Proceedings of the 29th Annual Computer Security Applications Conference最新文献_第4页

Auto-FBI: a user-friendly approach for secure access to sensitive content on the web Auto-FBI:一种用户友好的方法，用于安全访问网络上的敏感内容

Proceedings of the 29th Annual Computer Security Applications Conference Pub Date : 2013-12-09 DOI: 10.1145/2523649.2523683

Mohsen Zohrevandi, R. Bazzi

引用次数: 5

MyCloud: supporting user-configured privacy protection in cloud computing MyCloud:支持云计算中用户配置的隐私保护

Proceedings of the 29th Annual Computer Security Applications Conference Pub Date : 2013-12-09 DOI: 10.1145/2523649.2523680

Min Li, Wanyu Zang, Kun Bai, Meng Yu, Peng Liu

{"title":"MyCloud: supporting user-configured privacy protection in cloud computing","authors":"Min Li, Wanyu Zang, Kun Bai, Meng Yu, Peng Liu","doi":"10.1145/2523649.2523680","DOIUrl":"https://doi.org/10.1145/2523649.2523680","url":null,"abstract":"Privacy concern is still one of the major issues that prevent users from moving to public clouds. The root cause of the privacy problem is that the cloud provider has more privileges than it is necessary, which leaves no options for the cloud users to protect their privacy. Due to the same problem, once the control virtual machine or the cloud platform is compromised, all user's privacy will be breached. Many cryptographic solutions have been developed to protect sensitive data in the cloud. However, arbitrary processing is usually prohibited once cryptography is used. Homomorphic cryptography is considered promising but it does not offer practical performance at the current stage. Instead of cryptographic solutions, in this paper, we propose a new cloud architecture - MyCloud to solve the problem. MyCloud removes the control virtual machine (control VM) from the processor's root mode and only keeps security and performance crucial components in the TCB. MyCloud achieves the following security goals. First, MyCloud de-privileges the cloud provider such that the cloud provider cannot inspect users' memory through the control virtual machine. Second, MyCloud enables user configured privacy protection. Third, the reduced the TCB size also minimizes the attack surface of the cloud platform. We implemented a prototype system with ~5.8K LOCs on x86 architecture. According to our experimental results, our platform shows acceptable overhead while providing significantly enhanced security and privacy protection that can be configured by users.","PeriodicalId":127404,"journal":{"name":"Proceedings of the 29th Annual Computer Security Applications Conference","volume":"40 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124301288","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 43

Beehive: large-scale log analysis for detecting suspicious activity in enterprise networks Beehive:大规模日志分析，用于检测企业网络中的可疑活动

Proceedings of the 29th Annual Computer Security Applications Conference Pub Date : 2013-12-09 DOI: 10.1145/2523649.2523670

T. Yen, Alina Oprea, Kaan Onarlioglu, Todd Leetham, William K. Robertson, A. Juels, E. Kirda

{"title":"Beehive: large-scale log analysis for detecting suspicious activity in enterprise networks","authors":"T. Yen, Alina Oprea, Kaan Onarlioglu, Todd Leetham, William K. Robertson, A. Juels, E. Kirda","doi":"10.1145/2523649.2523670","DOIUrl":"https://doi.org/10.1145/2523649.2523670","url":null,"abstract":"As more and more Internet-based attacks arise, organizations are responding by deploying an assortment of security products that generate situational intelligence in the form of logs. These logs often contain high volumes of interesting and useful information about activities in the network, and are among the first data sources that information security specialists consult when they suspect that an attack has taken place. However, security products often come from a patchwork of vendors, and are inconsistently installed and administered. They generate logs whose formats differ widely and that are often incomplete, mutually contradictory, and very large in volume. Hence, although this collected information is useful, it is often dirty. We present a novel system, Beehive, that attacks the problem of automatically mining and extracting knowledge from the dirty log data produced by a wide variety of security products in a large enterprise. We improve on signature-based approaches to detecting security incidents and instead identify suspicious host behaviors that Beehive reports as potential security incidents. These incidents can then be further analyzed by incident response teams to determine whether a policy violation or attack has occurred. We have evaluated Beehive on the log data collected in a large enterprise, EMC, over a period of two weeks. We compare the incidents identified by Beehive against enterprise Security Operations Center reports, antivirus software alerts, and feedback from enterprise security specialists. We show that Beehive is able to identify malicious events and policy violations which would otherwise go undetected.","PeriodicalId":127404,"journal":{"name":"Proceedings of the 29th Annual Computer Security Applications Conference","volume":"55 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129494370","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 260

FireDroid: hardening security in almost-stock Android FireDroid:加强Android的安全性

Proceedings of the 29th Annual Computer Security Applications Conference Pub Date : 2013-12-09 DOI: 10.1145/2523649.2523678

G. Russello, Arturo Blas Jimenez, H. Naderi, W. V. D. Mark

{"title":"FireDroid: hardening security in almost-stock Android","authors":"G. Russello, Arturo Blas Jimenez, H. Naderi, W. V. D. Mark","doi":"10.1145/2523649.2523678","DOIUrl":"https://doi.org/10.1145/2523649.2523678","url":null,"abstract":"Malware poses a serious threat to Android smartphones. Current security mechanisms offer poor protection and are often too inflexible to quickly mitigate new exploits. In this paper we present FireDroid, a policy-based framework for enforcing security policies by interleaving process system calls. The main advantage of FireDroid is that it is completely transparent to the applications as well as to the Android OS. FireDroid enforces security policies without modifying either the Android OS or its applications. FireDroid is able to perform security checks on third-party and pre-installed applications, as well as malicious native code. We have implemented a novel mechanism that is able to attach, identify, monitor and enforce polices for any process spawned by the Android's mother process Zygote. We have tested the effectiveness of FireDroid against real malware. Moreover, we show how FireDroid can be used as a swift solution for blocking OS and application vulnerabilities before patches are available. Finally, we provide an experimental evaluation of our approach showing that it has only a limited overhead. Given these facts, FireDroid represents a practical solution for strengthening security on Android smartphones.","PeriodicalId":127404,"journal":{"name":"Proceedings of the 29th Annual Computer Security Applications Conference","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130339872","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 59

The man who was there: validating check-ins in location-based services 在场的人:验证基于位置的服务的签到

Proceedings of the 29th Annual Computer Security Applications Conference Pub Date : 2013-12-09 DOI: 10.1145/2523649.2523653

Iasonas Polakis, Stamatis Volanis, E. Athanasopoulos, E. Markatos

{"title":"The man who was there: validating check-ins in location-based services","authors":"Iasonas Polakis, Stamatis Volanis, E. Athanasopoulos, E. Markatos","doi":"10.1145/2523649.2523653","DOIUrl":"https://doi.org/10.1145/2523649.2523653","url":null,"abstract":"The growing popularity of location-based services (LBS) has led to the emergence of an economy where users announce their location to their peers, indirectly advertising certain businesses. Venues attract customers through offers and discounts for users of such services. Unfortunately, this economy can become a target of attackers with the intent of disrupting the system for fun and, possibly, profit. This threat has raised the attention of LBS, which have invested efforts in preventing fake check-ins. In this paper, we create a platform for testing the feasibility of fake-location attacks, and present our case study of two popular services, namely Foursquare and Facebook Places. We discover their detection mechanisms and demonstrate that both services are still vulnerable. We implement an adaptive attack algorithm that takes our findings into account and uses information from the LBS at run-time, to maximize its impact. This strategy can effectively sustain mayorship in all Foursquare venues and, thus, deter legitimate users from participating. Furthermore, our experimental results validate that detection-based mechanisms are not effective against fake check-ins, and new directions should be taken for designing countermeasures. Hence, we implement a system that employs near field communication (NFC) hardware and a check-in protocol that is based on delegation and asymmetric cryptography, to eliminate fake-location attacks.","PeriodicalId":127404,"journal":{"name":"Proceedings of the 29th Annual Computer Security Applications Conference","volume":"45 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132117163","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 34

PatchDroid: scalable third-party security patches for Android devices PatchDroid:针对Android设备的可扩展第三方安全补丁

Proceedings of the 29th Annual Computer Security Applications Conference Pub Date : 2013-12-09 DOI: 10.1145/2523649.2523679

Collin Mulliner, Jon Oberheide, William K. Robertson, E. Kirda

{"title":"PatchDroid: scalable third-party security patches for Android devices","authors":"Collin Mulliner, Jon Oberheide, William K. Robertson, E. Kirda","doi":"10.1145/2523649.2523679","DOIUrl":"https://doi.org/10.1145/2523649.2523679","url":null,"abstract":"Android is currently the largest mobile platform with around 750 million devices worldwide. Unfortunately, more than 30% of all devices contain publicly known security vulnerabilities and, in practice, cannot be updated through normal mechanisms since they are not longer supported by the manufacturer and mobile operator. This failure of traditional patch distribution systems has resulted in the creation of a large population of vulnerable mobile devices. In this paper, we present PatchDroid, a system to distribute and apply third-party security patches for Android. Our system is designed for device-independent patch creation, and uses in-memory patching techniques to address vulnerabilities in both native and managed code. We created a fully usable prototype of PatchDroid, including a number of patches for well-known vulnerabilities in Android devices. We evaluated our system on different devices from multiple manufacturers and show that we can effectively patch security vulnerabilities on Android devices without impacting performance or usability. Therefore, PatchDroid represents a realistic path towards dramatically reducing the number of exploitable Android devices in the wild.","PeriodicalId":127404,"journal":{"name":"Proceedings of the 29th Annual Computer Security Applications Conference","volume":"173 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116528968","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 66

No attack necessary: the surprising dynamics of SSL trust relationships 无需攻击:SSL信任关系的惊人动态

Proceedings of the 29th Annual Computer Security Applications Conference Pub Date : 2013-12-09 DOI: 10.1145/2523649.2523665

Bernhard Amann, Robin Sommer, Matthias Vallentin, Seth Hall

{"title":"No attack necessary: the surprising dynamics of SSL trust relationships","authors":"Bernhard Amann, Robin Sommer, Matthias Vallentin, Seth Hall","doi":"10.1145/2523649.2523665","DOIUrl":"https://doi.org/10.1145/2523649.2523665","url":null,"abstract":"Much of the Internet's end-to-end security relies on the SSL/TLS protocol along with its underlying X.509 certificate infrastructure. However, the system remains quite brittle due to its liberal delegation of signing authority: a single compromised certification authority undermines trust globally. Several recent high-profile incidents have demonstrated this shortcoming convincingly. Over time, the security community has proposed a number of counter measures to increase the security of the certificate ecosystem; many of these efforts monitor for what they consider tell-tale signs of man-in-the-middle attacks. In this work we set out to understand to which degree benign changes to the certificate ecosystem share structural properties with attacks, based on a large-scale data set of more than 17 billion SSL sessions. We find that common intuition falls short in assessing the maliciousness of an unknown certificate, since their typical artifacts routinely occur in benign contexts as well. We also discuss what impact our observations have on proposals aiming to improve the security of the SSL ecosystem.","PeriodicalId":127404,"journal":{"name":"Proceedings of the 29th Annual Computer Security Applications Conference","volume":"74 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125538115","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 41