The Experts below are selected from a list of 135 Experts worldwide ranked by ideXlab platform
Brent Byunghoon Kang - One of the best experts on this subject based on the ideXlab platform.
-
Lord of the x86 Rings: A Portable User Mode Privilege Separation Architecture on x86.
arXiv: Cryptography and Security, 2018Co-Authors: Ho-joon Lee, Chihyun Song, Brent Byunghoon KangAbstract:Modern applications are increasingly advanced and complex, and inevitably contain exploitable software bugs despite the ongoing efforts. The applications today often involve processing of sensitive information. However, the lack of privilege separation within the User space leaves sensitive application secret such as cryptographic keys just as unprotected as a "hello world" string. Cutting-edge hardware-supported security features are being introduced. However, the features are often vendor-specific or lack compatibility with older generations of the processors. The situation leaves developers with no portable solution to incorporate protection for the sensitive application component. We propose LOTRx86, a fundamental and portable approach for User space privilege separation. Our approach creates a more Privileged User execution layer called PrivUser through harnessing the underused intermediate privilege levels on the x86 architecture. The PrivUser memory space, a set of pages within process address space that are inaccessible to User mode, is a safe place for application secrets and routines that access them. We implement the LOTRx86 ABI that exports the privilege-based, accessing the protected application secret only requires a change in the privilege, eliminating the need for costly remote procedure calls or change in address space. We evaluated our platform by developing a proof-of-concept LOTRx86-enabled web server that employs our architecture to securely access its private key during SSL connection and thereby mitigating the HeartBleed vulnerability by design. We conducted a set of experiments including a performance measurement on the PoC on both Intel and AMD PCs, and confirmed that LOTRx86 incurs only a limited performance overhead.
-
ACM Conference on Computer and Communications Security - Lord of the x86 Rings: A Portable User Mode Privilege Separation Architecture on x86
Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, 2018Co-Authors: Ho-joon Lee, Chihyun Song, Brent Byunghoon KangAbstract:Modern applications often involve processing of sensitive information. However, the lack of privilege separation within the User space leaves sensitive application secret such as cryptographic keys just as unprotected as a "hello world" string. Cutting-edge hardware-supported security features are being introduced. However, the features are often vendor-specific or lack compatibility with older generations of the processors. The situation leaves developers with no portable solution to incorporate protection for the sensitive application component. We propose LOTRx86, a fundamental and portable approach for User-space privilege separation. Our approach creates a more Privileged User execution layer called PrivUser by harnessing the underused intermediate privilege levels on the x86 architecture. The PrivUser memory space, a set of pages within process address space that are inaccessible to User mode, is a safe place for application secrets and routines that access them. We implement the LOTRx86 ABI that exports the privcall interface to Users to invoke secret handling routines in PrivUser. This way, sensitive application operations that involve the secrets are performed in a strictly controlled manner. The memory access control in our architecture is privilege-based, accessing the protected application secret only requires a change in the privilege, eliminating the need for costly remote procedure calls or change in address space. We evaluated our platform by developing a proof-of-concept LOTRx86-enabled web server that employs our architecture to securely access its private key during an SSL connection. We conducted a set of experiments including a performance measurement on the PoC on both Intel and AMD PCs, and confirmed that LOTRx86 incurs only a limited performance overhead.
Kiseon Kim - One of the best experts on this subject based on the ideXlab platform.
-
Performance of packet data transmission using the other-cell-interference factor in DS/CDMA downlink
IEE Proceedings - Communications, 2003Co-Authors: Seokjoo Shin, Aftab Ahmad, Kiseon KimAbstract:Since interference is related to the capacity and performance of DS/CDMA systems, it is necessary to investigate other-cell-interference characteristics according to the location of a User. The ratio of the intercell interference to the total power received from the User's own cell in a downlink, defined as the other-cell-interference factor, as a function of normalised distance is specifically analysed. Additionally, the maximum transmission rate under uniform User distribution throughout the cell is simulated when TDX mode packet scheduling is applied. The results show that a maximum transmission rate up to 7.6 Mbit/s for the Privileged User could be supported under the following conditions: when the bandwidth is 1.2288 MHz, the orthogonality factor is 0.9, the path loss is 4 and the normalised distance is 0.1.
-
WCNC - Performance of the packet data transmission using the other-cell-interference factor in DS/CDMA downlink
2002 IEEE Wireless Communications and Networking Conference Record. WCNC 2002 (Cat. No.02TH8609), 1Co-Authors: Seokjoo Shin, Kyounghwan Lee, Kiseon KimAbstract:Since the interference is related to the capacity and performance of DS/CDMA systems, it is necessary to investigate other-cell-interference characteristics according to the location of a User. In this paper, we specifically analyze the ratio of the intercell interference to the total power received from the own cell in downlink, defined as the other-cell-interference factor, as a function of normalized distance. Additionally, the maximum transmission rate under uniform User distribution throughout the cell is simulated when TDX mode packet scheduling is applied. The results show that a maximum transmission rate up to 7.6 Mbit/s for the Privileged User could be supported when the bandwidth is 1.2288 MHz, orthogonality factor is 0.9 and the normalized distance is 0.1.
Ho-joon Lee - One of the best experts on this subject based on the ideXlab platform.
-
Lord of the x86 Rings: A Portable User Mode Privilege Separation Architecture on x86.
arXiv: Cryptography and Security, 2018Co-Authors: Ho-joon Lee, Chihyun Song, Brent Byunghoon KangAbstract:Modern applications are increasingly advanced and complex, and inevitably contain exploitable software bugs despite the ongoing efforts. The applications today often involve processing of sensitive information. However, the lack of privilege separation within the User space leaves sensitive application secret such as cryptographic keys just as unprotected as a "hello world" string. Cutting-edge hardware-supported security features are being introduced. However, the features are often vendor-specific or lack compatibility with older generations of the processors. The situation leaves developers with no portable solution to incorporate protection for the sensitive application component. We propose LOTRx86, a fundamental and portable approach for User space privilege separation. Our approach creates a more Privileged User execution layer called PrivUser through harnessing the underused intermediate privilege levels on the x86 architecture. The PrivUser memory space, a set of pages within process address space that are inaccessible to User mode, is a safe place for application secrets and routines that access them. We implement the LOTRx86 ABI that exports the privilege-based, accessing the protected application secret only requires a change in the privilege, eliminating the need for costly remote procedure calls or change in address space. We evaluated our platform by developing a proof-of-concept LOTRx86-enabled web server that employs our architecture to securely access its private key during SSL connection and thereby mitigating the HeartBleed vulnerability by design. We conducted a set of experiments including a performance measurement on the PoC on both Intel and AMD PCs, and confirmed that LOTRx86 incurs only a limited performance overhead.
-
ACM Conference on Computer and Communications Security - Lord of the x86 Rings: A Portable User Mode Privilege Separation Architecture on x86
Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, 2018Co-Authors: Ho-joon Lee, Chihyun Song, Brent Byunghoon KangAbstract:Modern applications often involve processing of sensitive information. However, the lack of privilege separation within the User space leaves sensitive application secret such as cryptographic keys just as unprotected as a "hello world" string. Cutting-edge hardware-supported security features are being introduced. However, the features are often vendor-specific or lack compatibility with older generations of the processors. The situation leaves developers with no portable solution to incorporate protection for the sensitive application component. We propose LOTRx86, a fundamental and portable approach for User-space privilege separation. Our approach creates a more Privileged User execution layer called PrivUser by harnessing the underused intermediate privilege levels on the x86 architecture. The PrivUser memory space, a set of pages within process address space that are inaccessible to User mode, is a safe place for application secrets and routines that access them. We implement the LOTRx86 ABI that exports the privcall interface to Users to invoke secret handling routines in PrivUser. This way, sensitive application operations that involve the secrets are performed in a strictly controlled manner. The memory access control in our architecture is privilege-based, accessing the protected application secret only requires a change in the privilege, eliminating the need for costly remote procedure calls or change in address space. We evaluated our platform by developing a proof-of-concept LOTRx86-enabled web server that employs our architecture to securely access its private key during an SSL connection. We conducted a set of experiments including a performance measurement on the PoC on both Intel and AMD PCs, and confirmed that LOTRx86 incurs only a limited performance overhead.
Seokjoo Shin - One of the best experts on this subject based on the ideXlab platform.
-
Performance of packet data transmission using the other-cell-interference factor in DS/CDMA downlink
IEE Proceedings - Communications, 2003Co-Authors: Seokjoo Shin, Aftab Ahmad, Kiseon KimAbstract:Since interference is related to the capacity and performance of DS/CDMA systems, it is necessary to investigate other-cell-interference characteristics according to the location of a User. The ratio of the intercell interference to the total power received from the User's own cell in a downlink, defined as the other-cell-interference factor, as a function of normalised distance is specifically analysed. Additionally, the maximum transmission rate under uniform User distribution throughout the cell is simulated when TDX mode packet scheduling is applied. The results show that a maximum transmission rate up to 7.6 Mbit/s for the Privileged User could be supported under the following conditions: when the bandwidth is 1.2288 MHz, the orthogonality factor is 0.9, the path loss is 4 and the normalised distance is 0.1.
-
WCNC - Performance of the packet data transmission using the other-cell-interference factor in DS/CDMA downlink
2002 IEEE Wireless Communications and Networking Conference Record. WCNC 2002 (Cat. No.02TH8609), 1Co-Authors: Seokjoo Shin, Kyounghwan Lee, Kiseon KimAbstract:Since the interference is related to the capacity and performance of DS/CDMA systems, it is necessary to investigate other-cell-interference characteristics according to the location of a User. In this paper, we specifically analyze the ratio of the intercell interference to the total power received from the own cell in downlink, defined as the other-cell-interference factor, as a function of normalized distance. Additionally, the maximum transmission rate under uniform User distribution throughout the cell is simulated when TDX mode packet scheduling is applied. The results show that a maximum transmission rate up to 7.6 Mbit/s for the Privileged User could be supported when the bandwidth is 1.2288 MHz, orthogonality factor is 0.9 and the normalized distance is 0.1.
Chihyun Song - One of the best experts on this subject based on the ideXlab platform.
-
Lord of the x86 Rings: A Portable User Mode Privilege Separation Architecture on x86.
arXiv: Cryptography and Security, 2018Co-Authors: Ho-joon Lee, Chihyun Song, Brent Byunghoon KangAbstract:Modern applications are increasingly advanced and complex, and inevitably contain exploitable software bugs despite the ongoing efforts. The applications today often involve processing of sensitive information. However, the lack of privilege separation within the User space leaves sensitive application secret such as cryptographic keys just as unprotected as a "hello world" string. Cutting-edge hardware-supported security features are being introduced. However, the features are often vendor-specific or lack compatibility with older generations of the processors. The situation leaves developers with no portable solution to incorporate protection for the sensitive application component. We propose LOTRx86, a fundamental and portable approach for User space privilege separation. Our approach creates a more Privileged User execution layer called PrivUser through harnessing the underused intermediate privilege levels on the x86 architecture. The PrivUser memory space, a set of pages within process address space that are inaccessible to User mode, is a safe place for application secrets and routines that access them. We implement the LOTRx86 ABI that exports the privilege-based, accessing the protected application secret only requires a change in the privilege, eliminating the need for costly remote procedure calls or change in address space. We evaluated our platform by developing a proof-of-concept LOTRx86-enabled web server that employs our architecture to securely access its private key during SSL connection and thereby mitigating the HeartBleed vulnerability by design. We conducted a set of experiments including a performance measurement on the PoC on both Intel and AMD PCs, and confirmed that LOTRx86 incurs only a limited performance overhead.
-
ACM Conference on Computer and Communications Security - Lord of the x86 Rings: A Portable User Mode Privilege Separation Architecture on x86
Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, 2018Co-Authors: Ho-joon Lee, Chihyun Song, Brent Byunghoon KangAbstract:Modern applications often involve processing of sensitive information. However, the lack of privilege separation within the User space leaves sensitive application secret such as cryptographic keys just as unprotected as a "hello world" string. Cutting-edge hardware-supported security features are being introduced. However, the features are often vendor-specific or lack compatibility with older generations of the processors. The situation leaves developers with no portable solution to incorporate protection for the sensitive application component. We propose LOTRx86, a fundamental and portable approach for User-space privilege separation. Our approach creates a more Privileged User execution layer called PrivUser by harnessing the underused intermediate privilege levels on the x86 architecture. The PrivUser memory space, a set of pages within process address space that are inaccessible to User mode, is a safe place for application secrets and routines that access them. We implement the LOTRx86 ABI that exports the privcall interface to Users to invoke secret handling routines in PrivUser. This way, sensitive application operations that involve the secrets are performed in a strictly controlled manner. The memory access control in our architecture is privilege-based, accessing the protected application secret only requires a change in the privilege, eliminating the need for costly remote procedure calls or change in address space. We evaluated our platform by developing a proof-of-concept LOTRx86-enabled web server that employs our architecture to securely access its private key during an SSL connection. We conducted a set of experiments including a performance measurement on the PoC on both Intel and AMD PCs, and confirmed that LOTRx86 incurs only a limited performance overhead.
