发布求助
文献互助 智能选刊 最新文献

CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy最新文献

筛选
英文 中文
Consistency checking in access control 访问控制中的一致性检查
CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy Pub Date : 2014-03-03 DOI: 10.1145/2557547.2557581
Anja Remshagen, Li Yang
{"title":"Consistency checking in access control","authors":"Anja Remshagen, Li Yang","doi":"10.1145/2557547.2557581","DOIUrl":"https://doi.org/10.1145/2557547.2557581","url":null,"abstract":"As access control models have become more complex, tools should be developed to support the maintenance of policies. We have adapted a powerful privacy-aware role-based access control model to incorporate a context-restriction component to alleviate the policy maintenance complexity issue. We discuss how the process of entering policies and user-specified rules can be guided by a system that evaluates permission assignments when they are entered.","PeriodicalId":90472,"journal":{"name":"CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy","volume":"6 1","pages":"139-142"},"PeriodicalIF":0.0,"publicationDate":"2014-03-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"86983029","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Detecting man-in-the-middle attacks on non-mobile systems 检测针对非移动系统的中间人攻击
CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy Pub Date : 2014-03-03 DOI: 10.1145/2557547.2557579
V. Vallivaara, Mirko Sailio, Kimmo Halunen
{"title":"Detecting man-in-the-middle attacks on non-mobile systems","authors":"V. Vallivaara, Mirko Sailio, Kimmo Halunen","doi":"10.1145/2557547.2557579","DOIUrl":"https://doi.org/10.1145/2557547.2557579","url":null,"abstract":"In this paper we propose a method for detecting man-in-the-middle attacks using the timestamps of TCP packet headers. From these timestamps, the delays can be calculated and by comparing the mean of the delays in the current connection to data gathered from previous sessions it is possible to detect if the packets have unusually long delays. We show that in our small case study we can find and set a threshold parameter that accurately detects man-in-the-middle attacks with a low probability of false positives. Thus, it may be used as a simple precautionary measure against malicious attacks. The method in its current form is limited to non-mobile systems, where the variations in the delay are fairly low and uniform.","PeriodicalId":90472,"journal":{"name":"CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy","volume":"1 1","pages":"131-134"},"PeriodicalIF":0.0,"publicationDate":"2014-03-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"80463599","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 22
Inference attack against encrypted range queries on outsourced databases 针对外包数据库上加密范围查询的推理攻击
CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy Pub Date : 2014-03-03 DOI: 10.1145/2557547.2557561
M. S. Islam, Mehmet Kuzu, Murat Kantarcioglu
{"title":"Inference attack against encrypted range queries on outsourced databases","authors":"M. S. Islam, Mehmet Kuzu, Murat Kantarcioglu","doi":"10.1145/2557547.2557561","DOIUrl":"https://doi.org/10.1145/2557547.2557561","url":null,"abstract":"To mitigate security concerns of outsourced databases, quite a few protocols have been proposed that outsource data in encrypted format and allow encrypted query execution on the server side. Among the more practical protocols, the \"bucketization\" approach facilitates query execution at the cost of reduced efficiency by allowing some false positives in the query results. Precise Query Protocols (PQPs), on the other hand, enable the server to execute queries without incurring any false positives. Even though these protocols do not reveal the underlying data, they reveal query access pattern to an adversary. In this paper, we introduce a general attack on PQPs based on access pattern disclosure in the context of secure range queries. Our empirical analysis on several real world datasets shows that the proposed attack is able to disclose significant amount of sensitive data with high accuracy provided that the attacker has reasonable amount of background knowledge. We further demonstrate that a slight variation of such an attack can also be used on imprecise protocols (e.g., bucketization) to disclose significant amount of sensitive information.","PeriodicalId":90472,"journal":{"name":"CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy","volume":"37 1","pages":"235-246"},"PeriodicalIF":0.0,"publicationDate":"2014-03-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"83758091","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 48
Minimizing lifetime of sensitive data in concurrent programs 最小化并发程序中敏感数据的生命周期
CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy Pub Date : 2014-03-03 DOI: 10.1145/2557547.2557589
Kalpana Gondi, A. Prasad Sistla, V. N. Venkatakrishnan
{"title":"Minimizing lifetime of sensitive data in concurrent programs","authors":"Kalpana Gondi, A. Prasad Sistla, V. N. Venkatakrishnan","doi":"10.1145/2557547.2557589","DOIUrl":"https://doi.org/10.1145/2557547.2557589","url":null,"abstract":"The prolonged lifetime of sensitive data (such as passwords) in applications gives rise to several security risks. A promising approach is to erase sensitive data in an \"eager fashion\", i.e., as soon as its use is no longer required in the application. This approach of minimizing the lifetime of sensitive data has been applied to sequential programs. In this short paper, we present an extension of the this approach to concurrent programs where the interleaving of threads makes such eager erasures a challenging research problem.","PeriodicalId":90472,"journal":{"name":"CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy","volume":"58 3 1","pages":"171-174"},"PeriodicalIF":0.0,"publicationDate":"2014-03-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"86791666","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Efficient privacy-aware search over encrypted databases 在加密数据库上进行高效的隐私感知搜索
CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy Pub Date : 2014-03-03 DOI: 10.1145/2557547.2557570
Mehmet Kuzu, M. S. Islam, Murat Kantarcioglu
{"title":"Efficient privacy-aware search over encrypted databases","authors":"Mehmet Kuzu, M. S. Islam, Murat Kantarcioglu","doi":"10.1145/2557547.2557570","DOIUrl":"https://doi.org/10.1145/2557547.2557570","url":null,"abstract":"In recent years, database as a service (DAS) model where data management is outsourced to cloud service providers has become more prevalent. Although DAS model offers lower cost and flexibility, it necessitates the transfer of potentially sensitive data to untrusted cloud servers. To ensure the confidentiality, encryption of sensitive data before its transfer to the cloud emerges as an important option. Encrypted storage provides protection but it complicates data processing including crucial selective record retrieval. To achieve selective retrieval over encrypted collection, considerable amount of searchable encryption schemes have been proposed in the literature with distinct privacy guarantees. Among the available approaches, oblivious RAM based ones offer optimal privacy. However, they are computationally intensive and do not scale well to very large databases. On the other hand, almost all efficient schemes leak some information, especially data access pattern to the remote servers. Unfortunately, recent evidence on access pattern leakage indicates that adversary's background knowledge could be used to infer the contents of the encrypted data and may potentially endanger individual privacy.\u0000 In this paper, we introduce a novel construction for practical and privacy-aware selective record retrieval over encrypted databases. Our approach leaks obfuscated access pattern to enable efficient retrieval while ensuring individual privacy. Applied obfuscation is based on differential privacy which provides rigorous individual privacy guarantees against adversaries with arbitrary background knowledge.","PeriodicalId":90472,"journal":{"name":"CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy","volume":"26 1","pages":"249-256"},"PeriodicalIF":0.0,"publicationDate":"2014-03-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"84355282","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 13
TrustID: trustworthy identities for untrusted mobile devices trusttid:不可信移动设备的可信身份
CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy Pub Date : 2014-03-03 DOI: 10.1145/2557547.2557593
Julian Horsch, Konstantin Böttinger, Michael Weiß, Sascha Wessel, F. Stumpf
{"title":"TrustID: trustworthy identities for untrusted mobile devices","authors":"Julian Horsch, Konstantin Böttinger, Michael Weiß, Sascha Wessel, F. Stumpf","doi":"10.1145/2557547.2557593","DOIUrl":"https://doi.org/10.1145/2557547.2557593","url":null,"abstract":"Identity theft has deep impacts in today's mobile ubiquitous environments. At the same time, digital identities are usually still protected by simple passwords or other insufficient security mechanisms. In this paper, we present the TrustID architecture and protocols to improve this situation. Our architecture utilizes a Secure Element (SE) to store multiple context-specific identities securely in a mobile device, e.g., a smartphone. We introduce protocols for securely deriving identities from a strong root identity into the SE inside the smartphone as well as for using the newly derived IDs. Both protocols do not require a trustworthy smartphone operating system or a Trusted Execution Environment. In order to achieve this, our concept includes a secure combined PIN entry mechanism for user authentication, which prevents attacks even on a malicious device. To show the feasibility of our approach, we implemented a prototype running on a Samsung Galaxy SIII smartphone utilizing a microSD card SE. The German identity card nPA is used as root identity to derive context-specific identities.","PeriodicalId":90472,"journal":{"name":"CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy","volume":"15 1","pages":"281-288"},"PeriodicalIF":0.0,"publicationDate":"2014-03-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"85204306","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Spoilt for choice: graph-based assessment of key management protocols to share encrypted data 可供选择:基于图形的密钥管理协议评估,以共享加密数据
CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy Pub Date : 2014-03-03 DOI: 10.1145/2557547.2557583
H. Kühner, H. Hartenstein
{"title":"Spoilt for choice: graph-based assessment of key management protocols to share encrypted data","authors":"H. Kühner, H. Hartenstein","doi":"10.1145/2557547.2557583","DOIUrl":"https://doi.org/10.1145/2557547.2557583","url":null,"abstract":"Sharing data with client-side encryption requires key management. Selecting an appropriate key management protocol for a given scenario is hard, since the interdependency between scenario parameters and the resource consumption of a protocol is often only known for artificial, simplified scenarios. In this paper, we explore the resource consumption of systems that offer sharing of encrypted data within real-world scenarios, which are typically complex and determined by many parameters. For this purpose, we first collect empirical data that represents real-world scenarios by monitoring large-scale services within our organization. We then use this data to parameterize a resource consumption model that is based on the key graph generated by each key management protocol. The preliminary simulation runs we did so far indicate that this key-graph based model can be used to estimate the resource consumption of real-world systems for sharing encrypted data.","PeriodicalId":90472,"journal":{"name":"CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy","volume":"98 1","pages":"147-150"},"PeriodicalIF":0.0,"publicationDate":"2014-03-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"77955815","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
RopSteg: program steganography with return oriented programming RopSteg:程序隐写与返回导向编程
CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy Pub Date : 2014-03-03 DOI: 10.1145/2557547.2557572
Kangjie Lu, Siyang Xiong, Debin Gao
{"title":"RopSteg: program steganography with return oriented programming","authors":"Kangjie Lu, Siyang Xiong, Debin Gao","doi":"10.1145/2557547.2557572","DOIUrl":"https://doi.org/10.1145/2557547.2557572","url":null,"abstract":"Many software obfuscation techniques have been proposed to hide program instructions or logic and to make reverse engineering hard. In this paper, we introduce a new property in software obfuscation, namely program steganography, where certain instructions are \"diffused\" in others in such a way that they are non-existent until program execution. Program steganography does not raise suspicion in program analysis, and conforms to the W⊕X and mandatory code signing security mechanisms. We further implement RopSteg, a novel software obfuscation system, to provide (to a certain degree) program steganography using return-oriented programming. We apply RopSteg to eight Windows executables and evaluate the program steganography property in the corresponding obfuscated programs. Results show that RopSteg achieves program steganography with a small overhead in program size and execution time. RopSteg is the first attempt of driving return-oriented programming from the \"dark side\", i.e., using return-oriented programming in a non-attack application. We further discuss limitations of RopSteg in achieving program steganography.","PeriodicalId":90472,"journal":{"name":"CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy","volume":"65 1","pages":"265-272"},"PeriodicalIF":0.0,"publicationDate":"2014-03-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"91449252","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 34
DIVILAR: diversifying intermediate language for anti-repackaging on android platform DIVILAR: android平台反重新包装的多样化中间语言
CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy Pub Date : 2014-03-03 DOI: 10.1145/2557547.2557558
Wu Zhou, Zhi Wang, Yajin Zhou, Xuxian Jiang
{"title":"DIVILAR: diversifying intermediate language for anti-repackaging on android platform","authors":"Wu Zhou, Zhi Wang, Yajin Zhou, Xuxian Jiang","doi":"10.1145/2557547.2557558","DOIUrl":"https://doi.org/10.1145/2557547.2557558","url":null,"abstract":"App repackaging remains a serious threat to the emerging mobile app ecosystem. Previous solutions have mostly focused on the postmortem detection of repackaged apps by measuring similarity among apps. In this paper, we propose DIVILAR, a virtualization-based protection scheme to enable self-defense of Android apps against app repackaging. Specifically, it re-encodes an Android app in a diversified virtual instruction set and uses a specialized execute engine for these virtual instructions to run the protected app. However, this extra layer of execution may cause significant performance overhead, rendering the solution unacceptable for daily use. To address this challenge, we leverage a light-weight hooking mechanism to hook into Dalvik VM, the execution engine for Dalvik bytecode, and piggy-back the decoding of virtual instructions to that of Dalvik bytecode. By compositing virtual and Dalvik instruction execution, we can effectively eliminate this extra layer of execution and significantly reduce the performance overhead. We have implemented a prototype of DIVILAR. Our evaluation shows that DIVILAR is resilient against existing static and dynamic analysis, including these specific to VM-based protection. Further performance evaluation demonstrates its efficiency for daily use (an average of 16.2 and 8.9 increase to the start time and run time, respectively).","PeriodicalId":90472,"journal":{"name":"CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy","volume":"1 1","pages":"199-210"},"PeriodicalIF":0.0,"publicationDate":"2014-03-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"77815741","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 43
Interaction provenance model for unified authentication factors in service oriented computing 面向服务计算中统一认证因素的交互来源模型
CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy Pub Date : 2014-03-03 DOI: 10.1145/2557547.2557578
Ragib Hasan, R. Khan
{"title":"Interaction provenance model for unified authentication factors in service oriented computing","authors":"Ragib Hasan, R. Khan","doi":"10.1145/2557547.2557578","DOIUrl":"https://doi.org/10.1145/2557547.2557578","url":null,"abstract":"Authentication is one of the most fundamental security problems. To date, various distinct authentication factors such as passwords, tokens, certificates, and biometrics have been designed for authentication. In this paper, we propose using the history or provenance of previous interactions and events as the generic platform for all authentication challenges. In this paradigm, provenance of past interactions with the authenticating principle or a third party is used to authenticate a user. We show that the interaction provenance paradigm is generic and can be used to represent existing authentication factors, yet allow the use of newer methods. We also discuss how authentication based on interactions can allow very flexible but complex authentication and access control policies that are not easily possible with current authentication models.","PeriodicalId":90472,"journal":{"name":"CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy","volume":"10 1","pages":"127-130"},"PeriodicalIF":0.0,"publicationDate":"2014-03-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"75459434","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信