Search Results

You are looking at 1 - 5 of 5 items :

  • "Security and privacy →Systems security" x
Clear All

showhowan informal confiden- tiality requirement can be formalized in the specification language RIFL and how this requirement can be verified in the app store Cassandra using the RSCP security anal- yser. In particular, we demonstrate how Cassandra inte- grates the information-flow analysis by the RSCP security analyser into the installation process of an app from the perspective of a user. Keywords: Information flow control, mobile platform se- curity, security requirements, specification languages, ver- ification. ACM CCS: Security and privacySystems security→ In

Workflows, wie etwa das Vier-Augen-Prinzip, nachzuweisen. Es wird aufgezeigt, dass die vorgestellten Techniken komple- mentär zueinander sind und die gemeinsame Nutzung daher zu einer ganzheitlicheren Betrachtungsweise von Sicherheitsan- forderungen auf der Ebene von Workflows führt. Keywords ACM CCS → Security and privacySystems security → Distributed systems security; ACM CCS → Applied computing → Enterprise computing → Business process management → Business process monitoring Schlagwörter Sicherheit, Geschäftsprozesse, automatisierte Analyse 1 Introduction Over 70

Auswahl von A-Posteriori- Techniken vor, die auf die Analyse und Ableitung von or- ganisatorischen Strukturen einerseits und Zugriffskontrollregeln andererseits abzielen. Der Beitrag schliesst mit einer Diskus- sion der Einsatzszenarien für die verschiedenen A-Posteriori- Techniken. Keywords ACM CCS → Security and privacySystems security → Distributed systems security; ACM CCS → Applied computing → Enterprise computing → Business process management; Business process monitoring Schlagwörter Sicherheit von Software-Systemen, Geschäftsprozessmanagement, Ex-post Analyse

Abstract

The invasive computing paradigm offers applications the possibility to dynamically spread their computation in a multicore/multiprocessor system in a resource-aware way. If applications are assumed to act maliciously, many security problems arise. In this acticle, we discuss different ways to deal with security problems in a resource-aware way. We first formalize the attacker model and the different security requirements that applications may have in multi-core systems. We then survey different hardware and software security mechanisms that can be dynamically configured to guarantee security on demand for invasive applications.

Abstract

With the general availability of closed-source software for various CPU architectures, there is a need to identify security-critical vulnerabilities at the binary level. Unfortunately, existing bug finding methods fall short in that they i) require source code, ii) only work on a single architecture (typically x86), or iii) rely on dynamic analysis, which is difficult for embedded devices. In this paper, we propose a system to derive bug signatures for known bugs. First, we compute semantic hashes for the basic blocks of the binary. When can then use these semantics to find code parts in the binary that behave similarly to the bug signature, effectively revealing code parts that contain the bug. As a result, we can find vulnerabilities, e.g., the famous Heartbleed vulnerabilities, in buggy binary code for any of the supported architectures (currently, ARM, MIPS and x86).