Attaullah Buriro, B. Crispo, Filippo Del Frari, K. Wrona
The search for new authentication methods to replace passwords for modern mobile devices such as smartphones and tablets has attracted a substantial amount of research in recent years. As a result, several new behavioral biometric schemes have been proposed. Most of these schemes, however, are uni-modal. This paper presents a new, bi-modal behavioral biometric solution for user authentication. The proposed mechanism takes into account micro-movements of a phone and movements of the user's finger during writing or signing on the touchscreen. More specifically, it profiles a user based on how he holds the phone and based on the characteristics of the points being pressed on the touchscreen, and not the produced signature image. We have implemented and evaluated our scheme on commercially available smartphones. Using Multilayer Perceptron (MLP) 1-class verifier, we achieved approx. 95% True Acceptance Rate (TAR) with 3.1% False Acceptance Rate (FAR) on a dataset of 30 volunteers. Preliminary results on usability show a positive opinion about our system.
{"title":"Hold and Sign: A Novel Behavioral Biometrics for Smartphone User Authentication","authors":"Attaullah Buriro, B. Crispo, Filippo Del Frari, K. Wrona","doi":"10.1109/SPW.2016.20","DOIUrl":"https://doi.org/10.1109/SPW.2016.20","url":null,"abstract":"The search for new authentication methods to replace passwords for modern mobile devices such as smartphones and tablets has attracted a substantial amount of research in recent years. As a result, several new behavioral biometric schemes have been proposed. Most of these schemes, however, are uni-modal. This paper presents a new, bi-modal behavioral biometric solution for user authentication. The proposed mechanism takes into account micro-movements of a phone and movements of the user's finger during writing or signing on the touchscreen. More specifically, it profiles a user based on how he holds the phone and based on the characteristics of the points being pressed on the touchscreen, and not the produced signature image. We have implemented and evaluated our scheme on commercially available smartphones. Using Multilayer Perceptron (MLP) 1-class verifier, we achieved approx. 95% True Acceptance Rate (TAR) with 3.1% False Acceptance Rate (FAR) on a dataset of 30 volunteers. Preliminary results on usability show a positive opinion about our system.","PeriodicalId":341207,"journal":{"name":"2016 IEEE Security and Privacy Workshops (SPW)","volume":"2 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-05-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127735130","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Preliminary experiment design and research goals are presented to measure the applicability of restricted computational complexity environments in general purpose development efforts. The Linux kernel is examined through the lens of LangSec in order to gain insight into the make-up of the kernel code vis-à-vis the complexity class of recognizer for input to each component on the Chomsky Hierarchy. Manual analysis is assisted with LLVM Passes and comparison with the real-time Linux fork. This paper describes an on-going effort with the goals of justifying further research in the field of restricted computational environments.
{"title":"Research Report: Analysis of Software for Restricted Computational Environment Applicability","authors":"Jacob I. Torrey, Jonathan Miodownik","doi":"10.1109/SPW.2016.38","DOIUrl":"https://doi.org/10.1109/SPW.2016.38","url":null,"abstract":"Preliminary experiment design and research goals are presented to measure the applicability of restricted computational complexity environments in general purpose development efforts. The Linux kernel is examined through the lens of LangSec in order to gain insight into the make-up of the kernel code vis-à-vis the complexity class of recognizer for input to each component on the Chomsky Hierarchy. Manual analysis is assisted with LLVM Passes and comparison with the real-time Linux fork. This paper describes an on-going effort with the goals of justifying further research in the field of restricted computational environments.","PeriodicalId":341207,"journal":{"name":"2016 IEEE Security and Privacy Workshops (SPW)","volume":"20 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-05-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116052691","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
K. Fatema, C. Debruyne, D. Lewis, D. O’Sullivan, J. Morrison, Abdullah-Al Mazed
Handling personal data in a legally compliant way is an important factor for ensuring the trustworthiness of a service provider. The EU data protection directive (EU DPD) is built in such a way that the outcomes of rules are subject to explanations, contexts with dependencies, and human interpretation. Therefore, the process of obtaining deterministic and formal rules in policy languages from the EU DPD is difficult to fully automate. To tackle this problem, we demonstrate in this paper the use of a Controlled Natural Language (CNL) to encode the rules of the EU DPD, in a manner that can be automatically converted into the policy languages XACML and PERMIS. We also show that forming machine executable rules automatically from the controlled natural language grammar not only has the benefit of ensuring the correctness of those rules but also has potential of making the overall process more efficient.
{"title":"A Semi-Automated Methodology for Extracting Access Control Rules from the European Data Protection Directive","authors":"K. Fatema, C. Debruyne, D. Lewis, D. O’Sullivan, J. Morrison, Abdullah-Al Mazed","doi":"10.1109/SPW.2016.16","DOIUrl":"https://doi.org/10.1109/SPW.2016.16","url":null,"abstract":"Handling personal data in a legally compliant way is an important factor for ensuring the trustworthiness of a service provider. The EU data protection directive (EU DPD) is built in such a way that the outcomes of rules are subject to explanations, contexts with dependencies, and human interpretation. Therefore, the process of obtaining deterministic and formal rules in policy languages from the EU DPD is difficult to fully automate. To tackle this problem, we demonstrate in this paper the use of a Controlled Natural Language (CNL) to encode the rules of the EU DPD, in a manner that can be automatically converted into the policy languages XACML and PERMIS. We also show that forming machine executable rules automatically from the controlled natural language grammar not only has the benefit of ensuring the correctness of those rules but also has potential of making the overall process more efficient.","PeriodicalId":341207,"journal":{"name":"2016 IEEE Security and Privacy Workshops (SPW)","volume":"22 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-05-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114067793","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Smartphone motion sensor data are not only accessible to native mobile apps, but have also become accessible to the webpages rendered in either mobile browsers or the WebView components of mobile apps. In this position paper, we highlight four types of broad and severe user fingerprinting and cross-site input inference attacks that can exploit the smartphone motion sensor data to compromise mobile web users' privacy and security, we also discuss some research topics for further investigating the effectiveness of these attacks and designing usable defense mechanisms.
{"title":"Sensor-Based Mobile Web Fingerprinting and Cross-Site Input Inference Attacks","authors":"Chuan Yue","doi":"10.1109/SPW.2016.17","DOIUrl":"https://doi.org/10.1109/SPW.2016.17","url":null,"abstract":"Smartphone motion sensor data are not only accessible to native mobile apps, but have also become accessible to the webpages rendered in either mobile browsers or the WebView components of mobile apps. In this position paper, we highlight four types of broad and severe user fingerprinting and cross-site input inference attacks that can exploit the smartphone motion sensor data to compromise mobile web users' privacy and security, we also discuss some research topics for further investigating the effectiveness of these attacks and designing usable defense mechanisms.","PeriodicalId":341207,"journal":{"name":"2016 IEEE Security and Privacy Workshops (SPW)","volume":"100 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-05-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131795686","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Polymorphic malware detection is challenging due to the continual mutations miscreants introduce to successive instances of a particular virus. Such changes are akin to mutations in biological sequences. Recently, high-throughput methods for gene sequence classification have been developed by the bioinformatics and computational biology communities. In this paper, we argue that these methods can be usefully applied to malware detection. Unfortunately, gene classification tools are usually optimized for and restricted to an alphabet of four letters (nucleic acids). Consequently, we have selected the Strand gene sequence classifier, which offers a robust classification strategy that can easily accommodate unstructured data with any alphabet including source code or compiled machine code. To demonstrate Stand's suitability for classifying malware, we execute it on approximately 500GB of malware data provided by the Kaggle Microsoft Malware Classification Challenge (BIG 2015) used for predicting 9 classes of polymorphic malware. Experiments show that, with minimal adaptation, the method achieves accuracy levels well above 95% requiring only a fraction of the training times used by the winning team's method.
{"title":"Polymorphic Malware Detection Using Sequence Classification Methods","authors":"Jake Drew, T. Moore, Michael Hahsler","doi":"10.1109/SPW.2016.30","DOIUrl":"https://doi.org/10.1109/SPW.2016.30","url":null,"abstract":"Polymorphic malware detection is challenging due to the continual mutations miscreants introduce to successive instances of a particular virus. Such changes are akin to mutations in biological sequences. Recently, high-throughput methods for gene sequence classification have been developed by the bioinformatics and computational biology communities. In this paper, we argue that these methods can be usefully applied to malware detection. Unfortunately, gene classification tools are usually optimized for and restricted to an alphabet of four letters (nucleic acids). Consequently, we have selected the Strand gene sequence classifier, which offers a robust classification strategy that can easily accommodate unstructured data with any alphabet including source code or compiled machine code. To demonstrate Stand's suitability for classifying malware, we execute it on approximately 500GB of malware data provided by the Kaggle Microsoft Malware Classification Challenge (BIG 2015) used for predicting 9 classes of polymorphic malware. Experiments show that, with minimal adaptation, the method achieves accuracy levels well above 95% requiring only a fraction of the training times used by the winning team's method.","PeriodicalId":341207,"journal":{"name":"2016 IEEE Security and Privacy Workshops (SPW)","volume":"16 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-05-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134451716","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In order to address the continued decline in consumer trust in all things digital, and specifically the Internet of Things (IoT), we propose a radical overhaul of IoT design processes. Privacy by Design has been proposed as a suitable framework, but we argue the current approach has two failings: it presents too abstract a framework to inform design, and it is often applied after many critical design decisions have been made in defining the business opportunity. To rebuild trust we need the philosophy of Privacy by Design to be transformed into a wider Social Impact Assessment and delivered with practical guidance to be applied at product/service concept stage as well as throughout the system's engineering.
{"title":"From Privacy Impact Assessment to Social Impact Assessment","authors":"L. Edwards, Derek McAuley, Laurence Diver","doi":"10.1109/SPW.2016.19","DOIUrl":"https://doi.org/10.1109/SPW.2016.19","url":null,"abstract":"In order to address the continued decline in consumer trust in all things digital, and specifically the Internet of Things (IoT), we propose a radical overhaul of IoT design processes. Privacy by Design has been proposed as a suitable framework, but we argue the current approach has two failings: it presents too abstract a framework to inform design, and it is often applied after many critical design decisions have been made in defining the business opportunity. To rebuild trust we need the philosophy of Privacy by Design to be transformed into a wider Social Impact Assessment and delivered with practical guidance to be applied at product/service concept stage as well as throughout the system's engineering.","PeriodicalId":341207,"journal":{"name":"2016 IEEE Security and Privacy Workshops (SPW)","volume":"108 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-05-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132969372","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Formal Language Theory for Security (LangSec) applies the tools of theoretical computer science to the problem of protocol design and analysis. In practice, most results have focused on protocol design, showing that by restricting the complexity of protocols it is possible to design parsers with desirable and formally verifiable properties, such as correctness and equivalence. When we consider existing protocols, however, many of these were not subjected to formal analysis during their design, and many are not implemented in a manner consistent with their formal documentation. Determining a grammar for such protocols is the first step in analyzing them, which places this problem in the domain of grammatical inference, for which a deep theoretical literature exists. In particular, although it has been shown that the higher level categories of the Chomsky hierarchy cannot be generically learned, it is also known that certain subcategories of that hierarchy can be effectively learned. In this paper, we summarize some theoretical results for inferring well-known Chomsky grammars, with special attention to context-free grammars (CFGs) and their generated languages (CFLs). We then demonstrate that, despite negative learnability results in the theoretical regime, we can use long short-term memory (LSTM) networks, a type of recurrent neural network (RNN) architecture, to learn a grammar for URIs that appear in Apache HTTP access logs for a particular server with high accuracy. We discuss these results in the context of grammatical inference, and suggest avenues for further research into learnability of a subgroup of the context-free grammars.
{"title":"Grammatical Inference and Machine Learning Approaches to Post-Hoc LangSec","authors":"Sheridan S. Curley, Richard E. Harang","doi":"10.1109/SPW.2016.26","DOIUrl":"https://doi.org/10.1109/SPW.2016.26","url":null,"abstract":"Formal Language Theory for Security (LangSec) applies the tools of theoretical computer science to the problem of protocol design and analysis. In practice, most results have focused on protocol design, showing that by restricting the complexity of protocols it is possible to design parsers with desirable and formally verifiable properties, such as correctness and equivalence. When we consider existing protocols, however, many of these were not subjected to formal analysis during their design, and many are not implemented in a manner consistent with their formal documentation. Determining a grammar for such protocols is the first step in analyzing them, which places this problem in the domain of grammatical inference, for which a deep theoretical literature exists. In particular, although it has been shown that the higher level categories of the Chomsky hierarchy cannot be generically learned, it is also known that certain subcategories of that hierarchy can be effectively learned. In this paper, we summarize some theoretical results for inferring well-known Chomsky grammars, with special attention to context-free grammars (CFGs) and their generated languages (CFLs). We then demonstrate that, despite negative learnability results in the theoretical regime, we can use long short-term memory (LSTM) networks, a type of recurrent neural network (RNN) architecture, to learn a grammar for URIs that appear in Apache HTTP access logs for a particular server with high accuracy. We discuss these results in the context of grammatical inference, and suggest avenues for further research into learnability of a subgroup of the context-free grammars.","PeriodicalId":341207,"journal":{"name":"2016 IEEE Security and Privacy Workshops (SPW)","volume":"32 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-05-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133101389","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The upcoming General Data Protection Regulation is quickly becoming of great concern to organizations which process personal data of European citizens. It is however nontrivial to translate these legal requirements into privacy friendly designs. One recently proposed approach to make 'privacy by design' more practical is privacy design strategies. This paper improves the strategy definitions and suggests an additional level of abstraction between strategies and privacy patterns: 'tactics'. We have identified a collection of such tactics based on an extensive literature review, in particular a catalogue of surveyed privacy patterns. We explore the relationships between the concepts we introduce and similar concepts used in software engineering. This paper helps bridge the gap between data protection requirements set out in law, and system development practice.
{"title":"A Critical Analysis of Privacy Design Strategies","authors":"Michael Colesky, J. Hoepman, Christiaan Hillen","doi":"10.1109/SPW.2016.23","DOIUrl":"https://doi.org/10.1109/SPW.2016.23","url":null,"abstract":"The upcoming General Data Protection Regulation is quickly becoming of great concern to organizations which process personal data of European citizens. It is however nontrivial to translate these legal requirements into privacy friendly designs. One recently proposed approach to make 'privacy by design' more practical is privacy design strategies. This paper improves the strategy definitions and suggests an additional level of abstraction between strategies and privacy patterns: 'tactics'. We have identified a collection of such tactics based on an extensive literature review, in particular a catalogue of surveyed privacy patterns. We explore the relationships between the concepts we introduce and similar concepts used in software engineering. This paper helps bridge the gap between data protection requirements set out in law, and system development practice.","PeriodicalId":341207,"journal":{"name":"2016 IEEE Security and Privacy Workshops (SPW)","volume":"33 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-05-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114366481","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
With the widespread adoption of Online Social Networks (OSNs), users increasingly also use corresponding third-party applications (TPAs), such as social games and applications for collaboration. To improve their social experience, TPAs access users' personal data via an API provided by the OSN. Applications are then expected to comply with certain security and privacy policies when handling the users' data. However, in practice, they might store, use, and distribute that data in all kinds of unapproved ways. We present an approach that transparently enforces security and privacy policies on TPAs that integrate with OSNs. To this end, we integrate concepts and implementations from the research areas of data usage control and information flow control. We instantiate these results in the context of TPAs in OSNs in order to enforce compliance with security and privacy policies that are provided by the OSN operator. We perform a preliminary evaluation of our approach on the basis of a TPA that integrates with the Facebook API.
随着在线社交网络(Online Social Networks, osn)的广泛应用,用户也越来越多地使用相应的第三方应用程序(tpa),如社交游戏和协作应用程序。为了提升社交体验,tpa通过OSN提供的API访问用户的个人数据。应用程序在处理用户数据时需要遵守特定的安全和隐私政策。然而,在实践中,他们可能会以各种未经批准的方式存储、使用和分发这些数据。我们提出了一种透明地在与osn集成的tpa上执行安全和隐私策略的方法。为此,我们整合了数据使用控制和信息流控制研究领域的概念和实现。我们在OSN的tpa上下文中实例化这些结果,以便强制遵守OSN运营商提供的安全和隐私策略。我们基于与Facebook API集成的TPA对我们的方法进行了初步评估。
{"title":"Compliance Monitoring of Third-Party Applications in Online Social Networks","authors":"Florian Kelbert, Alexander Fromm","doi":"10.1109/SPW.2016.13","DOIUrl":"https://doi.org/10.1109/SPW.2016.13","url":null,"abstract":"With the widespread adoption of Online Social Networks (OSNs), users increasingly also use corresponding third-party applications (TPAs), such as social games and applications for collaboration. To improve their social experience, TPAs access users' personal data via an API provided by the OSN. Applications are then expected to comply with certain security and privacy policies when handling the users' data. However, in practice, they might store, use, and distribute that data in all kinds of unapproved ways. We present an approach that transparently enforces security and privacy policies on TPAs that integrate with OSNs. To this end, we integrate concepts and implementations from the research areas of data usage control and information flow control. We instantiate these results in the context of TPAs in OSNs in order to enforce compliance with security and privacy policies that are provided by the OSN operator. We perform a preliminary evaluation of our approach on the basis of a TPA that integrates with the Facebook API.","PeriodicalId":341207,"journal":{"name":"2016 IEEE Security and Privacy Workshops (SPW)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-05-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116094836","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Investigating insider threat cases is challenging because activities are conducted with legitimate access that makes distinguishing malicious activities from normal activities difficult. To assist with identifying non-normal activities, we propose using two types of pattern discovery to identify a person's behavioral patterns in network data. The behavioral patterns serve to deemphasize normal behavior so that insider threat investigations can focus attention on potentially more relevant. Results from a controlled experiment demonstrate the highlighting of a suspicious event through the reduction of events belonging to discovered patterns.
{"title":"Activity Pattern Discovery from Network Captures","authors":"Alan C. Lin, Gilbert L. Peterson","doi":"10.1109/SPW.2016.22","DOIUrl":"https://doi.org/10.1109/SPW.2016.22","url":null,"abstract":"Investigating insider threat cases is challenging because activities are conducted with legitimate access that makes distinguishing malicious activities from normal activities difficult. To assist with identifying non-normal activities, we propose using two types of pattern discovery to identify a person's behavioral patterns in network data. The behavioral patterns serve to deemphasize normal behavior so that insider threat investigations can focus attention on potentially more relevant. Results from a controlled experiment demonstrate the highlighting of a suspicious event through the reduction of events belonging to discovered patterns.","PeriodicalId":341207,"journal":{"name":"2016 IEEE Security and Privacy Workshops (SPW)","volume":"422 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-05-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132555060","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: