发布求助
文献互助 智能选刊 最新文献

2015 IEEE Security and Privacy Workshops最新文献

筛选
英文 中文
Privacy-Preserving Statistical Analysis by Exact Logistic Regression 基于精确逻辑回归的隐私保护统计分析
2015 IEEE Security and Privacy Workshops Pub Date : 2015-05-21 DOI: 10.1109/SPW.2015.14
David duVerle, Shohei Kawasaki, Yoshiji Yamada, Jun Sakuma, K. Tsuda
{"title":"Privacy-Preserving Statistical Analysis by Exact Logistic Regression","authors":"David duVerle, Shohei Kawasaki, Yoshiji Yamada, Jun Sakuma, K. Tsuda","doi":"10.1109/SPW.2015.14","DOIUrl":"https://doi.org/10.1109/SPW.2015.14","url":null,"abstract":"Logistic regression is the method of choice in most genome-wide association studies (GWAS). Due to the heavy cost of performing iterative parameter updates when training such a model, existing methods have prohibitive communication and computational complexities that make them unpractical for real-life usage. We propose a new sampling-based secure protocol to compute exact statistics, that requires a constant number of communication rounds and a much lower number of computations. The publicly available implementation of our protocol (and its many optional optimisations adapted to different security scenarios) can, in a matter of hours, perform statistical testing of over 600 SNP variables across thousands of patients while accounting for potential confounding factors in the clinical data.","PeriodicalId":301535,"journal":{"name":"2015 IEEE Security and Privacy Workshops","volume":"40 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-05-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123473136","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 21
Towards More Security in Data Exchange: Defining Unparsers with Context-Sensitive Encoders for Context-Free Grammars 迈向数据交换中的更多安全:为上下文无关语法定义具有上下文敏感编码器的解析器
2015 IEEE Security and Privacy Workshops Pub Date : 2015-05-21 DOI: 10.1109/SPW.2015.29
Lars Hermerschmidt, Stephan Kugelmann, Bernhard Rumpe
{"title":"Towards More Security in Data Exchange: Defining Unparsers with Context-Sensitive Encoders for Context-Free Grammars","authors":"Lars Hermerschmidt, Stephan Kugelmann, Bernhard Rumpe","doi":"10.1109/SPW.2015.29","DOIUrl":"https://doi.org/10.1109/SPW.2015.29","url":null,"abstract":"To exchange complex data structures in distributed systems, documents written in context-free languages are exchanged among communicating parties. Unparsing these documents correctly is as important as parsing them correctly because errors during unparsing result in injection vulnerabilities such as cross-site scripting (XSS) and SQL injection. Injection attacks are not limited to the web world. Every program that uses input to produce documents in a context-free language may be vulnerable to this class of attack. Even for widely used languages such as HTML and JavaScript, there are few approaches that prevent injection attacks by context-sensitive encoding, and those approaches are tied to the language. Therefore, the aim of this paper is to derive context-sensitive encoder from context-free grammars to provide correct unparsing of maliciously crafted input data for all context-free languages. The presented solution integrates encoder definition into context-free grammars and provides a generator for context-sensitive encoders and decoders that are used during (un)parsing. This unparsing process results in documents where the input data does neither influence the structure of the document nor change their intended semantics. By defining encoding during language definition, developers who use the language are provided with a clean interface for writing and reading documents written in that language, without the need to care about security-relevant encoding.","PeriodicalId":301535,"journal":{"name":"2015 IEEE Security and Privacy Workshops","volume":"471 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-05-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123449046","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
The Correctness-Security Gap in Compiler Optimization 编译器优化中的正确性与安全性差距
2015 IEEE Security and Privacy Workshops Pub Date : 2015-05-21 DOI: 10.1109/SPW.2015.33
V. D'Silva, Mathias Payer, D. Song
{"title":"The Correctness-Security Gap in Compiler Optimization","authors":"V. D'Silva, Mathias Payer, D. Song","doi":"10.1109/SPW.2015.33","DOIUrl":"https://doi.org/10.1109/SPW.2015.33","url":null,"abstract":"There is a significant body of work devoted to testing, verifying, and certifying the correctness of optimizing compilers. The focus of such work is to determine if source code and optimized code have the same functional semantics. In this paper, we introduce the correctness-security gap, which arises when a compiler optimization preserves the functionality of but violates a security guarantee made by source code. We show with concrete code examples that several standard optimizations, which have been formally proved correct, in-habit this correctness-security gap. We analyze this gap and conclude that it arises due to techniques that model the state of the program but not the state of the underlying machine. We propose a broad research programme whose goal is to identify, understand, and mitigate the impact of security errors introduced by compiler optimizations. Our proposal includes research in testing, program analysis, theorem proving, and the development of new, accurate machine models for reasoning about the impact of compiler optimizations on security.","PeriodicalId":301535,"journal":{"name":"2015 IEEE Security and Privacy Workshops","volume":"10 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-05-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133331179","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 106
Genomic Privacy and Direct-to-Consumer Genetics: Big Consumer Genetic Data -- What's in that Contract? 基因组隐私和直接面向消费者的遗传学:大消费者基因数据——合同里有什么?
2015 IEEE Security and Privacy Workshops Pub Date : 2015-05-21 DOI: 10.1109/SPW.2015.19
A. Phillips
{"title":"Genomic Privacy and Direct-to-Consumer Genetics: Big Consumer Genetic Data -- What's in that Contract?","authors":"A. Phillips","doi":"10.1109/SPW.2015.19","DOIUrl":"https://doi.org/10.1109/SPW.2015.19","url":null,"abstract":"This is a brief position paper providing a summary of current research on the legal regulation of Direct-to-Consumer Genetic Testing (DTCGT), focussing on the contracts used by DTCGT companies. The overall aim of the larger project has been to explore the existing legal mechanims for the protection of the rights of consumers in their sequenced genetic data in the context of DTCGT. There are several areas of law which could be drawn upon to regulate the industry or which may have relevance for the protection of consumers (data protection, medical device regulation, consumer protection, product liability, and human rights). However, the current mechanism governing the transaction between the consumer and company when an individual purchases a genetic test from a DTCGT company is that website's contract, normally to be found on websites as Terms of Use, Terms of Service, Terms and Conditions, Privacy Policy or Privacy Statement.","PeriodicalId":301535,"journal":{"name":"2015 IEEE Security and Privacy Workshops","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-05-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132349111","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 10
Nom, A Byte oriented, streaming, Zero copy, Parser Combinators Library in Rust Nom,一个面向字节,流,零拷贝,Rust中的解析器组合器库
2015 IEEE Security and Privacy Workshops Pub Date : 2015-05-21 DOI: 10.1109/SPW.2015.31
Geoffroy Couprie
{"title":"Nom, A Byte oriented, streaming, Zero copy, Parser Combinators Library in Rust","authors":"Geoffroy Couprie","doi":"10.1109/SPW.2015.31","DOIUrl":"https://doi.org/10.1109/SPW.2015.31","url":null,"abstract":"The recently created language Rust has been presented as a safer way to write low level code, even able to replace C. Is it able to produce safe and efficient parsers? We show that Rust's features, like slicing, allow for powerful memory management, and that its type safety helps in writing correct parsers. We then study briefly how it can make streaming parsers, and how to provide better usability in a parsing library.","PeriodicalId":301535,"journal":{"name":"2015 IEEE Security and Privacy Workshops","volume":"52 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-05-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115534764","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 14
Grammatical Inference and Language Frameworks for LANGSEC LANGSEC的语法推理和语言框架
2015 IEEE Security and Privacy Workshops Pub Date : 2015-05-21 DOI: 10.1109/SPW.2015.17
Kerry N. Wood, Richard E. Harang
{"title":"Grammatical Inference and Language Frameworks for LANGSEC","authors":"Kerry N. Wood, Richard E. Harang","doi":"10.1109/SPW.2015.17","DOIUrl":"https://doi.org/10.1109/SPW.2015.17","url":null,"abstract":"Formal Language Theory for Security (LANGSEC) has proposed that formal language theory and grammars be used to define and secure protocols and parsers. The assumption is that by restricting languages to lower levels of the Chomsky hierarchy, it is easier to control and verify parser code. In this paper, we investigate an alternative approach to inferring grammars via pattern languages and elementary formal system frameworks. We summarize inferability results for subclasses of both frameworks and discuss how they map to the Chomsky hierarchy. Finally, we present initial results of pattern language learning on logged HTTP sessions and suggest future areas of research.","PeriodicalId":301535,"journal":{"name":"2015 IEEE Security and Privacy Workshops","volume":"21 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-05-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116529859","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
On the Generality and Convenience of Etypes 论类型的通用性和方便性
2015 IEEE Security and Privacy Workshops Pub Date : 2015-05-21 DOI: 10.1109/SPW.2015.16
W. M. Petullo, Joseph Suh
{"title":"On the Generality and Convenience of Etypes","authors":"W. M. Petullo, Joseph Suh","doi":"10.1109/SPW.2015.16","DOIUrl":"https://doi.org/10.1109/SPW.2015.16","url":null,"abstract":"The Ethos operating system provides a number of features which aid programmers as they craft robust computer programs. One such feature of Ethos is its distributed, mandatory type system -- Etypes. Etypes provides three key properties: (1) every Ethos object (e.g., A file or network connection) has a declared type, (2) Ethos forbids programs from writing ill-formed data to an object, and (3) Ethos forbids programs from reading ill-formed data from an object. In any case, programmers declare ahead of time the permitted data types, and Ethos' application of operating-system-level recognition simplifies their programs. This paper first investigates the generality of Etypes. Toward this end, we describe how to convert a grammar in Chomsky normal form into an Ethos type capable of expressing exactly the set of syntax trees which are valid vis-a-vis the grammar. Next, the paper addresses the convenience of Etypes. If Etypes does not make it easier to craft programs, then programmers will avoid the facilities it provides, for example by declaring string types which in fact serve to encode other types (here Etypes would check the string but not the encoded type). Finally, we present a sample distributed program for Ethos which makes use of the techniques we describe.","PeriodicalId":301535,"journal":{"name":"2015 IEEE Security and Privacy Workshops","volume":"74 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-05-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125952771","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Privacy by Design in Federated Identity Management 联邦身份管理中的隐私设计
2015 IEEE Security and Privacy Workshops Pub Date : 2015-05-21 DOI: 10.1109/SPW.2015.24
R. Hoerbe, Walter Hötzendorfer
{"title":"Privacy by Design in Federated Identity Management","authors":"R. Hoerbe, Walter Hötzendorfer","doi":"10.1109/SPW.2015.24","DOIUrl":"https://doi.org/10.1109/SPW.2015.24","url":null,"abstract":"Federated Identity Management (FIM), while solving important scalability, security and privacy problems of remote entity authentication, introduces new privacy risks. By virtue of sharing identities with many systems, the improved data quality of subjects may increase the possibilities of linking private data sets, moreover, new opportunities for user profiling are being introduced. However, FIM models to mitigate these risks have been proposed. In this paper we elaborate privacy by design requirements for this class of systems, transpose them into specific architectural requirements, and evaluate a number of FIM models with respect to these requirements. The contributions of this paper are a catalog of privacy-related architectural requirements, joining up legal, business and system architecture viewpoints, and the demonstration of concrete FIM models showing how the requirements can be implemented in practice.","PeriodicalId":301535,"journal":{"name":"2015 IEEE Security and Privacy Workshops","volume":"54 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-05-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117294796","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 11
Efficient Secure Outsourcing of Genome-Wide Association Studies 全基因组关联研究的高效安全外包
2015 IEEE Security and Privacy Workshops Pub Date : 2015-05-21 DOI: 10.1109/SPW.2015.11
Wen-jie Lu, Yoshiji Yamada, Jun Sakuma
{"title":"Efficient Secure Outsourcing of Genome-Wide Association Studies","authors":"Wen-jie Lu, Yoshiji Yamada, Jun Sakuma","doi":"10.1109/SPW.2015.11","DOIUrl":"https://doi.org/10.1109/SPW.2015.11","url":null,"abstract":"A genome-wide association study aimed at finding genetic variations associated with a particular disease is a common approach used in genetic epidemiology. We present a new efficient secure outsourcing computation of GWAS using homomorphic encryption based on ring-LWE. Our method works by virtue of the fact that integer vectors can be packed into a single cipher text and a scalar product of integer vectors can be evaluated using a single homomorphic multiplication. We demonstrate by experimentation that secure outsourcing computation of a ?2 test for independence with 5,000 samples can be processed in one second including communication time, which is 250 times faster than an existing FHE solution.","PeriodicalId":301535,"journal":{"name":"2015 IEEE Security and Privacy Workshops","volume":"634 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-05-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125241042","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 26
Decentralizing Privacy: Using Blockchain to Protect Personal Data 去中心化隐私:使用区块链保护个人数据
2015 IEEE Security and Privacy Workshops Pub Date : 2015-05-21 DOI: 10.1109/SPW.2015.27
Guy Zyskind, Oz Nathan, A. Pentland
{"title":"Decentralizing Privacy: Using Blockchain to Protect Personal Data","authors":"Guy Zyskind, Oz Nathan, A. Pentland","doi":"10.1109/SPW.2015.27","DOIUrl":"https://doi.org/10.1109/SPW.2015.27","url":null,"abstract":"The recent increase in reported incidents of surveillance and security breaches compromising users' privacy call into question the current model, in which third-parties collect and control massive amounts of personal data. Bit coin has demonstrated in the financial space that trusted, auditable computing is possible using a decentralized network of peers accompanied by a public ledger. In this paper, we describe a decentralized personal data management system that ensures users own and control their data. We implement a protocol that turns a block chain into an automated access-control manager that does not require trust in a third party. Unlike Bit coin, transactions in our system are not strictly financial -- they are used to carry instructions, such as storing, querying and sharing data. Finally, we discuss possible future extensions to block chains that could harness them into a well-rounded solution for trusted computing problems in society.","PeriodicalId":301535,"journal":{"name":"2015 IEEE Security and Privacy Workshops","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-05-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125589417","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1868
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信