Showing papers by "Ross Anderson published in 2018"

What You Get is What You C: Controlling Side Effects in Mainstream C Compilers

Abstract: Security engineers have been fighting with C compilers for years. A careful programmer would test for null pointer dereferencing or division by zero; but the compiler would fail to understand, and optimize the test away. Modern compilers now have dedicated options to mitigate this. But when a programmer tries to control side effects of code, such as to make a cryptographic algorithm execute in constant time, the problem remains. Programmers devise complex tricks to obscure their intentions, but compiler writers find ever smarter ways to optimize code. A compiler upgrade can suddenly and without warning open a timing channel in previously secure code. This arms race is pointless and has to stop. We argue that we must stop fighting the compiler, and instead make it our ally. As a starting point, we analyze the ways in which compiler optimization breaks implicit properties of crypto code; and add guarantees for two of these properties in Clang/LLVM. Our work explores what is actually involved in controlling side effects on modern CPUs with a standard toolchain. Similar techniques can and should be applied to other security properties; achieving intentions by compiler commands or annotations makes them explicit, so we can reason about them. It is already understood that explicitness is essential for cryptographic protocol security and for compiler performance; it is essential for language security too. We therefore argue that this should be only the first step in a sustained engineering effort.

Standardisation and Certification of the ‘Internet of Things’

Abstract: We are grateful to the European Commission, and in particular Gianmarco Baldini of the EC Research Centre, for commissioning the research that underpins this paper, and for permission to publish an abridged account of our findings. We are also grateful to Mike Ellims and Graeme Jenkinson for feedback on vehicle software, as well as to Robert Watson and other colleagues in the Cambridge security group for discussions of security sustainability.

We will make you like our research: The development of a susceptibility-to-persuasion scale.

Abstract: Psychological and other persuasive mechanisms across diverse contexts are well researched, with many studies of the effectiveness of specific persuasive techniques on distinct types of human behaviour. In the present paper, our specific interest lies in the development of a generalized modular psychometric tool to measure individuals’ susceptibility to persuasion. The scale is constructed using items from previously developed and validated particulate scales established in the domains of social psychology and behavioural economics. In the first study we establish the Susceptibility to Persuasion–II (StP-II) scale, containing 54 items, 10 subscales and further 6 sub-sub scales. In Study 2 we establish the scale’s construct validity and reconfirm its reliability. We present a valid and reliable modular psychometric tool that measures general susceptibility to persuasive techniques. Since its inception, we have successfully implemented the StP-II scale to measure susceptibility to persuasion of IT security officers, the role of psychology of persuasion in cybercrime victims and general persuadability levels of Facebook users; these manuscripts are in preparation. We argue that the StP-II scale shows promise in measuring individual differences in susceptibility to persuasion, and is applicable across diverse contexts such as Internet security and cybercrime.

Making Bitcoin Legal

Abstract: What would happen if the existing laws were actually enforced on the rich and powerful? Social reformers often clamour for new rules but ignore the huge changes that might happen if our existing rules were applied equally to all. And in the brave new world of ICOs and thousand percent cryptocurrency inflation, the rich and powerful are the bitcoin exchanges. What would happen if FinCEN regulations and the laws against money laundering were applied to them, and extended by sensible case law? We argue that this could mitigate most of the worst excesses of cryptocurrency world, and turn a dangerous system into a much safer one. The curious thing about this change is that it would not involve changing the protocol. It would not even necessarily involve changing the law. It might be enough to take some information that’s already public, publishing it again in a more easily understood format.

Spinal cord injury and male infertility-a review of current literature, knowledge gaps, and future research.

Abstract: Spinal cord injury (SCI) affects nearly half a million new patients worldwide, with 17,700 in the US each year, and disproportionately impacts young males of reproductive age. Almost every aspect of male reproduction is affected by SCI, resulting in: erectile, endocrine and sexual dysfunction, decreased sperm motility despite an often-normal count, and abnormal semen emission and ejaculation. The aim of this review is to focus on how SCI impacts testicular spermatogenesis, sperm function, semen quality, and overall fecundity while discussing what is not known, and future avenues for research.

The Taboo Trap: Behavioural Detection of Adversarial Samples.

Abstract: Deep Neural Networks (DNNs) have become a powerful toolfor a wide range of problems. Yet recent work has found an increasing variety of adversarial samplesthat can fool them. Most existing detection mechanisms against adversarial attacksimpose significant costs, either by using additional classifiers to spot adversarial samples, or by requiring the DNN to be restructured. In this paper, we introduce a novel defence. We train our DNN so that, as long as it is workingas intended on the kind of inputs we expect, its behavior is constrained, in that some set of behaviors are taboo. If it is exposed to adversarial samples, they will often cause a taboo behavior, which we can detect. Taboos can be both subtle and diverse, so their choice can encode and hide information. It is a well-established design principle that the security of a system should not depend on the obscurity of its design, but on some variable (the key) which can differ between implementations and bechanged as necessary. We discuss how taboos can be used to equip a classifier with just such a key, and how to tune the keying mechanism to adversaries of various capabilities. We evaluate the performance of a prototype against a wide range of attacks and show how our simple defense can defend against cheap attacks at scale with zero run-time computation overhead, making it a suitable defense method for IoT devices.

Tendrils of Crime: Visualizing the Diffusion of Stolen Bitcoins

Abstract: The first six months of 2018 have seen cryptocurrency thefts of $761 million, and the technology is also the latest and greatest tool for money laundering. This increase in crime has caused both researchers and law enforcement to look for ways to trace criminal proceeds. Although tracing algorithms have improved recently, they still yield an enormous amount of data of which very few datapoints are relevant or interesting to investigators, let alone ordinary bitcoin owners interested in provenance. In this work we describe efforts to visualize relevant data on a blockchain. To accomplish this we come up with a graphical model to represent the stolen coins and then implement this using a variety of visualization techniques.

Making security sustainable

Abstract: Can there be an Internet of durable goods?

Making Bitcoin Legal (Transcript of Discussion)

Abstract: Reply: That is the definition of haircut tainting. I’m now presenting FIFO tainting, which is different from haircut tainting. In FIFO tainting, if you’ve got three stolen, followed by seven good, then the first three bitcoin you spend, the first 300 million satoshis are all completely stolen, 100% stolen, and then the next seven bitcoin are 100% good. The taint doesn’t diffuse. Every single satoshi is treated as an indivisible quantum.