发布求助
文献互助 智能选刊 最新文献

CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy最新文献

筛选
英文 中文
Security of graph data: hashing schemes and definitions 图数据的安全性:散列方案和定义
CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy Pub Date : 2014-03-03 DOI: 10.1145/2557547.2557564
M. Arshad, A. Kundu, E. Bertino, K. Madhavan, A. Ghafoor
{"title":"Security of graph data: hashing schemes and definitions","authors":"M. Arshad, A. Kundu, E. Bertino, K. Madhavan, A. Ghafoor","doi":"10.1145/2557547.2557564","DOIUrl":"https://doi.org/10.1145/2557547.2557564","url":null,"abstract":"Use of graph-structured data models is on the rise - in graph databases, in representing biological and healthcare data as well as geographical data. In order to secure graph-structured data, and develop cryptographically secure schemes for graph databases, it is essential to formally define and develop suitable collision resistant one-way hashing schemes and show them they are efficient. The widely used Merkle hash technique is not suitable as it is, because graphs may be directed acyclic ones or cyclic ones. In this paper, we are addressing this problem. Our contributions are: (1) define the practical and formal security model of hashing schemes for graphs, (2) define the formal security model of perfectly secure hashing schemes, (3) describe constructions of hashing and perfectly secure hashing of graphs, and (4) performance results for the constructions. Our constructions use graph traversal techniques, and are highly efficient for hashing, redaction, and verification of hashes graphs. We have implemented the proposed schemes, and our performance analysis on both real and synthetic graph data sets support our claims.","PeriodicalId":90472,"journal":{"name":"CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy","volume":"49 1","pages":"223-234"},"PeriodicalIF":0.0,"publicationDate":"2014-03-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"79506276","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 14
Securing OAuth implementations in smart phones 保护智能手机中的OAuth实现
CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy Pub Date : 2014-03-03 DOI: 10.1145/2557547.2557588
Mohamed Shehab, Fadi Mohsen
{"title":"Securing OAuth implementations in smart phones","authors":"Mohamed Shehab, Fadi Mohsen","doi":"10.1145/2557547.2557588","DOIUrl":"https://doi.org/10.1145/2557547.2557588","url":null,"abstract":"With the roaring growth and wide adoption of smart mobile devices, users are continuously integrating with culture of the mobile applications (apps). These apps are not only gaining access to information on the smartphone but they are also able gain users' authorization to access remote servers on their behalf. The Open standard for Authorization (OAuth) is widely used in mobile apps for gaining access to user's resources on remote service providers. In this work, we analyze the different OAuth implementations adopted by some SDKs of the popular resource providers on smartphones and identify possible attacks on most OAuth implementations. We give some statistics on the trends followed by the service providers and by mobile applications developers. In addition, we propose an application-based OAuth Manager framework, that provides a secure OAuth flow in smartphones that is based on the concept of privilege separation and does not require high overhead.","PeriodicalId":90472,"journal":{"name":"CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy","volume":"417 1","pages":"167-170"},"PeriodicalIF":0.0,"publicationDate":"2014-03-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"79622682","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 12
PhishSafe: leveraging modern JavaScript API's for transparent and robust protection PhishSafe:利用现代JavaScript API提供透明和强大的保护
CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy Pub Date : 2014-03-03 DOI: 10.1145/2557547.2557553
Bastian Braun, Martin Johns, Johannes Köstler, J. Posegga
{"title":"PhishSafe: leveraging modern JavaScript API's for transparent and robust protection","authors":"Bastian Braun, Martin Johns, Johannes Köstler, J. Posegga","doi":"10.1145/2557547.2557553","DOIUrl":"https://doi.org/10.1145/2557547.2557553","url":null,"abstract":"The term \"phishing\" describes a class of social engineering attacks on authentication systems, that aim to steal the victim's authentication credential, e.g., the username and password. The severity of phishing is recognized since the mid-1990's and a considerable amount of attention has been devoted to the topic. However, currently deployed or proposed countermeasures are either incomplete, cumbersome for the user, or incompatible with standard browser technology. In this paper, we show how modern JavaScript API's can be utilized to build PhishSafe, a robust authentication scheme, that is immune against phishing attacks, easily deployable using the current browser generation, and requires little change in the end-user's interaction with the application. We evaluate the implementation and find that it is applicable to web applications with low efforts and causes no tangible overhead.","PeriodicalId":90472,"journal":{"name":"CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy","volume":"45 3","pages":"61-72"},"PeriodicalIF":0.0,"publicationDate":"2014-03-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"91507140","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
Compac: enforce component-level access control in android Compac:在android中强制组件级访问控制
CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy Pub Date : 2014-03-03 DOI: 10.1145/2557547.2557560
Yifei Wang, S. Hariharan, Chenxi Zhao, Jiaming Liu, Wenliang Du
{"title":"Compac: enforce component-level access control in android","authors":"Yifei Wang, S. Hariharan, Chenxi Zhao, Jiaming Liu, Wenliang Du","doi":"10.1145/2557547.2557560","DOIUrl":"https://doi.org/10.1145/2557547.2557560","url":null,"abstract":"In Android applications, third-party components may bring potential security problems, because they have the same privilege as the applications but cannot be fully trusted. It is desirable if their privileges can be restricted. To minimize the privilege of the third-party components, we develop Compac to achieve a fine-grained access control at application's component level. Compac allows developers and users to assign a subset of an application's permissions to some of the application's components. By leveraging the runtime Java package information, the system can acquire the component information that is running in the application. After that, the system makes decisions on privileged access requests according to the policy defined by the developer and user. We have implemented the prototype in Android 4.0.4, and have conducted a comprehensive evaluation. Our case studies show that Compac can effectively restrict the third-party components' permissions. Antutu benchmark shows that the overall score of our work achieves 97.4%, compared with the score of the original Android. In conclusion, Compac can mitigate the damage caused by third-party components with ignorable overhead.","PeriodicalId":90472,"journal":{"name":"CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy","volume":"27 1","pages":"25-36"},"PeriodicalIF":0.0,"publicationDate":"2014-03-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"81341146","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 71
Measuring the robustness of source program obfuscation: studying the impact of compiler optimizations on the obfuscation of C programs 测量源程序混淆的健壮性:研究编译器优化对C程序混淆的影响
CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy Pub Date : 2014-03-03 DOI: 10.1145/2557547.2557577
Sandrine Blazy, Stéphanie Riaud
{"title":"Measuring the robustness of source program obfuscation: studying the impact of compiler optimizations on the obfuscation of C programs","authors":"Sandrine Blazy, Stéphanie Riaud","doi":"10.1145/2557547.2557577","DOIUrl":"https://doi.org/10.1145/2557547.2557577","url":null,"abstract":"Obfuscation is a commonly used technique to protect software from the reverse engineering process. Advanced obfuscations usually rely on semantic properties of programs and thus may be performed on source programs. This raises the question of how to be sure that the binary code (that is effectively running) is still obfuscated.\u0000 This paper presents a data obfuscation of C programs and a methodology to evaluate how the obfuscation resists to the GCC compiler. Information generated by the compiler (including effects of relevant optimizations that could deobfuscate programs) and a study of the disassembled binary code, as well as a dynamic analysis of the performances of binary code show that our obfuscation is worthwhile.","PeriodicalId":90472,"journal":{"name":"CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy","volume":"369 1","pages":"123-126"},"PeriodicalIF":0.0,"publicationDate":"2014-03-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"82740919","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
COMPARS: toward an empirical approach for comparing the resilience of reputation systems 比较:朝着一个经验的方法来比较声誉系统的弹性
CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy Pub Date : 2014-03-03 DOI: 10.1145/2557547.2557565
Euijin Choo, Jianchun Jiang, Ting Yu
{"title":"COMPARS: toward an empirical approach for comparing the resilience of reputation systems","authors":"Euijin Choo, Jianchun Jiang, Ting Yu","doi":"10.1145/2557547.2557565","DOIUrl":"https://doi.org/10.1145/2557547.2557565","url":null,"abstract":"Reputation is a primary mechanism for trust management in decentralized systems. Many reputation-based trust functions have been proposed in the literature. However, picking the right trust function for a given decentralized system is a non-trivial task. One has to consider and balance a variety of factors, including computation and communication costs, scalability and resilience to manipulations by attackers. Although the former two are relatively easy to evaluate, the evaluation of resilience of trust functions is challenging. Most existing work bases evaluation on static attack models, which is unrealistic as it fails to reflect the adaptive nature of adversaries (who are often real human users rather than simple computing agents).\u0000 In this paper, we highlight the importance of the modeling of adaptive attackers when evaluating reputation-based trust functions, and propose an adaptive framework - called COMPARS - for the evaluation of resilience of reputation systems. Given the complexity of reputation systems, it is often difficult, if not impossible, to exactly derive the optimal strategy of an attacker. Therefore, COMPARS takes a practical approach that attempts to capture the reasoning process of an attacker as it decides its next action in a reputation system. Specifically, given a trust function and an attack goal, COMPARS generates an attack tree to estimate the possible outcomes of an attacker's action sequences up to certain points in the future. Through attack trees, COMPARS simulates the optimal attack strategy for a specific reputation function f, which will be used to evaluate the resilience of f. By doing so, COMPARS allows one to conduct a fair and consistent comparison of different reputation functions.","PeriodicalId":90472,"journal":{"name":"CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy","volume":"96 1","pages":"87-98"},"PeriodicalIF":0.0,"publicationDate":"2014-03-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"85864090","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Streamforce: outsourcing access control enforcement for stream data to the clouds Streamforce:将流数据外包到云的访问控制实施
CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy Pub Date : 2013-05-27 DOI: 10.1145/2557547.2557556
Tien Tuan Anh Dinh, Anwitaman Datta
{"title":"Streamforce: outsourcing access control enforcement for stream data to the clouds","authors":"Tien Tuan Anh Dinh, Anwitaman Datta","doi":"10.1145/2557547.2557556","DOIUrl":"https://doi.org/10.1145/2557547.2557556","url":null,"abstract":"In this paper, we focus on the problem of data privacy on the cloud, particularly on access controls over stream data. The nature of stream data and the complexity of sharing data make access control a more challenging issue than in traditional archival databases. We present Streamforce -- a system allowing data owners to securely outsource their data to an untrusted (curious-but-honest) cloud. The owner specifies fine-grained policies which are enforced by the cloud. The latter performs most of the heavy computations, while learning nothing about the data content. To this end, we employ a number of encryption schemes, including deterministic encryption, proxy-based attribute based encryption and sliding-window encryption. In Streamforce, access control policies are modeled as secure continuous queries, which entails minimal changes to existing stream processing engines, and allows for easy expression of a wide-range of policies. In particular, Streamforce comes with a number of secure query operators including Map, Filter, Join and Aggregate. Finally, we implement Streamforce over an open-source stream processing engine (Esper) and evaluate its performance on a cloud platform. The results demonstrate practical performance for many real-world applications, and although the security overhead is visible, Streamforce is highly scalable.","PeriodicalId":90472,"journal":{"name":"CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy","volume":"66 1","pages":"13-24"},"PeriodicalIF":0.0,"publicationDate":"2013-05-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"89194905","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 20
Efficient Discovery of De-identification Policies Through a Risk-Utility Frontier. 通过风险-效用前沿高效发现去身份化政策
CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy Pub Date : 2013-01-01 DOI: 10.1145/2435349.2435357
Weiyi Xia, Raymond Heatherly, Xiaofeng Ding, Jiuyong Li, Bradley Malin
{"title":"Efficient Discovery of De-identification Policies Through a Risk-Utility Frontier.","authors":"Weiyi Xia, Raymond Heatherly, Xiaofeng Ding, Jiuyong Li, Bradley Malin","doi":"10.1145/2435349.2435357","DOIUrl":"10.1145/2435349.2435357","url":null,"abstract":"<p><p>Modern information technologies enable organizations to capture large quantities of person-specific data while providing routine services. Many organizations hope, or are legally required, to share such data for secondary purposes (e.g., validation of research findings) in a de-identified manner. In previous work, it was shown de-identification policy alternatives could be modeled on a lattice, which could be searched for policies that met a prespecified risk threshold (e.g., likelihood of re-identification). However, the search was limited in several ways. First, its definition of utility was syntactic - based on the level of the lattice - and not semantic - based on the actual changes induced in the resulting data. Second, the threshold may not be known in advance. The goal of this work is to build the optimal set of policies that trade-off between privacy risk (R) and utility (U), which we refer to as a R-U frontier. To model this problem, we introduce a semantic definition of utility, based on information theory, that is compatible with the lattice representation of policies. To solve the problem, we initially build a set of policies that define a frontier. We then use a probability-guided heuristic to search the lattice for policies likely to update the frontier. To demonstrate the effectiveness of our approach, we perform an empirical analysis with the Adult dataset of the UCI Machine Learning Repository. We show that our approach can construct a frontier closer to optimal than competitive approaches by searching a smaller number of policies. In addition, we show that a frequently followed de-identification policy (i.e., the Safe Harbor standard of the HIPAA Privacy Rule) is suboptimal in comparison to the frontier discovered by our approach.</p>","PeriodicalId":90472,"journal":{"name":"CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy","volume":"2013 ","pages":"59-70"},"PeriodicalIF":0.0,"publicationDate":"2013-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4266184/pdf/nihms617161.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"32917174","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Quantitative access control with partially-observable Markov decision processes 部分可观察马尔可夫决策过程的定量访问控制
CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy Pub Date : 2012-02-07 DOI: 10.1145/2133601.2133623
F. Martinelli, C. Morisset
{"title":"Quantitative access control with partially-observable Markov decision processes","authors":"F. Martinelli, C. Morisset","doi":"10.1145/2133601.2133623","DOIUrl":"https://doi.org/10.1145/2133601.2133623","url":null,"abstract":"This paper presents a novel access control framework reducing the access control problem to a traditional decision problem, thus allowing a policy designer to reuse tools and techniques from the decision theory. We propose here to express, within a single framework, the notion of utility of an access, decisions beyond the traditional allowing/denying of an access, the uncertainty over the effect of executing a given decision, the uncertainty over the current state of the system, and to optimize this process for a (probabilistic) sequence of requests. We show that an access control mechanism including these different concepts can be specified as a (Partially Observable) Markov Decision Process, and we illustrate this framework with a running example, which includes notions of conflict, critical resource, mitigation and auditing decisions, and we show that for a given sequence of requests, it is possible to calculate an optimal policy different from the naive one. This optimization is still possible even for several probable sequences of requests.","PeriodicalId":90472,"journal":{"name":"CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy","volume":"45 1","pages":"169-180"},"PeriodicalIF":0.0,"publicationDate":"2012-02-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"79382879","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 22
Leakage-free redactable signatures 无泄漏可读签名
CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy Pub Date : 2012-02-07 DOI: 10.1145/2133601.2133639
A. Kundu, M. Atallah, E. Bertino
{"title":"Leakage-free redactable signatures","authors":"A. Kundu, M. Atallah, E. Bertino","doi":"10.1145/2133601.2133639","DOIUrl":"https://doi.org/10.1145/2133601.2133639","url":null,"abstract":"Redactable signatures for linear-structured data such as strings have already been studied in the literature. In this paper, we propose a formal security model for leakage-free redactable signatures (LFRS) that is general enough to address authentication of not only trees but also graphs and forests. LFRS schemes have several applications, especially in enabling secure data management in the emerging cloud computing paradigm as well as in healthcare, finance and biological applications. We have also formally defined the notion of secure names. Such secure names facilitate leakage-free verification of ordering between siblings/nodes. The paper also proposes a construction for secure names, and a construction for leakagefree redactable signatures based on the secure naming scheme. The proposed construction computes a linear number of signatures with respect to the size of the data object, and outputs only one signature that is stored, transmitted and used for authentication of any tree, graph and forest.","PeriodicalId":90472,"journal":{"name":"CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy","volume":"69 1","pages":"307-316"},"PeriodicalIF":0.0,"publicationDate":"2012-02-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"81747399","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 27
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信