发布求助
文献互助 智能选刊 最新文献

Proceedings of the 10th annual ACM workshop on Privacy in the electronic society最新文献

筛选
英文 中文
Loose tweets: an analysis of privacy leaks on twitter 松散的推文:对推特上隐私泄露的分析
Proceedings of the 10th annual ACM workshop on Privacy in the electronic society Pub Date : 2011-10-17 DOI: 10.1145/2046556.2046558
Huina Mao, Xin Shuai, Apu Kapadia
{"title":"Loose tweets: an analysis of privacy leaks on twitter","authors":"Huina Mao, Xin Shuai, Apu Kapadia","doi":"10.1145/2046556.2046558","DOIUrl":"https://doi.org/10.1145/2046556.2046558","url":null,"abstract":"Twitter has become one of the most popular microblogging sites for people to broadcast (or \"tweet\") their thoughts to the world in 140 characters or less. Since these messages are available for public consumption, one may expect these tweets not to contain private or incriminating information. Nevertheless we observe a large number of users who unwittingly post sensitive information about themselves and other people for whom there may be negative consequences. While some awareness exists of such privacy issues on social networks such as Twitter and Facebook, there has been no quantitative, scientific study addressing this problem. In this paper we make three major contributions. First, we characterize the nature of privacy leaks on Twitter to gain an understanding of what types of private information people are revealing on it. We specifically analyze three types of leaks: divulging vacation plans, tweeting under the influence of alcohol, and revealing medical conditions. Second, using this characterization we build automatic classifiers to detect incriminating tweets for these three topics in real time in order to demonstrate the real threat posed to users by, e.g., burglars and law enforcement. Third, we characterize who leaks information and how. We study both self- incriminating primary leaks and secondary leaks that reveal sensitive information about others, as well as the prevalence of leaks in status updates and conversation tweets. We also conduct a cross-cultural study to investigate the prevalence of leaks in tweets originating from the United States, United Kingdom and Singapore. Finally, we discuss how our classification system can be used as a defense mechanism to alert users of potential privacy leaks.","PeriodicalId":384270,"journal":{"name":"Proceedings of the 10th annual ACM workshop on Privacy in the electronic society","volume":"24 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-10-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126669264","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 201
Privacy of data outsourced to a cloud for selected readers through client-side encryption 通过客户端加密将数据外包给选定的读者的云
Proceedings of the 10th annual ACM workshop on Privacy in the electronic society Pub Date : 2011-10-17 DOI: 10.1145/2046556.2046580
W. Litwin, S. Jajodia, T. Schwarz
{"title":"Privacy of data outsourced to a cloud for selected readers through client-side encryption","authors":"W. Litwin, S. Jajodia, T. Schwarz","doi":"10.1145/2046556.2046580","DOIUrl":"https://doi.org/10.1145/2046556.2046580","url":null,"abstract":"We propose a scheme using client-side encryption with symmetric keys for the privacy of data outsourced to the cloud for selected readers. The scheme is safe under the most popular \"honest, but curious\" model. Readers get the keys from access grants or have them cached. LH* files store cloud data and metadata. Diffie-Hellman scheme authenticates clients. Every client can read any data, but only a grantee decrypts the content. Access to data is usually the fastest possible that is two messages and the decryption, regardless of the cloud scale up. Data or grant creation or update costs are also constant with a few messages and fast processing. All these features serve our main goal: the search speed and scalability yet unmatched to our best knowledge. The scheme is finally intentionally very simple.","PeriodicalId":384270,"journal":{"name":"Proceedings of the 10th annual ACM workshop on Privacy in the electronic society","volume":"17 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-10-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134487014","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 19
SPARC: a security and privacy aware virtual machinecheckpointing mechanism 一个具有安全和隐私意识的虚拟机检查点机制
Proceedings of the 10th annual ACM workshop on Privacy in the electronic society Pub Date : 2011-10-17 DOI: 10.1145/2046556.2046571
M. Gofman, Ruiqi Luo, Ping Yang, Kartik Gopalan
{"title":"SPARC: a security and privacy aware virtual machinecheckpointing mechanism","authors":"M. Gofman, Ruiqi Luo, Ping Yang, Kartik Gopalan","doi":"10.1145/2046556.2046571","DOIUrl":"https://doi.org/10.1145/2046556.2046571","url":null,"abstract":"Virtual Machine (VM) checkpointing enables a user to capture a snapshot of a running VM on persistent storage. VM checkpoints can be used to roll back the VM to a previous \"good\" state in order to recover from a VM crash or to undo a previous VM activity. Although VM checkpointing eases systems administration and improves usability, it can also increase the risks of exposing sensitive information. This is because the checkpoint may store VM's physical memory pages that contain confidential information such as clear text passwords, credit card numbers, patients' health records, tax returns, etc. This paper presents the design and implementation of SPARC, a security and privacy aware checkpointing mechanism. SPARC enables users to selectively exclude processes and terminal applications that contain sensitive data from being checkpointed. Selective exclusion is performed by the hypervisor by sanitizing memory pages in the checkpoint file that belong to the excluded applications. We describe the design challenges in effectively tracking and excluding process-specific memory contents from the checkpoint file in a VM running the commodity Linux operating system. Our preliminary results show that SPARC imposes only 1% - 5.3% of overhead if most pages are dirty before checkpointing is performed.","PeriodicalId":384270,"journal":{"name":"Proceedings of the 10th annual ACM workshop on Privacy in the electronic society","volume":"38 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-10-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127284929","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 21
Session details: Cryptographic solutions for privacy 会话详细信息:隐私的加密解决方案
Proceedings of the 10th annual ACM workshop on Privacy in the electronic society Pub Date : 2011-10-17 DOI: 10.1145/3244870
Roger Dingledine
{"title":"Session details: Cryptographic solutions for privacy","authors":"Roger Dingledine","doi":"10.1145/3244870","DOIUrl":"https://doi.org/10.1145/3244870","url":null,"abstract":"","PeriodicalId":384270,"journal":{"name":"Proceedings of the 10th annual ACM workshop on Privacy in the electronic society","volume":"29 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-10-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131571021","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Privacy-preserving smart metering 保护隐私的智能计量
Proceedings of the 10th annual ACM workshop on Privacy in the electronic society Pub Date : 2011-10-17 DOI: 10.1145/2046556.2046564
A. Rial, G. Danezis
{"title":"Privacy-preserving smart metering","authors":"A. Rial, G. Danezis","doi":"10.1145/2046556.2046564","DOIUrl":"https://doi.org/10.1145/2046556.2046564","url":null,"abstract":"Smart grid proposals threaten user privacy by potentially disclosing fine-grained consumption data to utility providers, primarily for time-of-use billing, but also for profiling, settlement, forecasting, tariff and energy efficiency advice. We propose a privacy-preserving protocol for general calculations on fine-grained meter readings, while keeping the use of tamper evident meters to a strict minimum. We allow users to perform and prove the correctness of computations based on readings on their own devices, without disclosing any fine grained consumption. Applying the protocols to time-of-use billing is particularly simple and efficient, but we also support a wider variety of tariff policies. Cryptographic proofs and multiple implementations are used to show the proposed protocols are secure and efficient.","PeriodicalId":384270,"journal":{"name":"Proceedings of the 10th annual ACM workshop on Privacy in the electronic society","volume":"12 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-10-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125165804","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 372
Website fingerprinting in onion routing based anonymization networks 基于洋葱路由的匿名网络中的网站指纹识别
Proceedings of the 10th annual ACM workshop on Privacy in the electronic society Pub Date : 2011-10-17 DOI: 10.1145/2046556.2046570
A. Panchenko, L. Niessen, Andreas Zinnen, T. Engel
{"title":"Website fingerprinting in onion routing based anonymization networks","authors":"A. Panchenko, L. Niessen, Andreas Zinnen, T. Engel","doi":"10.1145/2046556.2046570","DOIUrl":"https://doi.org/10.1145/2046556.2046570","url":null,"abstract":"Low-latency anonymization networks such as Tor and JAP claim to hide the recipient and the content of communications from a local observer, i.e., an entity that can eavesdrop the traffic between the user and the first anonymization node. Especially users in totalitarian regimes strongly depend on such networks to freely communicate. For these people, anonymity is particularly important and an analysis of the anonymization methods against various attacks is necessary to ensure adequate protection. In this paper we show that anonymity in Tor and JAP is not as strong as expected so far and cannot resist website fingerprinting attacks under certain circumstances. We first define features for website fingerprinting solely based on volume, time, and direction of the traffic. As a result, the subsequent classification becomes much easier. We apply support vector machines with the introduced features. We are able to improve recognition results of existing works on a given state-of-the-art dataset in Tor from 3% to 55% and in JAP from 20% to 80%. The datasets assume a closed-world with 775 websites only. In a next step, we transfer our findings to a more complex and realistic open-world scenario, i.e., recognition of several websites in a set of thousands of random unknown websites. To the best of our knowledge, this work is the first successful attack in the open-world scenario. We achieve a surprisingly high true positive rate of up to 73% for a false positive rate of 0.05%. Finally, we show preliminary results of a proof-of-concept implementation that applies camouflage as a countermeasure to hamper the fingerprinting attack. For JAP, the detection rate decreases from 80% to 4% and for Tor it drops from 55% to about 3%.","PeriodicalId":384270,"journal":{"name":"Proceedings of the 10th annual ACM workshop on Privacy in the electronic society","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-10-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121885675","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 460
Privacy-preserving traffic padding in web-based applications 在基于web的应用程序中保护隐私的流量填充
Proceedings of the 10th annual ACM workshop on Privacy in the electronic society Pub Date : 2011-10-17 DOI: 10.1145/2046556.2046573
Wen Ming Liu, Lingyu Wang, Pengsu Cheng, M. Debbabi
{"title":"Privacy-preserving traffic padding in web-based applications","authors":"Wen Ming Liu, Lingyu Wang, Pengsu Cheng, M. Debbabi","doi":"10.1145/2046556.2046573","DOIUrl":"https://doi.org/10.1145/2046556.2046573","url":null,"abstract":"While web-based applications are gaining popularity, they also pose new security challenges. In particular, Chen et al. recently revealed that many popular Web applications actually leak out highly sensitive data from encrypted traffic due to side-channel attacks using packet sizes and timing [1]. They further demonstrated that existing solutions usually incur a high overhead while still not guaranteeing privacy protection. In this paper, we observe a striking similarity between this issue and another well studied problem, privacy-preserving data publishing (PPDP). Based on such a similarity, we propose a formal model for privacy-preserving traffic padding (PPTP) that encompasses privacy requirement, padding cost, and padding methods.","PeriodicalId":384270,"journal":{"name":"Proceedings of the 10th annual ACM workshop on Privacy in the electronic society","volume":"22 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-10-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122500799","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
Cover locations: availing location-based services without revealing the location 覆盖位置:利用基于位置的服务而不透露位置
Proceedings of the 10th annual ACM workshop on Privacy in the electronic society Pub Date : 2011-10-17 DOI: 10.1145/2046556.2046576
Sai Teja Peddinti, Avis Dsouza, Nitesh Saxena
{"title":"Cover locations: availing location-based services without revealing the location","authors":"Sai Teja Peddinti, Avis Dsouza, Nitesh Saxena","doi":"10.1145/2046556.2046576","DOIUrl":"https://doi.org/10.1145/2046556.2046576","url":null,"abstract":"Location-Based Services (LBSs) have been gaining popularity due to a wide range of interesting and important applications being developed. However, the users availing such services are concerned about their location privacy, in that they are forced to reveal their sensitive location information to untrusted third-parties. In this paper, we propose a new privacy-preserving approach, Cover Locations, which allows a user to access an LBS without revealing his/her actual location. Based on its current location, the user's device queries for a few specifically chosen surrounding locations and constructs the results corresponding to its location from the results obtained for each queried location. Since the user location does not leave the user's device - as either a latitude and longitude pair, or as an obfuscated region - the user is guaranteed very high level of privacy. The Cover Locations approach only requires minimal changes on the user's device and can be readily deployed by privacy-conscious users. An adversary, trying to identify the user location, can only resolve the location to few triangular regions and not to the actual location itself. We evaluate the privacy provided by Cover Locations based on the number of locations queried and the total area under the resolved triangular regions. We also ascertain the robustness of Cover Locations approach when the adversary has access to a short-term user history, employing machine learning techniques. Overall, our results show that the proposed solution, which requires minor computations without the need for any out-of-band information such as traffic densities in a region or the road network information, is superior to other client-based solutions.","PeriodicalId":384270,"journal":{"name":"Proceedings of the 10th annual ACM workshop on Privacy in the electronic society","volume":"148 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-10-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114510278","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 28
Non-interactive distributed encryption: a new primitive for revocable privacy 非交互式分布式加密:可撤销隐私的新原语
Proceedings of the 10th annual ACM workshop on Privacy in the electronic society Pub Date : 2011-10-17 DOI: 10.1145/2046556.2046567
J. Hoepman, D. Galindo
{"title":"Non-interactive distributed encryption: a new primitive for revocable privacy","authors":"J. Hoepman, D. Galindo","doi":"10.1145/2046556.2046567","DOIUrl":"https://doi.org/10.1145/2046556.2046567","url":null,"abstract":"In this paper we introduce and instantiate a new cryptographic primitive, called non-interactive distributed encryption, that allows a receiver to decrypt a ciphertext only if a minimum number of different senders encrypt the same plaintext. The new functionality can be seen as the dual of the functionality provided by threshold cryptosystems. It is shown that this primitive can be used to solve real-world problems balancing security and privacy needs. In particular it is used to solve the canvas cutters problem (introduced below), that might be of independent interest.","PeriodicalId":384270,"journal":{"name":"Proceedings of the 10th annual ACM workshop on Privacy in the electronic society","volume":"36 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-10-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114709402","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 10
Private data indexes for selective access to outsourced data 用于选择性访问外包数据的私有数据索引
Proceedings of the 10th annual ACM workshop on Privacy in the electronic society Pub Date : 2011-10-17 DOI: 10.1145/2046556.2046566
S. Vimercati, S. Foresti, S. Jajodia, S. Paraboschi, P. Samarati
{"title":"Private data indexes for selective access to outsourced data","authors":"S. Vimercati, S. Foresti, S. Jajodia, S. Paraboschi, P. Samarati","doi":"10.1145/2046556.2046566","DOIUrl":"https://doi.org/10.1145/2046556.2046566","url":null,"abstract":"Cloud storage services have recently emerged as a successful approach for making resources conveniently available to large communities of users. Several techniques have been investigated for enabling such services, including encryption for ensuring data protection, as well as indexing for enabling efficient query execution on encrypted data. When data are to be made available selectively, the combined use of the two techniques must be handled with care, since indexes can put the confidentiality protection guaranteed by encryption at risk. In this paper, we investigate this issue and propose an indexing technique for supporting efficient access to encrypted data while preventing possible disclosure of data to users not authorized to access them. Intuitively, our indexing technique accounts for authorizations when producing indexes so to ensure that different occurrences of the same plaintext value, but accessible by different sets of users, be not recognizable from their indexes. We show that our solution exhibits a limited performance overhead in query evaluation, while preventing leakage of information.","PeriodicalId":384270,"journal":{"name":"Proceedings of the 10th annual ACM workshop on Privacy in the electronic society","volume":"31 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-10-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127881618","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 33
下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信