首页 > 最新文献

Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security最新文献

英文 中文
How Discover a Malware using Model Checking 如何使用模型检查发现恶意软件
F. Martinelli, F. Mercaldo, Vittoria Nardone, A. Santone
Android operating system is constantly overwhelmed by new sophisticated threats and new zero-day attacks. While aggressive malware, for instance malicious behaviors able to cipher data files or lock the GUI, are not worried to circumvention users by infection (that can try to disinfect the device), there exist malware with the aim to perform malicious actions stealthy, i.e., trying to not manifest their presence to the users. This kind of malware is less recognizable, because users are not aware of their presence. In this paper we propose FormalDroid, a tool able to detect silent malicious beaviours and to localize the malicious payload in Android application. Evaluating real-world malware samples we obtain an accuracy equal to 0.94.
Android操作系统不断被新的复杂威胁和新的零日攻击所淹没。虽然攻击性恶意软件,例如能够加密数据文件或锁定GUI的恶意行为,并不担心通过感染绕过用户(可以尝试消毒设备),但存在恶意软件,其目的是执行恶意操作隐身,即试图不向用户显示它们的存在。这种恶意软件不太容易识别,因为用户不会意识到它们的存在。在本文中,我们提出了FormalDroid,一个能够检测静默恶意行为并在Android应用程序中定位恶意负载的工具。评估真实世界的恶意软件样本,我们得到的准确率等于0.94。
{"title":"How Discover a Malware using Model Checking","authors":"F. Martinelli, F. Mercaldo, Vittoria Nardone, A. Santone","doi":"10.1145/3052973.3055157","DOIUrl":"https://doi.org/10.1145/3052973.3055157","url":null,"abstract":"Android operating system is constantly overwhelmed by new sophisticated threats and new zero-day attacks. While aggressive malware, for instance malicious behaviors able to cipher data files or lock the GUI, are not worried to circumvention users by infection (that can try to disinfect the device), there exist malware with the aim to perform malicious actions stealthy, i.e., trying to not manifest their presence to the users. This kind of malware is less recognizable, because users are not aware of their presence. In this paper we propose FormalDroid, a tool able to detect silent malicious beaviours and to localize the malicious payload in Android application. Evaluating real-world malware samples we obtain an accuracy equal to 0.94.","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":"68 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"72626396","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
Mis-operation Resistant Searchable Homomorphic Encryption 防误操作的可搜索同态加密
K. Emura, Takuya Hayashi, N. Kunihiro, Jun Sakuma
Let us consider a scenario that a data holder (e.g., a hospital) encrypts a data (e.g., a medical record) which relates a keyword (e.g., a disease name), and sends its ciphertext to a server. We here suppose not only the data but also the keyword should be kept private. A receiver sends a query to the server (e.g., average of body weights of cancer patients). Then, the server performs the homomorphic operation to the ciphertexts of the corresponding medical records, and returns the resultant ciphertext. In this scenario, the server should NOT be allowed to perform the homomorphic operation against ciphertexts associated with different keywords. If such a mis-operation happens, then medical records of different diseases are unexpectedly mixed. However, in the conventional homomorphic encryption, there is no way to prevent such an unexpected homomorphic operation, and this fact may become visible after decrypting a ciphertext, or as the most serious case it might be never detected. To circumvent this problem, in this paper, we propose mis-operation resistant homomorphic encryption, where even if one performs the homomorphic operations against ciphertexts associated with keywords ω' and ω, where ω -ω', the evaluation algorithm detects this fact. Moreover, even if one (intentionally or accidentally) performs the homomorphic operations against such ciphertexts, a ciphertext associated with a random keyword is generated, and the decryption algorithm rejects it. So, the receiver can recognize such a mis-operation happens in the evaluation phase. In addition to mis-operation resistance, we additionally adopt secure search functionality for keywords since it is desirable when one would like to delegate homomorphic operations to a third party. So, we call the proposed primitive mis-operation resistant searchable homomorphic encryption (MR-SHE). We also give our implementation result of inner products of encrypted vectors. In the case when both vectors are encrypted, the running time of the receiver is millisecond order for relatively small-dimensional (e.g., 26) vectors. In the case when one vector is encrypted, the running time of the receiver is approximately 5 msec even for relatively high-dimensional (e.g., 213) vectors.
让我们考虑这样一个场景:数据持有者(例如医院)加密与关键字(例如疾病名称)相关的数据(例如医疗记录),并将其密文发送到服务器。我们在这里假设不仅数据而且关键字都应该保密。接收方向服务器发送查询(例如,癌症患者的平均体重)。然后,服务器对相应医疗记录的密文执行同态操作,并返回生成的密文。在此场景中,不应允许服务器对与不同关键字关联的密文执行同态操作。如果发生这样的手术失误,那么不同疾病的病历就会意外地混杂在一起。然而,在传统的同态加密中,没有办法防止这种意外的同态操作,并且在解密密文之后,这个事实可能是可见的,或者最严重的情况下,它可能永远不会被检测到。为了避免这个问题,在本文中,我们提出了抗误操作的同态加密,其中即使对与关键字ω'和ω相关的密文执行同态操作,其中ω -ω',求值算法也会检测到这一事实。此外,即使有人(有意或无意)对这些密文执行同态操作,也会生成与随机关键字关联的密文,解密算法会拒绝它。因此,接收方可以在评估阶段识别出这种错误操作。除了防误操作之外,我们还为关键字采用了安全搜索功能,因为当希望将同态操作委托给第三方时,这是可取的。因此,我们将提出的原语防误操作可搜索同态加密称为MR-SHE。给出了加密向量内积的实现结果。在两个向量都被加密的情况下,对于相对较小的维度(例如,26)向量,接收器的运行时间是毫秒级的。在对一个矢量进行加密的情况下,即使对于相对高维(例如,213)的矢量,接收器的运行时间也大约为5毫秒。
{"title":"Mis-operation Resistant Searchable Homomorphic Encryption","authors":"K. Emura, Takuya Hayashi, N. Kunihiro, Jun Sakuma","doi":"10.1145/3052973.3053015","DOIUrl":"https://doi.org/10.1145/3052973.3053015","url":null,"abstract":"Let us consider a scenario that a data holder (e.g., a hospital) encrypts a data (e.g., a medical record) which relates a keyword (e.g., a disease name), and sends its ciphertext to a server. We here suppose not only the data but also the keyword should be kept private. A receiver sends a query to the server (e.g., average of body weights of cancer patients). Then, the server performs the homomorphic operation to the ciphertexts of the corresponding medical records, and returns the resultant ciphertext. In this scenario, the server should NOT be allowed to perform the homomorphic operation against ciphertexts associated with different keywords. If such a mis-operation happens, then medical records of different diseases are unexpectedly mixed. However, in the conventional homomorphic encryption, there is no way to prevent such an unexpected homomorphic operation, and this fact may become visible after decrypting a ciphertext, or as the most serious case it might be never detected. To circumvent this problem, in this paper, we propose mis-operation resistant homomorphic encryption, where even if one performs the homomorphic operations against ciphertexts associated with keywords ω' and ω, where ω -ω', the evaluation algorithm detects this fact. Moreover, even if one (intentionally or accidentally) performs the homomorphic operations against such ciphertexts, a ciphertext associated with a random keyword is generated, and the decryption algorithm rejects it. So, the receiver can recognize such a mis-operation happens in the evaluation phase. In addition to mis-operation resistance, we additionally adopt secure search functionality for keywords since it is desirable when one would like to delegate homomorphic operations to a third party. So, we call the proposed primitive mis-operation resistant searchable homomorphic encryption (MR-SHE). We also give our implementation result of inner products of encrypted vectors. In the case when both vectors are encrypted, the running time of the receiver is millisecond order for relatively small-dimensional (e.g., 26) vectors. In the case when one vector is encrypted, the running time of the receiver is approximately 5 msec even for relatively high-dimensional (e.g., 213) vectors.","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":"115 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"79645274","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
Breaking Ad-hoc Runtime Integrity Protection Mechanisms in Android Financial Apps 在Android金融应用中破坏Ad-hoc运行时完整性保护机制
Taehun Kim, Hyeonmin Ha, Seoyoon Choi, Jaeyeon Jung, Byung-Gon Chun
To protect customers' sensitive information, many mobile financial applications include steps to probe the runtime environment and abort their execution if the environment is deemed to have been tampered with. This paper investigates the security of such self-defense mechanisms used in 76 popular financial Android apps in the Republic of Korea. Our investigation found that existing tools fail to analyze these Android apps effectively because of their highly obfuscated code and complex, non-traditional control flows. We overcome this challenge by extracting a call graph with a self-defense mechanism, from a detailed runtime trace record of a target app's execution. To generate the call graph, we identify the causality between the system APIs (Android APIs and system calls) used to check device rooting and app integrity, and those used to stop an app's execution. Our analysis of 76 apps shows that we can pinpoint methods to bypass a self-defense mechanism using a causality graph in most cases. We successfully bypassed self-defense mechanisms in 67 out of 73 apps that check device rooting and 39 out of 44 apps that check app integrity. While analyzing the self-defense mechanisms, we found that many apps rely on third-party security libraries for their self-defense mechanisms. Thus we present in-depth studies of the top five security libraries. Our results demonstrate the necessity of a platform-level solution for integrity checks.
为了保护客户的敏感信息,许多移动金融应用程序包括探测运行时环境的步骤,如果环境被认为已被篡改,则中止执行。本文研究了韩国76个流行的安卓金融应用中使用的这种自卫机制的安全性。我们的调查发现,现有的工具无法有效地分析这些Android应用,因为它们的代码非常模糊,控制流程非常复杂。我们通过从目标应用程序执行的详细运行时跟踪记录中提取带有自我保护机制的调用图来克服这一挑战。为了生成调用图,我们确定了用于检查设备生根和应用程序完整性的系统api (Android api和系统调用)与用于停止应用程序执行的系统api之间的因果关系。我们对76款应用的分析表明,在大多数情况下,我们可以利用因果关系图找到绕过自我防御机制的方法。我们成功绕过了73个检查设备生根的应用程序中的67个和44个检查应用程序完整性的应用程序中的39个的自卫机制。在分析自我保护机制时,我们发现许多应用程序依赖第三方安全库来实现自我保护机制。因此,我们对五大安全库进行了深入研究。我们的结果证明了平台级完整性检查解决方案的必要性。
{"title":"Breaking Ad-hoc Runtime Integrity Protection Mechanisms in Android Financial Apps","authors":"Taehun Kim, Hyeonmin Ha, Seoyoon Choi, Jaeyeon Jung, Byung-Gon Chun","doi":"10.1145/3052973.3053018","DOIUrl":"https://doi.org/10.1145/3052973.3053018","url":null,"abstract":"To protect customers' sensitive information, many mobile financial applications include steps to probe the runtime environment and abort their execution if the environment is deemed to have been tampered with. This paper investigates the security of such self-defense mechanisms used in 76 popular financial Android apps in the Republic of Korea. Our investigation found that existing tools fail to analyze these Android apps effectively because of their highly obfuscated code and complex, non-traditional control flows. We overcome this challenge by extracting a call graph with a self-defense mechanism, from a detailed runtime trace record of a target app's execution. To generate the call graph, we identify the causality between the system APIs (Android APIs and system calls) used to check device rooting and app integrity, and those used to stop an app's execution. Our analysis of 76 apps shows that we can pinpoint methods to bypass a self-defense mechanism using a causality graph in most cases. We successfully bypassed self-defense mechanisms in 67 out of 73 apps that check device rooting and 39 out of 44 apps that check app integrity. While analyzing the self-defense mechanisms, we found that many apps rely on third-party security libraries for their self-defense mechanisms. Thus we present in-depth studies of the top five security libraries. Our results demonstrate the necessity of a platform-level solution for integrity checks.","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":"1 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"90938894","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 12
SPOKE: Scalable Knowledge Collection and Attack Surface Analysis of Access Control Policy for Security Enhanced Android SPOKE:安全增强Android访问控制策略的可扩展知识收集和攻击面分析
Ruowen Wang, Ahmed M. Azab, W. Enck, Ninghui Li, P. Ning, Xun Chen, Wenbo Shen, Yueqiang Cheng
SEAndroid is a mandatory access control (MAC) framework that can confine faulty applications on Android. Nevertheless, the effectiveness of SEAndroid enforcement depends on the employed policy. The growing complexity of Android makes it difficult for policy engineers to have complete domain knowledge on every system functionality. As a result, policy engineers sometimes craft over-permissive and ineffective policy rules, which unfortunately increased the attack surface of the Android system and have allowed multiple real-world privilege escalation attacks. We propose SPOKE, an SEAndroid Policy Knowledge Engine, that systematically extracts domain knowledge from rich-semantic functional tests and further uses the knowledge for characterizing the attack surface of SEAndroid policy rules. Our attack surface analysis is achieved by two steps: 1) It reveals policy rules that cannot be justified by the collected domain knowledge. 2) It identifies potentially over-permissive access patterns allowed by those unjustified rules as the attack surface. We evaluate SPOKE using 665 functional tests targeting 28 different categories of functionalities developed by Samsung Android Team. SPOKE successfully collected 12,491 access patterns for the 28 categories as domain knowledge, and used the knowledge to reveal 320 unjustified policy rules and 210 over-permissive access patterns defined by those rules, including one related to the notorious libstagefright vulnerability. These findings have been confirmed by policy engineers.
SEAndroid是一个强制访问控制(MAC)框架,可以限制Android上的错误应用程序。然而,SEAndroid执行的有效性取决于雇佣政策。Android越来越复杂,使得策略工程师很难对每个系统功能都有完整的领域知识。因此,策略工程师有时会制定过于宽松和无效的策略规则,不幸的是,这增加了Android系统的攻击面,并允许多种真实世界的特权升级攻击。我们提出了一个SEAndroid策略知识引擎SPOKE,系统地从丰富语义的功能测试中提取领域知识,并进一步利用这些知识来表征SEAndroid策略规则的攻击面。我们的攻击面分析是通过两个步骤实现的:1)它揭示了收集到的领域知识无法证明的策略规则。2)识别那些不合理的规则所允许的潜在的过度许可的访问模式作为攻击面。我们使用665个功能测试来评估SPOKE,目标是由三星Android团队开发的28个不同类别的功能。SPOKE成功地收集了28个类别的12,491个访问模式作为领域知识,并使用这些知识揭示了320个不合理的策略规则和210个由这些规则定义的过度许可的访问模式,包括一个与臭名昭著的libstagefright漏洞相关的模式。这些发现已得到政策工程师的证实。
{"title":"SPOKE: Scalable Knowledge Collection and Attack Surface Analysis of Access Control Policy for Security Enhanced Android","authors":"Ruowen Wang, Ahmed M. Azab, W. Enck, Ninghui Li, P. Ning, Xun Chen, Wenbo Shen, Yueqiang Cheng","doi":"10.1145/3052973.3052991","DOIUrl":"https://doi.org/10.1145/3052973.3052991","url":null,"abstract":"SEAndroid is a mandatory access control (MAC) framework that can confine faulty applications on Android. Nevertheless, the effectiveness of SEAndroid enforcement depends on the employed policy. The growing complexity of Android makes it difficult for policy engineers to have complete domain knowledge on every system functionality. As a result, policy engineers sometimes craft over-permissive and ineffective policy rules, which unfortunately increased the attack surface of the Android system and have allowed multiple real-world privilege escalation attacks. We propose SPOKE, an SEAndroid Policy Knowledge Engine, that systematically extracts domain knowledge from rich-semantic functional tests and further uses the knowledge for characterizing the attack surface of SEAndroid policy rules. Our attack surface analysis is achieved by two steps: 1) It reveals policy rules that cannot be justified by the collected domain knowledge. 2) It identifies potentially over-permissive access patterns allowed by those unjustified rules as the attack surface. We evaluate SPOKE using 665 functional tests targeting 28 different categories of functionalities developed by Samsung Android Team. SPOKE successfully collected 12,491 access patterns for the 28 categories as domain knowledge, and used the knowledge to reveal 320 unjustified policy rules and 210 over-permissive access patterns defined by those rules, including one related to the notorious libstagefright vulnerability. These findings have been confirmed by policy engineers.","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":"1 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"89838821","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 29
Hit by the Bus: QoS Degradation Attack on Android 命中总线:Android上的QoS降级攻击
Mehmet Sinan Inci, T. Eisenbarth, B. Sunar
Mobile apps need optimal performance and responsiveness to rise amongst numerous rivals on the market. Further, some apps like media streaming or gaming apps cannot even function properly with a performance below a certain threshold. In this work, we present the first performance degradation attack on Android OS that can target rival apps using a combination of logical channel leakages and low-level architectural bottlenecks in the underlying hardware. To show the viability of the attack, we design a proof-of-concept app and test it on various mobile platforms. The attack runs covertly and brings the target to the level of unresponsiveness. With less than 10% CPU time in the worst case, it requires minimal computational effort to run as a background service, and requires only the UsageStats permission from the user. We quantify the impact of our attack using 11 popular benchmark apps, running 44 different tests.} The measured QoS degradation varies across platforms and applications, reaching a maximum of 90% in some cases. The attack combines the leakage from logical channels with low-level architectural bottlenecks to design a malicious app that can covertly degrade Quality of Service (QoS) of any targeted app. Furthermore, our attack code has a small footprint and is not detected by the Android system as malicious. Finally, our app can pass the Google Play Store malware scanner, Google Bouncer, as well as the top malware scanners in the Play Store.
手机应用需要最佳的性能和响应能力,才能在市场上众多竞争对手中脱颖而出。此外,一些应用程序,如流媒体或游戏应用程序甚至无法正常运行的性能低于一定的阈值。在这项工作中,我们提出了Android操作系统上的第一个性能退化攻击,可以使用逻辑通道泄漏和底层硬件中的低级架构瓶颈的组合来针对竞争对手的应用程序。为了证明攻击的可行性,我们设计了一个概念验证应用程序,并在各种移动平台上进行测试。攻击隐蔽地进行,使目标处于无反应的水平。在最坏的情况下,它的CPU时间少于10%,作为后台服务运行只需要最少的计算量,并且只需要用户的UsageStats权限。我们使用11个流行的基准应用程序,运行44个不同的测试来量化攻击的影响。测量到的QoS退化因平台和应用程序而异,在某些情况下最高可达90%。该攻击将逻辑通道泄漏与低级架构瓶颈相结合,设计了一个恶意应用程序,可以暗中降低任何目标应用程序的服务质量(QoS)。此外,我们的攻击代码占地面积小,不会被Android系统检测为恶意。最后,我们的应用程序可以通过谷歌Play商店恶意软件扫描器,谷歌Bouncer,以及在Play商店的顶级恶意软件扫描器。
{"title":"Hit by the Bus: QoS Degradation Attack on Android","authors":"Mehmet Sinan Inci, T. Eisenbarth, B. Sunar","doi":"10.1145/3052973.3053028","DOIUrl":"https://doi.org/10.1145/3052973.3053028","url":null,"abstract":"Mobile apps need optimal performance and responsiveness to rise amongst numerous rivals on the market. Further, some apps like media streaming or gaming apps cannot even function properly with a performance below a certain threshold. In this work, we present the first performance degradation attack on Android OS that can target rival apps using a combination of logical channel leakages and low-level architectural bottlenecks in the underlying hardware. To show the viability of the attack, we design a proof-of-concept app and test it on various mobile platforms. The attack runs covertly and brings the target to the level of unresponsiveness. With less than 10% CPU time in the worst case, it requires minimal computational effort to run as a background service, and requires only the UsageStats permission from the user. We quantify the impact of our attack using 11 popular benchmark apps, running 44 different tests.} The measured QoS degradation varies across platforms and applications, reaching a maximum of 90% in some cases. The attack combines the leakage from logical channels with low-level architectural bottlenecks to design a malicious app that can covertly degrade Quality of Service (QoS) of any targeted app. Furthermore, our attack code has a small footprint and is not detected by the Android system as malicious. Finally, our app can pass the Google Play Store malware scanner, Google Bouncer, as well as the top malware scanners in the Play Store.","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":"57 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"87652500","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
Enabling End-Users to Protect their Privacy 使最终用户能够保护他们的隐私
M. Barhamgi, Mu Yang, Chia-Mu Yu, Y. Yu, A. Bandara, D. Benslimane, B. Nuseibeh
In this paper we present our ongoing work to build an approach to empower users of IoT-based cyber physical systems to protect their privacy by themselves. Our approach allows users to identify the privacy risks involved in sharing private data with a data consumer, assess the value of their private data based on identified risks and take a pragmatic data sharing decision balancing the risks with the benefits generated by the sharing. Our approach features a knowledgebase, called the Privacy Oracle, that exploits the power of the Semantic Web to determine how raw metadata can be combined by data consumers to infer privacy-sensitive information as well as the privacy risks associated with the disclosure of inferred information.
在本文中,我们介绍了我们正在进行的工作,以建立一种方法,使基于物联网的网络物理系统的用户能够自己保护他们的隐私。我们的方法允许用户识别与数据消费者共享私人数据所涉及的隐私风险,根据已识别的风险评估其私人数据的价值,并采取务实的数据共享决策,平衡风险与共享带来的利益。我们的方法的特点是一个知识库,称为隐私Oracle,它利用语义网的力量来确定数据消费者如何结合原始元数据来推断隐私敏感信息,以及与推断信息披露相关的隐私风险。
{"title":"Enabling End-Users to Protect their Privacy","authors":"M. Barhamgi, Mu Yang, Chia-Mu Yu, Y. Yu, A. Bandara, D. Benslimane, B. Nuseibeh","doi":"10.1145/3052973.3055154","DOIUrl":"https://doi.org/10.1145/3052973.3055154","url":null,"abstract":"In this paper we present our ongoing work to build an approach to empower users of IoT-based cyber physical systems to protect their privacy by themselves. Our approach allows users to identify the privacy risks involved in sharing private data with a data consumer, assess the value of their private data based on identified risks and take a pragmatic data sharing decision balancing the risks with the benefits generated by the sharing. Our approach features a knowledgebase, called the Privacy Oracle, that exploits the power of the Semantic Web to determine how raw metadata can be combined by data consumers to infer privacy-sensitive information as well as the privacy risks associated with the disclosure of inferred information.","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":"29 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"85489033","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
A Ciphertext-Policy Attribute-based Encryption Scheme With Optimized Ciphertext Size And Fast Decryption 一种优化密文长度和快速解密的基于密文策略属性的加密方案
Q. Malluhi, Abdullatif Shikfa, V. Trinh
We address the problem of ciphertext-policy attribute-based encryption with fine access control, a cryptographic primitive which has many concrete application scenarios such as Pay-TV, e-Health, Cloud Storage and so on. In this context we improve on previous LSSS based techniques by building on previous work of Hohenberger and Waters at PKC'13 and proposing a construction that achieves ciphertext size linear in the minimum between the size of the boolean access formula and the number of its clauses. Our construction also supports fast decryption. We also propose two interesting extensions: the first one aims at reducing storage and computation at the user side and is useful in the context of lightweight devices or devices using a cloud operator. The second proposes the use of multiple authorities to mitigate key escrow by the authority.
本文研究了基于密文策略属性的精细访问控制加密问题,这是一种具有许多具体应用场景的加密原语,如付费电视、电子健康、云存储等。在这种情况下,我们通过建立Hohenberger和Waters在PKC'13上的先前工作,改进了先前基于LSSS的技术,并提出了一种结构,该结构在布尔访问公式的大小与其子句的数量之间的最小值之间实现密文大小线性。我们的构造还支持快速解密。我们还提出了两个有趣的扩展:第一个旨在减少用户端的存储和计算,在轻量级设备或使用云操作符的设备的上下文中很有用。第二个方案建议使用多个权威机构来减轻权威机构的密钥托管。
{"title":"A Ciphertext-Policy Attribute-based Encryption Scheme With Optimized Ciphertext Size And Fast Decryption","authors":"Q. Malluhi, Abdullatif Shikfa, V. Trinh","doi":"10.1145/3052973.3052987","DOIUrl":"https://doi.org/10.1145/3052973.3052987","url":null,"abstract":"We address the problem of ciphertext-policy attribute-based encryption with fine access control, a cryptographic primitive which has many concrete application scenarios such as Pay-TV, e-Health, Cloud Storage and so on. In this context we improve on previous LSSS based techniques by building on previous work of Hohenberger and Waters at PKC'13 and proposing a construction that achieves ciphertext size linear in the minimum between the size of the boolean access formula and the number of its clauses. Our construction also supports fast decryption. We also propose two interesting extensions: the first one aims at reducing storage and computation at the user side and is useful in the context of lightweight devices or devices using a cloud operator. The second proposes the use of multiple authorities to mitigate key escrow by the authority.","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":"3 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"82383525","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 39
Evaluating Behavioral Biometrics for Continuous Authentication: Challenges and Metrics 评估行为生物识别技术的持续认证:挑战和度量
Simon Eberz, Kasper Bonne Rasmussen, Vincent Lenders, I. Martinovic
In recent years, behavioral biometrics have become a popular approach to support continuous authentication systems. Most generally, a continuous authentication system can make two types of errors: false rejects and false accepts. Based on this, the most commonly reported metrics to evaluate systems are the False Reject Rate (FRR) and False Accept Rate (FAR). However, most papers only report the mean of these measures with little attention paid to their distribution. This is problematic as systematic errors allow attackers to perpetually escape detection while random errors are less severe. Using 16 biometric datasets we show that these systematic errors are very common in the wild. We show that some biometrics (such as eye movements) are particularly prone to systematic errors, while others (such as touchscreen inputs) show more even error distributions. Our results also show that the inclusion of some distinctive features lowers average error rates but significantly increases the prevalence of systematic errors. As such, blind optimization of the mean EER (through feature engineering or selection) can sometimes lead to lower security. Following this result we propose the Gini Coefficient (GC) as an additional metric to accurately capture different error distributions. We demonstrate the usefulness of this measure both to compare different systems and to guide researchers during feature selection. In addition to the selection of features and classifiers, some non- functional machine learning methodologies also affect error rates. The most notable examples of this are the selection of training data and the attacker model used to develop the negative class. 13 out of the 25 papers we analyzed either include imposter data in the negative class or randomly sample training data from the entire dataset, with a further 6 not giving any information on the methodology used. Using real-world data we show that both of these decisions lead to significant underestimation of error rates by 63% and 81%, respectively. This is an alarming result, as it suggests that researchers are either unaware of the magnitude of these effects or might even be purposefully attempting to over-optimize their EER without actually improving the system.
近年来,行为生物识别技术已成为支持连续身份验证系统的一种流行方法。通常,连续身份验证系统会产生两种类型的错误:错误拒绝和错误接受。基于此,最常报告的评估系统的指标是错误拒绝率(FRR)和错误接受率(FAR)。然而,大多数论文只报道了这些指标的平均值,很少关注它们的分布。这是有问题的,因为系统错误允许攻击者永远逃避检测,而随机错误则不那么严重。通过使用16个生物特征数据集,我们发现这些系统误差在野外非常普遍。我们表明,一些生物识别技术(如眼球运动)特别容易出现系统错误,而其他生物识别技术(如触摸屏输入)则显示出更均匀的错误分布。我们的研究结果还表明,包含一些独特的特征降低了平均错误率,但显著增加了系统错误的发生率。因此,平均EER的盲目优化(通过特征工程或选择)有时会导致安全性降低。根据这个结果,我们提出基尼系数(GC)作为一个额外的度量来准确地捕捉不同的误差分布。我们证明了这一措施的有用性,既可以比较不同的系统,也可以在特征选择过程中指导研究人员。除了特征和分类器的选择外,一些非功能机器学习方法也会影响错误率。最值得注意的例子是训练数据的选择和用于开发负类的攻击者模型。在我们分析的25篇论文中,有13篇要么在负类中包含冒名顶替数据,要么从整个数据集中随机抽样训练数据,另外6篇没有提供任何关于所使用方法的信息。使用真实世界的数据,我们表明这两种决策分别导致误差率被严重低估了63%和81%。这是一个令人担忧的结果,因为它表明研究人员要么没有意识到这些影响的严重性,要么甚至可能有目的地试图过度优化他们的EER,而没有真正改善系统。
{"title":"Evaluating Behavioral Biometrics for Continuous Authentication: Challenges and Metrics","authors":"Simon Eberz, Kasper Bonne Rasmussen, Vincent Lenders, I. Martinovic","doi":"10.1145/3052973.3053032","DOIUrl":"https://doi.org/10.1145/3052973.3053032","url":null,"abstract":"In recent years, behavioral biometrics have become a popular approach to support continuous authentication systems. Most generally, a continuous authentication system can make two types of errors: false rejects and false accepts. Based on this, the most commonly reported metrics to evaluate systems are the False Reject Rate (FRR) and False Accept Rate (FAR). However, most papers only report the mean of these measures with little attention paid to their distribution. This is problematic as systematic errors allow attackers to perpetually escape detection while random errors are less severe. Using 16 biometric datasets we show that these systematic errors are very common in the wild. We show that some biometrics (such as eye movements) are particularly prone to systematic errors, while others (such as touchscreen inputs) show more even error distributions. Our results also show that the inclusion of some distinctive features lowers average error rates but significantly increases the prevalence of systematic errors. As such, blind optimization of the mean EER (through feature engineering or selection) can sometimes lead to lower security. Following this result we propose the Gini Coefficient (GC) as an additional metric to accurately capture different error distributions. We demonstrate the usefulness of this measure both to compare different systems and to guide researchers during feature selection. In addition to the selection of features and classifiers, some non- functional machine learning methodologies also affect error rates. The most notable examples of this are the selection of training data and the attacker model used to develop the negative class. 13 out of the 25 papers we analyzed either include imposter data in the negative class or randomly sample training data from the entire dataset, with a further 6 not giving any information on the methodology used. Using real-world data we show that both of these decisions lead to significant underestimation of error rates by 63% and 81%, respectively. This is an alarming result, as it suggests that researchers are either unaware of the magnitude of these effects or might even be purposefully attempting to over-optimize their EER without actually improving the system.","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":"23 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"74201004","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 74
Automatically Inferring Malware Signatures for Anti-Virus Assisted Attacks 自动推断反病毒辅助攻击的恶意软件签名
Christian Wressnegger, Kevin Freeman, Fabian Yamaguchi, Konrad Rieck
Although anti-virus software has significantly evolved over the last decade, classic signature matching based on byte patterns is still a prevalent concept for identifying security threats. Anti-virus signatures are a simple and fast detection mechanism that can complement more sophisticated analysis strategies. However, if signatures are not designed with care, they can turn from a defensive mechanism into an instrument of attack. In this paper, we present a novel method for automatically deriving signatures from anti-virus software and discuss how the extracted signatures can be used to attack sensible data with the aid of the virus scanner itself. To this end, we study the practicability of our approach using four commercial products and exemplary demonstrate anti-virus assisted attacks in three different scenarios.
尽管反病毒软件在过去十年中有了显著的发展,但基于字节模式的经典签名匹配仍然是识别安全威胁的流行概念。反病毒签名是一种简单快速的检测机制,可以补充更复杂的分析策略。但是,如果签名设计不当,就可能从防御机制变成攻击工具。本文提出了一种从杀毒软件中自动提取签名的新方法,并讨论了如何利用病毒扫描程序本身来利用提取的签名攻击敏感数据。为此,我们使用四种商业产品来研究我们方法的实用性,并在三种不同的场景中示范反病毒辅助攻击。
{"title":"Automatically Inferring Malware Signatures for Anti-Virus Assisted Attacks","authors":"Christian Wressnegger, Kevin Freeman, Fabian Yamaguchi, Konrad Rieck","doi":"10.1145/3052973.3053002","DOIUrl":"https://doi.org/10.1145/3052973.3053002","url":null,"abstract":"Although anti-virus software has significantly evolved over the last decade, classic signature matching based on byte patterns is still a prevalent concept for identifying security threats. Anti-virus signatures are a simple and fast detection mechanism that can complement more sophisticated analysis strategies. However, if signatures are not designed with care, they can turn from a defensive mechanism into an instrument of attack. In this paper, we present a novel method for automatically deriving signatures from anti-virus software and discuss how the extracted signatures can be used to attack sensible data with the aid of the virus scanner itself. To this end, we study the practicability of our approach using four commercial products and exemplary demonstrate anti-virus assisted attacks in three different scenarios.","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":"5 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"88097344","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 40
Session details: Vulnerability Analysis 会话详细信息:漏洞分析
Manuel Egele
{"title":"Session details: Vulnerability Analysis","authors":"Manuel Egele","doi":"10.1145/3248554","DOIUrl":"https://doi.org/10.1145/3248554","url":null,"abstract":"","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":"15 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"89648662","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
期刊
Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security
全部 Acc. Chem. Res. ACS Applied Bio Materials ACS Appl. Electron. Mater. ACS Appl. Energy Mater. ACS Appl. Mater. Interfaces ACS Appl. Nano Mater. ACS Appl. Polym. Mater. ACS BIOMATER-SCI ENG ACS Catal. ACS Cent. Sci. ACS Chem. Biol. ACS Chemical Health & Safety ACS Chem. Neurosci. ACS Comb. Sci. ACS Earth Space Chem. ACS Energy Lett. ACS Infect. Dis. ACS Macro Lett. ACS Mater. Lett. ACS Med. Chem. Lett. ACS Nano ACS Omega ACS Photonics ACS Sens. ACS Sustainable Chem. Eng. ACS Synth. Biol. Anal. Chem. BIOCHEMISTRY-US Bioconjugate Chem. BIOMACROMOLECULES Chem. Res. Toxicol. Chem. Rev. Chem. Mater. CRYST GROWTH DES ENERG FUEL Environ. Sci. Technol. Environ. Sci. Technol. Lett. Eur. J. Inorg. Chem. IND ENG CHEM RES Inorg. Chem. J. Agric. Food. Chem. J. Chem. Eng. Data J. Chem. Educ. J. Chem. Inf. Model. J. Chem. Theory Comput. J. Med. Chem. J. Nat. Prod. J PROTEOME RES J. Am. Chem. Soc. LANGMUIR MACROMOLECULES Mol. Pharmaceutics Nano Lett. Org. Lett. ORG PROCESS RES DEV ORGANOMETALLICS J. Org. Chem. J. Phys. Chem. J. Phys. Chem. A J. Phys. Chem. B J. Phys. Chem. C J. Phys. Chem. Lett. Analyst Anal. Methods Biomater. Sci. Catal. Sci. Technol. Chem. Commun. Chem. Soc. Rev. CHEM EDUC RES PRACT CRYSTENGCOMM Dalton Trans. Energy Environ. Sci. ENVIRON SCI-NANO ENVIRON SCI-PROC IMP ENVIRON SCI-WAT RES Faraday Discuss. Food Funct. Green Chem. Inorg. Chem. Front. Integr. Biol. J. Anal. At. Spectrom. J. Mater. Chem. A J. Mater. Chem. B J. Mater. Chem. C Lab Chip Mater. Chem. Front. Mater. Horiz. MEDCHEMCOMM Metallomics Mol. Biosyst. Mol. Syst. Des. Eng. Nanoscale Nanoscale Horiz. Nat. Prod. Rep. New J. Chem. Org. Biomol. Chem. Org. Chem. Front. PHOTOCH PHOTOBIO SCI PCCP Polym. Chem.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1