Concept

Hacker (sécurité informatique)

Publications associées (40)

Enhancing Bitcoin Security and Performance with Strong Consistency via Collective Signing

Bryan Alexander Ford, Linus Gasser, Philipp Svetolik Jovanovic, Nicolas Gailly, Ismail Khoffi

While showing great promise, Bitcoin requires users to wait tens of minutes for transactions to commit, and even then, offering only probabilistic guarantees. This paper introduces ByzCoin, a novel Byzantine consensus protocol that leverages scalable colle ...

Usenix Assoc2016

High System-Code Security with Low Overhead

George Candea, Johannes Kinder, Volodymyr Kuznetsov, Jonas Benedict Wagner

Security vulnerabilities plague modern systems because writing secure systems code is hard. Promising approaches can retrofit security automatically via runtime checks that implement the desired security policy; these checks guard critical operations, like ...

2015

Deterministically Deterring Timing Attacks in Deterland

Bryan Alexander Ford

The massive parallelism and resource sharing embodying today’s cloud business model not only exacerbate the security challenge of timing channels, but also undermine the viability of defenses based on resource partitioning. We propose hypervisor-enforced t ...

Association for Computing Machinery2015

Automatic Application of Power Analysis Countermeasures

Paolo Ienne, Francesco Regazzoni, Philip Brisk, David Novo Bruna, Ali Galip Bayrak

We introduce a compiler that automatically inserts software countermeasures to protect cryptographic algorithms against power-based side-channel attacks. The compiler first estimates which instruction instances leak the most information through side-channe ...

Institute of Electrical and Electronics Engineers2015

Scrambling-based tool for secure protection of JPEG images

Touradj Ebrahimi

JPEG scrambling tool is a flexible web-based tool with an intuitive and simple to use GUI and interface to secure visual information in a region of interest (ROI) of JPEG images. The tool demonstrates an efficient integration and use of security tools in J ...

2014

Finding Trojan Message Vulnerabilities in Distributed Systems

Rachid Guerraoui, George Candea, Radu Banabic

Trojan messages are messages that seem correct to the receiver but cannot be generated by any correct sender. Such messages constitute major vulnerability points of a distributed system---they constitute ideal targets for a malicious actor and facilitate f ...

ACM2014

Automated Side-Channel Vulnerability Discovery and Hardening

Ali Galip Bayrak

In traditional cryptography, an attacker tries to infer a mathematical relationship between the inputs and outputs of a cryptosystem to recover secret information. With the advances in the theoretical basis of the cryptographic algorithms, this task became ...

EPFL2014

Security Vulnerabilities of the Cisco IOS Implementation of the MPLS Transport Profile

Jean-Yves Le Boudec, Sergio Barreto Andrade, Teklemariam Tsegay Tesfay, Udaya Upul Kumara Jayasinghe, Miroslav Popovic

We are interested in the security of the MPLS Transport Profile (MPLS-TP), in the context of smart-grid communication networks. The security guidelines of the MPLS-TP standards are written in a complex and indirect way, which led us to pose as hypothesis t ...

2014

Location leakage in distance bounding: Why location privacy does not work

Serge Vaudenay, Aikaterini Mitrokotsa

In many cases, we can only have access to a service by proving we are sufficiently close to a particular location (e.g. in automobile or building access control). In these cases, proximity can be guaranteed through signal attenuation. However, by using add ...

Elsevier2014

Fine-grained disclosure control for app ecosystems

Christoph Koch

The modern computing landscape contains an increasing number of app ecosystems, where users store personal data on platforms such as Facebook or smartphones. APIs enable third-party applications (apps) to utilize that data. A key concern associated with ap ...

ACM Press2013

Graph Chatbot

Chattez avec Graph Search

Posez n’importe quelle question sur les cours, conférences, exercices, recherches, actualités, etc. de l’EPFL ou essayez les exemples de questions ci-dessous.

AVERTISSEMENT : Le chatbot Graph n'est pas programmé pour fournir des réponses explicites ou catégoriques à vos questions. Il transforme plutôt vos questions en demandes API qui sont distribuées aux différents services informatiques officiellement administrés par l'EPFL. Son but est uniquement de collecter et de recommander des références pertinentes à des contenus que vous pouvez explorer pour vous aider à répondre à vos questions.

Connectez-vous pour utiliser Chat avec Graph Search