"MC2 Researchers Present Six Papers at ACM Security Conference"

Six papers from researchers affiliated with the Maryland Cybersecurity Center (MC2) were accepted for presentation at the 2022 Association for Computing Machinery Conference on Computer and Communications Security (ACM CCS). The annual conference gathers information security researchers, practitioners, developers, and users worldwide. According to Michelle Mazurek, associate professor of computer science and director of MC2, MC2 faculty, students, and postdocs have produced work on the web's certificate infrastructure, hardware security, secure software development, and more. One of the papers that received an honorable mention is "Hammurabi: A Framework for Pluggable, Logic-Based X.509 Certificate Validation Policies," which introduces a framework that decouples the certificate processing mechanism from the certificate validation policy. In this framework, the researchers show that they can express the complex policies of the Google Chrome and Mozilla Firefox web browsers. They confirm Hammurabi policies' accuracy by comparing their validation decisions to those of browsers on over 10 million certificate chains derived from certificate transparency logs, as well as 100,000 synthetic chains. "When Frodo Flips: End-to-End Key Recovery on FrodoKEM via Rowhammer," the second honorable mention paper, examines defending post-quantum cryptography systems from active side-channel attacks. The researchers use Rowhammer to demonstrate the first end-to-end implementation of a successful key recovery attack against FrodoKEM, a quantum-resistant public key cryptographic algorithm. They begin by launching Rowhammer, a security exploit, in order to poison FrodoKEM's KeyGen process. Then, they use a supercomputer to extract private-key material and synthesize it with a customized key-recovery algorithm. On a standard laptop, any individual FrodoKEM-encrypted session-key can be recovered in about two minutes. This article continues to discuss papers developed by MC2 researchers that were accepted by the ACM security conference. 

UMIACS reports "MC2 Researchers Present Six Papers at ACM Security Conference"