Caml Crush
نویسندگان
چکیده
PKCS#11 is a very popular cryptographic API: it is the standard used by many Hardware Security Modules, smartcards and software cryptographic tokens. Several attacks have been uncovered against PKCS#11 at different levels: intrinsic logical flaws, cryptographic vulnerabilities or severe compliance issues. Since affected hardware remains widespread in computer infrastructures, we propose a user-centric and pragmatic approach for secure usage of vulnerable devices. We introduce Caml Crush, a PKCS#11 filtering proxy. Our solution allows to dynamically protect PKCS#11 cryptographic tokens from state of the art attacks. This is the first approach that is immediately applicable to commercially available products. We provide a fully functional open source implementation with an extensible filter engine effectively shielding critical resources. This yields additional advantages to using Caml Crush that go beyond classical PKCS#11 weakness mitigations.
منابع مشابه
A Provably Secure PKCS#11 Configuration Without Authenticated Attributes
Cryptographic APIs like PKCS#11 are interfaces to trusted hardware where keys are stored; the secret keys should never leave the trusted hardware in plaintext. In PKCS#11 it is possible to give keys conflicting roles, leading to a number of key-recovery attacks. To prevent these attacks, one can authenticate the attributes of keys when wrapping, but this is not standard in PKCS#11. Alternativel...
متن کاملFlow Caml in a Nutshell
Flow Caml is an extension of the Objective Caml language with a type system tracing information flow. It automatically checks information flow within Flow Caml programs, then translates them to regular Objective Caml code that can be compiled by the ordinary compiler to produce secure programs. In this paper, we give a short overview of this system, from a practical viewpoint.
متن کاملCAML Does Not Modulate Tetherin-Mediated Restriction of HIV-1 Particle Release
BACKGROUND Tetherin/BST-2 is a recently-identified potent restriction factor in human cells that restricts HIV particle release following particle formation and budding at the plasma membrane. Vpu counteracts tetherin's restriction of particle release in a manner that has not yet been fully defined. We recently identified calcium-modulating cyclophilin ligand (CAML) as a Vpu-interacting protein...
متن کاملUn Caml Light Distribué
Résumé. Dans cet article nous proposons une extension du langage fonctionnel Caml Light appelé ACCL (pour A Concurrent Caml Light) dont le but est de combiner les paradigmes de programmation impérative, fonctionnelle, de concurrence et de distribution dans un seul langage de programmation. Pour l’extension concurrente de Caml Light nous proposons quelques primitives avec une sémantique très sim...
متن کاملEssential role for CAML in follicular B cell survival and homeostasis.
Calcium-modulating cyclophilin ligand (CAML) is a ubiquitously expressed protein that is important during thymopoiesis. However, whether it serves a function in mature lymphocytes is unknown. In this article, we show that CAML is essential for survival of peripheral follicular (Fo) B cells. Conditional deletion of CAML in CD19-Cre transgenic mice caused a significant reduction in Fo cell number...
متن کامل