发布求助
文献互助 智能选刊 最新文献

Conference on Computer and Communications Security : proceedings of the ... conference on computer and communications security. ACM Conference on Computer and Communications Security最新文献

筛选
英文 中文
Poster: a geometric approach for multicast authentication in adversarial channels 海报:对抗信道中多播认证的几何方法
Conference on Computer and Communications Security : proceedings of the ... conference on computer and communications security. ACM Conference on Computer and Communications Security Pub Date : 2011-10-17 DOI: 10.1145/2046707.2093479
Seyed Ali Ahmadzadeh, G. Agnew
{"title":"Poster: a geometric approach for multicast authentication in adversarial channels","authors":"Seyed Ali Ahmadzadeh, G. Agnew","doi":"10.1145/2046707.2093479","DOIUrl":"https://doi.org/10.1145/2046707.2093479","url":null,"abstract":"In this work, we investigate the application of geometric representation of hash vectors of the information packets in multicast authentication protocols. To this end, a new authentication approach based on geometric properties of hash vectors in an $n-$dimensional vector space is proposed. The proposed approach enables the receiver to authenticate the source packets and removes malicious packets that may have been injected by an adversary into the channel. A salient feature of the proposed scheme is that its bandwidth overhead is independent from the number of injected packets. Moreover, the performance analysis verifies that the proposed scheme significantly reduces the bandwidth overhead as compared to the well known multicast authentication protocols in the literature (e.g., PRABS).","PeriodicalId":72687,"journal":{"name":"Conference on Computer and Communications Security : proceedings of the ... conference on computer and communications security. ACM Conference on Computer and Communications Security","volume":"33 1","pages":"729-732"},"PeriodicalIF":0.0,"publicationDate":"2011-10-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"80270390","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Poster: towards formal verification of DIFC policies 海报:对DIFC政策进行正式验证
Conference on Computer and Communications Security : proceedings of the ... conference on computer and communications security. ACM Conference on Computer and Communications Security Pub Date : 2011-10-17 DOI: 10.1145/2046707.2093515
Zhi Yang, Lihua Yin, Miyi Duan, Shuyuan Jin
{"title":"Poster: towards formal verification of DIFC policies","authors":"Zhi Yang, Lihua Yin, Miyi Duan, Shuyuan Jin","doi":"10.1145/2046707.2093515","DOIUrl":"https://doi.org/10.1145/2046707.2093515","url":null,"abstract":"Decentralized information flow control (DIFC) is a recent important innovation with flexible mechanisms to improve the availability of traditional information flow models. However, the flexibility of DIFC models also makes specifying and managing DIFC policies a challenging problem. The formal policy verification techniques can improve the current state of the art of policy specification and management. We show that in general these problems of policy verification of the main DIFC systems are NP-hard, and show that several subcases remain NP-complete. We also propose an approach of model checking to solve these problems. Experiments are presented to show that this approach is effective.","PeriodicalId":72687,"journal":{"name":"Conference on Computer and Communications Security : proceedings of the ... conference on computer and communications security. ACM Conference on Computer and Communications Security","volume":"44 1","pages":"873-876"},"PeriodicalIF":0.0,"publicationDate":"2011-10-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"81042108","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Auctions in do-not-track compliant internet advertising 拍卖不跟踪合规的互联网广告
Conference on Computer and Communications Security : proceedings of the ... conference on computer and communications security. ACM Conference on Computer and Communications Security Pub Date : 2011-10-17 DOI: 10.1145/2046707.2046782
Alexey Reznichenko, S. Guha, P. Francis
{"title":"Auctions in do-not-track compliant internet advertising","authors":"Alexey Reznichenko, S. Guha, P. Francis","doi":"10.1145/2046707.2046782","DOIUrl":"https://doi.org/10.1145/2046707.2046782","url":null,"abstract":"Online tracking of users in support of behavioral advertising is widespread. Several researchers have proposed non-tracking online advertising systems that go well beyond the requirements of the Do-Not-Track initiative launched by the US Federal Trace Commission (FTC). The primary goal of these systems is to allow for behaviorally targeted advertising without revealing user behavior (clickstreams) or user profiles to the ad network. Although these designs purport to be practical solutions, none of them adequately consider the role of the ad auctions, which today are central to the operation of online advertising systems. This paper looks at the problem of running auctions that leverage user profiles for ad ranking while keeping the user profile private. We define the problem, broadly explore the solution space, and discuss the pros and cons of these solutions. We analyze the performance of our solutions using data from Microsoft Bing advertising auctions. We conclude that, while none of our auctions are ideal in all respects, they are adequate and practical solutions.","PeriodicalId":72687,"journal":{"name":"Conference on Computer and Communications Security : proceedings of the ... conference on computer and communications security. ACM Conference on Computer and Communications Security","volume":"63 1","pages":"667-676"},"PeriodicalIF":0.0,"publicationDate":"2011-10-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"87026259","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 36
Poster: practical embedded remote attestation using physically unclonable functions 海报:使用物理不可克隆功能的实用嵌入式远程认证
Conference on Computer and Communications Security : proceedings of the ... conference on computer and communications security. ACM Conference on Computer and Communications Security Pub Date : 2011-10-17 DOI: 10.1145/2046707.2093496
Ünal Koçabas, A. Sadeghi, C. Wachsmann, Steffen Schulz
{"title":"Poster: practical embedded remote attestation using physically unclonable functions","authors":"Ünal Koçabas, A. Sadeghi, C. Wachsmann, Steffen Schulz","doi":"10.1145/2046707.2093496","DOIUrl":"https://doi.org/10.1145/2046707.2093496","url":null,"abstract":"We present the design and implementation of a lightweight remote attestation scheme for embedded devices that combines software attestation with Physically Unclonable Functions (PUFs). In contrast to standard software attestation, our scheme (i) is secure against collusion attacks to forge the attestation checksum, (ii) allows for the authentication and attestation of remote provers, and (iii) enables the detection of hardware attacks on the prover.","PeriodicalId":72687,"journal":{"name":"Conference on Computer and Communications Security : proceedings of the ... conference on computer and communications security. ACM Conference on Computer and Communications Security","volume":"8 1","pages":"797-800"},"PeriodicalIF":0.0,"publicationDate":"2011-10-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"86619652","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 11
Poster: SMURFEN: a rule sharing collaborative intrusion detection network 海报:SMURFEN:规则共享协同入侵检测网络
Conference on Computer and Communications Security : proceedings of the ... conference on computer and communications security. ACM Conference on Computer and Communications Security Pub Date : 2011-10-17 DOI: 10.1145/2046707.2093487
Carol J. Fung, Quanyan Zhu, R. Boutaba, T. Başar
{"title":"Poster: SMURFEN: a rule sharing collaborative intrusion detection network","authors":"Carol J. Fung, Quanyan Zhu, R. Boutaba, T. Başar","doi":"10.1145/2046707.2093487","DOIUrl":"https://doi.org/10.1145/2046707.2093487","url":null,"abstract":"Intrusion Detection Systems (IDSs) are designed to monitor network traffic and computer activities in order to alert users about suspicious intrusions. Collaboration among IDSs allows users to benefit from the collective knowledge and information from their collaborators and achieve more accurate intrusion detection. However, most existing collaborative intrusion detection networks rely on the exchange of intrusion data which raises privacy concerns. To overcome this problem, we propose SMURFEN: a knowledge-based intrusion detection network, which provides a platform for IDS users to effectively share their customized detection knowledge in an IDS community. An automatic knowledge propagation mechanism is proposed based on a decentralized two-level optimization problem formulation, leading to a Nash equilibrium solution which is proved to be scalable, incentive compatible, fair, efficient and robust.","PeriodicalId":72687,"journal":{"name":"Conference on Computer and Communications Security : proceedings of the ... conference on computer and communications security. ACM Conference on Computer and Communications Security","volume":"6 1","pages":"761-764"},"PeriodicalIF":0.0,"publicationDate":"2011-10-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"84315793","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Information-flow types for homomorphic encryptions 同态加密的信息流类型
Conference on Computer and Communications Security : proceedings of the ... conference on computer and communications security. ACM Conference on Computer and Communications Security Pub Date : 2011-10-17 DOI: 10.1145/2046707.2046747
C. Fournet, Jérémy Planul, Tamara Rezk
{"title":"Information-flow types for homomorphic encryptions","authors":"C. Fournet, Jérémy Planul, Tamara Rezk","doi":"10.1145/2046707.2046747","DOIUrl":"https://doi.org/10.1145/2046707.2046747","url":null,"abstract":"We develop a flexible information-flow type system for a range of encryption primitives, precisely reflecting their diverse functional and security features. Our rules enable encryption, blinding, homomorphic computation, and decryption, with selective key re-use for different types of payloads. We show that, under standard cryptographic assumptions, any well-typed probabilistic program using encryptions is secure that is, computationally non-interferent) against active adversaries, both for confidentiality and integrity. We illustrate our approach using %on classic schemes such as ElGamal and Paillier encryption. We present two applications of cryptographic verification by typing: (1) private search on data streams; and (2) the bootstrapping part of Gentry's fully homomorphic encryption. We provide a prototype typechecker for our system.","PeriodicalId":72687,"journal":{"name":"Conference on Computer and Communications Security : proceedings of the ... conference on computer and communications security. ACM Conference on Computer and Communications Security","volume":"51 1","pages":"351-360"},"PeriodicalIF":0.0,"publicationDate":"2011-10-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"90609712","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 24
Poster: arbitrators in the security infrastructure, supporting positive anonymity 海报:安全基础设施中的仲裁员,支持积极匿名
Conference on Computer and Communications Security : proceedings of the ... conference on computer and communications security. ACM Conference on Computer and Communications Security Pub Date : 2011-10-17 DOI: 10.1145/2046707.2093485
S. Dolev, N. Gilboa, Ofer Hermoni
{"title":"Poster: arbitrators in the security infrastructure, supporting positive anonymity","authors":"S. Dolev, N. Gilboa, Ofer Hermoni","doi":"10.1145/2046707.2093485","DOIUrl":"https://doi.org/10.1145/2046707.2093485","url":null,"abstract":"Traditional public key infrastructure is an example for basing the security of communication among users and servers on trusting a Certificate Authority (CA) which is a Trusted Authority (TA). A traditional, centralized CA or TA should only be involved in a setup stage for communication, or risk causing a bottleneck. Peer to peer assistance may replace the CA during the actual communication transactions. We introduce such assistants that we call arbitrators. Arbitrators are semi-trusted entities that facilitate communication or business transactions. The communicating parties, users and servers, agree before a communication transaction on a set of arbitrators that they trust (reputation systems may support their choice). Then, the arbitrators receive resources, e.g. a deposit, and a service level agreement between participants such that the resources of a participant are returned if and only if the participant acts according to the agreement. We demonstrate the usage of arbitrators in the scope of conditional (positive) anonymity. A user may interact anonymously with a server as long as the terms for anonymous communication are honored. In case the server finds a violation of the terms, the server proves to the arbitrators that a violation took place and the arbitrators publish the identity of the user. Since the arbitrators may be corrupted, the scheme ensures that only a large enough set of arbitrators may reveal user's identity, which is the deposited resource in the case of conditional anonymity.","PeriodicalId":72687,"journal":{"name":"Conference on Computer and Communications Security : proceedings of the ... conference on computer and communications security. ACM Conference on Computer and Communications Security","volume":"60 1","pages":"753-756"},"PeriodicalIF":0.0,"publicationDate":"2011-10-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"90664452","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Modular code-based cryptographic verification 模块化的基于代码的密码验证
Conference on Computer and Communications Security : proceedings of the ... conference on computer and communications security. ACM Conference on Computer and Communications Security Pub Date : 2011-10-17 DOI: 10.1145/2046707.2046746
C. Fournet, Markulf Kohlweiss, Pierre-Yves Strub
{"title":"Modular code-based cryptographic verification","authors":"C. Fournet, Markulf Kohlweiss, Pierre-Yves Strub","doi":"10.1145/2046707.2046746","DOIUrl":"https://doi.org/10.1145/2046707.2046746","url":null,"abstract":"Type systems are effective tools for verifying the security of cryptographic programs. They provide automation, modularity and scalability, and have been applied to large security protocols. However, they traditionally rely on abstract assumptions on the underlying cryptographic primitives, expressed in symbolic models. Cryptographers usually reason on security assumptions using lower level, computational models that precisely account for the complexity and success probability of attacks. These models are more realistic, but they are harder to formalize and automate. We present the first modular automated program verification method based on standard cryptographic assumptions. We show how to verify ideal functionalities and protocols written in ML by typing them against new cryptographic interfaces using F7, a refinement type checker coupled with an SMT-solver. We develop a probabilistic core calculus for F7 and formalize its type safety in Coq.\u0000 We build typed module and interfaces for MACs, signatures, and encryptions, and establish their authenticity and secrecy properties. We relate their ideal functionalities and concrete implementations, using game-based program transformations behind typed interfaces. We illustrate our method on a series of protocol implementations.","PeriodicalId":72687,"journal":{"name":"Conference on Computer and Communications Security : proceedings of the ... conference on computer and communications security. ACM Conference on Computer and Communications Security","volume":"119 1","pages":"341-350"},"PeriodicalIF":0.0,"publicationDate":"2011-10-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"85636138","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 86
Poster: control-flow integrity for smartphones 海报:智能手机的控制流完整性
Conference on Computer and Communications Security : proceedings of the ... conference on computer and communications security. ACM Conference on Computer and Communications Security Pub Date : 2011-10-17 DOI: 10.1145/2046707.2093484
Lucas Davi, A. Dmitrienko, Manuel Egele, Thomas Fischer, Thorsten Holz, R. Hund, S. Nürnberger, A. Sadeghi
{"title":"Poster: control-flow integrity for smartphones","authors":"Lucas Davi, A. Dmitrienko, Manuel Egele, Thomas Fischer, Thorsten Holz, R. Hund, S. Nürnberger, A. Sadeghi","doi":"10.1145/2046707.2093484","DOIUrl":"https://doi.org/10.1145/2046707.2093484","url":null,"abstract":"Despite extensive research over the last two decades, runtime attacks on software are still prevalent. Recently, smartphones, of which millions are in use today, have become an attractive target for adversaries. However, existing solutions are either ad-hoc or limited in their effectiveness. In this poster, we present a general countermeasure against runtime attacks on smartphone platforms. Our approach makes use of control-flow integrity (CFI), and tackles unique challenges of the ARM architecture and smartphone platforms. Our framework and implementation is efficient, since it requires no access to source code, performs CFI enforcement on-the-fly during runtime, and is compatible to memory randomization and code signing/encryption. We chose Apple iPhone for our reference implementation, because it has become an attractive target for runtime attacks. Our performance evaluation on a real iOS device demonstrates that our implementation does not induce any notable overhead when applied to popular iOS applications.","PeriodicalId":72687,"journal":{"name":"Conference on Computer and Communications Security : proceedings of the ... conference on computer and communications security. ACM Conference on Computer and Communications Security","volume":"6 1","pages":"749-752"},"PeriodicalIF":0.0,"publicationDate":"2011-10-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"85363818","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
Protecting consumer privacy from electric load monitoring 保护消费者隐私免受电力负荷监控
Conference on Computer and Communications Security : proceedings of the ... conference on computer and communications security. ACM Conference on Computer and Communications Security Pub Date : 2011-10-17 DOI: 10.1145/2046707.2046720
Stephen E. McLaughlin, P. Mcdaniel, W. Aiello
{"title":"Protecting consumer privacy from electric load monitoring","authors":"Stephen E. McLaughlin, P. Mcdaniel, W. Aiello","doi":"10.1145/2046707.2046720","DOIUrl":"https://doi.org/10.1145/2046707.2046720","url":null,"abstract":"The smart grid introduces concerns for the loss of consumer privacy; recently deployed smart meters retain and distribute highly accurate profiles of home energy use. These profiles can be mined by Non Intrusive Load Monitors (NILMs) to expose much of the human activity within the served site. This paper introduces a new class of algorithms and systems, called Non Intrusive Load Leveling (NILL) to combat potential invasions of privacy. NILL uses an in-residence battery to mask variance in load on the grid, thus eliminating exposure of the appliance-driven information used to compromise consumer privacy. We use real residential energy use profiles to drive four simulated deployments of NILL. The simulations show that NILL exposes only 1.1 to 5.9 useful energy events per day hidden amongst hundreds or thousands of similar battery-suppressed events. Thus, the energy profiles exhibited by NILL are largely useless for current NILM algorithms. Surprisingly, such privacy gains can be achieved using battery systems whose storage capacity is far lower than the residence's aggregate load average. We conclude by discussing how the costs of NILL can be offset by energy savings under tiered energy schedules.","PeriodicalId":72687,"journal":{"name":"Conference on Computer and Communications Security : proceedings of the ... conference on computer and communications security. ACM Conference on Computer and Communications Security","volume":"12 1","pages":"87-98"},"PeriodicalIF":0.0,"publicationDate":"2011-10-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"82135689","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 251
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信