Maxwell Krohn - Academia.edu (original) (raw)
Papers by Maxwell Krohn
We present a secure service prototype built from untrusted, contributed code. The service manages... more We present a secure service prototype built from untrusted, contributed code. The service manages private data for a variety of different users, and user programs frequently require access to other users' private data. However, aside from covert timing channels, no part of the service can corrupt private data or leak it between users or outside the system without permission from the data's owners. Instead, owners may choose to reveal their data in a controlled manner. This application model is demonstrated by Muenster, a job search website that protects both the integrity and secrecy of each user's data. In spite of running untrusted code, Muenster and other services can prevent overt leaks because the untrusted modules are constrained by the operating system to follow pre-specified security policies, which are nevertheless flexible enough for programmers to do useful work. We build Muenster atop Asbestos, a recently described operating system based on a form of decentralized information flow control .
Many physicists would agree that, had it not been for congestion control, the evaluation of web b... more Many physicists would agree that, had it not been for congestion control, the evaluation of web browsers might never have occurred. In fact, few hackers worldwide would disagree with the essential unification of voice-over-IP and publicprivate key pair. In order to solve this riddle, we confirm that SMPs can be made stochastic, cacheable, and interposable.
Today's Web depends on a particular pact between sites and users: sites invest capital and la... more Today's Web depends on a particular pact between sites and users: sites invest capital and labor to create and mar- ket a set of features, and users gain access to these fea- tures by giving up control of their data (photos, personal information, creative musings, etc.). This paper imagines a very different Web ecosystem, in which users retain control of
Proceedings of the 6th Conference on Symposium on Opearting Systems Design Implementation Volume 6, Feb 26, 2004
SUNDR is a network file system designed to store data securely on untrusted servers. SUNDR lets c... more SUNDR is a network file system designed to store data securely on untrusted servers. SUNDR lets clients detect any attempts at unauthorized file modification by malicious server operators or users. SUNDR's protocol achieves a property called fork consistency, which guarantees that clients can detect any integrity or consistency failures as long as they see each other's file modifications. An implementation is described that performs comparably with NFS (sometimes better and sometimes worse), while offering significantly stronger security.
We study proactive two-party signature schemes in the context of user authentication. A proactive... more We study proactive two-party signature schemes in the context of user authentication. A proactive two-party signature scheme (P2SS) allows two parties-the client and the server-jointly to produce signatures and periodically to refresh their sharing of the secret key. The signature generation remains secure as long as both parties are not compromised between successive refreshes. We construct the first such proactive scheme based on the discrete log assumption by efficiently transforming Schnorr's popular signature scheme into a P2SS. We also extend our technique to the signature scheme of Guillou and Quisquater (GQ), providing two practical and efficient P2SSs that can be proven secure in the random oracle model under standard discrete log or RSA assumptions.
Many physicists would agree that, had it not been for congestion control, the evaluation of web b... more Many physicists would agree that, had it not been for congestion control, the evaluation of web browsers might never have occurred. In fact, few hackers worldwide would disagree with the essential unification of voice-over-IP and public- private key pair. In order to solve this riddle, we confirm that SMPs can be made stochastic, cacheable, and interposable. I. INTRODUCTION Many scholars
IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004, 2004
The quality of peer-to-peer content distribution can suffer when malicious participants intention... more The quality of peer-to-peer content distribution can suffer when malicious participants intentionally corrupt content. Some systems using simple block-by-block downloading can verify blocks with traditional cryptographic signatures and hashes, but these techniques do not apply well to more elegant systems that use rateless erasure codes for efficient multicast transfers. This paper presents a practical scheme, based on homomorphic hashing, that enables a downloader to perform on-the-fly verification of erasure-encoded blocks.
Proceedings of the fourth ACM european conference on Computer systems - EuroSys '09, 2009
Some web sites provide interactive extensions using browser scripts, often without inspecting the... more Some web sites provide interactive extensions using browser scripts, often without inspecting the scripts to verify that they are benign and bug-free. Others handle users' confidential data and display it via the browser. Such new features contribute to the power of online services, but their combination would allow attackers to steal confidential data. This paper presents BFlow, a security system that uses information flow control to allow the combination while preventing attacks on data confidentiality.
ACM SIGOPS Operating Systems Review, 2005
Asbestos, a new prototype operating system, provides novel labeling and isolation mechanisms that... more Asbestos, a new prototype operating system, provides novel labeling and isolation mechanisms that help contain the effects of exploitable software flaws. Applications can express a wide range of policies with Asbestos's kernel-enforced label mechanism, including controls on inter-process communication and systemwide information flow. A new event process abstraction provides lightweight, isolated contexts within a single process, allowing the same process to act on behalf of multiple users while preventing it from leaking any single user's data to any other user. A Web server that uses Asbestos labels to isolate user data requires about 1.5 memory pages per user, demonstrating that additional security can come at an acceptable cost.
ACM SIGOPS Operating Systems Review, 2007
... A process can spec-ify what subset of its privileges should be exercised when commu-nicating ... more ... A process can spec-ify what subset of its privileges should be exercised when commu-nicating through each endpoint. ... Say Charlie has administrator privilege on his machine, allowing him to edit sensitive files (eg, /etc/rc, the script that con-trols which processes run with ...
IEEE Transactions on Mobile Computing, 2000
Establishing trust between a group of individuals remains a difficult problem. Prior works assume... more Establishing trust between a group of individuals remains a difficult problem. Prior works assume trusted infrastructure, require an individual to trust unknown entities, or provide relatively low probabilistic guarantees of authenticity (95% for realistic settings). This work presents SPATE, a primitive that allows users to establish trust via mobile devices and physical interaction. Once the SPATE protocol runs to completion, its participants' mobile devices have authentic data that their applications can use to interact securely (i.e., the probability of a successful attack is 2 −24 ). For this work, we leverage SPATE as part of a larger system to facilitate efficient, secure, and user-friendly collaboration via email, file-sharing, and text messaging services. Our implementation of SPATE on Nokia N70 smartphones allows users to establish trust in small groups of up to eight users in less than one minute. The example SPATE applications provide increased security with little overhead noticeable to users once keys are established.
The set of companies chasing the Web 2.0 promise acquire, control, and then monetize your user... more The set of companies chasing the Web 2.0 promise acquire, control, and then monetize your users' data continues to mushroom. Yet, users get less choice than they should. First, having entrusted her data to a Web ap-plication (eg, Flickr for photo sharing), a user is gen- ...
2007 Usenix Annual Technical Conference on Proceedings of the Usenix Annual Technical Conference, 2007
Tame is a new event-based system for managing concurrency in network applications. Code written w... more Tame is a new event-based system for managing concurrency in network applications. Code written with Tame abstractions does not suffer from the "stackripping" problem associated with other event libraries. Like threaded code, tamed code uses standard control flow, automatically-managed local variables, and modular interfaces between callers and callees. Tame's implementation consists of C++ libraries and a source-to-source translator; no platform-specific support or compiler modifications are required, and Tame induces little runtime overhead. Experience with Tame in real-world systems, including a popular commercial Web site, suggests it is easy to adopt and deploy.
We present a secure service prototype built from untrusted, contributed code. The service manages... more We present a secure service prototype built from untrusted, contributed code. The service manages private data for a variety of different users, and user programs frequently require access to other users' private data. However, aside from covert timing channels, no part of the service can corrupt private data or leak it between users or outside the system without permission from the data's owners. Instead, owners may choose to reveal their data in a controlled manner. This application model is demonstrated by Muenster, a job search website that protects both the integrity and secrecy of each user's data. In spite of running untrusted code, Muenster and other services can prevent overt leaks because the untrusted modules are constrained by the operating system to follow pre-specified security policies, which are nevertheless flexible enough for programmers to do useful work. We build Muenster atop Asbestos, a recently described operating system based on a form of decentralized information flow control .
SUNDR is a network file system designed to store data securely on untrusted servers. SUNDR lets c... more SUNDR is a network file system designed to store data securely on untrusted servers. SUNDR lets clients detect any attempts at unauthorized file modification by malicious server operators or users. SUNDR's protocol achieves a property called fork consistency, which guarantees that clients can detect any integrity or consistency failures as long as they see each other's file modifications. An implementation is described that performs comparably with NFS (sometimes better and sometimes worse), while offering significantly stronger security.
Intermediate network elements, such as network address translators (NATs), firewalls, and transpa... more Intermediate network elements, such as network address translators (NATs), firewalls, and transparent caches are now commonplace. The usual reaction in the network architecture community to these so-called middleboxes is a combination of scorn (because they violate important architectural principles) and dismay (because these violations make the Internet less flexible). While we acknowledge these concerns, we also recognize that middleboxes have become an Internet fact of life for important reasons. To retain their functions while eliminating their dangerous side-effects, we propose an extension to the Internet architecture, called the Delegation-Oriented Architecture (DOA), that not only allows, but also facilitates, the deployment of middleboxes. DOA involves two relatively modest changes to the current architecture: (a) a set of references that are carried in packets and serve as persistent host identifiers and (b) a way to resolve these references to delegates chosen by the referenced host.
We present a secure service prototype built from untrusted, contributed code. The service manages... more We present a secure service prototype built from untrusted, contributed code. The service manages private data for a variety of different users, and user programs frequently require access to other users' private data. However, aside from covert timing channels, no part of the service can corrupt private data or leak it between users or outside the system without permission from the data's owners. Instead, owners may choose to reveal their data in a controlled manner. This application model is demonstrated by Muenster, a job search website that protects both the integrity and secrecy of each user's data. In spite of running untrusted code, Muenster and other services can prevent overt leaks because the untrusted modules are constrained by the operating system to follow pre-specified security policies, which are nevertheless flexible enough for programmers to do useful work. We build Muenster atop Asbestos, a recently described operating system based on a form of decentralized information flow control .
Many physicists would agree that, had it not been for congestion control, the evaluation of web b... more Many physicists would agree that, had it not been for congestion control, the evaluation of web browsers might never have occurred. In fact, few hackers worldwide would disagree with the essential unification of voice-over-IP and publicprivate key pair. In order to solve this riddle, we confirm that SMPs can be made stochastic, cacheable, and interposable.
Today's Web depends on a particular pact between sites and users: sites invest capital and la... more Today's Web depends on a particular pact between sites and users: sites invest capital and labor to create and mar- ket a set of features, and users gain access to these fea- tures by giving up control of their data (photos, personal information, creative musings, etc.). This paper imagines a very different Web ecosystem, in which users retain control of
Proceedings of the 6th Conference on Symposium on Opearting Systems Design Implementation Volume 6, Feb 26, 2004
SUNDR is a network file system designed to store data securely on untrusted servers. SUNDR lets c... more SUNDR is a network file system designed to store data securely on untrusted servers. SUNDR lets clients detect any attempts at unauthorized file modification by malicious server operators or users. SUNDR's protocol achieves a property called fork consistency, which guarantees that clients can detect any integrity or consistency failures as long as they see each other's file modifications. An implementation is described that performs comparably with NFS (sometimes better and sometimes worse), while offering significantly stronger security.
We study proactive two-party signature schemes in the context of user authentication. A proactive... more We study proactive two-party signature schemes in the context of user authentication. A proactive two-party signature scheme (P2SS) allows two parties-the client and the server-jointly to produce signatures and periodically to refresh their sharing of the secret key. The signature generation remains secure as long as both parties are not compromised between successive refreshes. We construct the first such proactive scheme based on the discrete log assumption by efficiently transforming Schnorr's popular signature scheme into a P2SS. We also extend our technique to the signature scheme of Guillou and Quisquater (GQ), providing two practical and efficient P2SSs that can be proven secure in the random oracle model under standard discrete log or RSA assumptions.
Many physicists would agree that, had it not been for congestion control, the evaluation of web b... more Many physicists would agree that, had it not been for congestion control, the evaluation of web browsers might never have occurred. In fact, few hackers worldwide would disagree with the essential unification of voice-over-IP and public- private key pair. In order to solve this riddle, we confirm that SMPs can be made stochastic, cacheable, and interposable. I. INTRODUCTION Many scholars
IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004, 2004
The quality of peer-to-peer content distribution can suffer when malicious participants intention... more The quality of peer-to-peer content distribution can suffer when malicious participants intentionally corrupt content. Some systems using simple block-by-block downloading can verify blocks with traditional cryptographic signatures and hashes, but these techniques do not apply well to more elegant systems that use rateless erasure codes for efficient multicast transfers. This paper presents a practical scheme, based on homomorphic hashing, that enables a downloader to perform on-the-fly verification of erasure-encoded blocks.
Proceedings of the fourth ACM european conference on Computer systems - EuroSys '09, 2009
Some web sites provide interactive extensions using browser scripts, often without inspecting the... more Some web sites provide interactive extensions using browser scripts, often without inspecting the scripts to verify that they are benign and bug-free. Others handle users' confidential data and display it via the browser. Such new features contribute to the power of online services, but their combination would allow attackers to steal confidential data. This paper presents BFlow, a security system that uses information flow control to allow the combination while preventing attacks on data confidentiality.
ACM SIGOPS Operating Systems Review, 2005
Asbestos, a new prototype operating system, provides novel labeling and isolation mechanisms that... more Asbestos, a new prototype operating system, provides novel labeling and isolation mechanisms that help contain the effects of exploitable software flaws. Applications can express a wide range of policies with Asbestos's kernel-enforced label mechanism, including controls on inter-process communication and systemwide information flow. A new event process abstraction provides lightweight, isolated contexts within a single process, allowing the same process to act on behalf of multiple users while preventing it from leaking any single user's data to any other user. A Web server that uses Asbestos labels to isolate user data requires about 1.5 memory pages per user, demonstrating that additional security can come at an acceptable cost.
ACM SIGOPS Operating Systems Review, 2007
... A process can spec-ify what subset of its privileges should be exercised when commu-nicating ... more ... A process can spec-ify what subset of its privileges should be exercised when commu-nicating through each endpoint. ... Say Charlie has administrator privilege on his machine, allowing him to edit sensitive files (eg, /etc/rc, the script that con-trols which processes run with ...
IEEE Transactions on Mobile Computing, 2000
Establishing trust between a group of individuals remains a difficult problem. Prior works assume... more Establishing trust between a group of individuals remains a difficult problem. Prior works assume trusted infrastructure, require an individual to trust unknown entities, or provide relatively low probabilistic guarantees of authenticity (95% for realistic settings). This work presents SPATE, a primitive that allows users to establish trust via mobile devices and physical interaction. Once the SPATE protocol runs to completion, its participants' mobile devices have authentic data that their applications can use to interact securely (i.e., the probability of a successful attack is 2 −24 ). For this work, we leverage SPATE as part of a larger system to facilitate efficient, secure, and user-friendly collaboration via email, file-sharing, and text messaging services. Our implementation of SPATE on Nokia N70 smartphones allows users to establish trust in small groups of up to eight users in less than one minute. The example SPATE applications provide increased security with little overhead noticeable to users once keys are established.
The set of companies chasing the Web 2.0 promise acquire, control, and then monetize your user... more The set of companies chasing the Web 2.0 promise acquire, control, and then monetize your users' data continues to mushroom. Yet, users get less choice than they should. First, having entrusted her data to a Web ap-plication (eg, Flickr for photo sharing), a user is gen- ...
2007 Usenix Annual Technical Conference on Proceedings of the Usenix Annual Technical Conference, 2007
Tame is a new event-based system for managing concurrency in network applications. Code written w... more Tame is a new event-based system for managing concurrency in network applications. Code written with Tame abstractions does not suffer from the "stackripping" problem associated with other event libraries. Like threaded code, tamed code uses standard control flow, automatically-managed local variables, and modular interfaces between callers and callees. Tame's implementation consists of C++ libraries and a source-to-source translator; no platform-specific support or compiler modifications are required, and Tame induces little runtime overhead. Experience with Tame in real-world systems, including a popular commercial Web site, suggests it is easy to adopt and deploy.
We present a secure service prototype built from untrusted, contributed code. The service manages... more We present a secure service prototype built from untrusted, contributed code. The service manages private data for a variety of different users, and user programs frequently require access to other users' private data. However, aside from covert timing channels, no part of the service can corrupt private data or leak it between users or outside the system without permission from the data's owners. Instead, owners may choose to reveal their data in a controlled manner. This application model is demonstrated by Muenster, a job search website that protects both the integrity and secrecy of each user's data. In spite of running untrusted code, Muenster and other services can prevent overt leaks because the untrusted modules are constrained by the operating system to follow pre-specified security policies, which are nevertheless flexible enough for programmers to do useful work. We build Muenster atop Asbestos, a recently described operating system based on a form of decentralized information flow control .
SUNDR is a network file system designed to store data securely on untrusted servers. SUNDR lets c... more SUNDR is a network file system designed to store data securely on untrusted servers. SUNDR lets clients detect any attempts at unauthorized file modification by malicious server operators or users. SUNDR's protocol achieves a property called fork consistency, which guarantees that clients can detect any integrity or consistency failures as long as they see each other's file modifications. An implementation is described that performs comparably with NFS (sometimes better and sometimes worse), while offering significantly stronger security.
Intermediate network elements, such as network address translators (NATs), firewalls, and transpa... more Intermediate network elements, such as network address translators (NATs), firewalls, and transparent caches are now commonplace. The usual reaction in the network architecture community to these so-called middleboxes is a combination of scorn (because they violate important architectural principles) and dismay (because these violations make the Internet less flexible). While we acknowledge these concerns, we also recognize that middleboxes have become an Internet fact of life for important reasons. To retain their functions while eliminating their dangerous side-effects, we propose an extension to the Internet architecture, called the Delegation-Oriented Architecture (DOA), that not only allows, but also facilitates, the deployment of middleboxes. DOA involves two relatively modest changes to the current architecture: (a) a set of references that are carried in packets and serve as persistent host identifiers and (b) a way to resolve these references to delegates chosen by the referenced host.