发布求助
文献互助 智能选刊 最新文献

CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy最新文献

筛选
英文 中文
CODASPY '22: Twelveth ACM Conference on Data and Application Security and Privacy, Baltimore, MD, USA, April 24 - 27, 2022 CODASPY '22:第十二届ACM数据与应用安全与隐私会议,美国马里兰州巴尔的摩,2022年4月24日至27日
CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy Pub Date : 2022-01-01 DOI: 10.1145/3508398
{"title":"CODASPY '22: Twelveth ACM Conference on Data and Application Security and Privacy, Baltimore, MD, USA, April 24 - 27, 2022","authors":"","doi":"10.1145/3508398","DOIUrl":"https://doi.org/10.1145/3508398","url":null,"abstract":"","PeriodicalId":90472,"journal":{"name":"CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy","volume":"26 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2022-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"83052028","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Incremental Maintenance of ABAC Policies. ABAC策略的增量维护。
CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy Pub Date : 2021-04-01 DOI: 10.1145/3422337.3447825
Gunjan Batra, Vijayalakshmi Atluri, Jaideep Vaidya, Shamik Sural
{"title":"Incremental Maintenance of ABAC Policies.","authors":"Gunjan Batra,&nbsp;Vijayalakshmi Atluri,&nbsp;Jaideep Vaidya,&nbsp;Shamik Sural","doi":"10.1145/3422337.3447825","DOIUrl":"https://doi.org/10.1145/3422337.3447825","url":null,"abstract":"<p><p>Discovery of Attribute Based Access Control policies through mining has been studied extensively in the literature. However, current solutions assume that the rules are to be mined from a static data set of access permissions and that this process only needs to be done once. However, in real life, access policies are dynamic in nature and may change based on the situation. Simply utilizing the current approaches would necessitate that the mining algorithm be re-executed for every update in the permissions or user/object attributes, which would be significantly inefficient. In this paper, we propose to incrementally maintain ABAC policies by only updating the rules that may be affected due to any change in the underlying access permissions or attributes. A comprehensive experimental evaluation demonstrates that the proposed incremental approach is significantly more efficient than the conventional ABAC mining.</p>","PeriodicalId":90472,"journal":{"name":"CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy","volume":"2021 ","pages":"185-196"},"PeriodicalIF":0.0,"publicationDate":"2021-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1145/3422337.3447825","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"38972536","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
CODASPY '21: Eleventh ACM Conference on Data and Application Security and Privacy, Virtual Event, USA, April 26-28, 2021 CODASPY '21:第十一届ACM数据与应用安全与隐私会议,虚拟事件,美国,2021年4月26-28日
CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy Pub Date : 2021-01-01 DOI: 10.1145/3422337
{"title":"CODASPY '21: Eleventh ACM Conference on Data and Application Security and Privacy, Virtual Event, USA, April 26-28, 2021","authors":"","doi":"10.1145/3422337","DOIUrl":"https://doi.org/10.1145/3422337","url":null,"abstract":"","PeriodicalId":90472,"journal":{"name":"CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy","volume":"87 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2021-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"74489469","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
CODASPY '20: Tenth ACM Conference on Data and Application Security and Privacy, New Orleans, LA, USA, March 16-18, 2020 第十届ACM数据与应用安全与隐私会议,2020年3月16-18日,美国新奥尔良
CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy Pub Date : 2020-01-01 DOI: 10.1145/3374664
{"title":"CODASPY '20: Tenth ACM Conference on Data and Application Security and Privacy, New Orleans, LA, USA, March 16-18, 2020","authors":"","doi":"10.1145/3374664","DOIUrl":"https://doi.org/10.1145/3374664","url":null,"abstract":"","PeriodicalId":90472,"journal":{"name":"CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy","volume":"3 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2020-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"82392594","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Relationship-based information sharing in cloud-based decentralized social networks 基于云的去中心化社交网络中基于关系的信息共享
CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy Pub Date : 2014-03-03 DOI: 10.1145/2557547.2557574
Davide Alberto Albertini, B. Carminati
{"title":"Relationship-based information sharing in cloud-based decentralized social networks","authors":"Davide Alberto Albertini, B. Carminati","doi":"10.1145/2557547.2557574","DOIUrl":"https://doi.org/10.1145/2557547.2557574","url":null,"abstract":"Commercial OSNs have started to provide users with the ability to set their privacy settings for a more controlled information sharing. However, these settings do not prevent the social network manager to perform marketing research on user personal data, aiming, as example, at offering a personalized advertising to users. To cope with these requirements Decentralized Social Networks (DSNs) are emerged as a possible solution for moving users' personal data out from OSN realms. Unfortunately, it has been shown that DSNs have some limitations, in terms of usability and social features they offer. To overcome this problem, in this paper we extend the DSN framework so that users' data (e.g., resources and relationships) are securely stored in a public cloud data storage and shared according to relationship-based rules defined by owners, by at the same time supporting a privacy-preserving path finding. To this end, we make use of encryption techniques and we devise a new collaborative anonymization process. In the paper, besides presenting all the components of our framework, we analyze its security and present experiments showing the feasibility of the developed techniques.","PeriodicalId":90472,"journal":{"name":"CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy","volume":"6 1","pages":"297-304"},"PeriodicalIF":0.0,"publicationDate":"2014-03-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"72710564","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
A cloud architecture for protecting guest's information from malicious operators with memory management 通过内存管理保护客户信息免受恶意操作的云架构
CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy Pub Date : 2014-03-03 DOI: 10.1145/2557547.2557585
Koki Murakami, T. Yamada, R. Yamaguchi, M. Goshima, S. Sakai
{"title":"A cloud architecture for protecting guest's information from malicious operators with memory management","authors":"Koki Murakami, T. Yamada, R. Yamaguchi, M. Goshima, S. Sakai","doi":"10.1145/2557547.2557585","DOIUrl":"https://doi.org/10.1145/2557547.2557585","url":null,"abstract":"We introduce a novel cloud computing architecture that ensures privacy for guest's information and computation. In conventional cloud architecture, a security policy proposed by a provider only ensured the protection of guest's information. This enabled malicious operators to steal or modify guest's information. Our architecture protects guest's information with novel memory management function of hypervisor from malicious operators. Cloud computing generally relies on virtualization, and VMM or hypervisor maintains page table for interfering VM's memory accesses, which is called shadow page table. Our hypervisor regulates memory accesses by management VM by adding a authority bit to shadow page table entry. Our architecture also prohibits a theft of guest's information when it is stored in storage by encrypting data when they leave memory.","PeriodicalId":90472,"journal":{"name":"CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy","volume":"11 1","pages":"155-158"},"PeriodicalIF":0.0,"publicationDate":"2014-03-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"84275297","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
KameleonFuzz: evolutionary fuzzing for black-box XSS detection 进化模糊黑盒XSS检测
CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy Pub Date : 2014-03-03 DOI: 10.1145/2557547.2557550
F. Duchene, Sanjay Rawat, J. Richier, Roland Groz
{"title":"KameleonFuzz: evolutionary fuzzing for black-box XSS detection","authors":"F. Duchene, Sanjay Rawat, J. Richier, Roland Groz","doi":"10.1145/2557547.2557550","DOIUrl":"https://doi.org/10.1145/2557547.2557550","url":null,"abstract":"Fuzz testing consists in automatically generating and sending malicious inputs to an application in order to hopefully trigger a vulnerability. Fuzzing entails such questions as: Where to fuzz? Which parameter to fuzz? Where to observe its effects?\u0000 In this paper, we specifically address the questions: How to fuzz a parameter? How to observe its effects? To address these questions, we propose KameleonFuzz, a black-box Cross Site Scripting (XSS) fuzzer for web applications. KameleonFuzz can not only generate malicious inputs to exploit XSS, but also detect how close it is revealing a vulnerability. The malicious inputs generation and evolution is achieved with a genetic algorithm, guided by an attack grammar. A double taint inference, up to the browser parse tree, permits to detect precisely whether an exploitation attempt succeeded.\u0000 Our evaluation demonstrates no false positives and high XSS revealing capabilities: KameleonFuzz detects several vulnerabilities missed by other black-box scanners.","PeriodicalId":90472,"journal":{"name":"CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy","volume":"7 1","pages":"37-48"},"PeriodicalIF":0.0,"publicationDate":"2014-03-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"83826515","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 94
Large-scale machine learning-based malware detection: confronting the "10-fold cross validation" scheme with reality 基于大规模机器学习的恶意软件检测:面对现实的“10倍交叉验证”方案
CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy Pub Date : 2014-03-03 DOI: 10.1145/2557547.2557587
Kevin Allix, Tegawendé F. Bissyandé, Quentin Jérôme, Jacques Klein, R. State, Yves Le Traon
{"title":"Large-scale machine learning-based malware detection: confronting the \"10-fold cross validation\" scheme with reality","authors":"Kevin Allix, Tegawendé F. Bissyandé, Quentin Jérôme, Jacques Klein, R. State, Yves Le Traon","doi":"10.1145/2557547.2557587","DOIUrl":"https://doi.org/10.1145/2557547.2557587","url":null,"abstract":"To address the issue of malware detection, researchers have recently started to investigate the capabilities of machine-learning techniques for proposing effective approaches. Several promising results were recorded in the literature, many approaches being assessed with the common \"10-Fold cross validation\" scheme. This paper revisits the purpose of malware detection to discuss the adequacy of the \"10-Fold\" scheme for validating techniques that may not perform well in reality. To this end, we have devised several Machine Learning classifiers that rely on a novel set of features built from applications' CFGs. We use a sizeable dataset of over 50,000 Android applications collected from sources where state-of-the art approaches have selected their data. We show that our approach outperforms existing machine learning-based approaches. However, this high performance on usual-size datasets does not translate in high performance in the wild.","PeriodicalId":90472,"journal":{"name":"CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy","volume":"24 1","pages":"163-166"},"PeriodicalIF":0.0,"publicationDate":"2014-03-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"86789434","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 22
Wiretap-proof: what they hear is not what you speak, and what you speak they do not hear 防窃听:他们听到的不是你说的,你说的他们听不到
CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy Pub Date : 2014-03-03 DOI: 10.1145/2557547.2557567
Hemant Sengar, Haining Wang, Seyed Amir Iranmanesh
{"title":"Wiretap-proof: what they hear is not what you speak, and what you speak they do not hear","authors":"Hemant Sengar, Haining Wang, Seyed Amir Iranmanesh","doi":"10.1145/2557547.2557567","DOIUrl":"https://doi.org/10.1145/2557547.2557567","url":null,"abstract":"It has long been believed that once the voice media between caller and callee is captured or sniffed from the wire, either legally by law enforcement agencies or illegally by hackers through eavesdropping on communication channels, it is easy to listen into their conversation. In this paper, we show that this common perception is not always true. Our real-world experiments demonstrate that it is feasible to create a hidden telephonic conversation within an explicit telephone call. In particular, we propose a real-time covert communication channel within two-way media streams established between caller and callee. The real-time covert channel is created over the media stream that may possibly be monitored by eavesdroppers. However, the properly encoded media stream acts as a cover (or decoy) carrying bogus media such as an earlier recorded voice conversation. This spurious content will be heard if the media stream is intercepted and properly decoded. However, the calling and called parties protected by the covert communication channel can still directly talk to each other in privacy and real-time, just like any other normal phone calls. This work provides an additional security layer against media interception attacks, however it also exposes a serious security concern to CALEA (Communications Assistance for Law Enforcement Act) wiretapping and its infrastructure.","PeriodicalId":90472,"journal":{"name":"CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy","volume":"47 1","pages":"345-356"},"PeriodicalIF":0.0,"publicationDate":"2014-03-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"91323068","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Automated black-box detection of access control vulnerabilities in web applications 自动黑盒检测访问控制漏洞在web应用程序
CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy Pub Date : 2014-03-03 DOI: 10.1145/2557547.2557552
Xiaowei Li, X. Si, Yuan Xue
{"title":"Automated black-box detection of access control vulnerabilities in web applications","authors":"Xiaowei Li, X. Si, Yuan Xue","doi":"10.1145/2557547.2557552","DOIUrl":"https://doi.org/10.1145/2557547.2557552","url":null,"abstract":"Access control vulnerabilities within web applications pose serious security threats to the sensitive information stored at back-end databases. Existing approaches are limited from several aspects, including the coarse granularity at which the access control is modeled, the incapability of handling complex relationship between data entities and the requirement of source code and the specific application platform. In this paper, we present an automated black-box technique for identifying a broad range of access control vulnerabilities, which can be applied to applications that are developed using different languages and platforms. We model the access control policy based on a novel virtual SQL query concept, which captures both the database access operations (i.e., through SQL queries) and the post-processing filters within the web application. We leverage a crawler to automatically explore the application and collect execution traces. From the traces, we identify the set of database access operations that are allowed for each role (i.e., role-level policy inference) and extract the constraints over the operation parameters to characterize the relationship between the users and the accessed data (i.e., user-level policy inference). Based on the inferred policy, we construct test inputs to exploit the application for potential access control flaws. We implement a prototype system BATMAN and evaluate it over a set of PHP and JSP web applications. The experiment results demonstrate the effectiveness and accuracy of our approach.","PeriodicalId":90472,"journal":{"name":"CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy","volume":"9 1","pages":"49-60"},"PeriodicalIF":0.0,"publicationDate":"2014-03-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"90260568","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 14
下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信