发布求助
文献互助 智能选刊 最新文献

Proceedings of the third ACM conference on Data and application security and privacy最新文献

筛选
英文 中文
Exploring dependency for query privacy protection in location-based services 探索基于位置的服务中查询隐私保护的依赖关系
Proceedings of the third ACM conference on Data and application security and privacy Pub Date : 2013-02-18 DOI: 10.1145/2435349.2435354
Xihui Chen, Jun Pang
{"title":"Exploring dependency for query privacy protection in location-based services","authors":"Xihui Chen, Jun Pang","doi":"10.1145/2435349.2435354","DOIUrl":"https://doi.org/10.1145/2435349.2435354","url":null,"abstract":"Location-based services have been enduring a fast development for almost fifteen years. Due to the lack of proper privacy protection, especially in the early stage of the development, an enormous amount of user request records have been collected. This exposes potential threats to users' privacy as new contextual information can be extracted from such records. In this paper, we study query dependency which can be derived from users' request history, and investigate its impact on users' query privacy. To achieve our goal, we present an approach to compute the probability for a user to issue a query, by taking into account both user's query dependency and observed requests. We propose new metrics incorporating query dependency for query privacy, and adapt spatial generalisation algorithms in the literature to generate requests satisfying users' privacy requirements expressed in the new metrics. Through experiments, we evaluate the impact of query dependency on query privacy and show that our proposed metrics and algorithms are effective and efficient for practical applications.","PeriodicalId":118139,"journal":{"name":"Proceedings of the third ACM conference on Data and application security and privacy","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2013-02-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116143914","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 9
JStill: mostly static detection of obfuscated malicious JavaScript code JStill:主要是静态检测混淆的恶意JavaScript代码
Proceedings of the third ACM conference on Data and application security and privacy Pub Date : 2013-02-18 DOI: 10.1145/2435349.2435364
W. Xu, Fangfang Zhang, Sencun Zhu
{"title":"JStill: mostly static detection of obfuscated malicious JavaScript code","authors":"W. Xu, Fangfang Zhang, Sencun Zhu","doi":"10.1145/2435349.2435364","DOIUrl":"https://doi.org/10.1145/2435349.2435364","url":null,"abstract":"The dynamic features of the JavaScript language not only promote various means for users to interact with websites through Web browsers, but also pose serious security threats to both users and websites. On top of this, obfuscation has become a popular technique among malicious JavaScript code that tries to hide its malicious purpose and to evade the detection of anti-virus software. To defend against obfuscated malicious JavaScript code, in this paper we propose a mostly static approach called JStill. JStill captures some essential characteristics of obfuscated malicious code by function invocation based analysis. It also leverages the combination of static analysis and lightweight runtime inspection so that it can not only detect, but also prevent the execution of the obfuscated malicious JavaScript code in browsers. Our evaluation based on real-world malicious JavaScript samples as well as Alexa top 50,000 websites demonstrates high detection accuracy (all in our experiment) and low false positives of JStill. Meanwhile, JStill only incurs negligible performance overhead, making it a practical solution to preventing obfuscated malicious JavaScript code.","PeriodicalId":118139,"journal":{"name":"Proceedings of the third ACM conference on Data and application security and privacy","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2013-02-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127327029","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 87
A study of user password strategy for multiple accounts 多账号用户密码策略研究
Proceedings of the third ACM conference on Data and application security and privacy Pub Date : 2013-02-18 DOI: 10.1145/2435349.2435373
Taiabul Haque, M. Wright, Shannon Scielzo
{"title":"A study of user password strategy for multiple accounts","authors":"Taiabul Haque, M. Wright, Shannon Scielzo","doi":"10.1145/2435349.2435373","DOIUrl":"https://doi.org/10.1145/2435349.2435373","url":null,"abstract":"Despite advances in biometrics and other technologies, passwords remain the most commonly used means of authentication in computer systems. Users maintain different security levels for different passwords. In this study, we examine the degree of similarity among passwords of different security levels of a user. We conducted a laboratory experiment with 80 students from the University of Texas at Arlington (UTA). We asked the subjects to construct new passwords for websites of different security levels. We collected the lower-level passwords (e.g., passwords for online news sites) constructed by the subjects, combined them with a comprehensive wordlist, and performed dictionary attacks on their constructed passwords from the higher-level sites (e.g., banking websites). We could successfully crack almost one-third of their constructed passwords from the higher-level sites with this method. This suggests that, if a user's lower-level password is leaked, it can be used effectively by an attacker to crack some of the user's higher-level passwords.","PeriodicalId":118139,"journal":{"name":"Proceedings of the third ACM conference on Data and application security and privacy","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2013-02-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125428446","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 49
Session details: Cloud and distributed computing security and privacy 会议细节:云和分布式计算的安全性和隐私性
Proceedings of the third ACM conference on Data and application security and privacy Pub Date : 2013-02-18 DOI: 10.1145/3260280
Lujo Bauer
{"title":"Session details: Cloud and distributed computing security and privacy","authors":"Lujo Bauer","doi":"10.1145/3260280","DOIUrl":"https://doi.org/10.1145/3260280","url":null,"abstract":"","PeriodicalId":118139,"journal":{"name":"Proceedings of the third ACM conference on Data and application security and privacy","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2013-02-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128113219","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Session details: Short papers: users and security economics 短论文:用户和安全经济学
Proceedings of the third ACM conference on Data and application security and privacy Pub Date : 2013-02-18 DOI: 10.1145/3260279
A. Squicciarini
{"title":"Session details: Short papers: users and security economics","authors":"A. Squicciarini","doi":"10.1145/3260279","DOIUrl":"https://doi.org/10.1145/3260279","url":null,"abstract":"","PeriodicalId":118139,"journal":{"name":"Proceedings of the third ACM conference on Data and application security and privacy","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2013-02-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123525856","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Adaptive data protection in distributed systems 分布式系统中的自适应数据保护
Proceedings of the third ACM conference on Data and application security and privacy Pub Date : 2013-02-18 DOI: 10.1145/2435349.2435401
A. Squicciarini, Giuseppe Petracca, E. Bertino
{"title":"Adaptive data protection in distributed systems","authors":"A. Squicciarini, Giuseppe Petracca, E. Bertino","doi":"10.1145/2435349.2435401","DOIUrl":"https://doi.org/10.1145/2435349.2435401","url":null,"abstract":"Security is an important barrier to wide adoption of distributed systems for sensitive data storage and management. In particular, one unsolved problem is to ensure that customers data protection policies are honored, regardless of where the data is physically stored and how often it is accessed, modified, and duplicated. This issue calls for two requirements to be satisfied. First, data should be managed in accordance to both owners' preferences and to the local regulations that may apply. Second, although multiple copies may exist, a consistent view across copies should be maintained. Toward addressing these issues, in this work we propose innovative policy enforcement techniques for adaptive sharing of users' outsourced data. We introduce the notion of autonomous self-controlling objects (SCO), that by means of object-oriented programming techniques, encapsulate sensitive resources and assure their protection by means of adaptive security policies of various granularity, and synchronization protocols. Through extensive evaluation, we show that our approach is effective and efficiently manages multiple data copies.","PeriodicalId":118139,"journal":{"name":"Proceedings of the third ACM conference on Data and application security and privacy","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2013-02-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122223107","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 24
Persea: a sybil-resistant social DHT Persea:一个抗女性的社会DHT
Proceedings of the third ACM conference on Data and application security and privacy Pub Date : 2013-02-18 DOI: 10.1145/2435349.2435372
M. N. Al-Ameen, M. Wright
{"title":"Persea: a sybil-resistant social DHT","authors":"M. N. Al-Ameen, M. Wright","doi":"10.1145/2435349.2435372","DOIUrl":"https://doi.org/10.1145/2435349.2435372","url":null,"abstract":"P2P systems are inherently vulnerable to Sybil attacks, in which an attacker can have a large number of identities and use them to control a substantial fraction of the system. We propose Persea, a novel P2P system that is more robust against Sybil attacks than prior approaches. Persea derives its Sybil resistance by assigning IDs through a bootstrap tree, the graph of how nodes have joined the system through invitations. More specifically, a node joins Persea when it gets an invitation from an existing node in the system. The inviting node assigns a node ID to the joining node and gives it a chunk of node IDs for further distribution. For each chunk of ID space, the attacker needs to socially engineer a connection to another node already in the system. This hierarchical distribution of node IDs confines a large attacker botnet to a considerably smaller region of the ID space than in a normal P2P system. Persea uses a replication mechanism in which each (key,value) pair is stored in nodes that are evenly spaced over the network. Thus, even if a given region is occupied by attackers, the desired (key,value) pair can be retrieved from other regions. We compare our results with Kad, Whanau, and X-Vine and show that Persea is a better solution against Sybil attacks.","PeriodicalId":118139,"journal":{"name":"Proceedings of the third ACM conference on Data and application security and privacy","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2013-02-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131760926","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 9
Enhancing performance of searchable encryption in cloud computing 增强云计算中可搜索加密的性能
Proceedings of the third ACM conference on Data and application security and privacy Pub Date : 2013-02-18 DOI: 10.1145/2435349.2435369
R. Rughinis
{"title":"Enhancing performance of searchable encryption in cloud computing","authors":"R. Rughinis","doi":"10.1145/2435349.2435369","DOIUrl":"https://doi.org/10.1145/2435349.2435369","url":null,"abstract":"Predicate evaluation on encrypted data is a challenge that modern cryptography is starting to address. The advantages of constructing logical primitives that are able to operate on encrypted data are numerous, such as allowing untrusted parties to take decisions without actually having access to the plaintext. Systems that offer these methods are grouped under the name of searchable encryption systems. One of the challenges that searchable encryption faces today is related to computational and bandwidth costs, because the mathematical operations involved are expensive. Recent algorithms such as Hidden Vector Encryption exhibit improved efficiency, but for large scale systems the optimizations are often not enough. Many problems that can be solved using searchable encryption are embarrassingly parallel. Using a prototype, we show that parallel solutions offer sufficient cost reduction so that large scale applications become feasible.","PeriodicalId":118139,"journal":{"name":"Proceedings of the third ACM conference on Data and application security and privacy","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2013-02-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130550749","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
The usability of truecrypt, or how i learned to stop whining and fix an interface truecrypt的可用性,或者我是如何学会停止抱怨和修复界面的
Proceedings of the third ACM conference on Data and application security and privacy Pub Date : 2013-02-18 DOI: 10.1145/2435349.2435360
Sumeet Gujrati, Eugene Y. Vasserman
{"title":"The usability of truecrypt, or how i learned to stop whining and fix an interface","authors":"Sumeet Gujrati, Eugene Y. Vasserman","doi":"10.1145/2435349.2435360","DOIUrl":"https://doi.org/10.1145/2435349.2435360","url":null,"abstract":"Non-use or incorrect use of security software is one major reason for privacy breaches of all scales. The problem is compounded by software, security policies, and user interfaces that are difficult to use and understand. Using widely accepted user interface analysis methods, we examine a popular free and open source disk encryption software package, and find that it is far from accessible to ordinary users. Using rigorous interface design principles, we derive several concrete changes that would make the software easier to use, and construct a new interface to test our theories. We evaluate the two interfaces through a randomized user study in a controlled laboratory setting, and determine that the new interface is significantly easier to understand and faster to use, especially for novice computer users. We observe not only measurable speed-ups of common tasks, but also improved user-reported ease of use ratings. Several of our design choices turn out to have been misguided, making some tasks more difficult in our modified interface, but fortunately our alterations are mutually independent, i.e. reverting some components to their original design does not nullify the benefit of other modifications. Our experience shows that even simple, intuitive, and logically consistent modifications to complex interfaces have dramatic positive usability effects, and can be easily applied to different pieces of security software in order to reduce the impediment to uptake by novice users.","PeriodicalId":118139,"journal":{"name":"Proceedings of the third ACM conference on Data and application security and privacy","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2013-02-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132411104","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Smart keys for cyber-cars: secure smartphone-based NFC-enabled car immobilizer 网络汽车的智能钥匙:基于安全智能手机的nfc汽车防盗器
Proceedings of the third ACM conference on Data and application security and privacy Pub Date : 2013-02-18 DOI: 10.1145/2435349.2435382
Christoph Busold, Ahmed Taha, C. Wachsmann, A. Dmitrienko, Hervé Seudie, Majid Sobhani, A. Sadeghi
{"title":"Smart keys for cyber-cars: secure smartphone-based NFC-enabled car immobilizer","authors":"Christoph Busold, Ahmed Taha, C. Wachsmann, A. Dmitrienko, Hervé Seudie, Majid Sobhani, A. Sadeghi","doi":"10.1145/2435349.2435382","DOIUrl":"https://doi.org/10.1145/2435349.2435382","url":null,"abstract":"Smartphones have become very popular and versatile devices. An emerging trend is the integration of smartphones into automotive systems and applications, particularly access control systems to unlock cars (doors and immobilizers). Smartphone-based automotive solutions promise to greatly enhance the user's experience by providing advanced features far beyond the conventional dedicated tokens/transponders. We present the first open security framework for secure smartphone-based immobilizers. Our generic security architecture protects the electronic access tokens on the smartphone and provides advanced features such as context-aware access policies, remote issuing and revocation of access rights and their delegation to other users. We discuss various approaches to instantiate our security architecture based on different hardware-based trusted execution environments, and elaborate on their security properties. We implemented our immobilizer system based on the latest Android-based smartphone and a microSD smartcard. Further, we support the algorithmic proofs of the security of the underlying protocols with automated formal verification tools.","PeriodicalId":118139,"journal":{"name":"Proceedings of the third ACM conference on Data and application security and privacy","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2013-02-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133782912","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 48
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信