发布求助
文献互助 智能选刊 最新文献

Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy最新文献

筛选
英文 中文
Attribute Compartmentation and Greedy UCC Discovery for High-Dimensional Data Anonymization 高维数据匿名化的属性划分与贪婪UCC发现
Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy Pub Date : 2019-03-13 DOI: 10.1145/3292006.3300019
N. Podlesny, Anne Kayem, C. Meinel
{"title":"Attribute Compartmentation and Greedy UCC Discovery for High-Dimensional Data Anonymization","authors":"N. Podlesny, Anne Kayem, C. Meinel","doi":"10.1145/3292006.3300019","DOIUrl":"https://doi.org/10.1145/3292006.3300019","url":null,"abstract":"High-dimensional data is particularly useful for data analytics research. In the healthcare domain, for instance, high-dimensional data analytics has been used successfully for drug discovery. Yet, in order to adhere to privacy legislation, data analytics service providers must guarantee anonymity for data owners. In the context of high-dimensional data, ensuring privacy is challenging because increased data dimensionality must be matched by an exponential growth in the size of the data to avoid sparse datasets. Syntactically, anonymising sparse datasets with methods that rely of statistical significance, makes obtaining sound and reliable results, a challenge. As such, strong privacy is only achievable at the cost of high information loss, rendering the data unusable for data analytics. In this paper, we make two contributions to addressing this problem from both the privacy and information loss perspectives. First, we show that by identifying dependencies between attribute subsets we can eliminate privacy violating attributes from the anonymised dataset. Second, to minimise information loss, we employ a greedy search algorithm to determine and eliminate maximal partial unique attribute combinations. Thus, one only needs to find the minimal set of identifying attributes to prevent re-identification. Experiments on a health cloud based on the SAP HANA platform using a semi-synthetic medical history dataset comprised of 109 attributes, demonstrate the effectiveness of our approach.","PeriodicalId":246233,"journal":{"name":"Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-03-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122035812","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
Custom-made Anonymization by Data Analysis Program Provided by Recipient 由接收方提供的数据分析程序定制的匿名化
Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy Pub Date : 2019-03-13 DOI: 10.1145/3292006.3302380
Wakana Maeda, Yuji Yamaoka
{"title":"Custom-made Anonymization by Data Analysis Program Provided by Recipient","authors":"Wakana Maeda, Yuji Yamaoka","doi":"10.1145/3292006.3302380","DOIUrl":"https://doi.org/10.1145/3292006.3302380","url":null,"abstract":"Anonymization is a method used in privacy-preserving data publishing. Previous studies show that anonymization based on the request of a data recipient, the priority of attributes, helps to maintain data utility. However, it is difficult for recipients to generate requests because they can not know which attribute important without data analysis. To address this issue, we propose a framework for performing custom-made anonymization by data analysis program provided by recipient. This enables the recipient to generate a request after creating a program and performing an indirect analysis of an original dataset by the program. Moreover, we describe an inference attack model for this framework and propose a secure method for restraining such an attack.","PeriodicalId":246233,"journal":{"name":"Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy","volume":"119 1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-03-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115556037","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy 第九届ACM数据与应用安全与隐私会议论文集
Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy Pub Date : 2019-03-13 DOI: 10.1145/3292006
{"title":"Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy","authors":"","doi":"10.1145/3292006","DOIUrl":"https://doi.org/10.1145/3292006","url":null,"abstract":"","PeriodicalId":246233,"journal":{"name":"Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy","volume":"84 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-03-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114353923","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
PoLPer
Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy Pub Date : 2019-03-13 DOI: 10.1145/3292006.3300028
Yuseok Jeon, J. Rhee, C. Kim, Zhichun Li, Mathias Payer, Byoungyoung Lee, Zhenyu Wu
{"title":"PoLPer","authors":"Yuseok Jeon, J. Rhee, C. Kim, Zhichun Li, Mathias Payer, Byoungyoung Lee, Zhenyu Wu","doi":"10.1145/3292006.3300028","DOIUrl":"https://doi.org/10.1145/3292006.3300028","url":null,"abstract":"Setuid system calls enable critical functions such as user authentications and modular privileged components. Such operations must only be executed after careful validation. However, current systems do not perform rigorous checks, allowing exploitation of privileges through memory corruption vulnerabilities in privileged programs. As a solution, understanding which setuid system calls can be invoked in what context of a process allows precise enforcement of least privileges. We propose a novel comprehensive method to systematically extract and enforce least privilege of setuid system calls to prevent misuse. Our approach learns the required process contexts of setuid system calls along multiple dimensions: process hierarchy, call stack, and parameter in a process-aware way. Every setuid system call is then restricted to the per-process context by our kernel-level context enforcer. Previous approaches without process-awareness are too coarse-grained to control setuid system calls, resulting in over-privilege. Our method reduces available privileges even for identical code depending on whether it is run by a parent or a child process. We present our prototype called PoLPer which systematically discovers only required setuid system calls and effectively prevents real-world exploits targeting vulnerabilities of the setuid family of system calls in popular desktop and server software at near zero overhead.","PeriodicalId":246233,"journal":{"name":"Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy","volume":"93 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-03-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122400335","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
REAPER 收割者
Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy Pub Date : 2019-03-13 DOI: 10.1145/3292006.3300027
Michalis Diamantaris, Elias P. Papadopoulos, E. Markatos, S. Ioannidis, Jason Polakis
{"title":"REAPER","authors":"Michalis Diamantaris, Elias P. Papadopoulos, E. Markatos, S. Ioannidis, Jason Polakis","doi":"10.1145/3292006.3300027","DOIUrl":"https://doi.org/10.1145/3292006.3300027","url":null,"abstract":"Android's app ecosystem relies heavily on third-party libraries as they facilitate code development and provide a steady stream of revenue for developers. However, while Android has moved towards a more fine-grained run time permission system, users currently lack the required resources for deciding whether a specific permission request is actually intended for the app itself or is requested by possibly dangerous third-party libraries. In this paper we present Reaper, a novel dynamic analysis system that traces the permissions requested by apps in real time and distinguishes those requested by the app's core functionality from those requested by third-party libraries linked with the app. We implement a sophisticated UI automator and conduct an extensive evaluation of our system's performance and find that Reaper introduces negligible overhead, rendering it suitable both for end users (by integrating it in the OS) and for deployment as part of an official app vetting process. Our study on over 5K popular apps demonstrates the large extent to which personally identifiable information is being accessed by libraries and highlights the privacy risks that users face. We find that an impressive 65% of the permissions requested do not originate from the core app but are issued by linked third-party libraries, 37.3% of which are used for functionality related to ads, tracking, and analytics. Overall, Reaper enhances the functionality of Android's run time permission model without requiring OS or app modifications, and provides the necessary contextual information that can enable users to selectively deny permissions that are not part of an app's core functionality.","PeriodicalId":246233,"journal":{"name":"Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy","volume":"163 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-03-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125056949","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
ABACaaS
Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy Pub Date : 2019-03-13 DOI: 10.1145/3292006.3302381
Augustee Meshram, Satyaniranjan Das, S. Sural, Jaideep Vaidya, V. Atluri
{"title":"ABACaaS","authors":"Augustee Meshram, Satyaniranjan Das, S. Sural, Jaideep Vaidya, V. Atluri","doi":"10.1145/3292006.3302381","DOIUrl":"https://doi.org/10.1145/3292006.3302381","url":null,"abstract":"In recent years, Attribute-Based Access Control (ABAC) has emerged as the desired access control model in scenarios involving sharing of resources across multiple domains. This necessitates organizations using traditional access control models to use ABAC. However, ab initio deployment of ABAC is both cost and time intensive. In this paper, we present ABACaaS - a cloud service that enables any organization to integrate ABAC into their own environment irrespective of the platform they operate in. We show both SaaS as well as PaaS instances of ABACaaS along with results on its performance.","PeriodicalId":246233,"journal":{"name":"Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy","volume":"3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-03-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130969834","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Client Diversity Factor in HTTPS Webpage Fingerprinting HTTPS网页指纹识别中的客户端多样性因素
Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy Pub Date : 2019-03-13 DOI: 10.1145/3292006.3300045
Hasan Faik Alan, J. Kaur
{"title":"Client Diversity Factor in HTTPS Webpage Fingerprinting","authors":"Hasan Faik Alan, J. Kaur","doi":"10.1145/3292006.3300045","DOIUrl":"https://doi.org/10.1145/3292006.3300045","url":null,"abstract":"Webpage fingerprinting methods infer the webpages visited in a traffic trace and are serious threats to the privacy of web users. Prior work evaluates webpage fingerprinting methods using traffic samples from a single client and does not consider the client diversity factor---webpages can be visited using different browsers, operating systems and devices. In this paper, we study the impact of client diversity on HTTPS webpage fingerprinting. First, we evaluate 5 prominent fingerprinting methods using traffic samples from 19 different clients. We show that the best performing methods overfit to the traffic patterns of a single client and do not generalize when they are evaluated using the samples from a different client (even if the clients use the same browser and operating system and only differ in device). Then, we investigate the traffic patterns of the clients and find differences in the HTTP messages generated, servers communicated and implementation of HTTP/2 across the clients. Finally, we show that the robustness of the methods can be increased by training them using the samples from a diverse set of clients. This study informs the community towards a realistic threat model for HTTPS webpage fingerprinting and presents an analysis of modern HTTPS traffic.","PeriodicalId":246233,"journal":{"name":"Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy","volume":"39 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-03-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128350566","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
Understanding the Responsiveness of Mobile App Developers to Software Library Updates 了解移动应用程序开发人员对软件库更新的响应性
Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy Pub Date : 2019-03-13 DOI: 10.1145/3292006.3300020
Tatsuhiko Yasumatsu, Takuya Watanabe, Fumihiro Kanei, Eitaro Shioji, Mitsuaki Akiyama, Tatsuya Mori
{"title":"Understanding the Responsiveness of Mobile App Developers to Software Library Updates","authors":"Tatsuhiko Yasumatsu, Takuya Watanabe, Fumihiro Kanei, Eitaro Shioji, Mitsuaki Akiyama, Tatsuya Mori","doi":"10.1145/3292006.3300020","DOIUrl":"https://doi.org/10.1145/3292006.3300020","url":null,"abstract":"This paper reports a longitudinal measurement study aiming to understand how mobile app developers are responsive to updates of software libraries over time. To quantify their responsiveness to library updates, we collected 21,046 Android apps, which equated 142,611 unique application package kit (APK) files, each corresponding to a different version of an app. The release dates of these APK files spanned across 9 years. The key findings we derived from our analysis are as follows. (1) We observed an undesirable level of responsiveness of app developers; 50% of library update adoptions by app developers were performed for more than 3 months after the release date of the library, and 50% of outdated libraries used in apps were retained for over 10 months. (2) Deploying a security fix campaign in the app distribution market effectively reduced the number of apps with unfixed vulnerabilities; however, CVE-numbered vulnerabilities (without a campaign) were prone to remain unfixed. (3) The responsiveness of app developers varied and depended on multiple factors, for example, popular apps with a high number of installations had a better response to library updates and, while it took 77 days on average for app developers to adopt version updates for advertising libraries, it took 237 days for updates of utility libraries to be adopted. We discuss practical ways to eliminate libraries with vulnerabilities and to improve the responsiveness of app developers to library updates.","PeriodicalId":246233,"journal":{"name":"Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy","volume":"5 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-03-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128185512","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
PrivStream: Differentially Private Event Detection on Data Streams PrivStream:数据流的差分私有事件检测
Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy Pub Date : 2019-03-13 DOI: 10.1145/3292006.3302379
Maryam Fanaeepour, Ashwin Machanavajjhala
{"title":"PrivStream: Differentially Private Event Detection on Data Streams","authors":"Maryam Fanaeepour, Ashwin Machanavajjhala","doi":"10.1145/3292006.3302379","DOIUrl":"https://doi.org/10.1145/3292006.3302379","url":null,"abstract":"Event monitoring and detection in real-time systems is crucial. Protecting users' data while reporting an event in almost real-time will increase the level of this challenge. In this work, we adopt the strong notion of differential privacy to private stream counting for event detection with the aim of minimizing false positive and false negative rates as our utility metrics.","PeriodicalId":246233,"journal":{"name":"Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy","volume":"42 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-03-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114473587","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
BlAnC
Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy Pub Date : 2019-03-13 DOI: 10.1145/3292006.3300034
Gaurav Panwar, S. Misra, Roopa Vishwanathan
{"title":"BlAnC","authors":"Gaurav Panwar, S. Misra, Roopa Vishwanathan","doi":"10.1145/3292006.3300034","DOIUrl":"https://doi.org/10.1145/3292006.3300034","url":null,"abstract":"ces d´ecisions sur nos tutelles afin de changer d’´echelle d’action.","PeriodicalId":246233,"journal":{"name":"Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy","volume":"35 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-03-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116814689","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信