the proceedings contain 20 papers. the topics discussed include: ToneCheck: unveiling the impact of dialects in privacy policy;make split, not hijack: preventing feature-space hijacking attacks in split learning;makin...
ISBN:
(纸本)9798400704918
the proceedings contain 20 papers. the topics discussed include: ToneCheck: unveiling the impact of dialects in privacy policy;make split, not hijack: preventing feature-space hijacking attacks in split learning;making privacy-preserving federated graph analytics practical (for certain queries);SecureCheck: user-centric and geolocation-aware access mediation contracts for sharing private data;static and dynamic analysis of a usage control system;SPRT: automatically adjusting SELinux policy for vulnerability mitigation;utilizing threat partitioning for more practical network anomaly detection;prompting LLM to enforce and validate CIS critical security control;pairing human and artificial intelligence: enforcing accesscontrol policies with LLMs and formal specifications;and BlueSky: how to raise a robot — a case for neuro-symbolic ai in constrained task planning for humanoid assistive robots.
the proceedings contain 25 papers. the topics discussed include: accesscontrol vulnerabilities in network protocol implementations: how attackers exploit them and what to do about it;a framework for privacy-preservin...
ISBN:
(纸本)9798400701733
the proceedings contain 25 papers. the topics discussed include: accesscontrol vulnerabilities in network protocol implementations: how attackers exploit them and what to do about it;a framework for privacy-preserving white-box anomaly detection using a lattice-based accesscontrol;privacy-preserving multi-party accesscontrol for third-party UAV services;federated synthetic data generation with stronger security guarantees;APETEEt — secure enforcement of ABAC policies using trusted execution environment;how to raise a robot — beyond accesscontrol constraints in assistive humanoid robots;integrating spatio-temporal authorization with generic cloud-based software architecture for Internet of things devices;non-repudiable secure logging system for the web;synthesizing and analyzing attribute-based accesscontrol model generated from natural language policy statements;and security analysis of accesscontrol policies for smart homes.
the proceedings contain 29 papers. the topics discussed include: modular composition of accesscontrol policies: a framework to build multi-site multi-level combinations;a study of application sandbox policies in Linu...
ISBN:
(纸本)9781450393577
the proceedings contain 29 papers. the topics discussed include: modular composition of accesscontrol policies: a framework to build multi-site multi-level combinations;a study of application sandbox policies in Linux;contemporaneous update and enforcement of ABAC policies;WiP: verifiable, secure and energy-efficient private data aggregation in wireless sensor networks;a game-theoretically optimal defense paradigm against traffic analysis attacks using multipath routing and deception;Harpocrates: anonymous data publication in named data networking;generalized noise role mining;the secrecy resilience of accesscontrol policies and its application to role mining;effective evaluation of relationship-based accesscontrol policy mining;and removing the reliance on perimeters for security using network views.
the proceedings contain 19 papers. the topics discussed include: backdoor attacks to graph neural networks;analyzing the usefulness of the DARPA OpTC dataset in cyber threat detection research;towards a theory for sem...
ISBN:
(纸本)9781450383653
the proceedings contain 19 papers. the topics discussed include: backdoor attacks to graph neural networks;analyzing the usefulness of the DARPA OpTC dataset in cyber threat detection research;towards a theory for semantics and expressiveness analysis of rule-based accesscontrolmodels;towards unifying RBAC with information flow control;towards cloud-based software for incorporating time and location into accesscontrol decisions;in-memory policy indexing for policy retrieval points in attribute-based accesscontrol;valued authorization policy existence problem;attribute-stream-based accesscontrol (ASBAC) withthe streaming attribute policy language (SAPL);shielding AppSPEAR â€" enhancing memory safety for trusted application-level security policy enforcement;and ReTRACe: revocable and traceable blockchain rewrites using attribute-based cryptosystems.
Cryptographic enforcement of accesscontrol policies is a rapidly evolving field with ongoing research and development aimed at addressing emerging security challenges and requirements. Among the different techniques ...
详细信息
ISBN:
(纸本)9798400704918
Cryptographic enforcement of accesscontrol policies is a rapidly evolving field with ongoing research and development aimed at addressing emerging security challenges and requirements. Among the different techniques to cryptographically enforce accesscontrol policies, hierarchical key assignment schemes play a central role, since they can be used in a variety of application domains. In this talk, we give an overview of such a cryptographic primitive, by discussing different models, applications and future research directions.
Humanoid robots will be able to assist humans in their daily life, in particular due to their versatile action capabilities. However, while these robots need a certain degree of autonomy to learn and explore, they als...
详细信息
ISBN:
(纸本)9798400704918
Humanoid robots will be able to assist humans in their daily life, in particular due to their versatile action capabilities. However, while these robots need a certain degree of autonomy to learn and explore, they also should respect various constraints, for accesscontrol and beyond. We explore the novel field of incorporating privacy, security, and accesscontrol constraints with robot task planning approaches. We report preliminary results on the classical symbolic approach, deep-learned neural networks, and modern ideas using large language models as knowledge base. From analyzing their trade-offs, we conclude that a hybrid approach is necessary, and thereby present a new use case for the emerging field of neuro-symbolic artificial intelligence.
the category-based accesscontrol metamodel provides an axiomatic framework for the specification of accesscontrolmodels. In this talk, we give an overview of the category-based approach to accesscontrol, obligatio...
详细信息
ISBN:
(纸本)9798400701733
the category-based accesscontrol metamodel provides an axiomatic framework for the specification of accesscontrolmodels. In this talk, we give an overview of the category-based approach to accesscontrol, obligation and privacy policy specification.
Multi-party accesscontrol is emerging to protect shared resources in collaborative environments. Existing multi-party accesscontrolmodels often lack essential features to address the challenges characterizing colla...
详细信息
ISBN:
(纸本)9798400704918
Multi-party accesscontrol is emerging to protect shared resources in collaborative environments. Existing multi-party accesscontrolmodels often lack essential features to address the challenges characterizing collaborative decision-making. Collaborative access decision-making requires mechanisms that optimally account for the access requirements of all parties without requiring user intervention at evaluation time. this work fills these gaps by proposing a framework for multi-party accesscontrol based on game theory. To this end, we identify the decision factors influencing access decision-making in collaborative environments and propose two bargaining models - a cooperative model and a non-cooperative model - to investigate the impact of different cooperation assumptions on collaborative access decision-making. Our framework ensures fairness by considering the access requirements of all controllers equally, achieves optimality by relying on best response strategies, and guarantees termination. Our evaluation shows that different cooperation assumptions significantly impact the performance and outcome of collaborative access decision-making.
Using accesscontrol policy rules with deny effects (i.e., negative authorization) can be preferred to using complemented conditions in the rules as they are often easier to comprehend in the context of large policies...
详细信息
ISBN:
(纸本)9798400704918
Using accesscontrol policy rules with deny effects (i.e., negative authorization) can be preferred to using complemented conditions in the rules as they are often easier to comprehend in the context of large policies. However, the two constructs have different impacts on the expressiveness of a rule-based accesscontrol model. We investigate whether policies expressible using complemented conditions can be expressed using deny rules instead. the answer to this question is not always affirmative. In this paper, we propose a practical approach to address this problem for a given policy. In particular, we develop theoretical results that allow us to pose the problem as a set of queries to an SAT solver. Our experimental results using an off-the-shelf SAT solver demonstrate the feasibility of our approach and offer insights into its performance based on accesscontrol policies from multiple domains.
In this paper, we introduce a new decentralized accesscontrol framework with transitive delegation capabilities that tackles the performance and scalability limitations of the existing state-of-the-art solutions. In ...
详细信息
ISBN:
(纸本)9798400704918
In this paper, we introduce a new decentralized accesscontrol framework with transitive delegation capabilities that tackles the performance and scalability limitations of the existing state-of-the-art solutions. In order to accomplish this, the proposed solution is anchored in the self-sovereign identity (SSI) paradigm, which embodies a distributed identity management system. By adopting this paradigm, we obviate slow cryptographic premises such as identity-based encryption (IBE) that were used in prior work. Furthermore, we enhance the existing verifiable credentials (VCs) from this paradigm by introducing our own decentralized permission objects to support the concept of transitive delegations. this concept allows delegates to further delegate their access to resources withthe same or fewer privileges to other entities within the framework. this renders our solution suitable for diverse scenarios, including applications in decentralized building access management. To the best of our knowledge, we are the first to introduce the concept of transitive delegations in this paradigm. Finally, our performance experiments show a performance enhancement of three orders of magnitude compared to the prevailing state-of-the-art solutions.
暂无评论