发布求助
文献互助 智能选刊 最新文献

Proceedings of the Tenth ACM Conference on Data and Application Security and Privacy最新文献

筛选
英文 中文
Obscure: Information-Theoretically Secure, Oblivious, and Verifiable Aggregation Queries 模糊:信息理论安全、遗忘和可验证的聚合查询
Proceedings of the Tenth ACM Conference on Data and Application Security and Privacy Pub Date : 2020-03-16 DOI: 10.1145/3374664.3379533
Peeyush Gupta, Yin Li, Sharad Mehrotra, Nisha Panwar, Shantanu Sharma
{"title":"Obscure: Information-Theoretically Secure, Oblivious, and Verifiable Aggregation Queries","authors":"Peeyush Gupta, Yin Li, Sharad Mehrotra, Nisha Panwar, Shantanu Sharma","doi":"10.1145/3374664.3379533","DOIUrl":"https://doi.org/10.1145/3374664.3379533","url":null,"abstract":"We develop a secret-sharing-based prototype, entitled Obscure that provides communication-efficient and information-theoretically secure algorithms for aggregation queries using multi-party computation (MPC). The query execution algorithms over secret-shared data are developed to deal with an honest but curious, as well as, a malicious server by providing result verification algorithms. Obscure prevents an adversary to know the data, the query, and the tuple-identity satisfying the query.","PeriodicalId":171521,"journal":{"name":"Proceedings of the Tenth ACM Conference on Data and Application Security and Privacy","volume":"34 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-03-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121538480","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Deceiving Portable Executable Malware Classifiers into Targeted Misclassification with Practical Adversarial Examples 欺骗便携式可执行恶意软件分类器进入目标错误分类与实际的对抗例子
Proceedings of the Tenth ACM Conference on Data and Application Security and Privacy Pub Date : 2020-03-16 DOI: 10.1145/3374664.3375741
Y. Kucuk, Guanhua Yan
{"title":"Deceiving Portable Executable Malware Classifiers into Targeted Misclassification with Practical Adversarial Examples","authors":"Y. Kucuk, Guanhua Yan","doi":"10.1145/3374664.3375741","DOIUrl":"https://doi.org/10.1145/3374664.3375741","url":null,"abstract":"Due to voluminous malware attacks in the cyberspace, machine learning has become popular for automating malware detection and classification. In this work we play devil's advocate by investigating a new type of threats aimed at deceiving multi-class Portable Executable (PE) malware classifiers into targeted misclassification with practical adversarial samples. Using a malware dataset with tens of thousands of samples, we construct three types of PE malware classifiers, the first one based on frequencies of opcodes in the disassembled malware code (opcode classifier), the second one the list of API functions imported by each PE sample (API classifier), and the third one the list of system calls observed in dynamic execution (system call classifier). We develop a genetic algorithm augmented with different support functions to deceive these classifiers into misclassifying a PE sample into any target family. Using an Rbot malware sample whose source code is publicly available, we are able to create practical adversarial samples that can deceive the opcode classifier into targeted misclassification with a successful rate of 75%, the API classifier with a successful rate of 83.3%, and the system call classifier with a successful rate of 91.7%.","PeriodicalId":171521,"journal":{"name":"Proceedings of the Tenth ACM Conference on Data and Application Security and Privacy","volume":"46 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-03-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122547571","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 15
Session details: Session 9: Malware Detection 会话详细信息:会话9:恶意软件检测
Proceedings of the Tenth ACM Conference on Data and Application Security and Privacy Pub Date : 2020-03-16 DOI: 10.1145/3388507
B. Carminati
{"title":"Session details: Session 9: Malware Detection","authors":"B. Carminati","doi":"10.1145/3388507","DOIUrl":"https://doi.org/10.1145/3388507","url":null,"abstract":"","PeriodicalId":171521,"journal":{"name":"Proceedings of the Tenth ACM Conference on Data and Application Security and Privacy","volume":"25 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-03-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115984985","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Session details: Session 7: IoT 会议详情:会议7:物联网
Proceedings of the Tenth ACM Conference on Data and Application Security and Privacy Pub Date : 2020-03-16 DOI: 10.1145/3388505
A. Squicciarini
{"title":"Session details: Session 7: IoT","authors":"A. Squicciarini","doi":"10.1145/3388505","DOIUrl":"https://doi.org/10.1145/3388505","url":null,"abstract":"","PeriodicalId":171521,"journal":{"name":"Proceedings of the Tenth ACM Conference on Data and Application Security and Privacy","volume":"94 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-03-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114965146","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
DRAT 见鬼
Proceedings of the Tenth ACM Conference on Data and Application Security and Privacy Pub Date : 2020-03-16 DOI: 10.1145/3374664.3379529
Mohammad Shameel bin Mohammad Fadilah, Vivek Balachandran, P. Loh, M. Chua
{"title":"DRAT","authors":"Mohammad Shameel bin Mohammad Fadilah, Vivek Balachandran, P. Loh, M. Chua","doi":"10.1145/3374664.3379529","DOIUrl":"https://doi.org/10.1145/3374664.3379529","url":null,"abstract":"Drones are usually associated with the military but in recent times, they are also used for public and commercial interests such as transporting of goods, communications, agriculture, disaster mitigation and environment preservation. However, like any system, drones have vulnerabilities that can be exploited which can jeopardise a drone's operation and may lead to loss of lives, property and money. Thus drones deployed must be carefully evaluated and selected. Pen-testing is a way to assess the vulnerabilities of drones but it may require multiple commands, files or scripts. In this work, we propose a tool to allow easy pen-testing and assessment of drones. Vulnerability assessment of the DJI Mavic 2 Pro is discussed extensively as well. Future work includes addressing the vulnerabilities of other drones and expanding the tool to conduct pen-testing on other drones.","PeriodicalId":171521,"journal":{"name":"Proceedings of the Tenth ACM Conference on Data and Application Security and Privacy","volume":"48 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-03-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115397964","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Session details: Poster Session 会议详情:海报会议
Proceedings of the Tenth ACM Conference on Data and Application Security and Privacy Pub Date : 2020-03-16 DOI: 10.1145/3388501
Hongxin Hu
{"title":"Session details: Poster Session","authors":"Hongxin Hu","doi":"10.1145/3388501","DOIUrl":"https://doi.org/10.1145/3388501","url":null,"abstract":"","PeriodicalId":171521,"journal":{"name":"Proceedings of the Tenth ACM Conference on Data and Application Security and Privacy","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-03-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122699313","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Tap-Pair: Using Spatial Secrets for Single-Tap Device Pairing of Augmented Reality Headsets 点击配对:使用空间秘密为增强现实耳机的单点设备配对
Proceedings of the Tenth ACM Conference on Data and Application Security and Privacy Pub Date : 2020-03-16 DOI: 10.1145/3374664.3375740
Ivo Sluganovic, Mihael Liskij, Ante Derek, I. Martinovic
{"title":"Tap-Pair: Using Spatial Secrets for Single-Tap Device Pairing of Augmented Reality Headsets","authors":"Ivo Sluganovic, Mihael Liskij, Ante Derek, I. Martinovic","doi":"10.1145/3374664.3375740","DOIUrl":"https://doi.org/10.1145/3374664.3375740","url":null,"abstract":"Augmented Reality (AR) headsets, which allow for a realistic integration between the physical environment and virtual objects, are rapidly coming to customer and enterprise markets. This is largely because they enable a broad range of multi-user applications in which all participants experience the same augmentation of their natural surrounding. However, despite their increasing expansion, there currently exist no implemented methods for secure ad-hoc device pairing of multiple AR headsets. Given the importance of multi-user experiences for future applications of this technology, in this paper we propose two distinct ways to establish secure ad-hoc connections that rely only on typical user interactions in AR: gazing and tapping either at the location of a shared point on the wall or towards the user with whom one wants to connect. To show the feasibility and deployability of the proposed system to existing technology, we build a prototype of Tap-Pair, a system for ad-hoc pairing of AR headsets that is based on Password Authenticated Key Exchange protocols, requires only user interactions that are common in AR, and can be extended to more than two users. The experimental evaluation of the Tap-Pair prototype in a series of measurements at three different locations confirms the feasibility of our proposal, showing that the system built with currently available augmented reality headsets indeed achieves successful pairing in more than 90% of attempts, while keeping the probability of the attacker's success lower than 1e-3.","PeriodicalId":171521,"journal":{"name":"Proceedings of the Tenth ACM Conference on Data and Application Security and Privacy","volume":"26 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-03-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123419012","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
ProximiTEE
Proceedings of the Tenth ACM Conference on Data and Application Security and Privacy Pub Date : 2020-03-16 DOI: 10.1145/3374664.3375726
Aritra Dhar, Ivan Puddu, K. Kostiainen, Srdjan Capkun
{"title":"ProximiTEE","authors":"Aritra Dhar, Ivan Puddu, K. Kostiainen, Srdjan Capkun","doi":"10.1145/3374664.3375726","DOIUrl":"https://doi.org/10.1145/3374664.3375726","url":null,"abstract":"Intel SGX enables protected enclaves on untrusted computing platforms. An important part of SGX is its remote attestation mechanism that allows a remote verifier to check that the expected enclave was correctly initialized before provisioning secrets to it. However, SGX attestation is vulnerable to relay attacks where the attacker, using malicious software on the target platform, redirects the attestation and therefore the provisioning of confidential data to a platform that he physically controls. Although relay attacks have been known for a long time, their consequences have not been carefully examined. In this paper, we analyze relay attacks and show that redirection increases the adversary's abilities to compromise the enclave in several ways, enabling for instance physical and digital side-channel attacks that would not be otherwise possible. We propose ProximiTEE, a novel solution to prevent relay attacks. Our solution is based on a trusted embedded device that is attached to the target platform. Our device verifies the proximity of the attested enclave, thus allowing attestation to the intended enclave regardless of malicious software, such as a compromised OS, on the target platform. The device also performs periodic proximity verification which enables secure enclave revocation by detaching the device. Although proximity verification has been proposed as a defense against relay attacks before, this paper is the first to experimentally demonstrate that it can be secure and reliable for TEEs like SGX. Additionally, we consider a stronger adversary that has obtained leaked SGX attestation keys and emulates an enclave on the target platform. To address such emulation attacks, we propose a second solution where the target platform is securely initialized by booting it from the attached embedded device.","PeriodicalId":171521,"journal":{"name":"Proceedings of the Tenth ACM Conference on Data and Application Security and Privacy","volume":"21 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-03-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125405359","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 13
A Comprehensive Benchmark on Java Cryptographic API Misuses Java加密API误用的综合基准测试
Proceedings of the Tenth ACM Conference on Data and Application Security and Privacy Pub Date : 2020-03-16 DOI: 10.1145/3374664.3379537
Sharmin Afrose, Sazzadur Rahaman, D. Yao
{"title":"A Comprehensive Benchmark on Java Cryptographic API Misuses","authors":"Sharmin Afrose, Sazzadur Rahaman, D. Yao","doi":"10.1145/3374664.3379537","DOIUrl":"https://doi.org/10.1145/3374664.3379537","url":null,"abstract":"Misuses of cryptographic APIs are prevalent in existing real-world Java code. Some open-sourced and commercial cryptographic vulnerability detection tools exist that capture misuses in Java program. To analyze their efficiency and coverage, we build a comprehensive benchmark named CryptoAPI-Bench that consists of 171 unit test cases. The test cases include basic cases and complex cases. We assess four tools i.e., SpotBugs, CryptoGuard, CrySL, and Coverity using CryptoAPI-Bench and show their relative performance.","PeriodicalId":171521,"journal":{"name":"Proceedings of the Tenth ACM Conference on Data and Application Security and Privacy","volume":"36 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-03-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127564305","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Session details: Session 8: Privacy II 会议详情:会议8:隐私II
Proceedings of the Tenth ACM Conference on Data and Application Security and Privacy Pub Date : 2020-03-16 DOI: 10.1145/3388506
Sudip Mittal
{"title":"Session details: Session 8: Privacy II","authors":"Sudip Mittal","doi":"10.1145/3388506","DOIUrl":"https://doi.org/10.1145/3388506","url":null,"abstract":"","PeriodicalId":171521,"journal":{"name":"Proceedings of the Tenth ACM Conference on Data and Application Security and Privacy","volume":"14 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-03-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121382188","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信