In this paper we discuss a technique to safeguard specific airspace from intruding drones with the help of surveillance drones. The idea is to use multiple surveillance drones to patrol through the area looking for suspicious flying objects. The surveillance drones are trained to identify permissible drones in the area and hostile drones using image recognition algorithms. Once a hostile drone is detected the surveillance drones surround it making it difficult to maneuver. In the meantime, our automated drone attack framework launches cyber-attacks against the hostile drone to bring it down.
{"title":"Neutralizing Hostile Drones with Surveillance Drones","authors":"Vivek Balachandran, M. Chua","doi":"10.1145/3422337.3450318","DOIUrl":"https://doi.org/10.1145/3422337.3450318","url":null,"abstract":"In this paper we discuss a technique to safeguard specific airspace from intruding drones with the help of surveillance drones. The idea is to use multiple surveillance drones to patrol through the area looking for suspicious flying objects. The surveillance drones are trained to identify permissible drones in the area and hostile drones using image recognition algorithms. Once a hostile drone is detected the surveillance drones surround it making it difficult to maneuver. In the meantime, our automated drone attack framework launches cyber-attacks against the hostile drone to bring it down.","PeriodicalId":187272,"journal":{"name":"Proceedings of the Eleventh ACM Conference on Data and Application Security and Privacy","volume":"7 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-04-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126915686","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In this paper we discuss developing opaque predicates with the help of quantum entangled qubits. These opaque predicates obfuscate classical control flow in hybrid quantum-classical systems. The idea is to use a pair of entangled qubits, one at compile-time and one in the compiled code at runtime to create opaque predicates. We make use of the CHSH game (John Clauser, Michael Horne, Abner Shimony, and Richard Holt) to get consensus about the value of a qubit at runtime, whose value can be predicted at compile time with high probability due to quantum properties. The paper discusses designing opaque predicate that relies on the quantum behavior of the entangled qubits and quantum measurements. The obfuscation produced by this technique maintain only a semantic accuracy of 85.35% when one entangled pair of qubits are used. However, we show that the accuracy can be improved to 100% by introducing additional entangled qubit pairs.
本文讨论了利用量子纠缠量子比特开发不透明谓词的问题。这些不透明的谓词混淆了混合量子-经典系统中的经典控制流。这个想法是使用一对纠缠的量子位,一个在编译时,一个在运行时编译的代码中,以创建不透明的谓词。我们利用CHSH游戏(John Clauser, Michael Horne, Abner Shimony和Richard Holt)来获得关于运行时量子比特值的共识,由于量子特性,其值可以在编译时以高概率预测。本文讨论了基于纠缠量子比特的量子行为和量子测量的不透明谓词的设计。当使用一对纠缠量子比特时,该技术产生的混淆仅能保持85.35%的语义精度。然而,我们表明,通过引入额外的纠缠量子比特对,精度可以提高到100%。
{"title":"Quantum Obfuscation: Quantum Predicates with Entangled qubits","authors":"Vivek Balachandran","doi":"10.1145/3422337.3450317","DOIUrl":"https://doi.org/10.1145/3422337.3450317","url":null,"abstract":"In this paper we discuss developing opaque predicates with the help of quantum entangled qubits. These opaque predicates obfuscate classical control flow in hybrid quantum-classical systems. The idea is to use a pair of entangled qubits, one at compile-time and one in the compiled code at runtime to create opaque predicates. We make use of the CHSH game (John Clauser, Michael Horne, Abner Shimony, and Richard Holt) to get consensus about the value of a qubit at runtime, whose value can be predicted at compile time with high probability due to quantum properties. The paper discusses designing opaque predicate that relies on the quantum behavior of the entangled qubits and quantum measurements. The obfuscation produced by this technique maintain only a semantic accuracy of 85.35% when one entangled pair of qubits are used. However, we show that the accuracy can be improved to 100% by introducing additional entangled qubit pairs.","PeriodicalId":187272,"journal":{"name":"Proceedings of the Eleventh ACM Conference on Data and Application Security and Privacy","volume":"37 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-04-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114816995","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In this work we develop a privacy-preserving reputation scheme for collaborative systems such as P2P networks in which peers can represent themselves with different pseudonyms when interacting with others. All these pseudonyms, however, are bound to the same reputation token, allowing honest peers to maintain their good record even when switching to a new pseudonym while preventing malicious ones from making a fresh start. Our system is truly decentralized. Using an append-only distributed ledger such as Bitcoin's blockchain, we show how participants can make anonymous yet verifiable assertions about their own reputation. In particular, reputation can be demonstrated and updated effectively using efficient zkSNARK proofs. The system maintains soundness, peer-pseudonym unlinkability as well as unlinkability among pseudonyms of the same peer. We formally prove these properties and we evaluate the efficiency of the various operations, demonstrating the viability of our approach.
{"title":"Decentralized Reputation","authors":"T. Dimitriou","doi":"10.1145/3422337.3447839","DOIUrl":"https://doi.org/10.1145/3422337.3447839","url":null,"abstract":"In this work we develop a privacy-preserving reputation scheme for collaborative systems such as P2P networks in which peers can represent themselves with different pseudonyms when interacting with others. All these pseudonyms, however, are bound to the same reputation token, allowing honest peers to maintain their good record even when switching to a new pseudonym while preventing malicious ones from making a fresh start. Our system is truly decentralized. Using an append-only distributed ledger such as Bitcoin's blockchain, we show how participants can make anonymous yet verifiable assertions about their own reputation. In particular, reputation can be demonstrated and updated effectively using efficient zkSNARK proofs. The system maintains soundness, peer-pseudonym unlinkability as well as unlinkability among pseudonyms of the same peer. We formally prove these properties and we evaluate the efficiency of the various operations, demonstrating the viability of our approach.","PeriodicalId":187272,"journal":{"name":"Proceedings of the Eleventh ACM Conference on Data and Application Security and Privacy","volume":"80 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-04-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128602736","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
We present a graph-based language for the specification of administrative access control policies in Admin-CBAC, an administrative model for Category-Based Access Control. More precisely, we propose a multi-level graph representation of policies and a graph-rewriting semantics for administrative actions, from which properties (such as safety, liveness and effectiveness of policies) and constraints (such as separation of duties) can be checked using graph traversal algorithms and rewriting properties. Since Admin-CBAC is a generic model, the techniques are directly applicable to a variety of access control models. In particular, we illustrate our techniques for the RBAC and ABAC instances of Admin-CBAC.
{"title":"Graph-Based Specification of Admin-CBAC Policies","authors":"Clara Bertolissi, M. Fernández, B. Thuraisingham","doi":"10.1145/3422337.3447850","DOIUrl":"https://doi.org/10.1145/3422337.3447850","url":null,"abstract":"We present a graph-based language for the specification of administrative access control policies in Admin-CBAC, an administrative model for Category-Based Access Control. More precisely, we propose a multi-level graph representation of policies and a graph-rewriting semantics for administrative actions, from which properties (such as safety, liveness and effectiveness of policies) and constraints (such as separation of duties) can be checked using graph traversal algorithms and rewriting properties. Since Admin-CBAC is a generic model, the techniques are directly applicable to a variety of access control models. In particular, we illustrate our techniques for the RBAC and ABAC instances of Admin-CBAC.","PeriodicalId":187272,"journal":{"name":"Proceedings of the Eleventh ACM Conference on Data and Application Security and Privacy","volume":"34 2 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-04-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123252996","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Dynamic Searchable Symmetric Encryption (DSSE) enables a user to perform encrypted search queries on encrypted data stored on a server. Recently, a notion of Forward Privacy (FP) was introduced to guarantee that a newly added document cannot be linked to previous queries, and to thwart relative attacks and lessen information leakage and its consequences. However, in this paper we show that the forward-private schemes have no advantage (in preventing the related attacks) compared to traditional approaches, and previous attacks are still applicable on FP schemes. In FP approaches, access pattern leakage is still possible and can be employed to uncover the search pattern which can be used by passive and adaptive attacks. To address this issue, we construct a new parallelizable DSSE approach to obfuscate the access and search pattern. Our cost-efficient scheme supports both updates and searches. Our security proof and performance analysis demonstrate the practicality, efficiency, and security of our approach.
{"title":"Don't fool yourself with Forward Privacy, Your queries STILL belong to us!","authors":"K. Salmani, K. Barker","doi":"10.1145/3422337.3447838","DOIUrl":"https://doi.org/10.1145/3422337.3447838","url":null,"abstract":"Dynamic Searchable Symmetric Encryption (DSSE) enables a user to perform encrypted search queries on encrypted data stored on a server. Recently, a notion of Forward Privacy (FP) was introduced to guarantee that a newly added document cannot be linked to previous queries, and to thwart relative attacks and lessen information leakage and its consequences. However, in this paper we show that the forward-private schemes have no advantage (in preventing the related attacks) compared to traditional approaches, and previous attacks are still applicable on FP schemes. In FP approaches, access pattern leakage is still possible and can be employed to uncover the search pattern which can be used by passive and adaptive attacks. To address this issue, we construct a new parallelizable DSSE approach to obfuscate the access and search pattern. Our cost-efficient scheme supports both updates and searches. Our security proof and performance analysis demonstrate the practicality, efficiency, and security of our approach.","PeriodicalId":187272,"journal":{"name":"Proceedings of the Eleventh ACM Conference on Data and Application Security and Privacy","volume":"20 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-04-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128086086","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Session details: Session 1B: Adversarial Machine Learning","authors":"R. Yap","doi":"10.1145/3460467","DOIUrl":"https://doi.org/10.1145/3460467","url":null,"abstract":"","PeriodicalId":187272,"journal":{"name":"Proceedings of the Eleventh ACM Conference on Data and Application Security and Privacy","volume":"66 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-04-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133208172","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Session details: Session 2: Blockchains, Digital Currency","authors":"Murtuza Jadliwala","doi":"10.1145/3460468","DOIUrl":"https://doi.org/10.1145/3460468","url":null,"abstract":"","PeriodicalId":187272,"journal":{"name":"Proceedings of the Eleventh ACM Conference on Data and Application Security and Privacy","volume":"20 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-04-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115332671","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Studies have shown website privacy policies are too long and hard to comprehend for their target audience. These studies and a more recent body of research that utilizes machine learning and natural language processing to automatically summarize privacy policies greatly benefit, if not rely on, corpora of privacy policies collected from the web. While there have been smaller annotated corpora of web privacy policies made public, we are not aware of any large publicly available corpus. We use DMOZ, a massive open-content directory of the web, and its manually categorized 1.5 million websites, to collect hundreds of thousands of privacy policies associated with their categories, enabling research on privacy policies across different categories/market sectors. We review the statistics of this corpus and make it available for research. We also obtain valuable insights about privacy policies, e.g., which websites post them less often. Our corpus of web privacy policies is a valuable tool at the researchers' disposal to investigate privacy policies. For example, it facilitates comparison among different methods of privacy policy summarization by providing a benchmark, and can be used in unsupervised machine learning to summarize privacy policies.
{"title":"A Large Publicly Available Corpus of Website Privacy Policies Based on DMOZ","authors":"Razieh Nokhbeh Zaeem, K. S. Barber","doi":"10.1145/3422337.3447827","DOIUrl":"https://doi.org/10.1145/3422337.3447827","url":null,"abstract":"Studies have shown website privacy policies are too long and hard to comprehend for their target audience. These studies and a more recent body of research that utilizes machine learning and natural language processing to automatically summarize privacy policies greatly benefit, if not rely on, corpora of privacy policies collected from the web. While there have been smaller annotated corpora of web privacy policies made public, we are not aware of any large publicly available corpus. We use DMOZ, a massive open-content directory of the web, and its manually categorized 1.5 million websites, to collect hundreds of thousands of privacy policies associated with their categories, enabling research on privacy policies across different categories/market sectors. We review the statistics of this corpus and make it available for research. We also obtain valuable insights about privacy policies, e.g., which websites post them less often. Our corpus of web privacy policies is a valuable tool at the researchers' disposal to investigate privacy policies. For example, it facilitates comparison among different methods of privacy policy summarization by providing a benchmark, and can be used in unsupervised machine learning to summarize privacy policies.","PeriodicalId":187272,"journal":{"name":"Proceedings of the Eleventh ACM Conference on Data and Application Security and Privacy","volume":"50 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-04-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115472597","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Session details: Session 1A: Adversarial Machine Learning","authors":"Shagufta Mehnaz","doi":"10.1145/3460466","DOIUrl":"https://doi.org/10.1145/3460466","url":null,"abstract":"","PeriodicalId":187272,"journal":{"name":"Proceedings of the Eleventh ACM Conference on Data and Application Security and Privacy","volume":"12 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-04-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123836428","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Thusitha Dayaratne, C. Rudolph, A. Liebman, Mahsa Salehi
Advanced metering infrastructure, along with home automation processes, is enabling more efficient and effective demand-side management opportunities for both consumers and utility companies. However, tight cyber-physical integration also enables novel attack vectors for false data injection attacks (FDIA) as home automation/ home energy management systems reside outside the utilities' control perimeter. Authentic users themselves can manipulate these systems without causing significant security breaches compared to traditional FDIAs. This work depicts a novel FDIA that exploits one of the commonly utilised distributed device scheduling architectures. We evaluate the attack impact using a realistic dataset to demonstrate that adversaries gain significant benefits, independently from the actual algorithm used for optimisation, as long as they have control over a sufficient amount of demand. Compared to traditional FDIAs, reliable security mechanisms such as proper authentication, security protocols, security controls or, sealed/controlled devices cannot prevent this new type of FDIA. Thus, we propose a set of possible impact alleviation solutions to thwart this type of attack.
{"title":"We Can Pay Less: Coordinated False Data Injection Attack Against Residential Demand Response in Smart Grids","authors":"Thusitha Dayaratne, C. Rudolph, A. Liebman, Mahsa Salehi","doi":"10.1145/3422337.3447826","DOIUrl":"https://doi.org/10.1145/3422337.3447826","url":null,"abstract":"Advanced metering infrastructure, along with home automation processes, is enabling more efficient and effective demand-side management opportunities for both consumers and utility companies. However, tight cyber-physical integration also enables novel attack vectors for false data injection attacks (FDIA) as home automation/ home energy management systems reside outside the utilities' control perimeter. Authentic users themselves can manipulate these systems without causing significant security breaches compared to traditional FDIAs. This work depicts a novel FDIA that exploits one of the commonly utilised distributed device scheduling architectures. We evaluate the attack impact using a realistic dataset to demonstrate that adversaries gain significant benefits, independently from the actual algorithm used for optimisation, as long as they have control over a sufficient amount of demand. Compared to traditional FDIAs, reliable security mechanisms such as proper authentication, security protocols, security controls or, sealed/controlled devices cannot prevent this new type of FDIA. Thus, we propose a set of possible impact alleviation solutions to thwart this type of attack.","PeriodicalId":187272,"journal":{"name":"Proceedings of the Eleventh ACM Conference on Data and Application Security and Privacy","volume":"463 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-04-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127535039","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: