Proceedings 2019 Network and Distributed System Security Symposium最新文献

筛选
英文 中文
Network and System Security: 17th International Conference, NSS 2023, Canterbury, UK, August 14–16, 2023, Proceedings 网络与系统安全:第17届国际会议,NSS 2023,坎特伯雷,英国,8月14-16日,2023,论文集
Proceedings 2019 Network and Distributed System Security Symposium Pub Date : 2023-01-01 DOI: 10.1007/978-3-031-39828-5
{"title":"Network and System Security: 17th International Conference, NSS 2023, Canterbury, UK, August 14–16, 2023, Proceedings","authors":"","doi":"10.1007/978-3-031-39828-5","DOIUrl":"https://doi.org/10.1007/978-3-031-39828-5","url":null,"abstract":"","PeriodicalId":20444,"journal":{"name":"Proceedings 2019 Network and Distributed System Security Symposium","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2023-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"81658313","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Network and System Security: 16th International Conference, NSS 2022, Denarau Island, Fiji, December 9–12, 2022, Proceedings 网络和系统安全:第16届国际会议,NSS 2022,斐济德纳劳岛,12月9日至12日,2022,会议记录
Proceedings 2019 Network and Distributed System Security Symposium Pub Date : 2022-01-01 DOI: 10.1007/978-3-031-23020-2
{"title":"Network and System Security: 16th International Conference, NSS 2022, Denarau Island, Fiji, December 9–12, 2022, Proceedings","authors":"","doi":"10.1007/978-3-031-23020-2","DOIUrl":"https://doi.org/10.1007/978-3-031-23020-2","url":null,"abstract":"","PeriodicalId":20444,"journal":{"name":"Proceedings 2019 Network and Distributed System Security Symposium","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2022-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"82273301","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Network and System Security: 15th International Conference, NSS 2021, Tianjin, China, October 23, 2021, Proceedings 网络与系统安全:第15届国际会议,NSS 2021,天津,中国,2021年10月23日,会议录
Proceedings 2019 Network and Distributed System Security Symposium Pub Date : 2021-01-01 DOI: 10.1007/978-3-030-92708-0
{"title":"Network and System Security: 15th International Conference, NSS 2021, Tianjin, China, October 23, 2021, Proceedings","authors":"","doi":"10.1007/978-3-030-92708-0","DOIUrl":"https://doi.org/10.1007/978-3-030-92708-0","url":null,"abstract":"","PeriodicalId":20444,"journal":{"name":"Proceedings 2019 Network and Distributed System Security Symposium","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2021-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"90196936","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Network and System Security: 14th International Conference, NSS 2020, Melbourne, VIC, Australia, November 25–27, 2020, Proceedings 网络与系统安全:第14届国际会议,NSS 2020,墨尔本,维多利亚州,澳大利亚,11月25日至27日,2020,会议录
Proceedings 2019 Network and Distributed System Security Symposium Pub Date : 2020-01-01 DOI: 10.1007/978-3-030-65745-1
Kutyłowski, Jun Zhang, Chao Chen
{"title":"Network and System Security: 14th International Conference, NSS 2020, Melbourne, VIC, Australia, November 25–27, 2020, Proceedings","authors":"Kutyłowski, Jun Zhang, Chao Chen","doi":"10.1007/978-3-030-65745-1","DOIUrl":"https://doi.org/10.1007/978-3-030-65745-1","url":null,"abstract":"","PeriodicalId":20444,"journal":{"name":"Proceedings 2019 Network and Distributed System Security Symposium","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2020-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"86333389","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Neuro-Symbolic Execution: Augmenting Symbolic Execution with Neural Constraints 神经符号执行:神经约束下的增强符号执行
Proceedings 2019 Network and Distributed System Security Symposium Pub Date : 2019-07-23 DOI: 10.14722/ndss.2019.23530
Shiqi Shen, Shweta Shinde, Soundarya Ramesh, Abhik Roychoudhury, P. Saxena
{"title":"Neuro-Symbolic Execution: Augmenting Symbolic Execution with Neural Constraints","authors":"Shiqi Shen, Shweta Shinde, Soundarya Ramesh, Abhik Roychoudhury, P. Saxena","doi":"10.14722/ndss.2019.23530","DOIUrl":"https://doi.org/10.14722/ndss.2019.23530","url":null,"abstract":"Symbolic execution is a powerful technique for program analysis. However, it has many limitations in practical applicability: the path explosion problem encumbers scalability, the need for language-specific implementation, the inability to handle complex dependencies, and the limited expressiveness of theories supported by underlying satisfiability checkers. Often, relationships between variables of interest are not expressible directly as purely symbolic constraints. To this end, we present a new approach—neuro-symbolic execution—which learns an approximation of the relationship between program values of interest, as a neural network. We develop a procedure for checking satisfiability of mixed constraints, involving both symbolic expressions and neural representations. We implement our new approach in a tool called NEUEX as an extension of KLEE, a state-of-the-art dynamic symbolic execution engine. NEUEX finds 33 exploits in a benchmark of 7 programs within 12 hours. This is an improvement in the bug finding efficacy of 94% over vanilla KLEE. We show that this new approach drives execution down difficult paths on which KLEE and other DSE extensions get stuck, eliminating limitations of purely SMT-based techniques.","PeriodicalId":20444,"journal":{"name":"Proceedings 2019 Network and Distributed System Security Symposium","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2019-07-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"78204980","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 28
DroidCap: OS Support for Capability-based Permissions in Android DroidCap: Android中基于能力的权限的操作系统支持
Proceedings 2019 Network and Distributed System Security Symposium Pub Date : 2019-02-25 DOI: 10.14722/ndss.2019.23398
A. Dawoud, Sven Bugiel
{"title":"DroidCap: OS Support for Capability-based Permissions in Android","authors":"A. Dawoud, Sven Bugiel","doi":"10.14722/ndss.2019.23398","DOIUrl":"https://doi.org/10.14722/ndss.2019.23398","url":null,"abstract":"We present DroidCap, a retrofitting of Android’s central Binder IPC mechanism to change the way how permissions are being represented and managed in the system. In DroidCap, permissions are per-process Binder object capabilities. DroidCap's design removes Android’s UID-based ambient authority and allows the delegation of capabilities between processes to create least-privileged protection domains efficiently. With DroidCap, we show that object capabilities as underlying access control model integrates naturally and backward-compatible into Android’s stock permission model and application management. Thus, our Binder capabilities provide app developers with a new path to gradually adopting app compartmentalization, which we showcase at two favorite examples from the literature, privilege separated advertisement libraries and least privileged app components.","PeriodicalId":20444,"journal":{"name":"Proceedings 2019 Network and Distributed System Security Symposium","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2019-02-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"74924104","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 12
MBeacon: Privacy-Preserving Beacons for DNA Methylation Data MBeacon: DNA甲基化数据的隐私保护信标
Proceedings 2019 Network and Distributed System Security Symposium Pub Date : 2019-02-24 DOI: 10.14722/ndss.2019.23064
Inken Hagestedt, Yang Zhang, Mathias Humbert, Pascal Berrang, Haixu Tang, Xiaofeng Wang, M. Backes
{"title":"MBeacon: Privacy-Preserving Beacons for DNA Methylation Data","authors":"Inken Hagestedt, Yang Zhang, Mathias Humbert, Pascal Berrang, Haixu Tang, Xiaofeng Wang, M. Backes","doi":"10.14722/ndss.2019.23064","DOIUrl":"https://doi.org/10.14722/ndss.2019.23064","url":null,"abstract":"The advancement of molecular profiling techniques \u0000fuels biomedical research with a deluge of data. To facilitate \u0000data sharing, the Global Alliance for Genomics and Health \u0000established the Beacon system, a search engine designed to help \u0000researchers find datasets of interest. While the current Beacon \u0000system only supports genomic data, other types of biomedical \u0000data, such as DNA methylation, are also essential for advancing \u0000our understanding in the field. In this paper, we propose the first \u0000Beacon system for DNA methylation data sharing: MBeacon. As \u0000the current genomic Beacon is vulnerable to privacy attacks, such \u0000as membership inference, and DNA methylation data is highly \u0000sensitive, we take a privacy-by-design approach to construct \u0000MBeacon. \u0000First, we demonstrate the privacy threat, by proposing a \u0000membership inference attack tailored specifically to unprotected \u0000methylation Beacons. Our experimental results show that 100 \u0000queries are sufficient to achieve a successful attack with AUC \u0000(area under the ROC curve) above 0.9. To remedy this situation, \u0000we propose a novel differential privacy mechanism, namely SVT2 \u0000, \u0000which is the core component of MBeacon. Extensive experiments \u0000over multiple datasets show that SVT2 \u0000can successfully mitigate \u0000membership privacy risks without significantly harming utility. \u0000We further implement a fully functional prototype of MBeacon \u0000which we make available to the research community","PeriodicalId":20444,"journal":{"name":"Proceedings 2019 Network and Distributed System Security Symposium","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2019-02-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"78829063","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 38
JavaScript Template Attacks: Automatically Inferring Host Information for Targeted Exploits JavaScript模板攻击:自动推断主机信息的目标漏洞
Proceedings 2019 Network and Distributed System Security Symposium Pub Date : 2019-02-24 DOI: 10.14722/ndss.2019.23155
Michael Schwarz, F. Lackner, D. Gruss
{"title":"JavaScript Template Attacks: Automatically Inferring Host Information for Targeted Exploits","authors":"Michael Schwarz, F. Lackner, D. Gruss","doi":"10.14722/ndss.2019.23155","DOIUrl":"https://doi.org/10.14722/ndss.2019.23155","url":null,"abstract":"Today, more and more web browsers and extensions provide anonymity features to hide user details. Primarily used to evade tracking by websites and advertisements, these features are also used by criminals to prevent identification. Thus, not only tracking companies but also law-enforcement agencies have an interest in finding flaws which break these anonymity features. For instance, for targeted exploitation using zero days, it is essential to have as much information about the target as possible. A failed exploitation attempt, e.g., due to a wrongly guessed operating system, can burn the zero-day, effectively costing the attacker money. Also for side-channel attacks, it is of the utmost importance to know certain aspects of the victim’s hardware configuration, e.g., the instruction-set architecture. Moreover, knowledge about specific environmental properties, such as the operating system, allows crafting more plausible dialogues for phishing attacks. In this paper, we present a fully automated approach to find subtle differences in browser engines caused by the environment. Furthermore, we present two new side-channel attacks on browser engines to detect the instruction-set architecture and the used memory allocator. Using these differences, we can deduce information about the system, both about the software as well as the hardware. As a result, we cannot only ease the creation of fingerprints, but we gain the advantage of having a more precise picture for targeted exploitation. Our approach allows automating the cumbersome manual search for such differences. We collect all data available to the JavaScript engine and build templates from these properties. If a property of such a template stays the same on one system but differs on a different system, we found an environment-dependent property. We found environment-dependent properties in Firefox, Chrome, Edge, and mobile Tor, allowing us to reveal the underlying operating system, CPU architecture, used privacy-enhancing plugins, as well as exact browser version. We stress that our method should be used in the development of browsers and privacy extensions to automatically find flaws in the implementation.","PeriodicalId":20444,"journal":{"name":"Proceedings 2019 Network and Distributed System Security Symposium","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2019-02-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"91547241","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 45
Nearby Threats: Reversing, Analyzing, and Attacking Google's 'Nearby Connections' on Android 附近的威胁:逆转,分析和攻击谷歌在Android上的“附近连接”
Proceedings 2019 Network and Distributed System Security Symposium Pub Date : 2019-02-24 DOI: 10.14722/ndss.2019.23367
D. Antonioli, Nils Ole Tippenhauer, Kasper Bonne Rasmussen
{"title":"Nearby Threats: Reversing, Analyzing, and Attacking Google's 'Nearby Connections' on Android","authors":"D. Antonioli, Nils Ole Tippenhauer, Kasper Bonne Rasmussen","doi":"10.14722/ndss.2019.23367","DOIUrl":"https://doi.org/10.14722/ndss.2019.23367","url":null,"abstract":"Google’s Nearby Connections API enables any An-droid (and Android Things) application to provide proximity-based services to its users, regardless of their network connectivity.The API uses Bluetooth BR/EDR, Bluetooth LE and Wi-Fi to let“nearby” clients (discoverers) and servers (advertisers) connectand exchange different types of payloads. The implementation ofthe API is proprietary, closed-source and obfuscated. The updatesof the API are automatically installed by Google across differentversions of Android, without user interaction. Little is knownpublicly about the security guarantees offered by the API, eventhough it presents a significant attack surface.In this work we present the first security analysis of theGoogle’s Nearby Connections API, based on reverse-engineeringof its Android implementation. We discover and implement sev-eral attacks grouped into two families: connection manipulation(CMA) and range extension attacks (REA). CMA-attacks allow anattacker to insert himself as a man-in-the-middle and manipulateconnections (even unrelated to nearby), and to tamper withthe victim’s interface and network configuration. REA-attacksallow an attacker to tunnel any nearby connection to remotelocations, even between two honest devices. Our attacks areenabled by REArby, a toolkit we developed while reversingthe API implementation. REArby includes a dynamic binaryinstrumenter, a packet dissector, and the implementations ofcustom Nearby Connections client and server. We plan to open-source REArby after a responsible disclosure period.","PeriodicalId":20444,"journal":{"name":"Proceedings 2019 Network and Distributed System Security Symposium","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2019-02-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"75956019","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 20
Cybercriminal Minds: An investigative study of cryptocurrency abuses in the Dark Web 网络犯罪心理:对暗网中加密货币滥用的调查研究
Proceedings 2019 Network and Distributed System Security Symposium Pub Date : 2019-02-24 DOI: 10.14722/NDSS.2019.23055
Seunghyeon Lee, Changhoon Yoon, Heedo Kang, Yeonkeun Kim, Yongdae Kim, Dongsu Han, Sooel Son, Seungwon Shin
{"title":"Cybercriminal Minds: An investigative study of cryptocurrency abuses in the Dark Web","authors":"Seunghyeon Lee, Changhoon Yoon, Heedo Kang, Yeonkeun Kim, Yongdae Kim, Dongsu Han, Sooel Son, Seungwon Shin","doi":"10.14722/NDSS.2019.23055","DOIUrl":"https://doi.org/10.14722/NDSS.2019.23055","url":null,"abstract":"The Dark Web is notorious for being a major distribution channel of harmful content as well as unlawful goods. Perpetrators have also used cryptocurrencies to conduct illicit financial transactions while hiding their identities. The limited coverage and outdated data of the Dark Web in previous studies motivated us to conduct an in-depth investigative study to understand how perpetrators abuse cryptocurrencies in the Dark Web. We designed and implemented MFScope, a new framework which collects Dark Web data, extracts cryptocurrency information, and analyzes their usage characteristics on the Dark Web. Specifically, MFScope collected more than 27 million dark webpages and extracted around 10 million unique cryptocurrency addresses for Bitcoin, Ethereum, and Monero. It then classified their usages to identify trades of illicit goods and traced cryptocurrency money flows, to reveal black money operations on the Dark Web. In total, using MFScope we discovered that more than 80% of Bitcoin addresses on the Dark Web were used with malicious intent; their monetary volume was around 180 million USD, and they sent a large sum of their money to several popular cryptocurrency services (e.g., exchange services). Furthermore, we present two real-world unlawful services and demonstrate their Bitcoin transaction traces, which helps in understanding their marketing strategy as well as black money operations.","PeriodicalId":20444,"journal":{"name":"Proceedings 2019 Network and Distributed System Security Symposium","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2019-02-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"86598725","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 71
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信