发布求助
文献互助 智能选刊 最新文献

Symposium and Bootcamp on the Science of Security最新文献

筛选
英文 中文
Examining reliability of wireless multihop network routing with linear systems 线性系统无线多跳网络路由可靠性研究
Symposium and Bootcamp on the Science of Security Pub Date : 2014-04-08 DOI: 10.1145/2600176.2600195
Trisha Biswas, Kendra Lesser, R. Dutta, Meeko Oishi
{"title":"Examining reliability of wireless multihop network routing with linear systems","authors":"Trisha Biswas, Kendra Lesser, R. Dutta, Meeko Oishi","doi":"10.1145/2600176.2600195","DOIUrl":"https://doi.org/10.1145/2600176.2600195","url":null,"abstract":"In this study, we present a control theoretic technique to model routing in wireless multihop networks. We model ad hoc wireless networks as stochastic dynamical systems where, as a base case, a centralized controller pre-computes optimal paths to the destination. The usefulness of this approach lies in the fact that it can help obtain bounds on reliability of end-to-end packet transmissions. We compare this approach with the reliability achieved by some of the widely used routing techniques in multihop networks.","PeriodicalId":193860,"journal":{"name":"Symposium and Bootcamp on the Science of Security","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-04-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125807609","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Analyzing an adaptive reputation metric for anonymity systems 匿名系统的自适应声誉度量分析
Symposium and Bootcamp on the Science of Security Pub Date : 2014-04-08 DOI: 10.1145/2600176.2600187
Anupam Das, N. Borisov, M. Caesar
{"title":"Analyzing an adaptive reputation metric for anonymity systems","authors":"Anupam Das, N. Borisov, M. Caesar","doi":"10.1145/2600176.2600187","DOIUrl":"https://doi.org/10.1145/2600176.2600187","url":null,"abstract":"Low-latency anonymity systems such as Tor rely on intermediate relays to forward user traffic; these relays, however, are often unreliable, resulting in a degraded user experience. Worse yet, malicious relays may introduce deliberate failures in a strategic manner in order to increase their chance of compromising anonymity. In this paper we propose using a reputation metric that can profile the reliability of relays in an anonymity system based on users' past experience. The two main challenges in building a reputation-based system for an anonymity system are: first, malicious participants can strategically oscillate between good and malicious nature to evade detection, and second, an observed failure in an anonymous communication cannot be uniquely attributed to a single relay. Our proposed framework addresses the former challenge by using a proportional-integral-derivative (PID) controller-based reputation metric that ensures malicious relays adopting time-varying strategic behavior obtain low reputation scores over time, and the latter by introducing a filtering scheme based on the evaluated reputation score to effectively discard relays mounting attacks. We collect data from the live Tor network and perform simulations to validate the proposed reputation-based filtering scheme. We show that an attacker does not gain any significant benefit by performing deliberate failures in the presence of the proposed reputation framework.","PeriodicalId":193860,"journal":{"name":"Symposium and Bootcamp on the Science of Security","volume":"62 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-04-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116175012","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Is there value in reasoning about security at the architectural level: a comparative evaluation 在架构级别对安全性进行推理是否有价值:一种比较评估
Symposium and Bootcamp on the Science of Security Pub Date : 2014-04-08 DOI: 10.1145/2600176.2600206
E. Khalaj, R. Vanciu, Marwan Abi-Antoun
{"title":"Is there value in reasoning about security at the architectural level: a comparative evaluation","authors":"E. Khalaj, R. Vanciu, Marwan Abi-Antoun","doi":"10.1145/2600176.2600206","DOIUrl":"https://doi.org/10.1145/2600176.2600206","url":null,"abstract":"We propose to build a benchmark with hand-selected test-cases from different equivalence classes, then to directly compare different approaches that make different tradeoffs to better understand which approaches find security vulnerabilities more effectively (better recall, better precision).","PeriodicalId":193860,"journal":{"name":"Symposium and Bootcamp on the Science of Security","volume":"282 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-04-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121337904","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Phishing in international waters: exploring cross-national differences in phishing conceptualizations between Chinese, Indian and American samples 国际水域的网络钓鱼:探索中国、印度和美国样本之间网络钓鱼概念的跨国差异
Symposium and Bootcamp on the Science of Security Pub Date : 2014-04-08 DOI: 10.1145/2600176.2600178
Rucha Tembe, O. Zielinska, Yuqi Liu, Kyung Wha Hong, E. Murphy-Hill, C. Mayhorn, Xi Ge
{"title":"Phishing in international waters: exploring cross-national differences in phishing conceptualizations between Chinese, Indian and American samples","authors":"Rucha Tembe, O. Zielinska, Yuqi Liu, Kyung Wha Hong, E. Murphy-Hill, C. Mayhorn, Xi Ge","doi":"10.1145/2600176.2600178","DOIUrl":"https://doi.org/10.1145/2600176.2600178","url":null,"abstract":"One hundred-sixty four participants from the United States, India and China completed a survey designed to assess past phishing experiences and whether they engaged in certain online safety practices (e.g., reading a privacy policy). The study investigated participants' reported agreement regarding the characteristics of phishing attacks, types of media where phishing occurs and the consequences of phishing. A multivariate analysis of covariance indicated that there were significant differences in agreement regarding phishing characteristics, phishing consequences and types of media where phishing occurs for these three nationalities. Chronological age and education did not influence the agreement ratings; therefore, the samples were demographically equivalent with regards to these variables. A logistic regression analysis was conducted to analyze the categorical variables and nationality data. Results based on self-report data indicated that (1) Indians were more likely to be phished than Americans, (2) Americans took protective actions more frequently than Indians by destroying old documents, and (3) Americans were more likely to notice the \"padlock\" security icon than either Indian or Chinese respondents. The potential implications of these results are discussed in terms of designing culturally sensitive anti-phishing solutions.","PeriodicalId":193860,"journal":{"name":"Symposium and Bootcamp on the Science of Security","volume":"59 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-04-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132728637","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 15
Securing Hadoop in cloud 在云端保护Hadoop
Symposium and Bootcamp on the Science of Security Pub Date : 2014-04-08 DOI: 10.1145/2600176.2600202
Xianqing Yu, P. Ning, M. Vouk
{"title":"Securing Hadoop in cloud","authors":"Xianqing Yu, P. Ning, M. Vouk","doi":"10.1145/2600176.2600202","DOIUrl":"https://doi.org/10.1145/2600176.2600202","url":null,"abstract":"Hadoop is a map-reduce implementation that rapidly processes data in parallel. Cloud provides reliability, flexibility, scalability, elasticity and cost saving to customers. Moving Hadoop into Cloud can be beneficial to Hadoop users. However, Hadoop has two vulnerabilities that can dramatically impact its security in a Cloud. The vulnerabilities are its overloaded authentication key, and the lack of fine-grained access control at the data access level. We propose and develop a security enhancement for Cloud-based Hadoop.","PeriodicalId":193860,"journal":{"name":"Symposium and Bootcamp on the Science of Security","volume":"59 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-04-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132229944","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Human factors in webserver log file analysis: a controlled experiment on investigating malicious activity web服务器日志文件分析中的人为因素:调查恶意活动的对照实验
Symposium and Bootcamp on the Science of Security Pub Date : 2014-04-08 DOI: 10.1145/2600176.2600185
L. Layman, Sylvain David Diffo, N. Zazworka
{"title":"Human factors in webserver log file analysis: a controlled experiment on investigating malicious activity","authors":"L. Layman, Sylvain David Diffo, N. Zazworka","doi":"10.1145/2600176.2600185","DOIUrl":"https://doi.org/10.1145/2600176.2600185","url":null,"abstract":"While automated methods are the first line of defense for detecting attacks on webservers, a human agent is required to understand the attacker's intent and the attack process. The goal of this research is to understand the value of various log fields and the cognitive processes by which log information is grouped, searched, and correlated. Such knowledge will enable the development of human-focused log file investigation technologies. We performed controlled experiments with 65 subjects (IT professionals and novices) who investigated excerpts from six webserver log files. Quantitative and qualitative data were gathered to: 1) analyze subject accuracy in identifying malicious activity; 2) identify the most useful pieces of log file information; and 3) understand the techniques and strategies used by subjects to process the information. Statistically significant effects were observed in the accuracy of identifying attacks and time taken depending on the type of attack. Systematic differences were also observed in the log fields used by high-performing and low-performing groups. The findings include: 1) new insights into how specific log data fields are used to effectively assess potentially malicious activity; 2) obfuscating factors in log data from a human cognitive perspective; and 3) practical implications for tools to support log file investigations.","PeriodicalId":193860,"journal":{"name":"Symposium and Bootcamp on the Science of Security","volume":" 51","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-04-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"120827304","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
Improving mobile application security via bridging user expectations and application behaviors 通过连接用户期望和应用程序行为来提高移动应用程序的安全性
Symposium and Bootcamp on the Science of Security Pub Date : 2014-04-08 DOI: 10.1145/2600176.2600208
Wei Yang, Xusheng Xiao, Rahul Pandita, W. Enck, Tao Xie
{"title":"Improving mobile application security via bridging user expectations and application behaviors","authors":"Wei Yang, Xusheng Xiao, Rahul Pandita, W. Enck, Tao Xie","doi":"10.1145/2600176.2600208","DOIUrl":"https://doi.org/10.1145/2600176.2600208","url":null,"abstract":"To keep malware out of mobile application markets, existing techniques analyze the security aspects of application behaviors and summarize patterns of these security aspects to determine what applications do. However, user expectations (reflected via user perception in combination with user judgment) are often not incorporated into such analysis to determine whether application behaviors are within user expectations. This poster presents our recent work on bridging the semantic gap between user perceptions of the application behaviors and the actual application behaviors.","PeriodicalId":193860,"journal":{"name":"Symposium and Bootcamp on the Science of Security","volume":"66 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-04-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117300877","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
A rewriting-based forwards semantics for Maude-NPA Maude-NPA的基于重写的转发语义
Symposium and Bootcamp on the Science of Security Pub Date : 2014-04-08 DOI: 10.1145/2600176.2600186
Santiago Escobar, C. Meadows, J. Meseguer, Sonia Santiago
{"title":"A rewriting-based forwards semantics for Maude-NPA","authors":"Santiago Escobar, C. Meadows, J. Meseguer, Sonia Santiago","doi":"10.1145/2600176.2600186","DOIUrl":"https://doi.org/10.1145/2600176.2600186","url":null,"abstract":"The Maude-NRL Protocol Analyzer (Maude-NPA) is a tool for reasoning about the security of cryptographic protocols in which the cryptosystems satisfy different equational properties. It tries to find secrecy or authentication attacks by searching backwards from an insecure attack state pattern that may contain logical variables, in such a way that logical variables become properly instantiated in order to find an initial state. The execution mechanism for this logical reachability is narrowing modulo an equational theory. Although Maude-NPA also possesses a forwards semantics naturally derivable from the backwards semantics, it is not suitable for state space exploration or protocol simulation.\u0000 In this paper we define an executable forwards semantics for Maude-NPA, instead of its usual backwards one, and restrict it to the case of concrete states, that is, to terms without logical variables. This case corresponds to standard rewriting modulo an equational theory. We prove soundness and completeness of the backwards narrowing-based semantics with respect to the rewriting-based forwards semantics. We show its effectiveness as an analysis method that complements the backwards analysis with new prototyping, simulation, and explicit-state model checking features by providing some experimental results.","PeriodicalId":193860,"journal":{"name":"Symposium and Bootcamp on the Science of Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-04-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134059820","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
An analysis of Fedora security profile 对Fedora安全配置文件的分析
Symposium and Bootcamp on the Science of Security Pub Date : 2014-04-08 DOI: 10.1145/2600176.2600211
Shweta Subramani, M. Vouk, L. Williams
{"title":"An analysis of Fedora security profile","authors":"Shweta Subramani, M. Vouk, L. Williams","doi":"10.1145/2600176.2600211","DOIUrl":"https://doi.org/10.1145/2600176.2600211","url":null,"abstract":"This paper examines security faults/vulnerabilities reported for Fedora. Results indicate that, at least in some situations, fault roughly constant may be used to guide estimation of residual vulnerabilities in an already released product, as well as possibly guide testing of the next version of the product.","PeriodicalId":193860,"journal":{"name":"Symposium and Bootcamp on the Science of Security","volume":"23 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-04-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133140025","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Diversity-based detection of security anomalies 基于多样性的安全异常检测
Symposium and Bootcamp on the Science of Security Pub Date : 2014-04-08 DOI: 10.1145/2600176.2600205
R. Venkatakrishnan, M. Vouk
{"title":"Diversity-based detection of security anomalies","authors":"R. Venkatakrishnan, M. Vouk","doi":"10.1145/2600176.2600205","DOIUrl":"https://doi.org/10.1145/2600176.2600205","url":null,"abstract":"Detecting and preventing attacks before they compromise a system can be done using acceptance testing, redundancy based mechanisms, and using external consistency checking such external monitoring and watchdog processes. Diversity-based adjudication, is a step towards an oracle that uses knowable behavior of a healthy system. That approach, under best circumstances, is able to detect even zero-day attacks. In this approach we use functionally equivalent but in some way diverse components and we compare their output vectors and reactions for a given input vector. This paper discusses practical relevance of this approach in the context of recent web-service attacks.","PeriodicalId":193860,"journal":{"name":"Symposium and Bootcamp on the Science of Security","volume":"8 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-04-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114991293","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信