[Cryptography] science of security, NSA paper awards

[dan at geer.org]

NSA's award for the best "science of security" paper published in
2013 was bestowed this past Thursday.  Here are the two papers
honored (the best paper first, then the honorable mention paper).

=========

Memory Trace Oblivious Program Execution
Chang Liu, Michael Hicks, Elaine Shi
University of Maryland
http://www.cs.umd.edu/~liuchang/paper/csf2013oram-tr.pdf

Cloud computing allows users to delegate data and computation to
cloud service providers, at the cost of giving up physical control
of their computing infrastructure. An attacker (e.g., insider) with
physical access to the computing platform can perform various
physical attacks, including probing memory buses and cold-boot style
attacks. Previous work on secure (co-)processors provides hardware
support for memory encryption and prevents direct leakage of sensitive
data over the memory bus. However, an adversary snooping on the bus
can still infer sensitive information from the memory access traces.
Existing work on Oblivious RAM (ORAM) provides a solution for users
to put all data in an ORAM; and accesses to an ORAM are obfuscated
such that no information leaks through memory access traces. This
method, however, incurs significant memory access overhead. This
work is the first to leverage programming language techniques to
offer efficient memory-trace oblivious program execution, while
providing formal security guarantees. We formally define the notion
of memory-trace obliviousness, and provide a type system for verifying
that a program satisfies this property. We also describe a compiler
that transforms a program into a structurally similar one that
satisfies memory trace obliviousness. To achieve optimal efficiency,
our compiler partitions variables into several small ORAM banks
rather than one large one, without risking security. We use several
example programs to demonstrate the efficiency gains our compiler
achieves in comparison with the naive method of placing all variables
in the same ORAM.

=========

Rethinking SSL Development in an Appified World
Sascha Fahl, Marian Harbach, Henning Perl, Markus Koetter, Matthew Smith
Distributed Computing & Security Group, Leibniz Univ, Hannover, Germany
http://android-ssl.org/files/p49.pdf

The Secure Sockets Layer (SSL) is widely used to secure data transfers
on the Internet. Previous studies have shown that the state of
non-browser SSL code is catastrophic across a large variety of
desktop applications and libraries as well as a large selection of
Android apps, leaving users vulnerable to Man-in-the-Middle attacks
(MITMAs). To determine possible causes of SSL problems on all major
appified platforms, we extended the analysis to the walled-garden
ecosystem of iOS, analyzed software developer forums and conducted
interviews with developers of vulnerable apps. Our results show
that the root causes are not simply careless developers, but also
limitations and issues of the current SSL development paradigm.
Based on our findings, we derive a proposal to rethink the handling
of SSL in the appified world and present a set of countermeasures
to improve the handling of SSL using Android as a blueprint for
other platforms. Our countermeasures prevent developers from willfully
or accidentally breaking SSL certificate validation, offer support
for extended features such as SSL Pinning and different SSL validation
infrastructures, and protect users. We evaluated our solution against
13,500 popular Android apps and conducted developer interviews to
judge the acceptance of our approach and found that our solution
works well for all investigated apps and developers.

=========


I was one of the judges, in case that matters to someone here.

--dan