Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Bücher
Zeitschriften
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
SLX-Digitalkonferenz: Zukunftswerkstatt 2024

Mehr Umsatz mit Top-Kontakten

Am 7. Mai erfahren Sie, wie Vertriebsteams Leadgenerierung, Leadnurturing und Leadstrategien effizient steuern können.
Erweiterte Suche
Anmelden
nach oben

2011 | Buch

Information Flow Containment: A Practical Basis for Malware Defense Kapitel lesen Erstes Kapitel lesen

Data and Applications Security and Privacy XXV

25th Annual IFIP WG 11.3 Conference, DBSec 2011, Richmond, VA, USA, July 11-13, 2011. Proceedings

herausgegeben von: Yingjiu Li

Verlag: Springer Berlin Heidelberg

Buchreihe : Lecture Notes in Computer Science

Enthalten in: Springer Professional "Wirtschaft+Technik" , Springer Professional "Technik" , Springer Professional "Wirtschaft"

Einloggen, um Zugang zu erhalten
insite
SUCHEN

Über dieses Buch

This book constitutes the refereed proceedings of the 25th IFIP WG 11.3 International Conference on Data and Applications Security and Privacy, DBSec 2011, held in Richmond, VA, USA, in July 2011. The 14 revised full papers and 9 short papers presented together with 3 invited lectures were carefully reviewed and selected from 37 submissions. The topics of these papers include access control, privacy-preserving data applications, data confidentiality and query verification, query and data privacy, authentication and secret sharing.

Inhaltsverzeichnis

Frontmatter

Invited Papers

Information Flow Containment: A Practical Basis for Malware Defense
Abstract
Security threats have escalated rapidly in the past decade. “Zero-day attacks,” delivered via web pages, pictures or documents, have become significant threats. Malware is rampant, being installed using phishing, software vulnerability exploits, and software downloads. With the emergence of a lucrative black market in cyber crime, even ordinary users are becoming targets of sophisticated malware attacks.
R. Sekar
Re-designing the Web’s Access Control System
(Extended Abstract)
Abstract
The Web is playing a very important role in our lives, and is becoming an essential element of the computing infrastructure. With such a glory come the attacks–the Web has become criminals’ preferred targets. Web-based vulnerabilities now outnumber traditional computer security concerns. Although various security solutions have been proposed to address the problems on the Web, few have addressed the root causes of why web applications are so vulnerable to these many attacks. We believe that the Web’s current access control models are fundamentally inadequate to satisfy the protection needs of today’s web, and they need to be redesigned. In this extended abstract, we explain our position, and summarize our efforts in redesigning the Web’s access control systems.
Wenliang Du, Xi Tan, Tongbo Luo, Karthick Jayaraman, Zutao Zhu
Integrated Management of Security Policies
Abstract
The design of an integrated approach for security management represents a difficult challenge, but the requirements of modern information systems make extremely urgent to dedicate research efforts in this direction. Three perspectives for integration can be identified.
Stefano Paraboschi

Access Control I

Cooperative Data Access in Multi-cloud Environments
Abstract
In this paper, we discuss the problem of enabling cooperative query execution in a multi-cloud environment where the data is owned and managed by multiple enterprises. We assume that each enterprise defines a set of allow rules to facilitate access to its data, which is assumed to be stored as relational tables. We propose an efficient algorithm using join properties to decide whether a given query will be allowed. We also allow enterprises to explicitly forbid access to certain data via deny rules and propose an efficient algorithm to check for conflicts between allow and deny rules.
Meixing Le, Krishna Kant, Sushil Jajodia
Multiparty Authorization Framework for Data Sharing in Online Social Networks
Abstract
Online social networks (OSNs) have experienced tremendous growth in recent years and become a de facto portal for hundreds of millions of Internet users. These OSNs offer attractive means for digital social interactions and information sharing, but also raise a number of security and privacy issues. While OSNs allow users to restrict access to shared data, they currently do not provide effective mechanisms to enforce privacy concerns over data associated with multiple users. In this paper, we propose a multiparty authorization framework that enables collaborative management of shared data in OSNs. An access control model is formulated to capture the essence of multiparty authorization requirements. We also demonstrate the applicability of our approach by implementing a proof-of-concept prototype hosted in Facebook.
Hongxin Hu, Gail-Joon Ahn

Privacy-Preserving Data Applications I

Enforcing Confidentiality and Data Visibility Constraints: An OBDD Approach
Abstract
The problem of enabling privacy-preserving data releases has become more and more important in the last years thanks to the increasing needs of sharing and disseminating information. In this paper we address the problem of computing data releases in the form of fragments (vertical views) over a relational table, which satisfy both confidentiality and visibility constraints, expressing needs for information protection and release, respectively. We propose a modeling of constraints and of the data fragmentation problem based on Boolean formulas and Ordered Binary Decision Diagrams (OBDDs). Exploiting OBDDs, we efficiently manipulate Boolean formulas, thus easily computing data fragments that satisfy the constraints.
Valentina Ciriani, Sabrina De Capitani di Vimercati, Sara Foresti, Giovanni Livraga, Pierangela Samarati
Public-Key Encrypted Bloom Filters with Applications to Supply Chain Integrity
Abstract
Bloom filters provide a space- and time-efficient mean to check the inclusion of an element in a set. In some applications it is beneficial, if the set represented by the Bloom filter is only revealed to authorized parties. Particularly, operations data in supply chain management can be very sensitive and Bloom filters can be applied to supply chain integrity validation. Despite the protection of the represented set, Bloom filter operations, such as the verification of set inclusion, need to be still feasible. In this paper we present privacy-preserving, publicly verifiable Bloom filters which offer both: privacy for the represented set and public Bloom filter operations. We give security proofs in the standard model.
Florian Kerschbaum

Access Control II

An Optimization Model for the Extended Role Mining Problem
Abstract
The primary purpose of Role Mining is to effectively determine the roles in an enterprise using the permissions that have already been assigned to the users. If this permission assignment is viewed as a 0-1 matrix, then Role Mining aims to decompose this matrix into two matrices which represent user-role and role-permission assignments. This decomposition is known as Boolean Matrix Decomposition (BMD). In this paper, we use an Extended BMD (EBMD) to consider separation of duty constraints (SOD) and exceptions, that are common to any security system, in the role mining process. Essentially, in EBMD, we introduce negative assignments. An additional benefit of allowing negative assignments in roles is that, a less number of roles can be used to reconstruct the same given user-permission assignments. We introduce Extended Role Mining Problem and its variants and present their optimization models. We also propose a heuristic algorithm that is capable of utilizing these models to find good decompositions.
Emre Uzun, Vijayalakshmi Atluri, Haibing Lu, Jaideep Vaidya
Dynamics in Delegation and Revocation Schemes: A Logical Approach
Abstract
In this paper we first introduce a logic for describing formally a family of delegation and revocation models that are based on the work in Hagström et al.. We then extend our logic to accommodate an epistemic interpretation of trust within the framework that we define. What emerges from this work is a rich framework of formally well-defined delegation and revocation schemes that accommodates an important trust component.
Guillaume Aucher, Steve Barker, Guido Boella, Valerio Genovese, Leendert van der Torre

Data Confidentiality and Query Verification

History-Dependent Inference Control of Queries by Dynamic Policy Adaption
Abstract
Policy-based inference control of queries submitted to a logic-oriented information system requires us to consider the history of queries and answers to a particular user. In most previous approaches, the control system captures the history by maintaining a fictitious view the user is supposed to generate by exploiting rational reasoning. In this paper, we propose and explore an alternative option to represent the history, namely by suitably adapting the confidentiality policy after returning an answer to a query. Basically, such a policy adaption precomputes all relevant steps of formal proofs that the fictitious view logically implies some policy element. We focus on propositional information systems.
Joachim Biskup
Multilevel Secure Data Stream Processing
Abstract
With sensors and mobile devices becoming ubiquitous, situation monitoring applications are becoming a reality. Data Stream Management Systems (DSMSs) have been proposed to address the data processing needs of such applications that require collection of high-speed data, computing results on-the-fly, and taking actions in real-time. Although a lot of work appears in the area of DSMS, not much has been done in multilevel secure (MLS) DSMS making the technology unsuitable for highly sensitive applications such as battlefield monitoring. An MLS DSMS should ensure the absence of illegal information flow in a DSMS and more importantly provide the performance needed to handle continuous queries. We investigate the issues important in an MLS DSMS and propose an architecture that best meets the goals of MLS DSMS. We discuss how continuous queries can be executed in such a system and sharing across queries accomplished for maximum performance benefits.
Raman Adaikkalavan, Indrakshi Ray, Xing Xie

Query and Data Privacy

Query Processing in Private Data Outsourcing Using Anonymization
Abstract
We present a query processing scheme in a private data outsourcing model. We assume data is divided into identifying and sensitive data using an anatomy approach[20]; only the client is able to reconstruct the original identifiable data. The key contribution of this paper is a relational query processor that minimizes the client-side computation while ensuring the server learns nothing violating the privacy constraints.
Ahmet Erhan Nergiz, Chris Clifton
Private Database Search with Sublinear Query Time
Abstract
The problem of private database search has been well studied. The notion of privacy considered is twofold: i) the querier only learns the result of the query (and things that can be deduced from it), and ii) the server learns nothing (in a computational sense) about the query. A fundamental drawback with prior approaches is that the query computation is linear in the dataset. We overcome this drawback by making the following assumption: the server has its dataset ahead of time and is able to perform linear precomputation for each query. This new model, which we call the precomputation model, is appropriate in circumstances where it is crucial that queries are answered efficiently once they become available. Our main contribution is a precomputed search protocol that requires linear precomputation time but that allows logarithmic search time. Using this protocol, we then show how to answer the following types of queries with sublinear query computation in this precomputation model: i) point existence queries, ii) rank queries, iii) lookup queries, and iv) one-dimensional range queries.
Keith B. Frikken, Boyang Li

Privacy-Preserving Data Applications II

Efficient Distributed Linear Programming with Limited Disclosure
Abstract
In today’s networked world, resource providers and consumers are distributed globally and locally. However, with resource constraints, optimization is necessary to ensure the best possible usage of such scarce resources. Distributed linear programming (DisLP) problems allow collaborative agents to jointly maximize profits (or minimize costs) with a linear objective function while conforming to several shared as well as local linear constraints. Since each agent’s share of the global constraints and the local constraints generally refer to its private limitations or capacities, serious privacy problems may arise if such information is revealed. While there have been some solutions proposed that allow secure computation of such problems, they typically rely on inefficient protocols with enormous communication cost. In this paper, we present a secure and extremely efficient protocol to solve DisLP problems where constraints are arbitrarily partitioned and no variable is shared between agents. In the entire protocol, each agent learns only a partial solution (about its variables), but learns nothing about the private input/output of other agents, assuming semi-honest behavior. We present a rigorous security proof and communication cost analysis for our protocol and experimentally validate the costs, demonstrating its robustness.
Yuan Hong, Jaideep Vaidya, Haibing Lu
Privacy-Preserving Data Mining: A Game-Theoretic Approach
Abstract
Privacy-preserving data mining has been an active research area in recent years due to privacy concerns in many distributed data mining settings. Protocols for privacy-preserving data mining have considered semi-honest, malicious, and covert adversarial models in cryptographic settings, whereby an adversary is assumed to follow, arbitrarily deviate from the protocol, or behaving somewhere in between these two, respectively. Semi-honest model provides weak security requiring small amount of computation, on the other hand, malicious and covert models provide strong security requiring expensive computations like homomorphic encryptions. However, game theory allows us to design protocols where parties are neither honest nor malicious but are instead viewed as rational and are assumed (only) to act in their own self-interest. In this paper, we build efficient and secure set-intersection protocol in game-theoretic setting using cryptographic primitives. Our construction avoids the use of expensive tools like homomorphic encryption and oblivious transfer. We also show that our protocol satisfies computational versions of strict Nash equilibrium and stability with respect to trembles.
Atsuko Miyaji, Mohammad Shahriar Rahman

Authentication and Secret Sharing

Enhancing CardSpace Authentication Using a Mobile Device
Abstract
In this paper we propose a simple, novel scheme for using a mobile device to enhance CardSpace authentication. During the process of user authentication on a PC using CardSpace, a random and short-lived one-time password is sent to the user’s mobile device; this must then be entered into the PC by the user when prompted. The scheme does not require any changes to login servers, the CardSpace identity selector, or to the mobile device itself. We specify the scheme and give details of a proof-of-concept prototype. Security and operational analyses are also provided.
Haitham S. Al-Sinani, Chris J. Mitchell
Verifiable Secret Sharing with Comprehensive and Efficient Public Verification
Abstract
VSS (verifiable secret sharing) is an important security protection tool in distributed systems. When VSS is employed in publicly verifiable applications, it needs to achieve public verifiability and be upgraded to PVSS (publicly verifiable secret sharing). Besides the two basic security properties, bindingness and hidingness, PVSS concentrates on public verifiability of validity all the operations in VSS so that there is no doubt about any operation and any dispute can be publicly solved. The existing PVSS schemes achieve security and public verifiability at a high cost. Moreover, their public verification operations are not defined and specified comprehensively and in complete details. In addition, most of them are vulnerable to an attack called simple plaintext attack. To overcome those drawbacks in PVSS, a new PVSS protocol is proposed in this paper. It defines public verifiability of VSS in a comprehensive and formal security model, which describes every verification operation in details and can publicly solve any dispute. All the public verification operations are efficiently implemented in the new PVSS protocol, which is more efficient than the existing PVSS schemes. It prevents simple plaintext attack in an efficient way.
Kun Peng

Short Papers

A Robust Remote User Authentication Scheme against Smart Card Security Breach
Abstract
Remote user authentication is important to identify whether communicating parties are genuine and trustworthy using the password and the smart card between a login user and a remote server. Recently, we find that Kim et al.’s password-based authentication scheme [1] assume that the attacker cannot extract the secret information of the smart card. However, in reality, the authors in [2,8] show that the secrets stored in the card can be extracted by monitoring its power consumption. Therefore, Kim et al.’s scheme fail to resist smart card security breach. As the main contribution of this paper, a robust remote user authentication scheme against smart card security breach is presented, while keeping the merits of the well-known smart card based authentication schemes.
Chun-Ta Li, Cheng-Chi Lee, Chen-Ju Liu, Chin-Wen Lee
N-Gram Based Secure Similar Document Detection
Abstract
Secure similar document detection (SSDD) plays an important role in many applications, such as justifying the need-to-know basis and facilitating communication between government agencies. The SSDD problem considers situations where Alice with a query document wants to find similar information from Bob’s document collection. During this process, the content of the query document is not disclosed to Bob, and Bob’s document collection is not disclosed to Alice. Existing SSDD protocols are developed under the vector space model, which has the advantage of identifying global similar information. To effectively and securely detect similar documents with overlapping text fragments, this paper proposes a novel n-gram based SSDD protocol.
Wei Jiang, Bharath K. Samanthula
An Index Structure for Private Data Outsourcing
Abstract
Data outsourcing provides companies a cost effective method for their data to be stored, managed, and maintained by a third-party. Data outsourcing offers many economical benefits, but also introduces several privacy concerns. Many solutions have been proposed for maintaining privacy while outsourcing data in the data as plain-text model. We propose a method that can maintain a similar level of privacy while improving upon the query performance of previous solutions. The motivating principle behind our solution is that if the data owner possesses a small amount of secure local storage, it can be used as a pseudo-index table to improve query performance for selection queries involving conjunctions. We offer a heuristic approach for calculating the required storage resources and provide experimental analysis of the scheme.
Aaron Steele, Keith B. Frikken
Selective Disclosure on Encrypted Documents
Abstract
With tackling the dilemma between the privacy concern and information utilization in mind, an efficient pairing-based instantiation of a new primitive, which we call Selective Disclosure scheme, is proposed in this paper. Selective Disclosure scheme allows the document issuer to distribute and publish the outsourced document in a secure way such that it achieves fine-grained authorized reading by selective parts in a document to different visitors and only one copy is needed. It is proved secure against fully adaptive adversaries in the random oracle model. The Selective Disclosure technique will be of use by embedding or integrating it into various word processors, e-mail,.etc.
Hao Lei, Dengguo Feng
A New Leakage-Resilient IBE Scheme in the Relative Leakage Model
Abstract
We propose the first leakage-resilient Identity-Based Encryption (IBE) scheme with full domain hash structure. Our scheme is leakage-resilient in the relative leakage model and the random oracle model under the decisional bilinear Diffie-Hellman (DBDH) assumption.
Yu Chen, Song Luo, Zhong Chen
Accurate Accident Reconstruction in VANET
Abstract
We propose a forensic VANET application to aid an accurate accident reconstruction. Our application provides a new source of objective real-time data impossible to collect using existing methods. By leveraging inter-vehicle communications, we compile digital evidence describing events before, during, and after an accident in its entirety. In addition to sensors data and major components’ status, we provide relative positions of all vehicles involved in an accident. This data is corroborated by observations provided by witness vehicles to rectify inconsistencies. Our application utilizes the mandatory form of VANET communication (beacons), making it non-obtrusive in terms of resource and bandwidth consumption.
Yuliya Kopylova, Csilla Farkas, Wenyuan Xu
Cyber Situation Awareness: Modeling the Security Analyst in a Cyber-Attack Scenario through Instance-Based Learning
Abstract
In a corporate network, the situation awareness (SA) of a security analyst is of particular interest. A security analyst is in charge of observing the online operations of a corporate network (e.g., an online retail company with an external webserver and an internal fileserver) from threats of random or organized cyber-attacks. The current work describes a cognitive Instance-based Learning (IBL) model of the recognition and comprehension processes of a security analyst in a simple cyber-attack scenario. The IBL model first recognizes cyber-events (e.g., execution of a file on a server) in the network based upon events’ situation attributes and the similarity of events’ attributes to past experiences (instances) stored in analyst’s memory. Then, the model reasons about a sequence of observed events being a cyber-attack or not, based upon instances retrieved from memory and the risk-tolerance of a simulated analyst. The execution of the IBL model generates predictions of the recognition and comprehension processes of security analyst in a cyber-attack. An analyst’s decisions are evaluated in the model based upon two cyber SA metrics of accuracy and timeliness of analyst’s decision actions. Future work in this area will focus on collecting human data to validate the predictions made by the model.
Varun Dutt, Young-Suk Ahn, Cleotilde Gonzalez
Leveraging UML for Security Engineering and Enforcement in a Collaboration on Duty and Adaptive Workflow Model That Extends NIST RBAC
Abstract
To facilitate collaboration in the patient-centered medical home (PCMH), our prior work extended the NIST role-based access control (RBAC) model to yield a formal collaboration on duty and adaptive workflow (COD/AWF) model. The next logical step is to place this work into the context of an integrated software process for security engineering from design through enforcement. Towards this goal, we promote a secure software engineering process that leverages an extended unified modeling language (UML) to visualize COD/AWF policies to achieve a solution that separates concerns while still providing the means to securely engineer dynamic collaborations for applications such as the PCMH. Once defined, these collaboration UML diagrams can be utilized to generate the corresponding aspect oriented policy code upon which the enforcement mechanism can be applied to at runtime.
Solomon Berhe, Steven Demurjian, Swapna Gokhale, Jaime Pavlich-Mariscal, Rishi Saripalle
Preserving Privacy in Structural Neuroimages
Abstract
Evolving technology has enabled large-scale collaboration for neuroimaging data. For high resolution structural neuroimages, these data are inherently identifiable and must be given the same privacy considerations as facial photographs. To preserve privacy, identifiable metadata should be removed or replaced, and the voxel data de-identified to remove facial features by applying skull stripping or a defacing algorithm. The Quickshear Defacing method uses a convex hull to identify a plane that divides the volume into two parts, one containing facial features and another the brain volume, and removes the voxels on the facial features side. This method is an effective alternative to existing solutions and can provide reductions in running time.
Nakeisha Schimke, Mary Kuehler, John Hale
Backmatter
Metadaten
Titel
Data and Applications Security and Privacy XXV
herausgegeben von
Yingjiu Li
Copyright-Jahr
2011
Verlag
Springer Berlin Heidelberg
Electronic ISBN
978-3-642-22348-8
Print ISBN
978-3-642-22347-1
DOI
https://doi.org/10.1007/978-3-642-22348-8

Premium Partner

    Bildnachweise