Crowds: anonymity for Web transactions
The design, implementation, security, performance, and scalability of the Crowds system for protecting users' anonymity on the world-wide-web are described and degrees of anonymity as an important tool for describing and proving anonymity properties are introduced.
False data injection attacks against state estimation in electric power grids
- Yao Liu, M. Reiter, P. Ning
- Computer Science, EngineeringConference on Computer and Communications…
- 9 November 2009
A new class of attacks, called false data injection attacks, against state estimation in electric power grids are presented, showing that an attacker can exploit the configuration of a power system to launch such attacks to successfully introduce arbitrary errors into certain state variables while bypassing existing techniques for bad measurement detection.
False data injection attacks against state estimation in electric power grids
This article presents and analyzes a new class of attacks, called false data injection attacks, against state estimation in electric power grids, under the assumption that the attacker can access the current power system configuration information and manipulate the measurements of meters at physically protected locations such as substations.
Stealing Machine Learning Models via Prediction APIs
- Florian Tramèr, Fan Zhang, A. Juels, M. Reiter, T. Ristenpart
- Computer ScienceUSENIX Security Symposium
- 10 August 2016
Simple, efficient attacks are shown that extract target ML models with near-perfect fidelity for popular model classes including logistic regression, neural networks, and decision trees against the online services of BigML and Amazon Machine Learning.
HotStuff: BFT Consensus with Linearity and Responsiveness
- Maofan Yin, D. Malkhi, M. Reiter, Guy Golan-Gueta, Ittai Abraham
- Computer ScienceACM SIGACT-SIGOPS Symposium on Principles of…
- 16 July 2019
HotStuff is the first partially synchronous BFT replication protocol exhibiting these combined properties, and its simplicity enables it to be further pipelined and simplified into a practical, concise protocol for building large-scale replication services.
The Design and Analysis of Graphical Passwords
- Ian H. Jermyn, A. Mayer, F. Monrose, M. Reiter, A. Rubin
- Computer Science, MathematicsUSENIX Security Symposium
- 23 August 1999
This work proposes and evaluates new graphical password schemes that exploit features of graphical input displays to achieve better security than text-based passwords and describes the prototype implementation of one of the schemes on a personal digital assistants (PDAs) namely the Palm PilotTM.
Accessorize to a Crime: Real and Stealthy Attacks on State-of-the-Art Face Recognition
- Mahmood Sharif, Sruti Bhagavatula, Lujo Bauer, M. Reiter
- Computer ScienceConference on Computer and Communications…
- 24 October 2016
A novel class of attacks is defined: attacks that are physically realizable and inconspicuous, and allow an attacker to evade recognition or impersonate another individual, and a systematic method to automatically generate such attacks is developed through printing a pair of eyeglass frames.
Flicker: an execution infrastructure for tcb minimization
- J. McCune, Bryan Parno, A. Perrig, M. Reiter, H. Isozaki
- Computer ScienceEuropean Conference on Computer Systems
- 1 April 2008
We present Flicker, an infrastructure for executing security-sensitive code in complete isolation while trusting as few as 250 lines of additional code. Flicker can also provide meaningful,…
Byzantine quorum systems
This paper considers the arbitrary (Byzantine) failure of data repositories and presents the first study of quorum system requirements and constructions that ensure data availability and consistency despite these failures, and demonstrates quorum systems over n servers with a load of O(\frac{1}{\sqrt{n}})$, thus meeting the lower bound on load for benignly fault-tolerant quorum Systems.
Cross-VM side channels and their use to extract private keys
- Yinqian Zhang, A. Juels, M. Reiter, T. Ristenpart
- Computer ScienceConference on Computer and Communications…
- 16 October 2012
This paper details the construction of an access-driven side-channel attack by which a malicious virtual machine (VM) extracts fine-grained information from a victim VM running on the same physical computer and demonstrates the attack in a lab setting by extracting an ElGamal decryption key from a victims using the most recent version of the libgcrypt cryptographic library.
...
...