant computing platform, and secure device configuration in the context of a smart home.

U. Maurer

URL: http://ieeexplore.ieee.org/xpl/abs_free.jsp?arNumber=1299168

Digital evidence, such as digital signatures, is of crucial importance in the emerging digitally operating economy because it is easy to transmit, archive, search, and verify. Nevertheless, the initial promise of the usefulness of digital signatures was too optimistic. This calls for a systematic treatment of digital evidence. The paper provides a foundation for reasoning about digital evidence systems and legislation, thereby identifying the roles and limitations of digital evidence, in the apparently simple scenario where it should prove that an entity, A, agreed to a digital contract, d. Our approach is in sharp contrast to the current general views documented in the technical literature and in digital signature legislation. We propose an entirely new view of the concepts of certification, time stamping, revocation, and other trusted services, potentially leading to new, sounder business models for trusted services. Some of the, perhaps provocative, implications of our view are that certificates are generally irrelevant as evidence in a dispute, that it is generally irrelevant when a signature was generated, that a commitment to be liable for digital evidence cannot meaningfully be revoked, and that there is no need for mutually trusted authorities like certification authorities. We also propose a new type of digital evidence called digital declarations, based on a digital recording of a willful act indicating agreement to a document or contract.