发布求助
文献互助 智能选刊 最新文献

Proceedings of the third ACM conference on Data and application security and privacy最新文献

筛选
英文 中文
Session details: Mobile-device security and privacy 会议细节:移动设备安全和隐私
Proceedings of the third ACM conference on Data and application security and privacy Pub Date : 2013-02-18 DOI: 10.1145/3260275
A. Pretschner
{"title":"Session details: Mobile-device security and privacy","authors":"A. Pretschner","doi":"10.1145/3260275","DOIUrl":"https://doi.org/10.1145/3260275","url":null,"abstract":"","PeriodicalId":118139,"journal":{"name":"Proceedings of the third ACM conference on Data and application security and privacy","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2013-02-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116543174","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Towards secure provenance-based access control in cloud environments 在云环境中实现基于来源的安全访问控制
Proceedings of the third ACM conference on Data and application security and privacy Pub Date : 2013-02-18 DOI: 10.1145/2435349.2435389
Adam Bates, Benjamin Mood, Masoud Valafar, Kevin R. B. Butler
{"title":"Towards secure provenance-based access control in cloud environments","authors":"Adam Bates, Benjamin Mood, Masoud Valafar, Kevin R. B. Butler","doi":"10.1145/2435349.2435389","DOIUrl":"https://doi.org/10.1145/2435349.2435389","url":null,"abstract":"As organizations become increasingly reliant on cloud computing for servicing their data storage requirements, the need to govern access control at finer granularities becomes particularly important. This challenge is increased by the lack of policy supporting data migration across geographic boundaries and through organizations with divergent regulatory policies. In this paper, we present an architecture for secure and distributed management of provenance, enabling its use in security-critical applications. Provenance, a metadata history detailing the derivation of an object, contains information that allows for expressive, policy-independent access control decisions. We consider how to manage and validate the metadata of a provenance-aware cloud system, and introduce protocols that allow for secure transfer of provenance metadata between end hosts and cloud authorities. Using these protocols, we develop a provenance-based access control mechanism for Cumulus cloud storage, capable of processing thousands of operations per second on a single deployment. Through the introduction of replicated components, we achieve overhead costs of just 14%, demonstrating that provenance-based access control is a practical and scalable solution for the cloud.","PeriodicalId":118139,"journal":{"name":"Proceedings of the third ACM conference on Data and application security and privacy","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2013-02-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129061337","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 72
All your browser-saved passwords could belong to us: a security analysis and a cloud-based new design 你所有保存在浏览器上的密码都属于我们:一个安全分析和一个基于云计算的新设计
Proceedings of the third ACM conference on Data and application security and privacy Pub Date : 2013-02-18 DOI: 10.1145/2435349.2435397
Rui Zhao, Chuan Yue
{"title":"All your browser-saved passwords could belong to us: a security analysis and a cloud-based new design","authors":"Rui Zhao, Chuan Yue","doi":"10.1145/2435349.2435397","DOIUrl":"https://doi.org/10.1145/2435349.2435397","url":null,"abstract":"Web users are confronted with the daunting challenges of creating, remembering, and using more and more strong passwords than ever before in order to protect their valuable assets on different websites. Password manager is one of the most popular approaches designed to address these challenges by saving users' passwords and later automatically filling the login forms on behalf of users. Fortunately, all the five most popular Web browsers have provided password managers as a useful built-in feature. Unfortunately, the designs of all those Browser-based Password Managers (BPMs) have severe security vulnerabilities. In this paper, we uncover the vulnerabilities of existing BPMs and analyze how they can be exploited by attackers to crack users' saved passwords. Moreover, we propose a novel Cloud-based Storage-Free BPM (CSF-BPM) design to achieve a high level of security with the desired confidentiality, integrity, and availability properties. We have implemented a CSF-BPM system into Firefox and evaluated its correctness and performance. We believe CSF-BPM is a rational design that can also be integrated into other popular Web browsers.","PeriodicalId":118139,"journal":{"name":"Proceedings of the third ACM conference on Data and application security and privacy","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2013-02-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115464753","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 39
Mining parameterized role-based policies 挖掘基于参数化角色的策略
Proceedings of the third ACM conference on Data and application security and privacy Pub Date : 2013-02-18 DOI: 10.1145/2435349.2435384
Zhongyuan Xu, S. Stoller
{"title":"Mining parameterized role-based policies","authors":"Zhongyuan Xu, S. Stoller","doi":"10.1145/2435349.2435384","DOIUrl":"https://doi.org/10.1145/2435349.2435384","url":null,"abstract":"Role-based access control (RBAC) offers significant advantages over lower-level access control policy representations, such as access control lists (ACLs). However, the effort required for a large organization to migrate from ACLs to RBAC can be a significant obstacle to adoption of RBAC. Role mining algorithms partially automate the construction of an RBAC policy from an ACL policy and possibly other information. These algorithms can significantly reduce the cost of migration to RBAC. This paper defines a parameterized RBAC (PRBAC) framework in which users and permissions have attributes that are implicit parameters of roles and can be used in role definitions. Parameterization significantly enhances the scalability of RBAC, by allowing much more concise policies. This paper presents algorithms for mining such policies and reports the results of evaluating the algorithms on case studies. To the best of our knowledge, these are the first policy mining algorithms for a PRBAC framework. An evaluation on three small but non-trivial case studies demonstrates the effectiveness of our algorithms.","PeriodicalId":118139,"journal":{"name":"Proceedings of the third ACM conference on Data and application security and privacy","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2013-02-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128351915","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 19
Data usage control enforcement in distributed systems 分布式系统中的数据使用控制实施
Proceedings of the third ACM conference on Data and application security and privacy Pub Date : 2013-02-18 DOI: 10.1145/2435349.2435358
Florian Kelbert, A. Pretschner
{"title":"Data usage control enforcement in distributed systems","authors":"Florian Kelbert, A. Pretschner","doi":"10.1145/2435349.2435358","DOIUrl":"https://doi.org/10.1145/2435349.2435358","url":null,"abstract":"Distributed usage control is concerned with how data may or may not be used in distributed system environments after initial access has been granted. If data flows through a distributed system, there exist multiple copies of the data on different client machines. Usage constraints then have to be enforced for all these clients. We extend a generic model for intra-system data flow tracking---that has been designed and used to track the existence of copies of data on single clients---to the cross-system case. When transferring, i.e., copying, data from one machine to another, our model makes it possible to (1) transfer usage control policies along with the data to the end of local enforcement at the receiving end, and (2) to be aware of the existence of copies of the data in the distributed system. As one example, we concretize \"transfer of data\" to the Transmission Control Protocol (TCP). Based on this concretized model, we develop a distributed usage control enforcement infrastructure that generically and application-independently extends the scope of usage control enforcement to any system receiving usage-controlled data. We instantiate and implement our work for OpenBSD and evaluate its security and performance.","PeriodicalId":118139,"journal":{"name":"Proceedings of the third ACM conference on Data and application security and privacy","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2013-02-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128087269","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 52
Insured access: an approach to ad-hoc information sharing for virtual organizations 有保障的访问:一种用于虚拟组织的临时信息共享方法
Proceedings of the third ACM conference on Data and application security and privacy Pub Date : 2013-02-18 DOI: 10.1145/2435349.2435393
Naoki Tanaka, M. Winslett, Adam J. Lee, David K. Y. Yau, F. Bao
{"title":"Insured access: an approach to ad-hoc information sharing for virtual organizations","authors":"Naoki Tanaka, M. Winslett, Adam J. Lee, David K. Y. Yau, F. Bao","doi":"10.1145/2435349.2435393","DOIUrl":"https://doi.org/10.1145/2435349.2435393","url":null,"abstract":"A virtual organization (VO) is a group of organizations that have banded together to achieve a common goal. Often a VO could function more effectively if its members were willing to share certain information. However, a typical VO member will not want to share its own information because the member will not benefit directly from the information's reuse, yet will be blamed if the reuse turns out badly. In this paper, we present insured access, the first economically sustainable system for encouraging appropriate information sharing in VOs. Before accessing information, a VO member must purchase a liability policy from the insurance arm of the VO. Insured access uses actuarial principles to set up and run the VO's insurance arm, and provides the following benefits: VO members who share their information are compensated if the information is misused, and can expect a positive benefit from sharing; members who use information well are rewarded and those who misuse it are penalized appropriately; and the level of risk-taking in the system is capped at a certain level. We demonstrate the sustainability of insured sharing through simulations of a map-sharing scenario.","PeriodicalId":118139,"journal":{"name":"Proceedings of the third ACM conference on Data and application security and privacy","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2013-02-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132008144","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
I see we still like C 看来我们还是喜欢C
Proceedings of the third ACM conference on Data and application security and privacy Pub Date : 2013-02-18 DOI: 10.1145/2435349.2435386
R. Killough
{"title":"I see we still like C","authors":"R. Killough","doi":"10.1145/2435349.2435386","DOIUrl":"https://doi.org/10.1145/2435349.2435386","url":null,"abstract":"The latest rankings of computer language popularity once again list C as the most popular programming language [1]. As a computer scientist that has written a lot of C code over the years, I must admit that makes me smile. While I don't write code much anymore, I like writing code, and I like writing it in C. Apparently so do a lot of other people. However, C was also the most popular programming language 25 years ago which is one indication that, in the field of software development, not much has changed. Are software developers unwilling to accept new paradigms or are the new paradigms proposed to-date simply unacceptable? This talk discusses what has and hasn't changed in the area of software development, how change (or the lack of it) relates to application security, and concludes with some thoughts on possible directions for the future.","PeriodicalId":118139,"journal":{"name":"Proceedings of the third ACM conference on Data and application security and privacy","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2013-02-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133067550","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
iBigTable: practical data integrity for bigtable in public cloud iBigTable:公有云大表的实用数据完整性
Proceedings of the third ACM conference on Data and application security and privacy Pub Date : 2013-02-18 DOI: 10.1145/2435349.2435399
Wei Wei, Ting Yu, Rui Xue
{"title":"iBigTable: practical data integrity for bigtable in public cloud","authors":"Wei Wei, Ting Yu, Rui Xue","doi":"10.1145/2435349.2435399","DOIUrl":"https://doi.org/10.1145/2435349.2435399","url":null,"abstract":"BigTable is a distributed storage system that is designed to manage large-scale structured data. Deploying BigTable in a public cloud is an economic storage solution to small businesses and researchers who need to deal with data processing tasks over large amount of data but often lack capabilities to obtain their own powerful clusters. As one may not always trust the public cloud provider, one important security issue is to ensure the integrity of data managed by BigTable running at the cloud. In this paper, we present iBigTable, an enhancement of BigTable that provides scalable data integrity assurance. We explore the practicality of different authenticated data structure designs for BigTable, and design a set of security protocols to efficiently and flexibly verify the integrity of data returned by BigTable. More importantly, iBigtable preserves the simplicity, applicability and scalability of BigTable, so that existing applications over BigTable can interact with iBigTable seamlessly with minimum or no change of code (depending on the mode of iBigTable). We implement a prototype of iBigTable based on HBase, an open source BigTable implementation. Our experimental results show that iBigTable imposes reasonable performance overhead while providing integrity assurance.","PeriodicalId":118139,"journal":{"name":"Proceedings of the third ACM conference on Data and application security and privacy","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2013-02-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116395797","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 11
Accepting the inevitable: factoring the user into home computer security 接受不可避免的事实:将用户纳入家庭计算机安全
Proceedings of the third ACM conference on Data and application security and privacy Pub Date : 2013-02-18 DOI: 10.1145/2435349.2435396
Malgorzata Urbanska, M. Roberts, I. Ray, A. Howe, Zinta S. Byrne
{"title":"Accepting the inevitable: factoring the user into home computer security","authors":"Malgorzata Urbanska, M. Roberts, I. Ray, A. Howe, Zinta S. Byrne","doi":"10.1145/2435349.2435396","DOIUrl":"https://doi.org/10.1145/2435349.2435396","url":null,"abstract":"Home computer users present unique challenges to computer security. A user's actions frequently affect security without the user understanding how. Moreover, whereas some home users are quite adept at protecting their machines from security threats, a vast majority are not. Current generation security tools, unfortunately, do not tailor security to the home user's needs and actions. In this work, we propose Personalized Attack Graphs (PAG) as a formal technique to model the security risks for the home computer informed by a profile of the user attributes such as preferences, threat perceptions and activities. A PAG also models the interplay between user activities and preferences, attacker strategies, and system activities within the system risk model. We develop a formal model of a user profile to personalize a single, monolithic PAG to different users, and show how to use the user profile to predict user actions.","PeriodicalId":118139,"journal":{"name":"Proceedings of the third ACM conference on Data and application security and privacy","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2013-02-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125312788","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
Linking anonymous location traces through driving characteristics 通过驾驶特征链接匿名位置痕迹
Proceedings of the third ACM conference on Data and application security and privacy Pub Date : 2013-02-18 DOI: 10.1145/2435349.2435391
Bin Zan, Zhanbo Sun, M. Gruteser, X. Ban
{"title":"Linking anonymous location traces through driving characteristics","authors":"Bin Zan, Zhanbo Sun, M. Gruteser, X. Ban","doi":"10.1145/2435349.2435391","DOIUrl":"https://doi.org/10.1145/2435349.2435391","url":null,"abstract":"Efforts to anonymize collections of location traces have often sought to reduce re-identification risks by dividing longer traces into multiple shorter, unlinkable segments. To ensure unlinkability, these algorithms delete parts from each location trace in areas where multiple traces converge, so that it is difficult to predict the movements of any one subject within this area and identify which follow-on trace segments belongs to the same subject. In this paper, we ask whether it is sufficient to base the definition of unlinkability on movement prediction models or whether the revealed trace segments themselves contain a fingerprint of the data subject that can be used to link segments and ultimately recover private information. To this end, we study a large set of vehicle locations traces collected through the Next Generation Simulation program. We first show that using vehicle moving characteristics related features, it is possible to identify outliers such as trucks or motorcycles from general passenger automobiles. We then show that even in a dataset containing similar passenger automobiles only, it is possible to use outlier driving behaviors to link a fraction of the vehicle trips. These results show that the definition of unlinkability may have to be extended for very precise location traces.","PeriodicalId":118139,"journal":{"name":"Proceedings of the third ACM conference on Data and application security and privacy","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2013-02-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125842008","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 18
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信