There is a strong legal and ethical imperative for organisations to protect consumer information privacy. In this paper we present a method called privacy taxonomy-based attack tree analysis (PTATA). PTATA involves the combination of privacy violation taxonomies and attack trees. It assists organisations in protecting information privacy by providing a means to analyze weaknesses in their protective measures. We define privacy violation taxonomies, as well as review attack trees, and illustrate the practical implementation of PTATA through example scenarios. The advantages and drawbacks to our method are also discussed. The paper ends with future research which may build on this work.
{"title":"Towards Privacy Taxonomy-Based Attack Tree Analysis for the Protection of Consumer Information Privacy","authors":"K. Reddy, H. Venter, M. Olivier, I. Currie","doi":"10.1109/PST.2008.18","DOIUrl":"https://doi.org/10.1109/PST.2008.18","url":null,"abstract":"There is a strong legal and ethical imperative for organisations to protect consumer information privacy. In this paper we present a method called privacy taxonomy-based attack tree analysis (PTATA). PTATA involves the combination of privacy violation taxonomies and attack trees. It assists organisations in protecting information privacy by providing a means to analyze weaknesses in their protective measures. We define privacy violation taxonomies, as well as review attack trees, and illustrate the practical implementation of PTATA through example scenarios. The advantages and drawbacks to our method are also discussed. The paper ends with future research which may build on this work.","PeriodicalId":422934,"journal":{"name":"2008 Sixth Annual Conference on Privacy, Security and Trust","volume":"17 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117159738","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Reputation systems aim to reduce the risk of loss due to untrustworthy peers. This loss is aggravated by dishonest recommenders trying to pollute the recommendation network. The objective of an honesty checking mechanism is to detect dishonest recommenders. Existing honesty checking mechanisms assume that contradicting recommendations are due to the dishonesty of the recommenders. However, such difference may be also due to the behavior change of the target peer. This paper shows the effect of such behavior change on the performance of existing honesty checking mechanisms. To the best of our knowledge, this is the first attempt at linking the behavior change to honesty checking.
{"title":"The Effect of Behavior Change on Honesty Checking in Peer-to-Peer Systems","authors":"Farag Azzedin, Ahmad Ridha","doi":"10.1109/PST.2008.34","DOIUrl":"https://doi.org/10.1109/PST.2008.34","url":null,"abstract":"Reputation systems aim to reduce the risk of loss due to untrustworthy peers. This loss is aggravated by dishonest recommenders trying to pollute the recommendation network. The objective of an honesty checking mechanism is to detect dishonest recommenders. Existing honesty checking mechanisms assume that contradicting recommendations are due to the dishonesty of the recommenders. However, such difference may be also due to the behavior change of the target peer. This paper shows the effect of such behavior change on the performance of existing honesty checking mechanisms. To the best of our knowledge, this is the first attempt at linking the behavior change to honesty checking.","PeriodicalId":422934,"journal":{"name":"2008 Sixth Annual Conference on Privacy, Security and Trust","volume":"44 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131719661","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
We introduce multiple-control fuzzy vaults allowing generalized threshold, compartmented and multilevel access structure. The presented schemes enable many useful applications employing multiple users and/or multiple locking sets. Introducing the original single control fuzzy vault of Juels and Sudan we identify several similarities and differences between their vault and secret sharing schemes which influence how best to obtain working generalizations. We design multiple-control fuzzy vaults suggesting applications using biometric credentials as locking and unlocking values. Furthermore we assess the security of our obtained generalizations for insider/ outsider attacks and examine the access-complexity for legitimate vault owners.
{"title":"A Multiple-Control Fuzzy Vault","authors":"Marianne Hirschbichler, C. Boyd, W. Boles","doi":"10.1109/PST.2008.23","DOIUrl":"https://doi.org/10.1109/PST.2008.23","url":null,"abstract":"We introduce multiple-control fuzzy vaults allowing generalized threshold, compartmented and multilevel access structure. The presented schemes enable many useful applications employing multiple users and/or multiple locking sets. Introducing the original single control fuzzy vault of Juels and Sudan we identify several similarities and differences between their vault and secret sharing schemes which influence how best to obtain working generalizations. We design multiple-control fuzzy vaults suggesting applications using biometric credentials as locking and unlocking values. Furthermore we assess the security of our obtained generalizations for insider/ outsider attacks and examine the access-complexity for legitimate vault owners.","PeriodicalId":422934,"journal":{"name":"2008 Sixth Annual Conference on Privacy, Security and Trust","volume":"18 6","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131437536","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Mimicry attacks have been the focus of detector research where the objective of the attacker is to generate an attack that evades detection while achieving the attackerpsilas goals. If such an attack can be found, it implies that the target detector is vulnerable against mimicry attacks. In this work, we emphasize that there are two components of a buffer overflow attack: the preamble and the exploit. Although the attacker can modify the exploit component easily, the attacker may not be able to prevent preamble from generating anomalous behavior since during preamble stage, the attacker does not have full control. Previous work on mimicry attacks considered an attack to completely evade detection, if the exploit raises no alarms. On the other hand, in this work, we investigate the source of anomalies in both the preamble and the exploit components against two anomaly detectors that monitor four vulnerable UNIX applications. Our experiment results show that preamble can be a source of anomalies, particularly if it is lengthy and anomalous.
{"title":"Mimicry Attacks Demystified: What Can Attackers Do to Evade Detection?","authors":"H. G. Kayacik, A. N. Zincir-Heywood","doi":"10.1109/PST.2008.25","DOIUrl":"https://doi.org/10.1109/PST.2008.25","url":null,"abstract":"Mimicry attacks have been the focus of detector research where the objective of the attacker is to generate an attack that evades detection while achieving the attackerpsilas goals. If such an attack can be found, it implies that the target detector is vulnerable against mimicry attacks. In this work, we emphasize that there are two components of a buffer overflow attack: the preamble and the exploit. Although the attacker can modify the exploit component easily, the attacker may not be able to prevent preamble from generating anomalous behavior since during preamble stage, the attacker does not have full control. Previous work on mimicry attacks considered an attack to completely evade detection, if the exploit raises no alarms. On the other hand, in this work, we investigate the source of anomalies in both the preamble and the exploit components against two anomaly detectors that monitor four vulnerable UNIX applications. Our experiment results show that preamble can be a source of anomalies, particularly if it is lengthy and anomalous.","PeriodicalId":422934,"journal":{"name":"2008 Sixth Annual Conference on Privacy, Security and Trust","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133537948","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In this paper, we propose an approach for systematic security hardening of software based on aspect-oriented programming and Gimple language. We also present the first steps towards a formal specification for Gimple weaving together with the implementation methodology of the proposed weaving semantics. The primary contribution of this approach is providing the software architects with the capabilities to perform systematic security hardening by applying well-defined solutions and without the need to have expertise in the security solution domain. We explore the viability of our propositions by realizing the weaving semantics for Gimple by implementing it into the GCC compiler and applying our methodologies for systematic security hardening to develop a case study for securing the connections of client applications together with experimental results.
{"title":"Cross-Language Weaving Approach Targeting Software Security Hardening","authors":"A. Mourad, D. Alhadidi, M. Debbabi","doi":"10.1109/PST.2008.22","DOIUrl":"https://doi.org/10.1109/PST.2008.22","url":null,"abstract":"In this paper, we propose an approach for systematic security hardening of software based on aspect-oriented programming and Gimple language. We also present the first steps towards a formal specification for Gimple weaving together with the implementation methodology of the proposed weaving semantics. The primary contribution of this approach is providing the software architects with the capabilities to perform systematic security hardening by applying well-defined solutions and without the need to have expertise in the security solution domain. We explore the viability of our propositions by realizing the weaving semantics for Gimple by implementing it into the GCC compiler and applying our methodologies for systematic security hardening to develop a case study for securing the connections of client applications together with experimental results.","PeriodicalId":422934,"journal":{"name":"2008 Sixth Annual Conference on Privacy, Security and Trust","volume":"292 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117337428","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Handheld devices in a pervasive computing environment are prone to security as well as privacy violations, while discovering, sharing and accessing services and contents. Trust models are devised to fight against such violations and breaches. Although initial trust assignment is an important issue in evolving overall trust, a little amount of work has been done in this field so far. In pervasive smart space, similar type of contexts exhibits significant correlations to each other. However, this fact is not taken into consideration while computing the initial trust values. In this paper, we describe a new mechanism to assign initial trust: CCTB (Context Correlation for Trust Bootstrapping), which takes advantage of the presence of correlations among different contexts in a context-ontology. We evaluate the effectiveness of CCTB by simulating in two different scenarios. We show that CCTB offers better initial trust values than the other models considered here. We also implement a prototype for performance measurement using .NET Compact Framework.
在普适计算环境中的手持设备在发现、共享和访问服务和内容时,容易出现安全问题和侵犯隐私问题。建立信任模式就是为了打击这种违规行为。虽然初始信任分配是发展整体信任的一个重要问题,但迄今为止这方面的研究还很少。在普遍的智能空间中,相似类型的上下文彼此之间表现出显著的相关性。然而,在计算初始信任值时没有考虑到这一事实。在本文中,我们描述了一种分配初始信任的新机制:CCTB (Context Correlation for trust Bootstrapping),它利用了上下文本体中不同上下文之间存在的相关性。我们通过模拟两种不同的场景来评估CCTB的有效性。我们证明,CCTB提供了比这里考虑的其他模型更好的初始信任值。我们还使用。net Compact Framework实现了一个性能度量的原型。
{"title":"CCTB: Context Correlation for Trust Bootstrapping in Pervasive Environment","authors":"Sheikh Iqbal Ahamed, Mehrab Monjur, M. S. Islam","doi":"10.1109/PST.2008.19","DOIUrl":"https://doi.org/10.1109/PST.2008.19","url":null,"abstract":"Handheld devices in a pervasive computing environment are prone to security as well as privacy violations, while discovering, sharing and accessing services and contents. Trust models are devised to fight against such violations and breaches. Although initial trust assignment is an important issue in evolving overall trust, a little amount of work has been done in this field so far. In pervasive smart space, similar type of contexts exhibits significant correlations to each other. However, this fact is not taken into consideration while computing the initial trust values. In this paper, we describe a new mechanism to assign initial trust: CCTB (Context Correlation for Trust Bootstrapping), which takes advantage of the presence of correlations among different contexts in a context-ontology. We evaluate the effectiveness of CCTB by simulating in two different scenarios. We show that CCTB offers better initial trust values than the other models considered here. We also implement a prototype for performance measurement using .NET Compact Framework.","PeriodicalId":422934,"journal":{"name":"2008 Sixth Annual Conference on Privacy, Security and Trust","volume":"601 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132755862","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In this paper we present a protocol for unlinkable communication, i.e. where an attacker cannot map the sender and receiver node of a communication. Existing anonymity protocols either do not guarantee unlinkability (e.g. Tor and Mix networks), or produce huge overhead -- the dining cryptographers network causes quadratic number of messages. Our protocol needs only a linear number of messages while it still guarantees unlinkability. We introduce a measure of unlinkability and show that our protocol offers the highest possible degree of unlinkability. We show how to use the protocol in practice by adapting it to Internet and ad hoc communication.
{"title":"Unlinkable Communication","authors":"Volker Fusenig, Eugen Staab, U. Sorger, T. Engel","doi":"10.1109/PST.2008.8","DOIUrl":"https://doi.org/10.1109/PST.2008.8","url":null,"abstract":"In this paper we present a protocol for unlinkable communication, i.e. where an attacker cannot map the sender and receiver node of a communication. Existing anonymity protocols either do not guarantee unlinkability (e.g. Tor and Mix networks), or produce huge overhead -- the dining cryptographers network causes quadratic number of messages. Our protocol needs only a linear number of messages while it still guarantees unlinkability. We introduce a measure of unlinkability and show that our protocol offers the highest possible degree of unlinkability. We show how to use the protocol in practice by adapting it to Internet and ad hoc communication.","PeriodicalId":422934,"journal":{"name":"2008 Sixth Annual Conference on Privacy, Security and Trust","volume":"123 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115613082","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Financial services institutions (FSIs) around the globe know they must proactively work toward protecting customer data and thwarting emerging security threats. Deloitte Touche Tohmatsu (DTT), an international firm that provides audit, consulting, and financial advisory services has used its networks and reach to investigate security and privacy issues in FSIs around the world. DTTpsilas first survey appeared in 2003 and four others have followed since then. This present article draws from last survey. Given that the literature has shown that socio-economic and cultural factors are important considerations for organizations when accepting innovations and new practices. This study was designed to provide a layer of understanding not seen in the DTTpsilas study by examining whether socio-economic and cultural indicators matter in how IT security and privacy issues are being perceived in global FSIs. Two relevant hypotheses were developed to test our assertions. The main finding of the study was that such contextual factors may not be sufficient in differentiating how global FISs view or respond to key IT security and privacy issues. However, our study found one item related to security awareness training for FISspsila employees to vary significantly across the surveyed regions when the gross domestic product (GDP per capita) variable was used in the analysis. It is hoped that our studypsilas findings and conclusion will be beneficial to practitioners and researchers.
{"title":"IT Security and Privacy Issues in Global Financial Services Institutions: Do Socio-Economic and Cultural Factors Matter?","authors":"P. Ifinedo","doi":"10.1109/PST.2008.24","DOIUrl":"https://doi.org/10.1109/PST.2008.24","url":null,"abstract":"Financial services institutions (FSIs) around the globe know they must proactively work toward protecting customer data and thwarting emerging security threats. Deloitte Touche Tohmatsu (DTT), an international firm that provides audit, consulting, and financial advisory services has used its networks and reach to investigate security and privacy issues in FSIs around the world. DTTpsilas first survey appeared in 2003 and four others have followed since then. This present article draws from last survey. Given that the literature has shown that socio-economic and cultural factors are important considerations for organizations when accepting innovations and new practices. This study was designed to provide a layer of understanding not seen in the DTTpsilas study by examining whether socio-economic and cultural indicators matter in how IT security and privacy issues are being perceived in global FSIs. Two relevant hypotheses were developed to test our assertions. The main finding of the study was that such contextual factors may not be sufficient in differentiating how global FISs view or respond to key IT security and privacy issues. However, our study found one item related to security awareness training for FISspsila employees to vary significantly across the surveyed regions when the gross domestic product (GDP per capita) variable was used in the analysis. It is hoped that our studypsilas findings and conclusion will be beneficial to practitioners and researchers.","PeriodicalId":422934,"journal":{"name":"2008 Sixth Annual Conference on Privacy, Security and Trust","volume":"93 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122559838","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Rachid Hadjidj, Xiaochun Yang, Syrine Tlili, M. Debbabi
In this paper we develop a security verification framework for open source software with a multi-language support. We base our approach on the GCC compiler which is considered as the defacto open source compiler for several languages including C, C++, JAVA, ADA, FORTRAN,etc. To achieve our goal we use a conventional push down system model-checker for reachability properties, and turn it into a fully-fledged verification tool for both low and high level software security properties. We also allow programmers to define a wide range of temporal security properties using an automata-based specification approach. As a result, our approach can model-check large scale software against system-specific security properties.
{"title":"Model-Checking for Software Vulnerabilities Detection with Multi-Language Support","authors":"Rachid Hadjidj, Xiaochun Yang, Syrine Tlili, M. Debbabi","doi":"10.1109/PST.2008.21","DOIUrl":"https://doi.org/10.1109/PST.2008.21","url":null,"abstract":"In this paper we develop a security verification framework for open source software with a multi-language support. We base our approach on the GCC compiler which is considered as the defacto open source compiler for several languages including C, C++, JAVA, ADA, FORTRAN,etc. To achieve our goal we use a conventional push down system model-checker for reachability properties, and turn it into a fully-fledged verification tool for both low and high level software security properties. We also allow programmers to define a wide range of temporal security properties using an automata-based specification approach. As a result, our approach can model-check large scale software against system-specific security properties.","PeriodicalId":422934,"journal":{"name":"2008 Sixth Annual Conference on Privacy, Security and Trust","volume":"27 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116449154","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The unfair rating problem exists when a buying agent models the trustworthiness of selling agents by also relying on ratings of the sellers from other buyers. Different probabilistic approaches have been proposed to cope with this issue. In this paper, we first summarize these approaches and provide a detailed categorization of them. This includes our own "personalized" approach for addressing this problem. Based on the implication of such analysis, we then focus on experimental comparison of our approach with two key models in a framework that simulates a dynamic electronic marketplace environment. We specifically examine different scenarios, including ones where the majority of buyers are dishonest, buyers lack personal experience with sellers, sellers may vary their behavior, and buyers may provide a large number of ratings. Our study provides the basis for deciding which approach is most appropriate to employ, in which scenario.
{"title":"A Detailed Comparison of Probabilistic Approaches for Coping with Unfair Ratings in Trust and Reputation Systems","authors":"Jie Zhang, M. Sensoy, R. Cohen","doi":"10.1109/PST.2008.16","DOIUrl":"https://doi.org/10.1109/PST.2008.16","url":null,"abstract":"The unfair rating problem exists when a buying agent models the trustworthiness of selling agents by also relying on ratings of the sellers from other buyers. Different probabilistic approaches have been proposed to cope with this issue. In this paper, we first summarize these approaches and provide a detailed categorization of them. This includes our own \"personalized\" approach for addressing this problem. Based on the implication of such analysis, we then focus on experimental comparison of our approach with two key models in a framework that simulates a dynamic electronic marketplace environment. We specifically examine different scenarios, including ones where the majority of buyers are dishonest, buyers lack personal experience with sellers, sellers may vary their behavior, and buyers may provide a large number of ratings. Our study provides the basis for deciding which approach is most appropriate to employ, in which scenario.","PeriodicalId":422934,"journal":{"name":"2008 Sixth Annual Conference on Privacy, Security and Trust","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130933520","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: