Know Your Enemy

Basin, David; Cremers, Cas

doi:10.1145/2658996

Cited by 25 publications

(4 citation statements)

References 50 publications

(92 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The justification is that practical scenarios exist in which one, but not the other, might be compromised. (Further discussion can be found in [1]. )…”

Section: Background On Ake Security Modelsmentioning

confidence: 98%

On Post-compromise Security

Cohn-Gordon

Cremers

Garratt

2016

2016 IEEE 29th Computer Security Foundations Symposium (CSF)

Self Cite

101

View full text Add to dashboard Cite

In this work we study communication with a party whose secrets have already been compromised. At first sight, it may seem impossible to provide any type of security in this scenario. However, under some conditions, practically relevant guarantees can still be achieved. We call such guarantees "postcompromise security".We provide the first informal and formal definitions for post-compromise security, and show that it can be achieved in several scenarios. At a technical level, we instantiate our informal definitions in the setting of authenticated key exchange (AKE) protocols, and develop two new strong security models for two different threat models. We show that both of these security models can be satisfied, by proposing two concrete protocol constructions and proving they are secure in the models. Our work leads to crucial insights on how postcompromise security can (and cannot) be achieved, paving the way for applications in other domains.

show abstract

“…The justification is that practical scenarios exist in which one, but not the other, might be compromised. (Further discussion can be found in [1]. )…”

Section: Background On Ake Security Modelsmentioning

confidence: 98%

On Post-compromise Security

Cohn-Gordon

Cremers

Garratt

2016

2016 IEEE 29th Computer Security Foundations Symposium (CSF)

Self Cite

101

View full text Add to dashboard Cite

show abstract

“…We adopt the methodology from [5] with some adaptations to our protocol. An adversary model, as defined in [5], is a combination of adversarial compromise.…”

Section: A Adversary Modelmentioning

confidence: 99%

“…We adopt the methodology from [5] with some adaptations to our protocol. An adversary model, as defined in [5], is a combination of adversarial compromise. To outline our model, we consider four dimensions of adversarial compromise: which kind of data is compromised, whose data it is, when the compromise occurs and which type of compromise it is.…”

Section: A Adversary Modelmentioning

confidence: 99%

A Unified Symbolic Analysis of WireGuard

Ruhault,

Lafourcade,

Mahmoud

2024

Proceedings 2024 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

“…Attacker Models for Dynamic Compromise. While our model of dynamic compromise is specific to secure compilation of unsafe languages, related notions of compromise have been studied in the setting of cryptographic protocols, where, for instance, a participant's secret keys could inadvertently be leaked to a malicious adversary, who could then use them to impersonate the victim [16,17,28,32]. This model is also similar to Byzantine behavior in distributed systems [19,53], in which the "Byzantine failure" of a node can cause it to start behaving in an arbitrary way, including generating arbitrary data, sending conflicting information to different parts of the system, and pretending to be a correct node.…”

Section: Related Workmentioning

confidence: 99%

When Good Components Go Bad

Abate

Amorim

Blanco

et al. 2018

Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security

View full text Add to dashboard Cite

We propose a new formal criterion for evaluating secure compilation schemes for unsafe languages, expressing end-to-end security guarantees for software components that may become compromised after encountering undefined behavior-for example, by accessing an array out of bounds. Our criterion is the first to model dynamic compromise in a system of mutually distrustful components with clearly specified privileges. It articulates how each component should be protected from all the others-in particular, from components that have encountered undefined behavior and become compromised. Each component receives secure compilation guarantees-in particular, its internal invariants are protected from compromised componentsup to the point when this component itself becomes compromised, after which we assume an attacker can take complete control and use this component's privileges to attack other components. More precisely, a secure compilation chain must ensure that a dynamically compromised component cannot break the safety properties of the system at the target level any more than an arbitrary attackercontrolled component (with the same interface and privileges, but without undefined behaviors) already could at the source level. To illustrate the model, we construct a secure compilation chain for a small unsafe language with buffers, procedures, and components, targeting a simple abstract machine with built-in compartmentalization. We give a careful proof (mostly machine-checked in Coq) that this compiler satisfies our secure compilation criterion. Finally, we show that the protection guarantees offered by the compartmentalized abstract machine can be achieved at the machine-code level using either software fault isolation or a tagbased reference monitor.

show abstract

Know Your Enemy

Cited by 25 publications

References 50 publications

On Post-compromise Security

On Post-compromise Security

A Unified Symbolic Analysis of WireGuard

When Good Components Go Bad

Contact Info

Product

Resources

About