The process of encrypting data for Cloud services is usually presented two ways. The data owner can encrypt it themselves or rely on the service provider to do so. On one hand, we have significant security, but high-c...
详细信息
ISBN:
(纸本)9781450322782
The process of encrypting data for Cloud services is usually presented two ways. The data owner can encrypt it themselves or rely on the service provider to do so. On one hand, we have significant security, but high-complexity. On the other, we have ease of use, but limited protection. This false choice leads to data going unprotected as customers throw up their hands. There is a better way. In this keynote, we'll discuss a middle ground that improves upon the standard use cases using Barbican, an open-source key manager created by Rackspace for the OpenStack Cloud.
Virtualization has been a major enabling technology for improving trustworthiness and tamper-resistance of computer security functions. In the past decade, we have witnessed the development of virtualization-based tec...
详细信息
ISBN:
(纸本)9781450322782
Virtualization has been a major enabling technology for improving trustworthiness and tamper-resistance of computer security functions. In the past decade, we have witnessed the development of virtualization-based techniques for attack/malware monitoring, detection, prevention, and profiling. Virtual platforms have been widely adopted for system security experimentation and evaluation, because of their strong isolation, maneuverability, and scalability properties. Conversely, the demand from security research has led to significant advances in virtualization technology itself, for example, in the aspects of virtual machine introspection, check-pointing, and replay. In this talk, I will present an overview of research efforts (including our own) in virtualization-based security and security-driven virtualization. I will also discuss a number of challenges and opportunities in maintaining and elevating the synergies between virtualization and security.
Computer-aided design (CAD), in its quest to facilitate new design revolutions, is again on the brink of changing its scope. Following both historical and recent technological and application trends, one can identify ...
ISBN:
(纸本)9781479962778
Computer-aided design (CAD), in its quest to facilitate new design revolutions, is again on the brink of changing its scope. Following both historical and recent technological and application trends, one can identify several emerging research and development directions in which CAD approaches and techniques may have major impacts. Among them, due to the potential to fundamentally alter everyday life as well as how science and engineering systems are designed and operated, the Internet of Things (IoT) stands out. IoT also poses an extraordinary system replete with conceptual and technical challenges. For instance, greatly reduced quantitative bounds on acceptable area and energy metrics require qualitative breakthroughs in design and optimization *** likely the most demanding of requirements for the widespread realization of many IoT visions is security. IoT security has an exceptionally wide scope in at least four dimensions. In terms of security scope it includes rarely addressed tasks such as trusted sensing, computation, communication, privacy, and digital forgetting. It also asks for new and better techniques for the protection of hardware, software, and data that considers the possibility of physical access to IoT devices. Sensors and actuators are common components of IoT devices and pose several unique security challenges including the integrity of physical signals and actuating events. Finally, during processing of collected data, one can envision many semantic *** strategic objective is to provide an impetus for the development of IoT CAD security techniques. We start by presenting a brief survey of IoT challenges and opportunities with an emphasis on security issues. Next, we discuss the potential of hardware-based IoT security approaches. Finally, we conclude with several case studies that advocate the use of stable PUFs and digital PPUFs for several IoT security protocols.
Android has become the leading smartphone platform with hundreds of devices from various manufacturers available on the market today. All these phones closely resemble each other with similar hardware and software fea...
详细信息
ISBN:
(纸本)9781450322782
Android has become the leading smartphone platform with hundreds of devices from various manufacturers available on the market today. All these phones closely resemble each other with similar hardware and software features. Manufacturers must therefore customize the official Android system to differentiate their devices. Unfortunately, such heavily customization by third-party manufacturers often leads to serious vulnerabilities that do not exist in the official Android system. In this paper, we propose a comparative approach to systematically audit software in third-party phones by comparing them side-by-side to the official system. Specifically, we first retrieve pre-loaded apps and libraries from the phone and build a matching base system from the Android open source project repository. We then compare corresponding apps and libraries for potential vulnerabilities. To facilitate this process, we have designed and implemented DexDiff, a system that can pinpoint fine structural differences between two Android binaries and also present the changes in their surrounding contexts. Our experiments show that DexDiff is efficient and scalable. For example, it spends less than two and half minutes to process two 16.5MB (in total) files. DexDiff is also able to reveal a new vulnerability and details of the invasive CIQ mobile intelligence software.
We design a content-centric privacy scheme for Information-Centric Networking (ICN). We enhance ICN's ability to support data confidentiality by introducing attribute-based encryption into ICN and making it specif...
详细信息
ISBN:
(纸本)9781450320566
We design a content-centric privacy scheme for Information-Centric Networking (ICN). We enhance ICN's ability to support data confidentiality by introducing attribute-based encryption into ICN and making it specific to the data attributes. Our approach is unusual in that it preserves ICN's goal to decouple publishers and subscribers for greater data accessibility, scalable multiparty communication and efficient data distribution. Inspired by application-layer publish-subscribe, we enable fine-grained access control with more expressive policies. Moreover, we propose an attribute-based routing scheme that offers interest confidentiality. A prototype system is implemented based on CCNx, a popular open source version of ICN, to showcase privacy preservation in Smart Neighborhood and Smart City applications.
Today's smartphone application markets host an ever in- creasing number of applications. The sheer number of ap- plications makes their review a daunting task. We propose AppsPlayground for Android, a framework th...
详细信息
ISBN:
(纸本)9781450318907
Today's smartphone application markets host an ever in- creasing number of applications. The sheer number of ap- plications makes their review a daunting task. We propose AppsPlayground for Android, a framework that automates the analysis smartphone applications. AppsPlayground in- tegrates multiple components comprising different detection and automatic exploration techniques for this purpose. We evaluated the system using multiple large scale and small scale experiments involving real benign and malicious ap- plications. Our evaluation shows that AppsPlayground is quite effective at automatically detecting privacy leaks and malicious functionality in applications. Copyright 2013 acm.
The privacy by design approach has already been applied in different areas. We believe that the next challenge in this area today is to go beyond individual cases and to provide methodologies to explore the design spa...
详细信息
ISBN:
(纸本)9781450318907
The privacy by design approach has already been applied in different areas. We believe that the next challenge in this area today is to go beyond individual cases and to provide methodologies to explore the design space in a systematic way. As a first step in this direction, we focus in this paper on the data minimization principle and consider difierent options using decentralized architectures in which actors do not necessarily trust each other. We propose a framework to express the parameters to be taken into account (the service to be performed, the actors involved, their respective requirements, etc.) and an inference system to derive properties such as the possibility for an actor to detect potential errors (or frauds) in the computation of a variable. This inference system can be used in the design phase to check if an architecture meets the requirements of the parties or to point out conicting requirements. Copyright 2013 acm.
Parameter tampering attacks are dangerous to a web application whose server performs weaker data sanitization than its client. This paper presents TamperProof, a methodology and tool that offers a novel and efficient ...
详细信息
ISBN:
(纸本)9781450318907
Parameter tampering attacks are dangerous to a web application whose server performs weaker data sanitization than its client. This paper presents TamperProof, a methodology and tool that offers a novel and efficient mechanism to protectWeb applications from parameter tampering attacks. TamperProof is an online defense deployed in a trusted environment between the client and server and requires no access to, or knowledge of, the server side codebase, making it effective for both new and legacy applications. The paper reports on experiments that demonstrate TamperProof's power in efficiently preventing all known parameter tampering vulnerabilities on ten different applications. Copyright 2013 acm.
暂无评论