enter search term and/or author name
Consistency analysis of authorization hook placement in the Linux security modules framework
Trent Jaeger, Antony Edwards, Xiaolan Zhang
We present a consistency analysis approach to assist the Linux community in verifying the correctness of authorization hook placement in the Linux Security Modules (LSM) framework. The LSM framework consists of a set of authorization hooks inserted...
Breaking and provably repairing the SSH authenticated encryption scheme: A case study of the Encode-then-Encrypt-and-MAC paradigm
Mihir Bellare, Tadayoshi Kohno, Chanathip Namprempre
The secure shell (SSH) protocol is one of the most popular cryptographic protocols on the Internet. Unfortunately, the current SSH authenticated encryption mechanism is insecure. In this paper, we propose several fixes to the SSH protocol and,...
Just fast keying: Key agreement in a hostile internet
William Aiello, Steven M. Bellovin, Matt Blaze, Ran Canetti, John Ioannidis, Angelos D. Keromytis, Omer Reingold
We describe Just Fast Keying (JFK), a new key-exchange protocol, primarily designed for use in the IP security architecture. It is simple, efficient, and secure; we sketch a proof of the latter property. JFK also has a number of novel engineering...
Techniques and tools for analyzing intrusion alerts
Peng Ning, Yun Cui, Douglas S. Reeves, Dingbang Xu
Traditional intrusion detection systems (IDSs) focus on low-level attacks or anomalies, and raise alerts independently, though there may be logical connections between them. In situations where there are intensive attacks, not only will actual alerts...
A key recovery attack on the 802.11b wired equivalent privacy protocol (WEP)
Adam Stubblefield, John Ioannidis, Aviel D. Rubin
In this paper, we present a practical key recovery attack on WEP, the link-layer security protocol for 802.11b wireless networks. The attack is based on a partial key exposure vulnerability in the RC4 stream cipher discovered by Fluhrer, Mantin, and...