Tag: sca

Dec 27

Lax Security Exposes Voice Mail to Hacking, Study Says – NYTimes.com

Lax Security Exposes Voice Mail to Hacking, Study Says – NYTimes.com.

(via Pascal M.)

Dec 23

Anonymous ‘International’ Takes Down Egyptian Government Websites Exclusive – Softpedia

Hackers operating under the name Anonymous launched massive distributed denial of service DDoS attacks against major Egyptian government websites, including the ones of the president, Egyptian state media, the military site Supreme Council of the Armed Forces SCAF and a site that promotes tourism.

via Anonymous ‘International’ Takes Down Egyptian Government Websites Exclusive – Softpedia.

Dec 23

Security researcher blows whistle on gaping Siemens security flaw coverup | ITworld

SCADA software developer Siemens has ignored warnings and lied in at least one case about a serious security flaw that could allow hackers to take control of SIMATIC systems that manage industrial control systems, according to a coder for a different software company, who posted details about the incident in his blog.

via Security researcher blows whistle on gaping Siemens security flaw coverup | ITworld.

Dec 20

Third International Symposium on Architecting Critical Systems (ISARCS 2012)


C A L L     F O R     P A P E R S
Third International Symposium on Architecting Critical Systems (ISARCS 2012)
Bertinoro, Italy, June 26-28 2012 
— Federated with COMPARCH 2012 —
ISARCS is at the third edition and it is the perfect venue for exchanging ideas on both theory and practice for architecting critical systems. Architecting these systems has the big challenge to guarantee both the perceived and objective dependability and security even accepting service degradation. This requires trade-off among the various attributes of dependability and security that cannot be considered in isolation. We are interested in submissions from both industry and academia, including, but not limited to, the following main areas:
Architectural styles and patterns
Architectural support for evolution
Aspects-oriented development
Assurance-based development
Automotive and avionic systems
Component-based development
Critical infrastructures
E-commerce, e-business, and e-government
Embedded, mobile, and ubiquitous systems
Extensible ADLs
Fault injection
Industrial case studies, challenges, problems, and solutions
Inspection techniques
Integration of processes, tools, and analysis techniques
Integrators (wrappers) for dependability
Model checking
Model-driven development
Redundancy and diversity
Runtime checks
Survivability and error confinement
Testing and simulation
Theorem proving
Tolerating architectural mismatches
Type checking techniques 
Paper submissions: Accepted contributions will be published in the ACM Digital Library. Papers should not exceed 10 pages, must be written in English, and prepared according to the ACM style (http://www.acm.org/sigs/publications/proceedings-templates). Papers must not have been previously published or currently submitted elsewhere for publication. If accepted, the paper must be personally presented at ISARCS 2012 by one author. Submissions will be made through the EasyChair on-line submission system (see website).
Abstract submission: February 14, 2012
Paper submission: February 21, 2012
Authors notification: April 9, 2012
Camera-Ready version: May 1, 2012
Jorge Cuellar, SIEMENS CT, Germany
Javier Lopez, University of Malaga, Spain
Vincenzo Grassi, Università di Roma Tor Vergata, Italy
Raffaela Mirandola, Politecnico di Milano, Italy
Rami Bahsoon (University of Birmingham, UK)
Marco Bernardo (University of Urbino, Italy)
Wing-Kwong Chan (City University of Hong Kong, Hong Kong)
Michel R.V. Chaudron (Leiden University, The Netherlands)
Erik de Vink (TUE, The Netherlands)

Massimo Felici (The University of Edinburgh, UK) 
Anthony Hall (Praxis Critical Systems, UK)
Bernhard Hämmerli (Acris GmbH/HSLU&HIG, Switzerland)
Valérie Issarny (INRIA, UR de Rocquencourt, France)
Christian D. Jensen (TUD, Denmark)
Tim Kelly (University of York, UK)
John C. Knight(University of Virginia, US)
Yves Le Traon (University of Luxembourg, Luxembourg)
Jorge Lopez (INDRA, Spain)
Volkmar Lotz (SAP, France)
Fabio Martinelli (CNR, Italy)
Fabio Massacci (University of Trento, Italy)
Martin Naedele (ABB, Switzerland)
Sebastian Nanz (ETH Zurich, Switzerland)
Bashar Nuseibeh (Open University, UK)
Flavio Oquendo (European University of Brittany, France)
Patrizio Pelliccione (University of L’Aquila, Italy)
Sampath Prahladavaradan (India Science Lab, India)
Ernesto Pimentel (University of Malaga, Spain)
Richard V. Robinson (Boeing, US)
Erich Rome (Fraunhofer IAIS, Germany)
Bill Roscoe (Oxford University, UK)
Roshana Roshandel (Seattle University, US)
Carsten Rudolph (Fraunhofer SIT, Germany)
Bernhard Rumpe (RWTH Aachen University, Germany)
John Rushby (SRI, US)
Riccardo Scandariato (KUL, Belgium)
Bran Selic (Malina Software, Canada)
Roberto Setola (Università Campus Bio-Medico, Italy)
Danny Weyns (Linnaeus University, Sweden)
Martin Wirsing (LMU, Germany)
Stephen Wolthusen (Royal Holloway, UK)

Dec 16

Industry group creates guidelines for issuing SSL certs – SC Magazine US








Industry group creates guidelines for issuing SSL certs – SC Magazine US.

A consortium of certificate authorities (CAs) and software vendors has released the first industry standard for the issuance and management of SSL certificates.

(via Pascal M.)




Dec 07

Six myths of risk assessment – David Laceys IT Security Blog

Six myths of risk assessment – David Laceys IT Security Blog.

(via Pascal Mathieu)

Dec 06

Anti-Piracy Group Caught Pirating Song For Anti-Piracy Ad… Corruption Scandal Erupts In Response | Techdirt

Anti-Piracy Group Caught Pirating Song For Anti-Piracy Ad… Corruption Scandal Erupts In Response | Techdirt.

Nov 17

Schneier on Security: EU Bans X-Ray Body Scanners

Schneier on Security: EU Bans X-Ray Body Scanners.

Oct 23

Second ACM Conference on Data and Application Security and Privacy ACM CODASPY 2012

Second ACM Conference on Data and Application Security and Privacy ACM CODASPY 2012



Deadline: Sep. 10, 2011 | Date: Feb. 07, 2012 – Feb 09, 2012

Venue/Country: San Antonio / U.S.A

Updated: 15:07:20 Oct. 19, 2011 GMT+9

Call For Papers – CFP

ACM SIGSAC announces the continuation of its recently launched annual ACM Conference on Data and Applications Security. The second conference will be held February 7-9 2012 in Hilton Palacio Del Rio, San Antonio, Texas. With rapid global penetration of the Internet and smart phones and the resulting productivity and social gains, the world is becoming increasingly dependent on its cyber infrastructure. Criminals, spies and predators of all kinds have learnt to exploit this landscape much quicker than defenders have advanced in their technologies. Security and Privacy has become an essential concern of applications and systems throughout their lifecycle. Security concerns have rapidly moved up the software stack as the Internet and web have matured. The security, privacy, functionality, cost and usability tradeoffs necessary in any practical system can only be effectively achieved at the data and application layers. This new conference series provides a dedicated venue for high-quality research in this arena, and seeks to foster a community with this focus in cyber security.

Data and the applications that manipulate data are the crucial assets in today's information age. With the increasing drive towards availability of data and services anytime anywhere, security and privacy risks have increased. Vast amounts of privacy-sensitive data are being collected today by organizations for a variety of reasons. Unauthorized disclosure, modification, usage or denial of access to these data and corresponding services may result in high human and financial costs. New applications such as social networking and social computing provide value by aggregating input from numerous individual users and/or the mobile devices they carry with them and computing new information of value to society and individuals. To achieve efficiency and effectiveness in traditional domains such as healthcare there is a drive to make these records electronic and highly available. The need for organizations and government agencies to share information effectively is underscored by rapid innovations in the business world that require close collaboration across traditional boundaries and the dramatic failure of old-style approaches to information protection in government agencies in keeping information too secret to connect the dots. Security and privacy in these and other arenas can be meaningfully achieved only in context of the application domain.

Data and applications security and privacy has rapidly expanded as a research field with many important challenges to be addressed. The goal of the conference is to discuss novel exciting research topics in data and application security and privacy and to lay out directions for further research and development in this area. The conference seeks submissions from diverse communities, including corporate and academic researchers, open source projects, standardization bodies, governments, system and security administrators, software engineers and application domain experts. Topics include (but not limited to):


Application layer security policies Secure information sharing

Authorization /Access Control for Applications Secure knowledge management

Authorization/Access Control for Databases Secure multiparty computations

Data dissemination controls Secure software development

Data forensics Securing data/apps on untrusted platforms

Enforcement layer security policies Securing the semantic web

Privacy preserving techniques Security and Privacy in GIS/Spatial Data

Private information retrieval Security and Privacy in Healthcare

Search on protected/encrypted data Security policies for databases

Secure auditing Social computing security and privacy

Secure collaboration Social networking security and privacy

Secure data provenance Trust metrics for application, data and user

Secure electronic commerce Web application security

via Second ACM Conference on Data and Application Security and Privacy ACM CODASPY 2012.

Oct 21

UCL Crypto Group/BCRYPT: Tolerant Algebraic Side-Channel Analysis of AES


*Speaker:* Yossi Oren, Tel Aviv University (Israel)

*Title:* Tolerant Algebraic Side-Channel Analysis of AES

*Date:* Tuesday, October 25, 11:00

*Place:* room 207, Euler Building (near Maxwell Building) Avenue
Georges Lemaitre, 4-6 - 1348 Louvain-la-Neuve

*Abstract:* Classical power analysis attacks are difficult to mount when only a single power trace is available: the statistical methods that make DPA attacks so successful are not applicable since they require many (typically thousands) of traces. Recently it was suggested by Standaert et al. to use algebraic methods for the single-trace scenario, converting the key recovery problem into a Boolean satisfiability (SAT) problem, then using a SAT solver. However, this approach is extremely sensitive to noise (allowing an error rate of well under 1% at most), and the question of its practicality remained open.

In this work we show how a single-trace side-channel analysis problem can be transformed into a pseudo-Boolean optimization (PBOPT) problem, which takes errors into consideration.  We call our new attack methodology Tolerant Algebraic Side-Channel Analysis (TASCA).  We will describe the new methodology, its strengths and limitations, and finally show a full TASCA-based key-recovery attack on a microcontroller-based implementation of the Advanced Encryption Standard.

For a map of Louvain-la-Neuve: http://www.dom.ucl.ac.be/info_plan.html
For a map of public parking lots: http://www.llnparking.be/