发布求助
文献互助 智能选刊 最新文献

Proceedings of the 15th ACM conference on Computer and communications security最新文献

筛选
英文 中文
Session details: System security 1 会话详细信息:系统安全
Proceedings of the 15th ACM conference on Computer and communications security Pub Date : 2008-10-27 DOI: 10.1145/3260808
Wenke Lee
{"title":"Session details: System security 1","authors":"Wenke Lee","doi":"10.1145/3260808","DOIUrl":"https://doi.org/10.1145/3260808","url":null,"abstract":"","PeriodicalId":440730,"journal":{"name":"Proceedings of the 15th ACM conference on Computer and communications security","volume":"67 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117012885","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
A look in the mirror: attacks on package managers 照镜子:对包管理器的攻击
Proceedings of the 15th ACM conference on Computer and communications security Pub Date : 2008-10-27 DOI: 10.1145/1455770.1455841
Justin Cappos, Justin Samuel, S. Baker, J. Hartman
{"title":"A look in the mirror: attacks on package managers","authors":"Justin Cappos, Justin Samuel, S. Baker, J. Hartman","doi":"10.1145/1455770.1455841","DOIUrl":"https://doi.org/10.1145/1455770.1455841","url":null,"abstract":"This work studies the security of ten popular package managers. These package managers use different security mechanisms that provide varying levels of usability and resilience to attack. We find that, despite their existing security mechanisms, all of these package managers have vulnerabilities that can be exploited by a man-in-the-middle or a malicious mirror. While all current package managers suffer from vulnerabilities, their security is also positively or negatively impacted by the distribution's security practices. Weaknesses in package managers are more easily exploited when distributions use third-party mirrors as official mirrors. We were successful in using false credentials to obtain an official mirror on all five of the distributions we attempted. We also found that some security mechanisms that control where a client obtains metadata and packages from may actually decrease security. We analyze current package managers to show that by exploiting vulnerabilities, an attacker with a mirror can compromise or crash hundreds to thousands of clients weekly. The problems we disclose are now being corrected by many different package manager maintainers.","PeriodicalId":440730,"journal":{"name":"Proceedings of the 15th ACM conference on Computer and communications security","volume":"25 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134645558","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 82
BootJacker: compromising computers using forced restarts BootJacker:使用强制重启危及计算机
Proceedings of the 15th ACM conference on Computer and communications security Pub Date : 2008-10-27 DOI: 10.1145/1455770.1455840
Ellick Chan, Jeffrey C. Carlyle, Francis M. David, R. Farivar, R. Campbell
{"title":"BootJacker: compromising computers using forced restarts","authors":"Ellick Chan, Jeffrey C. Carlyle, Francis M. David, R. Farivar, R. Campbell","doi":"10.1145/1455770.1455840","DOIUrl":"https://doi.org/10.1145/1455770.1455840","url":null,"abstract":"BootJacker is a proof-of-concept attack tool which demonstrates that authentication mechanisms employed by an operating system can be bypassed by obtaining physical access and simply forcing a restart. The key insight that enables this attack is that the contents of memory on some machines are fully preserved across a warm boot. Upon a reboot, BootJacker uses this residual memory state to revive the original host operating system environment and run malicious payloads. Using BootJacker, an attacker can break into a locked user session and gain access to open encrypted disks, web browser sessions or other secure network connections. BootJacker's non-persistent design makes it possible for an attacker to leave no traces on the victim machine.","PeriodicalId":440730,"journal":{"name":"Proceedings of the 15th ACM conference on Computer and communications security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114078948","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 35
Type-checking zero-knowledge 类型检查0知识
Proceedings of the 15th ACM conference on Computer and communications security Pub Date : 2008-10-27 DOI: 10.1145/1455770.1455816
M. Backes, Catalin Hritcu, Matteo Maffei
{"title":"Type-checking zero-knowledge","authors":"M. Backes, Catalin Hritcu, Matteo Maffei","doi":"10.1145/1455770.1455816","DOIUrl":"https://doi.org/10.1145/1455770.1455816","url":null,"abstract":"This paper presents the first type system for statically analyzing security protocols that are based on zero-knowledge proofs. We show how certain properties offered by zero-knowledge proofs can be characterized in terms of authorization policies and statically enforced by a type system. The analysis is modular and compositional, and provides security proofs for an unbounded number of protocol executions. We develop a new type-checker that conducts the analysis in a fully automated manner. We exemplify the applicability of our technique to real-world protocols by verifying the authenticity and secrecy properties of the Direct Anonymous Attestation (DAA) protocol. The analysis of DAA takes less than three seconds.","PeriodicalId":440730,"journal":{"name":"Proceedings of the 15th ACM conference on Computer and communications security","volume":"8 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123881119","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 53
Traitor tracing with constant size ciphertext 用固定大小的密文跟踪叛徒
Proceedings of the 15th ACM conference on Computer and communications security Pub Date : 2008-10-27 DOI: 10.1145/1455770.1455834
D. Boneh, M. Naor
{"title":"Traitor tracing with constant size ciphertext","authors":"D. Boneh, M. Naor","doi":"10.1145/1455770.1455834","DOIUrl":"https://doi.org/10.1145/1455770.1455834","url":null,"abstract":"A traitor tracing system enables a publisher to trace a pirate decryption box to one of the secret keys used to create the box. We present a traitor tracing system where ciphertext size is \"constant,\" namely independent of the number of users in the system and the collusion bound. A ciphertext in our system consists of only two elements where the length of each element depends only on the security parameter. The down side is that private-key size is quadratic in the collusion bound. Our construction is based on recent constructions for fingerprinting codes.","PeriodicalId":440730,"journal":{"name":"Proceedings of the 15th ACM conference on Computer and communications security","volume":"169 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114252350","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 115
Session details: System security 2 会话详细信息:系统安全
Proceedings of the 15th ACM conference on Computer and communications security Pub Date : 2008-10-27 DOI: 10.1145/3260813
R. Sion
{"title":"Session details: System security 2","authors":"R. Sion","doi":"10.1145/3260813","DOIUrl":"https://doi.org/10.1145/3260813","url":null,"abstract":"","PeriodicalId":440730,"journal":{"name":"Proceedings of the 15th ACM conference on Computer and communications security","volume":"17 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127380655","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Assessing query privileges via safe and efficient permission composition 通过安全有效的权限组合评估查询权限
Proceedings of the 15th ACM conference on Computer and communications security Pub Date : 2008-10-27 DOI: 10.1145/1455770.1455810
S. Vimercati, S. Foresti, S. Jajodia, S. Paraboschi, P. Samarati
{"title":"Assessing query privileges via safe and efficient permission composition","authors":"S. Vimercati, S. Foresti, S. Jajodia, S. Paraboschi, P. Samarati","doi":"10.1145/1455770.1455810","DOIUrl":"https://doi.org/10.1145/1455770.1455810","url":null,"abstract":"We propose an approach for the selective enforcement of access control restrictions in, possibly distributed, large data collections based on two basic concepts: i) flexible authorizations identify, in a declarative way, the data that can be released, and ii) queries are checked for execution not with respect to individual authorizations but rather evaluating whether the information release they (directly or indirectly) entail is allowed by the authorizations. Our solution is based on the definition of query profiles capturing the information content of a query and builds on a graph-based modeling of database schema, authorizations, and queries. Access control is then effectively modeled and efficiently executed in terms of graph coloring and composition and on traversal of graph paths. We then provide a polynomial composition algorithm for determining if a query is authorized.","PeriodicalId":440730,"journal":{"name":"Proceedings of the 15th ACM conference on Computer and communications security","volume":"26 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125438867","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 23
Spamalytics: an empirical analysis of spam marketing conversion 垃圾邮件分析:垃圾邮件营销转化的实证分析
Proceedings of the 15th ACM conference on Computer and communications security Pub Date : 2008-10-27 DOI: 10.1145/1455770.1455774
Chris Kanich, C. Kreibich, Kirill Levchenko, Brandon Enright, G. Voelker, V. Paxson, S. Savage
{"title":"Spamalytics: an empirical analysis of spam marketing conversion","authors":"Chris Kanich, C. Kreibich, Kirill Levchenko, Brandon Enright, G. Voelker, V. Paxson, S. Savage","doi":"10.1145/1455770.1455774","DOIUrl":"https://doi.org/10.1145/1455770.1455774","url":null,"abstract":"The \"conversion rate\" of spam--the probability that an unsolicited e-mail will ultimately elicit a \"sale\"--underlies the entire spam value proposition. However, our understanding of this critical behavior is quite limited, and the literature lacks any quantitative study concerning its true value. In this paper we present a methodology for measuring the conversion rate of spam. Using a parasitic infiltration of an existing botnet's infrastructure, we analyze two spam campaigns: one designed to propagate a malware Trojan, the other marketing on-line pharmaceuticals. For nearly a half billion spam e-mails we identify the number that are successfully delivered, the number that pass through popular anti-spam filters, the number that elicit user visits to the advertised sites, and the number of \"sales\" and \"infections\" produced.","PeriodicalId":440730,"journal":{"name":"Proceedings of the 15th ACM conference on Computer and communications security","volume":"66 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123804458","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 180
Efficient attributes for anonymous credentials 匿名凭据的有效属性
Proceedings of the 15th ACM conference on Computer and communications security Pub Date : 2008-10-27 DOI: 10.1145/1455770.1455814
J. Camenisch, Thomas Gross
{"title":"Efficient attributes for anonymous credentials","authors":"J. Camenisch, Thomas Gross","doi":"10.1145/1455770.1455814","DOIUrl":"https://doi.org/10.1145/1455770.1455814","url":null,"abstract":"We extend the Camenisch-Lysyanskaya anonymous credential system such that selective disclosure of attributes becomes highly efficient. The resulting system significantly improves upon existing approaches, which suffer from a linear complexity in the total number of attributes. This limitation makes them unfit for many practical applications, such as electronic identity cards. Our system can incorporate an arbitrary number of binary and finite-set attributes without significant performance impact. Our approach folds all such attributes in a single attribute base and, thus, boosts the efficiency of all proofs of possession. The core idea is to encode discrete binary and finite-set attribute values as prime numbers. We use the divisibility property for efficient proofs of their presence or absence. We additionally contribute efficient methods for conjunctions and disjunctions. The system builds on the Strong-RSA assumption alone. We demonstrate the applicability and performance improvements of our method in realistic application scenarios, such as, electronic identity cards and complex/structured credentials. Our method has crucial advantages in devices with restricted computational capabilities, such as smartcards and cell phones.","PeriodicalId":440730,"journal":{"name":"Proceedings of the 15th ACM conference on Computer and communications security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129977535","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 32
A formal framework for reflective database access control policies 用于反射数据库访问控制策略的正式框架
Proceedings of the 15th ACM conference on Computer and communications security Pub Date : 2008-10-27 DOI: 10.1145/1455770.1455808
L.E. Olson, Carl A. Gunter, P. Madhusudan
{"title":"A formal framework for reflective database access control policies","authors":"L.E. Olson, Carl A. Gunter, P. Madhusudan","doi":"10.1145/1455770.1455808","DOIUrl":"https://doi.org/10.1145/1455770.1455808","url":null,"abstract":"Reflective Database Access Control (RDBAC) is a model in which a database privilege is expressed as a database query itself, rather than as a static privilege contained in an access control list. RDBAC aids the management of database access controls by improving the expressiveness of policies. However, such policies introduce new interactions between data managed by different users, and can lead to unexpected results if not carefully written and analyzed. We propose the use of Transaction Datalog as a formal framework for expressing reflective access control policies. We demonstrate how it provides a basis for analyzing certain types of policies and enables secure implementations that can guarantee that configurations built on these policies cannot be subverted.","PeriodicalId":440730,"journal":{"name":"Proceedings of the 15th ACM conference on Computer and communications security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134535151","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 40
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信