UCL logo

UCL Discovery

UCL home » Library Services » Electronic resources » UCL Discovery

Structuring protocol implementations to protect sensitive data

Marchenko, P; Karp, B; (2010) Structuring protocol implementations to protect sensitive data. In: Proceedings of the 19th USENIX Security Symposium: August 11–13, 2010, Washington, DC. (pp. 47 - 62). USENIX Association: Berkeley, US. Green open access


Download (234kB) | Preview


In a bid to limit the harm caused by ubiquitous remotely exploitable software vulnerabilities, the computer systems security community has proposed primitives to allow execution of application code with reduced privilege. In this paper, we identify and address the vital and largely unexamined problem of how to structure implementations of cryptographic protocols to protect sensitive data despite exploits. As evidence that this problem is poorly understood, we first identify two attacks that lead to disclosure of sensitive data in two published state-ofthe-art designs for exploit-resistant cryptographic protocol implementations: privilege-separated OpenSSH, and the HiStar/DStar DIFC-based SSL web server. We then describe how to structure protocol implementations on UNIX- and DIFC-based systems to defend against these two attacks and protect sensitive information from disclosure. We demonstrate the practicality and generality of this approach by applying it to protect sensitive data in the implementations of both the server and client sides of OpenSSH and of the OpenSSL library.

Type: Proceedings paper
Title: Structuring protocol implementations to protect sensitive data
Event: 19th USENIX Security Symposium
ISBN-13: 9781931971775
Open access status: An open access version is available from UCL Discovery
Publisher version: http://www.usenix.org/events/sec10/tech/full_paper...
Language: English
Additional information: Rights to individual papers remain with the author or the author’s employer. Permission is granted for the noncommercial reproduction of the complete work for educational or research purposes
UCL classification: UCL > School of BEAMS > Faculty of Engineering Science > Computer Science
URI: http://discovery.ucl.ac.uk/id/eprint/74396
Downloads since deposit
Download activity - last month
Download activity - last 12 months
Downloads by country - last 12 months

Archive Staff Only

View Item View Item