首页 > 最新文献

Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security最新文献

英文 中文
Privacy-preserving and Optimal Interval Release for Disease Susceptibility 疾病易感性的隐私保护和最优间隔释放
Kosuke Kusano, I. Takeuchi, Jun Sakuma
In this paper, we consider the problem of privacy-preserving release of function outputs that take private information as input. Disease susceptibilities are known to be associated with clinical features (e.g., age, sex) as well as genetic features represented by SNPs of individuals. Releasing outputs are not privacy-preserving if the private input can be uniquely identified by probabilistic inference using the outputs. To release useful outputs with preserving privacy, we present a mechanism that releases an interval as output, instead of an output value. We suppose adversaries perform probabilistic inference using released outputs to sharpen the posterior distribution of the target attributes. Then, our mechanism has two significant properties. First, when our mechanism provides the output, the increase of the adversary's posterior on any input attribute is upper-bounded by a prescribed level. Second, under this privacy constraint, the mechanism can provide the narrowest (optimal) interval that includes the true output. Building such a mechanism is often intractable. We formulate the design of the mechanism as a discrete constraint optimization problem so that it is solvable in a practical computation time. We also propose an algorithm to obtain the optimal mechanism based on dynamic programming. After applying our mechanism to release disease susceptibilities of obesity, we demonstrate that our mechanism performs better than existing methods in terms of privacy and utility.
本文研究了以私有信息为输入的函数输出的隐私保护释放问题。众所周知,疾病易感性与临床特征(如年龄、性别)以及个体snp所代表的遗传特征有关。如果私有输入可以通过使用输出的概率推断唯一地标识,则释放输出不具有隐私保护性。为了在保护隐私的同时释放有用的输出,我们提出了一种释放间隔作为输出而不是输出值的机制。我们假设对手使用释放的输出执行概率推理,以锐化目标属性的后验分布。那么,我们的机制有两个重要的性质。首先,当我们的机制提供输出时,对手的后验值在任何输入属性上的增加都是由一个规定的水平上限定的。其次,在此隐私约束下,该机制可以提供包含真实输出的最窄(最优)间隔。建立这样一种机制往往是棘手的。我们将机构的设计表述为一个离散约束优化问题,以便在实际的计算时间内求解。提出了一种基于动态规划的最优机制求解算法。在将我们的机制应用于肥胖的疾病易感性释放后,我们证明了我们的机制在私密性和实用性方面优于现有的方法。
{"title":"Privacy-preserving and Optimal Interval Release for Disease Susceptibility","authors":"Kosuke Kusano, I. Takeuchi, Jun Sakuma","doi":"10.1145/3052973.3053021","DOIUrl":"https://doi.org/10.1145/3052973.3053021","url":null,"abstract":"In this paper, we consider the problem of privacy-preserving release of function outputs that take private information as input. Disease susceptibilities are known to be associated with clinical features (e.g., age, sex) as well as genetic features represented by SNPs of individuals. Releasing outputs are not privacy-preserving if the private input can be uniquely identified by probabilistic inference using the outputs. To release useful outputs with preserving privacy, we present a mechanism that releases an interval as output, instead of an output value. We suppose adversaries perform probabilistic inference using released outputs to sharpen the posterior distribution of the target attributes. Then, our mechanism has two significant properties. First, when our mechanism provides the output, the increase of the adversary's posterior on any input attribute is upper-bounded by a prescribed level. Second, under this privacy constraint, the mechanism can provide the narrowest (optimal) interval that includes the true output. Building such a mechanism is often intractable. We formulate the design of the mechanism as a discrete constraint optimization problem so that it is solvable in a practical computation time. We also propose an algorithm to obtain the optimal mechanism based on dynamic programming. After applying our mechanism to release disease susceptibilities of obesity, we demonstrate that our mechanism performs better than existing methods in terms of privacy and utility.","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":"79 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"82188936","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Cache-Based Application Detection in the Cloud Using Machine Learning 使用机器学习的云端基于缓存的应用程序检测
Berk Gülmezoglu, T. Eisenbarth, B. Sunar
Cross-VM attacks have emerged as a major threat on commercial clouds. These attacks commonly exploit hardware level leakages on shared physical servers. A co-located machine can readily feel the presence of a co-located instance with a heavy computational load through performance degradation due to contention on shared resources. Shared cache architectures such as the last level cache (LLC) have become a popular leakage source to mount cross-VM attack. By exploiting LLC leakages, researchers have already shown that it is possible to recover fine grain information such as cryptographic keys from popular software libraries. This makes it essential to verify implementations that handle sensitive data across the many versions and numerous target platforms, a task too complicated, error prone and costly to be handled by human beings. Here we propose a machine learning based technique to classify applications according to their cache access profiles. We show that with minimal and simple manual processing steps feature vectors can be used to train models using support vector machines to classify the applications with a high degree of success. The profiling and training steps are completely automated and do not require any inspection or study of the code to be classified. In native execution, we achieve a successful classification rate as high as 98% (L1 cache) and 78% (LLC) over 40 benchmark applications in the Phoronix suite with mild training. In the cross-VM setting on the noisy Amazon EC2 the success rate drops to 60% for a suite of 25 applications. With this initial study we demonstrate that it is possible to train meaningful models to successfully predict applications running in co-located instances.
跨虚拟机攻击已经成为商业云上的主要威胁。这些攻击通常利用共享物理服务器上的硬件级泄漏。由于共享资源上的争用导致性能下降,共定位的机器很容易感觉到具有沉重计算负载的共定位实例的存在。最后一级缓存(last level cache, LLC)等共享缓存架构已成为跨虚拟机攻击的常见泄漏源。通过利用LLC漏洞,研究人员已经证明,从流行的软件库中恢复加密密钥等细粒度信息是可能的。这使得验证跨多个版本和众多目标平台处理敏感数据的实现变得至关重要,这是一项过于复杂、容易出错且成本高昂的任务,无法由人工处理。在这里,我们提出了一种基于机器学习的技术,根据它们的缓存访问配置文件对应用程序进行分类。我们表明,通过最小和简单的手动处理步骤,可以使用特征向量来训练模型,使用支持向量机对应用程序进行分类,并取得了很高的成功。分析和训练步骤是完全自动化的,不需要对代码进行任何检查或研究就可以进行分类。在本机执行中,我们在Phoronix套件中通过轻度训练实现了高达98% (L1缓存)和78% (LLC)的成功分类率。在嘈杂的Amazon EC2上的跨虚拟机设置中,对于包含25个应用程序的套件,成功率下降到60%。通过这一初步研究,我们证明了训练有意义的模型来成功预测在同址实例中运行的应用程序是可能的。
{"title":"Cache-Based Application Detection in the Cloud Using Machine Learning","authors":"Berk Gülmezoglu, T. Eisenbarth, B. Sunar","doi":"10.1145/3052973.3053036","DOIUrl":"https://doi.org/10.1145/3052973.3053036","url":null,"abstract":"Cross-VM attacks have emerged as a major threat on commercial clouds. These attacks commonly exploit hardware level leakages on shared physical servers. A co-located machine can readily feel the presence of a co-located instance with a heavy computational load through performance degradation due to contention on shared resources. Shared cache architectures such as the last level cache (LLC) have become a popular leakage source to mount cross-VM attack. By exploiting LLC leakages, researchers have already shown that it is possible to recover fine grain information such as cryptographic keys from popular software libraries. This makes it essential to verify implementations that handle sensitive data across the many versions and numerous target platforms, a task too complicated, error prone and costly to be handled by human beings. Here we propose a machine learning based technique to classify applications according to their cache access profiles. We show that with minimal and simple manual processing steps feature vectors can be used to train models using support vector machines to classify the applications with a high degree of success. The profiling and training steps are completely automated and do not require any inspection or study of the code to be classified. In native execution, we achieve a successful classification rate as high as 98% (L1 cache) and 78% (LLC) over 40 benchmark applications in the Phoronix suite with mild training. In the cross-VM setting on the noisy Amazon EC2 the success rate drops to 60% for a suite of 25 applications. With this initial study we demonstrate that it is possible to train meaningful models to successfully predict applications running in co-located instances.","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":"19 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"77224571","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 22
A Behavioral Biometric Authentication Framework on Smartphones 智能手机上的行为生物识别认证框架
Ahmed M. Mahfouz, Tarek M. Mahmoud, A. Eldin
To protect smartphones from unauthorized access, the user has the option to activate authentication mechanisms : PIN, Password, or Pattern. Unfortunately, these mechanisms are vulnerable to shoulder-surfing, smudge and snooping attacks. Even the traditional biometric based systems such as fingerprint or face, also could be bypassed. In order to protect smartphones data against these sort of attacks, we propose a behavioral biometric authentication framework that leverages the user's behavioral patterns such as touchscreen actions, keystroke, application used and sensor data to authenticate smartphone users. To evaluate the framework, we conducted a field study in which we instrumented the Android OS and collected data from 52 participants during 30-day period. We present the prototype of our framework and we are working on its components to select the best features set that can be used to build different modalities to authenticate users on different contexts. To this end, we developed only one modality, a gesture authentication modality, which authenticate smartphone users based on touch gesture. We evaluated this authentication modality on about 3 million gesture samples based on two schemes, classification scheme with EER~0.004, and anomaly detection scheme with EER~0.10.
为了保护智能手机免遭未经授权的访问,用户可以选择激活身份验证机制:PIN、Password或Pattern。不幸的是,这些机制很容易受到肩部冲浪、涂抹和窥探攻击。即使是传统的基于生物识别的系统,如指纹或面部,也可以被绕过。为了保护智能手机数据免受此类攻击,我们提出了一种行为生物识别认证框架,该框架利用用户的行为模式,如触摸屏操作、击键、使用的应用程序和传感器数据来认证智能手机用户。为了评估该框架,我们进行了一项实地研究,在30天的时间里,我们对Android操作系统进行了检测,并收集了52名参与者的数据。我们展示了框架的原型,并正在对其组件进行研究,以选择可用于构建不同模式的最佳特性集,从而在不同的上下文中对用户进行身份验证。为此,我们只开发了一种模式,即手势认证模式,该模式基于触摸手势对智能手机用户进行认证。基于两种方案,即EER~0.004的分类方案和EER~0.10的异常检测方案,在约300万个手势样本上对该认证模式进行了评估。
{"title":"A Behavioral Biometric Authentication Framework on Smartphones","authors":"Ahmed M. Mahfouz, Tarek M. Mahmoud, A. Eldin","doi":"10.1145/3052973.3055160","DOIUrl":"https://doi.org/10.1145/3052973.3055160","url":null,"abstract":"To protect smartphones from unauthorized access, the user has the option to activate authentication mechanisms : PIN, Password, or Pattern. Unfortunately, these mechanisms are vulnerable to shoulder-surfing, smudge and snooping attacks. Even the traditional biometric based systems such as fingerprint or face, also could be bypassed. In order to protect smartphones data against these sort of attacks, we propose a behavioral biometric authentication framework that leverages the user's behavioral patterns such as touchscreen actions, keystroke, application used and sensor data to authenticate smartphone users. To evaluate the framework, we conducted a field study in which we instrumented the Android OS and collected data from 52 participants during 30-day period. We present the prototype of our framework and we are working on its components to select the best features set that can be used to build different modalities to authenticate users on different contexts. To this end, we developed only one modality, a gesture authentication modality, which authenticate smartphone users based on touch gesture. We evaluated this authentication modality on about 3 million gesture samples based on two schemes, classification scheme with EER~0.004, and anomaly detection scheme with EER~0.10.","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":"17 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"77230442","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
Lightweight Swarm Attestation: A Tale of Two LISA-s 轻量级蜂群认证:两个lisa的故事
Xavier Carpent, Karim M. El Defrawy, Norrathep Rattanavipanon, G. Tsudik
In the last decade, Remote Attestation (RA) emerged as a distinct security service for detecting attacks on embedded devices, cyber-physical systems (CPS) and Internet of Things (IoT) devices. RA involves verification of current internal state of an untrusted remote hardware platform (prover) by a trusted entity (verifier). RA can help the latter establish a static or dynamic root of trust in the prover and can also be used to construct other security services, such as software updates and secure deletion. Various RA techniques with different assumptions, security features and complexities, have been proposed for the single-prover scenario. However, the advent of IoT brought about the paradigm of many interconnected devices, thus triggering the need for efficient collective attestation of a (possibly mobile) group or swarm of provers. Though recent work has yielded some initial concepts for swarm attestation, several key issues remain unaddressed, and practical realizations have not been explored. This paper's main goal is to advance swarm attestation by bringing it closer to reality. To this end, it makes two contributions: (1) a new metric, called QoSA: Quality of Swarm Attestation, that captures the information offered by a swarm attestation technique; this allows comparing efficacy of multiple protocols, and (2) two practical attestation protocols -- called LISAa and LISAs -- for mobile swarms, with different QoSA features and communication and computation complexities. Security of proposed protocols is analyzed and their performance is assessed based on experiments with prototype implementations.
在过去十年中,远程认证(RA)作为一种独特的安全服务出现,用于检测对嵌入式设备、网络物理系统(CPS)和物联网(IoT)设备的攻击。RA涉及由受信任实体(验证者)对不受信任的远程硬件平台(证明者)的当前内部状态进行验证。RA可以帮助后者在证明者中建立静态或动态的信任根,还可以用于构造其他安全服务,例如软件更新和安全删除。针对单一证明者场景,已经提出了具有不同假设、安全特性和复杂性的各种RA技术。然而,物联网的出现带来了许多互联设备的范式,从而引发了对(可能是移动的)群体或群体证明者的有效集体证明的需求。虽然最近的工作已经产生了一些群体证明的初步概念,但几个关键问题仍未解决,并且尚未探索实际实现。本文的主要目标是通过使群体证明更接近现实来推进群体证明。为此,它做出了两个贡献:(1)一个新的度量,称为QoSA:群体认证的质量,它捕获了群体认证技术提供的信息;这允许比较多个协议的有效性,并且(2)两个实用的认证协议-称为LISAa和LISAs -用于具有不同QoSA功能和通信和计算复杂性的移动群体。基于原型实现的实验,分析了所提协议的安全性,并对其性能进行了评估。
{"title":"Lightweight Swarm Attestation: A Tale of Two LISA-s","authors":"Xavier Carpent, Karim M. El Defrawy, Norrathep Rattanavipanon, G. Tsudik","doi":"10.1145/3052973.3053010","DOIUrl":"https://doi.org/10.1145/3052973.3053010","url":null,"abstract":"In the last decade, Remote Attestation (RA) emerged as a distinct security service for detecting attacks on embedded devices, cyber-physical systems (CPS) and Internet of Things (IoT) devices. RA involves verification of current internal state of an untrusted remote hardware platform (prover) by a trusted entity (verifier). RA can help the latter establish a static or dynamic root of trust in the prover and can also be used to construct other security services, such as software updates and secure deletion. Various RA techniques with different assumptions, security features and complexities, have been proposed for the single-prover scenario. However, the advent of IoT brought about the paradigm of many interconnected devices, thus triggering the need for efficient collective attestation of a (possibly mobile) group or swarm of provers. Though recent work has yielded some initial concepts for swarm attestation, several key issues remain unaddressed, and practical realizations have not been explored. This paper's main goal is to advance swarm attestation by bringing it closer to reality. To this end, it makes two contributions: (1) a new metric, called QoSA: Quality of Swarm Attestation, that captures the information offered by a swarm attestation technique; this allows comparing efficacy of multiple protocols, and (2) two practical attestation protocols -- called LISAa and LISAs -- for mobile swarms, with different QoSA features and communication and computation complexities. Security of proposed protocols is analyzed and their performance is assessed based on experiments with prototype implementations.","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":"24 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"81843710","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 64
Group Signatures with Time-bound Keys Revisited: A New Model and an Efficient Construction 重论带时限密钥的群签名:一个新的模型和高效的构造
K. Emura, Takuya Hayashi, Ai Ishida
Chu et al. (ASIACCS 2012) proposed group signature with time-bound keys (GS-TBK) where each signing key is associated to an expiry time τ. In addition to prove the membership of the group, a signer needs to prove that the expiry time has not passed, i.e., t<τ where t is the current time. A signer whose expiry time has passed is automatically revoked, and this revocation is called natural revocation. Simultaneously, signers can be revoked before their expiry times have passed due to the compromise of the credential. This revocation is called premature revocation. A nice property of the Chu et al. proposal is that the size of revocation lists can be reduced compared to those of Verifier-Local Revocation (VLR) group signature schemes, by assuming that natural revocation accounts for most of signer revocations in practice, and prematurely revoked signers are only a small fraction. In this paper, we point out that the definition of traceability of Chu et al. did not capture unforgeability of expiry time of signing keys which guarantees that no adversary who has a signing key associated to an expiry time τ can compute a valid signature after τ has passed. We introduce a security model that captures unforgeability, and propose a GS-TBK scheme secure in the new model. Our scheme also provides the constant signing costs whereas those of the previous schemes depend on the bit-length of the time representation. Finally, we give implementation results, and show that our scheme is feasible in practical settings.
Chu等人(ASIACCS 2012)提出了带有时限密钥(GS-TBK)的群签名,其中每个签名密钥与一个到期时间τ相关联。除了证明该组的成员资格外,签名者还需要证明过期时间没有过去,即t<τ,其中t为当前时间。超过到期时间的签名者将被自动撤销,这种撤销称为自然撤销。同时,由于凭证泄露,签名者可以在到期时间之前被撤销。这种撤销被称为过早撤销。Chu等人提议的一个很好的特性是,与验证者-本地撤销(VLR)组签名方案相比,撤销列表的大小可以减少,假设自然撤销占了实践中大多数签名者的撤销,而过早撤销的签名者只是一小部分。在本文中,我们指出Chu等人的可追溯性定义没有捕获签名密钥到期时间的不可伪造性,这保证了任何拥有与到期时间τ相关联的签名密钥的对手都无法在τ经过后计算出有效签名。我们引入了一个捕获不可伪造性的安全模型,并提出了一个在新模型下安全的GS-TBK方案。我们的方案还提供恒定的签名成本,而之前的方案的签名成本取决于时间表示的位长度。最后给出了实现结果,表明该方案在实际应用中是可行的。
{"title":"Group Signatures with Time-bound Keys Revisited: A New Model and an Efficient Construction","authors":"K. Emura, Takuya Hayashi, Ai Ishida","doi":"10.1145/3052973.3052979","DOIUrl":"https://doi.org/10.1145/3052973.3052979","url":null,"abstract":"Chu et al. (ASIACCS 2012) proposed group signature with time-bound keys (GS-TBK) where each signing key is associated to an expiry time τ. In addition to prove the membership of the group, a signer needs to prove that the expiry time has not passed, i.e., t<τ where t is the current time. A signer whose expiry time has passed is automatically revoked, and this revocation is called natural revocation. Simultaneously, signers can be revoked before their expiry times have passed due to the compromise of the credential. This revocation is called premature revocation. A nice property of the Chu et al. proposal is that the size of revocation lists can be reduced compared to those of Verifier-Local Revocation (VLR) group signature schemes, by assuming that natural revocation accounts for most of signer revocations in practice, and prematurely revoked signers are only a small fraction. In this paper, we point out that the definition of traceability of Chu et al. did not capture unforgeability of expiry time of signing keys which guarantees that no adversary who has a signing key associated to an expiry time τ can compute a valid signature after τ has passed. We introduce a security model that captures unforgeability, and propose a GS-TBK scheme secure in the new model. Our scheme also provides the constant signing costs whereas those of the previous schemes depend on the bit-length of the time representation. Finally, we give implementation results, and show that our scheme is feasible in practical settings.","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":"7 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"87060374","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 9
Towards Formal Security Analysis of Industrial Control Systems 工业控制系统的形式化安全分析
M. Rocchetto, Nils Ole Tippenhauer
We discuss the use of formal modeling to discover potential attacks on Cyber-Physical systems, in particular Industrial Control Systems. We propose a general approach to achieve that goal considering physical-layer interactions, time and state discretization of the physical process and logic, and the use of suitable attacker profiles. We then apply the approach to model a real-world water treatment testbed using ASLan++ and analyze the resulting transition system using CL-AtSe, identifying four attack classes. To show that the attacks identified by our formal assessment represent valid attacks, we compare them against practical attacks on the same system found independently by six teams from industry and academia. We find that 7 out of the 8 practical attacks were also identified by our formal assessment. We discuss limitations resulting from our chosen level of abstraction, and a number of modeling shortcuts to reduce the runtime of the analysis.
我们讨论了使用形式化建模来发现对网络物理系统的潜在攻击,特别是工业控制系统。我们提出了一种通用的方法来实现这一目标,考虑到物理层交互,物理过程和逻辑的时间和状态离散化,以及使用合适的攻击者配置文件。然后,我们将该方法应用于使用ASLan++模拟真实世界的水处理试验台,并使用CL-AtSe分析产生的过渡系统,确定四种攻击类别。为了表明我们的正式评估确定的攻击是有效的攻击,我们将它们与来自工业界和学术界的六个团队独立发现的对同一系统的实际攻击进行比较。我们发现8个实际攻击中有7个也被我们的正式评估识别出来。我们讨论了所选择的抽象级别所产生的限制,以及一些建模捷径来减少分析的运行时间。
{"title":"Towards Formal Security Analysis of Industrial Control Systems","authors":"M. Rocchetto, Nils Ole Tippenhauer","doi":"10.1145/3052973.3053024","DOIUrl":"https://doi.org/10.1145/3052973.3053024","url":null,"abstract":"We discuss the use of formal modeling to discover potential attacks on Cyber-Physical systems, in particular Industrial Control Systems. We propose a general approach to achieve that goal considering physical-layer interactions, time and state discretization of the physical process and logic, and the use of suitable attacker profiles. We then apply the approach to model a real-world water treatment testbed using ASLan++ and analyze the resulting transition system using CL-AtSe, identifying four attack classes. To show that the attacks identified by our formal assessment represent valid attacks, we compare them against practical attacks on the same system found independently by six teams from industry and academia. We find that 7 out of the 8 practical attacks were also identified by our formal assessment. We discuss limitations resulting from our chosen level of abstraction, and a number of modeling shortcuts to reduce the runtime of the analysis.","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":"184 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"83450328","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 37
Boosting the Guessing Attack Performance on Android Lock Patterns with Smudge Attacks 通过涂抹攻击提高Android锁定模式的猜测攻击性能
Seunghun Cha, Sungsu Kwag, Hyoungshick Kim, J. Huh
Android allows 20 consecutive fail attempts on unlocking a device. This makes it difficult for pure guessing attacks to crack user patterns on a stolen device before it permanently locks itself. We investigate the effectiveness of combining Markov model-based guessing attacks with smudge attacks on unlocking Android devices within 20 attempts. Detected smudges are used to pre-compute all the possible segments and patterns, significantly reducing the pattern space that needs to be brute-forced. Our Markov-model was trained using 70% of a real-world pattern dataset that consists of 312 patterns. We recruited 12 participants to draw the remaining 30% on Samsung Galaxy S4, and used smudges they left behind to analyze the performance of the combined attack. Our results show that this combined method can significantly improve the performance of pure guessing attacks, cracking 74.17% of patterns compared to just 13.33% when the Markov model-based guessing attack was performed alone---those results were collected from a naive usage scenario where the participants were merely asked to unlock a given device. Even under a more complex scenario that asked the participants to use the Facebook app for a few minutes---obscuring smudges were added as a result---our combined attack, at 31.94%, still outperformed the pure guessing attack at 13.33%. Obscuring smudges can significantly affect the performance of smudge-based attacks. Based on this finding, we recommend that a mitigation technique should be designed to help users add obscurity, e.g., by asking users to draw a second random pattern upon unlocking a device.
安卓允许连续20次解锁失败。这使得纯猜测攻击很难在被盗设备永久锁定之前破解其用户模式。我们研究了将基于马尔可夫模型的猜测攻击与涂抹攻击相结合,在20次尝试内解锁Android设备的有效性。检测到的污迹被用来预先计算所有可能的片段和模式,大大减少了需要暴力强迫的模式空间。我们的马尔可夫模型是使用由312个模式组成的真实世界模式数据集的70%进行训练的。我们招募了12名参与者,让他们在三星Galaxy S4上绘制剩余的30%,并使用他们留下的污迹来分析联合攻击的性能。我们的研究结果表明,这种组合方法可以显著提高纯猜测攻击的性能,破解74.17%的模式,而单独执行基于马尔可夫模型的猜测攻击时,破解率仅为13.33%——这些结果来自一个简单的使用场景,参与者只被要求解锁给定的设备。即使在一个更复杂的场景下,要求参与者使用Facebook应用程序几分钟——结果是添加了模糊的污物——我们的联合攻击的成功率为31.94%,仍然超过了纯粹猜测攻击的13.33%。模糊污迹会显著影响基于污迹的攻击的性能。基于这一发现,我们建议设计一种缓解技术来帮助用户增加模糊性,例如,要求用户在解锁设备时绘制第二个随机图案。
{"title":"Boosting the Guessing Attack Performance on Android Lock Patterns with Smudge Attacks","authors":"Seunghun Cha, Sungsu Kwag, Hyoungshick Kim, J. Huh","doi":"10.1145/3052973.3052989","DOIUrl":"https://doi.org/10.1145/3052973.3052989","url":null,"abstract":"Android allows 20 consecutive fail attempts on unlocking a device. This makes it difficult for pure guessing attacks to crack user patterns on a stolen device before it permanently locks itself. We investigate the effectiveness of combining Markov model-based guessing attacks with smudge attacks on unlocking Android devices within 20 attempts. Detected smudges are used to pre-compute all the possible segments and patterns, significantly reducing the pattern space that needs to be brute-forced. Our Markov-model was trained using 70% of a real-world pattern dataset that consists of 312 patterns. We recruited 12 participants to draw the remaining 30% on Samsung Galaxy S4, and used smudges they left behind to analyze the performance of the combined attack. Our results show that this combined method can significantly improve the performance of pure guessing attacks, cracking 74.17% of patterns compared to just 13.33% when the Markov model-based guessing attack was performed alone---those results were collected from a naive usage scenario where the participants were merely asked to unlock a given device. Even under a more complex scenario that asked the participants to use the Facebook app for a few minutes---obscuring smudges were added as a result---our combined attack, at 31.94%, still outperformed the pure guessing attack at 13.33%. Obscuring smudges can significantly affect the performance of smudge-based attacks. Based on this finding, we recommend that a mitigation technique should be designed to help users add obscurity, e.g., by asking users to draw a second random pattern upon unlocking a device.","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":"57 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"90487274","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 41
Session details: Password & Auth 1 会话详细信息:密码和授权
Jianying Zhou
{"title":"Session details: Password & Auth 1","authors":"Jianying Zhou","doi":"10.1145/3248553","DOIUrl":"https://doi.org/10.1145/3248553","url":null,"abstract":"","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":"5 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"73134841","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
CoverUp: Privacy Through "Forced" Participation in Anonymous Communication Networks 掩盖:通过“强制”参与匿名通信网络的隐私
David M. Sommer, Aritra Dhar, Luka Malisa, Esfandiar Mohammadi, D. Ronzani, Srdjan Capkun
Many privacy-enhancing technologies, in particular anonymous communication networks (ACNs) as a key building block, suffer from a lack of a sufficient number of participants. Without high user participation, ACNs are vulnerable to traffic analysis attacks. The only ACN with a high number of participants (around 1.5 million users) is Tor. Yet, Tor is prone to traffic analysis attacks traffic pattern attacks. While other ACNs have been proposed that are even secure against global attackers, they are not scalable and suffer from a low number of participants, since even a perfect ACN can at most hide a user among all participating users. These ACNs are in a vicious circle: the lack of participants leads to low degree of anonymity, and a low degree of anonymity makes these ACNs unattractive for users. In this work, we break this vicious cycle by studying the question: Can an anonymous communication network be strengthened by "forced" participation? What privacy guarantees and performance can such an ACN provide? We develop CoverUp, a system that "forces" visitors of highly accessed websites (entry servers) to become involuntary participants of an ACN. CoverUp triggers users to participate in a centralized, constant-rate mix by leveraging basic functionality of their browsers to execute (JavaScript) code served by the entry servers. Candidates for entry servers could be universities or news sites. They would let a distinct CoverUp server provide (via an iframe) JavaScript code to the end-users' browsers, which in turn makes them participate in the ACN via a mix server. Visitors of these entry servers' websites become (involuntary) participants of an ACN, creating cover traffic for voluntary participants. For voluntary participants, we developed a browser extension that renders their CoverUp requests indistinguishable from the cover traffic of involuntary participants. We build two applications on top of CoverUp: an anonymous feed and a chat-both use an additional external CoverUp application. As the feed is uni-directional, we do not need to trust more than the client's machine. As the chat is bi-directional, we do need to trust the CoverUp and the mix server. We show that both achieve practical performance and strong privacy properties via experimental evaluations and an analysis. CoverUp renders voluntary and involuntary participants indistinguishable, thereby including all voluntary and involuntary participants into an anonymity set. Given this, CoverUp provides even more than mere anonymity: the voluntary participants can hide the very intention to use the ACN. As the concept of forced participation raises ethical and legal concerns, we discuss these concerns and describe how these can be addressed.
许多增强隐私的技术,特别是作为关键构建块的匿名通信网络(acn),都缺乏足够数量的参与者。如果用户参与度不高,acn很容易受到流量分析攻击。唯一一个拥有大量参与者(约150万用户)的ACN是Tor。然而,Tor容易受到流量分析攻击和流量模式攻击。虽然已经提出的其他ACN甚至可以安全抵御全球攻击者,但它们不具有可扩展性并且受到参与者数量少的影响,因为即使是完美的ACN最多也只能在所有参与用户中隐藏一个用户。这些acn陷入了一个恶性循环:缺乏参与者导致低匿名度,而低匿名度又使得这些acn对用户没有吸引力。在这项工作中,我们通过研究这个问题来打破这种恶性循环:匿名通信网络是否可以通过“强制”参与来加强?这样的ACN可以提供什么样的隐私保证和性能?我们开发了CoverUp,一个“强制”访问高访问量网站(入口服务器)的访问者成为ACN的非自愿参与者的系统。CoverUp通过利用浏览器的基本功能来执行由入口服务器提供的(JavaScript)代码,从而触发用户参与集中的、恒定速率的混合。候选的入口服务器可以是大学或新闻网站。他们将让一个独立的CoverUp服务器(通过iframe)向最终用户的浏览器提供JavaScript代码,这反过来又使他们通过混合服务器参与ACN。这些入口服务器网站的访问者成为ACN的(非自愿)参与者,为自愿参与者创造掩护流量。对于自愿参与者,我们开发了一个浏览器扩展,使他们的掩盖请求与非自愿参与者的掩盖流量无法区分。我们在CoverUp之上构建了两个应用程序:一个匿名提要和一个聊天——它们都使用了一个额外的外部CoverUp应用程序。由于馈送是单向的,我们不需要信任客户端以外的机器。由于聊天是双向的,我们确实需要信任CoverUp和mix服务器。我们通过实验评估和分析表明,两者都实现了实用性能和强大的隐私性。掩盖使得自愿和非自愿参与者无法区分,从而将所有自愿和非自愿参与者包括在一个匿名集合中。鉴于此,CoverUp提供的不仅仅是匿名:自愿参与者可以隐藏使用ACN的意图。由于强迫参与的概念引起了道德和法律问题,我们讨论了这些问题并描述了如何解决这些问题。
{"title":"CoverUp: Privacy Through \"Forced\" Participation in Anonymous Communication Networks","authors":"David M. Sommer, Aritra Dhar, Luka Malisa, Esfandiar Mohammadi, D. Ronzani, Srdjan Capkun","doi":"10.1145/3052973.3056126","DOIUrl":"https://doi.org/10.1145/3052973.3056126","url":null,"abstract":"Many privacy-enhancing technologies, in particular anonymous communication networks (ACNs) as a key building block, suffer from a lack of a sufficient number of participants. Without high user participation, ACNs are vulnerable to traffic analysis attacks. The only ACN with a high number of participants (around 1.5 million users) is Tor. Yet, Tor is prone to traffic analysis attacks traffic pattern attacks. While other ACNs have been proposed that are even secure against global attackers, they are not scalable and suffer from a low number of participants, since even a perfect ACN can at most hide a user among all participating users. These ACNs are in a vicious circle: the lack of participants leads to low degree of anonymity, and a low degree of anonymity makes these ACNs unattractive for users. In this work, we break this vicious cycle by studying the question: Can an anonymous communication network be strengthened by \"forced\" participation? What privacy guarantees and performance can such an ACN provide? We develop CoverUp, a system that \"forces\" visitors of highly accessed websites (entry servers) to become involuntary participants of an ACN. CoverUp triggers users to participate in a centralized, constant-rate mix by leveraging basic functionality of their browsers to execute (JavaScript) code served by the entry servers. Candidates for entry servers could be universities or news sites. They would let a distinct CoverUp server provide (via an iframe) JavaScript code to the end-users' browsers, which in turn makes them participate in the ACN via a mix server. Visitors of these entry servers' websites become (involuntary) participants of an ACN, creating cover traffic for voluntary participants. For voluntary participants, we developed a browser extension that renders their CoverUp requests indistinguishable from the cover traffic of involuntary participants. We build two applications on top of CoverUp: an anonymous feed and a chat-both use an additional external CoverUp application. As the feed is uni-directional, we do not need to trust more than the client's machine. As the chat is bi-directional, we do need to trust the CoverUp and the mix server. We show that both achieve practical performance and strong privacy properties via experimental evaluations and an analysis. CoverUp renders voluntary and involuntary participants indistinguishable, thereby including all voluntary and involuntary participants into an anonymity set. Given this, CoverUp provides even more than mere anonymity: the voluntary participants can hide the very intention to use the ACN. As the concept of forced participation raises ethical and legal concerns, we discuss these concerns and describe how these can be addressed.","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":"63 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"73028916","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security 2017年ACM亚洲计算机与通信安全会议论文集
R. Karri, O. Sinanoglu, A. Sadeghi, X. Yi
Since its inauguration in 2006 in Taipei, ASIACCS, the ACM Asia Conference on Computer and Communications Security, has become an integral part of scientific community in the field of security and privacy. It has been held in Singapore (2007), Tokyo (2008), Sydney (2009), Beijing (2010), Hong Kong (2011), Seoul (2012), Hangzhou (2013), Kyoto (2014), Singapore (2015), and Xi'an (2016). ASIACCS 2017 takes place in Abu Dhabi and is organized by the New York University Abu Dhabi, UAE. We received 359 submissions, a new record in the conference's decade-long history. This year's Program Committee comprising 108 security researchers from 26 countries, evaluated submissions through a rigorous review procedure. For the first time in the conference's history, a Shadow Program Committee (SPC), composed of 27 security researchers from 14 countries, was introduced. The task of the SPC members was to comment on the reviews made by the PC members, in addition to reviewing the corresponding papers. On the one hand, the SPC comments greatly helped to significantly enhance the quality the many reviews. On the other hand, to provide the anonymity for SPC members, they could not directly debate with the PC members, which was largely due to technological limitations: HotCRP (or any review software for that matter) is not designed to have some accounts only seeing some information. We had a discussion of doubleblind vs. single-blind requirements. One of our main goals when designing the system was to ensure that junior reviewers in the SPC could raise criticism of senior reviewers with impunity. Despite the management effort, we believe that implementing the SPC concept was successful. We also learned useful lessons on how to improve it. After the review process concluded, 67 full papers were accepted to be presented at the conference, representing an acceptance rate of about 18%. In addition, 4 short papers and 10 posters/demos were also included in the program. We have a strong technical program along with 5 specialized pre-conference workshops, three tutorials and an invited talk track that is introduced this year. The pre-conference workshops are 4th ACM ASIA Public-Key Cryptography Workshop (APKC 2017), ACM Workshop on Blockchain, Cryptocurrencies and Contracts (BCC'17), 3rd ACM Cyber-Physical System Security Workshop (CPSS 2017), 3rd International Workshop on IoT Privacy, Trust, and Security (IoTPTS 2017), 4th International Workshop on Security in Cloud Computing (SCC). We are fortunate to have distinguished keynote and invited speakers as well as tutorial lecturers who will present insights into current and future security and privacy research trends. There are three keynotes: Ross Anderson (University of Cambridge, UK), Christof Paar (Ruhr-University Bochum, Germany), and Gregory Neal Akers (Senior Vice President, Cisco Systems). Additionally, there are six invited talks by Mustaque Ahamad (Georgia Institute of Technology, US), Srdjan Capkun (E
自2006年在台北举行以来,亚洲计算机与通信安全会议(ASIACCS)已成为安全和隐私领域科学界不可或缺的一部分。先后在新加坡(2007年)、东京(2008年)、悉尼(2009年)、北京(2010年)、香港(2011年)、首尔(2012年)、杭州(2013年)、京都(2014年)、新加坡(2015年)和西安(2016年)举办。ASIACCS 2017在阿布扎比举行,由阿联酋阿布扎比纽约大学组织。我们收到了359份意见书,创下了大会十年来的新纪录。今年的项目委员会由来自26个国家的108名安全研究人员组成,通过严格的审查程序对提交的材料进行了评估。会议历史上首次引入了由来自14个国家的27名安全研究人员组成的影子计划委员会(SPC)。最高人民法院委员的任务是对最高人民法院委员的审议提出意见,并审查相应的文件。一方面,SPC的意见极大地提高了众多评审的质量。另一方面,为SPC成员提供匿名性,他们不能直接与PC成员辩论,这在很大程度上是由于技术限制:HotCRP(或任何审查软件)不是为了让一些账户只看到一些信息而设计的。我们讨论了双盲和单盲需求。我们设计该系统的主要目标之一是确保SPC中的初级审稿人可以不受惩罚地提出对高级审稿人的批评。尽管管理层付出了努力,但我们相信SPC概念的实施是成功的。我们也学到了如何改进它的有用经验。评审过程结束后,会议接受了67篇全文,录取率约为18%。此外,项目还包括4篇短文和10张海报/演示。我们有一个强大的技术项目,包括5个专门的会前研讨会,3个教程和一个今年推出的特邀演讲。会前研讨会是第四届ACM亚洲公钥密码学研讨会(APKC 2017), ACM区块链,加密货币和合同研讨会(BCC'17),第三届ACM网络物理系统安全研讨会(CPSS 2017),第三届物联网隐私,信任和安全国际研讨会(IoTPTS 2017),第四届云计算安全国际研讨会(SCC)。我们有幸邀请到杰出的主讲人、特邀演讲者以及辅导课讲师,他们将对当前和未来的安全和隐私研究趋势发表见解。有三位主讲人:Ross Anderson(英国剑桥大学)、Christof Paar(德国波鸿鲁尔大学)和Gregory Neal Akers(思科系统高级副总裁)。此外,还邀请了Mustaque Ahamad(美国佐治亚理工学院)、Srdjan Capkun(瑞士联邦理工学院)、Ivan Martinovic(英国牛津大学)、David Naccache(法国高等师范学院)、Matthias Payer(美国普渡大学)和Gene Tsudik(美国加州大学欧文分校)进行了六次演讲。最后,会议将由N. Asokan和Andrew Paverd(芬兰阿尔托大学)、Johannes Buchmann(德国达姆施塔特工业大学)、Ghassan Karame(日本电气公司)和Alexandra Dmitrienko(瑞士联邦理工学院)主讲三个辅导课。
{"title":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","authors":"R. Karri, O. Sinanoglu, A. Sadeghi, X. Yi","doi":"10.1145/3052973","DOIUrl":"https://doi.org/10.1145/3052973","url":null,"abstract":"Since its inauguration in 2006 in Taipei, ASIACCS, the ACM Asia Conference on Computer and Communications Security, has become an integral part of scientific community in the field of security and privacy. It has been held in Singapore (2007), Tokyo (2008), Sydney (2009), Beijing (2010), Hong Kong (2011), Seoul (2012), Hangzhou (2013), Kyoto (2014), Singapore (2015), and Xi'an (2016). \u0000 \u0000ASIACCS 2017 takes place in Abu Dhabi and is organized by the New York University Abu Dhabi, UAE. We received 359 submissions, a new record in the conference's decade-long history. This year's Program Committee comprising 108 security researchers from 26 countries, evaluated submissions through a rigorous review procedure. For the first time in the conference's history, a Shadow Program Committee (SPC), composed of 27 security researchers from 14 countries, was introduced. The task of the SPC members was to comment on the reviews made by the PC members, in addition to reviewing the corresponding papers. On the one hand, the SPC comments greatly helped to significantly enhance the quality the many reviews. On the other hand, to provide the anonymity for SPC members, they could not directly debate with the PC members, which was largely due to technological limitations: HotCRP (or any review software for that matter) is not designed to have some accounts only seeing some information. We had a discussion of doubleblind vs. single-blind requirements. One of our main goals when designing the system was to ensure that junior reviewers in the SPC could raise criticism of senior reviewers with impunity. Despite the management effort, we believe that implementing the SPC concept was successful. We also learned useful lessons on how to improve it. \u0000 \u0000After the review process concluded, 67 full papers were accepted to be presented at the conference, representing an acceptance rate of about 18%. In addition, 4 short papers and 10 posters/demos were also included in the program. \u0000 \u0000We have a strong technical program along with 5 specialized pre-conference workshops, three tutorials and an invited talk track that is introduced this year. \u0000 \u0000The pre-conference workshops are 4th ACM ASIA Public-Key Cryptography Workshop (APKC 2017), ACM Workshop on Blockchain, Cryptocurrencies and Contracts (BCC'17), 3rd ACM Cyber-Physical System Security Workshop (CPSS 2017), 3rd International Workshop on IoT Privacy, Trust, and Security (IoTPTS 2017), 4th International Workshop on Security in Cloud Computing (SCC). \u0000 \u0000We are fortunate to have distinguished keynote and invited speakers as well as tutorial lecturers who will present insights into current and future security and privacy research trends. There are three keynotes: Ross Anderson (University of Cambridge, UK), Christof Paar (Ruhr-University Bochum, Germany), and Gregory Neal Akers (Senior Vice President, Cisco Systems). Additionally, there are six invited talks by Mustaque Ahamad (Georgia Institute of Technology, US), Srdjan Capkun (E","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":"51 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"72578454","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 14
期刊
Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security
全部 Acc. Chem. Res. ACS Applied Bio Materials ACS Appl. Electron. Mater. ACS Appl. Energy Mater. ACS Appl. Mater. Interfaces ACS Appl. Nano Mater. ACS Appl. Polym. Mater. ACS BIOMATER-SCI ENG ACS Catal. ACS Cent. Sci. ACS Chem. Biol. ACS Chemical Health & Safety ACS Chem. Neurosci. ACS Comb. Sci. ACS Earth Space Chem. ACS Energy Lett. ACS Infect. Dis. ACS Macro Lett. ACS Mater. Lett. ACS Med. Chem. Lett. ACS Nano ACS Omega ACS Photonics ACS Sens. ACS Sustainable Chem. Eng. ACS Synth. Biol. Anal. Chem. BIOCHEMISTRY-US Bioconjugate Chem. BIOMACROMOLECULES Chem. Res. Toxicol. Chem. Rev. Chem. Mater. CRYST GROWTH DES ENERG FUEL Environ. Sci. Technol. Environ. Sci. Technol. Lett. Eur. J. Inorg. Chem. IND ENG CHEM RES Inorg. Chem. J. Agric. Food. Chem. J. Chem. Eng. Data J. Chem. Educ. J. Chem. Inf. Model. J. Chem. Theory Comput. J. Med. Chem. J. Nat. Prod. J PROTEOME RES J. Am. Chem. Soc. LANGMUIR MACROMOLECULES Mol. Pharmaceutics Nano Lett. Org. Lett. ORG PROCESS RES DEV ORGANOMETALLICS J. Org. Chem. J. Phys. Chem. J. Phys. Chem. A J. Phys. Chem. B J. Phys. Chem. C J. Phys. Chem. Lett. Analyst Anal. Methods Biomater. Sci. Catal. Sci. Technol. Chem. Commun. Chem. Soc. Rev. CHEM EDUC RES PRACT CRYSTENGCOMM Dalton Trans. Energy Environ. Sci. ENVIRON SCI-NANO ENVIRON SCI-PROC IMP ENVIRON SCI-WAT RES Faraday Discuss. Food Funct. Green Chem. Inorg. Chem. Front. Integr. Biol. J. Anal. At. Spectrom. J. Mater. Chem. A J. Mater. Chem. B J. Mater. Chem. C Lab Chip Mater. Chem. Front. Mater. Horiz. MEDCHEMCOMM Metallomics Mol. Biosyst. Mol. Syst. Des. Eng. Nanoscale Nanoscale Horiz. Nat. Prod. Rep. New J. Chem. Org. Biomol. Chem. Org. Chem. Front. PHOTOCH PHOTOBIO SCI PCCP Polym. Chem.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1