发布求助
文献互助 智能选刊 最新文献

Proceedings of the 24th ACM Symposium on Access Control Models and Technologies最新文献

筛选
英文 中文
History and Future of Automated Vulnerability Analysis 自动化漏洞分析的历史和未来
Proceedings of the 24th ACM Symposium on Access Control Models and Technologies Pub Date : 2019-05-28 DOI: 10.1145/3322431.3326331
Adam Doupé
{"title":"History and Future of Automated Vulnerability Analysis","authors":"Adam Doupé","doi":"10.1145/3322431.3326331","DOIUrl":"https://doi.org/10.1145/3322431.3326331","url":null,"abstract":"The software upon which our modern society operates is riddled with security vulnerabilities. These vulnerabilities allow hackers access to our sensitive data and make our system insecure. To identify vulnerabilities in software, human experts, or vulnerability researchers, are employed. These human experts are quite expensive. And, more fundamentally, human experts cannot analyze every change made to every piece of software (any of which could introduce a security vulnerability). Therefore, automated vulnerability analysis techniques were developed to automatically perform the process of identifying security vulnerabilities in software systems. These tools attempt to democratize the vulnerability analysis process: allowing any developer to identify vulnerabilities in their software automatically, thus finding such vulnerabilities before a malicious hacker. In this keynote, I will discuss the history of automated vulnerability analysis, from both the binary and the web perspective. Binary fuzzing and black-box web application vulnerability analysis have many aspects in common, yet are often thought of separately. From this, I will discuss the future of automated vulnerability analysis, and how we can achieve the effectiveness of a human vulnerability researcher.","PeriodicalId":435953,"journal":{"name":"Proceedings of the 24th ACM Symposium on Access Control Models and Technologies","volume":"88 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-05-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122511545","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Session details: Junior Keynote 会议细节:初级主题演讲
Proceedings of the 24th ACM Symposium on Access Control Models and Technologies Pub Date : 2019-05-28 DOI: 10.1145/3338674
Adam J. Lee
{"title":"Session details: Junior Keynote","authors":"Adam J. Lee","doi":"10.1145/3338674","DOIUrl":"https://doi.org/10.1145/3338674","url":null,"abstract":"","PeriodicalId":435953,"journal":{"name":"Proceedings of the 24th ACM Symposium on Access Control Models and Technologies","volume":"32 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-05-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131953024","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Using Provenance for Secure Data Fusion in Cooperative Systems 基于溯源的协同系统安全数据融合
Proceedings of the 24th ACM Symposium on Access Control Models and Technologies Pub Date : 2019-05-28 DOI: 10.1145/3322431.3325100
Clara Bertolissi, J. D. Hartog, Nicola Zannone
{"title":"Using Provenance for Secure Data Fusion in Cooperative Systems","authors":"Clara Bertolissi, J. D. Hartog, Nicola Zannone","doi":"10.1145/3322431.3325100","DOIUrl":"https://doi.org/10.1145/3322431.3325100","url":null,"abstract":"In the context of cooperative systems, data coming from multiple, autonomous, heterogeneous information sources, is processed and fused into new pieces of information that can be further processed by other entities participating in the cooperation. Controlling the access to such evolving and variegated data, often under the authority of different entities, is challenging. In this work, we identify a set of access control requirements for multi-source cooperative systems and propose an attribute-based access control model where provenance information is used to specify access constraints that account for both the evolution of data objects and the process of data fusion. We demonstrate the feasibility of the proposed model by showing how it can be implemented within existing access control mechanisms with minimal changes.","PeriodicalId":435953,"journal":{"name":"Proceedings of the 24th ACM Symposium on Access Control Models and Technologies","volume":"73 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-05-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128709243","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
Poster 海报
Proceedings of the 24th ACM Symposium on Access Control Models and Technologies Pub Date : 2019-05-28 DOI: 10.1145/3322431.3326448
Feras M. Awaysheh, J. C. Cabaleiro, T. F. Pena, M. Alazab
{"title":"Poster","authors":"Feras M. Awaysheh, J. C. Cabaleiro, T. F. Pena, M. Alazab","doi":"10.1145/3322431.3326448","DOIUrl":"https://doi.org/10.1145/3322431.3326448","url":null,"abstract":"This paper intends to propose a trustworthy model for authenticating users and services over a Big Data Federation deployment architecture. The main goal of this model is to provide a Single-Sign-on (SSO) approach for the latest Hadoop 3.x platform. To achieve this, a conceptual model is proposed combining Hadoop access control primitives and the Apache Knox framework. The paper provides various insights regarding the latest ongoing developments and open challenges in this domain.","PeriodicalId":435953,"journal":{"name":"Proceedings of the 24th ACM Symposium on Access Control Models and Technologies","volume":"53 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-05-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115405181","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
A Rule-based Approach to the Decidability of Safety of ABACα 基于规则的ABACα安全可判决性研究
Proceedings of the 24th ACM Symposium on Access Control Models and Technologies Pub Date : 2019-05-28 DOI: 10.1145/3322431.3325416
M. Marin, Temur Kutsia, B. Dundua
{"title":"A Rule-based Approach to the Decidability of Safety of ABACα","authors":"M. Marin, Temur Kutsia, B. Dundua","doi":"10.1145/3322431.3325416","DOIUrl":"https://doi.org/10.1145/3322431.3325416","url":null,"abstract":"ABACα is a foundational model for attribute-based access control with a minimal set of capabilities to configure many access control models of interest, including the dominant traditional ones: discretionary (DAC), mandatory (MAC), and role-based (RBAC). A fundamental security problem in the design of ABAC is to ensure safety, that is, to guarantee that a certain subject can never gain certain permissions to access certain object(s). We propose a rule-based specification of ABACα and of its configurations, and the semantic framework of ρLog to turn this specification into executable code for the operational model of ABACα. Next, we identify some important properties of the operational model which allow us to define a rule-based algorithm for the safety problem, and to execute it with ρLog. The outcome is a practical tool to check safety of ABACα configurations. ρLog is a system for rule-based programming with strategies and built-in support for constraint logic programming (CLP). We argue that ρLog is an adequate framework for the specification and verification of safety of ABACα configurations. In particular, the authorization policies of ABACα can be interpreted properly by the CLP component of ρLog, and the operations of its functional specification can be described by five strategies defined by conditional rewrite rules.","PeriodicalId":435953,"journal":{"name":"Proceedings of the 24th ACM Symposium on Access Control Models and Technologies","volume":"114 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-05-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124774768","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 11
Effectively Enforcing Authorization Constraints for Emerging Space-Sensitive Technologies 有效实施新兴空间敏感技术的授权约束
Proceedings of the 24th ACM Symposium on Access Control Models and Technologies Pub Date : 2019-05-28 DOI: 10.1145/3322431.3325109
Carlos E. Rubio-Medrano, Shaishavkumar Jogani, Maria Leitner, Ziming Zhao, Gail-Joon Ahn
{"title":"Effectively Enforcing Authorization Constraints for Emerging Space-Sensitive Technologies","authors":"Carlos E. Rubio-Medrano, Shaishavkumar Jogani, Maria Leitner, Ziming Zhao, Gail-Joon Ahn","doi":"10.1145/3322431.3325109","DOIUrl":"https://doi.org/10.1145/3322431.3325109","url":null,"abstract":"Recently, applications that deliver customized content to end-users, e.g., digital objects on top of a video stream, depending on information such as their current physical location, usage patterns, personal data, etc., have become extremely popular. Despite their promising future, some concerns still exist with respect to the proper use of such space-sensitive applications (S-Apps) inside independently-run physical spaces, e.g., schools, museums, hospitals, memorials, etc. Based on the idea that innovative technologies should be paired with novel (and effective) security measures, this paper proposes space-sensitive access control (SSAC), an approach for restricting space-sensitive functionality in such independently-run physical spaces, allowing for the specification, evaluation and enforcement of rich and flexible authorization policies, which, besides meeting the specific needs for S-Apps, are also intended to avoid the need for interruptions in their normal use as well as repetitive policy updates, thus providing a convenient solution for both policy makers and end-users. We present a theoretical model, a proof-of-concept S-App, and a supporting API framework, which facilitate the policy crafting, storage, retrieval and evaluation processes, as well as the enforcement of authorization decisions. In addition, we present a performance case study depicting our proof-of-concept S-App in a set of realistic scenarios, as well as a user study which resulted in 90% of participants being able to understand and write authorization policies using our approach, and 93% of them also recognizing the need for restricting functionality in the context of emerging space-sensitive technologies, thus providing evidence that encourages the adoption of SSAC in practice.","PeriodicalId":435953,"journal":{"name":"Proceedings of the 24th ACM Symposium on Access Control Models and Technologies","volume":"298 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-05-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123274869","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
Verifying OAuth Implementations Through Encrypted Network Analysis 通过加密网络分析验证OAuth实现
Proceedings of the 24th ACM Symposium on Access Control Models and Technologies Pub Date : 2019-05-28 DOI: 10.1145/3322431.3326449
Josh Talkington, R. Dantu, Kirill Morozov
{"title":"Verifying OAuth Implementations Through Encrypted Network Analysis","authors":"Josh Talkington, R. Dantu, Kirill Morozov","doi":"10.1145/3322431.3326449","DOIUrl":"https://doi.org/10.1145/3322431.3326449","url":null,"abstract":"Verifying protocol implementations via application analysis can be cumbersome. Rapid development cycles of both the protocol and applications that use it can hinder up-to-date analysis. A better approach is to use formal models to characterize the applications platform and then verify the protocol through analysis of the network traffic tied to the models. To test this method, the popular protocol OAuth is considered. Currently, formal models of OAuth do not take into consideration the mobile environment, and implementation verification is largely based on code analysis. Our preliminary results are two fold; we sketch an extension to a formal model that incorporates the specifics of the Android platform and classify OAuth device types using machine learning on encrypted VPN traffic.","PeriodicalId":435953,"journal":{"name":"Proceedings of the 24th ACM Symposium on Access Control Models and Technologies","volume":"62 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-05-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123370002","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Access Control for Binary Integrity Protection using Ethereum 基于以太坊的二进制完整性保护访问控制
Proceedings of the 24th ACM Symposium on Access Control Models and Technologies Pub Date : 2019-05-28 DOI: 10.1145/3322431.3325108
O. Stengele, Andrea Baumeister, Pascal Birnstill, H. Hartenstein
{"title":"Access Control for Binary Integrity Protection using Ethereum","authors":"O. Stengele, Andrea Baumeister, Pascal Birnstill, H. Hartenstein","doi":"10.1145/3322431.3325108","DOIUrl":"https://doi.org/10.1145/3322431.3325108","url":null,"abstract":"The integrity of executable binaries is essential to the security of any device that runs them. At best, a manipulated binary can leave the system in question open to attack, and at worst, it can compromise the entire system by itself. In recent years, supply-chain attacks have demonstrated that binaries can even be compromised unbeknownst to their creators. This, in turn, leads to the dissemination of supposedly valid binaries that need to be revoked later. In this paper, we present and evaluate a concept for publishing and revoking integrity protecting information for binaries, based on the Ethereum Blockchain and its underlying peer-to-peer network. Smart Contracts are used to enforce access control over the publication and revocation of integrity preserving information, whereas the peer-to-peer network serves as a fast, global communication service to keep user clients informed. The Ethereum Blockchain serves as a tamper-evident, publicly-verifiable log of published and revoked binaries. Our implementation incurs costs comparable to registration fees for centralised software distribution platforms but allows publication and revocation of individual binaries within minutes. The proposed concept can be integrated incrementally into existing software distribution platforms, such as package repositories or various app stores.","PeriodicalId":435953,"journal":{"name":"Proceedings of the 24th ACM Symposium on Access Control Models and Technologies","volume":"29 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-05-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123681691","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 10
CMCAP CMCAP
Proceedings of the 24th ACM Symposium on Access Control Models and Technologies Pub Date : 2019-05-28 DOI: 10.1145/3322431.3325414
Theogene Hakiza Bucuti, R. Dantu, Kirill Morozov
{"title":"CMCAP","authors":"Theogene Hakiza Bucuti, R. Dantu, Kirill Morozov","doi":"10.1145/3322431.3325414","DOIUrl":"https://doi.org/10.1145/3322431.3325414","url":null,"abstract":"We present CMCAP (context-mapped capabilities), a decentralized mechanism for specifying and enforcing adaptive access control policies for resource-centric security. Policies in CMCAP express runtime constraints defined as containment domains with context-mapped capabilities, and ephemeral sandboxes for dynamically enforcing desired information flow properties while preserving functional correctness for the sandboxed programs. CMCAP is designed to remediate DAC's weakness and address the inflexibility that makes current MAC frameworks impractical to the common user. We use a Linux-based implementation of CMCAP to demonstrate how a program's dynamic profile is used for access control and intrusion prevention.","PeriodicalId":435953,"journal":{"name":"Proceedings of the 24th ACM Symposium on Access Control Models and Technologies","volume":"17 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-05-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117285883","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Toward Detection of Access Control Models from Source Code via Word Embedding 基于词嵌入的源代码访问控制模型检测
Proceedings of the 24th ACM Symposium on Access Control Models and Technologies Pub Date : 2019-05-28 DOI: 10.1145/3322431.3326329
John Heaps, Xiaoyin Wang, T. Breaux, Jianwei Niu
{"title":"Toward Detection of Access Control Models from Source Code via Word Embedding","authors":"John Heaps, Xiaoyin Wang, T. Breaux, Jianwei Niu","doi":"10.1145/3322431.3326329","DOIUrl":"https://doi.org/10.1145/3322431.3326329","url":null,"abstract":"Advancement in machine learning techniques in recent years has led to deep learning applications on source code. While there is little research available on the subject, the work that has been done shows great potential. We believe deep learning can be leveraged to obtain new insight into automated access control policy verification. In this paper, we describe our first step in applying learning techniques to access control, which consists of developing word embeddings to bootstrap learning tasks. We also discuss the future work on identifying access control enforcement code and checking access control policy violations, which can be enabled by word embeddings.","PeriodicalId":435953,"journal":{"name":"Proceedings of the 24th ACM Symposium on Access Control Models and Technologies","volume":"7 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-05-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123623816","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信