virtualizaton and security cfp (was Re: Death of antivirus software imminent)
With this discussion of virtualization and security, it might be a good time to note: IEEE Security Privacy Special issue on virtualization September/October 2008 Deadline for submissions: 6 February 2008 Visit www.computer.org/portal/pages/security/author.xml to submit a manuscript Guest editors: Samuel T. King (UIUC), Sean W. Smith (Dartmouth) Virtualization has several properties that make it useful for security applications. Traditional virtual machine monitors aspire to enforce strong isolation among multiple operating systems (OSes) running on the same physical hardware, enable software services to be implemented below the OS at a layer usually only accessible by hardware, and provide low-level software with convenient abstractions of the virtual machineĆs hardware resources. Other approaches aspire to provide multiple virtual but isolated images of the same OS installation. These properties helped foster a new class of virtual-machine- based security services and made virtualization a staple of many enterprise computing environments. A common topic in the early days of computing, virtualization has recently seen a resurgence of commercial and research interest. Consequently, the security implications of virtualization technology are the topic of the Sept./Oct. 2008 special issue of IEEE Security Privacy magazine. We are looking for feature articles with an in-depth coverage of topics related to virtualization technology and how it applies to security. Among the potential topics are: --Virtualization for intrusion detection --Virtualization for forensic analysis of compromised computer systems --Virtualization for analyzing malicious software --Hardware support for secure virtualization --Security interfaces between VMMs and operating systems --Securing applications using virtualization --Securing attacks using virtualization --Security analysis of virtualization The above list is neither complete nor closed. Authors are encouraged to submit articles that explore other aspects of virtualization and its application to security. Submissions will be subject to the peer-review methodology for refereed papers. Articles should be understandable to a broad audience of people interested in security and privacy. The writing should be down to earth, practical, and original. Authors should not assume that the audience will have specialized experience in a particular subfield. All accepted articles will be edited according to the IEEE Computer Society style guide. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: TPM hacking
Yes, and that's why we cited Kauer on the page, in Evan's paper, and in the video! http://os.inf.tu-dresden.de/papers_ps/kauer07-oslo.pdf (mainly section 2; section 2.2 describes the TPM Reset trick) - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
TPM hacking
Seeing as how there are are some rumors about other attacks coming from BlackHat, I thought we should publicize ours a bit: A 3 piece of wire does the job. More info (and a link to a YouTube demo) at: www.cs.dartmouth.edu/~pkilab/sparks/ --Sean Sean W. Smith [EMAIL PROTECTED] www.cs.dartmouth.edu/~sws/ Associate Professor, Department of Computer Science, Dartmouth College, Hanover NH USA - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: RSA SecurID SID800 Token vulnerable by design
One can have a lot of fun with key-wielding tokens, especially on Windows. See: J. Marchesini, S.W. Smith, M. Zhao. Keyjacking: the Surprising Insecurity of Client-side SSL. Computers and Security. 4 (2): 109-123. March 2005. http://www.cs.dartmouth.edu/~sws/pubs/msz05.pdf --Sean Sean W. Smith [EMAIL PROTECTED] www.cs.dartmouth.edu/~sws/ Department of Computer Science, Dartmouth College, Hanover NH USA - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: History and definition of the term 'principal'?
I like the definition in Kaufman-Perlman-Speciner: A completely generic term used by the security community to include both people and computer systems. Coined because it is more dignified than 'thingy' and because 'object' and 'entity' (which also means thingy) were already overused. --Sean Sean W. Smith, Ph.D. [EMAIL PROTECTED] www.cs.dartmouth.edu/~sws/ Department of Computer Science, Dartmouth College, Hanover NH USA - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: History and definition of the term 'principal'?
Are there different editions of Kaufman-Perlman-Speciner ? I got that definition from the glossary in the 2nd edition. I'm pretty sure it was in the glossary in the first edition as well, but I can't seem to find my copy anymore! - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: is breaking RSA at least as hard as factoring or vice-versa?
Dan Boneh had an interesting paper on this topic a few years back giving some evidence that that breaking RSA might in fact be easier than factoring.However, it defines breaking RSA as being able to DO the private-key operation, not as knowing the private key (because the latter lets you factor). Boneh and Venkatesan. Breaking RSA may not be equivalent to factoring. Eurocrypt '98. Springer-Verlag LNCS 1233. 1998. --Sean Sean W. Smith, Ph.D. [EMAIL PROTECTED] www.cs.dartmouth.edu/~sws/ Department of Computer Science, Dartmouth College, Hanover NH USA - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
