Current mobile-code formats require veri cation by the code recipient to guard against potentially malicious actions of an incoming mobile program. Such veri cation is needed even when a mobile program originated in a \safe" language such as Java, because the transmission might have been corrupted by an adversary. We describe an alternative approach based on a family of mobile code formats that...

Audit logs are considered good practice for business systems, and are required by federal regulations for secure systems, drug approval data, medical information disclosure, financial records, and electronic voting. Given the central role of audit logs, it is critical that they are correct and inalterable. It is not sufficient to say, “our data is correct, because we store all interactions in a...

Chip-Secured XML Access (C-SXA) is a versatile and tamper-resistant XML-based Access Right Controller embedded in a smart card. C-SXA can be used either to protect the privacy of onboard personal data or to control the flow of data extracted from an external source. Tamperresistance is inherited from the smart card for on-board data or achieved using cryptographic techniques for external data. ...

The assumption of the availability of tamper-proof hardware tokens has been used extensively in the design of cryptographic primitives. For example, Katz (Eurocrypt 2007) suggests them as an alternative to other setup assumptions, towards achieving general UC-secure multi-party computation. On the other hand, a lot of recent research has focused on protecting security of various cryptographic p...