发布求助
文献互助 智能选刊 最新文献

2017 15th Annual Conference on Privacy, Security and Trust (PST)最新文献

筛选
英文 中文
No (Privacy) News is Good News: An Analysis of New York Times and Guardian Privacy News from 2010–2016 不(隐私)新闻就是好消息:2010-2016年《纽约时报》和《卫报》隐私新闻分析
2017 15th Annual Conference on Privacy, Security and Trust (PST) Pub Date : 2017-08-01 DOI: 10.1109/PST.2017.00027
Karthik Sheshadri, Nirav Ajmeri, Jessica Staddon
{"title":"No (Privacy) News is Good News: An Analysis of New York Times and Guardian Privacy News from 2010–2016","authors":"Karthik Sheshadri, Nirav Ajmeri, Jessica Staddon","doi":"10.1109/PST.2017.00027","DOIUrl":"https://doi.org/10.1109/PST.2017.00027","url":null,"abstract":"Privacy news influences end-user attitudes and behaviors as well as product and policy development, and so is an important data source for understanding privacy perceptions. We provide a largescale text mining of privacy news, focusing on patterns in sentiment and keywords. This is a challenging task given the lack of a privacy news repository and a ground truth for sentiment. Using high-precision data sets from two popular news sources in the U. S. and U. K., the New York Times and the Guardian, we find negative privacy news is far more common than positive. In addition, in the NYT, privacy news is more prominently reported than many world events involving significant human suffering. Our analysis provides a rich snapshot of this driver of privacy perceptions and demonstrates that news facilitates the systematization of privacy knowledge.","PeriodicalId":405887,"journal":{"name":"2017 15th Annual Conference on Privacy, Security and Trust (PST)","volume":"48 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122616442","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
On the Additional Chi-Square Tests for the IID Assumption of NIST SP 800-90B NIST SP 800-90B IID假设的附加卡方检验
2017 15th Annual Conference on Privacy, Security and Trust (PST) Pub Date : 2017-08-01 DOI: 10.1109/PST.2017.00051
Ju-Sung Kang, Hojoong Park, Yongjin Yeom
{"title":"On the Additional Chi-Square Tests for the IID Assumption of NIST SP 800-90B","authors":"Ju-Sung Kang, Hojoong Park, Yongjin Yeom","doi":"10.1109/PST.2017.00051","DOIUrl":"https://doi.org/10.1109/PST.2017.00051","url":null,"abstract":"Recently, NIST has published the second draft of SP 800-90B used for entropy estimations of random number generators. It is conducted within the framework of a cryptographic module validation program (CMVP) for the entropy source. The official evaluation criteria such as CMVP should be supported by rigorous and theoretical foundations so as to achieve the credibility and reliability of the evaluation process. For the theoretical background of the entropy estimation, it is assumed in SP 800-90B that the distribution of the entropy source is unknown since we cannot obtain an appropriate hypothesis about the distribution of the noise source which is a component of the entropy source. In this case, the nonparametric statistical method is commonly used. The test suite of SP 800-90B is divided into two major steps. The first step is to determine the track, IID(independent and identically distributed) or Non-IID, and the second step is to estimate the entropy of the given source. The permutation tests and additional chi-square tests are used to test IID assumption for entropy source in the first step, and when all tests in the first step are passed, the given source is determined as IID. Depending on whether the given data is determined as IID or Non-IID, the entropy estimation is conducted using different estimators in the second step. In this paper, we concentrate on the additional chi-square tests and analyze them from the view point of the nonparametric statistical method. We find out several defects of the degrees of freedom in the tests of independence for binary and non-binary data. We correct the degrees of freedom based on our analysis, and it solidifies the theoretical basis of SP 800- 90B. Furthermore, we provide some experimental results with the corrected degrees of freedom which show that the corrected tests are more effective.","PeriodicalId":405887,"journal":{"name":"2017 15th Annual Conference on Privacy, Security and Trust (PST)","volume":"17 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125972452","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
How Much Privilege Does an App Need? Investigating Resource Usage of Android Apps (Short Paper) 一个应用程序需要多少权限?调查Android应用程序的资源使用情况(短文)
2017 15th Annual Conference on Privacy, Security and Trust (PST) Pub Date : 2017-08-01 DOI: 10.1109/PST.2017.00039
Nurul Momen, T. Pulls, Lothar Fritsch, S. Lindskog
{"title":"How Much Privilege Does an App Need? Investigating Resource Usage of Android Apps (Short Paper)","authors":"Nurul Momen, T. Pulls, Lothar Fritsch, S. Lindskog","doi":"10.1109/PST.2017.00039","DOIUrl":"https://doi.org/10.1109/PST.2017.00039","url":null,"abstract":"Arguably, one of the default solutions to many of today's everyday errands is to install an app. In order to deliver a variety of convenient and user-centric services, apps need to access different types of information stored in mobile devices, much of which is personal information. In principle, access to such privacy sensitive data should be kept to a minimum. In this study, we focus on privilege utilization patterns by apps installed on Android devices. Though explicit consent is required prior to first time access to the resource, the unavailability of usage information makes it unclear when trying to reassess the users initial decision. On the other hand, if granted privilege with little or no usage, it would suggest the likely violation of the principle of least privilege. Our findings illustrate a plausible requirement for visualising resource usage to aid the user in their decisionmaking and finer access control mechanisms.","PeriodicalId":405887,"journal":{"name":"2017 15th Annual Conference on Privacy, Security and Trust (PST)","volume":"62 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124032994","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 14
Privacy is the Boring Bit: User Perceptions and Behaviour in the Internet-of-Things 隐私是无聊的部分:物联网中的用户感知和行为
2017 15th Annual Conference on Privacy, Security and Trust (PST) Pub Date : 2017-08-01 DOI: 10.1109/PST.2017.00029
Meredydd Williams, Jason R. C. Nurse, S. Creese
{"title":"Privacy is the Boring Bit: User Perceptions and Behaviour in the Internet-of-Things","authors":"Meredydd Williams, Jason R. C. Nurse, S. Creese","doi":"10.1109/PST.2017.00029","DOIUrl":"https://doi.org/10.1109/PST.2017.00029","url":null,"abstract":"In opinion polls, the public frequently claim to value their privacy. However, individuals often seem to overlook the principle, contributing to a disparity labelled the 'Privacy Paradox'. The growth of the Internet-of-Things (IoT) is frequently claimed to place privacy at risk. However, the Paradox remains underexplored in the IoT. In addressing this, we first conduct an online survey (N = 170) to compare public opinions of IoT and less-novel devices. Although we find users perceive privacy risks, many still decide to purchase smart devices. With the IoT rated less usable/familiar, we assert that it constrains protective behaviour. To explore this hypothesis, we perform contextualised interviews (N = 40) with the public. In these dialogues, owners discuss their opinions and actions with a personal device. We find the Paradox is significantly more prevalent in the IoT, frequently justified by a lack of awareness. We finish by highlighting the qualitative comments of users, and suggesting practical solutions to their issues. This is the first work, to our knowledge, to evaluate the Privacy Paradox over a broad range of technologies.","PeriodicalId":405887,"journal":{"name":"2017 15th Annual Conference on Privacy, Security and Trust (PST)","volume":"36 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128317982","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 53
Conditionally Secure Multiparty Computation using Secret Sharing Scheme for n < 2k-1 (Short Paper) 基于n < 2k-1秘密共享方案的条件安全多方计算(短文)
2017 15th Annual Conference on Privacy, Security and Trust (PST) Pub Date : 2017-08-01 DOI: 10.1109/PST.2017.00034
A. Kamal, Keiichi Iwamura
{"title":"Conditionally Secure Multiparty Computation using Secret Sharing Scheme for n < 2k-1 (Short Paper)","authors":"A. Kamal, Keiichi Iwamura","doi":"10.1109/PST.2017.00034","DOIUrl":"https://doi.org/10.1109/PST.2017.00034","url":null,"abstract":"Typically, when secrecy multiplication is performed in multiparty computation using Shamir's (k,n) threshold secret sharing scheme, the result is a polynomial with degree of 2k-2 instead of k-1 This causes a problem where, in order to reconstruct a multiplication result, the number of polynomials needed will increase from k to 2k-1. In this paper, we propose a multiparty computation that uses a secret sharing scheme that is secure against a product-sum operation but does not increase the degree of polynomial of the output. We prove that all combinations of the basic operations (addition, subtraction, multiplication, and division) can be performed securely using this scheme. We also propose three preconditions and finally show that our proposed method is information-theoretic secure against a passive adversary.","PeriodicalId":405887,"journal":{"name":"2017 15th Annual Conference on Privacy, Security and Trust (PST)","volume":"157 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115711211","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
Hiding Behind the Shoulders of Giants: Abusing Crawlers for Indirect Web Attacks 躲在巨人的肩膀后面:滥用爬虫进行间接网络攻击
2017 15th Annual Conference on Privacy, Security and Trust (PST) Pub Date : 2017-08-01 DOI: 10.1109/PST.2017.00049
Apostolis Zarras, F. Maggi
{"title":"Hiding Behind the Shoulders of Giants: Abusing Crawlers for Indirect Web Attacks","authors":"Apostolis Zarras, F. Maggi","doi":"10.1109/PST.2017.00049","DOIUrl":"https://doi.org/10.1109/PST.2017.00049","url":null,"abstract":"It could be argued that without search engines, the web would have never grown to the size that it has today. To achieve maximum coverage and provide relevant results, search engines employ large armies of autonomous crawlers that continuously scour the web, following links, indexing content, and collecting features that are then used to calculate the ranking of each page. In this paper, we describe how autonomous crawlers can be abused by attackers to exploit vulnerabilities on thirdparty websites while hiding the true origin of the attacks. Moreover, we show how certain vulnerabilities on websites that are currently deemed unimportant, can be abused in a way that would allow an attacker to arbitrarily boost the rankings of malicious websites in the search results of popular search engines. Motivated by the potentials of these vulnerabilities, we propose a series of preventive and defensive countermeasures that website owners and search engines can adopt to minimize, or altogether eliminate, the effects of crawler-abusing attacks.","PeriodicalId":405887,"journal":{"name":"2017 15th Annual Conference on Privacy, Security and Trust (PST)","volume":"10 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127425865","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Real-Time Detection and Reaction to Activity Hijacking Attacks in Android Smartphones (Short Paper) Android智能手机活动劫持攻击的实时检测和反应(短论文)
2017 15th Annual Conference on Privacy, Security and Trust (PST) Pub Date : 2017-08-01 DOI: 10.1109/PST.2017.00037
Anis Bkakria, M. Graa, N. Cuppens-Boulahia, F. Cuppens, Jean-Louis Lanet
{"title":"Real-Time Detection and Reaction to Activity Hijacking Attacks in Android Smartphones (Short Paper)","authors":"Anis Bkakria, M. Graa, N. Cuppens-Boulahia, F. Cuppens, Jean-Louis Lanet","doi":"10.1109/PST.2017.00037","DOIUrl":"https://doi.org/10.1109/PST.2017.00037","url":null,"abstract":"Most Android users are required to communicate sensitive data (passwords, usernames, security codes, and credit card numbers) with applications. Hacker can launch phishing attacks to compromise user data confidentiality. He/She stealthily injects into the foreground a hijacking Activity at the right timing to acquire private information. In this paper, we propose an effective approach that uses the similarity between launched Activities in order to detect and reacts to hijacking attacks during runtime time. We demonstrate the effectiveness of our solution by quantifying the number of false positives that can be generated by our system. We observe that, in the worst case, our solution generates 4.2% of false positives and incurs only 0.39% performance overhead on a CPU-bound micro-benchmark.","PeriodicalId":405887,"journal":{"name":"2017 15th Annual Conference on Privacy, Security and Trust (PST)","volume":"25 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125967585","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
How Much Privacy Does $3,165 Buy You? 3165美元能给你买多少隐私?
2017 15th Annual Conference on Privacy, Security and Trust (PST) Pub Date : 2017-08-01 DOI: 10.1109/PST.2017.00031
Jeremy Martin, Dane Brown, K. Merrion, Lamont Brown, Travis Mayberry
{"title":"How Much Privacy Does $3,165 Buy You?","authors":"Jeremy Martin, Dane Brown, K. Merrion, Lamont Brown, Travis Mayberry","doi":"10.1109/PST.2017.00031","DOIUrl":"https://doi.org/10.1109/PST.2017.00031","url":null,"abstract":"Security and privacy are frequently linked for good reason; the more specific information an attacker can gather regarding a person or organization, the more devastating or surgical a targeted attack can be. Armed with this knowledge, many individuals and organizations focus too heavily on protecting privacy while under-emphasizing or entirely neglecting actions which will actually make their systems more secure, a practice known as Security through Obscurity. Such is the case with the Institute of Electrical and Electronics Engineers (IEEE) practice of selling private Organizationally Unique Identifier (OUI) registrations to companies. This feature hides the name and personal information of the company that owns an address block in the IEEE public registry. In this paper, we track the adoption of private address allocation over time and attempt to unmask some of the companies behind this veil. We perform a cursory assessment of collected unencrypted frames transmitted by the devices implementing this practice. We identify that ∼86% of observed devices reveal their associated provenance through the content of their unencrypted transmissions, thereby rendering the privacy protection moot. Furthermore, we posit that the practice itself is flawed, inherently drawing unnecessary attention by the public nature of IEEE allocations. Our research reveals the ownership details of private addresses used by critical law enforcement, emergency services, and a variety of physical security systems. The results of our findings have been disclosed with the goal of raising awareness of companies and consumers using products with unsubstantiated security guarantees.","PeriodicalId":405887,"journal":{"name":"2017 15th Annual Conference on Privacy, Security and Trust (PST)","volume":"42 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124276955","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
RandHeap: Heap Randomization for Mitigating Heap Spray Attacks in Virtual Machines RandHeap:用于减轻虚拟机堆喷雾攻击的堆随机化
2017 15th Annual Conference on Privacy, Security and Trust (PST) Pub Date : 2017-08-01 DOI: 10.1109/PST.2017.00028
Abhinav Jangda, Mohit Mishra
{"title":"RandHeap: Heap Randomization for Mitigating Heap Spray Attacks in Virtual Machines","authors":"Abhinav Jangda, Mohit Mishra","doi":"10.1109/PST.2017.00028","DOIUrl":"https://doi.org/10.1109/PST.2017.00028","url":null,"abstract":"Virtual machines are an integral component of our present software systems infrastructure, including the web, and are here to stay. Web browsers like Google Chrome and Mozilla Firefox uses virtual machines to execute JavaScript code. Java Virtual Machines (JVMs) use just-in-time compilers to compile Java byte code to machine code. However, with the increasing use of virtual machines, they are also susceptible to security attacks. One such class of attack is the heap spray attack, wherein the attacker populates the heap with malicious code and exploits a vulnerability to jump to the populated malicious code in the heap, thereby enabling arbitrary code execution. In this paper, we present RandHeap, a technique to randomize the heap layout to detect and prevent heap spray attacks. RandHeap randomizes the heap in three different ways: (i) by randomizing object layout, (ii) by randomizing array layout, and (iii) by encrypting data stored on the heap. Using RandHeap, we were able to detect and prevent several heap spray attacks. For the evaluation of RandHeap, we implemented the concept of RandHeap in Google V8 and JikesRVM. We executed Octane 2.0 Benchmarks on Google V8 and Dacapo 9.12 Benchmarks on JikesRVM. Observations show that heap randomization using RandHeap is accompanied with low overhead and modest memory requirement. We implemented heap spraying attacks in Google V8 and JikesRVM and found that RandHeap was able to detect and prevent the attacks successfully.","PeriodicalId":405887,"journal":{"name":"2017 15th Annual Conference on Privacy, Security and Trust (PST)","volume":"18 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130124040","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
A Taxonomy of Secure Two-Party Comparison Protocols and Efficient Constructions 安全两方比较协议的分类及其高效构造
2017 15th Annual Conference on Privacy, Security and Trust (PST) Pub Date : 2017-08-01 DOI: 10.1109/PST.2017.00033
Nuttapong Attrapadung, Goichiro Hanaoka, S. Kiyomoto, Tomoaki Mimoto, Jacob C. N. Schuldt
{"title":"A Taxonomy of Secure Two-Party Comparison Protocols and Efficient Constructions","authors":"Nuttapong Attrapadung, Goichiro Hanaoka, S. Kiyomoto, Tomoaki Mimoto, Jacob C. N. Schuldt","doi":"10.1109/PST.2017.00033","DOIUrl":"https://doi.org/10.1109/PST.2017.00033","url":null,"abstract":"Secure two-party comparison plays a crucial role in many privacy-preserving applications, such as privacy-preserving data mining and machine learning. In particular, the available comparison protocols with the appropriate input/output configuration have a significant impact on the performance of these applications. In this paper, we firstly describe a taxonomy of secure two-party comparison protocols which allows us to describe the different configurations used for these protocols in a systematic manner. This taxonomy leads to a total of 216 types of comparison protocols.We then describe conversions among these types. While these conversions are based on known techniques and have explicitly or implicitly been considered previously, we show that a combination of these conversion techniques can be used to convert a perhaps less-known two-party comparison protocol by Nergiz et al. (IEEE SocialCom 2010) into a very efficient protocol in a configuration where the two parties hold shares of the values being compared, and obtain a share of the comparison result. This setting is often used in multi-party computation protocols, and hence in many privacy-preserving applications as well. We furthermore implement the protocol and measure its performance. Our measurement suggests that the protocol outperforms the previously proposed protocols for this input/output configuration, when off-line pre-computation is not permitted.","PeriodicalId":405887,"journal":{"name":"2017 15th Annual Conference on Privacy, Security and Trust (PST)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116357982","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信