J.I. den Hartog scite author profile

In this paper we introduce a new framework for controlling compliance to discretionary access control policies [Cederquist et al. in work. We derive an important tractability result (a cutelimination theorem), and we use this result to implement a proof-finder, a key component in this framework. We argue that in a number of settings, such as collaborative work environments, where a small group of users create and manage document in a decentralized way, our framework is a more flexible approach for controlling the compliance to policies.

show abstract

An Audit Logic for Accountability

Cederquist

Conn

Dekker

et al.

View full text Add to dashboard Cite

We describe a policy language and implement its associated proof checking system. In our system, agents can distribute data along with usage policies in a decentralized architecture. Our language supports the specification of conditions and obligations, and also the possibility to refine policies. In our framework, the compliance with usage policies is not actively enforced. However, agents are accountable for their actions, and may be audited by an authority requiring justifications.

show abstract

Verifying Probabilistic Programs Using a Hoare like Logic

Hartog¹

1999

View full text Add to dashboard Cite

A Logic for Auditing Accountability in Decentralized Systems

Corin

Etalle

Hartog

et al. 2005

View full text Add to dashboard Cite

We propose a language that allows agents to distribute data with usage policies in a decentralized architecture. In our framework, the compliance with usage policies is not enforced. However, agents may be audited by an authority at an arbitrary moment in time. We design a logic that allows audited agents to prove their actions, and to prove their authorization to posses particular data. Accountability is defined in several flavors, including agent accountability and data accountability. Finally, we show the soundness of the logic.

show abstract

You Cannot Hide behind the Mask: Power Analysis on a Provably Secure S-Box Implementation

Pan

Hartog

2009

View full text Add to dashboard Cite

Abstract.Power analysis has shown to be successful in breaking symmetric cryptographic algorithms implemented on low resource devices. Prompted by the breaking of many protected implementations in practice, researchers saw the need of validating security of implementations with formal methods. Three generic S-box implementation methods have been proposed by Prouff el al., together with formal proofs of their security against 1st or 2nd-order side-channel analysis. These methods use a similar combination of masking and hiding countermeasures. In this paper, we show that although proven resistant to standard power analysis, these implementation methods are vulnerable to a more sophisticated form of power analysis that combines Differential Power Analysis (DPA) and pattern matching techniques. This new form of power analysis is possible under the same assumptions about power leakage as standard DPA attacks and the added complexity is limited: our experiments show that 900 traces are sufficient to break these algorithms on a device where 150 traces are typically needed for standard DPA. We conclude that the defense strategies-hiding by repeating operations for each possible value, and masking and hiding using the same random number-can create new vulnerabilities.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

J.I. den Hartog

Audit-based compliance control

An Audit Logic for Accountability

Verifying Probabilistic Programs Using a Hoare like Logic

A Logic for Auditing Accountability in Decentralized Systems

You Cannot Hide behind the Mask: Power Analysis on a Provably Secure S-Box Implementation

Contact Info

Product

Resources

About