What is the goal of this system?
Probably prevent piracy, support other forms of "trusted" computing
Works in new security model: Owner of computer might be the bad guy
So want to control how people use their hardware
Beyond that, the exact security
[describe simple model in which principal signs every message.]
E.g. every file server RPC.
Very slow: Taos took 1/4 second to RSA sign.
What if I ssh into a second machine.
It needs to make authentic file server RPCs too.
Does it send messa
Prudent Engineering Practice
* Abadi's principles
Every message should say what it means
Conditions for message acceptance should be clearly layed out
Mention principal's names in messages
Be clear about why
Goal: You want to send an untraceable message
mix-nets [Chaum]: Use a trusted "mix" server
Idea: Pad/break up all messages into fixed-size blocks
Mix process messages in batches, so can't match inputs and outputs
Server has public key K1, recip
To keep things simple, the session-key establishment protocol we will consider
assumes the presence of a Plublic-Key Infrastructure. What we mean by this is that,
before starting the execution of the protocol, both par
Your Encryption/Decryption Utility will consist of three
programs: edu_keygen, edu_encrypt and edu_decrypt.
% ls ~class/src/lab1/
Once you have implemented the ne
Brief Review of Jif's Label
Recall that, in Jif, there are two kinds of labels: privacy labels and
integrity labels. In both cases, a label consists of an open curly
bracket 'cfw_', followed by a (possibly list) of policies (separated by a
We saw with SFI that software protection makes boundary crossings a lot
Java, as a safe language, also makes boundary crossings cheaper
In Fig. 1, evidence suggests mobile code naturally crosses boundaries a lot
What is the differe
Information Flow Control
What is the goal of this paper?
- Controlling information flow
- Very different environment from military/orange book setting
What is the security model for this work?
- Code is written in a new laguage, Jif
- You have a trusted
Why cryptosystems fail
How does the ATM PIN security system work?
Bank encrypts account number with 'PIN key'
Decimalized encrypted account number produces 'Natural PIN'
Actual PIN is stored as offset from natural PIN
How are keys distribute
First Internet work, Morris worm Nov '88
Brought many machines to a standstill
Long history since then, but CodeRed takes the cake w. "$2.6B" damage
Background: Microsoft IIS contained buffer overflow vulnerability
Announced June 18, 2001
Byzantine Fault Tolerance
Goal of paper: Deal with compromise through replication
Use state machine replication. what's this?
Assume all replicas start in the same state
Every operation deterministically modifies state
If all replicas agree on operation
Bugs as Deviant Behavior
Background for today's paper: Metal language
Allows you to load arbitrary code into the compiler
Can be used to check correctness rules
E.g., free (ent); . return ent; -> compiler reports using ent after
Metal basically all