Since the advent of SPECTRE, a number of countermeasures have been proposed and deployed. Rigorously reasoning about their effectiveness, however, requires a well-defined notion of security against speculative execution attacks, which has been missing until now.In this paper (1) we put forward speculative non-interference, the first semantic notion of security against speculative execution attacks, and (2) we develop SPECTECTOR, an algorithm based on symbolic execution to automatically prove speculative noninterference, or to detect violations.We implement SPECTECTOR in a tool, which we use to detect subtle leaks and optimizations opportunities in the way major compilers place SPECTRE countermeasures. A scalability analysis indicates that checking speculative non-interference does not exhibit fundamental bottlenecks beyond those inherited by symbolic execution.
The hardware security crisis brought on by recent speculative execution attacks has shown that it is crucial to adopt a security-conscious approach to architecture research, analyzing the security of promising architectural techniques before they are deployed in hardware.This paper offers the first security analysis of cache compression, one such promising technique that is likely to appear in future processors. We find that cache compression is insecure because the compressibility of a cache line reveals information about its contents. Compressed caches introduce a new side channel that is especially insidious, as simply storing data transmits information about it.We present two techniques that make attacks on compressed caches practical. Pack+Probe allows an attacker to learn the compressibility of victim cache lines, and Safecracker leaks secret data efficiently by strategically changing the values of nearby data. Our evaluation on a proof-ofconcept application shows that, on a common compressed cache architecture, Safecracker lets an attacker compromise a secret key in under 10 ms, and worse, leak large fractions of program memory when used in conjunction with latent memory safety vulnerabilities. We also discuss potential ways to close this new compression-induced side channel. We hope this work prevents insecure cache compression techniques from reaching mainstream processors.
Fingerprint recognition is one of the most used biometric methods for authentication. The identification of a query fingerprint requires matching its minutiae against every minutiae of all the fingerprints of the database. The state-of-the-art matching algorithms are costly, from a computational point of view, and inefficient on large datasets. In this work, we include faster methods to accelerating DMC (the most accurate fingerprint matching algorithm based only on minutiae). In particular, we translate into C++ the functions of the algorithm which represent the most costly tasks of the code; we create a library with the new code and we link the library to the original C# code using a CLR Class Library project by means of a C++/CLI Wrapper. Our solution re-implements critical functions, e.g., the bit population count including a fast C++ PopCount library and the use of the squared Euclidean distance for calculating the minutiae neighborhood. The experimental results show a significant reduction of the execution time in the optimized functions of the matching algorithm. Finally, a novel approach to improve the matching algorithm, considering cache memory blocking and parallel data processing, is presented as future work.
ABSTRAC T Digital currencies pose several questions. First, finding the best definition. Digital currencies have specific features that make necessary to mention in its definition. The second puzzle that they present is the function of Internet. It is important because Internet is the vehicle for the good functioning of digital currency schemes. The network provides all the facilities to digital currency, but it also may be a place for criminal activity. The third question is the relation of digital currencies and the e-commerce. The electronic commerce is an antecedent of virtual currencies. The necessity to make the payment quicker and easier makes possible the growth of virtual currencies. Finally, there is the puzzle of the regulation. A complete regulation does not exist in the digital area. It is the nature of the Internet. It is a place where there are no financial rules. Criminal activity and improper use of Internet will increase over time.KEY WORDS Digital currency bitcoin, electronic money, legal challenges, e-commerce. ARIAS Y SÁNCHEZ • THE DIGITAL CURRENCY CHALLENGE FOR THE REGULATORY REGIME 174RESUMEN Existen diversas interrogantes en materia divisas digitales. En primer lugar, la búsqueda de la mejor definición. Las monedas digitales tienen características específicas que hacen necesario proponer una definición. El segundo rompecabezas es la función de Internet. Es importante porque Internet es el vehículo para el buen funcionamiento de los sistemas digitales de divisas. La red ofrece todas las facilidades para la moneda digital, pero también puede ser un lugar para la actividad criminal. El tercer enigma es la relación de las monedas digitales y el comercio electrónico. El comercio electrónico es un antecedente de las monedas virtuales. La necesidad de hacer el pago más rápido y más fácil hace posible el crecimiento de las monedas virtuales. Por último, está el rompecabezas de la regulación. Una regulación completa no existe en el área digital. Es la naturaleza de la Internet. Es un lugar donde no hay reglas financieras. Probablemente la actividad criminal y el uso indebido de Internet aumentarán con el tiempo.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.