Learn More
When IPv6 Neighbor and Router Discovery functions were defined, it was assumed that the local link would consist of mutually trusting nodes. However, the recent developments in public wireless networks, such as WLANs, have radically changed the situation. The nodes on a local link cannot necessarily trust each other any more, but they must become mutually(More)
We present a unilateral authentication protocol for protecting IPv6 networks against abuse of mobile IPv6 primitives. A mobile node uses a partial hash of its public key for its IPv6 address. Our protocol integrates distribution of public keys and protects against falsification of network addresses. Our protocol is easy to implement, economic to deploy and(More)
Sometimes, it is necessary to remove author names and other personally identifiable information (PII) from documents before publication. We have implemented a novel defensive tool for detecting such data automatically. By using the detection tool, we have learned about where PII may be stored in documents and how it is put there. A key observation is that,(More)
Contemporary CPU architectures conflate virtualization and protection , imposing virtualization-related performance, programma-bility, and debuggability penalties on software requiring fine-grained protection. First observed in micro-kernel research, these problems are increasingly apparent in recent attempts to mitigate software vulnerabilities through(More)
Mobile IPv6 is a network-layer mobility protocol for the IPv6 Internet. The protocol includes several security mechanisms, such as the return-routability tests for the care-of addresses. This paper explains the threat model and design principles that motivated the Mobile IPv6 security features. While many of the ideas have become parts of the standard(More)
Sometimes two parties who share a weak secret k (such as a password) wish to share a strong secret s (such as a session key) without revealing information about k to a (possibly active) attacker. We assume that both parties can generate strong random numbers and forget secrets, and present three protocols for secure strong secret sharing, based on RSA,(More)
Network location awareness (NLA) enables mobile computers to recognize home, work and public networks and wireless hotspots and to behave differently at different locations. The location information is used to change security settings such as firewall rules. Current NLA mechanisms, however, do not provide authenticated location information on all networks.(More)
Motivated by contemporary security challenges, we reevaluate and refine capability-based addressing for the RISC era. We present CHERI, a hybrid capability model that extends the 64-bit MIPS ISA with byte-granularity memory protection. We demonstrate that CHERI enables language memory model enforcement and fault isolation in hardware rather than software,(More)
Burying beetles, Nicrophorus orbicollis, depend on the location of an unpredictable resource, a small vertebrate carcass, for reproduction. When they discover a carcass, they undergo a correlated rapid rise in titers of juvenile hormone (JH) in the hemolymph and ovarian development. This study investigates the regulation of the changes in JH during breeding(More)