Warning: You are viewing outdated content. The current TCS webpage is here.
Previous TCS Dissertations
TCS Dissertations Fall 2016
-
10 Oct 2016 at 14:00 in room F3, Lindstedtsvägen 26, plan 2, KTH Campus
No Hypervisor Is an Island: System-wide Isolation Guarantees for Low Level Code
(Oliver Schwarz, KTH Royal Institute of Technology)
The times when malware was mostly written by curious teenagers are long
gone. Nowadays, threats come from criminals, competitors, and government
agencies. Some of them are very skilled and very targeted in their attacks.
At the same time, our devices – for instance mobile phones and TVs
– have become more complex, connected, and open for the execution of
third-party software. Operating systems should separate untrusted software
from confidential data and critical services. But their vulnerabilities
often allow malware to break the separation and isolation they are designed
to provide. To strengthen protection of select assets, security research
has started to create complementary machinery such as security hypervisors
and separation kernels, whose sole task is separation and isolation. The
reduced size of these solutions allows for thorough inspection, both
manual and automated. In some cases, formal methods are applied to create
mathematical proofs on the security of these systems.
The actual isolation solutions themselves are carefully analyzed and
included software is often even verified on binary level. The role of other
software and hardware for the overall system security has received less
attention so far. The subject of this thesis is to shed light on these
aspects, mainly on (i) unprivileged third-party code and its ability to
influence security, (ii) peripheral devices with direct access to memory,
and (iii) boot code and how we can selectively enable and disable isolation
services without compromising security.
The papers included in this thesis are both design and verification
oriented, however, with an emphasis on the analysis of instruction set
architectures. With the help of a theorem prover, we implemented various
types of machinery for the automated information flow analysis of several
processor architectures. The analysis is guaranteed to be both sound and
accurate.
TCS Dissertations Fall 2015
-
04 Dec 2015 at 14:00 in room F3
Automatic Extraction of Program Models for Formal Software Verification
(Pedro de Carvalho Gomes, Theory Group, KTH)
In this thesis we present a study of the generation of abstract program
models from programs in real-world programming languages that are employed
in the formal verification of software. The thesis is divided into three
parts, which cover distinct types of software systems, programming
languages, verification scenarios, program models and properties.The
first part presents an algorithm for the extraction of control flow
graphs from sequential Java bytecode programs. The graphs are tailored
for a compositional technique for the verification of temporal control
flow safety properties. We prove that the extracted models soundly
over-approximate the program behaviour w.r.t. sequences of method
invocations and exceptions. Therefore, the properties that are established
with the compositional technique over the control flow graphs also hold for
the programs. We implement the algorithm as ConFlEx, and evaluate the tool
on a number of test cases.The second part presents a technique to generate
program models from incomplete software systems, i.e., programs where the
implementation of at least one of the components is not available. We first
define a framework to represent incomplete Java bytecode programs, and
extend the algorithm presented in the first part to handle missing code.
Then, we introduce refinement rules, i.e., conditions for instantiating
the missing code, and prove that the rules preserve properties established
over control flow graphs extracted from incomplete programs. We have
extended ConFlEx to support the new definitions, and re-evaluate the tool,
now over test cases of incomplete programs.The third part addresses the
verification of multithreaded programs. We present a technique to prove the
following property of synchronization with condition variables: "If every
thread synchronizing under the same condition variables eventually enters
its synchronization block, then every thread will eventually exit the
synchronization". To support the verification, we first propose SyncTask,
a simple intermediate language for specifying synchronized parallel
computations. Then, we propose an annotation language for Java programs
to assist the automatic extraction of SyncTask programs, and show that,
for correctly annotated programs, the above-mentioned property holds if
and only if the corresponding SyncTask program terminates. We reduce the
termination problem into a reachability problem on Coloured Petri Nets. We
define an algorithm to extract nets from SyncTask programs, and show that
a program terminates if and only if its corresponding net always reaches a
particular set of dead configurations. The extraction of SyncTask programs
and their translation into Petri nets is implemented as the STaVe tool. We
evaluate the technique by feeding annotated Java programs to STaVe, then
verifying the extracted nets with a standard Coloured Petri Net analysis
tool
-
09 Oct 2015 at 14:00 in F3
Hardness of Constraint Satisfaction and Hypergraph Coloring: Constructions of Probabilistically Checkable Proofs with Perfect Completeness
(Sangxia huang, KTH TCS)
A Probabilistically Checkable Proof (PCP) of a mathematical statement is a
proof written in a special manner that allows for efficient probabilistic
verification. The celebrated PCP Theorem states that for every family of
statements in NP, there is a probabilistic verification procedure that
checks the validity of a PCP proof by reading only 3 bits from it. This
landmark theorem, and the works leading up to it, laid the foundation
for many subsequent works in computational complexity theory, the most
prominent among them being the study of inapproximability of combinatorial
optimization problems.
This thesis focuses on a broad class of combinatorial optimization problems
called Constraint Satisfaction Problems (CSPs). In an instance of a CSP
problem of arity k, we are given a set of variables taking values from
some finite domain, and a set of constraints each involving a subset of at
most k variables. The goal is to find an assignment that simultaneously
satisfies as many constraints as possible. An alternative formulation of
the goal that is commonly used is Gap-CSP, where the goal is to decide
whether a CSP instance is satisfiable or far from satisfiable, where
the exact meaning of being far from satisfiable varies depending on the
problems.We first study Boolean CSPs, where the domain of the variables
is {0,1}. The main question we study is the hardness of distinguishing
satisfiable Boolean CSP instances from those for which no assignment
satisfies more than some epsilon fraction of the constraints. Intuitively,
as the arity increases, the CSP gets more complex and thus the hardness
parameter epsilon should decrease. We show that for Boolean CSPs of arity
k, it is NP-hard to distinguish satisfiable instances from those that are
at most 2^{~O(k^{1/3})}/2^k-satisfiable.
We also study coloring of graphs and hypergraphs. Given a graph or a
hypergraph, a coloring is an assignment of colors to vertices, such
that all edges or hyperedges are non-monochromatic. The gap problem
is to distinguish instances that are colorable with a small number of
colors, from those that require a large number of colors. For graphs, we
prove that there exists a constant K_0>0, such that for any K >=
K_0, it is NP-hard to distinguish K-colorable graphs from those that
require 2^{Omega(K^{1/3})} colors. For hypergraphs, we prove that it is
quasi-NP-hard to distinguish 2-colorable 8-uniform hypergraphs of size N
from those that require 2^{(log N)^{1/4-o(1)}} colors.
In terms of techniques, all these results are based on constructions of
PCPs with perfect completeness, that is, PCPs where the probabilistic
proof verification procedure always accepts a correct proof. Not only is
this a very natural property for proofs, but it can also be an essential
requirement in many applications. It has always been particularly
challenging to construct PCPs with perfect completeness for NP statements
due to limitations in techniques. Our improved hardness results build on
and extend many of the current approaches. Our Boolean CSP result and
GraphColoring result were proved by adapting the Direct Sum of PCPs idea by
Siu On Chan to the perfect completeness setting. Our proof for hypergraph
coloring hardness improves and simplifies the recent work by Khot and
Saket, in which they proposed the notion of superposition complexity of
CSPs.
TCS Dissertations Spring 2016
-
09 Jun 2015 at 14:00 in room E2, Lindstedsvägen 3
(licentiate thesis): Social Networks and Privacy
(Oleksandr Bodriagov, KTH)
Centralized online social networks pose a threat to their users' privacy
as social network providers have unlimited access to users' data.
Decentralized social networks address this problem by getting rid of the
provider and giving control to the users themselves, meaning that only the
end-users themselves should be able to control access of other parties to
their data. While there have been several proposals and advances in the
development of privacy-preserving decentralized social networks, the goal
of secure, efficient, and available social network in a decentralized
setting has not been fully achieved.
This thesis contributes to the research in the field of security
for social networks with focus on decentralized social networks. It
studies encryption-based access control and management of cryptographic
keys/credentials (required for this access control) via user accounts with
password-based login in decentralized social networks.
First, this thesis explores the requirements of encryption for
decentralized social networks and proposes a list of criteria for
evaluation that is then used to assess existing encryption-based access
control systems. We find that all of them provide confidentiality
guarantees (of the content itself), while privacy (of information about
the content or access policies) is either not addressed at all or it is
addressed at the expense of system's performance and flexibility.
We highlight the potential of two classes of privacy preserving schemes
in the decentralized online social network (DOSN) context: broadcast
encryption schemes with hidden access structures and predicate encryption
(PE) schemes, and propose to use them. Both of these classes contain
schemes that exhibit desirable properties and better fulfill the criteria.
Second, the thesis analyses predicate encryption and adapts it to the
DOSN context as it is too expensive to use out of the box. We propose
a univariate polynomial construction for access policies in PE that
drastically increases performance of the scheme but leaks some part of
the access policy to users with access rights. We utilize Bloom filters
as a means of decreasing decryption time and indicate objects that can
be decrypted by a particular user. The thesis demonstrates that adapted
scheme shows good performance and thus user experience by making a newsfeed
assembly experiment.
Third, the thesis presents a solution to the problem of management of
cryptographic keys for authentication and communication between users in
decentralized online social networks. We propose a password-based login
procedure for the peer-to-peer (P2P) setting that allows a user who passes
authentication to recover a set of cryptographic keys required for the
application. In addition to password logins, we also present supporting
protocols to provide functionality related to password logins, such as
remembered logins, password change, and recovery of the forgotten password.
The combination of these protocols allows emulating password logins in
centralized systems. The results of performance evaluation indicate that
time required for logging in operation is within acceptable bounds.
-
29 May 2015 at 14:00 in room E2
(licentiate thesis):Privacy Analysis and Protocols for Decentralized Online Social Networks
(Benjamin Greschbach, KTH)
Decentralized Online Social Networks (DOSNs) are evolving as a promising
approach to mitigate design-inherent privacy flaws of logically centralized
services such as Facebook, Google+ or Twitter. Common approaches to
implement a DOSN build upon a peer-to-peer (P2P) architecture in
order to avoid the central aggregation of sensitive user data at one
provider-controlled location.
While the absence of a single point of data aggregation strikes the most
powerful attacker from the list of adversaries, the decentralization also
removes some privacy protection afforded by the provider's intermediation
of all communication in a centralized Online Social Network (OSN).
As content storage, access right management, retrieval and other
administrative tasks of the service become the obligation of the users, it
is non-trivial to hide the metadata of objects and information flows, even
when the content itself is encrypted. Such metadata is, deliberately or as
a side effect, hidden by the provider in a centralized system.
Implementing the different features of a privacy-presvering DOSN does not
only face these general challenges but must also cope with the absence of a
trusted agent with full access to all data. For example user authentication
should provide the same usabilty known from common centralized OSN
services, such as ease of changing a password, revoking the access of a
stolen device or resetting a forgotten password via e-mail or security
questions. All this without relying on a trusted third party such as an
identity provider. Another example is user search, where the challenge
is to protect user data while making user findable at the same time. An
implementation of such a feature in a DOSN has to work without assuming a
trusted provider having access to all user profiles maintaining a global
search index.
In this work we analyze the general privacy-problems in a DOSN, especially
those arising from metadata. Furthermore, we suggest two privacy-preserving
implementations of standard OSN features, i.e., user authentication
via password-login and user search via a knowledge threshold. Both
implementations do not rely on a trusted, central provider and are
therefore applicable in a DOSN cenario but can be applied in other P2P or
low-trust environments as well.
-
22 May 2015 at 14:00 in Kollegiesalen
(PhD thesis): Some aspects of cryptographic protocols : with applications in electronic voting and digital watermarking
(Björn Terelius, KTH)
Cryptographic protocols are widely used on the internet, from relatively
simple tasks such as key-agreement and authentication to much more complex
problems like digital cash and electronic voting. Electronic voting in
particular is a problem we investigate in this thesis.
In a typical election, the main goals are to ensure that the votes are
counted correctly and that the voters remain anonymous, i.e. that nobody,
not even the election authorities, can trace a particular vote back to
the voter. There are several ways to achieve these properties, the most
general being a mix-net with a proof of a shuffle to ensure correctness. We
propose a new, conceptually simple, proof of a shuffle. We also investigate
a mix-net which omits the proof of a shuffle in favor of a faster,
heuristically secure verification. We demonstrate that this mix-net is
susceptible to both attacks on correctness and anonymity. A version of this
mix-net was tested in the 2011 elections in Norway.
We also look at a simple and widely used proof of knowledge of a discrete
logarithm in groups of prime order. While the requirement of prime order is
well known, we give a precise characterization of what the protocol proves
in a group of composite order. Furthermore, we present attacks against a
class of protocols of the same form, which shows that the protocol cannot
easily be extended to groups where the order is composite or unknown.
We finally look at the problem of music and video piracy. Using a
buyer-seller watermark to embed a unique watermark in each sold copy has
been proposed as a deterrent since it allows a seller who discovers a
pirated copy to extract the watermark and find out which buyer released
it. Existing buyer-seller watermarking schemes assume that all copies are
downloaded directly from the seller. In practice, however, the seller
wants to save bandwidth by allowing a paying customer to download most of
the content from other buyers. We introduce this as an interesting open
research problem and present a proof-of-concept protocol which allows
transfer of content between buyers while keeping the seller's communication
proportional to the size of the watermark rather than the size of the
content.
-
20 Mar 2015 at 10:00 in E2, Lindstedtsvägen 3
(licentiate thesis):Efficient Use of Exponential Size Linear Programs
(Lukáš Poláček, TCS)
In the past decades, linear programming (LP) has been successfully used
to develop approximation algorithms for various optimization problems. In
partic- ular, the so-called assignment LP has lead to substantial progress
for various allocation problems, including scheduling unrelated parallel
machines. However, we have reached its limits for many problems, since the
best-known approx- imation algorithms match the integrality gap of the
assignment LP for these problems.
The natural question is then whether a different LP formulation can lead
to better algorithms. We answer this question positively for variants of
two alloca- tion problems: max-min fair allocation and maximum budgeted
allocation. This is achieved by using a more powerful LP formulation called
the configuration LP that has an exponential number of variables, but can
be approximated in polynomial time.
The restricted max-min fair allocation problem, also known as the
restricted Santa Claus problem, is one of few problems that have a
better polynomial estimation algorithm than approximation algorithm. An
estimation algorithm estimates the value of the optimal solution, but is
not necessarily able to find the optimal solution. The configuration LP can
be used to estimate the optimal value within a factor of 1/(4 + ε)
for any ε > 0, but it is only known how to efficiently find a
solution achieving this value in exponential time. We give an approximation
algorithm with the same approximation ratio but improve the running time
to quasi-polynomial: nO(log n). Our techniques also have the interesting
property that although we use the rather complex configuration LP in the
analysis, we never actually solve it and therefore the resulting algorithm
is purely combinatorial.
For the maximum budgeted allocation (MBA) the integrality gap of the
as-signment LP is exactly 3/4. We prove that the integrality gap of the
configuration LP is strictly better than 3/4 and provide corresponding
polynomial time rounding algorithms for two variants of the problem: the
restricted MBA and the graph MBA. Finally, we improve the best-known
upper bound on the √ integrality gap for the general case from 5/6
≈ 0.833 to 2 2 − 2 ≈ 0.828 and also show hardness of
approximation results for both variants studied.
|