Proceedings of the third ACM conference on Data and application security and privacy最新文献

筛选
英文 中文
Session details: Access control for applications 会话详细信息:应用程序的访问控制
Adam J. Lee
{"title":"Session details: Access control for applications","authors":"Adam J. Lee","doi":"10.1145/3260276","DOIUrl":"https://doi.org/10.1145/3260276","url":null,"abstract":"","PeriodicalId":118139,"journal":{"name":"Proceedings of the third ACM conference on Data and application security and privacy","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2013-02-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122412005","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
TamperProof: a server-agnostic defense for parameter tampering attacks on web applications 防篡改:针对web应用程序参数篡改攻击的服务器不可知防御
Nazari Skrupsky, Prithvi Bisht, Timothy L. Hinrichs, V. Venkatakrishnan, L. Zuck
{"title":"TamperProof: a server-agnostic defense for parameter tampering attacks on web applications","authors":"Nazari Skrupsky, Prithvi Bisht, Timothy L. Hinrichs, V. Venkatakrishnan, L. Zuck","doi":"10.1145/2435349.2435365","DOIUrl":"https://doi.org/10.1145/2435349.2435365","url":null,"abstract":"Parameter tampering attacks are dangerous to a web application whose server performs weaker data sanitization than its client. This paper presents TamperProof, a methodology and tool that offers a novel and efficient mechanism to protect Web applications from parameter tampering attacks. TamperProof is an online defense deployed in a trusted environment between the client and server and requires no access to, or knowledge of, the server side codebase, making it effective for both new and legacy applications. The paper reports on experiments that demonstrate TamperProof's power in efficiently preventing all known parameter tampering vulnerabilities on ten different applications.","PeriodicalId":118139,"journal":{"name":"Proceedings of the third ACM conference on Data and application security and privacy","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2013-02-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123016084","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 20
For some eyes only: protecting online information sharing 只对某些人来说:保护在线信息共享
Filipe Beato, Iulia Ion, Srdjan Capkun, B. Preneel, Marc Langheinrich
{"title":"For some eyes only: protecting online information sharing","authors":"Filipe Beato, Iulia Ion, Srdjan Capkun, B. Preneel, Marc Langheinrich","doi":"10.1145/2435349.2435351","DOIUrl":"https://doi.org/10.1145/2435349.2435351","url":null,"abstract":"End-users have become accustomed to the ease with which online systems allow them to exchange messages, pictures, and other files with colleagues, friends, and family. This con- venience, however, sometimes comes at the expense of hav- ing their data be viewed by a number of unauthorized par- ties, such as hackers, advertisement companies, other users, or governmental agencies. A number of systems have been proposed to protect data shared online; yet these solutions typically just shift trust to another third party server, are platform specific (e.g., work for Facebook only), or fail to hide that confidential communication is taking place. In this paper, we present a novel system that enables users to exchange data over any web-based sharing platform, while both keeping the communicated data confidential and hiding from a casual observer that an exchange of confidential data is taking place. We provide a proof-of-concept implementa- tion of our system in the form of a publicly available Fire- fox plugin, and demonstrate the viability of our approach through a performance evaluation.","PeriodicalId":118139,"journal":{"name":"Proceedings of the third ACM conference on Data and application security and privacy","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2013-02-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115938331","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 31
Session details: Web security 会话详细信息:Web安全
E. Bertino
{"title":"Session details: Web security","authors":"E. Bertino","doi":"10.1145/3260273","DOIUrl":"https://doi.org/10.1145/3260273","url":null,"abstract":"","PeriodicalId":118139,"journal":{"name":"Proceedings of the third ACM conference on Data and application security and privacy","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2013-02-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115921571","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Session details: Keynote address 会议详情:主题演讲
Kui Ren
{"title":"Session details: Keynote address","authors":"Kui Ren","doi":"10.1145/3245883","DOIUrl":"https://doi.org/10.1145/3245883","url":null,"abstract":"","PeriodicalId":118139,"journal":{"name":"Proceedings of the third ACM conference on Data and application security and privacy","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2013-02-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132895617","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Mediums: visual integrity preserving framework 媒介:视觉完整性保护框架
Tongbo Luo, Xing Jin, Wenliang Du
{"title":"Mediums: visual integrity preserving framework","authors":"Tongbo Luo, Xing Jin, Wenliang Du","doi":"10.1145/2435349.2435394","DOIUrl":"https://doi.org/10.1145/2435349.2435394","url":null,"abstract":"The UI redressing attack and its variations have spread across several platforms, from web browsers to mobile systems. We study the fundamental problem underneath such attacks, and formulate a generic model called the container threat model. We believe that the attacks are caused by the system's failure to preserve visual integrity. From this angle, we study the existing countermeasures and propose a generic approach, Mediums framework, to develop a Trusted Display Base (TDB) to address this type of problems. We use the side channel to convey the lost visual information to users. From the access control perspective, we use the dynamic binding policy model to allow the server to enforce different restrictions based on different client-side scenarios.","PeriodicalId":118139,"journal":{"name":"Proceedings of the third ACM conference on Data and application security and privacy","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2013-02-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116451038","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Session details: Social networks and location-based privacy 会话细节:社交网络和基于位置的隐私
Lujo Bauer
{"title":"Session details: Social networks and location-based privacy","authors":"Lujo Bauer","doi":"10.1145/3260270","DOIUrl":"https://doi.org/10.1145/3260270","url":null,"abstract":"","PeriodicalId":118139,"journal":{"name":"Proceedings of the third ACM conference on Data and application security and privacy","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2013-02-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128866983","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Do online social network friends still threaten my privacy? 在线社交网络上的朋友还会威胁到我的隐私吗?
Sebastian Labitzke, Florian Werling, Jens Mittag, H. Hartenstein
{"title":"Do online social network friends still threaten my privacy?","authors":"Sebastian Labitzke, Florian Werling, Jens Mittag, H. Hartenstein","doi":"10.1145/2435349.2435352","DOIUrl":"https://doi.org/10.1145/2435349.2435352","url":null,"abstract":"A user's online social network (OSN) friends commonly share information on their OSN profiles that might also characterize the user him-/herself. Therefore, OSN friends are potentially jeopardizing users' privacy. Previous studies demonstrated that third parties can potentially infer personally identifiable information (PII) based on information shared by users' OSN friends if sufficient information is accessible. However, when considering how privacy settings have been adjusted since then, it is unclear which attributes can still be predicted this way. In this paper, we present an empirical study on PII of Facebook users and their friends. We show that certain pieces of PII can easily be inferred. In contrast, other attributes are rarely made publicly available and/or correlate too little so that not enough information is revealed for intruding user privacy. For this study, we analyzed more than 1.2 million OSN profiles in a compliant manner to investigate the privacy risk due to attribute prediction by third parties. The data shown in this paper provides the basis for acting in a risk aware fashion in OSNs.","PeriodicalId":118139,"journal":{"name":"Proceedings of the third ACM conference on Data and application security and privacy","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2013-02-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125522111","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 14
A fine-grained access control model for key-value systems 键-值系统的细粒度访问控制模型
D. Kulkarni
{"title":"A fine-grained access control model for key-value systems","authors":"D. Kulkarni","doi":"10.1145/2435349.2435370","DOIUrl":"https://doi.org/10.1145/2435349.2435370","url":null,"abstract":"In this paper we present K-VAC -- a key-value access control model for modern non-relational data stores. This model supports specification and enforcement of access control policies at different levels of resource hierarchy, such as a column family, a row, or a column. The policies can be based on contents of the key-value store and they may also include context information. Through a case-study example we demonstrate the capabilities of this system.","PeriodicalId":118139,"journal":{"name":"Proceedings of the third ACM conference on Data and application security and privacy","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2013-02-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116076607","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 25
Comparative eye tracking of experts and novices in web single sign-on 网络单点登录中专家与新手的眼动追踪比较
Majid Arianezhad, Simon Fraser, T. Kelley, D. Stebila
{"title":"Comparative eye tracking of experts and novices in web single sign-on","authors":"Majid Arianezhad, Simon Fraser, T. Kelley, D. Stebila","doi":"10.1145/2435349.2435362","DOIUrl":"https://doi.org/10.1145/2435349.2435362","url":null,"abstract":"Security indicators in web browsers alert users to the presence of a secure connection between their computer and a web server; many studies have shown that such indicators are largely ignored by users in general. In other areas of computer security, research has shown that technical expertise can decrease user susceptibility to attacks. In this work, we examine whether computer or security expertise affects use of web browser security indicators. Our study takes place in the context of web-based single sign-on, in which a user can use credentials from a single identity provider to login to many relying websites; single sign-on is a more complex, and hence more difficult, security task for users. In our study, we used eye trackers and surveyed participants to examine the cues individuals use and those they report using, respectively. Our results show that users with security expertise are more likely to self-report looking at security indicators, and eye-tracking data shows they have longer gaze duration at security indicators than those without security expertise. However, computer expertise alone is not correlated with recorded use of security indicators. In survey questions, neither experts nor novices demonstrate a good understanding of the security consequences of web-based single sign-on.","PeriodicalId":118139,"journal":{"name":"Proceedings of the third ACM conference on Data and application security and privacy","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2013-02-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122477051","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 26
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信