发布求助
文献互助 智能选刊 最新文献

Proceedings of the 29th Annual Computer Security Applications Conference最新文献

筛选
英文 中文
Seeing is not believing: visual verifications through liveness analysis using mobile devices 眼见为实:通过移动设备进行活体分析的视觉验证
Proceedings of the 29th Annual Computer Security Applications Conference Pub Date : 2013-12-09 DOI: 10.1145/2523649.2523666
Mahmudur Rahman, Umut Topkara, Bogdan Carbunar
{"title":"Seeing is not believing: visual verifications through liveness analysis using mobile devices","authors":"Mahmudur Rahman, Umut Topkara, Bogdan Carbunar","doi":"10.1145/2523649.2523666","DOIUrl":"https://doi.org/10.1145/2523649.2523666","url":null,"abstract":"The visual information captured with camera-equipped mobile devices has greatly appreciated in value and importance as a result of their ubiquitous and connected nature. Today, banking customers expect to be able to deposit checks using mobile devices, and broadcasting videos from camera phones uploaded by unknown users is admissible on news networks. We present Movee, a system that addresses the fundamental question of whether the visual stream coming into a mobile app from the camera of the device can be trusted to be un-tampered with, live data, before it can be used for a variety of purposes. Movee is a novel approach to video liveness analysis for mobile devices. It is based on measuring the consistency between the data from the accelerometer sensor and the inferred motion from the captured video. Contrary to existing algorithms, Movee has the unique strength of not depending on the audio track. Our experiments on real user data have shown that Movee achieves 8% Equal Error Rate.","PeriodicalId":127404,"journal":{"name":"Proceedings of the 29th Annual Computer Security Applications Conference","volume":"30 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121111470","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 10
CPS: stateful policy enforcement for control system device usage CPS:控制系统设备使用的有状态策略实施
Proceedings of the 29th Annual Computer Security Applications Conference Pub Date : 2013-12-09 DOI: 10.1145/2523649.2523673
Stephen E. McLaughlin
{"title":"CPS: stateful policy enforcement for control system device usage","authors":"Stephen E. McLaughlin","doi":"10.1145/2523649.2523673","DOIUrl":"https://doi.org/10.1145/2523649.2523673","url":null,"abstract":"Networked control systems used in energy, manufacturing, and transportation combine large, vulnerable attack surfaces with far overprovisioned privileges. Often, compromising a single computer or user account is sufficient to give an attacker free reign over physical machinery. Significant reduction of attack surface size is an ongoing problem, so we shift our focus to reducing the privileges granted to system operators and embedded controllers. To this end, we introduce C2, an enforcement mechanism for policies governing the usage of electromechanical devices. In presenting C2, we address two basic problems: (i.) How should a policy for physical device usage be expressed and enforced? This is a challenging question, as the safe usage of physical devices is dependent on mechanical limitations and the behavior of nearby devices. (ii.) What actions should be taken if a physical machine is issued an operation that violates the policy? C2 takes measures to ensure unsafe behaviors are not caused when denying slightly erroneous yet legitimate operations. We evaluate C2 against six representative control systems, and show that it can efficiently perform policy checks with less than 3.7% overhead, while not introducing new unsafe behaviors into a control system.","PeriodicalId":127404,"journal":{"name":"Proceedings of the 29th Annual Computer Security Applications Conference","volume":"14 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114454531","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 40
Systems thinking for safety and security 安全保障的系统思考
Proceedings of the 29th Annual Computer Security Applications Conference Pub Date : 2013-12-09 DOI: 10.1145/2523649.2530277
William Young, N. Leveson
{"title":"Systems thinking for safety and security","authors":"William Young, N. Leveson","doi":"10.1145/2523649.2530277","DOIUrl":"https://doi.org/10.1145/2523649.2530277","url":null,"abstract":"The fundamental challenge facing security professionals is preventing losses, be they operational, financial or mission losses. As a result, one could argue that security professionals share this challenge with safety professionals. Despite their shared challenge, there is little evidence that recent advances that enable one community to better prevent losses have been shared with the other for possible implementation. Limitations in current safety approaches have led researchers and practitioners to develop new models and techniques. These techniques could potentially benefit the field of security. This paper describes a new systems thinking approach to safety that may be suitable for meeting the challenge of securing complex systems against cyber disruptions. Systems-Theoretic Process Analysis for Security (STPA-Sec) augments traditional security approaches by introducing a top-down analysis process designed to help a multidisciplinary team consisting of security, operations, and domain experts identify and constrain the system from entering vulnerable states that lead to losses. This new framework shifts the focus of the security analysis away from threats as the proximate cause of losses and focuses instead on the broader system structure that allowed the system to enter a vulnerable system state that the threat exploits to produce the disruption leading to the loss.","PeriodicalId":127404,"journal":{"name":"Proceedings of the 29th Annual Computer Security Applications Conference","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123974276","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 114
Message in a bottle: sailing past censorship 瓶子里的信息:通过审查
Proceedings of the 29th Annual Computer Security Applications Conference Pub Date : 2013-12-09 DOI: 10.1145/2523649.2523654
L. Invernizzi, Christopher Krügel, G. Vigna
{"title":"Message in a bottle: sailing past censorship","authors":"L. Invernizzi, Christopher Krügel, G. Vigna","doi":"10.1145/2523649.2523654","DOIUrl":"https://doi.org/10.1145/2523649.2523654","url":null,"abstract":"Exploiting recent advances in monitoring technology and the drop of its costs, authoritarian and oppressive regimes are tightening the grip around the virtual lives of their citizens. Meanwhile, the dissidents, oppressed by these regimes, are organizing online, cloaking their activity with anti-censorship systems that typically consist of a network of anonymizing proxies. The censors have become well aware of this, and they are systematically finding and blocking all the entry points to these networks. So far, they have been quite successful. We believe that, to achieve resilience to blocking, anti-censorship systems must abandon the idea of having a limited number of entry points. Instead, they should establish first contact in an online location arbitrarily chosen by each of their users. To explore this idea, we have developed Message In A Bottle, a protocol where any blog post becomes a potential \"drop point\" for hidden messages. We have developed and released a proof-of-concept application of our system, and demonstrated its feasibility. To block this system, censors are left with a needle-in-a-haystack problem: Unable to identify what bears hidden messages, they must block everything, effectively disconnecting their own network from a large part of the Internet. This, hopefully, is a cost too high to bear.","PeriodicalId":127404,"journal":{"name":"Proceedings of the 29th Annual Computer Security Applications Conference","volume":"15 7","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114031673","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 42
Control-flow restrictor: compiler-based CFI for iOS 控制流限制器:iOS的基于编译器的CFI
Proceedings of the 29th Annual Computer Security Applications Conference Pub Date : 2013-12-09 DOI: 10.1145/2523649.2523674
Jannik Pewny, Thorsten Holz
{"title":"Control-flow restrictor: compiler-based CFI for iOS","authors":"Jannik Pewny, Thorsten Holz","doi":"10.1145/2523649.2523674","DOIUrl":"https://doi.org/10.1145/2523649.2523674","url":null,"abstract":"Runtime attacks that exploit software vulnerabilities are still an important concern nowadays. Even smartphone operating systems such as Apple's iOS are affected by such attacks since the system is implemented in Objective-C, a programming language that enables attacks such as buffer overflows. As a generic protection technique against a whole class of attacks, control-flow integrity (CFI) offers some interesting properties. Recent work demonstrated that CFI can be implemented on iOS by patching the binary during the loading process and adding an instrumentation layer that enforces CFI during runtime. However, this approach is of little practical value since it requires a jailbroken device, which hinders wide employment. Furthermore, binary patching has a certain performance impact. In this paper, we show how CFI can be implemented directly within a compiler, making the approach widely deployable on all kinds of iOS devices. We extend the LLVM compiler and add our CFI enforcement approach during the compilation phase of a given app. An empirical evaluation shows that the size and performance overhead is reasonable.","PeriodicalId":127404,"journal":{"name":"Proceedings of the 29th Annual Computer Security Applications Conference","volume":"61 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130208807","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 66
Subverting system authentication with context-aware, reactive virtual machine introspection 通过上下文感知、响应式虚拟机自省来颠覆系统身份验证
Proceedings of the 29th Annual Computer Security Applications Conference Pub Date : 2013-12-09 DOI: 10.1145/2523649.2523664
Yangchun Fu, Zhiqiang Lin, Kevin W. Hamlen
{"title":"Subverting system authentication with context-aware, reactive virtual machine introspection","authors":"Yangchun Fu, Zhiqiang Lin, Kevin W. Hamlen","doi":"10.1145/2523649.2523664","DOIUrl":"https://doi.org/10.1145/2523649.2523664","url":null,"abstract":"Recent advances in bridging the semantic gap between virtual machines (VMs) and their guest processes have a dark side: They can be abused to subvert and compromise VM file system images and process images. To demonstrate this alarming capability, a context-aware, reactive VM Introspection (VMI) instrument is presented and leveraged to automatically break the authentication mechanisms of both Linux and Windows operating systems. By bridging the semantic gap, the attack is able to automatically identify critical decision points where authentication succeeds or fails at the binary level. It can then leverage the VMI to transparently corrupt the control-flow or data-flow of the victim OS at that point, resulting in successful authentication without any password-guessing or encryption-cracking. The approach is highly flexible (threatening a broad class of authentication implementations), practical (realizable against real-world OSes and VM images), and useful for both malicious attacks and forensics analysis of virtualized systems and software.","PeriodicalId":127404,"journal":{"name":"Proceedings of the 29th Annual Computer Security Applications Conference","volume":"2018 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131318167","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
PRIME: private RSA infrastructure for memory-less encryption PRIME:用于无内存加密的私有RSA基础设施
Proceedings of the 29th Annual Computer Security Applications Conference Pub Date : 2013-12-09 DOI: 10.1145/2523649.2523656
Behrad Garmany, Tilo Müller
{"title":"PRIME: private RSA infrastructure for memory-less encryption","authors":"Behrad Garmany, Tilo Müller","doi":"10.1145/2523649.2523656","DOIUrl":"https://doi.org/10.1145/2523649.2523656","url":null,"abstract":"Cold boot attacks exploit the fact that data in RAM gradually fades away over time, rather than being lost immediately when power is cycled off. An attacker can gain access to all memory contents by a restart or short power-down of the system, a so called cold boot. Consequently, sensitive data in RAM like cryptographic keys are exposed to attackers with physical access. Research in recent years found software-based solutions to the cold boot problem in terms of CPU-bound or memory-less encryption. To date, however, the focus has been set on symmetric ciphers, particularly concerning disk encryption systems. Contrary to that, the work in hand aims to close the gap to asymmetric ciphers. With PRIME, we present a cold boot resistant infrastructure for private RSA operations. All private RSA parameters reside symmetrically encrypted in RAM and are decrypted only within CPU registers. The modular exponentiation algorithm for RSA is implemented entirely on the CPU, such that no sensitive state of RSA ever goes to RAM.","PeriodicalId":127404,"journal":{"name":"Proceedings of the 29th Annual Computer Security Applications Conference","volume":"271 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115667316","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 42
DR BACA: dynamic role based access control for Android DR BACA:基于动态角色的Android访问控制
Proceedings of the 29th Annual Computer Security Applications Conference Pub Date : 2013-12-09 DOI: 10.1145/2523649.2523676
Felix Rohrer, Yuting Zhang, Lubomir T. Chitkushev, Tanya Zlateva
{"title":"DR BACA: dynamic role based access control for Android","authors":"Felix Rohrer, Yuting Zhang, Lubomir T. Chitkushev, Tanya Zlateva","doi":"10.1145/2523649.2523676","DOIUrl":"https://doi.org/10.1145/2523649.2523676","url":null,"abstract":"Android as an open platform dominates the booming mobile market. However its permission mechanism is inflexible and often results in over-privileged applications. This in turn creates severe security issues. Aiming to support the Principle of Least Privilege, we propose and implement a Dynamic Role Based Access Control for Android (DR BACA) model to enhance Android security, particularly in corporate environment. Our system offers multi-user management on Android mobile devices comparable to traditional workstations, and provides fine-grained Role Based Access Control (RBAC) to enhance Android security at both the application and permission level. Moreover, by leveraging context-aware capabilities of mobile devices and Near Field communication (NFC) technology, our solution supports dynamic RBAC to provide more flexible access control while still being able to mitigate some of the most serious security risks on mobile devices. The DR BACA system can easily be managed, even in large business environments with many mobile devices. We show that our DR BACA system can be deployed and used with ease. With a proper security policy, our evaluation shows that DR BACA can effectively mitigate the security risks posed by both malicious and vulnerable non-malicious applications while incurring only a small overall system overhead.","PeriodicalId":127404,"journal":{"name":"Proceedings of the 29th Annual Computer Security Applications Conference","volume":"158 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115932832","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 26
Proceedings of the 29th Annual Computer Security Applications Conference 第29届计算机安全应用年会论文集
Proceedings of the 29th Annual Computer Security Applications Conference Pub Date : 2013-12-09 DOI: 10.1145/2523649
C. Payne, A. Hahn, Kevin R. B. Butler, M. Sherr
{"title":"Proceedings of the 29th Annual Computer Security Applications Conference","authors":"C. Payne, A. Hahn, Kevin R. B. Butler, M. Sherr","doi":"10.1145/2523649","DOIUrl":"https://doi.org/10.1145/2523649","url":null,"abstract":"The 29th Annual Computer Security Applications Conference, held December 9--13, 2013, returns to picturesque New Orleans, Louisiana, USA, after an absence of a dozen years. Like this beautiful city, ACSAC has witnessed many changes to its landscape in the interim. Some are evolutionary; others are gamechanging. Topics that commanded attention during our last visit, like intrusion detection, public key cryptography and firewalls, have yielded to pressing concerns in mobile security, cloud security, and malware. The breadth of topics continues to expand.","PeriodicalId":127404,"journal":{"name":"Proceedings of the 29th Annual Computer Security Applications Conference","volume":"65 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131945831","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
SPIDER: stealthy binary program instrumentation and debugging via hardware virtualization SPIDER:通过硬件虚拟化实现的隐蔽二进制程序检测和调试
Proceedings of the 29th Annual Computer Security Applications Conference Pub Date : 2013-12-09 DOI: 10.1145/2523649.2523675
Zhui Deng, X. Zhang, Dongyan Xu
{"title":"SPIDER: stealthy binary program instrumentation and debugging via hardware virtualization","authors":"Zhui Deng, X. Zhang, Dongyan Xu","doi":"10.1145/2523649.2523675","DOIUrl":"https://doi.org/10.1145/2523649.2523675","url":null,"abstract":"The ability to trap the execution of a binary program at desired instructions is essential in many security scenarios such as malware analysis and attack provenance. However, an increasing percent of both malicious and legitimate programs are equipped with anti-debugging and anti-instrumentation techniques, which render existing debuggers and instrumentation tools inadequate. In this paper, we present Spider, a stealthy program instrumentation framework which enables transparent, efficient and flexible instruction-level trapping based on hardware virtualization. Spider uses invisible breakpoint, a novel primitive we develop that inherits the efficiency and flexibility of software breakpoint, and utilizes hardware virtualization to hide its side-effects from the guest. We have implemented a prototype of Spider on KVM. Our evaluation shows that Spider succeeds in remaining transparent against state-of-the-art anti-debugging and anti-instrumentation techniques; the overhead of invisible breakpoint is comparable with traditional hardware breakpoint. We also demonstrate Spider's usage in various security applications.","PeriodicalId":127404,"journal":{"name":"Proceedings of the 29th Annual Computer Security Applications Conference","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115716268","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 94
下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信