PPT-The “Taint” Leakage Model

Ron Rivest Crypto in the Clouds Workshop MIT Rump Session Talk August 4 2008 Taint Common term in software security Any external input is tainted A computation with a tainted input produces . Paper by: James Newsome and Dawn Song. Network and Distributed Systems Security Symposium (NDSS), Feb 2005.. . CS451 Spring 2011. Instructor: Christos Papadopoulos. Original slides by . Devendra. . Union. History. , state of affairs and challenges for the years to come. Gé . Backus. Amsterdam, November 30, 2011. Contents presentation. Castration. Setting the stage. Castration . practices. in the EU. Ali . Juma. , Charles . Rackoff. , . Yevgeniy. . Vahlis. Side Channels In Cryptography. Classic assumption: Cryptography happens on black box devices. Many ways to obtains security. In reality: side-channel attacks can break security. . Cryptography. Stefan. . Dziembowski. University. . of. . Rome. La Sapienza. Krzysztof. . Pietrzak. CWI Amsterdam. Plan. Motivation and introduction. Our model. Our construction. these slides are available at. About Dynamic . Taint . Analysis & Forward . Symbolic . Execution (. but might have been afraid to ask. ). Edward J. Schwartz, . ThanassisAvgerinos. , David . Brumley. Presented by: . Vaibhav . Rastogi. Data tainting and analysis. Roadmap. Background. TaintDroid. JavaScript. Conclusion. Background. In smartphone, we. . use third-party applications such as . - Google map, Angry bird … . etc. More than 10Billion Apps. Yinzhi Cao. Reference: . http. ://www.cs.tau.ac.il/~. omertrip/pldi09/TAJ.ppt. www.cs.cmu.edu/~. soonhok/talks/20110301.pdf. 2. Motivating Example. *. * Inspired by . Refl1. in. SecuriBench Micro. Taint Flow #1. Suman Jana. Dynamic Taint Analysis. Track information flow through a program at runtime. Identify sources of taint – . “. TaintSeed. ”. What are you tracking?. Untrusted input. Sensitive data. Taint Policy – . by Human nose. Validation of the hot water method. Lene Meinert, ph.d.. DMRI, Center of Meat Quality. lme@dti.dk. Background . Presentation of the hot water method. Validation work. Procedure for test and training of assessors. . Zvika. . Brakerski. . Weizmann Institute. Yael Tauman Kalai. . Microsoft. . Jonathan Katz . University of Maryland. . Vinod. Vaikuntanathan . IBM. . Crypto with . Leakage.  . Yinzhi Cao. Reference: . http. ://www.cs.tau.ac.il/~. omertrip/pldi09/TAJ.ppt. www.cs.cmu.edu/~. soonhok/talks/20110301.pdf. 2. Motivating Example. *. * Inspired by . Refl1. in. SecuriBench Micro. Taint Flow #1. App Sets. Will Klieber*, Lori Flynn, . Amar Bhosale , Limin Jia, and Lujo Bauer . Carnegie Mellon University. *presenting. Motivation. Detect malicious apps that leak sensitive data.. harvested at least once in the previous 20 years (equation 6.10). In the draft protocol, the 40% leakage rate is justified with a reference to the following report: First, Galik explicitly writes that Last update- . 02/03/2016. 1. Test items . Purpose of the test . Issue. Vibration. -The user is supposed to . continue to use the vehicle after the event.. . -In this case, . stringent requirements.