High-dimensional data is particularly useful for data analytics research. In the healthcare domain, for instance, high-dimensional data analytics has been used successfully for drug discovery. Yet, in order to adhere to privacy legislation, data analytics service providers must guarantee anonymity for data owners. In the context of high-dimensional data, ensuring privacy is challenging because increased data dimensionality must be matched by an exponential growth in the size of the data to avoid sparse datasets. Syntactically, anonymising sparse datasets with methods that rely of statistical significance, makes obtaining sound and reliable results, a challenge. As such, strong privacy is only achievable at the cost of high information loss, rendering the data unusable for data analytics. In this paper, we make two contributions to addressing this problem from both the privacy and information loss perspectives. First, we show that by identifying dependencies between attribute subsets we can eliminate privacy violating attributes from the anonymised dataset. Second, to minimise information loss, we employ a greedy search algorithm to determine and eliminate maximal partial unique attribute combinations. Thus, one only needs to find the minimal set of identifying attributes to prevent re-identification. Experiments on a health cloud based on the SAP HANA platform using a semi-synthetic medical history dataset comprised of 109 attributes, demonstrate the effectiveness of our approach.
{"title":"Attribute Compartmentation and Greedy UCC Discovery for High-Dimensional Data Anonymization","authors":"N. Podlesny, Anne Kayem, C. Meinel","doi":"10.1145/3292006.3300019","DOIUrl":"https://doi.org/10.1145/3292006.3300019","url":null,"abstract":"High-dimensional data is particularly useful for data analytics research. In the healthcare domain, for instance, high-dimensional data analytics has been used successfully for drug discovery. Yet, in order to adhere to privacy legislation, data analytics service providers must guarantee anonymity for data owners. In the context of high-dimensional data, ensuring privacy is challenging because increased data dimensionality must be matched by an exponential growth in the size of the data to avoid sparse datasets. Syntactically, anonymising sparse datasets with methods that rely of statistical significance, makes obtaining sound and reliable results, a challenge. As such, strong privacy is only achievable at the cost of high information loss, rendering the data unusable for data analytics. In this paper, we make two contributions to addressing this problem from both the privacy and information loss perspectives. First, we show that by identifying dependencies between attribute subsets we can eliminate privacy violating attributes from the anonymised dataset. Second, to minimise information loss, we employ a greedy search algorithm to determine and eliminate maximal partial unique attribute combinations. Thus, one only needs to find the minimal set of identifying attributes to prevent re-identification. Experiments on a health cloud based on the SAP HANA platform using a semi-synthetic medical history dataset comprised of 109 attributes, demonstrate the effectiveness of our approach.","PeriodicalId":246233,"journal":{"name":"Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-03-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122035812","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Anonymization is a method used in privacy-preserving data publishing. Previous studies show that anonymization based on the request of a data recipient, the priority of attributes, helps to maintain data utility. However, it is difficult for recipients to generate requests because they can not know which attribute important without data analysis. To address this issue, we propose a framework for performing custom-made anonymization by data analysis program provided by recipient. This enables the recipient to generate a request after creating a program and performing an indirect analysis of an original dataset by the program. Moreover, we describe an inference attack model for this framework and propose a secure method for restraining such an attack.
{"title":"Custom-made Anonymization by Data Analysis Program Provided by Recipient","authors":"Wakana Maeda, Yuji Yamaoka","doi":"10.1145/3292006.3302380","DOIUrl":"https://doi.org/10.1145/3292006.3302380","url":null,"abstract":"Anonymization is a method used in privacy-preserving data publishing. Previous studies show that anonymization based on the request of a data recipient, the priority of attributes, helps to maintain data utility. However, it is difficult for recipients to generate requests because they can not know which attribute important without data analysis. To address this issue, we propose a framework for performing custom-made anonymization by data analysis program provided by recipient. This enables the recipient to generate a request after creating a program and performing an indirect analysis of an original dataset by the program. Moreover, we describe an inference attack model for this framework and propose a secure method for restraining such an attack.","PeriodicalId":246233,"journal":{"name":"Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy","volume":"119 1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-03-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115556037","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy","authors":"","doi":"10.1145/3292006","DOIUrl":"https://doi.org/10.1145/3292006","url":null,"abstract":"","PeriodicalId":246233,"journal":{"name":"Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy","volume":"84 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-03-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114353923","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Yuseok Jeon, J. Rhee, C. Kim, Zhichun Li, Mathias Payer, Byoungyoung Lee, Zhenyu Wu
Setuid system calls enable critical functions such as user authentications and modular privileged components. Such operations must only be executed after careful validation. However, current systems do not perform rigorous checks, allowing exploitation of privileges through memory corruption vulnerabilities in privileged programs. As a solution, understanding which setuid system calls can be invoked in what context of a process allows precise enforcement of least privileges. We propose a novel comprehensive method to systematically extract and enforce least privilege of setuid system calls to prevent misuse. Our approach learns the required process contexts of setuid system calls along multiple dimensions: process hierarchy, call stack, and parameter in a process-aware way. Every setuid system call is then restricted to the per-process context by our kernel-level context enforcer. Previous approaches without process-awareness are too coarse-grained to control setuid system calls, resulting in over-privilege. Our method reduces available privileges even for identical code depending on whether it is run by a parent or a child process. We present our prototype called PoLPer which systematically discovers only required setuid system calls and effectively prevents real-world exploits targeting vulnerabilities of the setuid family of system calls in popular desktop and server software at near zero overhead.
{"title":"PoLPer","authors":"Yuseok Jeon, J. Rhee, C. Kim, Zhichun Li, Mathias Payer, Byoungyoung Lee, Zhenyu Wu","doi":"10.1145/3292006.3300028","DOIUrl":"https://doi.org/10.1145/3292006.3300028","url":null,"abstract":"Setuid system calls enable critical functions such as user authentications and modular privileged components. Such operations must only be executed after careful validation. However, current systems do not perform rigorous checks, allowing exploitation of privileges through memory corruption vulnerabilities in privileged programs. As a solution, understanding which setuid system calls can be invoked in what context of a process allows precise enforcement of least privileges. We propose a novel comprehensive method to systematically extract and enforce least privilege of setuid system calls to prevent misuse. Our approach learns the required process contexts of setuid system calls along multiple dimensions: process hierarchy, call stack, and parameter in a process-aware way. Every setuid system call is then restricted to the per-process context by our kernel-level context enforcer. Previous approaches without process-awareness are too coarse-grained to control setuid system calls, resulting in over-privilege. Our method reduces available privileges even for identical code depending on whether it is run by a parent or a child process. We present our prototype called PoLPer which systematically discovers only required setuid system calls and effectively prevents real-world exploits targeting vulnerabilities of the setuid family of system calls in popular desktop and server software at near zero overhead.","PeriodicalId":246233,"journal":{"name":"Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy","volume":"93 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-03-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122400335","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Michalis Diamantaris, Elias P. Papadopoulos, E. Markatos, S. Ioannidis, Jason Polakis
Android's app ecosystem relies heavily on third-party libraries as they facilitate code development and provide a steady stream of revenue for developers. However, while Android has moved towards a more fine-grained run time permission system, users currently lack the required resources for deciding whether a specific permission request is actually intended for the app itself or is requested by possibly dangerous third-party libraries. In this paper we present Reaper, a novel dynamic analysis system that traces the permissions requested by apps in real time and distinguishes those requested by the app's core functionality from those requested by third-party libraries linked with the app. We implement a sophisticated UI automator and conduct an extensive evaluation of our system's performance and find that Reaper introduces negligible overhead, rendering it suitable both for end users (by integrating it in the OS) and for deployment as part of an official app vetting process. Our study on over 5K popular apps demonstrates the large extent to which personally identifiable information is being accessed by libraries and highlights the privacy risks that users face. We find that an impressive 65% of the permissions requested do not originate from the core app but are issued by linked third-party libraries, 37.3% of which are used for functionality related to ads, tracking, and analytics. Overall, Reaper enhances the functionality of Android's run time permission model without requiring OS or app modifications, and provides the necessary contextual information that can enable users to selectively deny permissions that are not part of an app's core functionality.
{"title":"REAPER","authors":"Michalis Diamantaris, Elias P. Papadopoulos, E. Markatos, S. Ioannidis, Jason Polakis","doi":"10.1145/3292006.3300027","DOIUrl":"https://doi.org/10.1145/3292006.3300027","url":null,"abstract":"Android's app ecosystem relies heavily on third-party libraries as they facilitate code development and provide a steady stream of revenue for developers. However, while Android has moved towards a more fine-grained run time permission system, users currently lack the required resources for deciding whether a specific permission request is actually intended for the app itself or is requested by possibly dangerous third-party libraries. In this paper we present Reaper, a novel dynamic analysis system that traces the permissions requested by apps in real time and distinguishes those requested by the app's core functionality from those requested by third-party libraries linked with the app. We implement a sophisticated UI automator and conduct an extensive evaluation of our system's performance and find that Reaper introduces negligible overhead, rendering it suitable both for end users (by integrating it in the OS) and for deployment as part of an official app vetting process. Our study on over 5K popular apps demonstrates the large extent to which personally identifiable information is being accessed by libraries and highlights the privacy risks that users face. We find that an impressive 65% of the permissions requested do not originate from the core app but are issued by linked third-party libraries, 37.3% of which are used for functionality related to ads, tracking, and analytics. Overall, Reaper enhances the functionality of Android's run time permission model without requiring OS or app modifications, and provides the necessary contextual information that can enable users to selectively deny permissions that are not part of an app's core functionality.","PeriodicalId":246233,"journal":{"name":"Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy","volume":"163 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-03-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125056949","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Augustee Meshram, Satyaniranjan Das, S. Sural, Jaideep Vaidya, V. Atluri
In recent years, Attribute-Based Access Control (ABAC) has emerged as the desired access control model in scenarios involving sharing of resources across multiple domains. This necessitates organizations using traditional access control models to use ABAC. However, ab initio deployment of ABAC is both cost and time intensive. In this paper, we present ABACaaS - a cloud service that enables any organization to integrate ABAC into their own environment irrespective of the platform they operate in. We show both SaaS as well as PaaS instances of ABACaaS along with results on its performance.
{"title":"ABACaaS","authors":"Augustee Meshram, Satyaniranjan Das, S. Sural, Jaideep Vaidya, V. Atluri","doi":"10.1145/3292006.3302381","DOIUrl":"https://doi.org/10.1145/3292006.3302381","url":null,"abstract":"In recent years, Attribute-Based Access Control (ABAC) has emerged as the desired access control model in scenarios involving sharing of resources across multiple domains. This necessitates organizations using traditional access control models to use ABAC. However, ab initio deployment of ABAC is both cost and time intensive. In this paper, we present ABACaaS - a cloud service that enables any organization to integrate ABAC into their own environment irrespective of the platform they operate in. We show both SaaS as well as PaaS instances of ABACaaS along with results on its performance.","PeriodicalId":246233,"journal":{"name":"Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy","volume":"3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-03-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130969834","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Webpage fingerprinting methods infer the webpages visited in a traffic trace and are serious threats to the privacy of web users. Prior work evaluates webpage fingerprinting methods using traffic samples from a single client and does not consider the client diversity factor---webpages can be visited using different browsers, operating systems and devices. In this paper, we study the impact of client diversity on HTTPS webpage fingerprinting. First, we evaluate 5 prominent fingerprinting methods using traffic samples from 19 different clients. We show that the best performing methods overfit to the traffic patterns of a single client and do not generalize when they are evaluated using the samples from a different client (even if the clients use the same browser and operating system and only differ in device). Then, we investigate the traffic patterns of the clients and find differences in the HTTP messages generated, servers communicated and implementation of HTTP/2 across the clients. Finally, we show that the robustness of the methods can be increased by training them using the samples from a diverse set of clients. This study informs the community towards a realistic threat model for HTTPS webpage fingerprinting and presents an analysis of modern HTTPS traffic.
{"title":"Client Diversity Factor in HTTPS Webpage Fingerprinting","authors":"Hasan Faik Alan, J. Kaur","doi":"10.1145/3292006.3300045","DOIUrl":"https://doi.org/10.1145/3292006.3300045","url":null,"abstract":"Webpage fingerprinting methods infer the webpages visited in a traffic trace and are serious threats to the privacy of web users. Prior work evaluates webpage fingerprinting methods using traffic samples from a single client and does not consider the client diversity factor---webpages can be visited using different browsers, operating systems and devices. In this paper, we study the impact of client diversity on HTTPS webpage fingerprinting. First, we evaluate 5 prominent fingerprinting methods using traffic samples from 19 different clients. We show that the best performing methods overfit to the traffic patterns of a single client and do not generalize when they are evaluated using the samples from a different client (even if the clients use the same browser and operating system and only differ in device). Then, we investigate the traffic patterns of the clients and find differences in the HTTP messages generated, servers communicated and implementation of HTTP/2 across the clients. Finally, we show that the robustness of the methods can be increased by training them using the samples from a diverse set of clients. This study informs the community towards a realistic threat model for HTTPS webpage fingerprinting and presents an analysis of modern HTTPS traffic.","PeriodicalId":246233,"journal":{"name":"Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy","volume":"39 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-03-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128350566","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
This paper reports a longitudinal measurement study aiming to understand how mobile app developers are responsive to updates of software libraries over time. To quantify their responsiveness to library updates, we collected 21,046 Android apps, which equated 142,611 unique application package kit (APK) files, each corresponding to a different version of an app. The release dates of these APK files spanned across 9 years. The key findings we derived from our analysis are as follows. (1) We observed an undesirable level of responsiveness of app developers; 50% of library update adoptions by app developers were performed for more than 3 months after the release date of the library, and 50% of outdated libraries used in apps were retained for over 10 months. (2) Deploying a security fix campaign in the app distribution market effectively reduced the number of apps with unfixed vulnerabilities; however, CVE-numbered vulnerabilities (without a campaign) were prone to remain unfixed. (3) The responsiveness of app developers varied and depended on multiple factors, for example, popular apps with a high number of installations had a better response to library updates and, while it took 77 days on average for app developers to adopt version updates for advertising libraries, it took 237 days for updates of utility libraries to be adopted. We discuss practical ways to eliminate libraries with vulnerabilities and to improve the responsiveness of app developers to library updates.
{"title":"Understanding the Responsiveness of Mobile App Developers to Software Library Updates","authors":"Tatsuhiko Yasumatsu, Takuya Watanabe, Fumihiro Kanei, Eitaro Shioji, Mitsuaki Akiyama, Tatsuya Mori","doi":"10.1145/3292006.3300020","DOIUrl":"https://doi.org/10.1145/3292006.3300020","url":null,"abstract":"This paper reports a longitudinal measurement study aiming to understand how mobile app developers are responsive to updates of software libraries over time. To quantify their responsiveness to library updates, we collected 21,046 Android apps, which equated 142,611 unique application package kit (APK) files, each corresponding to a different version of an app. The release dates of these APK files spanned across 9 years. The key findings we derived from our analysis are as follows. (1) We observed an undesirable level of responsiveness of app developers; 50% of library update adoptions by app developers were performed for more than 3 months after the release date of the library, and 50% of outdated libraries used in apps were retained for over 10 months. (2) Deploying a security fix campaign in the app distribution market effectively reduced the number of apps with unfixed vulnerabilities; however, CVE-numbered vulnerabilities (without a campaign) were prone to remain unfixed. (3) The responsiveness of app developers varied and depended on multiple factors, for example, popular apps with a high number of installations had a better response to library updates and, while it took 77 days on average for app developers to adopt version updates for advertising libraries, it took 237 days for updates of utility libraries to be adopted. We discuss practical ways to eliminate libraries with vulnerabilities and to improve the responsiveness of app developers to library updates.","PeriodicalId":246233,"journal":{"name":"Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy","volume":"5 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-03-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128185512","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Event monitoring and detection in real-time systems is crucial. Protecting users' data while reporting an event in almost real-time will increase the level of this challenge. In this work, we adopt the strong notion of differential privacy to private stream counting for event detection with the aim of minimizing false positive and false negative rates as our utility metrics.
{"title":"PrivStream: Differentially Private Event Detection on Data Streams","authors":"Maryam Fanaeepour, Ashwin Machanavajjhala","doi":"10.1145/3292006.3302379","DOIUrl":"https://doi.org/10.1145/3292006.3302379","url":null,"abstract":"Event monitoring and detection in real-time systems is crucial. Protecting users' data while reporting an event in almost real-time will increase the level of this challenge. In this work, we adopt the strong notion of differential privacy to private stream counting for event detection with the aim of minimizing false positive and false negative rates as our utility metrics.","PeriodicalId":246233,"journal":{"name":"Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy","volume":"42 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-03-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114473587","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
ces d´ecisions sur nos tutelles afin de changer d’´echelle d’action.
就我们监护这些d´ecisionsfin从´换了行动规模。
{"title":"BlAnC","authors":"Gaurav Panwar, S. Misra, Roopa Vishwanathan","doi":"10.1145/3292006.3300034","DOIUrl":"https://doi.org/10.1145/3292006.3300034","url":null,"abstract":"ces d´ecisions sur nos tutelles afin de changer d’´echelle d’action.","PeriodicalId":246233,"journal":{"name":"Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy","volume":"35 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-03-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116814689","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: