Linked e-resources
Details
Table of Contents
Intro
Preface
Organization
Keynotes
Algorithms and the Law
The Politics and Technology of (Hardware) Trojans
Increasing Trust in ML Through Governance
The Science of Computer Science: An Offensive Research Perspective
Contents
Part I
Contents
Part II
Network Security
More Efficient Post-quantum KEMTLS with Pre-distributed Public Keys
1 Introduction
1.1 Pre-distributed Keys
2 Preliminaries
3 KEMTLS with Pre-distributed Long-Term Keys
3.1 Proactive Client Authentication
4 Security Analysis
5 Instantiation and Evaluation
5.1 Choice of Primitives
5.2 Implementation
5.3 Handshake Sizes
5.4 Handshake Times
6 Discussion
A KEMTLS
References
How to (Legally) Keep Secrets from Mobile Operators
1 Introduction
1.1 Our Contributions
1.2 Related Work
2 Preliminaries
3 LIKE Protocols
4 Security Model
5 Our Protocol
6 Security
7 Proof-of-Concept Implementation
8 Conclusion
A Model Complements
B Proof Sketches
References
A Formal Security Analysis of Session Resumption Across Hostnames
1 Introduction
2 Preliminaries
2.1 Building Blocks
2.2 Multi-Stage Key Exchange
3 Breaking the Security of Session Resumption Across Hostnames in TLS 1.3
3.1 Modeling TLS 1.3 Session Resumption as an MSKE Protocol
3.2 The Attack
4 Secure SRAH Protocols
4.1 Constructing Secure SRAH Protocols
References
Attacks
Caught in the Web: DoS Vulnerabilities in Parsers for Structured Data
1 Introduction
2 Motivation
3 Characteristics of the Vulnerability
3.1 Topologies
3.2 Traversals
3.3 Triggers
4 Modelling the Analysis
4.1 Preliminaries
4.2 Analysis Specification
5 Experimental Setup and Evaluation
5.1 Approach
5.2 Implementation
5.3 Libraries for Analysis
5.4 Triggers or Entry Points
5.5 Evaluation
6 Results and Discussion
6.1 PDF Vulnerabilities
6.2 Scalable Vector Graphics (SVG) Vulnerability
6.3 YAML Vulnerability
6.4 Newly Discovered Security Vulnerabilities
6.5 Threats to Validity
7 Related Work
7.1 Detecting Algorithmic Complexity Vulnerabilities
7.2 Traversals/Performance Bugs
8 Conclusion
References
PoW-How: An Enduring Timing Side-Channel to Evade Online Malware Sandboxes
1 Introduction
2 Background
2.1 Malware and Malware Analysis
2.2 PoW for Malware Analysis Evasion
2.3 Side-Channel Measurement
3 Our Approach: PoW-How
3.1 Threat Model
3.2 System Design
3.3 Performance Profiling
3.4 Threshold Estimation
3.5 Malware Integration and Testing
4 Evaluation
4.1 Threshold Estimation and PoW Algorithm Choice
4.2 Case Study: Known Malware
4.3 Case Study: Fresh Malware Sample
5 Security Analysis
6 Countermeasures
7 Discussion
7.1 Ethical Considerations
7.2 Bare-Metal Environments
7.3 Economical Denial of Sustainability
8 Related Work
Preface
Organization
Keynotes
Algorithms and the Law
The Politics and Technology of (Hardware) Trojans
Increasing Trust in ML Through Governance
The Science of Computer Science: An Offensive Research Perspective
Contents
Part I
Contents
Part II
Network Security
More Efficient Post-quantum KEMTLS with Pre-distributed Public Keys
1 Introduction
1.1 Pre-distributed Keys
2 Preliminaries
3 KEMTLS with Pre-distributed Long-Term Keys
3.1 Proactive Client Authentication
4 Security Analysis
5 Instantiation and Evaluation
5.1 Choice of Primitives
5.2 Implementation
5.3 Handshake Sizes
5.4 Handshake Times
6 Discussion
A KEMTLS
References
How to (Legally) Keep Secrets from Mobile Operators
1 Introduction
1.1 Our Contributions
1.2 Related Work
2 Preliminaries
3 LIKE Protocols
4 Security Model
5 Our Protocol
6 Security
7 Proof-of-Concept Implementation
8 Conclusion
A Model Complements
B Proof Sketches
References
A Formal Security Analysis of Session Resumption Across Hostnames
1 Introduction
2 Preliminaries
2.1 Building Blocks
2.2 Multi-Stage Key Exchange
3 Breaking the Security of Session Resumption Across Hostnames in TLS 1.3
3.1 Modeling TLS 1.3 Session Resumption as an MSKE Protocol
3.2 The Attack
4 Secure SRAH Protocols
4.1 Constructing Secure SRAH Protocols
References
Attacks
Caught in the Web: DoS Vulnerabilities in Parsers for Structured Data
1 Introduction
2 Motivation
3 Characteristics of the Vulnerability
3.1 Topologies
3.2 Traversals
3.3 Triggers
4 Modelling the Analysis
4.1 Preliminaries
4.2 Analysis Specification
5 Experimental Setup and Evaluation
5.1 Approach
5.2 Implementation
5.3 Libraries for Analysis
5.4 Triggers or Entry Points
5.5 Evaluation
6 Results and Discussion
6.1 PDF Vulnerabilities
6.2 Scalable Vector Graphics (SVG) Vulnerability
6.3 YAML Vulnerability
6.4 Newly Discovered Security Vulnerabilities
6.5 Threats to Validity
7 Related Work
7.1 Detecting Algorithmic Complexity Vulnerabilities
7.2 Traversals/Performance Bugs
8 Conclusion
References
PoW-How: An Enduring Timing Side-Channel to Evade Online Malware Sandboxes
1 Introduction
2 Background
2.1 Malware and Malware Analysis
2.2 PoW for Malware Analysis Evasion
2.3 Side-Channel Measurement
3 Our Approach: PoW-How
3.1 Threat Model
3.2 System Design
3.3 Performance Profiling
3.4 Threshold Estimation
3.5 Malware Integration and Testing
4 Evaluation
4.1 Threshold Estimation and PoW Algorithm Choice
4.2 Case Study: Known Malware
4.3 Case Study: Fresh Malware Sample
5 Security Analysis
6 Countermeasures
7 Discussion
7.1 Ethical Considerations
7.2 Bare-Metal Environments
7.3 Economical Denial of Sustainability
8 Related Work