发布求助
文献互助 智能选刊 最新文献

Proceedings of the Twelfth ACM Conference on Data and Application Security and Privacy最新文献

筛选
英文 中文
Cache Shaping: An Effective Defense Against Cache-Based Website Fingerprinting 缓存整形:一个有效的防御基于缓存的网站指纹
Proceedings of the Twelfth ACM Conference on Data and Application Security and Privacy Pub Date : 2022-04-14 DOI: 10.1145/3508398.3511500
Haipeng Li, Nan Niu, Boyang Wang
{"title":"Cache Shaping: An Effective Defense Against Cache-Based Website Fingerprinting","authors":"Haipeng Li, Nan Niu, Boyang Wang","doi":"10.1145/3508398.3511500","DOIUrl":"https://doi.org/10.1145/3508398.3511500","url":null,"abstract":"Cache-based website fingerprinting attacks can infer which website a user visits by measuring CPU cache activities. Studies have shown that an attacker can achieve high accuracy with a low sampling rate by monitoring cache occupancy of the entire Last Level Cache. Although a defense has been proposed, it was not effective when an attacker adapts and retrains a classifier with defended data. In this paper, we propose a new defense, referred to as cache shaping, to preserve user privacy against cache-based website fingerprinting attacks. Our proposed defense produces dummy cache activities by introducing dummy I/O operations and implementing with multiple processes, which hides fingerprints when a user visits websites. Our experimental results over large-scale datasets collected from multiple web browsers and operating systems show that our defense remains effective even if an attacker retrains a classifier with defended cache traces. We demonstrate the efficacy of our defense in the closed-world setting and the open-world setting by leveraging deep neural networks as classifiers.","PeriodicalId":102306,"journal":{"name":"Proceedings of the Twelfth ACM Conference on Data and Application Security and Privacy","volume":"8 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-04-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126305707","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
kTRACKER: Passively Tracking KRACK using ML Model kTRACKER:使用ML模型被动跟踪KRACK
Proceedings of the Twelfth ACM Conference on Data and Application Security and Privacy Pub Date : 2022-04-14 DOI: 10.1145/3508398.3519360
Anand Agrawal, Urbi Chatterjee, R. Maiti
{"title":"kTRACKER: Passively Tracking KRACK using ML Model","authors":"Anand Agrawal, Urbi Chatterjee, R. Maiti","doi":"10.1145/3508398.3519360","DOIUrl":"https://doi.org/10.1145/3508398.3519360","url":null,"abstract":"Recently, a number of attacks have been demonstrated (like key reinstallation attack, called KRACK) on WPA2 protocol suite in Wi-Fi WLAN. In this paper, we design and implement a system, called kTRACKER, to passively detect anomalies in the handshake of Wi-Fi security protocols, in particular WPA2, between a client and an access point using COTS radios. A state machine model is implemented to detect KRACK attack by passively monitoring multiple wireless channels. In particular, we perform deep packet inspection and develop a grouping algorithm to group Wi-Fi handshake packets to identify the symptoms of the KRACK in specific stages of a handshake session. Our implementation of kTRACKER does not require any modification to the firmware of the supplicant i.e., client or the authenticator i.e., access point or the COTS devices, our system just needs to be in the accessible range from clients and access points. We use a publicly available dataset for performance analysis of kTRACKER. We employ gradient boosting-based supervised machine learning models, and show that an accuracy around 93.39% and a false positive rate of 5.08% can be achieved using kTRACKER.","PeriodicalId":102306,"journal":{"name":"Proceedings of the Twelfth ACM Conference on Data and Application Security and Privacy","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-04-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121102533","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Hardening with Scapolite: A DevOps-based Approach for Improved Authoring and Testing of Security-Configuration Guides in Large-Scale Organizations 用Scapolite加固:一种基于devops的方法,用于在大型组织中改进安全配置指南的编写和测试
Proceedings of the Twelfth ACM Conference on Data and Application Security and Privacy Pub Date : 2022-04-14 DOI: 10.1145/3508398.3511525
Patrick Stöckle, Ionut Pruteanu, Bernd Grobauer, A. Pretschner
{"title":"Hardening with Scapolite: A DevOps-based Approach for Improved Authoring and Testing of Security-Configuration Guides in Large-Scale Organizations","authors":"Patrick Stöckle, Ionut Pruteanu, Bernd Grobauer, A. Pretschner","doi":"10.1145/3508398.3511525","DOIUrl":"https://doi.org/10.1145/3508398.3511525","url":null,"abstract":"Security Hardening is the process of configuring IT systems to ensure the security of the systems' components and data they process or store. In many cases, so-called security-configuration guides are used as a basis for security hardening. These guides describe secure configuration settings for components such as operating systems and standard applications. Rigorous testing of security-configuration guides and automated mechanisms for their implementation and validation are necessary since erroneous implementations or checks of hardening guides may severely impact systems' security and functionality. At Siemens, centrally maintained security-configuration guides carry machine-readable information specifying both the implementation and validation of each required configuration step. The guides are maintained within git repositories; automated pipelines generate the artifacts for implementation and checking, e.g., PowerShell scripts for Windows, and carry out testing of these artifacts on AWS images. This paper describes our experiences with our DevOps-inspired approach for authoring, maintaining, and testing security-configuration guides. We want to share these experiences to help other organizations with their security hardening and increase their systems' security.","PeriodicalId":102306,"journal":{"name":"Proceedings of the Twelfth ACM Conference on Data and Application Security and Privacy","volume":"11 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-04-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132662928","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Prediction of Mobile App Privacy Preferences with User Profiles via Federated Learning 基于联邦学习的移动应用隐私偏好预测
Proceedings of the Twelfth ACM Conference on Data and Application Security and Privacy Pub Date : 2022-04-14 DOI: 10.1145/3508398.3511526
André Brandão, Ricardo Mendes, J. Vilela
{"title":"Prediction of Mobile App Privacy Preferences with User Profiles via Federated Learning","authors":"André Brandão, Ricardo Mendes, J. Vilela","doi":"10.1145/3508398.3511526","DOIUrl":"https://doi.org/10.1145/3508398.3511526","url":null,"abstract":"Permission managers in mobile devices allow users to control permissions requests, by granting of denying application's access to data and sensors. However, existing managers are ineffective at both protecting and warning users of the privacy risks of their permissions' decisions. Recent research proposes privacy protection mechanisms through user profiles to automate privacy decisions, taking personal privacy preferences into consideration. While promising, these proposals usually resort to a centralized server towards training the automation model, thus requiring users to trust this central entity. In this paper we propose a methodology to build privacy profiles and train neural networks for prediction of privacy decisions, while guaranteeing user privacy, even against a centralized server. Specifically, we resort to privacy-preserving clustering techniques towards building the privacy profiles, that is, the server computes the centroids (profiles) without access to the underlying data. Then, using federated learning, the model to predict permission decisions is learnt in a distributed fashion while all data remains locally in the users' devices. Experiments following our methodology show the feasibility of building a personalized and automated permission manager guaranteeing user privacy, while also reaching a performance comparable to the centralized state of the art, with an F1-score of 0.9.","PeriodicalId":102306,"journal":{"name":"Proceedings of the Twelfth ACM Conference on Data and Application Security and Privacy","volume":"29 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-04-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114800794","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
Enforcement of Laws and Privacy Preferences in Modern Computing Systems 现代计算系统中法律的执行和隐私偏好
Proceedings of the Twelfth ACM Conference on Data and Application Security and Privacy Pub Date : 2022-04-14 DOI: 10.1145/3508398.3519315
Murat Kantarcioglu, B. Carminati, S. Samtani, Sudip Mittal, Maanak Gupta
{"title":"Enforcement of Laws and Privacy Preferences in Modern Computing Systems","authors":"Murat Kantarcioglu, B. Carminati, S. Samtani, Sudip Mittal, Maanak Gupta","doi":"10.1145/3508398.3519315","DOIUrl":"https://doi.org/10.1145/3508398.3519315","url":null,"abstract":"Modern civilization is highly dependent on computing systems, touching all aspects of business, government, and individual life. At the same time, there has been an increase in laws and privacy preferences whose implementation and effectiveness depend on software. Whereas organizations and individuals have been expected to comply with laws and regulations, now computing systems must also be compliant and accountable. Computing systems need to be designed with privacy preferences and legal statutes in mind, and should be adaptable to change.","PeriodicalId":102306,"journal":{"name":"Proceedings of the Twelfth ACM Conference on Data and Application Security and Privacy","volume":"44 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-04-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122562160","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Session details: Panel II 会议详情:小组二
Proceedings of the Twelfth ACM Conference on Data and Application Security and Privacy Pub Date : 2022-04-14 DOI: 10.1145/3532570
Maanak Gupta
{"title":"Session details: Panel II","authors":"Maanak Gupta","doi":"10.1145/3532570","DOIUrl":"https://doi.org/10.1145/3532570","url":null,"abstract":"","PeriodicalId":102306,"journal":{"name":"Proceedings of the Twelfth ACM Conference on Data and Application Security and Privacy","volume":"71 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-04-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"120952514","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Transforming Memory Image to Sound Wave Signals for an Effective IoT Fingerprinting 将记忆图像转换为声波信号用于有效的物联网指纹识别
Proceedings of the Twelfth ACM Conference on Data and Application Security and Privacy Pub Date : 2022-04-14 DOI: 10.1145/3508398.3519366
Ramyapandian Vijayakanthan, Irfan Uddin Ahmed, Aisha I. Ali-Gombe
{"title":"Transforming Memory Image to Sound Wave Signals for an Effective IoT Fingerprinting","authors":"Ramyapandian Vijayakanthan, Irfan Uddin Ahmed, Aisha I. Ali-Gombe","doi":"10.1145/3508398.3519366","DOIUrl":"https://doi.org/10.1145/3508398.3519366","url":null,"abstract":"As the need and adaptation for smart environments continue to rise, owing mainly to the evolution in IoT technology's processing and sensing capabilities, the security community must contend with increasing attack surfaces on our network, critical systems, and infrastructures. Thus, developing an effective fingerprint to deal with some of these threats is of paramount importance. As such, in this paper, we explored the use of memory snapshots for effective dynamic process-level fingerprints. Our technique transforms a memory snapshot into a sound wave signal, from which we then retrieve their distinctive Mel-Frequency Cepstral Coefficients (MFCC) features as unique process-level identifiers. The evaluation of this proposed technique on our dataset demonstrated that MFCC-based fingerprints generated from the same IoT process memory at different times exhibit much stronger similarities than those acquired from different IoT process spaces.","PeriodicalId":102306,"journal":{"name":"Proceedings of the Twelfth ACM Conference on Data and Application Security and Privacy","volume":"6 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-04-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127873214","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Towards Automated Content-based Photo Privacy Control in User-Centered Social Networks 在以用户为中心的社交网络中实现基于内容的自动照片隐私控制
Proceedings of the Twelfth ACM Conference on Data and Application Security and Privacy Pub Date : 2022-04-14 DOI: 10.1145/3508398.3511517
Nishant Vishwamitra, Yifang Li, Hongxin Hu, Kelly E. Caine, Long Cheng, Ziming Zhao, Gail-Joon Ahn
{"title":"Towards Automated Content-based Photo Privacy Control in User-Centered Social Networks","authors":"Nishant Vishwamitra, Yifang Li, Hongxin Hu, Kelly E. Caine, Long Cheng, Ziming Zhao, Gail-Joon Ahn","doi":"10.1145/3508398.3511517","DOIUrl":"https://doi.org/10.1145/3508398.3511517","url":null,"abstract":"A large number of photos shared online often contain private user information, which can cause serious privacy breaches when viewed by unauthorized users. Thus, there is a need for more efficient privacy control that requires automatic detection of users' private photos. However, the automatic detection of users' private photos is a challenging task, since different users may have different privacy concerns and a generalized one-size-fits-all approach for private photo detection would not be suitable for most users. User-specific detection of private photos should, therefore, be investigated. Furthermore, for effective privacy control, the exact sensitive regions in private photos need to be pinpointed, so that sensitive content can be protected via different privacy control methods. In this paper, we propose a novel system, AutoPri, to enable automatic and user-specific content-based photo privacy control in online social networks. We collect a large dataset of 31, 566 private and public photos from real-world users and present important observations on photo privacy concerns. Our system can automatically detect private photos in a user-specific manner using a detection model based on a multimodal variational autoencoder and pinpoint sensitive regions in private photos with an explainable deep learning-based approach. Our evaluations show that AutoPri can effectively determine user-specific private photos with high accuracy (94.32%) and pinpoint exact sensitive regions in them to enable effective privacy control in user-centered online social networks.","PeriodicalId":102306,"journal":{"name":"Proceedings of the Twelfth ACM Conference on Data and Application Security and Privacy","volume":"12 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-04-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129723306","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
Private Lives Matter: A Differential Private Functional Encryption Scheme 隐私问题:一种差分隐私功能加密方案
Proceedings of the Twelfth ACM Conference on Data and Application Security and Privacy Pub Date : 2022-04-14 DOI: 10.1145/3508398.3511514
Alexandros Bakas, A. Michalas, T. Dimitriou
{"title":"Private Lives Matter: A Differential Private Functional Encryption Scheme","authors":"Alexandros Bakas, A. Michalas, T. Dimitriou","doi":"10.1145/3508398.3511514","DOIUrl":"https://doi.org/10.1145/3508398.3511514","url":null,"abstract":"The use of data combined with tailored statistical analysis has presented a unique opportunity to organizations in diverse fields to observe users' behaviors and needs, and accordingly adapt and fine-tune their services. However, in order to offer utilizable, plausible, and personalized alternatives to users, this process usually also entails a breach of their privacy. The use of statistical databases for releasing data analytics is growing exponentially, and while many cryptographic methods are utilized to protect the confidentiality of the data -- a task that has been ably carried out by many authors over the years -- only a few %rudimentary number of works focus on the problem of privatizing the actual databases. Believing that securing and privatizing databases are two equilateral problems, in this paper, we propose a hybrid approach by combining Functional Encryption with the principles of Differential Privacy. Our main goal is not only to design a scheme for processing statistical data and releasing statistics in a privacy-preserving way but also to provide a richer, more balanced, and comprehensive approach in which data analytics and cryptography go hand in hand with a shift towards increased privacy.","PeriodicalId":102306,"journal":{"name":"Proceedings of the Twelfth ACM Conference on Data and Application Security and Privacy","volume":"60 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-04-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130044837","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
ProSPEC: Proactive Security Policy Enforcement for Containers ProSPEC:容器的主动安全策略执行
Proceedings of the Twelfth ACM Conference on Data and Application Security and Privacy Pub Date : 2022-04-14 DOI: 10.1145/3508398.3511515
Hugo Kermabon-Bobinnec, Mahmood Gholipourchoubeh, S. Bagheri, Suryadipta Majumdar, Yosr Jarraya, M. Pourzandi, Lingyu Wang
{"title":"ProSPEC: Proactive Security Policy Enforcement for Containers","authors":"Hugo Kermabon-Bobinnec, Mahmood Gholipourchoubeh, S. Bagheri, Suryadipta Majumdar, Yosr Jarraya, M. Pourzandi, Lingyu Wang","doi":"10.1145/3508398.3511515","DOIUrl":"https://doi.org/10.1145/3508398.3511515","url":null,"abstract":"By providing lightweight and portable support for cloud native applications, container environments have gained significant momentum lately. A container orchestrator such as Kubernetes can enable the automatic deployment and maintenance of a large number of containerized applications. However, due to its critical role, a container orchestrator also attracts a wide range of security threats exploiting misconfigurations or implementation flaws. Moreover, enforcing security policies at runtime against such security threats becomes far more challenging, as the large scale of container environments implies high complexity, while the high dynamicity demands a short response time. In this paper, we tackle this key security challenge to container environments through a proactive approach, namely, ProSPEC. Our approach leverages learning-based prediction to conduct the computationally intensive steps (e.g., security verification) in advance, while keeping the runtime steps (e.g., policy enforcement) lightweight. Consequently, ProSPEC can ensure a practical response time (e.g., less than 10 ms in contrast to 600 ms with one of the most popular existing approaches) for large container environments (up to 800 Pods).","PeriodicalId":102306,"journal":{"name":"Proceedings of the Twelfth ACM Conference on Data and Application Security and Privacy","volume":"73 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-04-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134242340","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信