Search

Your search keyword '"Hovav Shacham"' showing total 166 results
Start Over Author "Hovav Shacham"
166 results on '"Hovav Shacham"'

85. Advances in Cryptology – CRYPTO 2018 : 38th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 19–23, 2018, Proceedings, Part I

Author

Hovav Shacham, Alexandra Boldyreva, Hovav Shacham, and Alexandra Boldyreva

Subjects
Cryptography, Data encryption (Computer science), Coding theory, Information theory, Computer science—Mathematics, Mathematical statistics, Software engineering
Abstract

The three volume-set, LNCS 10991, LNCS 10992, and LNCS 10993, constitutes the refereed proceedings of the 38th Annual International Cryptology Conference, CRYPTO 2018, held in Santa Barbara, CA, USA, in August 2018. The 79 revised full papers presented were carefully reviewed and selected from 351 submissions. The papers are organized in the following topical sections: secure messaging; implementations and physical attacks prevention; authenticated and format-preserving encryption; cryptoanalysis; searchable encryption and differential privacy; secret sharing; encryption; symmetric cryptography; proofs of work and proofs of stake; proof tools; key exchange; symmetric cryptoanalysis; hashes and random oracles; trapdoor functions; round optimal MPC; foundations; lattices; lattice-based ZK; efficient MPC; quantum cryptography; MPC; garbling; information-theoretic MPC; oblivious transfer; non-malleable codes; zero knowledge; and obfuscation.

Published
2018

86. HIPStR

Author

Hovav Shacham, Dean M. Tullsen, Sriskanda Shamasunder, and Ashish Venkat

Subjects
010302 applied physics, Computer science, Code reuse, General Medicine, 02 engineering and technology, Computer Graphics and Computer-Aided Design, 01 natural sciences, 020202 computer hardware & architecture, Instruction set, Computer architecture, 0103 physical sciences, 0202 electrical engineering, electronic engineering, information engineering, General Earth and Planetary Sciences, State (computer science), Relocation, Return-oriented programming, Software, General Environmental Science
Abstract

Heterogeneous Chip Multiprocessors have been shown to provide significant performance and energy efficiency gains over homogeneous designs. Recent research has expanded the dimensions of heterogeneity to include diverse Instruction Set Architectures, called Heterogeneous-ISA Chip Multiprocessors. This work leverages such an architecture to realize substantial new security benefits, and in particular, to thwart Return-Oriented Programming. This paper proposes a novel security defense called HIPStR -- Heterogeneous-ISA Program State Relocation -- that performs dynamic randomization of run-time program state, both within and across ISAs. This technique outperforms the state-of-the-art just-in-time code reuse (JIT-ROP) defense by an average of 15.6%, while simultaneously providing greater security guarantees against classic return-into-libc, ROP, JOP, brute force, JIT-ROP, and several evasive variants.

Published
2016
Full Text
View/download PDF

89. Advances in Cryptology – CRYPTO 2017 : 37th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 20–24, 2017, Proceedings, Part III

Author

Jonathan Katz, Hovav Shacham, Jonathan Katz, and Hovav Shacham

Subjects
Cryptography, Data encryption (Computer science), Computer networks, Data protection, Coding theory, Information theory, Computers and civilization, Software engineering
Abstract

The three volume-set, LNCS 10401, LNCS 10402, and LNCS 10403, constitutes the refereed proceedings of the 37th Annual International Cryptology Conference, CRYPTO 2017, held in Santa Barbara, CA, USA, in August 2017.The 72 revised full papers presented were carefully reviewed and selected from 311 submissions. The papers are organized in the following topical sections: functional encryption; foundations; two-party computation; bitcoin; multiparty computation; award papers; obfuscation; conditional disclosure of secrets; OT and ORAM; quantum; hash functions; lattices; signatures; block ciphers; authenticated encryption; public-key encryption, stream ciphers, lattice crypto; leakage and subversion; symmetric-key crypto, and real-world crypto.

Published
2017

92. Iago attacks

Author

Hovav Shacham and Stephen Checkoway

Subjects
Software_OPERATINGSYSTEMS, biology, Interface (Java), Computer science, Iago, Process (computing), General Medicine, biology.organism_classification, computer.software_genre, Computer security, Computer Graphics and Computer-Aided Design, Mount, System call, Kernel (statistics), Operating system, Code (cryptography), State (computer science), computer, Software, Integer (computer science)
Abstract

In recent years, researchers have proposed systems for running trusted code on an untrusted operating system. Protection mechanisms deployed by such systems keep a malicious kernel from directly manipulating a trusted application's state. Under such systems, the application and kernel are, conceptually, peers, and the system call API defines an RPC interface between them. We introduce Iago attacks , attacks that a malicious kernel can mount in this model. We show how a carefully chosen sequence of integer return values to Linux system calls can lead a supposedly protected process to act against its interests, and even to undertake arbitrary computation at the malicious kernel's behest. Iago attacks are evidence that protecting applications from malicious kernels is more difficult than previously realized.

Published
2013
Full Text
View/download PDF

93. Too LeJIT to Quit: Extending JIT Spraying to ARM

Author

Hovav Shacham, Stefan Savage, and Wilson Lian

Subjects
ARM architecture, Just-in-time compilation, Exploit, Computer science, JIT spraying, Code reuse, Code injection, Compiler, Executable, computer.file_format, Computer security, computer.software_genre, computer
Abstract

In the face of widespread DEP and ASLR deploy- ment, JIT spraying brings together the best of code injection and code reuse attacks to defeat both defenses. However, to date, JIT spraying has been an x86-only attack thanks to its reliance on variable-length, unaligned instructions. In this paper, we finally extend JIT spraying to a RISC architecture by introducing a novel technique called gadget chaining, whereby high level code invokes short sequences of unintended and intended instructions called gadgets just like a function call. We demonstrate gadget chaining in an end-to-end JIT spraying attack against WebKit's JavaScriptCore JS engine on ARM and found that existing JIT spray mitigations that were sufficient against the x86 version of the JIT spraying attack fall short in the face of gadget chaining. I. INTRODUCTION It is no secret that programs are replete with bugs. Some of these bugs allow an attacker to subvert control of the program counter and divert execution away from its intended path; these are called control flow vulnerabilities. Unfortunately for a would-be attacker, a control flow vulnerability is not enough to execute arbitrary code on a remote machine. Defense mechanisms such as DEP and ASLR prevent attackers from writing code into a process's address space and decrease the likelihood that triggering a control flow vulnerability will cause an attacker's target code to execute. JIT spraying is an attack which defeats both DEP and ASLR by enabling an attacker to predictably influence large swaths of the victim process's executable memory. The attack exploits Just-in-Time compilers built into many recent lan- guage runtimes for the purpose of speeding up the performance of frequently-executed code, but it has only been demonstrated for the x86 architecture. More and more handheld devices, which are predominantly powered by ARM processors, are connecting to the Internet and running web browsers, making themselves candidates for remote exploitation. Since most modern web browsers implement a JavaScript runtime environ- ment with a fully-functioning JIT compiler, JIT spraying is a fantastic vector for attacking a browser. However, JIT spraying has historically been limited to the x86 architecture. In this paper, we challenge this trend and show that JIT spraying is indeed a viable attack against ARM.

Published
2015
Full Text
View/download PDF

94. Risk-limiting Audits and the Margin of Victory in Nonplurality Elections

Author

Hovav Shacham, Stephen Checkoway, and Anand D. Sarwate

Subjects
Actuarial science, genetic structures, health care facilities, manpower, and services, media_common.quotation_subject, Borda count, Range voting, Victory, Audit, Outcome (game theory), Margin (machine learning), Order (exchange), health services administration, Voting, Economics, health care economics and organizations, media_common
Abstract

Post-election audits are an important method for verifying the outcome of an election. Recent work on risk-limiting, post-election audits has focused almost exclusively on plurality elections. Several organization and municipalities use nonplurality methods such as range voting, the Borda count, and instant-runoff voting (IRV). We believe that it is crucial to develop effective methods of performing risk-limiting, post-election audits for these methods. We define a general notion of the margin of victory and develop risk-limiting auditing procedures for these nonplurality methods. For scored systems, we show how to adapt methods from plurality auditing. For IRV, the situation is markedly different. We provide a risk-limiting method for auditing the candidate elimination order. We provide a more efficient audit for the elections in which the margin of the IRV election can be efficiently calculated or bounded. We provide efficiently computable upper and lower bounds on the margin and, where possible, compare them to the exact margins for a large number of real elections.

Published
2013
Full Text
View/download PDF

95. Risk-limiting Audits for Nonplurality Elections

Author

Anand D. Sarwate, Stephen Checkoway, and Hovav Shacham

Subjects
Actuarial science, Operations research, media_common.quotation_subject, ComputingMilieux_LEGALASPECTSOFCOMPUTING, Audit, Upper and lower bounds, Outcome (game theory), Software deployment, Order (exchange), Margin (machine learning), Voting, Instant-runoff voting, Business, media_common
Abstract

Many organizations have turned to alternative voting systems such as instant-runoff voting for determining the outcome of single-winner elections. It is our position in this paper that the increasing deployment of such alternative systems necessitate the study and development of risk-limiting audits for these systems. We initiate this study. We examine several commonly used single-winner voting systems and provide risk-limiting auditing procedures for them. In many cases the methods from auditing plurality contests can be applied with minor changes and little loss in efficiency. For instant-runoff voting (IRV), the situation is markedly different. We describe an algorithm for auditing the candidate elimination order using plurality methods which is risk-limiting. Standard risk-limiting methods can be employed if the margin of the election can be efficiently calculated or bounded. We provide efficiently computable upper and lower bounds on the margin and, when known, compare them to the exact margins. Both auditing algorithms are potentially far less efficient than the methods to audit other types of voting systems.

Published
2011
Full Text
View/download PDF

96. Pairing-Based Cryptography – Pairing 2009

Author

Hovav Shacham and Brent Waters

Subjects
Pairing-based cryptography, Neural cryptography, Theoretical computer science, Computer science, Pairing, Averaging argument, Lattice-based cryptography, Data structure, Baby-step giant-step
Published
2009
Full Text
View/download PDF

97. Randomizable Proofs and Delegatable Anonymous Credentials

Author

Anna Lysyanskaya, Melissa Chase, Mira Belenkiy, Markulf Kohlweiss, Jan Camenisch, Hovav Shacham, and Halevi, S

Subjects
Delegate, Proof of knowledge, 020206 networking & telecommunications, 0102 computer and information sciences, 02 engineering and technology, Mathematical proof, Computer security, computer.software_genre, 01 natural sciences, Credential, cosic, 010201 computation theory & mathematics, Digital credential, 0202 electrical engineering, electronic engineering, information engineering, Key (cryptography), ComputingMilieux_COMPUTERSANDSOCIETY, Commitment scheme, Security parameter, computer, Mathematics
Abstract

We construct an efficient delegatable anonymous credentials system. Users can anonymously and unlinkably obtain credentials from any authority, delegate their credentials to other users, and prove possession of a credential L levels away from a given authority. The size of the proof (and time to compute it) is O(Lk), where k is the security parameter. The only other construction of delegatable anonymous credentials (Chase and Lysyanskaya, Crypto 2006) relies on general non-interactive proofs for NP-complete languages of size k ?(2 L ). We revise the entire approach to constructing anonymous credentials and identify randomizable zero-knowledge proof of knowledge systems as the key building block. We formally define the notion of randomizable non-interactive zero-knowledge proofs, and give the first instance of controlled rerandomization of non-interactive zero-knowledge proofs by a third-party. Our construction uses Groth-Sahai proofs (Eurocrypt 2008).

Published
2009

Catalog

Books, media, physical & digital resources
See catalog results