application marketplaces are the main software distribution mechanism for modern mobile devices but are also emerging as a viable alternative to brick-and-mortar stores for personal computers. While most application m...
详细信息
ISBN:
(纸本)9781450318907
application marketplaces are the main software distribution mechanism for modern mobile devices but are also emerging as a viable alternative to brick-and-mortar stores for personal computers. While most application marketplaces require applications to be cryptographically signed by their developers, in Android marketplaces, self-signed certificates are common, thereby offering very limited authentication properties. As a result, there have been reports of malware being distributed through application "repackaging." We provide a quantitative assessment of this phenomenon by collecting 41,057 applications from 194 alternative Android application markets in October 2011, in addition to a sample of 35,423 applications from the official Android market, Google Play. We observe that certain alternative markets almost exclusively distribute repackaged applications containing malware. To remedy this situation we propose a simple verification protocol, and discuss a proofof- concept implementation, AppIntegrity. AppIntegrity strengthens the authentication properties offered in application marketplaces, thereby making it more difficult for miscreants to repackage apps, while presenting very little computational or communication overhead, and being deployable without requiring significant changes to the Android platform. Copyright 2013 acm.
The overall network traffic patterns generated by today's smartphones result from the typically large and diverse set of installed applications. In addition to the traffic generated by the user, most applications ...
详细信息
ISBN:
(纸本)9781450319980
The overall network traffic patterns generated by today's smartphones result from the typically large and diverse set of installed applications. In addition to the traffic generated by the user, most applications generate characteristic traffic from their background activities, such as periodic update requests or server synchronisation. Although the encryption of transmitted data in 3G networks prevents an eavesdropper from analysing the content, periodic traffic patterns leak side-channel information like timing and data volume. In this work, we extract such side-channel features from network traffic generated from the most popular applications, such as Facebook, WhatsApp, Skype, Dropbox, and others, and evaluate whether they can be used to reliably identify a smartphone. By computing fingerprints from ≈6 hours of background traffic, we show that 15 minutes of monitored traffic suffice to reliably identify a smartphone based on its behavioural fingerprint with a success probability of 90%. Copyright 2013 acm.
The design of Android is based on a set of unprotected shared resources, including those inherited from Linux (e.g., Linux public directories). However, the dramatic development in Android applications (app for short)...
详细信息
In storage outsourcing services, clients store their data on a potentially untrusted server, which has more computational power and storage capacity than the individual clients. In this model, security properties such...
详细信息
ISBN:
(纸本)9781450318907
In storage outsourcing services, clients store their data on a potentially untrusted server, which has more computational power and storage capacity than the individual clients. In this model, security properties such as integrity, authenticity, and freshness of stored data ought to be provided, while minimizing computational costs at the client, and communication costs between the client and the server. Using trusted computing technology on the server's side, we propose practical constructions in the provable data possession model that provide integrity and freshness in a dynamic, multi-user setting, where groups of users can update their shared files on the remote, untrusted server. Unlike previous solutions based on a single-user, single-device model, we consider a multi-user, multi-device model. Using trusted hardware on the server helps us to eliminate some of the previously known challenges with this model, such as forking and rollback attacks by the server. We logically separate bulk storage and data authentication issues to different untrusted remote services, which can be implemented either on the same or different physical servers. With only minor modifications to existing services, the bulk storage component can be provided by large-scale storage providers such as Google, CloudDrive, DropBox, and a smaller specialized server equipped with a trusted hardware chip can be used for providing data authentication. Our constructions eliminate client-side storage costs (clients do not need to maintain persistent state), and are suitable for situations in which multiple clients work collaboratively on remotely stored, outsourced data. Copyright 2013 acm.
A virtual organization (VO) is a group of organizations that have banded together to achieve a common goal. Often a VO could function more effectively if its members were willing to share certain information. However,...
详细信息
ISBN:
(纸本)9781450318907
A virtual organization (VO) is a group of organizations that have banded together to achieve a common goal. Often a VO could function more effectively if its members were willing to share certain information. However, a typical VO member will not want to share its own information because the member will not benefit directly from the information's reuse, yet will be blamed if the reuse turns out badly. In this paper, we present insured access, the first economically sustainable system for encouraging appropriate information sharing in VOs. Before accessing information, a VO member must purchase a liability policy from the insurance arm of the VO. Insured access uses actuarial principles to set up and run the VO's insurance arm, and provides the following benefits: VO members who share their information are compensated if the information is misused, and can expect a positive benefit from sharing;members who use information well are rewarded and those who misuse it are penalized appropriately;and the level of risk-taking in the system is capped at a certain level. We demonstrate the sustainability of insured sharing through simulations of a map-sharing scenario. Copyright 2013 acm.
The proceedings contain 31 papers. The topics discussed include: secure and efficient proof of storage with deduplication;measuring query privacy in location-based services;deriving implementation-level policies for u...
ISBN:
(纸本)9781450310918
The proceedings contain 31 papers. The topics discussed include: secure and efficient proof of storage with deduplication;measuring query privacy in location-based services;deriving implementation-level policies for usage control enforcement;discovering access-control misconfigurations: new approaches and evaluation methodologies;comparison-based encryption for fine-grained access control in clouds;relationship-based access control: its expression and enforcement through hybrid logic;bounding trust in reputation systems with incomplete information;cookie-based privacy issues on Google services;refinement-based design of a group-centric secure information sharing model;risk-based security decisions under uncertainty;quantitative access control with partially-observable Markov decision processes;role engineering: from theory to practice;and privacy streamliner: a two-stage approach to improving algorithm efficiency.
暂无评论