Consider the scenario, that we have a Lookup table (LUT) which takes the desired value as input and output correspondingly the matched value in LUT. We don't want anyone to look into the LUT; hence it is embedded into an executable file [.exe] ( from matlab standalone application Or Visual Studio executable file etc Or any other API development kit) which can be referred as a black box.
How to prove its security in-terms of an adversary querying this .exe file for input and getting the response. The .exe file will output result if the input exists in LUT and the corresponding entry is matched.
Actually I am not good at defining security proofs or games. As a matter of fact i have searched too much papers regarding this to have an idea but all in vain. Moreover, I even have a doubt whether can I proceed with the concept of encrypting/hiding LUT by making an .exe file from it.
Your sincere comments will be appreciated.
The problem you will have in proving security, is that you do not base your implementation on a provably secure system to start with. You will therefore need to be very careful when using system calls and library calls which are not provably secure, but even then you cannot guarantee that others may not be inspecting system memory, unless you use techniques such as trusted computing with sealed storage.
You can use tools such as SPIN and Promela for verifying that security protocols are secure, but this is assuming that the underlying platform is free of flaws, which it in general is hard to guarantee, unless you run on a provably secure system to start with.
There is a lot of research on provably secure operating systems, but existing ones (Windows, Linux, Unix etc.) are not provably secure.
- Badges
- Science topic