发布求助
文献互助 智能选刊 最新文献

Proceedings of the 29th Annual Computer Security Applications Conference最新文献

筛选
英文 中文
Crossover: secure and usable user interface for mobile devices with multiple isolated OS personalities 跨界:安全且可用的用户界面,适用于具有多个独立操作系统个性的移动设备
Proceedings of the 29th Annual Computer Security Applications Conference Pub Date : 2013-12-09 DOI: 10.1145/2523649.2523667
Matthias Lange, Steffen Liebergeld
{"title":"Crossover: secure and usable user interface for mobile devices with multiple isolated OS personalities","authors":"Matthias Lange, Steffen Liebergeld","doi":"10.1145/2523649.2523667","DOIUrl":"https://doi.org/10.1145/2523649.2523667","url":null,"abstract":"Bring your own device policies allow private phones to be used in corporate environments. Solutions with multiple operating system personalities aim at solving the tension between the user's needs and the corporate's security policies. These solutions succeed at isolating personal and corporate information at the data level. But thorough research of the security requirements on the user interface to handle different environments on one device is missing. In this work we define a threat model and derive the pre-requisites for a practical and secure user interface for mobile devices. We designed an UI framework which provides the mechanisms to handle multiple environments on a mobile device. Our design is applicable to several different virtualization solutions. We implemented a prototype that runs on a real device and evaluated it in terms of usability and security.","PeriodicalId":127404,"journal":{"name":"Proceedings of the 29th Annual Computer Security Applications Conference","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130256590","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 10
SigMal: a static signal processing based malware triage SigMal:基于恶意软件分类的静态信号处理
Proceedings of the 29th Annual Computer Security Applications Conference Pub Date : 2013-12-09 DOI: 10.1145/2523649.2523682
Dhilung Kirat, L. Nataraj, G. Vigna, B. S. Manjunath
{"title":"SigMal: a static signal processing based malware triage","authors":"Dhilung Kirat, L. Nataraj, G. Vigna, B. S. Manjunath","doi":"10.1145/2523649.2523682","DOIUrl":"https://doi.org/10.1145/2523649.2523682","url":null,"abstract":"In this work, we propose SigMal, a fast and precise malware detection framework based on signal processing techniques. SigMal is designed to operate with systems that process large amounts of binary samples. It has been observed that many samples received by such systems are variants of previously-seen malware, and they retain some similarity at the binary level. Previous systems used this notion of malware similarity to detect new variants of previously-seen malware. SigMal improves the state-of-the-art by leveraging techniques borrowed from signal processing to extract noise-resistant similarity signatures from the samples. SigMal uses an efficient nearest-neighbor search technique, which is scalable to millions of samples. We evaluate SigMal on 1.2 million recent samples, both packed and unpacked, observed over a duration of three months. In addition, we also used a constant dataset of known benign executables. Our results show that SigMal can classify 50% of the recent incoming samples with above 99% precision. We also show that SigMal could have detected, on average, 70 malware samples per day before any antivirus vendor detected them.","PeriodicalId":127404,"journal":{"name":"Proceedings of the 29th Annual Computer Security Applications Conference","volume":"146 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126746074","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 61
DUET: integration of dynamic and static analyses for malware clustering with cluster ensembles DUET:集成动态和静态分析的恶意软件集群与集群集成
Proceedings of the 29th Annual Computer Security Applications Conference Pub Date : 2013-12-09 DOI: 10.1145/2523649.2523677
Xin Hu, K. Shin
{"title":"DUET: integration of dynamic and static analyses for malware clustering with cluster ensembles","authors":"Xin Hu, K. Shin","doi":"10.1145/2523649.2523677","DOIUrl":"https://doi.org/10.1145/2523649.2523677","url":null,"abstract":"Automatic malware clustering plays a vital role in combating the rapidly growing number of malware variants. Most existing malware clustering algorithms operate on either static instruction features or dynamic behavior features to partition malware into families. However, these two distinct approaches have their own strengths and weaknesses in handling different types of malware. Moreover, different clustering algorithms and even multiple runs of the same algorithms may produce inconsistent or even contradictory results. To remedy this heterogeneity and lack of robustness of a single clustering algorithm, we propose a novel system called DUET by exploiting the complementary nature of static and dynamic clustering algorithms and optimally integrating their results. By using the concept of clustering ensemble, DUET combines partitions from individual clustering algorithms into a single consensus partition with better quality and robustness. DUET improves existing ensemble algorithms by incorporating cluster-quality measures to effectively reconcile differences and/or contradictions between base malware clusterings. Using real-world malware samples, we compare the performance of DUET (in terms of clustering precision, recall and coverage) with individual state-of-the-art static and dynamic clustering component. The comprehensive experiments demonstrate DUET's capability of improving the coverage of malware samples by 20--40% while keeping the precision near the optimum achievable by any individual clustering algorithm.","PeriodicalId":127404,"journal":{"name":"Proceedings of the 29th Annual Computer Security Applications Conference","volume":"11 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127115209","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 34
Revisiting graphical passwords for augmenting, not replacing, text passwords 重新访问图形密码以增加而不是替换文本密码
Proceedings of the 29th Annual Computer Security Applications Conference Pub Date : 2013-12-09 DOI: 10.1145/2523649.2523672
Murat Akpulat, K. Bicakci, Ugur Cil
{"title":"Revisiting graphical passwords for augmenting, not replacing, text passwords","authors":"Murat Akpulat, K. Bicakci, Ugur Cil","doi":"10.1145/2523649.2523672","DOIUrl":"https://doi.org/10.1145/2523649.2523672","url":null,"abstract":"Users generally choose weak passwords which can be easily guessed. On the other hand, adoption of alternatives to text passwords has been slow due to cost and usability factors. We acknowledge that incumbent passwords remain difficult to beat and introduce in this study Type&Click (T&C), a hybrid scheme supporting text passwords with the graphical passwords. In T&C, users first type a text as usual and then make a single click on an image to complete the password entry. While largely preserving the login experience with the text passwords, the new scheme utilizes accumulated scientific knowledge in graphical password research (implicit feedback, persuasion during password creation, leveraging cued recall memory). The results of our user study suggest that T&C is promising for augmenting text passwords for improved security without degrading usability.","PeriodicalId":127404,"journal":{"name":"Proceedings of the 29th Annual Computer Security Applications Conference","volume":"35 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115282700","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
Implementation and implications of a stealth hard-drive backdoor 隐形硬盘后门的实现和含义
Proceedings of the 29th Annual Computer Security Applications Conference Pub Date : 2013-12-09 DOI: 10.1145/2523649.2523661
Jonas Zaddach, Anil Kurmus, D. Balzarotti, Erik-Oliver Blass, Aurélien Francillon, T. Goodspeed, M. Gupta, Ioannis Koltsidas
{"title":"Implementation and implications of a stealth hard-drive backdoor","authors":"Jonas Zaddach, Anil Kurmus, D. Balzarotti, Erik-Oliver Blass, Aurélien Francillon, T. Goodspeed, M. Gupta, Ioannis Koltsidas","doi":"10.1145/2523649.2523661","DOIUrl":"https://doi.org/10.1145/2523649.2523661","url":null,"abstract":"Modern workstations and servers implicitly trust hard disks to act as well-behaved block devices. This paper analyzes the catastrophic loss of security that occurs when hard disks are not trustworthy. First, we show that it is possible to compromise the firmware of a commercial off-the-shelf hard drive, by resorting only to public information and reverse engineering. Using such a compromised firmware, we present a stealth rootkit that replaces arbitrary blocks from the disk while they are written, providing a data replacement back-door. The measured performance overhead of the compromised disk drive is less than 1% compared with a normal, non-malicious disk drive. We then demonstrate that a remote attacker can even establish a communication channel with a compromised disk to infiltrate commands and to ex-filtrate data. In our example, this channel is established over the Internet to an unmodified web server that relies on the compromised drive for its storage, passing through the original webserver, database server, database storage engine, filesystem driver, and block device driver. Additional experiments, performed in an emulated disk-drive environment, could automatically extract sensitive data such as /etc/shadow (or a secret key file) in less than a minute. This paper claims that the difficulty of implementing such an attack is not limited to the area of government cyber-warfare; rather, it is well within the reach of moderately funded criminals, botnet herders and academic researchers.","PeriodicalId":127404,"journal":{"name":"Proceedings of the 29th Annual Computer Security Applications Conference","volume":"322 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123931070","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 77
Do I know you?: efficient and privacy-preserving common friend-finder protocols and applications 我认识你吗?:高效和隐私保护的常见交友协议和应用程序
Proceedings of the 29th Annual Computer Security Applications Conference Pub Date : 2013-12-09 DOI: 10.1145/2523649.2523668
M. Nagy, Emiliano De Cristofaro, A. Dmitrienko, N. Asokan, A. Sadeghi
{"title":"Do I know you?: efficient and privacy-preserving common friend-finder protocols and applications","authors":"M. Nagy, Emiliano De Cristofaro, A. Dmitrienko, N. Asokan, A. Sadeghi","doi":"10.1145/2523649.2523668","DOIUrl":"https://doi.org/10.1145/2523649.2523668","url":null,"abstract":"The increasing penetration of Online Social Networks (OSNs) prompts the need for effectively accessing and utilizing social networking information. In numerous applications, users need to make trust and/or access control decisions involving other (possibly stranger) users, and one important factor is often the existence of common social relationships. This motivates the need for secure and privacy-preserving techniques allowing users to assess whether or not they have mutual friends. This paper introduces the Common Friends service, a framework for finding common friends which protects privacy of non-mutual friends and guarantees authenticity of friendships. First, we present a generic construction that reduces to secure computation of set intersection, while ensuring authenticity of announced friends via bearer capabilities. Then, we propose an efficient instantiation, based on Bloom filters, that only incurs a constant number of public-key operations and appreciably low communication overhead. Our software is designed so that developers can easily integrate Common Friends into their applications, e.g., to enforce access control based on users' social proximity in a privacy-preserving manner. Finally, we showcase our techniques in the context of an existing application for sharing (tethered) Internet access, whereby users decide to share access depending on the existence of common friends. A comprehensive experimental evaluation attests to the practicality of proposed techniques.","PeriodicalId":127404,"journal":{"name":"Proceedings of the 29th Annual Computer Security Applications Conference","volume":"33 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127346664","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 41
SilverLine: preventing data leaks from compromised web applications SilverLine:防止数据泄露从受损的web应用程序
Proceedings of the 29th Annual Computer Security Applications Conference Pub Date : 2013-12-09 DOI: 10.1145/2523649.2523663
Y. Mundada, Anirudh Ramachandran, N. Feamster
{"title":"SilverLine: preventing data leaks from compromised web applications","authors":"Y. Mundada, Anirudh Ramachandran, N. Feamster","doi":"10.1145/2523649.2523663","DOIUrl":"https://doi.org/10.1145/2523649.2523663","url":null,"abstract":"Web applications can have vulnerabilities that result in server-side data leaks. Securing sensitive data from Web applications while ensuring reasonable performance and without requiring developers to rewrite entire applications is challenging. We present SilverLine, which prevents bulk data leaks caused due to code injection in Web applications as well as compromised user-level processes on the application server. SilverLine uses login information to associate a user with each Web session; it then taints each file and database record and applies information-flow tracking to the data associated with each session to ensure that application data is released only to sessions of authorized users. SilverLine focuses on isolating data between user sessions and is thus most suitable to applications that involve single user sessions (e.g., banking, e-commerce). We have implemented SilverLine on Linux; our implementation demonstrates that SilverLine can protect a PHP-based Web application from many of the most common server-side Web application attacks by modifying only about 60 lines of code from the original application. Our evaluation shows that SilverLine incurs a performance overhead of about 20-30% over unmodified applications.","PeriodicalId":127404,"journal":{"name":"Proceedings of the 29th Annual Computer Security Applications Conference","volume":"16 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133542312","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
Validating web content with senser 用传感器验证web内容
Proceedings of the 29th Annual Computer Security Applications Conference Pub Date : 2013-12-09 DOI: 10.1145/2523649.2523669
Jordan Wilberding, Andrew Yates, M. Sherr, Wenchao Zhou
{"title":"Validating web content with senser","authors":"Jordan Wilberding, Andrew Yates, M. Sherr, Wenchao Zhou","doi":"10.1145/2523649.2523669","DOIUrl":"https://doi.org/10.1145/2523649.2523669","url":null,"abstract":"This paper introduces Senser, a system for validating retrieved web content. Senser does not rely on a PKI and operates even when SSL/TLS is not supported by the web server. Senser operates as a network of proxies located at different vantage points on the Internet. Clients query a random subset of Senser proxies for compact descriptions of a desired web page, and apply consensus and matching algorithms to the returned results to locally render a \"majority\" web page. To ensure diverse selections of proxies (and consequently decrease an adversary's ability to manipulate a majority of the proxies' requests), Senser leverages Internet mapping systems that accurately predict AS-level paths between available proxies and the desired web page. We demonstrate using a deployment of Senser on Amazon EC2 that Senser detects and mitigates attempts by adversaries to manipulate web content --- even when controlling large collections of autonomous systems --- while maintaining reasonable performance overheads.","PeriodicalId":127404,"journal":{"name":"Proceedings of the 29th Annual Computer Security Applications Conference","volume":"72 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114954653","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
CPS: an efficiency-motivated attack against autonomous vehicular transportation CPS:针对自动驾驶车辆运输的效率动机攻击
Proceedings of the 29th Annual Computer Security Applications Conference Pub Date : 2013-12-09 DOI: 10.1145/2523649.2523658
Ryan M. Gerdes, Chris Winstead, K. Heaslip
{"title":"CPS: an efficiency-motivated attack against autonomous vehicular transportation","authors":"Ryan M. Gerdes, Chris Winstead, K. Heaslip","doi":"10.1145/2523649.2523658","DOIUrl":"https://doi.org/10.1145/2523649.2523658","url":null,"abstract":"This work describes a new type of efficiency attack that can be used to degrade the performance of automated vehicular transportation systems. Next-generation transportation technologies will leverage increasing use of vehicle automation. Proposed vehicular automation systems include cooperative adaptive cruise control and vehicle platooning strategies which require cooperation and coordination among vehicles. These strategies are intended to optimize through-put and energy usage in future highway systems, but, as we demonstrate, they also introduce new vulnerabilities. In this work we show that a typical platooning system would allow a maliciously controlled vehicle to exert subtle influence on the motion of surrounding vehicles. This effect can be used to increase the energy expenditure of surrounding vehicles by 20% to 300%.","PeriodicalId":127404,"journal":{"name":"Proceedings of the 29th Annual Computer Security Applications Conference","volume":"28 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131368087","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 57
GPU and CPU parallelization of honest-but-curious secure two-party computation GPU和CPU并行化的诚实但好奇的安全双方计算
Proceedings of the 29th Annual Computer Security Applications Conference Pub Date : 2013-12-09 DOI: 10.1145/2523649.2523681
Nathaniel Husted, Steven Myers, Abhi Shelat, Paul Grubbs
{"title":"GPU and CPU parallelization of honest-but-curious secure two-party computation","authors":"Nathaniel Husted, Steven Myers, Abhi Shelat, Paul Grubbs","doi":"10.1145/2523649.2523681","DOIUrl":"https://doi.org/10.1145/2523649.2523681","url":null,"abstract":"Recent work demonstrates the feasibility and practical use of secure two-party computation [5, 9, 15, 23]. In this work, we present the first Graphical Processing Unit (GPU)-optimized implementation of an optimized Yao's garbled-circuit protocol for two-party secure computation in the honest-but-curious and 1-bit-leaked malicious models. We implement nearly all of the modern protocol advancements, such as Free-XOR, Pipelining, and OT extension. Our implementation is the first allowing entire circuits to be generated concurrently, and makes use of a modification of the XOR technique so that circuit generation is optimized for implementation on SIMD architectures of GPUs. In our best cases we generate about 75 million gates per second and we exceed the state of the art performance metrics on modern CPU systems by a factor of about 200, and GPU systems by about a factor of 2.3. While many recent works on garbled circuits exploit the embarrassingly parallel nature of many tasks that are part of a secure computation protocol, we show that there are still various forms and levels of parallelization that may yet improve the performance of these protocols. In particular, we highlight that implementations on the SIMD architecture of modern GPUs require significantly different approaches than the general purpose MIMD architecture of multi-core CPUs, which again differ from the needs of parallelizing on compute clusters. Additionally, modifications to the security models for many common protocols have large effects on reasonable parallel architectures for implementation.","PeriodicalId":127404,"journal":{"name":"Proceedings of the 29th Annual Computer Security Applications Conference","volume":"44 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121556008","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 51
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信