发布求助
文献互助 智能选刊 最新文献

2016 IEEE Security and Privacy Workshops (SPW)最新文献

筛选
英文 中文
Hold and Sign: A Novel Behavioral Biometrics for Smartphone User Authentication 持有和签名:一种用于智能手机用户认证的新型行为生物识别技术
2016 IEEE Security and Privacy Workshops (SPW) Pub Date : 2016-05-22 DOI: 10.1109/SPW.2016.20
Attaullah Buriro, B. Crispo, Filippo Del Frari, K. Wrona
{"title":"Hold and Sign: A Novel Behavioral Biometrics for Smartphone User Authentication","authors":"Attaullah Buriro, B. Crispo, Filippo Del Frari, K. Wrona","doi":"10.1109/SPW.2016.20","DOIUrl":"https://doi.org/10.1109/SPW.2016.20","url":null,"abstract":"The search for new authentication methods to replace passwords for modern mobile devices such as smartphones and tablets has attracted a substantial amount of research in recent years. As a result, several new behavioral biometric schemes have been proposed. Most of these schemes, however, are uni-modal. This paper presents a new, bi-modal behavioral biometric solution for user authentication. The proposed mechanism takes into account micro-movements of a phone and movements of the user's finger during writing or signing on the touchscreen. More specifically, it profiles a user based on how he holds the phone and based on the characteristics of the points being pressed on the touchscreen, and not the produced signature image. We have implemented and evaluated our scheme on commercially available smartphones. Using Multilayer Perceptron (MLP) 1-class verifier, we achieved approx. 95% True Acceptance Rate (TAR) with 3.1% False Acceptance Rate (FAR) on a dataset of 30 volunteers. Preliminary results on usability show a positive opinion about our system.","PeriodicalId":341207,"journal":{"name":"2016 IEEE Security and Privacy Workshops (SPW)","volume":"2 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-05-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127735130","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 83
Research Report: Analysis of Software for Restricted Computational Environment Applicability 研究报告:有限计算环境软件适用性分析
2016 IEEE Security and Privacy Workshops (SPW) Pub Date : 2016-05-22 DOI: 10.1109/SPW.2016.38
Jacob I. Torrey, Jonathan Miodownik
{"title":"Research Report: Analysis of Software for Restricted Computational Environment Applicability","authors":"Jacob I. Torrey, Jonathan Miodownik","doi":"10.1109/SPW.2016.38","DOIUrl":"https://doi.org/10.1109/SPW.2016.38","url":null,"abstract":"Preliminary experiment design and research goals are presented to measure the applicability of restricted computational complexity environments in general purpose development efforts. The Linux kernel is examined through the lens of LangSec in order to gain insight into the make-up of the kernel code vis-à-vis the complexity class of recognizer for input to each component on the Chomsky Hierarchy. Manual analysis is assisted with LLVM Passes and comparison with the real-time Linux fork. This paper describes an on-going effort with the goals of justifying further research in the field of restricted computational environments.","PeriodicalId":341207,"journal":{"name":"2016 IEEE Security and Privacy Workshops (SPW)","volume":"20 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-05-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116052691","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
A Semi-Automated Methodology for Extracting Access Control Rules from the European Data Protection Directive 从欧洲数据保护指令中提取访问控制规则的半自动化方法
2016 IEEE Security and Privacy Workshops (SPW) Pub Date : 2016-05-22 DOI: 10.1109/SPW.2016.16
K. Fatema, C. Debruyne, D. Lewis, D. O’Sullivan, J. Morrison, Abdullah-Al Mazed
{"title":"A Semi-Automated Methodology for Extracting Access Control Rules from the European Data Protection Directive","authors":"K. Fatema, C. Debruyne, D. Lewis, D. O’Sullivan, J. Morrison, Abdullah-Al Mazed","doi":"10.1109/SPW.2016.16","DOIUrl":"https://doi.org/10.1109/SPW.2016.16","url":null,"abstract":"Handling personal data in a legally compliant way is an important factor for ensuring the trustworthiness of a service provider. The EU data protection directive (EU DPD) is built in such a way that the outcomes of rules are subject to explanations, contexts with dependencies, and human interpretation. Therefore, the process of obtaining deterministic and formal rules in policy languages from the EU DPD is difficult to fully automate. To tackle this problem, we demonstrate in this paper the use of a Controlled Natural Language (CNL) to encode the rules of the EU DPD, in a manner that can be automatically converted into the policy languages XACML and PERMIS. We also show that forming machine executable rules automatically from the controlled natural language grammar not only has the benefit of ensuring the correctness of those rules but also has potential of making the overall process more efficient.","PeriodicalId":341207,"journal":{"name":"2016 IEEE Security and Privacy Workshops (SPW)","volume":"22 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-05-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114067793","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 11
Sensor-Based Mobile Web Fingerprinting and Cross-Site Input Inference Attacks 基于传感器的移动Web指纹识别和跨站输入推理攻击
2016 IEEE Security and Privacy Workshops (SPW) Pub Date : 2016-05-22 DOI: 10.1109/SPW.2016.17
Chuan Yue
{"title":"Sensor-Based Mobile Web Fingerprinting and Cross-Site Input Inference Attacks","authors":"Chuan Yue","doi":"10.1109/SPW.2016.17","DOIUrl":"https://doi.org/10.1109/SPW.2016.17","url":null,"abstract":"Smartphone motion sensor data are not only accessible to native mobile apps, but have also become accessible to the webpages rendered in either mobile browsers or the WebView components of mobile apps. In this position paper, we highlight four types of broad and severe user fingerprinting and cross-site input inference attacks that can exploit the smartphone motion sensor data to compromise mobile web users' privacy and security, we also discuss some research topics for further investigating the effectiveness of these attacks and designing usable defense mechanisms.","PeriodicalId":341207,"journal":{"name":"2016 IEEE Security and Privacy Workshops (SPW)","volume":"100 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-05-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131795686","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 9
Polymorphic Malware Detection Using Sequence Classification Methods 基于序列分类方法的多态恶意软件检测
2016 IEEE Security and Privacy Workshops (SPW) Pub Date : 2016-05-22 DOI: 10.1109/SPW.2016.30
Jake Drew, T. Moore, Michael Hahsler
{"title":"Polymorphic Malware Detection Using Sequence Classification Methods","authors":"Jake Drew, T. Moore, Michael Hahsler","doi":"10.1109/SPW.2016.30","DOIUrl":"https://doi.org/10.1109/SPW.2016.30","url":null,"abstract":"Polymorphic malware detection is challenging due to the continual mutations miscreants introduce to successive instances of a particular virus. Such changes are akin to mutations in biological sequences. Recently, high-throughput methods for gene sequence classification have been developed by the bioinformatics and computational biology communities. In this paper, we argue that these methods can be usefully applied to malware detection. Unfortunately, gene classification tools are usually optimized for and restricted to an alphabet of four letters (nucleic acids). Consequently, we have selected the Strand gene sequence classifier, which offers a robust classification strategy that can easily accommodate unstructured data with any alphabet including source code or compiled machine code. To demonstrate Stand's suitability for classifying malware, we execute it on approximately 500GB of malware data provided by the Kaggle Microsoft Malware Classification Challenge (BIG 2015) used for predicting 9 classes of polymorphic malware. Experiments show that, with minimal adaptation, the method achieves accuracy levels well above 95% requiring only a fraction of the training times used by the winning team's method.","PeriodicalId":341207,"journal":{"name":"2016 IEEE Security and Privacy Workshops (SPW)","volume":"16 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-05-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134451716","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 55
From Privacy Impact Assessment to Social Impact Assessment 从隐私影响评估到社会影响评估
2016 IEEE Security and Privacy Workshops (SPW) Pub Date : 2016-05-22 DOI: 10.1109/SPW.2016.19
L. Edwards, Derek McAuley, Laurence Diver
{"title":"From Privacy Impact Assessment to Social Impact Assessment","authors":"L. Edwards, Derek McAuley, Laurence Diver","doi":"10.1109/SPW.2016.19","DOIUrl":"https://doi.org/10.1109/SPW.2016.19","url":null,"abstract":"In order to address the continued decline in consumer trust in all things digital, and specifically the Internet of Things (IoT), we propose a radical overhaul of IoT design processes. Privacy by Design has been proposed as a suitable framework, but we argue the current approach has two failings: it presents too abstract a framework to inform design, and it is often applied after many critical design decisions have been made in defining the business opportunity. To rebuild trust we need the philosophy of Privacy by Design to be transformed into a wider Social Impact Assessment and delivered with practical guidance to be applied at product/service concept stage as well as throughout the system's engineering.","PeriodicalId":341207,"journal":{"name":"2016 IEEE Security and Privacy Workshops (SPW)","volume":"108 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-05-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132969372","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 15
Grammatical Inference and Machine Learning Approaches to Post-Hoc LangSec Post-Hoc LangSec的语法推理和机器学习方法
2016 IEEE Security and Privacy Workshops (SPW) Pub Date : 2016-05-22 DOI: 10.1109/SPW.2016.26
Sheridan S. Curley, Richard E. Harang
{"title":"Grammatical Inference and Machine Learning Approaches to Post-Hoc LangSec","authors":"Sheridan S. Curley, Richard E. Harang","doi":"10.1109/SPW.2016.26","DOIUrl":"https://doi.org/10.1109/SPW.2016.26","url":null,"abstract":"Formal Language Theory for Security (LangSec) applies the tools of theoretical computer science to the problem of protocol design and analysis. In practice, most results have focused on protocol design, showing that by restricting the complexity of protocols it is possible to design parsers with desirable and formally verifiable properties, such as correctness and equivalence. When we consider existing protocols, however, many of these were not subjected to formal analysis during their design, and many are not implemented in a manner consistent with their formal documentation. Determining a grammar for such protocols is the first step in analyzing them, which places this problem in the domain of grammatical inference, for which a deep theoretical literature exists. In particular, although it has been shown that the higher level categories of the Chomsky hierarchy cannot be generically learned, it is also known that certain subcategories of that hierarchy can be effectively learned. In this paper, we summarize some theoretical results for inferring well-known Chomsky grammars, with special attention to context-free grammars (CFGs) and their generated languages (CFLs). We then demonstrate that, despite negative learnability results in the theoretical regime, we can use long short-term memory (LSTM) networks, a type of recurrent neural network (RNN) architecture, to learn a grammar for URIs that appear in Apache HTTP access logs for a particular server with high accuracy. We discuss these results in the context of grammatical inference, and suggest avenues for further research into learnability of a subgroup of the context-free grammars.","PeriodicalId":341207,"journal":{"name":"2016 IEEE Security and Privacy Workshops (SPW)","volume":"32 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-05-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133101389","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
A Critical Analysis of Privacy Design Strategies 隐私设计策略的批判性分析
2016 IEEE Security and Privacy Workshops (SPW) Pub Date : 2016-05-22 DOI: 10.1109/SPW.2016.23
Michael Colesky, J. Hoepman, Christiaan Hillen
{"title":"A Critical Analysis of Privacy Design Strategies","authors":"Michael Colesky, J. Hoepman, Christiaan Hillen","doi":"10.1109/SPW.2016.23","DOIUrl":"https://doi.org/10.1109/SPW.2016.23","url":null,"abstract":"The upcoming General Data Protection Regulation is quickly becoming of great concern to organizations which process personal data of European citizens. It is however nontrivial to translate these legal requirements into privacy friendly designs. One recently proposed approach to make 'privacy by design' more practical is privacy design strategies. This paper improves the strategy definitions and suggests an additional level of abstraction between strategies and privacy patterns: 'tactics'. We have identified a collection of such tactics based on an extensive literature review, in particular a catalogue of surveyed privacy patterns. We explore the relationships between the concepts we introduce and similar concepts used in software engineering. This paper helps bridge the gap between data protection requirements set out in law, and system development practice.","PeriodicalId":341207,"journal":{"name":"2016 IEEE Security and Privacy Workshops (SPW)","volume":"33 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-05-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114366481","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 132
Compliance Monitoring of Third-Party Applications in Online Social Networks 在线社交网络中第三方应用合规监控
2016 IEEE Security and Privacy Workshops (SPW) Pub Date : 2016-05-22 DOI: 10.1109/SPW.2016.13
Florian Kelbert, Alexander Fromm
{"title":"Compliance Monitoring of Third-Party Applications in Online Social Networks","authors":"Florian Kelbert, Alexander Fromm","doi":"10.1109/SPW.2016.13","DOIUrl":"https://doi.org/10.1109/SPW.2016.13","url":null,"abstract":"With the widespread adoption of Online Social Networks (OSNs), users increasingly also use corresponding third-party applications (TPAs), such as social games and applications for collaboration. To improve their social experience, TPAs access users' personal data via an API provided by the OSN. Applications are then expected to comply with certain security and privacy policies when handling the users' data. However, in practice, they might store, use, and distribute that data in all kinds of unapproved ways. We present an approach that transparently enforces security and privacy policies on TPAs that integrate with OSNs. To this end, we integrate concepts and implementations from the research areas of data usage control and information flow control. We instantiate these results in the context of TPAs in OSNs in order to enforce compliance with security and privacy policies that are provided by the OSN operator. We perform a preliminary evaluation of our approach on the basis of a TPA that integrates with the Facebook API.","PeriodicalId":341207,"journal":{"name":"2016 IEEE Security and Privacy Workshops (SPW)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-05-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116094836","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Activity Pattern Discovery from Network Captures 从网络捕获中发现活动模式
2016 IEEE Security and Privacy Workshops (SPW) Pub Date : 2016-05-22 DOI: 10.1109/SPW.2016.22
Alan C. Lin, Gilbert L. Peterson
{"title":"Activity Pattern Discovery from Network Captures","authors":"Alan C. Lin, Gilbert L. Peterson","doi":"10.1109/SPW.2016.22","DOIUrl":"https://doi.org/10.1109/SPW.2016.22","url":null,"abstract":"Investigating insider threat cases is challenging because activities are conducted with legitimate access that makes distinguishing malicious activities from normal activities difficult. To assist with identifying non-normal activities, we propose using two types of pattern discovery to identify a person's behavioral patterns in network data. The behavioral patterns serve to deemphasize normal behavior so that insider threat investigations can focus attention on potentially more relevant. Results from a controlled experiment demonstrate the highlighting of a suspicious event through the reduction of events belonging to discovered patterns.","PeriodicalId":341207,"journal":{"name":"2016 IEEE Security and Privacy Workshops (SPW)","volume":"422 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-05-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132555060","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信