Recently,virtualization technologies have been widely used in industry.In order to monitor the security of target systems in virtualization environments,conventional methods usually put the security monitoring mechani...Recently,virtualization technologies have been widely used in industry.In order to monitor the security of target systems in virtualization environments,conventional methods usually put the security monitoring mechanism into the normal functionality of the target systems.However,these methods are either prone to be tempered by attackers or introduce considerable performance overhead for target systems.To address these problems,in this paper,we present a concurrent security monitoring method which decouples traditional serial mechanisms,including security event collector and analyzer,into two concurrent components.On one hand,we utilize the SIM framework to deploy the event collector into the target virtual machine.On the other hand,we combine the virtualization technology and multi-core technology to put the event analyzer into a trusted execution environment.To address the synchronization problem between these two concurrent components,we make use of Lamport's ring buffer algorithm.Based on the Xen hypervisor,we have implemented a prototype system named COMO.The experimental results show that COMO can monitor the security of the target virtual machine concurrently within a little performance overhead.展开更多
Concurrent non-malleable zero-knowledge(CNMZK)considers the concurrent execution of zero-knowledge protocols in a setting even when adversaries can simultaneously corrupt multiple provers and verifiers.As far as we kn...Concurrent non-malleable zero-knowledge(CNMZK)considers the concurrent execution of zero-knowledge protocols in a setting even when adversaries can simultaneously corrupt multiple provers and verifiers.As far as we know,the round complexity of all the constructions of CNMZK arguments for NP is at least ω(log n).In this paper,we provide the first construction of a constant-round concurrent non-malleable zero-knowledge argument for every language in NP.Our protocol relies on the existence of families of collision-resistant hash functions,one-way permutations and indistinguishability obfuscators.As an additional contribution,we study the composition of two central notions in zero knowledge,the simultaneously resettable zero-knowledge and non-malleable zero-knowledge,which seemingly have stronger proved security guarantees.We give the first construction of a constant-round simultaneously-resettable non-malleable zero-knowledge.To the best of our knowledge,this is the first study to combine the two security concepts described above together in the zero-knowledge protocols.展开更多
基金supported in part by National Natural Science Foundation of China(NSFC)under Grant No.61100228 and 61202479the National High-tech R&D Program of China under Grant No.2012AA013101+1 种基金the Strategic Priority Research Program of the Chinese Academy of Sciences under Grant No.XDA06030601 and XDA06010701Open Found of Key Laboratory of IOT Application Technology of Universities in Yunnan Province Grant No.2015IOT03
文摘Recently,virtualization technologies have been widely used in industry.In order to monitor the security of target systems in virtualization environments,conventional methods usually put the security monitoring mechanism into the normal functionality of the target systems.However,these methods are either prone to be tempered by attackers or introduce considerable performance overhead for target systems.To address these problems,in this paper,we present a concurrent security monitoring method which decouples traditional serial mechanisms,including security event collector and analyzer,into two concurrent components.On one hand,we utilize the SIM framework to deploy the event collector into the target virtual machine.On the other hand,we combine the virtualization technology and multi-core technology to put the event analyzer into a trusted execution environment.To address the synchronization problem between these two concurrent components,we make use of Lamport's ring buffer algorithm.Based on the Xen hypervisor,we have implemented a prototype system named COMO.The experimental results show that COMO can monitor the security of the target virtual machine concurrently within a little performance overhead.
基金supported in part by the National Natural Science Foun-dation of China(Grant No.61772521)Key Research Program of Frontier Sciences,CAS(QYZDB-SSW-SYS035)the Open Project Program of the State Key Laboratory of Cryptology。
文摘Concurrent non-malleable zero-knowledge(CNMZK)considers the concurrent execution of zero-knowledge protocols in a setting even when adversaries can simultaneously corrupt multiple provers and verifiers.As far as we know,the round complexity of all the constructions of CNMZK arguments for NP is at least ω(log n).In this paper,we provide the first construction of a constant-round concurrent non-malleable zero-knowledge argument for every language in NP.Our protocol relies on the existence of families of collision-resistant hash functions,one-way permutations and indistinguishability obfuscators.As an additional contribution,we study the composition of two central notions in zero knowledge,the simultaneously resettable zero-knowledge and non-malleable zero-knowledge,which seemingly have stronger proved security guarantees.We give the first construction of a constant-round simultaneously-resettable non-malleable zero-knowledge.To the best of our knowledge,this is the first study to combine the two security concepts described above together in the zero-knowledge protocols.
