Defining Injection Attacks.
Donald Ray and Jay Ligatti. Proceedings of the 17th International Information Security Conference (ISC), October 2014.
[BibTeX]
This paper defines and analyzes injection attacks. The definition is based on the NIE property, which states that an application's
untrusted inputs must only produce Noncode Insertions or Expansions in output programs (e.g., SQL queries).
That is, when applications generate output programs based on untrusted inputs, the NIE property requires
that inputs only affect output programs by inserting or expanding noncode tokens (e.g., string and
float literals, lambda values, pointers, etc). This paper calls attacks based on violating the NIE property
BroNIEs (i.e., Broken NIEs) and shows that all code-injection attacks are BroNIEs.
In addition, BroNIEs contain many malicious injections that do not involve injections of code; we call such attacks noncode-injection
attacks. In order to mitigate both code- and noncode-injection attacks, this paper presents an
algorithm for detecting and preventing BroNIEs.
[Abstract]
Fingerprinting Far Proximity from Radio Emissions.
Tao Wang, Yao Liu, and Jay Ligatti.
Proceedings of the European Symposium on Research in Computer Security (ESORICS),
September 2014.
[BibTeX]
As wireless mobile devices are more and more pervasive and adopted
in critical applications, it is becoming increasingly important to measure the physical
proximity of these devices in a secure way. Although various techniques have
been developed to identify whether a device is close, the problem of identifying
the far proximity (i.e., a target is at least a certain distance away) has been neglected
by the research community. Meanwhile, verifying the far proximity is
desirable and critical to enhance the security of emerging wireless applications.
In this paper, we propose a secure far proximity identification approach that determines
whether or not a remote device is far away. The key idea of the proposed
approach is to estimate the far proximity from the unforgeable "fingerprint" of
the proximity. We have validated and evaluated the effectiveness of the proposed
far proximity identification method through experiments on real measured channel
data. The experiment results show that the proposed approach can detect the
far proximity with a successful rate of 0.85 for the non-Line-of-sight (NLoS) scenario,
and the successful rate can be further increased to 0.99 for the Line-of-sight
(LoS) scenario.
[Abstract]
On Subtyping-Relation Completeness, with an Application to Iso-Recursive Types.
Jay Ligatti, Jeremy Blackburn, and Michael Nachtigal. Technical Report.
University of South Florida, August 2014.
(This is a major revision to technical report CSE-071012, "Completely Subtyping Iso-Recursive Types", from July 2012.)
[BibTeX]
Well-known techniques exist for proving the soundness of subtyping relations with respect to type
safety. However, completeness has not been treated with widely applicable techniques, as far as
we're aware.
This paper develops some techniques for stating and proving that a subtyping relation is
complete with respect to type safety and applies the techniques to the study of iso-recursive
subtyping.
The common subtyping rules for iso-recursive types---the "Amber rules"---are shown to be
incomplete with respect to type safety. That is, there exist iso-recursive types t1 and t2 such
that t1 can safely be considered a subtype of t2, but t1<=t2 is not derivable with the Amber rules.
This paper defines new, algorithmic rules for subtyping iso-recursive types and
proves that the rules are sound and complete with respect to type safety. The fully implemented
subtyping algorithm is optimized to run in O(mn) time, where m is the number of mu-terms in the
types being considered and n is the size of the types being considered.
[Abstract]
Defining Injection Attacks.
Donald Ray and Jay Ligatti. Technical Report CSE-TR-081114.
University of South Florida, August 2014.
[BibTeX]
This paper defines and analyzes injection attacks. The definition is based on the NIE property, which states that an application's
untrusted inputs must only produce Noncode Insertions or Expansions in output programs (e.g., SQL queries).
That is, when applications generate output programs based on untrusted inputs, the NIE property requires
that inputs only affect output programs by inserting or expanding noncode tokens (e.g., string and
float literals, lambda values, pointers, etc). This paper calls attacks based on violating the NIE property
BroNIEs (i.e., Broken NIEs) and shows that all code-injection attacks are BroNIEs.
In addition, BroNIEs contain many malicious injections that do not involve injections of code; we call such attacks noncode-injection
attacks. In order to mitigate both code- and noncode-injection attacks, this paper presents an
algorithm for detecting and preventing BroNIEs.
[Abstract]
Design of Adiabatic Dynamic Differential Logic for DPA-Resistant Secure Integrated Circuits.
Matthew Morrison, Nagarajan Ranganathan, and Jay Ligatti.
To appear in the IEEE Transactions on Very Large Scale Integration Systems.
Induction on Failing Derivations. Jay Ligatti. Technical Report PL-Sep13.
University of South Florida, September 2013.
[BibTeX]
This brief note describes a proof technique called induction on failing
derivations. We wish to prove properties of judgments in deductive systems.
Standard techniques exist for proving such properties on valid judgments;
this note defines a technique for proving such properties on invalid
(underivable) judgments.
[Abstract]
Defining Code-injection Attacks.
Donald Ray and Jay Ligatti.
Proceedings of the ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL),
January 2012.
[BibTeX]
Inline Visualization of Concerns.
Nalin Saigal and Jay Ligatti.
Proceedings of the ACIS International Conference on Software Engineering Research,
Management, and Applications (SERA),
December 2009.
[BibTeX]
LoPSiL: A Location-based Policy-specification Language.
Jay Ligatti, Billy Rickey, and Nalin Saigal.
Proceedings of the International ICST Conference on Security and
Privacy in Mobile Information and Communication Systems (MobiSec),
June 2009.
[BibTeX]
Fault-tolerant Typed Assembly Language.
Frances Perry, Lester Mackey, George Reis, Jay Ligatti, David August, and David Walker.
Proceedings of the ACM SIGPLAN Conference on Programming Language Design
and Implementation (PLDI), June 2007.
[BibTeX]
Fault-tolerant Typed Assembly Language.
Frances Perry, Lester Mackey, George Reis, Jay Ligatti, David August, and David Walker.
Technical Report TR-776-07, Princeton University, April 2007.
[BibTeX]
Static Typing for a Faulty Lambda Calculus.
David Walker, Lester Mackey, Jay Ligatti, George Reis, and David August.
Proceedings of the ACM SIGPLAN International Conference on Functional Programming (ICFP),
September 2006. [BibTeX]
A Theory of Secure Control Flow.
Martin Abadi, Mihai Budiu, Ulfar Erlingsson, and Jay Ligatti.
Proceedings of the 7th International Conference on Formal Engineering
Methods (ICFEM), November 2005.
[BibTeX]
Composing Security Policies with Polymer. Lujo Bauer, Jay Ligatti, and David Walker.
Proceedings of the ACM SIGPLAN Conference on Programming Language Design
and Implementation (PLDI), June 2005.
[BibTeX]
Control-Flow Integrity.
Martin Abadi, Mihai Budiu, Ulfar Erlingsson, and Jay Ligatti. Technical
Report MSR-TR-2005-18, Microsoft Research, February 2005 (revised June 2005).
[BibTeX]
A Theory of Secure Control Flow.
Martin Abadi, Mihai Budiu, Ulfar Erlingsson, and Jay Ligatti. Technical
Report MSR-TR-2005-17, Microsoft Research, February 2005 (revised June 2005).
[BibTeX]
Types and Effects for Non-interfering Program Monitors. Lujo Bauer, Jarred
Ligatti, and David Walker. In M. Okada, B. Pierce, A. Scedrov, H. Tokuda, and
A. Yonezawa, editors, Lecture Notes in Computer Science:
Software Security - Theories and Systems (Revised Papers of the 2002 Mext-NSF-JSPS
International Symposium), Vol 2609, pp 154-171. Springer-Verlag, November 2003.
[BibTeX]
A Theory of Aspects.
David Walker, Steve Zdancewic, and Jay Ligatti. Proceedings of the
ACM SIGPLAN International Conference on Functional Programming (ICFP), August 2003.
[BibTeX]
More Enforceable
Security Policies. Lujo Bauer, Jarred Ligatti, and David Walker.
Foundations of Computer Security Workshop (FCS) '02 (associated with LICS
'02), July 2002.
[BibTeX]