发布求助
文献互助 智能选刊 最新文献

Proceedings of the 29th Annual Computer Security Applications Conference最新文献

筛选
英文 中文
k-subscription: privacy-preserving microblogging browsing through obfuscation k订阅:通过混淆保护隐私的微博浏览
Proceedings of the 29th Annual Computer Security Applications Conference Pub Date : 2013-12-09 DOI: 10.1145/2523649.2523671
P. Papadopoulos, A. Papadogiannakis, M. Polychronakis, Apostolis Zarras, Thorsten Holz, E. Markatos
{"title":"k-subscription: privacy-preserving microblogging browsing through obfuscation","authors":"P. Papadopoulos, A. Papadogiannakis, M. Polychronakis, Apostolis Zarras, Thorsten Holz, E. Markatos","doi":"10.1145/2523649.2523671","DOIUrl":"https://doi.org/10.1145/2523649.2523671","url":null,"abstract":"Over the past few years, microblogging social networking services have become a popular means for information sharing and communication. Besides sharing information among friends, such services are currently being used by artists, politicians, news channels, and information providers to easily communicate with their constituency. Even though following specific channels on a microblogging service enables users to receive interesting information in a timely manner, it may raise significant privacy concerns as well. For example, the microblogging service is able to observe all the channels that a particular user follows. This way, it can infer all the subjects a user might be interested in and generate a detailed profile of this user. This knowledge can be used for a variety of purposes that are usually beyond the control of the users. To address these privacy concerns, we propose k-subscription: an obfuscation-based approach that enables users to follow privacy-sensitive channels, while, at the same time, making it difficult for the microblogging service to find out their actual interests. Our method relies on obfuscation: in addition to each privacy-sensitive channel, users are encouraged to randomly follow k -- 1 other channels they are not interested in. In this way (i) their actual interests are hidden in random selections, and (ii) each user contributes in hiding the real interests of other users. Our analysis indicates that k-subscription makes it difficult for attackers to pinpoint a user's interests with significant confidence. We show that this confidence can be made predictably small by slightly adjusting k while adding a reasonably low overhead on the user's system.","PeriodicalId":127404,"journal":{"name":"Proceedings of the 29th Annual Computer Security Applications Conference","volume":"166 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121310607","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 24
Socket overloading for fun and cache-poisoning 套接字重载和缓存中毒
Proceedings of the 29th Annual Computer Security Applications Conference Pub Date : 2013-12-09 DOI: 10.1145/2523649.2523662
A. Herzberg, Haya Schulmann
{"title":"Socket overloading for fun and cache-poisoning","authors":"A. Herzberg, Haya Schulmann","doi":"10.1145/2523649.2523662","DOIUrl":"https://doi.org/10.1145/2523649.2523662","url":null,"abstract":"We present a new technique, which we call socket overloading, that we apply for off-path attacks on DNS. Socket overloading consists of short, low-rate, bursts of inbound packets, sent by off-path attacker to a victim host. Socket overloading exploits the priority assigned by the kernel to hardware interrupts, and enables an off-path attacker to illicit a side-channel on client hosts, which can be applied to circumvent source port and name server randomisation. Both port and name server randomisation are popular and standardised defenses, recommended in [RFC5452], against attacks by off-path adversaries. We show how to apply socket overloading for DNS cache poisoning and name server pinning against popular systems that support algorithms recommended in [RFC6056] and [RFC4097] respectively. Our socket overloading technique may be of independent interest, and can be applied against other protocols for different attacks.","PeriodicalId":127404,"journal":{"name":"Proceedings of the 29th Annual Computer Security Applications Conference","volume":"198 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132300147","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 41
A comprehensive black-box methodology for testing the forensic characteristics of solid-state drives 一个全面的黑盒方法,用于测试固态硬盘的取证特性
Proceedings of the 29th Annual Computer Security Applications Conference Pub Date : 2013-12-09 DOI: 10.1145/2523649.2523660
Gabriele Bonetti, Marco Viglione, Alessandro Frossi, F. Maggi, S. Zanero
{"title":"A comprehensive black-box methodology for testing the forensic characteristics of solid-state drives","authors":"Gabriele Bonetti, Marco Viglione, Alessandro Frossi, F. Maggi, S. Zanero","doi":"10.1145/2523649.2523660","DOIUrl":"https://doi.org/10.1145/2523649.2523660","url":null,"abstract":"Solid-state drives (SSDs) are inherently different from traditional drives, as they incorporate data-optimization mechanisms to overcome their limitations (such as a limited number of program-erase cycles, or the need of blanking a block before writing). The most common optimizations are wear leveling, trimming, compression, and garbage collection, which operate transparently to the host OS and, in certain cases, even when the disks are disconnected from a computer (but still powered up). In simple words, SSD controllers are designed to hide these internals completely, rendering them inaccessible if not through direct acquisition of the memory cells. These optimizations have a significant impact on the forensic analysis of SSDs. The main cause is that memory cells could be pre-emptively blanked, whereas a traditional drive sector would need to be explicitly rewritten to physically wipe off the data. Unfortunately, the existing literature on this subject is sparse and the conclusions are seemingly contradictory. In this paper we propose a generic, practical, test-driven methodology that guides researchers and forensics analysts through a series of steps that assess the \"forensic friendliness\" of a SSD. Given a drive of the same brand and model of the one under analysis, our methodology produces a decision that helps an analyst to determine whether or not an expensive direct acquisition of the memory cells is worth the effort, because the extreme optimizations may have rendered the data unreadable or useless. We apply our methodology to three SSDs produced by top vendors (Samsung, Corsair, and Crucial), and provide a detailed description of how each step should be conducted.","PeriodicalId":127404,"journal":{"name":"Proceedings of the 29th Annual Computer Security Applications Conference","volume":"29 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116698317","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 15
Pitfalls in the automated strengthening of passwords 自动强化密码的陷阱
Proceedings of the 29th Annual Computer Security Applications Conference Pub Date : 2013-12-09 DOI: 10.1145/2523649.2523651
David Schmidt, T. Jaeger
{"title":"Pitfalls in the automated strengthening of passwords","authors":"David Schmidt, T. Jaeger","doi":"10.1145/2523649.2523651","DOIUrl":"https://doi.org/10.1145/2523649.2523651","url":null,"abstract":"Passwords are the most common form of authentication for computer systems, and with good reason: they are simple, intuitive and require no extra device for their use. Unfortunately, users often choose weak passwords that are easy to guess. Various methods of helping users select strong passwords have been deployed, often in the form of requirements for the minimum length and number of character classes to use. Alternatively, a site could modify a user's password in order to make it more secure; strengthening algorithms have been proposed that extend/modify a user-supplied password until achieving sufficient strength. Researchers have suggested that it may be possible to balance password strength with memorability by limiting automated changes to one or two characters while evaluating the generated passwords' strength against known cracking algorithms. This paper shows that passwords that were strengthened against the best known cracking algorithms are still susceptible to attack, provided the adversary knows the strengthening algorithm. We propose two attacks: (1) by strengthening the data sets with the known algorithm, which increases the percentage of recovered passwords by a factor of 2-5, and (2) by a brute-force attack on the initial passwords and space of possible changes, recovering all passwords produced when a sufficiently weak initial password was suggested. As a result, we find that the proposed strengthening algorithms do not yet satisfy Kerckhoffs's principle.","PeriodicalId":127404,"journal":{"name":"Proceedings of the 29th Annual Computer Security Applications Conference","volume":"7 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117093571","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
A portable user-level approach for system-wide integrity protection 一个可移植的用户级方法,用于系统范围的完整性保护
Proceedings of the 29th Annual Computer Security Applications Conference Pub Date : 2013-12-09 DOI: 10.1145/2523649.2523655
Wai-Kit Sze, R. Sekar
{"title":"A portable user-level approach for system-wide integrity protection","authors":"Wai-Kit Sze, R. Sekar","doi":"10.1145/2523649.2523655","DOIUrl":"https://doi.org/10.1145/2523649.2523655","url":null,"abstract":"In this paper, we develop an approach for protecting system integrity from untrusted code that may harbor sophisticated malware. We develop a novel dual-sandboxing architecture to confine not only untrusted, but also benign processes. Our sandboxes place only a few restrictions, thereby permitting most applications to function normally. Our implementation is performed entirely at the user-level, requiring no changes to the kernel. This enabled us to port the system easily from Linux to BSD. Our experimental results show that our approach preserves the usability of applications, while offering strong protection and good performance. Moreover, policy development is almost entirely automated, sparing users and administrators this cumbersome and difficult task.","PeriodicalId":127404,"journal":{"name":"Proceedings of the 29th Annual Computer Security Applications Conference","volume":"17 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122131489","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 15
AFrame: isolating advertisements from mobile applications in Android AFrame:将广告与Android手机应用隔离开来
Proceedings of the 29th Annual Computer Security Applications Conference Pub Date : 2013-12-09 DOI: 10.1145/2523649.2523652
Xiao Zhang, A. Ahlawat, Wenliang Du
{"title":"AFrame: isolating advertisements from mobile applications in Android","authors":"Xiao Zhang, A. Ahlawat, Wenliang Du","doi":"10.1145/2523649.2523652","DOIUrl":"https://doi.org/10.1145/2523649.2523652","url":null,"abstract":"Android uses a permission-based security model to restrict applications from accessing private data and privileged resources. However, the permissions are assigned at the application level, so even untrusted third-party libraries, such as advertisement, once incorporated, can share the same privileges as the entire application, leading to over-privileged problems. We present AFrame, a developer friendly method to isolate untrusted third-party code from the host applications. The isolation achieved by AFrame covers not only the process/permission isolation, but also the display and input isolation. Our AFrame framework is implemented through a minimal change to the existing Android code base; our evaluation results demonstrate that it is effective in isolating the privileges of untrusted third-party code from applications with reasonable performance overhead.","PeriodicalId":127404,"journal":{"name":"Proceedings of the 29th Annual Computer Security Applications Conference","volume":"40 1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129551960","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 82
Extraction of statistically significant malware behaviors 统计显著恶意软件行为的提取
Proceedings of the 29th Annual Computer Security Applications Conference Pub Date : 2013-12-09 DOI: 10.1145/2523649.2523659
Sirinda Palahan, Domagoj Babic, Swarat Chaudhuri, Daniel Kifer
{"title":"Extraction of statistically significant malware behaviors","authors":"Sirinda Palahan, Domagoj Babic, Swarat Chaudhuri, Daniel Kifer","doi":"10.1145/2523649.2523659","DOIUrl":"https://doi.org/10.1145/2523649.2523659","url":null,"abstract":"Traditionally, analysis of malicious software is only a semi-automated process, often requiring a skilled human analyst. As new malware appears at an increasingly alarming rate --- now over 100 thousand new variants each day --- there is a need for automated techniques for identifying suspicious behavior in programs. In this paper, we propose a method for extracting statistically significant malicious behaviors from a system call dependency graph (obtained by running a binary executable in a sandbox). Our approach is based on a new method for measuring the statistical significance of subgraphs. Given a training set of graphs from two classes (e.g., goodware and malware system call dependency graphs), our method can assign p-values to subgraphs of new graph instances even if those subgraphs have not appeared before in the training data (thus possibly capturing new behaviors or disguised versions of existing behaviors).","PeriodicalId":127404,"journal":{"name":"Proceedings of the 29th Annual Computer Security Applications Conference","volume":"119 14","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131913306","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 30
A building code for building code: putting what we know works to work 建筑规范的建筑规范:把我们所知道的工作
Proceedings of the 29th Annual Computer Security Applications Conference Pub Date : 2013-12-09 DOI: 10.1145/2523649.2530278
C. Landwehr
{"title":"A building code for building code: putting what we know works to work","authors":"C. Landwehr","doi":"10.1145/2523649.2530278","DOIUrl":"https://doi.org/10.1145/2523649.2530278","url":null,"abstract":"Systems of programs control more and more of our critical infrastructures. Forty years of system development and research have taught us many lessons in how to build software that is reliable, relatively free of vulnerabilities, and can enforce security policies. Those years of experience seem not to have taught us how to get these lessons put into practice, particularly with respect to security, except in a few specialized places. This essay suggests an approach to capturing what we know in a way that can make a difference in systems on which we all rely.","PeriodicalId":127404,"journal":{"name":"Proceedings of the 29th Annual Computer Security Applications Conference","volume":"33 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134521204","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
Uncovering access control weaknesses and flaws with security-discordant software clones 发现访问控制的弱点和与安全不一致的软件克隆的缺陷
Proceedings of the 29th Annual Computer Security Applications Conference Pub Date : 2013-12-09 DOI: 10.1145/2523649.2523650
François Gauthier, T. Lavoie, E. Merlo
{"title":"Uncovering access control weaknesses and flaws with security-discordant software clones","authors":"François Gauthier, T. Lavoie, E. Merlo","doi":"10.1145/2523649.2523650","DOIUrl":"https://doi.org/10.1145/2523649.2523650","url":null,"abstract":"Software clone detection techniques identify fragments of code that share some level of syntactic similarity. In this study, we investigate security-sensitive clone clusters: clusters of syntactically similar fragments of code that are protected by some privileges. From a security perspective, security-sensitive clone clusters can help reason about the implemented security model: given syntactically similar fragments of code, it is expected that they are protected by similar privileges. We hypothesize that clones that violate this assumption, defined as security-discordant clones, are likely to reveal weaknesses and flaws in access control models. In order to characterize security-discordant clones, we investigated two of the largest and most popular open-source PHP applications: Joomla! and Moodle, with sizes ranging from hundred thousands to more than a million lines of code. Investigation of security-discordant clone clusters in these systems revealed several previously undocumented, recurring, and application-independent security weaknesses. Moreover, security-discordant clones also revealed four, previously unreported, security flaws. Results also show how these flaws were revealed through the investigation of as little as 2% of the code base. Distribution of weaknesses and flaws between the two systems is investigated and discussed. Potential extensions to this exploratory work are also presented.","PeriodicalId":127404,"journal":{"name":"Proceedings of the 29th Annual Computer Security Applications Conference","volume":"11 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121249622","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 24
Discovery of emergent malicious campaigns in cellular networks 发现蜂窝网络中的突发恶意活动
Proceedings of the 29th Annual Computer Security Applications Conference Pub Date : 2013-12-09 DOI: 10.1145/2523649.2523657
Nathaniel Boggs, Wei Wang, Suhas Mathur, Baris Coskun, Carol Pincock
{"title":"Discovery of emergent malicious campaigns in cellular networks","authors":"Nathaniel Boggs, Wei Wang, Suhas Mathur, Baris Coskun, Carol Pincock","doi":"10.1145/2523649.2523657","DOIUrl":"https://doi.org/10.1145/2523649.2523657","url":null,"abstract":"The growth of Smartphones has bridged the telephony/SMS and the IP worlds, and this has resulted in new opportunities for financially motivated attackers. For example, some malicious campaigns in the cellular network aimed at extracting money fraudulently can do so even without any malware. Detecting and mitigating the variety of attacks in cellular network is difficult because they do not necessarily have a fixed 'signature', and new types of campaigns appear frequently. Further complicating matters, detecting a single malicious entity (a domain name, a phone number, or a short code) that is part of a malicious campaign, is usually not very effective, because the attacker simply moves to using another entity in its place. An effective strategy requires detecting all/most elements involved in the campaign at once. In this paper, we describe a system, based on ideas from anomaly detection and clustering, that aims to detect many different families of widespread malicious campaigns in cellular networks. The system reveals an entire campaign as a graph cluster which includes the various entities involved in the campaign and their relationship, such as malware download websites, C&C servers, spammers, etc. Using logs from both SMS and IP portions of the network for millions of users, we detect newly popular entities and cluster them to discover how they are related. By looking for cues of possible malicious behavior from any of the entities in a cluster, we attempt to ascertain whether a detected campaign might be malicious, providing valuable leads to a human analyst. Our system is live and generates daily clusters for human analysts. We provide detailed case studies of real, previously unseen families of malicious campaigns that this system has successfully brought to light.","PeriodicalId":127404,"journal":{"name":"Proceedings of the 29th Annual Computer Security Applications Conference","volume":"80 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122962580","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 15
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信