Learn More
Side channel cryptanalysis techniques, such as the analysis of instantaneous power consumption, have been extremely eeective i n attacking implementations on simple hardware platforms. There are several proposed solutions to resist these attacks, most of which are addhoc and can easily be rendered ineeective. A scientiic approach is to create a model for(More)
We present template attacks, the strongest form of side channel attack possible in an information theoretic sense. These attacks can break implementations and countermeasures whose security is dependent on the assumption that an adversary cannot obtain more than one or a limited number of side channel samples. They require that an adversary has access to an(More)
Detecting attacks against systems has, in practice, largely been delegated to sensors, such as network intrustion detection systems. However, due to the inherent limitations of these systems and the increasing use of encryption in communication, intrusion detection and prevention have once again moved back to the host systems themselves. In this paper, we(More)
Mashup applications mix and merge content (data and code) from multiple content providers in a user's browser, to provide high-value web applications that can rival the user experience provided by desktop applications. Current browser security models were not designed to support such applications and they are therefore implemented with insecure workarounds.(More)
We analyze filename-based privilege escalation attacks, where an attacker creates filesystem links, thereby " tricking " a victim program into opening unintended files. We develop primitives for a POSIX environment, providing assurance that files in " safe directories " (such as /etc/passwd) cannot be opened by looking up a file by an " unsafe pathname "(More)
The international consensus guidelines for management of intraductal papillary mucinous neoplasm and mucinous cystic neoplasm of the pancreas established in 2006 have increased awareness and improved the management of these entities. During the subsequent 5 years, a considerable amount of information has been added to the literature. Based on a consensus(More)
M–commerce is a new area arising from the marriage of electronic commerce with emerging mobile and pervasive computing technology. The newness of this area—and the rapidness with which it is emerging—makes it difficult to analyze the technological problems that m–commerce introduces—and, in particular, the security and privacy issues. This situation is not(More)
We present two techniques for constructing sample spaces that approximate probability distributions. The first is a simple method for constructing the small-bias probability spaces introduced by Naor and Naor. We show how to efficiently combine this construction with the method of conditional probabilities to yield improved parallel algorithms for problems(More)
In this paper, we precisely characterize the random-ness complexity of the unique element isolation problem , a crucial step in the RNC algorithm for perfect matching due to Mulmuleg, Va.zirani @ Vazirani and in several other applications. Given a set S and an unknown family F ~ 2s with \F~ < Z, we present a scheme to assign polynomially bounded weights to(More)
This paper defines an ideal functionality for delegation of web access to a third-party where the authentication mechanism is password-based. We give a universally-composable (UC) realization of this ideal functionality assuming the availability of an SSL-like ideal functionality. We also show that this implementation can be further refined to give a(More)