发布求助
文献互助 智能选刊 最新文献

Proceedings of the third ACM conference on Data and application security and privacy最新文献

筛选
英文 中文
A file provenance system 文件来源系统
Proceedings of the third ACM conference on Data and application security and privacy Pub Date : 2013-02-18 DOI: 10.1145/2435349.2435368
Salmin Sultana, E. Bertino
{"title":"A file provenance system","authors":"Salmin Sultana, E. Bertino","doi":"10.1145/2435349.2435368","DOIUrl":"https://doi.org/10.1145/2435349.2435368","url":null,"abstract":"A file provenance system supports the automatic collection and management of provenance i.e. the complete processing history of a data object. File system level provenance provides functionality unavailable in the existing provenance systems. In this paper, we discuss the design objectives for a flexible and efficient file provenance system and then propose the design of such a system, called FiPS. We design FiPS as a thin stackable file system for capturing provenance in a portable manner. FiPS can capture provenance at various degrees of granularity, can transform provenance records into secure information, and can direct the resulting provenance data to various persistent storage systems.","PeriodicalId":118139,"journal":{"name":"Proceedings of the third ACM conference on Data and application security and privacy","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2013-02-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129672227","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 24
Expression rewriting for optimizing secure computation 优化安全计算的表达式重写
Proceedings of the third ACM conference on Data and application security and privacy Pub Date : 2013-02-18 DOI: 10.1145/2435349.2435356
F. Kerschbaum
{"title":"Expression rewriting for optimizing secure computation","authors":"F. Kerschbaum","doi":"10.1145/2435349.2435356","DOIUrl":"https://doi.org/10.1145/2435349.2435356","url":null,"abstract":"In theory secure computation offers a solution for privacy in many collaborative applications. However, in practice poor efficiency of the protocols prevents their use. Hand-crafted protocols are more efficient than those implemented in compilers, but they require significantly more development effort in programming and verification. Recently, Kerschbaum introduced an automatic compiler optimization technique for secure computations that can make compilers as efficient as hand-crafted protocols. This optimization relies on the structure of the secure computation program. The programmer has to implement the program in such a way, such that the optimization can yield the optimal performance. In this paper we present an algorithm that rewrites the program -- most notably its expressions -- optimizing their efficiency in secure computation protocols. We give a heuristic for whole-program optimization and show the resulting performance gains using examples from the literature.","PeriodicalId":118139,"journal":{"name":"Proceedings of the third ACM conference on Data and application security and privacy","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2013-02-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130342144","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
Effect of grammar on security of long passwords 语法对长密码安全性的影响
Proceedings of the third ACM conference on Data and application security and privacy Pub Date : 2013-02-18 DOI: 10.1145/2435349.2435395
Ashwini Rao, B. Jha, G. Kini
{"title":"Effect of grammar on security of long passwords","authors":"Ashwini Rao, B. Jha, G. Kini","doi":"10.1145/2435349.2435395","DOIUrl":"https://doi.org/10.1145/2435349.2435395","url":null,"abstract":"Use of long sentence-like or phrase-like passwords such as \"abiggerbetterpassword\" and \"thecommunistfairy\" is increasing. In this paper, we study the role of grammatical structures underlying such passwords in diminishing the security of passwords. We show that the results of the study have direct bearing on the design of secure password policies, and on password crackers used for enforcing password security. Using an analytical model based on Parts-of-Speech tagging we show that the decrease in search space due to the presence of grammatical structures can be more than 50%. A significant result of our work is that the strength of long passwords does not increase uniformly with length. We show that using a better dictionary e.g. Google Web Corpus, we can crack more long passwords than previously shown (20.5% vs. 6%). We develop a proof-of-concept grammar-aware cracking algorithm to improve the cracking efficiency of long passwords. In a performance evaluation on a long password dataset, 10% of the total dataset was exclusively cracked by our algorithm and not by state-of-the-art password crackers.","PeriodicalId":118139,"journal":{"name":"Proceedings of the third ACM conference on Data and application security and privacy","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2013-02-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114286843","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 60
AppsPlayground: automatic security analysis of smartphone applications AppsPlayground:智能手机应用的自动安全分析
Proceedings of the third ACM conference on Data and application security and privacy Pub Date : 2013-02-18 DOI: 10.1145/2435349.2435379
Vaibhav Rastogi, Yan Chen, W. Enck
{"title":"AppsPlayground: automatic security analysis of smartphone applications","authors":"Vaibhav Rastogi, Yan Chen, W. Enck","doi":"10.1145/2435349.2435379","DOIUrl":"https://doi.org/10.1145/2435349.2435379","url":null,"abstract":"Today's smartphone application markets host an ever increasing number of applications. The sheer number of applications makes their review a daunting task. We propose AppsPlayground for Android, a framework that automates the analysis smartphone applications. AppsPlayground integrates multiple components comprising different detection and automatic exploration techniques for this purpose. We evaluated the system using multiple large scale and small scale experiments involving real benign and malicious applications. Our evaluation shows that AppsPlayground is quite effective at automatically detecting privacy leaks and malicious functionality in applications.","PeriodicalId":118139,"journal":{"name":"Proceedings of the third ACM conference on Data and application security and privacy","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2013-02-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131964882","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 368
Session details: Short papers: access control and uusage control for distributed systems 会议细节:短论文:分布式系统的访问控制和使用控制
Proceedings of the third ACM conference on Data and application security and privacy Pub Date : 2013-02-18 DOI: 10.1145/3260278
Jaehong Park
{"title":"Session details: Short papers: access control and uusage control for distributed systems","authors":"Jaehong Park","doi":"10.1145/3260278","DOIUrl":"https://doi.org/10.1145/3260278","url":null,"abstract":"","PeriodicalId":118139,"journal":{"name":"Proceedings of the third ACM conference on Data and application security and privacy","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2013-02-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133867737","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Authenticating spatial skyline queries with low communication overhead 以低通信开销验证空间天际线查询
Proceedings of the third ACM conference on Data and application security and privacy Pub Date : 2013-02-18 DOI: 10.1145/2435349.2435374
H. Lo, Gabriel Ghinita
{"title":"Authenticating spatial skyline queries with low communication overhead","authors":"H. Lo, Gabriel Ghinita","doi":"10.1145/2435349.2435374","DOIUrl":"https://doi.org/10.1145/2435349.2435374","url":null,"abstract":"With the emergence of cloud computing and location-based services, owners of spatial data (e.g., collections of geo-tagged photos, social network location check-ins, etc.) have the option to outsource services such as storage and query processing to a cloud service provider. However, providers of such services are not trusted to properly execute queries, so clients must be given assurance that the results are trustworthy. Therefore, authentication of database queries is needed to ensure correctness and completeness of the results provided by the cloud provider. One type of spatial query that is prominent in practice is the spatial skyline query (SSQ), which allows clients to retrieve results according to specific preferences. In this paper, we propose a solution for authenticating spatial skyline queries that focuses on reducing communication cost compared to existing solutions (MR-Trees). By using a flexible partitioning of the domain coupled with an efficient heuristic, we obtain communication costs that are up to three times lower than existing state-of-the-art.","PeriodicalId":118139,"journal":{"name":"Proceedings of the third ACM conference on Data and application security and privacy","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2013-02-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127651467","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
Session details: Poster session 会议详情:海报会议
Proceedings of the third ACM conference on Data and application security and privacy Pub Date : 2013-02-18 DOI: 10.1145/3260274
Gabriel Ghinita
{"title":"Session details: Poster session","authors":"Gabriel Ghinita","doi":"10.1145/3260274","DOIUrl":"https://doi.org/10.1145/3260274","url":null,"abstract":"","PeriodicalId":118139,"journal":{"name":"Proceedings of the third ACM conference on Data and application security and privacy","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2013-02-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114755510","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Fast, scalable detection of "Piggybacked" mobile applications 快速,可扩展的检测“搭载”移动应用程序
Proceedings of the third ACM conference on Data and application security and privacy Pub Date : 2013-02-18 DOI: 10.1145/2435349.2435377
Wu Zhou, Yajin Zhou, Michael C. Grace, Xuxian Jiang, S. Zou
{"title":"Fast, scalable detection of \"Piggybacked\" mobile applications","authors":"Wu Zhou, Yajin Zhou, Michael C. Grace, Xuxian Jiang, S. Zou","doi":"10.1145/2435349.2435377","DOIUrl":"https://doi.org/10.1145/2435349.2435377","url":null,"abstract":"Mobile applications (or apps) are rapidly growing in number and variety. These apps provide useful features, but also bring certain privacy and security risks. For example, malicious authors may attach destructive payloads to legitimate apps to create so-called \"piggybacked\" apps and advertise them in various app markets to infect unsuspecting users. To detect them, existing approaches typically employ pair-wise comparison, which unfortunately has limited scalability. In this paper, we present a fast and scalable approach to detect these apps in existing Android markets. Based on the fact that the attached payload is not an integral part of a given app's primary functionality, we propose a module decoupling technique to partition an app's code into primary and non-primary modules. Also, noticing that piggybacked apps share the same primary modules as the original apps, we develop a feature fingerprint technique to extract various semantic features (from primary modules) and convert them into feature vectors. We then construct a metric space and propose a linearithmic search algorithm (with O(n log n) time complexity) to efficiently and scalably detect piggybacked apps. We have implemented a prototype and used it to study 84,767 apps collected from various Android markets in 2011. Our results show that the processing of these apps takes less than nine hours on a single machine. In addition, among these markets, piggybacked apps range from 0.97% to 2.7% (the official Android Market has 1%). Further investigation shows that they are mainly used to steal ad revenue from the original developers and implant malicious payloads (e.g., for remote bot control). These results demonstrate the effectiveness and scalability of our approach.","PeriodicalId":118139,"journal":{"name":"Proceedings of the third ACM conference on Data and application security and privacy","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2013-02-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132006436","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 241
Towards self-repairing replication-based storage systems using untrusted clouds 使用不可信的云实现基于复制的存储系统的自我修复
Proceedings of the third ACM conference on Data and application security and privacy Pub Date : 2013-02-18 DOI: 10.1145/2435349.2435402
Bo Chen, Reza Curtmola
{"title":"Towards self-repairing replication-based storage systems using untrusted clouds","authors":"Bo Chen, Reza Curtmola","doi":"10.1145/2435349.2435402","DOIUrl":"https://doi.org/10.1145/2435349.2435402","url":null,"abstract":"Distributed storage systems store data redundantly at multiple servers which are geographically spread throughout the world. This basic approach would be sufficient in handling server failure due to natural faults, because when one server fails, data from healthy servers can be used to restore the desired redundancy level. However, in a setting where servers are untrusted and can behave maliciously, data redundancy must be used in tandem with Remote Data Checking (RDC) to ensure that the redundancy level of the storage systems is maintained over time. All previous RDC schemes for distributed systems impose a heavy burden on the data owner (client) during data maintenance: To repair data at a faulty server, the data owner needs to first download a large amount of data, re-generate the data to be stored at a new server, and then upload this data at a new healthy server. We propose RDC -- SR, a novel RDC scheme for replication-based distributed storage systems. RDC -- SR enables Server-side Repair (thus taking advantage of the premium connections available between a CSP's data centers) and places a minimal load on the data owner who only has to act as a repair coordinator. The main insight behind RDC -- SR is that the replicas are differentiated based on a controllable amount of masking, which offers RDC -- SR flexibility in handling different adversarial strengths. Also, replica generation must be time consuming in order to avoid certain colluding attacks from malicious servers. Our prototype for RDC -- SR built on Amazon AWS validates the practicality of this new approach.","PeriodicalId":118139,"journal":{"name":"Proceedings of the third ACM conference on Data and application security and privacy","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2013-02-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115691158","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 26
A new approach for delegation in usage control 使用控制中委托的一种新方法
Proceedings of the third ACM conference on Data and application security and privacy Pub Date : 2013-02-18 DOI: 10.1145/2435349.2435388
X. L. Hu, Sylvia L. Osborn
{"title":"A new approach for delegation in usage control","authors":"X. L. Hu, Sylvia L. Osborn","doi":"10.1145/2435349.2435388","DOIUrl":"https://doi.org/10.1145/2435349.2435388","url":null,"abstract":"UCON (Usage Control), a recent access control model, allows temporal control of the usage of permissions according to three criteria: Authorizations, oBligations and Conditions. In this paper, we investigate delegation in UCON and propose a new approach to achieve user-user total and partial delegations with the enforcement of constraints by taking advantage of UCON's existing components: Authorizations, oBligations and Conditions. The approach we propose can be modified and extended, without much effort, to other access control models accommodated by UCON and to a distributed environment.","PeriodicalId":118139,"journal":{"name":"Proceedings of the third ACM conference on Data and application security and privacy","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2013-02-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114662607","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信