Asia CCS '22 : proceedings of the 2022 ACM Asia Conference on Computer and Communications Security : May 30-June 3, 2022, Nagasaki, Japan. ACM Asia Conference on Computer and Communications Security (17th : 2022 : Nagasaki-shi, Japan ; ...最新文献
Proofs of Retrievability (POR) is a cryptographic formulation for remotely auditing the integrity of files stored in the cloud, without keeping a copy of the original files in local storage. In a POR scheme, a user Alice backups her data file together with some authentication data to a potentially dishonest cloud storage server Bob. Later, Alice can periodically and remotely verify the integrity of her data file using the authentication data, without retrieving back the data file. Besides security, performances in communication, storage overhead and computation are major considerations. Shacham and Waters (Asiacrypt '08) gave a fast scheme with O(sλ) bits communication cost and a factor of 1/s file size expansion where λ is the security parameter. In this paper, we incorporate a recent construction of constant size polynomial commitment scheme (Kate, Zaverucha and Goldberg, Asiacrypt '10) into Shacham and Waters scheme. The resulting scheme requires O(λ) communication bits (particularly, 920 bits if a 160 bits elliptic curve group is used or 3512 bits if a 1024 bits modulo group is used) per verification and a factor of 1/s file size expansion. Experiment results show that our proposed scheme is indeed efficient and practical. Our security proof is based on Strong Diffie-Hellman Assumption.
可检索性证明(proof of Retrievability, POR)是一种加密公式,用于远程审计存储在云中的文件的完整性,而无需在本地存储中保留原始文件的副本。在POR方案中,用户Alice将她的数据文件和一些身份验证数据备份到可能不诚实的云存储服务器Bob。之后,Alice可以使用身份验证数据定期远程验证其数据文件的完整性,而无需检索数据文件。除了安全性之外,通信性能、存储开销和计算也是主要考虑因素。Shacham和Waters (Asiacrypt '08)给出了一种快速方案,其通信成本为0 (λ)位,文件大小扩展系数为1/s,其中λ为安全参数。在本文中,我们将最近构造的常大小多项式承诺方案(Kate, Zaverucha and Goldberg, Asiacrypt '10)纳入到Shacham和Waters方案中。所得到的方案每次验证需要O(λ)通信位(特别是,如果使用160位椭圆曲线组,则需要920位,如果使用1024位模组,则需要3512位)和1/s文件大小扩展因子。实验结果表明,该方案是有效的、实用的。我们的安全证明基于强迪菲-赫尔曼假设。
{"title":"Towards efficient proofs of retrievability","authors":"Jia Xu, E. Chang","doi":"10.1145/2414456.2414503","DOIUrl":"https://doi.org/10.1145/2414456.2414503","url":null,"abstract":"Proofs of Retrievability (POR) is a cryptographic formulation for remotely auditing the integrity of files stored in the cloud, without keeping a copy of the original files in local storage. In a POR scheme, a user Alice backups her data file together with some authentication data to a potentially dishonest cloud storage server Bob. Later, Alice can periodically and remotely verify the integrity of her data file using the authentication data, without retrieving back the data file. Besides security, performances in communication, storage overhead and computation are major considerations. Shacham and Waters (Asiacrypt '08) gave a fast scheme with O(sλ) bits communication cost and a factor of 1/s file size expansion where λ is the security parameter. In this paper, we incorporate a recent construction of constant size polynomial commitment scheme (Kate, Zaverucha and Goldberg, Asiacrypt '10) into Shacham and Waters scheme. The resulting scheme requires O(λ) communication bits (particularly, 920 bits if a 160 bits elliptic curve group is used or 3512 bits if a 1024 bits modulo group is used) per verification and a factor of 1/s file size expansion. Experiment results show that our proposed scheme is indeed efficient and practical. Our security proof is based on Strong Diffie-Hellman Assumption.","PeriodicalId":72308,"journal":{"name":"Asia CCS '22 : proceedings of the 2022 ACM Asia Conference on Computer and Communications Security : May 30-June 3, 2022, Nagasaki, Japan. ACM Asia Conference on Computer and Communications Security (17th : 2022 : Nagasaki-shi, Japan ; ...","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2012-05-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"90998329","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
An extensible software system must protect its resources from being abused by untrusted software extensions. The access control policies of such systems are traditionally enforced by reference monitors. Recent study of access control policies advocates the use of obligation policies, which impose behavioural constraints to the future actions of the accessor after the access is granted. It is argued that obligation policies provide continuous protection to the system. Not all obligation policies can be enforced by reference monitors. We argue that humans have long recognized the unenforceability of naively formulated obligation policies, and have devised standard policy idioms to cope with the issue. We therefore developed tool support to assist a policy developer in using such policy idioms. First, we designed a policy language to capture the idiomatic elements of obligation policies, in such a way that the elements are modular and composeable. Second, we designed a type system for capturing patterns of policy composition that preserve enforceability, such that well-typed policies are enforceable. Third, we designed a compilation algorithm that compiles well-typed policies into reference monitors. Such a framework helps policy developers articulate obligation policies and refine them into enforceable ones.
{"title":"The specification and compilation of obligation policies for program monitoring","authors":"Cheng Xu, Philip W. L. Fong","doi":"10.1145/2414456.2414501","DOIUrl":"https://doi.org/10.1145/2414456.2414501","url":null,"abstract":"An extensible software system must protect its resources from being abused by untrusted software extensions. The access control policies of such systems are traditionally enforced by reference monitors. Recent study of access control policies advocates the use of obligation policies, which impose behavioural constraints to the future actions of the accessor after the access is granted. It is argued that obligation policies provide continuous protection to the system.\u0000 Not all obligation policies can be enforced by reference monitors. We argue that humans have long recognized the unenforceability of naively formulated obligation policies, and have devised standard policy idioms to cope with the issue. We therefore developed tool support to assist a policy developer in using such policy idioms. First, we designed a policy language to capture the idiomatic elements of obligation policies, in such a way that the elements are modular and composeable. Second, we designed a type system for capturing patterns of policy composition that preserve enforceability, such that well-typed policies are enforceable. Third, we designed a compilation algorithm that compiles well-typed policies into reference monitors. Such a framework helps policy developers articulate obligation policies and refine them into enforceable ones.","PeriodicalId":72308,"journal":{"name":"Asia CCS '22 : proceedings of the 2022 ACM Asia Conference on Computer and Communications Security : May 30-June 3, 2022, Nagasaki, Japan. ACM Asia Conference on Computer and Communications Security (17th : 2022 : Nagasaki-shi, Japan ; ...","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2012-05-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"72906948","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Nikos Mavrogiannopoulos, A. Pashalidis, B. Preneel
Public key Kerberos (PKINIT) is a standardized authentication and key establishment protocol which is used by the Windows active directory subsystem. In this paper we show that card-based public key Kerberos is flawed. In particular, access to a user's card enables an adversary to impersonate that user even after the adversary's access to the card is revoked. The attack neither exploits physical properties of the card, nor extracts any of its secrets.
{"title":"Security implications in Kerberos by the introduction of smart cards","authors":"Nikos Mavrogiannopoulos, A. Pashalidis, B. Preneel","doi":"10.1145/2414456.2414490","DOIUrl":"https://doi.org/10.1145/2414456.2414490","url":null,"abstract":"Public key Kerberos (PKINIT) is a standardized authentication and key establishment protocol which is used by the Windows active directory subsystem. In this paper we show that card-based public key Kerberos is flawed. In particular, access to a user's card enables an adversary to impersonate that user even after the adversary's access to the card is revoked. The attack neither exploits physical properties of the card, nor extracts any of its secrets.","PeriodicalId":72308,"journal":{"name":"Asia CCS '22 : proceedings of the 2022 ACM Asia Conference on Computer and Communications Security : May 30-June 3, 2022, Nagasaki, Japan. ACM Asia Conference on Computer and Communications Security (17th : 2022 : Nagasaki-shi, Japan ; ...","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2012-05-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"74157284","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Amit Vasudevan, Jonathan M. McCune, J. Newsome, A. Perrig, L. V. Doorn
Much effort has been spent to reduce the software Trusted Computing Base (TCB) of modern systems. However, there remains a large and complex hardware TCB, including memory, peripherals, and system buses. There are many stronger, but still realistic, adversary models where we need to consider that this hardware may be malicious or compromised. Thus, there is a practical need to determine whether we can achieve secure program execution in the presence of not only malicious software, but also malicious hardware.
{"title":"CARMA: a hardware tamper-resistant isolated execution environment on commodity x86 platforms","authors":"Amit Vasudevan, Jonathan M. McCune, J. Newsome, A. Perrig, L. V. Doorn","doi":"10.1145/2414456.2414484","DOIUrl":"https://doi.org/10.1145/2414456.2414484","url":null,"abstract":"Much effort has been spent to reduce the software Trusted Computing Base (TCB) of modern systems. However, there remains a large and complex hardware TCB, including memory, peripherals, and system buses. There are many stronger, but still realistic, adversary models where we need to consider that this hardware may be malicious or compromised. Thus, there is a practical need to determine whether we can achieve secure program execution in the presence of not only malicious software, but also malicious hardware.","PeriodicalId":72308,"journal":{"name":"Asia CCS '22 : proceedings of the 2022 ACM Asia Conference on Computer and Communications Security : May 30-June 3, 2022, Nagasaki, Japan. ACM Asia Conference on Computer and Communications Security (17th : 2022 : Nagasaki-shi, Japan ; ...","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2012-05-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"81464329","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Sahai and Waters [6] proposed Attribute-Based Encryption (ABE) as a new paradigm of encryption algorithms that allow the sender to set a policy describing who can decrypt a particular ciphertext. In this paper, we first propose a ciphertext policy attribute-based encryption (CP-ABE) scheme from lattices, which supports flexible threshold access policies on literal (or boolean) attributes. Then we extend it to support multi-valued attributes without increasing the public key and ciphertext size. Our scheme's master secret key has only one matrix despite of the number of the system's attributes. The security of our schemes is based on the worst-case hardness on lattices.
{"title":"Ciphertext policy attribute-based encryption from lattices","authors":"Jiang Zhang, Zhenfeng Zhang, Ai-jun Ge","doi":"10.1145/2414456.2414464","DOIUrl":"https://doi.org/10.1145/2414456.2414464","url":null,"abstract":"Sahai and Waters [6] proposed Attribute-Based Encryption (ABE) as a new paradigm of encryption algorithms that allow the sender to set a policy describing who can decrypt a particular ciphertext. In this paper, we first propose a ciphertext policy attribute-based encryption (CP-ABE) scheme from lattices, which supports flexible threshold access policies on literal (or boolean) attributes. Then we extend it to support multi-valued attributes without increasing the public key and ciphertext size. Our scheme's master secret key has only one matrix despite of the number of the system's attributes. The security of our schemes is based on the worst-case hardness on lattices.","PeriodicalId":72308,"journal":{"name":"Asia CCS '22 : proceedings of the 2022 ACM Asia Conference on Computer and Communications Security : May 30-June 3, 2022, Nagasaki, Japan. ACM Asia Conference on Computer and Communications Security (17th : 2022 : Nagasaki-shi, Japan ; ...","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2012-05-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"87831588","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Software-based attacks (e.g., malware) pose a big threat to cryptographic software because they can compromise the associated cryptographic keys in their entirety. In this paper, we investigate key-insulated symmetric key cryptography, which can mitigate the damage caused by repeated attacks against cryptographic software. To illustrate the feasibility of key-insulated symmetric key cryptography, we also report a proof-of-concept implementation in the Kernel-based Virtual Machine (KVM) environment.
{"title":"Key-insulated symmetric key cryptography and mitigating attacks against cryptographic cloud software","authors":"Y. Dodis, Weiliang Luo, Shouhuai Xu, M. Yung","doi":"10.1145/2414456.2414489","DOIUrl":"https://doi.org/10.1145/2414456.2414489","url":null,"abstract":"Software-based attacks (e.g., malware) pose a big threat to cryptographic software because they can compromise the associated cryptographic keys in their entirety. In this paper, we investigate key-insulated symmetric key cryptography, which can mitigate the damage caused by repeated attacks against cryptographic software. To illustrate the feasibility of key-insulated symmetric key cryptography, we also report a proof-of-concept implementation in the Kernel-based Virtual Machine (KVM) environment.","PeriodicalId":72308,"journal":{"name":"Asia CCS '22 : proceedings of the 2022 ACM Asia Conference on Computer and Communications Security : May 30-June 3, 2022, Nagasaki, Japan. ACM Asia Conference on Computer and Communications Security (17th : 2022 : Nagasaki-shi, Japan ; ...","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2012-05-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"73262240","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Role engineering (RE) aims to develop and maintain appropriate role-based access control (RBAC) configurations. However, RE with constraints in place is not well-studied. Constraints usually describe organizations' security and business requirements. An inconsistency between configurations and constraints compromises security and availability, as it may authorize otherwise forbidden access and deprive users of due privileges. In this paper, we apply answer set programming (ASP) to discover RBAC configurations that comply with constraints and meet various optimization objectives. We first formulate the need of supporting constraints as a problem independent of and complementary to existing RE problems. We then present a flexible framework for translating the proposed problem to ASP programs. In this way, the problem can be addressed via ASP solvers. Finally, we demonstrate the effectiveness and efficiency of our approach through experimental results.
{"title":"Constraint-enhanced role engineering via answer set programming","authors":"Jinwei Hu, K. Khan, Y. Bai, Yan Zhang","doi":"10.1145/2414456.2414499","DOIUrl":"https://doi.org/10.1145/2414456.2414499","url":null,"abstract":"Role engineering (RE) aims to develop and maintain appropriate role-based access control (RBAC) configurations. However, RE with constraints in place is not well-studied. Constraints usually describe organizations' security and business requirements. An inconsistency between configurations and constraints compromises security and availability, as it may authorize otherwise forbidden access and deprive users of due privileges. In this paper, we apply answer set programming (ASP) to discover RBAC configurations that comply with constraints and meet various optimization objectives. We first formulate the need of supporting constraints as a problem independent of and complementary to existing RE problems. We then present a flexible framework for translating the proposed problem to ASP programs. In this way, the problem can be addressed via ASP solvers. Finally, we demonstrate the effectiveness and efficiency of our approach through experimental results.","PeriodicalId":72308,"journal":{"name":"Asia CCS '22 : proceedings of the 2022 ACM Asia Conference on Computer and Communications Security : May 30-June 3, 2022, Nagasaki, Japan. ACM Asia Conference on Computer and Communications Security (17th : 2022 : Nagasaki-shi, Japan ; ...","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2012-05-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"90045997","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
With the rapid prevalence of E-Commerce, MMO and social networking, the demand on service availability and continuity is increasingly crucial to production servers or data centers. Hence, software failure recovery systems are thoroughly studied. However, stimulated by significant commercial revenue, attackers begin trying to evade the existing auditing/recovering techniques by manipulating the service applications through the compromised kernel. Nowadays, device drivers account for more than half (could be as high as 70%) of the source code of most commodity operating system kernels, with much more exploitable vulnerabilities than other kernel code [2]. This renders the attackers the opportunity to exploit the driver vulnerability and leverage the kernel privilege of the compromised drivers. With the unrestricted access to the whole (kernel/user) memory address space, successful attackers can launch denial of service attack by incurring driver fault, manipulating critical code/data or even the metadata of the service application process.
{"title":"Letting applications operate through attacks launched from compromised drivers","authors":"Shengzhi Zhang, Peng Liu","doi":"10.1145/2414456.2414510","DOIUrl":"https://doi.org/10.1145/2414456.2414510","url":null,"abstract":"With the rapid prevalence of E-Commerce, MMO and social networking, the demand on service availability and continuity is increasingly crucial to production servers or data centers. Hence, software failure recovery systems are thoroughly studied. However, stimulated by significant commercial revenue, attackers begin trying to evade the existing auditing/recovering techniques by manipulating the service applications through the compromised kernel. Nowadays, device drivers account for more than half (could be as high as 70%) of the source code of most commodity operating system kernels, with much more exploitable vulnerabilities than other kernel code [2]. This renders the attackers the opportunity to exploit the driver vulnerability and leverage the kernel privilege of the compromised drivers. With the unrestricted access to the whole (kernel/user) memory address space, successful attackers can launch denial of service attack by incurring driver fault, manipulating critical code/data or even the metadata of the service application process.","PeriodicalId":72308,"journal":{"name":"Asia CCS '22 : proceedings of the 2022 ACM Asia Conference on Computer and Communications Security : May 30-June 3, 2022, Nagasaki, Japan. ACM Asia Conference on Computer and Communications Security (17th : 2022 : Nagasaki-shi, Japan ; ...","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2012-05-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"87969940","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
A network coordinate system [7, 14, 15] assigns virtual coordinates (network positions) to every node in the network. These coordinates are assigned so that the coordinate distance between two nodes reflects the real network distance between those two nodes. This allows any peer in the sytem to accurately estimate the network distance between any pair of nodes, without having the pair of nodes contact each other. Network coordinate systems' ability to predict the network latency between arbitrary pairs of nodes can be used in many applications: finding the closest node to download content from in a content distribution network or route to in a peer-to-peer system [18], reducing inter-ISP communication [5, 13], reducing the amount of state stored in routers [1], performing byzantine leader elections [6], and detecting Sybil attackers [3, 8]. Current network coordinate systems have been shown to have good accuracy in predicting network distances, low processing and communication overhead, and fast convergence to stable positions. More recent papers have improved on the earlier designs by providing coordinate stability under churn and convergence under measurement uncertainty [2, 7, 11, 12]. However, it has also been shown [10] that those network coordinate systems are not secure, in the sense that a malicious peer in the network can report randomly chosen coordinates or maliciously delay responses to disrupt the network coordinate system. The fake reported coordinates or round-trip time (RTT) causes the nodes in the system to incorrectly update their coordinates. This renders the network latency prediction useless because the coordinate distance between two nodes will not reflect the real network distance between the two nodes. Moreover, the adversary could "lie" about its coordinates so that the coordinate distance between itself and a targeted node is smaller than the real network distance. In some applications, the adversary will then be more likely to be contacted or picked as a peer to download content from. Several schemes [9, 16, 17, 19, 20] have been developed to protect network coordinate systems against the attacks in [10], where malicious peers report randomly chosen coordinates, report random but consistent coordinates, or add random delay in their messages to other peers. These schemes can be categorized into anomaly/outlier detection [9, 20], reputation system [16], and distributed reputation systems [17, 19]; all of them were shown to effectively mitigate the known attacks. Recently, however, a new type of attack [4] -- the frog-boiling attack -- was introduced, and it was shown that some of these schemes fail to protect against this attack. The frog-boiling attacker reports small but consistent lies that are not detected by any of the security mechanisms, but which cumulatively introduce unacceptable errors; for example, it was shown that this technique can randomly partition an overlay using a secure network coordinate system [2
{"title":"KoNKS: konsensus-style network koordinate system","authors":"Eric Chan-Tin, Nicholas Hopper","doi":"10.1145/2414456.2414491","DOIUrl":"https://doi.org/10.1145/2414456.2414491","url":null,"abstract":"A network coordinate system [7, 14, 15] assigns virtual coordinates (network positions) to every node in the network. These coordinates are assigned so that the coordinate distance between two nodes reflects the real network distance between those two nodes. This allows any peer in the sytem to accurately estimate the network distance between any pair of nodes, without having the pair of nodes contact each other. Network coordinate systems' ability to predict the network latency between arbitrary pairs of nodes can be used in many applications: finding the closest node to download content from in a content distribution network or route to in a peer-to-peer system [18], reducing inter-ISP communication [5, 13], reducing the amount of state stored in routers [1], performing byzantine leader elections [6], and detecting Sybil attackers [3, 8].\u0000 Current network coordinate systems have been shown to have good accuracy in predicting network distances, low processing and communication overhead, and fast convergence to stable positions. More recent papers have improved on the earlier designs by providing coordinate stability under churn and convergence under measurement uncertainty [2, 7, 11, 12].\u0000 However, it has also been shown [10] that those network coordinate systems are not secure, in the sense that a malicious peer in the network can report randomly chosen coordinates or maliciously delay responses to disrupt the network coordinate system. The fake reported coordinates or round-trip time (RTT) causes the nodes in the system to incorrectly update their coordinates. This renders the network latency prediction useless because the coordinate distance between two nodes will not reflect the real network distance between the two nodes. Moreover, the adversary could \"lie\" about its coordinates so that the coordinate distance between itself and a targeted node is smaller than the real network distance. In some applications, the adversary will then be more likely to be contacted or picked as a peer to download content from.\u0000 Several schemes [9, 16, 17, 19, 20] have been developed to protect network coordinate systems against the attacks in [10], where malicious peers report randomly chosen coordinates, report random but consistent coordinates, or add random delay in their messages to other peers. These schemes can be categorized into anomaly/outlier detection [9, 20], reputation system [16], and distributed reputation systems [17, 19]; all of them were shown to effectively mitigate the known attacks. Recently, however, a new type of attack [4] -- the frog-boiling attack -- was introduced, and it was shown that some of these schemes fail to protect against this attack. The frog-boiling attacker reports small but consistent lies that are not detected by any of the security mechanisms, but which cumulatively introduce unacceptable errors; for example, it was shown that this technique can randomly partition an overlay using a secure network coordinate system [2","PeriodicalId":72308,"journal":{"name":"Asia CCS '22 : proceedings of the 2022 ACM Asia Conference on Computer and Communications Security : May 30-June 3, 2022, Nagasaki, Japan. ACM Asia Conference on Computer and Communications Security (17th : 2022 : Nagasaki-shi, Japan ; ...","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2012-05-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"85390234","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Decoy technology and the use of deception are useful in securing critical computing systems by confounding and confusing adversaries with fake information. Deception leverages uncertainty forcing adversaries to expend considerable effort to differentiate realistic useful information from purposely planted false information. In this paper, we propose software-based decoy system that aims to deceive insiders, to detect the exfiltration of proprietary source code. The proposed system generates believable Java source code that appear to an adversary to be entirely valuable proprietary software. Bogus software is generated iteratively using code obfuscation techniques to transform original software using various transformation methods. Beacons are also injected into bogus software to detect the exfiltration and to make an alert if the decoy software is touched, compiled or executed. Based on similarity measurement, the experimental results demonstrate that the generated bogus software is different from the original software while maintaining similar complexity to confuse an adversary as to which is real and which is not.
{"title":"Software decoys for insider threat","authors":"Younghee Park, S. Stolfo","doi":"10.1145/2414456.2414511","DOIUrl":"https://doi.org/10.1145/2414456.2414511","url":null,"abstract":"Decoy technology and the use of deception are useful in securing critical computing systems by confounding and confusing adversaries with fake information. Deception leverages uncertainty forcing adversaries to expend considerable effort to differentiate realistic useful information from purposely planted false information. In this paper, we propose software-based decoy system that aims to deceive insiders, to detect the exfiltration of proprietary source code. The proposed system generates believable Java source code that appear to an adversary to be entirely valuable proprietary software. Bogus software is generated iteratively using code obfuscation techniques to transform original software using various transformation methods. Beacons are also injected into bogus software to detect the exfiltration and to make an alert if the decoy software is touched, compiled or executed. Based on similarity measurement, the experimental results demonstrate that the generated bogus software is different from the original software while maintaining similar complexity to confuse an adversary as to which is real and which is not.","PeriodicalId":72308,"journal":{"name":"Asia CCS '22 : proceedings of the 2022 ACM Asia Conference on Computer and Communications Security : May 30-June 3, 2022, Nagasaki, Japan. ACM Asia Conference on Computer and Communications Security (17th : 2022 : Nagasaki-shi, Japan ; ...","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2012-05-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"86327259","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Asia CCS '22 : proceedings of the 2022 ACM Asia Conference on Computer and Communications Security : May 30-June 3, 2022, Nagasaki, Japan. ACM Asia Conference on Computer and Communications Security (17th : 2022 : Nagasaki-shi, Japan ; ...