Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security最新文献

{"title":"Membership Privacy in MicroRNA-based Studies","authors":"M. Backes, Pascal Berrang, Mathias Humbert, Praveen Manoharan","doi":"10.1145/2976749.2978355","DOIUrl":"https://doi.org/10.1145/2976749.2978355","url":null,"abstract":"The continuous decrease in cost of molecular profiling tests is revolutionizing medical research and practice, but it also raises new privacy concerns. One of the first attacks against privacy of biological data, proposed by Homer et al. in 2008, showed that, by knowing parts of the genome of a given individual and summary statistics of a genome-based study, it is possible to detect if this individual participated in the study. Since then, a lot of work has been carried out to further study the theoretical limits and to counter the genome-based membership inference attack. However, genomic data are by no means the only or the most influential biological data threatening personal privacy. For instance, whereas the genome informs us about the risk of developing some diseases in the future, epigenetic biomarkers, such as microRNAs, are directly and deterministically affected by our health condition including most common severe diseases. In this paper, we show that the membership inference attack also threatens the privacy of individuals contributing their microRNA expressions to scientific studies. Our results on real and public microRNA expression data demonstrate that disease-specific datasets are especially prone to membership detection, offering a true-positive rate of up to 77% at a false-negative rate of less than 1%. We present two attacks: one relying on the L_1 distance and the other based on the likelihood-ratio test. We show that the likelihood-ratio test provides the highest adversarial success and we derive a theoretical limit on this success. In order to mitigate the membership inference, we propose and evaluate both a differentially private mechanism and a hiding mechanism. We also consider two types of adversarial prior knowledge for the differentially private mechanism and show that, for relatively large datasets, this mechanism can protect the privacy of participants in miRNA-based studies against strong adversaries without degrading the data utility too much. Based on our findings and given the current number of miRNAs, we recommend to only release summary statistics of datasets containing at least a couple of hundred individuals.","PeriodicalId":432261,"journal":{"name":"Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security","volume":"86 4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-10-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131373793","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"SandScout: Automatic Detection of Flaws in iOS Sandbox Profiles","authors":"Luke Deshotels, Răzvan Deaconescu, Mihai Chiroiu, Lucas Davi, W. Enck, A. Sadeghi","doi":"10.1145/2976749.2978336","DOIUrl":"https://doi.org/10.1145/2976749.2978336","url":null,"abstract":"Recent literature on iOS security has focused on the malicious potential of third-party applications, demonstrating how developers can bypass application vetting and code-level protections. In addition to these protections, iOS uses a generic sandbox profile called \"container\" to confine malicious or exploited third-party applications. In this paper, we present the first systematic analysis of the iOS container sandbox profile. We propose the SandScout framework to extract, decompile, formally model, and analyze iOS sandbox profiles as logic-based programs. We use our Prolog-based queries to evaluate file-based security properties of the container sandbox profile for iOS 9.0.2 and discover seven classes of exploitable vulnerabilities. These attacks affect non-jailbroken devices running later versions of iOS. We are working with Apple to resolve these attacks, and we expect that SandScout will play a significant role in the development of sandbox profiles for future versions of iOS.","PeriodicalId":432261,"journal":{"name":"Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security","volume":"8 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-10-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131706911","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"TaintART: A Practical Multi-level Information-Flow Tracking System for Android RunTime","authors":"Mingshen Sun, Tao Wei, John C.S. Lui","doi":"10.1145/2976749.2978343","DOIUrl":"https://doi.org/10.1145/2976749.2978343","url":null,"abstract":"Mobile operating systems like Android failed to provide sufficient protection on personal data, and privacy leakage becomes a major concern. To understand the security risks and privacy leakage, analysts have to carry out data-flow analysis. In 2014, Android upgraded with a fundamentally new design known as Android RunTime (ART) environment in Android 5.0. ART adopts ahead-of-time compilation strategy and replaces previous virtual-machine-based Dalvik. Unfortunately, many data-flow analysis systems like TaintDroid were designed for the legacy Dalvik environment. This makes data-flow analysis of new apps and malware infeasible. We design a multi-level information-flow tracking system for the new Android system called TaintART. TaintART employs a multi-level taint analysis technique to minimize the taint tag storage. Therefore, taint tags can be stored in processor registers to provide efficient taint propagation operations. We also customize the ART compiler to maximize performance gains of the ahead-of-time compilation optimizations. Based on the general design of TaintART, we also implement a multi-level privacy enforcement to prevent sensitive data leakage. We demonstrate that TaintART only incurs less than 15% overheads on a CPU-bound microbenchmark and negligible overhead on built-in or third-party applications. Compared to legacy Dalvik environment in Android 4.4, TaintART achieves about 99.7% faster performance for Java runtime benchmark.","PeriodicalId":432261,"journal":{"name":"Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security","volume":"4 22","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-10-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132938855","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"∑oφoς: Forward Secure Searchable Encryption","authors":"Raphael Bost","doi":"10.1145/2976749.2978303","DOIUrl":"https://doi.org/10.1145/2976749.2978303","url":null,"abstract":"Searchable Symmetric Encryption aims at making possible searching over an encrypted database stored on an untrusted server while keeping privacy of both the queries and the data, by allowing some small controlled leakage to the server. Recent work shows that dynamic schemes -- in which the data is efficiently updatable -- leaking some information on updated keywords are subject to devastating adaptative attacks breaking the privacy of the queries. The only way to thwart this attack is to design forward private schemes whose update procedure does not leak if a newly inserted element matches previous search queries. This work proposes Sophos as a forward private SSE scheme with performance similar to existing less secure schemes, and that is conceptually simpler (and also more efficient) than previous forward private constructions. In particular, it only relies on trapdoor permutations and does not use an ORAM-like construction. We also explain why Sophos is an optimal point of the security/performance tradeoff for SSE. Finally, an implementation and evaluation results demonstrate its practical efficiency.","PeriodicalId":432261,"journal":{"name":"Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security","volume":"376 ","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-10-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"113985971","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"POSTER: Static ROP Chain Detection Based on Hidden Markov Model Considering ROP Chain Integrity","authors":"Toshinori Usui, Tomonori Ikuse, Makoto Iwamura, T. Yada","doi":"10.1145/2976749.2989040","DOIUrl":"https://doi.org/10.1145/2976749.2989040","url":null,"abstract":"Return-oriented programming (ROP) has been crucial for attackers to evade the security mechanisms of operating systems. It is currently used in malicious documents that exploit viewer applications and cause malware infection. For inspecting a large number of commonly handled documents, high-performance and flexible-detection methods are required. However, current solutions are either time-consuming or less precise. In this paper, we propose a novel method for statically detecting ROP chains in malicious documents. Our method generates a hidden Markov model (HMM) of ROP chains as well as one of benign documents by learning known malicious and benign documents and libraries used for ROP gadgets. Detection is performed by calculating the likelihood ratio between malicious and benign HMMs. In addition, we reduce the number of false positives by ROP chain integrity checking, which confirms whether ROP gadgets link properly if they are executed. Experimental results showed that our method can detect ROP-based malicious documents with no false negatives and few false positives at high throughput.","PeriodicalId":432261,"journal":{"name":"Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security","volume":"17 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-10-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122494765","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Optimizing Semi-Honest Secure Multiparty Computation for the Internet","authors":"Aner Ben-Efraim, Yehuda Lindell, Eran Omri","doi":"10.1145/2976749.2978347","DOIUrl":"https://doi.org/10.1145/2976749.2978347","url":null,"abstract":"In the setting of secure multiparty computation, a set of parties with private inputs wish to compute some function of their inputs without revealing anything but their output. Over the last decade, the efficiency of secure two-party computation has advanced in leaps and bounds, with speedups of some orders of magnitude, making it fast enough to be of use in practice. In contrast, progress on the case of multiparty computation (with more than two parties) has been much slower, with very little work being done. Currently, the only implemented efficient multiparty protocol has many rounds of communication (linear in the depth of the circuit being computed) and thus is not suited for Internet-like settings where latency is not very low. In this paper, we construct highly efficient constant-round protocols for the setting of multiparty computation for semi-honest adversaries. Our protocols work by constructing a multiparty garbled circuit, as proposed in BMR (Beaver et al., STOC 1990). Our first protocol uses oblivious transfer and constitutes the first concretely-efficient constant-round multiparty protocol for the case of no honest majority. Our second protocol uses BGW, and is significantly more efficient than the FairplayMP protocol (Ben-David et al., CCS 2008) that also uses BGW. We ran extensive experimentation comparing our different protocols with each other and with a highly-optimized implementation of semi-honest GMW. Due to our protocol being constant round, it significantly outperforms GMW in Internet-like settings. For example, with 13 parties situated in the Virginia and Ireland Amazon regions and the SHA256 circuit with 90,000 gates and of depth 4000, the overall running time of our protocol is 25 seconds compared to 335 seconds for GMW. Furthermore, our online time is under half a second compared to 330 seconds for GMW.","PeriodicalId":432261,"journal":{"name":"Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security","volume":"35 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-10-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123083636","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"WISCS'16: The 3rd ACM Workshop on Information Sharing and Collaborative Security","authors":"F. Kerschbaum, Erik-Oliver Blass, T. Sander","doi":"10.1145/2976749.2990490","DOIUrl":"https://doi.org/10.1145/2976749.2990490","url":null,"abstract":"The objective of the 3rd ACM Workshop on Information Sharing and Collaborative Security is to advance the scientific foundations for sharing security-related data. Improving information sharing remains an important theme in the computer security community. A number of new sharing communities have been formed. Also, so called \"threat intelligence\" originating from open, commercial or governmental sources has by now become an important, commonly used tool for detecting and mitigating attacks in organizations. Security vendors are offering novel technologies for sharing, managing and consuming such data. The OASIS Technical Committee for Cyber Threat Intelligence (CTI) is creating a standard for structured sharing of information. This is the largest TC within OASIS attesting to the broad interest in the topic. As progress in real-life deployment of information sharing makes clear, the creation, analysis, sharing, and effective use of security data continues to raise intriguing technical problems. Addressing these problems will be critical for the ultimate success of sharing efforts and will benefit greatly from the diverse knowledge and techniques the scientific community brings. The 3rd ACM Workshop on Information Sharing and Collaborative Security (WISCS'16) brings together experts and practitioners from academia, industry, and government to present innovative research, case studies, and legal and policy issues. WISCS'16 is held in Vienna, Austria on October 24, 2016 in conjunction with the 23rd ACM Conference on Computer and Communications Security (ACM CCS 2016).","PeriodicalId":432261,"journal":{"name":"Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security","volume":"308 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-10-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121403860","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Lurking Malice in the Cloud: Understanding and Detecting Cloud Repository as a Malicious Service","authors":"Xiaojing Liao, Sumayah A. Alrwais, Kan Yuan, Luyi Xing, Xiaofeng Wang, S. Hao, R. Beyah","doi":"10.1145/2976749.2978349","DOIUrl":"https://doi.org/10.1145/2976749.2978349","url":null,"abstract":"The popularity of cloud hosting services also brings in new security challenges: it has been reported that these services are increasingly utilized by miscreants for their malicious online activities. Mitigating this emerging threat, posed by such \"bad repositories\" (simply Bar), is challenging due to the different hosting strategy to traditional hosting service, the lack of direct observations of the repositories by those outside the cloud, the reluctance of the cloud provider to scan its customers' repositories without their consent, and the unique evasion strategies employed by the adversary. In this paper, we took the first step toward understanding and detecting this emerging threat. Using a small set of \"seeds\" (i.e., confirmed Bars), we identified a set of collective features from the websites they serve (e.g., attempts to hide Bars), which uniquely characterize the Bars. These features were utilized to build a scanner that detected over 600 Bars on leading cloud platforms like Amazon, Google, and 150K sites, including popular ones like groupon.com, using them. Highlights of our study include the pivotal roles played by these repositories on malicious infrastructures and other important discoveries include how the adversary exploited legitimate cloud repositories and why the adversary uses Bars in the first place that has never been reported. These findings bring such malicious services to the spotlight and contribute to a better understanding and ultimately eliminating this new threat.","PeriodicalId":432261,"journal":{"name":"Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security","volume":"26 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-10-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115480067","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Leave Your Phone at the Door: Side Channels that Reveal Factory Floor Secrets","authors":"Avesta Hojjati, Anku Adhikari, Katarina Struckmann, Edward Chou, Thi Ngoc Tho Nguyen, Kushagra Madan, M. Winslett, Carl A. Gunter, William P. King","doi":"10.1145/2976749.2978323","DOIUrl":"https://doi.org/10.1145/2976749.2978323","url":null,"abstract":"From pencils to commercial aircraft, every man-made object must be designed and manufactured. When it is cheaper or easier to steal a design or a manufacturing process specification than to invent one's own, the incentive for theft is present. As more and more manufacturing data comes online, incidents of such theft are increasing. In this paper, we present a side-channel attack on manufacturing equipment that reveals both the form of a product and its manufacturing process, i.e., exactly how it is made. In the attack, a human deliberately or accidentally places an attack-enabled phone close to the equipment or makes or receives a phone call on any phone nearby. The phone executing the attack records audio and, optionally, magnetometer data. We present a method of reconstructing the product's form and manufacturing process from the captured data, based on machine learning, signal processing, and human assistance. We demonstrate the attack on a 3D printer and a CNC mill, each with its own acoustic signature, and discuss the commonalities in the sensor data captured for these two different machines. We compare the quality of the data captured with a variety of smartphone models. Capturing data from the 3D printer, we reproduce the form and process information of objects previously unknown to the reconstructors. On average, our accuracy is within 1 mm in reconstructing the length of a line segment in a fabricated object's shape and within 1 degree in determining an angle in a fabricated object's shape. We conclude with recommendations for defending against these attacks.","PeriodicalId":432261,"journal":{"name":"Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security","volume":"33 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-10-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115437588","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Enforcing Least Privilege Memory Views for Multithreaded Applications","authors":"T. Hsu, Kevin J. Hoffman, P. Eugster, Mathias Payer","doi":"10.1145/2976749.2978327","DOIUrl":"https://doi.org/10.1145/2976749.2978327","url":null,"abstract":"Failing to properly isolate components in the same address space has resulted in a substantial amount of vulnerabilities. Enforcing the least privilege principle for memory accesses can selectively isolate software components to restrict attack surface and prevent unintended cross-component memory corruption. However, the boundaries and interactions between software components are hard to reason about and existing approaches have failed to stop attackers from exploiting vulnerabilities caused by poor isolation. We present the secure memory views (SMV) model: a practical and efficient model for secure and selective memory isolation in monolithic multithreaded applications. SMV is a third generation privilege separation technique that offers explicit access control of memory and allows concurrent threads within the same process to partially share or fully isolate their memory space in a controlled and parallel manner following application requirements. An evaluation of our prototype in the Linux kernel (TCB < 1,800 LOC) shows negligible runtime performance overhead in real-world applications including Cherokee web server (< 0.69%), Apache httpd web server (< 0.93%), and Mozilla Firefox web browser (< 1.89%) with at most 12 LOC changes.","PeriodicalId":432261,"journal":{"name":"Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security","volume":"68 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-10-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126038114","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}