发布求助
文献互助 智能选刊 最新文献

Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security最新文献

筛选
英文 中文
Poster: TaintGrep: A Static Analysis Tool for Detecting Vulnerabilities of Android Apps Supporting User-defined Rules 海报:TaintGrep:用于检测支持自定义规则的Android应用程序漏洞的静态分析工具
Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security Pub Date : 2022-11-07 DOI: 10.1145/3548606.3563527
Ruiguo Yang, Jiajin Cai, Xinhui Han
{"title":"Poster: TaintGrep: A Static Analysis Tool for Detecting Vulnerabilities of Android Apps Supporting User-defined Rules","authors":"Ruiguo Yang, Jiajin Cai, Xinhui Han","doi":"10.1145/3548606.3563527","DOIUrl":"https://doi.org/10.1145/3548606.3563527","url":null,"abstract":"In this poster, we present TaintGrep, a novel static analysis approach to detect vulnerabilities of Android applications. This approach combines the advantages of semantic pattern matching and taint analysis to get better accuracy and be able to detect cross-function vulnerabilities. Compared with many traditional tools, TaintGrep does not require the full source code or building environment to analyze. Moreover, it supports users in defining their customized matching rules using their vulnerability mining experience, which makes this approach more flexible and scalable. In the preliminary experiment, we give a detailed analysis of the rules of two typical vulnerabilities: generic DoS and arbitrary file read/write, and have detected 77 0day vulnerabilities with these rules in 16 well-known Android applications.","PeriodicalId":435197,"journal":{"name":"Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security","volume":"69 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-11-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126062560","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Blazing Fast PSI from Improved OKVS and Subfield VOLE 从改进的OKVS和Subfield VOLE中获得的快速PSI
Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security Pub Date : 2022-11-07 DOI: 10.1145/3548606.3560658
Peter Rindal, Srinivasan Raghuraman
{"title":"Blazing Fast PSI from Improved OKVS and Subfield VOLE","authors":"Peter Rindal, Srinivasan Raghuraman","doi":"10.1145/3548606.3560658","DOIUrl":"https://doi.org/10.1145/3548606.3560658","url":null,"abstract":"We present new semi-honest and malicious secure PSI protocols that outperform all prior works by several times in both communication and running time. Our semi-honest protocol for n = 2^20 can be performed in 0.37 seconds compared to the previous best of 2 seconds (Kolesnikov et al., CCS 2016). This can be further reduced to 0.16 seconds with 4 threads. Similarly, our protocol sends 187n bits compared to 426n bits of the next most communication-efficient protocol (Rindal et al., Eurocrypt 2021). Additionally, we apply our new techniques to the circuit PSI protocol of Rindal et al. and observe a 6x improvement in running time. These performance results are obtained by two types of improvements. The first is an optimization to the protocol of Rindal et al. to utilize sub-field vector oblivious linear evaluation. This optimization allows our construction to be the first to achieve a communication complexity of O(n lambda + n log n) where lambda is the statistical security parameter. In particular, the communication overhead of our protocol does not scale with the computational security parameter times n. Our second improvement is to the OKVS data structure which our protocol crucially relies on. In particular, our construction improves both the computation and communication efficiency as compared to prior work (Garimella et al., Crypto 2021). These improvements stem from algorithmic changes to the data structure along with new techniques for obtaining both asymptotic and tight concrete bounds on its failure probability.","PeriodicalId":435197,"journal":{"name":"Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security","volume":"14 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-11-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125265510","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 19
Poster: ReMouse Dataset: Measuring Similarity of Human-Generated Trajectories as an Important Step in Dealing with Session-Replay Bots 海报:remomouse数据集:测量人类生成轨迹的相似性是处理会话重放机器人的重要步骤
Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security Pub Date : 2022-11-07 DOI: 10.1145/3548606.3563522
Shadi Sadeghpour, N. Vlajic
{"title":"Poster: ReMouse Dataset: Measuring Similarity of Human-Generated Trajectories as an Important Step in Dealing with Session-Replay Bots","authors":"Shadi Sadeghpour, N. Vlajic","doi":"10.1145/3548606.3563522","DOIUrl":"https://doi.org/10.1145/3548606.3563522","url":null,"abstract":"Session-replay bots are believed to be the latest and most advanced generation of web-bots, that are also difficult challenging to defend against. Combating session-replay bots is particularly problematic in online domains that get repeatedly visited by the same genuine human user(s), and possibly in the same/similar way - such as news, banking or gaming sites. Namely, in such domains, it is difficult to determine whether two look-alike sessions are produced by the same human user or these sessions are just bot-generated session replays. In this paper we introduce and provide to the public a novel real-world mouse dynamics dataset named ReMouse. ReMouse dataset is collected in a guided environment and, unlike other publicly available mouse dynamics dataset, it contains repeat-sessions generated by the same human user(s). As such, ReMouse dataset is first of its kind and is of particular relevance for studies on the development of effective defenses against session-replay bots. Our own statistical analysis of ReMouse dataset shows that not only two different human users are highly unlikely to generate same/similar looking sessions when performing the same/similar online task, but even the (repeat) sessions generated by the same human user are likely to be sufficiently distinguishable from one another.","PeriodicalId":435197,"journal":{"name":"Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security","volume":"88 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-11-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123759029","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
LoneNeuron: A Highly-Effective Feature-Domain Neural Trojan Using Invisible and Polymorphic Watermarks lonneuron:一种使用不可见和多态水印的高效特征域神经木马
Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security Pub Date : 2022-11-07 DOI: 10.1145/3548606.3560678
Zeyan Liu, Fengjun Li, Zhu Li, B. Luo
{"title":"LoneNeuron: A Highly-Effective Feature-Domain Neural Trojan Using Invisible and Polymorphic Watermarks","authors":"Zeyan Liu, Fengjun Li, Zhu Li, B. Luo","doi":"10.1145/3548606.3560678","DOIUrl":"https://doi.org/10.1145/3548606.3560678","url":null,"abstract":"The wide adoption of deep neural networks (DNNs) in real-world applications raises increasing security concerns. Neural Trojans embedded in pre-trained neural networks are a harmful attack against the DNN model supply chain. They generate false outputs when certain stealthy triggers appear in the inputs. While data-poisoning attacks have been well studied in the literature, code-poisoning and model-poisoning backdoors only start to attract attention until recently. We present a novel model-poisoning neural Trojan, namely LoneNeuron, which responds to feature-domain patterns that transform into invisible, sample-specific, and polymorphic pixel-domain watermarks. With high attack specificity, LoneNeuron achieves a 100% attack success rate, while not affecting the main task performance. With LoneNeuron's unique watermark polymorphism property, the same feature-domain trigger is resolved to multiple watermarks in the pixel domain, which further improves watermark randomness, stealthiness, and resistance against Trojan detection. Extensive experiments show that LoneNeuron could escape state-of-the-art Trojan detectors. LoneNeuron~is also the first effective backdoor attack against vision transformers (ViTs).","PeriodicalId":435197,"journal":{"name":"Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-11-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121510777","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
HammerScope HammerScope
Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security Pub Date : 2022-11-07 DOI: 10.1145/3548606.3560688
Yaakov Cohen, Kevin Sam Tharayil, Arie Haenel, Daniel Genkin, Angelos D. Keromytis, Yossi Oren, Y. Yarom
{"title":"HammerScope","authors":"Yaakov Cohen, Kevin Sam Tharayil, Arie Haenel, Daniel Genkin, Angelos D. Keromytis, Yossi Oren, Y. Yarom","doi":"10.1145/3548606.3560688","DOIUrl":"https://doi.org/10.1145/3548606.3560688","url":null,"abstract":"The constant reduction in memory cell sizes has increased memory density and reduced power consumption, but has also affected its reliability. The Rowhammer attack exploits this reduced reliability to induce bit flips in memory, without directly accessing these bits. Most Rowhammer attacks target software integrity, but some recent attacks demonstrated its use for compromising confidentiality. Continuing this trend, in this paper we observe that the rh attack strongly correlates with the memory instantaneous power consumption. We exploit this observation to design HammerScope, a Rowhammer-based attack technique for measuring the power consumption of the memory unit. Because the power consumption correlates with the level of activity of the memory, hs allows an attacker to infer memory activity. To demonstrate the offensive capabilities of HammerScope, we use it to mount three information leakage attacks. We first show that hs can be used to break kernel address-space layout randomization (KASLR). Our second attack uses memory activity as a covert channel for a Spectre attack, allowing us to leak information from the operating system kernel. Finally, we demonstrate the use of HammerScope for performing website fingerprinting, compromising user privacy. Our work demonstrates the importance of finding systematic solutions for Rowhammer attacks.","PeriodicalId":435197,"journal":{"name":"Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security","volume":"9 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-11-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127879894","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 11
Hecate 赫卡特
Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security Pub Date : 2022-11-07 DOI: 10.1163/1574-9347_bnp_e505900
Xinyang Ge, H. Kuo, Weidong Cui
{"title":"Hecate","authors":"Xinyang Ge, H. Kuo, Weidong Cui","doi":"10.1163/1574-9347_bnp_e505900","DOIUrl":"https://doi.org/10.1163/1574-9347_bnp_e505900","url":null,"abstract":"","PeriodicalId":435197,"journal":{"name":"Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security","volume":"17 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-11-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127978621","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Feta
Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security Pub Date : 2022-11-07 DOI: 10.1093/acref/9780192803511.013.0468
Carsten Baum, R. Jadoul, Emmanuela Orsini, Peter Scholl, Nigel P. Smart
{"title":"Feta","authors":"Carsten Baum, R. Jadoul, Emmanuela Orsini, Peter Scholl, Nigel P. Smart","doi":"10.1093/acref/9780192803511.013.0468","DOIUrl":"https://doi.org/10.1093/acref/9780192803511.013.0468","url":null,"abstract":"","PeriodicalId":435197,"journal":{"name":"Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security","volume":"1112 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-11-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127429068","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Acquirer 收购者
Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security Pub Date : 2022-11-07 DOI: 10.1007/springerreference_108
Yinxi Liu, W. Meng
{"title":"Acquirer","authors":"Yinxi Liu, W. Meng","doi":"10.1007/springerreference_108","DOIUrl":"https://doi.org/10.1007/springerreference_108","url":null,"abstract":"","PeriodicalId":435197,"journal":{"name":"Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security","volume":"38 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-11-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121574210","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Leakage and Tamper Resilient Permutation-Based Cryptography 基于泄漏和篡改弹性排列的密码术
Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security Pub Date : 2022-11-07 DOI: 10.1145/3548606.3560635
Christoph Dobraunig, Bart Mennink, R. Primas
{"title":"Leakage and Tamper Resilient Permutation-Based Cryptography","authors":"Christoph Dobraunig, Bart Mennink, R. Primas","doi":"10.1145/3548606.3560635","DOIUrl":"https://doi.org/10.1145/3548606.3560635","url":null,"abstract":"Implementation attacks such as power analysis and fault attacks have shown that, if potential attackers have physical access to a cryptographic device, achieving practical security requires more considerations apart from just cryptanalytic security. In recent years, and with the advent of micro-architectural or hardware-oriented attacks, it became more and more clear that similar attack vectors can also be exploited on larger computing platforms and without the requirement of physical proximity of an attacker. While newly discovered attacks typically come with implementation recommendations that help counteract a specific attack vector, the process of constantly patching cryptographic code is quite time consuming in some cases, and simply not possible in other cases. What adds up to the problem is that the popular approach of leakage resilient cryptography only provably solves part of the problem: it discards the threat of faults. Therefore, we put forward the usage of leakage and tamper resilient cryptographic algorithms, as they can offer built-in protection against various types of physical and hardware oriented attacks, likely including attack vectors that will only be discovered in the future. In detail, we present the - to the best of our knowledge - first framework for proving the security of permutation-based symmetric cryptographic constructions in the leakage and tamper resilient setting. As a proof of concept, we apply the framework to a sponge-based stream encryption scheme called asakey and provide a practical analysis of its resistance against side channel and fault attacks.","PeriodicalId":435197,"journal":{"name":"Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-11-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114885912","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
Demo --- SPoKE: Secure Polling and Knowledge Exchange 演示-发言:安全投票和知识交换
Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security Pub Date : 2022-11-07 DOI: 10.1145/3548606.3563701
Thomas Sandholm, Sayan Mukherjee, Bernardo A. Huberman
{"title":"Demo --- SPoKE: Secure Polling and Knowledge Exchange","authors":"Thomas Sandholm, Sayan Mukherjee, Bernardo A. Huberman","doi":"10.1145/3548606.3563701","DOIUrl":"https://doi.org/10.1145/3548606.3563701","url":null,"abstract":"We present a Web survey system demo that computes aggregates of sensitive data while protecting individual contributions using a novel secure aggregation algorithm implemented in a Web browser.","PeriodicalId":435197,"journal":{"name":"Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-11-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130814804","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信