A lattice model of secure information flow
Communications of the ACM
Flow-sensitive type qualifiers
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
Foundations of Databases: The Logical Level
Foundations of Databases: The Logical Level
Practical Techniques for Searches on Encrypted Data
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
A Study on the Security of Privacy Homomorphism
ITNG '06 Proceedings of the Third International Conference on Information Technology: New Generations
Remote timing attacks are practical
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Fairplay—a secure two-party computation system
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Flicker: an execution infrastructure for tcb minimization
Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008
Protocols for secure computations
SFCS '82 Proceedings of the 23rd Annual Symposium on Foundations of Computer Science
FairplayMP: a system for secure multi-party computation
Proceedings of the 15th ACM conference on Computer and communications security
Fully homomorphic encryption using ideal lattices
Proceedings of the forty-first annual ACM symposium on Theory of computing
A Provably Secure and Efficient Countermeasure against Timing Attacks
CSF '09 Proceedings of the 2009 22nd IEEE Computer Security Foundations Symposium
CLAMP: Practical Prevention of Large-Scale Data Leaks
SP '09 Proceedings of the 2009 30th IEEE Symposium on Security and Privacy
Secure Content Sniffing for Web Browsers, or How to Stop Papers from Reviewing Themselves
SP '09 Proceedings of the 2009 30th IEEE Symposium on Security and Privacy
Public-key cryptosystems based on composite degree residuosity classes
EUROCRYPT'99 Proceedings of the 17th international conference on Theory and application of cryptographic techniques
Encrypted domain DCT based on homomorphic cryptosystems
EURASIP Journal on Information Security - Special issue on enhancing privacy protection in multimedia systems
TrustVisor: Efficient TCB Reduction and Attestation
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
SCiFI - A System for Secure Face Identification
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
TASTY: tool for automating secure two-party computations
Proceedings of the 17th ACM conference on Computer and communications security
Non-interactive verifiable computing: outsourcing computation to untrusted workers
CRYPTO'10 Proceedings of the 30th annual conference on Advances in cryptology
Efficient privacy-preserving face recognition
ICISC'09 Proceedings of the 12th international conference on Information security and cryptology
Making Linux protection mechanisms egalitarian with UserFS
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
Implementing Gentry's fully-homomorphic encryption scheme
EUROCRYPT'11 Proceedings of the 30th Annual international conference on Theory and applications of cryptographic techniques: advances in cryptology
Faster secure two-party computation using garbled circuits
SEC'11 Proceedings of the 20th USENIX conference on Security
Silverline: toward data confidentiality in storage-intensive cloud applications
Proceedings of the 2nd ACM Symposium on Cloud Computing
CryptDB: protecting confidentiality with encrypted query processing
SOSP '11 Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles
Information-flow types for homomorphic encryptions
Proceedings of the 18th ACM conference on Computer and communications security
Flow-sensitive pointer analysis for millions of lines of code
CGO '11 Proceedings of the 9th Annual IEEE/ACM International Symposium on Code Generation and Optimization
Language-based information-flow security
IEEE Journal on Selected Areas in Communications
Fingerprinting protocol for images based on additive homomorphic property
IEEE Transactions on Image Processing
Information-Flow Control for Programming on Encrypted Data
CSF '12 Proceedings of the 2012 IEEE 25th Computer Security Foundations Symposium
Secure two-party computations in ANSI C
Proceedings of the 2012 ACM conference on Computer and communications security
Design, Implementation and Verification of an eXtensible and Modular Hypervisor Framework
SP '13 Proceedings of the 2013 IEEE Symposium on Security and Privacy
An Ideal-Security Protocol for Order-Preserving Encoding
SP '13 Proceedings of the 2013 IEEE Symposium on Security and Privacy
POSTER: CRYPTSERVER: strong data protection in commodity LAMP servers
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
| Hi-index | 0.00 |
Web servers are vulnerable to a large class of attacks which can allow network attacker to steal sensitive web content. In this work, we investigate the feasibility of a web server architecture, wherein the vulnerable server VM runs on a trusted cloud. All sensitive web content is made available to the vulnerable server VM in encrypted form, thereby limiting the effectiveness of data-stealing attacks through server VM compromise. In this context, the main challenge is to allow the legitimate functionality of the untrusted server VM to work. As a step towards this goal, we develop a tool called AutoCrypt, which transforms a subset of existing C functionality in the web stack to operate on encrypted sensitive content. We show that such a transformation is feasible for several standard Unix utilities available in a typical LAMP stack, with no developer effort. Key to achieving this expressiveness over encrypted data, is our scheme to combine and convert between partially-homomorphic encryption (PHE) schemes using a small TCB in the trusted cloud hypervisor. We show that x86 code transformed with AutoCrypt achieves performance that is significantly better than its alternatives (downloading to a trusted client, or using fully-homomorphic encryption).