发布求助
文献互助 智能选刊 最新文献

Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security最新文献

筛选
英文 中文
Distributed Detection of Single-Stage Multipoint Cyber Attacks in a Water Treatment Plant 水处理厂单阶段多点网络攻击的分布式检测
Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security Pub Date : 2016-05-30 DOI: 10.1145/2897845.2897855
Sridhar Adepu, A. Mathur
{"title":"Distributed Detection of Single-Stage Multipoint Cyber Attacks in a Water Treatment Plant","authors":"Sridhar Adepu, A. Mathur","doi":"10.1145/2897845.2897855","DOIUrl":"https://doi.org/10.1145/2897845.2897855","url":null,"abstract":"A distributed detection method is proposed to detect single stage multi-point (SSMP) attacks on a Cyber Physical System (CPS). Such attacks aim at compromising two or more sensors or actuators at any one stage of a CPS and could totally compromise a controller and prevent it from detecting the attack. However, as demonstrated in this work, using the flow properties of water from one stage to the other, a neighboring controller was found effective in detecting such attacks. The method is based on physical invariants derived for each stage of the CPS from its design. The attack detection effectiveness of the method was evaluated experimentally against an operational water treatment testbed containing 42 sensors and actuators. Results from the experiments point to high effectiveness of the method in detecting a variety of SSMP attacks but also point to its limitations. Distributing the attack detection code among various controllers adds to the scalability of the proposed method.","PeriodicalId":166633,"journal":{"name":"Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security","volume":"74 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-05-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123190250","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 80
Anonymous Role-Based Access Control on E-Health Records 基于匿名角色的电子健康记录访问控制
Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security Pub Date : 2016-05-30 DOI: 10.1145/2897845.2897871
Xingguang Zhou, Jianwei Liu, Weiran Liu, Qianhong Wu
{"title":"Anonymous Role-Based Access Control on E-Health Records","authors":"Xingguang Zhou, Jianwei Liu, Weiran Liu, Qianhong Wu","doi":"10.1145/2897845.2897871","DOIUrl":"https://doi.org/10.1145/2897845.2897871","url":null,"abstract":"Electronic Health Record (EHR) system facilitates us a lot for health record management. Privacy risk of patients' records is the dominating obstacle in the widely deployed EHRs. Role-based access control (RBAC) schemes offer an access control on EHRs according to one's role. Only the medical staff with roles satisfying the specified access policies can read EHRs. In existing schemes, attackers can link patients' identities to their doctors. Therefore, the classification of patients' diseases are leaked without actually knowing patients' EHRs. To address this problem, we present an anonymous RBAC scheme. Not only it achieves flexible access control, but also realizes privacy-preserving for individuals. Moreover, our scheme maintains the property of constant size for the encapsulated EHRs. The proposed security models with semantic security and anonymity can be proven under decisional bilinear group assumptions. Besides, we provide an approach for EHR owners to search out their targeted EHR in the anonymous system. For better user experience, we apply \"online/offline\" approach to speed up data processing in our scheme. Experimental results show that the time consumption for key generation and EHR encapsulation can be done in milliseconds.","PeriodicalId":166633,"journal":{"name":"Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security","volume":"80 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-05-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115863367","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 14
Statistical Detection of Online Drifting Twitter Spam: Invited Paper 在线漂移Twitter垃圾邮件的统计检测:特邀论文
Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security Pub Date : 2016-05-30 DOI: 10.1145/2897845.2897928
Shigang Liu, Jun Zhang, Yang Xiang
{"title":"Statistical Detection of Online Drifting Twitter Spam: Invited Paper","authors":"Shigang Liu, Jun Zhang, Yang Xiang","doi":"10.1145/2897845.2897928","DOIUrl":"https://doi.org/10.1145/2897845.2897928","url":null,"abstract":"Spam has become a critical problem in online social networks. This paper focuses on Twitter spam detection. Recent research works focus on applying machine learning techniques for Twitter spam detection, which make use of the statistical features of tweets. We observe existing machine learning based detection methods suffer from the problem of Twitter spam drift, i.e., the statistical properties of spam tweets vary over time. To avoid this problem, an effective solution is to train one twitter spam classifier every day. However, it faces a challenge of the small number of imbalanced training data because labelling spam samples is time-consuming. This paper proposes a new method to address this challenge. The new method employs two new techniques, fuzzy-based redistribution and asymmetric sampling. We develop a fuzzy-based information decomposition technique to re-distribute the spam class and generate more spam samples. Moreover, an asymmetric sampling technique is proposed to re-balance the sizes of spam samples and non-spam samples in the training data. Finally, we apply the ensemble technique to combine the spam classifiers over two different training sets. A number of experiments are performed on a real-world 10-day ground-truth dataset to evaluate the new method. Experiments results show that the new method can significantly improve the detection performance for drifting Twitter spam.","PeriodicalId":166633,"journal":{"name":"Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security","volume":"8 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-05-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131453541","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 35
Anonymous Identity-Based Broadcast Encryption with Chosen-Ciphertext Security 基于匿名身份的广播加密与选择密文安全性
Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security Pub Date : 2016-05-30 DOI: 10.1145/2897845.2897879
Kai He, J. Weng, Jia-Nan Liu, Joseph K. Liu, W. Liu, R. Deng
{"title":"Anonymous Identity-Based Broadcast Encryption with Chosen-Ciphertext Security","authors":"Kai He, J. Weng, Jia-Nan Liu, Joseph K. Liu, W. Liu, R. Deng","doi":"10.1145/2897845.2897879","DOIUrl":"https://doi.org/10.1145/2897845.2897879","url":null,"abstract":"In this paper, we propose the first identity-based broadcast encryption scheme, which can simultaneously achieves confidentiality and full anonymity against adaptive chosen-ciphertext attacks under a standard assumption. In addition, two further desirable features are also provided: one is fully-collusion resistant which means that even if all users outside of receivers S collude they cannot obtain any information about the plaintext. The other one is stateless which means that the users in the system do not need to update their private keys when the other users join or leave our system. In particular, our scheme is highly efficient, where the public parameters size, the private key size and the decryption cost are all constant and independent to the number of receivers.","PeriodicalId":166633,"journal":{"name":"Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security","volume":"22 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-05-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133267217","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 47
Hardening OpenStack Cloud Platforms against Compute Node Compromises 针对计算节点安全加固OpenStack云平台
Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security Pub Date : 2016-05-30 DOI: 10.1145/2897845.2897851
Wai-Kit Sze, Abhinav Srivastava, R. Sekar
{"title":"Hardening OpenStack Cloud Platforms against Compute Node Compromises","authors":"Wai-Kit Sze, Abhinav Srivastava, R. Sekar","doi":"10.1145/2897845.2897851","DOIUrl":"https://doi.org/10.1145/2897845.2897851","url":null,"abstract":"Infrastructure-as-a-Service (IaaS) clouds such as OpenStack consist of two kinds of nodes in their infrastructure: control nodes and compute nodes. While control nodes run all critical services, compute nodes host virtual machines of customers. Given the large number of compute nodes, and the fact that they are hosting VMs of (possibly malicious) customers, it is possible that some of the compute nodes may be compromised. This paper examines the impact of such a compromise. We focus on OpenStack, a popular open-source cloud plat- form that is widely adopted. We show that attackers com- promising a single compute node can extend their controls over the entire cloud infrastructure. They can then gain free access to resources that they have not paid for, or even bring down the whole cloud to affect all customers. This startling result stems from the cloud platform's misplaced trust, which does not match today's threats. To overcome the weakness, we propose a new system, called SOS , for hardening OpenStack. SOS limits trust on compute nodes. SOS consists of a framework that can enforce a wide range of security policies. Specifically, we applied mandatory access control and capabilities to con- fine interactions among different components. Effective confinement policies are generated automatically. Furthermore, SOS requires no modifications to the OpenStack. This has allowed us to deploy SOS on multiple versions of OpenStack. Our experimental results demonstrate that SOS is scalable, incurs negligible overheads and offers strong protection.","PeriodicalId":166633,"journal":{"name":"Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security","volume":"14 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-05-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114609857","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 19
Anonymous Identity-Based Broadcast Encryption with Constant Decryption Complexity and Strong Security 具有恒定解密复杂度和强安全性的匿名广播加密
Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security Pub Date : 2016-05-30 DOI: 10.1145/2897845.2897853
Peng Xu, Jingnan Li, Wei Wang, Hai Jin
{"title":"Anonymous Identity-Based Broadcast Encryption with Constant Decryption Complexity and Strong Security","authors":"Peng Xu, Jingnan Li, Wei Wang, Hai Jin","doi":"10.1145/2897845.2897853","DOIUrl":"https://doi.org/10.1145/2897845.2897853","url":null,"abstract":"Anonymous Identity-Based Broadcast Encryption (AIBBE) allows a sender to broadcast a ciphertext to multi-receivers, and keeps receivers' anonymity. The existing AIBBE schemes fail to achieve efficient decryption or strong security, like the constant decryption complexity, the security under the adaptive attack, or the security in the standard model. Hence, we propose two new AIBBE schemes to overcome the drawbacks of previous schemes in the state-of-art. The biggest contribution in our work is the proposed AIBBE scheme with constant decryption complexity and the provable security under the adaptive attack in the standard model. This scheme should be the first one to obtain advantages in all above mentioned aspects, and has sufficient contribution in theory due to its strong security. We also propose another AIBBE scheme in the Random Oracle (RO) model, which is of sufficient interest in practice due to our experiment.","PeriodicalId":166633,"journal":{"name":"Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security","volume":"134 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-05-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114772679","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 14
Efficient Authenticated Multi-Pattern Matching 高效的认证多模式匹配
Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security Pub Date : 2016-05-30 DOI: 10.1145/2897845.2897906
Zhe Zhou, Zhang Tao, Sherman S. M. Chow, Yupeng Zhang, Kehuan Zhang
{"title":"Efficient Authenticated Multi-Pattern Matching","authors":"Zhe Zhou, Zhang Tao, Sherman S. M. Chow, Yupeng Zhang, Kehuan Zhang","doi":"10.1145/2897845.2897906","DOIUrl":"https://doi.org/10.1145/2897845.2897906","url":null,"abstract":"Multi-pattern matching compares a large set of patterns against a given query string, which has wide application in various domains such as bio-informatics and intrusion detection. This paper shows how to authenticate the classic Aho-Corasick multi-pattern matching automation, without requiring the verifier to store the whole pattern set, nor downloading a proof for every single matching step. The storage complexity for the authentication metadata at the server side is the same as that of the unauthenticated version. The communication overhead is minimal since the proof size is linear in the query length and does not grow with the sizes of query result nor the pattern set. Our evaluation has shown that the query and verification times are practical.","PeriodicalId":166633,"journal":{"name":"Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security","volume":"27 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-05-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117148684","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
Practical "Signatures with Efficient Protocols" from Simple Assumptions 基于简单假设的实用“高效协议签名”
Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security Pub Date : 2016-05-30 DOI: 10.1145/2897845.2897898
Benoît Libert, Fabrice Mouhartem, Thomas Peters, M. Yung
{"title":"Practical \"Signatures with Efficient Protocols\" from Simple Assumptions","authors":"Benoît Libert, Fabrice Mouhartem, Thomas Peters, M. Yung","doi":"10.1145/2897845.2897898","DOIUrl":"https://doi.org/10.1145/2897845.2897898","url":null,"abstract":"Digital signatures are perhaps the most important base for authentication and trust relationships in large scale systems. More specifically, various applications of signatures provide privacy and anonymity preserving mechanisms and protocols, and these, in turn, are becoming critical (due to the recently recognized need to protect individuals according to national rules and regulations). A specific type of signatures called \"signatures with efficient protocols\", as introduced by Camenisch and Lysyanskaya (CL), efficiently accommodates various basic protocols and extensions like zero-knowledge proofs, signing committed messages, or re-randomizability. These are, in fact, typical operations associated with signatures used in typical anonymity and privacy-preserving scenarios. To date there are no \"signatures with efficient protocols\" which are based on simple assumptions and truly practical. These two properties assure us a robust primitive: First, simple assumptions are needed for ensuring that this basic primitive is mathematically robust and does not require special ad hoc assumptions that are more risky, imply less efficiency, are more tuned to the protocol itself, and are perhaps less trusted. In the other dimension, efficiency is a must given the anonymity applications of the protocol, since without proper level of efficiency the future adoption of the primitives is always questionable (in spite of their need). In this work, we present a new CL-type signature scheme that is re-randomizable under a simple, well-studied, and by now standard, assumption (SXDH). The signature is efficient (built on the recent QA-NIZK constructions), and is, by design, suitable to work in extended contexts that typify privacy settings (like anonymous credentials, group signature, and offline e-cash). We demonstrate its power by presenting practical protocols based on it.","PeriodicalId":166633,"journal":{"name":"Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security","volume":"25 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-05-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115286817","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 22
Privacy Breach by Exploiting postMessage in HTML5: Identification, Evaluation, and Countermeasure HTML5中利用postMessage的隐私泄露:识别、评估及对策
Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security Pub Date : 2016-05-30 DOI: 10.1145/2897845.2897901
Chong Guan, Kun Sun, Zhan Wang, W. Zhu
{"title":"Privacy Breach by Exploiting postMessage in HTML5: Identification, Evaluation, and Countermeasure","authors":"Chong Guan, Kun Sun, Zhan Wang, W. Zhu","doi":"10.1145/2897845.2897901","DOIUrl":"https://doi.org/10.1145/2897845.2897901","url":null,"abstract":"The postMessage mechanism in HTML5 enables different webpage origins to exchange information and communicate. It becomes increasingly popular among the websites that need to import contents from third-party services, such as advertisements and preferable recommendations. Ideally, a receiver function should be locally implemented in the hosting page that needs to receive third-party messages. However, in the real world, the receiver function is usually provided by a third-party service provider, and the function code is imported via the HTML \"script\" tag so that the imported code is deemed as from the same origin with the hosting page. In the case that a site uses multiple third-party services, all the receiver functions imported by the hosting page can receive messages from any third-party provider. Based on this observation, we identify a new information leakage threat named DangerNeighbor attacks that allow a malicious service eavesdrop messages from other services to the hosting page. We study 5000 popular websites and find that the DangerNeighbor attack is a real threat to the sites adopting the postMessage mechanism. To defeat this attack, we propose an easily deployable approach to protect messages from being eavesdropped by a malicious provider. In this approach, the site owner simply imports a piece of JavaScript code and specifies a mapping table, where messages from different origins are associated with corresponding receiver functions, respectively. The approach, which is transparent to the providers, ensures that a receiver function only receives messages from a specific origin.","PeriodicalId":166633,"journal":{"name":"Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security","volume":"11 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-05-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123680967","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 12
MobiPot: Understanding Mobile Telephony Threats with Honeycards MobiPot:用Honeycards了解移动电话威胁
Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security Pub Date : 2016-05-30 DOI: 10.1145/2897845.2897890
Marco Balduzzi, Payas Gupta, L. Gu, Debin Gao, M. Ahamad
{"title":"MobiPot: Understanding Mobile Telephony Threats with Honeycards","authors":"Marco Balduzzi, Payas Gupta, L. Gu, Debin Gao, M. Ahamad","doi":"10.1145/2897845.2897890","DOIUrl":"https://doi.org/10.1145/2897845.2897890","url":null,"abstract":"Over the past decade, the number of mobile phones has increased dramatically, overtaking the world population in October 2014. In developing countries like India and China, mobile subscribers outnumber traditional landline users and account for over 90% of the active population. At the same time, convergence of telephony with the Internet with technologies like VoIP makes it possible to reach a large number of telephone users at a low or no cost via voice calls or SMS (short message service) messages. As a consequence, cybercriminals are abusing the telephony channel to launch attacks, e.g., scams that offer fraudulent services and voice-based phishing or vishing, that have previously relied on the Internet. In this paper, we introduce and deploy the first mobile phone honeypot called MobiPot that allow us to collect fraudulent calls and SMS messages. We implement multiple ways of advertising mobile numbers (honeycards) on MobiPot to investigate how fraudsters collect phone numbers that are targeted by them. During a period of over seven months, MobiPot collected over two thousand voice calls and SMS messages, and we confirmed that over half of them were unsolicited. We found that seeding honeycards enables us to discover attacks on the mobile phone numbers which were not known before.","PeriodicalId":166633,"journal":{"name":"Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security","volume":"177 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-05-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122878374","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 28
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信