发布求助
文献互助 智能选刊 最新文献

CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy最新文献

筛选
英文 中文
Towards active detection of identity clone attacks on online social networks 主动检测在线社交网络的身份克隆攻击
CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy Pub Date : 2011-02-21 DOI: 10.1145/1943513.1943520
Lei Jin, Hassan Takabi, J. Joshi
{"title":"Towards active detection of identity clone attacks on online social networks","authors":"Lei Jin, Hassan Takabi, J. Joshi","doi":"10.1145/1943513.1943520","DOIUrl":"https://doi.org/10.1145/1943513.1943520","url":null,"abstract":"Online social networks (OSNs) are becoming increasingly popular and Identity Clone Attacks (ICAs) that aim at creating fake identities for malicious purposes on OSNs are becoming a significantly growing concern. Such attacks severely affect the trust relationships a victim has built with other users if no active protection is applied. In this paper, we first analyze and characterize the behaviors of ICAs. Then we propose a detection framework that is focused on discovering suspicious identities and then validating them. Towards detecting suspicious identities, we propose two approaches based on attribute similarity and similarity of friend networks. The first approach addresses a simpler scenario where mutual friends in friend networks are considered; and the second one captures the scenario where similar friend identities are involved. We also present experimental results to demonstrate flexibility and effectiveness of the proposed approaches. Finally, we discuss some feasible solutions to validate suspicious identities.","PeriodicalId":90472,"journal":{"name":"CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy","volume":"34 1","pages":"27-38"},"PeriodicalIF":0.0,"publicationDate":"2011-02-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"89344833","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 120
Implementation and performance evaluation of privacy-preserving fair reconciliation protocols on ordered sets 有序集上保隐私公平协调协议的实现与性能评价
CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy Pub Date : 2011-02-21 DOI: 10.1145/1943513.1943529
D. Mayer, Dominik Teubert, S. Wetzel, Ulrike Meyer
{"title":"Implementation and performance evaluation of privacy-preserving fair reconciliation protocols on ordered sets","authors":"D. Mayer, Dominik Teubert, S. Wetzel, Ulrike Meyer","doi":"10.1145/1943513.1943529","DOIUrl":"https://doi.org/10.1145/1943513.1943529","url":null,"abstract":"Recently, new protocols were proposed which allow two parties to reconcile their ordered input sets in a fair and privacy-preserving manner. In this paper we present the design and implementation of these protocols on different platforms and extensively study their performance.\u0000 In particular, we present the design of a library for privacy-preserving reconciliation protocols and provide details on an efficient C++ implementation of this design. Furthermore, we present details on the implementation of a privacy-preserving iPhone application built on top of this library. The performance of both the library and the iPhone application are comprehensively analyzed. Our performance tests show that it is possible to efficiently implement private set intersection as a generic component on a desktop computer. Furthermore, the tests confirm the theoretically determined quadratic worst-case behavior of the privacy-preserving reconciliation protocols on the desktop as well as the iPhone platform. The main result of the performance analysis is that the protocols show linear runtime performance for average-case inputs. This is a significant improvement over the worst-case and is key for making these protocols highly viable for a wider range of applications in practice.","PeriodicalId":90472,"journal":{"name":"CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy","volume":"8 1","pages":"109-120"},"PeriodicalIF":0.0,"publicationDate":"2011-02-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"80274615","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 9
Distributed data usage control for web applications: a social network implementation web应用程序的分布式数据使用控制:一个社交网络实现
CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy Pub Date : 2011-02-21 DOI: 10.1145/1943513.1943526
Prachi Kumari, A. Pretschner, Jonas Peschla, J. Kuhn
{"title":"Distributed data usage control for web applications: a social network implementation","authors":"Prachi Kumari, A. Pretschner, Jonas Peschla, J. Kuhn","doi":"10.1145/1943513.1943526","DOIUrl":"https://doi.org/10.1145/1943513.1943526","url":null,"abstract":"Usage control is concerned with how data is used after access to it has been granted. Respective enforcement mechanisms need to be implemented at different layers of abstraction in order to monitor or control data at and across all these layers. We present a usage control enforcement mechanism at the application layer. It is implemented for a common web browser and, as an example, is used to control data in a social network application. With the help of the mechanism, a data owner can, on the grounds of assigned trust values, prevent data from being printed, saved, copied&pasted, etc., after this data has been downloaded by other users.","PeriodicalId":90472,"journal":{"name":"CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy","volume":"109 1","pages":"85-96"},"PeriodicalIF":0.0,"publicationDate":"2011-02-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"80589088","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 48
An empirical assessment of approaches to distributed enforcement in role-based access control (RBAC) 基于角色的访问控制(RBAC)中分布式实施方法的经验评估
CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy Pub Date : 2011-02-21 DOI: 10.1145/1943513.1943530
Marko Komlenovic, Mahesh V. Tripunitara, T. Zitouni
{"title":"An empirical assessment of approaches to distributed enforcement in role-based access control (RBAC)","authors":"Marko Komlenovic, Mahesh V. Tripunitara, T. Zitouni","doi":"10.1145/1943513.1943530","DOIUrl":"https://doi.org/10.1145/1943513.1943530","url":null,"abstract":"We consider the distributed access enforcement problem for Role-Based Access Control (RBAC) systems. Such enforcement has become important with RBAC's increasing adoption, and the proliferation of data that needs to be protected. We assess six approaches, each of which has either been proposed in the literature, or is a natural candidate for access enforcement. The approaches are: directed graph, access matrix, authorization recycling, cpol, Bloom filter and cascade Bloom filter. We consider encodings of RBAC sessions in each, and propose and justify a benchmark for the assessment. We present our results from an empirical assessment of time, space and administrative efficiency based on the benchmark. We conclude with inferences we can make regarding the best approach to access enforcement for particular RBAC deployments based on our assessment.","PeriodicalId":90472,"journal":{"name":"CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy","volume":"44 1","pages":"121-132"},"PeriodicalIF":0.0,"publicationDate":"2011-02-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"87369272","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 23
Non-interactive editable signatures for assured data provenance 用于确保数据来源的非交互式可编辑签名
CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy Pub Date : 2011-02-21 DOI: 10.1145/1943513.1943533
Hai-feng Qian, Shouhuai Xu
{"title":"Non-interactive editable signatures for assured data provenance","authors":"Hai-feng Qian, Shouhuai Xu","doi":"10.1145/1943513.1943533","DOIUrl":"https://doi.org/10.1145/1943513.1943533","url":null,"abstract":"In order to make people truly benefit from data sharing, we need technical solutions to assuring the trustworthiness of data received from parties one may not have encountered in the past. Assured data provenance is an important means for this purpose because it (i) allows data providers to get credited for their contribution or sharing of data, (ii) is able to hold the data providers accountable for the data they contributed, and (iii) enables the data providers to supply high-quality data in a self-healing fashion. While the above (i) and (ii) have been investigated to some extent, the above (iii) is a new perspective that, to our knowledge, has not been investigated in the literature. In this paper, we introduce a novel cryptographic technique that can simultaneously offer these properties. Our technique is called editable signatures, which allow a user, Bob, to edit (e.g., replace, modify, and insert) some portions of the message that is contributed and signed by Alice such that the resulting edited message is jointly signed by Alice and Bob in some fashion. While it is easy to see that the above (i) and (ii) are achieved, the above (iii) is also achieved because Bob may have a better knowledge of the situation that allows him to provide more accurate/trustworthy information than Alice, who may intentionally or unintentionally enter inaccurate or even misleading data into an information network. This is useful because Alice's inaccurate or even misleading information will never be released into an information network if it can be ``cleaned\" or \"healed\" by Bob. Specifically, we propose two novel cryptographic constructions that can be used to realize the above functions in some practical settings.","PeriodicalId":90472,"journal":{"name":"CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy","volume":"91 1","pages":"145-156"},"PeriodicalIF":0.0,"publicationDate":"2011-02-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"86228008","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
k-out-of-n oblivious transfer based on homomorphic encryption and solvability of linear equations 基于同态加密的k-out- n无关转移及线性方程的可解性
CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy Pub Date : 2011-02-21 DOI: 10.1145/1943513.1943536
Mummoorthy Murugesan, Wei Jiang, A. Nergiz, Serkan Uzunbaz
{"title":"k-out-of-n oblivious transfer based on homomorphic encryption and solvability of linear equations","authors":"Mummoorthy Murugesan, Wei Jiang, A. Nergiz, Serkan Uzunbaz","doi":"10.1145/1943513.1943536","DOIUrl":"https://doi.org/10.1145/1943513.1943536","url":null,"abstract":"Oblivious Transfer (OT) is an important cryptographic tool, which has found its usage in many crypto protocols, such as Secure Multiparty Computations, Certified E-mail and Simultaneous Contract Signing . In this paper, we propose three k-out-of-n OT (OT_k^n) protocols based on additive homomorphic encryption. Two of these protocols prohibit malicious behaviors from a receiver. We also achieve efficient communication complexity bounded by O(l* n) in bits, where l is the size of the encryption key. The computational complexity is comparable to the most efficient existing protocols. Due to the semantic security property, the sender cannot get receiver's selection. When the receiver tries to retrieve more than k values, the receiver is caught cheating with 1-(1/m) probability (Protocol II) or the receiver is unable to get any value at all (Protocol III). We introduce a novel technique based on the solvability of linear equations, which could find its way into other applications. We also provide an experimental analysis to compare the efficiency of the protocols.","PeriodicalId":90472,"journal":{"name":"CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy","volume":"38 1","pages":"169-178"},"PeriodicalIF":0.0,"publicationDate":"2011-02-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"91145907","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
Towards defining semantic foundations for purpose-based privacy policies 为基于目的的隐私策略定义语义基础
CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy Pub Date : 2011-02-21 DOI: 10.1145/1943513.1943541
Mohammad Jafari, Philip W. L. Fong, R. Safavi-Naini, K. Barker, N. Sheppard
{"title":"Towards defining semantic foundations for purpose-based privacy policies","authors":"Mohammad Jafari, Philip W. L. Fong, R. Safavi-Naini, K. Barker, N. Sheppard","doi":"10.1145/1943513.1943541","DOIUrl":"https://doi.org/10.1145/1943513.1943541","url":null,"abstract":"We define a semantic model for purpose, based on which purpose-based privacy policies can be meaningfully expressed and enforced in a business system. The model is based on the intuition that the purpose of an action is determined by its situation among other inter-related actions. Actions and their relationships can be modeled in the form of an action graph which is based on the business processes in a system. Accordingly, a modal logic and the corresponding model checking algorithm are developed for formal expression of purpose-based policies and verifying whether a particular system complies with them. It is also shown through various examples, how various typical purpose-based policies as well as some new policy types can be expressed and checked using our model.","PeriodicalId":90472,"journal":{"name":"CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy","volume":"67 1","pages":"213-224"},"PeriodicalIF":0.0,"publicationDate":"2011-02-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"80286582","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 44
MyABDAC: compiling XACML policies for attribute-based database access control MyABDAC:为基于属性的数据库访问控制编译XACML策略
CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy Pub Date : 2011-02-21 DOI: 10.1145/1943513.1943528
Sonia Jahid, Carl A. Gunter, Imranul Hoque, Hamed Okhravi
{"title":"MyABDAC: compiling XACML policies for attribute-based database access control","authors":"Sonia Jahid, Carl A. Gunter, Imranul Hoque, Hamed Okhravi","doi":"10.1145/1943513.1943528","DOIUrl":"https://doi.org/10.1145/1943513.1943528","url":null,"abstract":"Attribute-based Access Control (ABAC) based on XACML can substantially improve the security and management of access rights on databases. However, existing implementations rely on high-level policy interpretation and are not as efficient as mechanisms natively supported by commodity databases. In this paper we explore advantages and challenges arising from compiling XACML policies for database access into Access Control Lists (ACLs) natively supported by the database. The main contributions are an architecture and algorithms for efficiently addressing incremental changes in attributes that could trigger changes to the ACLs. We consider this in a context of reflective database access control where attributes used in access decisions are stored in the database itself. Our implementation and experiments demonstrate a significant improvement in access decision times compared to the best available optimizations for general XACML access engines.","PeriodicalId":90472,"journal":{"name":"CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy","volume":"12 1","pages":"97-108"},"PeriodicalIF":0.0,"publicationDate":"2011-02-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"80223385","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 21
Panel: research agenda for data and application security 小组讨论:数据和应用安全的研究议程
CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy Pub Date : 2011-02-21 DOI: 10.1145/1943513.1943551
X. Wang
{"title":"Panel: research agenda for data and application security","authors":"X. Wang","doi":"10.1145/1943513.1943551","DOIUrl":"https://doi.org/10.1145/1943513.1943551","url":null,"abstract":"PANEL SUMMARY Data and application security is traditionally viewed as a subfield of cybersecurity. The goal is still the same, namely to provide trustworthy computing infrastructure. However, in data and application security, we are dealing with the infrastructural aspects that are closer to humans, their interactions with the system, their perceptions, and their values. Data should not be treated as just bits, but as semantically rich content. Hence, securing data may be different from securing bits. Application software is much more diverse than system software, often directly responding to particular end-user needs. Hence, usability of security may be of more importance.","PeriodicalId":90472,"journal":{"name":"CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy","volume":"97 1","pages":"283-284"},"PeriodicalIF":0.0,"publicationDate":"2011-02-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"85769722","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Practical policy patterns 实用的政策模式
CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy Pub Date : 2011-02-21 DOI: 10.1145/1943513.1943543
D. Thomsen
{"title":"Practical policy patterns","authors":"D. Thomsen","doi":"10.1145/1943513.1943543","DOIUrl":"https://doi.org/10.1145/1943513.1943543","url":null,"abstract":"The paper attempts to encourage deeper thinking about the nature of security enforcement policies with the intent of fostering a practical engineering design approach for building security enforcement policy. The paper suggests several approaches to lower the cost of developing security enforcement policies by developing technology to share enforcement policies like open source software, including patterns, isolation of site specific policy and tools to increase the ability of humans to understand the implemented policy. The paper also suggests research avenues for increasing human understanding of enforcement policy.","PeriodicalId":90472,"journal":{"name":"CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy","volume":"293 1-2 1","pages":"225-230"},"PeriodicalIF":0.0,"publicationDate":"2011-02-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"78489109","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
首页 上一页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信