The Quote Verifier

Our language is full of hundreds of quotations that are often cited but seldom confirmed. Ralph Keyes's The Quote Verifier considers not only classic misquotes such as "Nice guys finish last," and "Play it again, Sam," but more surprising ones such as "Ain't I a woman?" and "Golf is a good walk spoiled," as well as the origins of popular sayings such as "The opera ain't over till the fat lady sings," "No one washes a rented car," and "Make my day." Keyes's in-depth research routinely confounds widespread assumptions about who said what, where, and when. Organized in easy-to-access dictionary form, The Quote Verifier also contains special sections highlighting commonly misquoted people and genres, such as Yogi Berra and Oscar Wilde, famous last words, and misremembered movie lines. An invaluable resource for not just those with a professional need to quote accurately, but anyone at all who is interested in the roots of words and phrases, The Quote Verifier is not only a fascinating piece of literary sleuthing, but also a great read.

This book constitutes the refereed proceedings of the International Symposium on Security in Computing and Communications, SSCC 2014, held in Delhi, India, in September 2013. The 36 revised full papers presented together with 12 work-in-progress papers were carefully reviewed and selected from 132 submissions. The papers are organized in topical sections on security and privacy in networked systems; authentication and access control systems; encryption and cryptography; system and network security; work-in-progress.

This book constitutes the thoroughly refereed post-conference proceedings of the 7th International Workshop on Security and Trust Management, STM 2011, held in Copenhagen, Denmark, in June 2011 - co-located with IFIPTM 2011, the 5th IFIP International Conference on Trust Management. The 12 revised full papers presented together with 4 invited papers were carefully reviewed and selected from 33 submissions. Focusing on high-quality original unpublished research, case studies, and implementation experiences, STM 2011 features submissions from academia, industry, and government presenting novel research on all theoretical and practical aspects of security and trust in information and communication technologies.

This book constitutes the proceedings of the 7th International Conference on Network and System Security, NSS 2013, held in Madrid, Spain, in June 2013. The 41 full papers presented were carefully reviewed and selected from 176 submissions. The volume also includes 7 short papers and 13 industrial track papers. The paper are organized in topical sections on network security (including: modeling and evaluation; security protocols and practice; network attacks and defense) and system security (including: malware and intrusions; applications security; security algorithms and systems; cryptographic algorithms; privacy; key agreement and distribution).

This book constitutes the refereed proceedings of the 8th International Conference on Progress in Cryptology, LATINCRYPT 2023, held in Quito, Ecuador, in October 2023. The 19 full papers included in this book were carefully reviewed and selected from 59 submissions. They were organized in topical sections as follows: Symmetric-Key Cryptography; Multi-Party Computation; Isogeny-Based Cryptography; Discrete Logarithm Problem; Cryptographic Protocols; Real-World Cryptography; and Zero-Knowledge Proofs.

This book constitutes the proceedings of the 15th International Symposium on Research in Attacks, Intrusions and Defenses, former Recent Advances in Intrusion Detection, RAID 2012, held in Amsterdam, The Netherlands in September 2012. The 18 full and 12 poster papers presented were carefully reviewed and selected from 84 submissions. The papers address all current topics in virtualization, attacks and defenses, host and network security, fraud detection and underground economy, web security, intrusion detection.

As society rushes to digitize sensitive information and services, it is imperative to adopt adequate security protections. However, such protections fundamentally conflict with the benefits we expect from commodity computers. In other words, consumers and businesses value commodity computers because they provide good performance and an abundance of features at relatively low costs. Meanwhile, attempts to build secure systems from the ground up typically abandon such goals, and hence are seldom adopted. In this book, I argue that we can resolve the tension between security and features by leveraging the trust a user has in one device to enable her to securely use another commodity device or service, without sacrificing the performance and features expected of commodity systems. At a high level, we support this premise by developing techniques to allow a user to employ a small, trusted, portable device to securely learn what code is executing on her local computer. Rather than entrusting her data to the mountain of buggy code likely running on her computer, we construct an on-demand secure execution environment which can perform security-sensitive tasks and handle private data in complete isolation from all other software (and most hardware) on the system. Meanwhile, non-security-sensitive software retains the same abundance of features and performance it enjoys today. Having established an environment for secure code execution on an individual computer, we then show how to extend trust in this environment to network elements in a secure and efficient manner. This allows us to reexamine the design of network protocols and defenses, since we can now execute code on endhosts and trust the results within the network. Lastly, we extend the user's trust one more step to encompass computations performed on a remote host (e.g., in the cloud). We design, analyze, and prove secure a protocol that allows a user to outsource arbitrary computations to commodity computers run by an untrusted remote party (or parties) who may subject the computers to both software and hardware attacks. Our protocol guarantees that the user can both verify that the results returned are indeed the correct results of the specified computations on the inputs provided, and protect the secrecy of both the inputs and outputs of the computations. These guarantees are provided in a non-interactive, asymptotically optimal (with respect to CPU and bandwidth) manner. Thus, extending a user's trust, via software, hardware, and cryptographic techniques, allows us to provide strong security protections for both local and remote computations on sensitive data, while still preserving the performance and features of commodity computers.

Trusting a computer for a security-sensitive task (such as checking email or banking online) requires the user to know something about the computer's state. We examine research on securely capturing a computer's state, and consider the utility of this information both for improving security on the local computer (e.g., to convince the user that her computer is not infected with malware) and for communicating a remote computer's state (e.g., to enable the user to check that a web server will adequately protect her data). Although the recent "Trusted Computing" initiative has drawn both positive and negative attention to this area, we consider the older and broader topic of bootstrapping trust in a computer. We cover issues ranging from the wide collection of secure hardware that can serve as a foundation for trust, to the usability issues that arise when trying to convey computer state information to humans. This approach unifies disparate research efforts and highlights opportunities for additional work that can guide real-world improvements in computer security.