发布求助
文献互助 智能选刊 最新文献

CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy最新文献

筛选
英文 中文
Is it really you?: user identification via adaptive behavior fingerprinting 真的是你吗?:通过自适应行为指纹识别进行用户识别
CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy Pub Date : 2014-03-03 DOI: 10.1145/2557547.2557554
P. Giura, I. Murynets, R. Jover, Yevgeniy Vahlis
{"title":"Is it really you?: user identification via adaptive behavior fingerprinting","authors":"P. Giura, I. Murynets, R. Jover, Yevgeniy Vahlis","doi":"10.1145/2557547.2557554","DOIUrl":"https://doi.org/10.1145/2557547.2557554","url":null,"abstract":"The increased popularity of mobile devices widens opportunities for a user either to lose the device or to have the device stolen and compromised. At the same time, user interaction with a mobile device generates a unique set of features such as dialed numbers, timestamps of communication activities, contacted base stations, etc. This work proposes several methods to identify the user based on her communications history. Specifically, the proposed methods detect an abnormality based on the behavior fingerprint generated by a set of features from the network for each user session. We present an implementation of such methods that use features from real SMS, and voice call records from a major tier 1 cellular operator. This can potentially trigger a rapid reaction upon an unauthorized user gaining control of a lost or stolen terminal, preventing data compromise and device misuse. The proposed solution can also detect background malicious traffic originated by, for example, a malicious application running on the mobile device. Our experiments with annonymized data from 10,000 users, representing over 14 million SMS and voice call detail records, show that the proposed methods are scalable and can continuously identify millions of mobile users while preserving data privacy, and achieving low false positives and high misuse detection rates with low storage and computation overhead.","PeriodicalId":90472,"journal":{"name":"CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy","volume":"23 1","pages":"333-344"},"PeriodicalIF":0.0,"publicationDate":"2014-03-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"81726871","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 14
Shared responsibility is better than no responsibility: federated encryption in the cloud 共享责任总比没有责任好:云中的联合加密
CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy Pub Date : 2014-03-03 DOI: 10.1145/2557547.2557591
Jarret D. Raim
{"title":"Shared responsibility is better than no responsibility: federated encryption in the cloud","authors":"Jarret D. Raim","doi":"10.1145/2557547.2557591","DOIUrl":"https://doi.org/10.1145/2557547.2557591","url":null,"abstract":"The process of encrypting data for Cloud services is usually presented two ways. The data owner can encrypt it themselves or rely on the service provider to do so. On one hand, we have significant security, but high-complexity. On the other, we have ease of use, but limited protection. This false choice leads to data going unprotected as customers throw up their hands. There is a better way. In this keynote, we'll discuss a middle ground that improves upon the standard use cases using Barbican, an open-source key manager created by Rackspace for the OpenStack Cloud.","PeriodicalId":90472,"journal":{"name":"CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy","volume":"58 1","pages":"247-248"},"PeriodicalIF":0.0,"publicationDate":"2014-03-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"82296659","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
On quantitative dynamic data flow tracking 定量动态数据流跟踪
CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy Pub Date : 2014-03-03 DOI: 10.1145/2557547.2557551
Enrico Lovat, Johan Oudinet, A. Pretschner
{"title":"On quantitative dynamic data flow tracking","authors":"Enrico Lovat, Johan Oudinet, A. Pretschner","doi":"10.1145/2557547.2557551","DOIUrl":"https://doi.org/10.1145/2557547.2557551","url":null,"abstract":"We present a non-probabilistic model for dynamic quantitative data flow tracking. Estimations of the amount of data stored in a particular representation at runtime - a file, a window, a network packet - enable the adoption of fine-grained policies which authorize or prohibit partial leaks of data. We prove the correctness of the estimations, provide an implementation that we evaluate w.r.t. precision and performance, and analyze one instantiation at the OS level.","PeriodicalId":90472,"journal":{"name":"CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy","volume":"24 1","pages":"211-222"},"PeriodicalIF":0.0,"publicationDate":"2014-03-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"75110753","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 12
Trust ranking of medical websites 医疗网站信任度排名
CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy Pub Date : 2014-03-03 DOI: 10.1145/2557547.2557584
Haruna Kibirige, Lila Ghemri
{"title":"Trust ranking of medical websites","authors":"Haruna Kibirige, Lila Ghemri","doi":"10.1145/2557547.2557584","DOIUrl":"https://doi.org/10.1145/2557547.2557584","url":null,"abstract":"The use of the Web as a reference to locate and validate medical information has been growing. A recent report shows that more than 77% of internet users use general purpose search engines, such as Google or Bing, to look up specific diseases, treatments or procedures and that 67% of them believe that the online health information is reliable and trustworthy. However the internet has also become a worrisome source for the propagation of fake online pharmacies, sham hospitals and medical schools. We present a novel method for re-ranking webpages based on the website names in order to not only increase their precision but also their trustworthiness. Our re-ranking approach aims at capturing and returning only those websites that are consistently retrieved across search engines and takes advantage of the fact that the life span of fake websites is relatively short compared to legitimate ones.","PeriodicalId":90472,"journal":{"name":"CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy","volume":"32 1","pages":"151-154"},"PeriodicalIF":0.0,"publicationDate":"2014-03-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"83388779","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Keystroke biometrics: the user perspective 击键生物识别技术:用户视角
CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy Pub Date : 2014-03-03 DOI: 10.1145/2557547.2557573
Chee Meng Tey, Payas Gupta, Kartik Muralidharan, Debin Gao
{"title":"Keystroke biometrics: the user perspective","authors":"Chee Meng Tey, Payas Gupta, Kartik Muralidharan, Debin Gao","doi":"10.1145/2557547.2557573","DOIUrl":"https://doi.org/10.1145/2557547.2557573","url":null,"abstract":"Usability is an important aspect of security, because poor usability motivates users to find shortcuts that bypass the system. Existing studies on keystroke biometrics evaluate the usability issue in terms of the average false rejection rate (FRR). We show in this paper that such an approach underestimates the user impact in two ways. First, the FRR of keystroke biometrics changes for the worse under a range of common conditions such as background music, exercise and even game playing. In a user study involving 111 participants, the average penalties (increases) in FRR are 0.0360 and 0.0498, respectively, for two different classifiers. Second, presenting the FRR as an average obscures the fact that not everyone is suitable for keystroke biometrics deployment. For example, using a Monte Carlo simulation, we found that 30% of users would encounter an account lockout before their 50th authentication session (given a lockout policy of 3 attempts) if they are affected by external influences 50% of the time when authenticating.","PeriodicalId":90472,"journal":{"name":"CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy","volume":"101 1","pages":"289-296"},"PeriodicalIF":0.0,"publicationDate":"2014-03-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"83604046","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
PREC: practical root exploit containment for android devices PREC:用于android设备的实用root漏洞控制
CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy Pub Date : 2014-03-03 DOI: 10.1145/2557547.2557563
Tsung-Hsuan Ho, D. Dean, Xiaohui Gu, W. Enck
{"title":"PREC: practical root exploit containment for android devices","authors":"Tsung-Hsuan Ho, D. Dean, Xiaohui Gu, W. Enck","doi":"10.1145/2557547.2557563","DOIUrl":"https://doi.org/10.1145/2557547.2557563","url":null,"abstract":"Application markets such as the Google Play Store and the Apple App Store have become the de facto method of distributing software to mobile devices. While official markets dedicate significant resources to detecting malware, state-of-the-art malware detection can be easily circumvented using logic bombs or checks for an emulated environment. We present a Practical Root Exploit Containment (PREC) framework that protects users from such conditional malicious behavior. PREC can dynamically identify system calls from high-risk components (e.g., third-party native libraries) and execute those system calls within isolated threads. Hence, PREC can detect and stop root exploits with high accuracy while imposing low interference to benign applications. We have implemented PREC and evaluated our methodology on 140 most popular benign applications and 10 root exploit malicious applications. Our results show that PREC can successfully detect and stop all the tested malware while reducing the false alarm rates by more than one order of magnitude over traditional malware detection algorithms. PREC is light-weight, which makes it practical for runtime on-device root exploit detection and containment.","PeriodicalId":90472,"journal":{"name":"CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy","volume":"22 1","pages":"187-198"},"PeriodicalIF":0.0,"publicationDate":"2014-03-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"83639479","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 41
SobTrA: a software-based trust anchor for ARM cortex application processors SobTrA: ARM cortex应用处理器基于软件的信任锚
CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy Pub Date : 2014-03-03 DOI: 10.1145/2557547.2557569
Julian Horsch, Sascha Wessel, F. Stumpf, C. Eckert
{"title":"SobTrA: a software-based trust anchor for ARM cortex application processors","authors":"Julian Horsch, Sascha Wessel, F. Stumpf, C. Eckert","doi":"10.1145/2557547.2557569","DOIUrl":"https://doi.org/10.1145/2557547.2557569","url":null,"abstract":"In this paper, we present SobTrA, a Software-based Trust Anchor for ARM Cortex-A processors to protect systems against software-based attacks. SobTrA enables the implementation of a software-based secure boot controlled by a third party independent from the manufacturer. Compared to hardware-based trust anchors, our concept provides some other advantages like being updateable and also usable on legacy hardware. The presented software-based trust anchor involves a trusted third party device, the verifier, locally connected to the untrusted device, e.g., via the microSD card slot of a smartphone. The verifier is verifying the integrity of the untrusted device by making sure that a piece of code is executed untampered on it using a timing-based approach. This code can then act as an anchor for a chain of trust similar to a hardware-based secure boot. Tests on our prototype showed that tampered and untampered execution of SobTrA can be clearly and reliably distinguished.","PeriodicalId":90472,"journal":{"name":"CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy","volume":"138 1","pages":"273-280"},"PeriodicalIF":0.0,"publicationDate":"2014-03-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"77516887","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
Virtualization and security: happily ever after? 虚拟化和安全:从此幸福地生活在一起?
CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy Pub Date : 2014-03-03 DOI: 10.1145/2557547.2557590
Dongyan Xu
{"title":"Virtualization and security: happily ever after?","authors":"Dongyan Xu","doi":"10.1145/2557547.2557590","DOIUrl":"https://doi.org/10.1145/2557547.2557590","url":null,"abstract":"Virtualization has been a major enabling technology for improving trustworthiness and tamper-resistance of computer security functions. In the past decade, we have witnessed the development of virtualization-based techniques for attack/malware monitoring, detection, prevention, and profiling. Virtual platforms have been widely adopted for system security experimentation and evaluation, because of their strong isolation, maneuverability, and scalability properties. Conversely, the demand from security research has led to significant advances in virtualization technology itself, for example, in the aspects of virtual machine introspection, check-pointing, and replay. In this talk, I will present an overview of research efforts (including our own) in virtualization-based security and security-driven virtualization. I will also discuss a number of challenges and opportunities in maintaining and elevating the synergies between virtualization and security.","PeriodicalId":90472,"journal":{"name":"CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy","volume":"83 1","pages":"73-74"},"PeriodicalIF":0.0,"publicationDate":"2014-03-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"72714987","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
A modular multi-location anonymized traffic monitoring tool for a WiFi network 一个模块化的多位置匿名流量监控工具,用于WiFi网络
CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy Pub Date : 2014-03-03 DOI: 10.1145/2557547.2557580
Justin Hummel, Andrew W. E. McDonald, Vatsal Shah, Riju Singh, Bradford D. Boyle, Tingshan Huang, Nagarajan Kandasamy, H. Sethu, S. Weber
{"title":"A modular multi-location anonymized traffic monitoring tool for a WiFi network","authors":"Justin Hummel, Andrew W. E. McDonald, Vatsal Shah, Riju Singh, Bradford D. Boyle, Tingshan Huang, Nagarajan Kandasamy, H. Sethu, S. Weber","doi":"10.1145/2557547.2557580","DOIUrl":"https://doi.org/10.1145/2557547.2557580","url":null,"abstract":"Network traffic anomaly detection is now considered a surer approach to early detection of malware than signature-based approaches and is best accomplished with traffic data collected from multiple locations. Existing open-source tools are primarily signature-based, or do not facilitate integration of traffic data from multiple locations for real-time analysis, or are insufficiently modular for incorporation of newly proposed approaches to anomaly detection. In this paper, we describe DataMap, a new modular open-source tool for the collection and real-time analysis of sampled, anonymized, and filtered traffic data from multiple WiFi locations in a network and an example of its use in anomaly detection.","PeriodicalId":90472,"journal":{"name":"CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy","volume":"3 1","pages":"135-138"},"PeriodicalIF":0.0,"publicationDate":"2014-03-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"76064519","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
RiskMon: continuous and automated risk assessment of mobile applications RiskMon:移动应用程序的持续和自动化风险评估
CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy Pub Date : 2014-03-03 DOI: 10.1145/2557547.2557549
Yiming Jing, Gail-Joon Ahn, Ziming Zhao, Hongxin Hu
{"title":"RiskMon: continuous and automated risk assessment of mobile applications","authors":"Yiming Jing, Gail-Joon Ahn, Ziming Zhao, Hongxin Hu","doi":"10.1145/2557547.2557549","DOIUrl":"https://doi.org/10.1145/2557547.2557549","url":null,"abstract":"Mobile operating systems, such as Apple's iOS and Google's Android, have supported a ballooning market of feature-rich mobile applications. However, helping users understand security risks of mobile applications is still an ongoing challenge. While recent work has developed various techniques to reveal suspicious behaviors of mobile applications, there exists little work to answer the following question: are those behaviors necessarily inappropriate? In this paper, we seek an approach to cope with such a challenge and present a continuous and automated risk assessment framework called RiskMon that uses machine-learned ranking to assess risks incurred by users' mobile applications, especially Android applications. RiskMon combines users' coarse expectations and runtime behaviors of trusted applications to generate a risk assessment baseline that captures appropriate behaviors of applications. With the baseline, RiskMon assigns a risk score on every access attempt on sensitive information and ranks applications by their cumulative risk scores. We also discuss a proof-of-concept implementation of RiskMon as an extension of the Android mobile platform and provide both system evaluation and usability study of our methodology.","PeriodicalId":90472,"journal":{"name":"CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy","volume":"15 1","pages":"99-110"},"PeriodicalIF":0.0,"publicationDate":"2014-03-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"84329461","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 77
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信