Biblio
Filters: Keyword is leakage resilience [Clear All Filters]
.
2022. Smart Health Records Sharing Scheme based on Partially Policy-Hidden CP-ABE with Leakage Resilience. 2022 IEEE 24th Int Conf on High Performance Computing & Communications; 8th Int Conf on Data Science & Systems; 20th Int Conf on Smart City; 8th Int Conf on Dependability in Sensor, Cloud & Big Data Systems & Application (HPCC/DSS/SmartCity/DependSys). :1408—1415.
With the rapid innovation of cloud computing technologies, which has enhanced the application of the Internet of Things (IoT), smart health (s-health) is expected to enhance the quality of the healthcare system. However, s-health records (SHRs) outsourcing, storage, and sharing via a cloud server must be protected and users attribute privacy issues from the public domain. Ciphertext policy attribute-based encryption (CP-ABE) is the cryptographic primitive which is promising to provide fine-grained access control in the cloud environment. However, the direct application of traditional CP-ABE has brought a lot of security issues like attributes' privacy violations and vulnerability in the future by potential powerful attackers like side-channel and cold-bot attacks. To solve these problems, a lot of CP-ABE schemes have been proposed but none of them concurrently support partially policy-hidden and leakage resilience. Hence, we propose a new Smart Health Records Sharing Scheme that will be based on Partially Policy-Hidden CP-ABE with Leakage Resilience which is resilient to bound leakage from each of many secret keys per user, as well as many master keys, and ensure attribute privacy. Our scheme hides attribute values of users in both secret key and ciphertext which contain sensitive information in the cloud environment and are fully secure in the standard model under the static assumptions.
.
2017. Moving Targets vs. Moving Adversaries: On the Effectiveness of System Randomization. Proceedings of the 2017 Workshop on Moving Target Defense. :51–52.
Memory-corruption vulnerabilities pose a severe threat on modern systems security. Although this problem is known for almost three decades it is unlikely to be solved in the near future because a large amount of modern software is still programmed in unsafe, legacy languages such as C/C++. With new vulnerabilities in popular software discovered almost every day, and with high third party demand for (purchasing) the corresponding exploits, runtime attacks are more prevalent than ever. Even perfect cryptography can easily be undermined by exploiting software vulnerabilities. Typically, one vulnerability in wide-spread software (e.g., Tor Browser) is sufficient for the adversary to compromise all users. Moving target approaches such as software diversity [2] and system randomization techniques [7] are considered to be effective and practical means to strongly reduce the scale of such attacks because ideally, the adversary would require to craft a unique exploit per user. However, recently it was shown that existing software-randomization schemes can be circumvented by practical exploitation techniques such as Just-In-Time Return Oriented Programming (JIT-ROP) that takes advantage of information leakage [1]. The attack demonstrated that even a single disclosed code pointer can be exploited to defeat any (fine-grained) code randomization scheme. Later, it was shown that there are various sources of information leakage that can be exploited such as virtual function pointers [4]. JIT-ROP motivated a number of subsequent works to prevent the adversary from reading code such as Readactor [3,5], or ASLR Guard [8]. For instance, Readactor and its successor Readactor++ [3,5] use various techniques to prevent direct and indirect code disclosure, which seems to be non-trivial in general [6]. The arms race will continue.