The design, implementation, security, performance, and scalability of the Crowds system for protecting users' anonymity on the world-wide-web are described and degrees of anonymity as an important tool for describing and proving anonymity properties are introduced.
This article presents and analyzes a new class of attacks, called false data injection attacks, against state estimation in electric power grids, under the assumption that the attacker can access the current power system configuration information and manipulate the measurements of meters at physically protected locations such as substations.
A new class of attacks, called false data injection attacks, against state estimation in electric power grids are presented, showing that an attacker can exploit the configuration of a power system to launch such attacks to successfully introduce arbitrary errors into certain state variables while bypassing existing techniques for bad measurement detection.
Simple, efficient attacks are shown that extract target ML models with near-perfect fidelity for popular model classes including logistic regression, neural networks, and decision trees against the online services of BigML and Amazon Machine Learning.
This work proposes and evaluates new graphical password schemes that exploit features of graphical input displays to achieve better security than text-based passwords and describes the prototype implementation of one of the schemes on a personal digital assistants (PDAs) namely the Palm PilotTM.
This paper considers the arbitrary (Byzantine) failure of data repositories and presents the first study of quorum system requirements and constructions that ensure data availability and consistency despite these failures, and demonstrates quorum systems over n servers with a load of O(\frac{1}{\sqrt{n}})$, thus meeting the lower bound on load for benignly fault-tolerant quorum Systems.
A novel class of attacks is defined: attacks that are physically realizable and inconspicuous, and allow an attacker to evade recognition or impersonate another individual, and a systematic method to automatically generate such attacks is developed through printing a pair of eyeglass frames.
We present Flicker, an infrastructure for executing security-sensitive code in complete isolation while trusting as few as 250 lines of additional code. Flicker can also provide meaningful,…
HotStuff is the first partially synchronous BFT replication protocol exhibiting these combined properties, and its simplicity enables it to be further pipelined and simplified into a practical, concise protocol for building large-scale replication services.
This paper details the construction of an access-driven side-channel attack by which a malicious virtual machine (VM) extracts fine-grained information from a victim VM running on the same physical computer and demonstrates the attack in a lab setting by extracting an ElGamal decryption key from a victims using the most recent version of the libgcrypt cryptographic library.