Masthead, 2011 Embry-Riddle Aeronautical University
Back Matter, 2011 Embry-Riddle Aeronautical University
Understanding And Protecting Privacy: Formal Semantics And Principled Audit Mechanisms, 2011 Singapore Management University
Understanding And Protecting Privacy: Formal Semantics And Principled Audit Mechanisms, Anupam Datta, Jeremiah Blocki, Nicolas Christin, Henry Deyoung, Deepak Garg, Limin Jia, Dilsun Kaynar, Arunesh Sinha
Research Collection School Of Computing and Information Systems
Privacy has become a significant concern in modern society as personal information about individuals is increasingly collected, used, and shared, often using digital technologies, by a wide range of organizations. Certain information handling practices of organizations that monitor individuals’ activities on the Web, data aggregation companies that compile massive databases of personal information, cell phone companies that collect and use location data about individuals, online social networks and search engines—while enabling useful services—have aroused much indignation and protest in the name of privacy. Similarly, as healthcare organizations are embracing electronic health record systems and patient portals to enable patients, employees, …
On Two Rfid Privacy Notions And Their Relations, 2011 Singapore Management University
On Two Rfid Privacy Notions And Their Relations, Yingjiu Li, Robert H. Deng, Junzuo Lai, Changshe Ma
Research Collection School Of Computing and Information Systems
Privacy of RFID systems is receiving increasing attention in the RFID community. Basically, there are two kinds of RFID privacy notions in the literature: one based on the indistinguishability of two tags, denoted as ind-privacy, and the other based on the unpredictability of the output of an RFID protocol, denoted as unp*-privacy. In this article, we first revisit the existing unpredictability-based RFID privacy models and point out their limitations. We then propose a new RFID privacy model, denoted as unp*-privacy, based on the indistinguishability of a real tag and a virtual tag. We formally clarify its relationship with the ind-privacy …
Automated Removal Of Cross Site Scripting Vulnerabilities In Web Applications, 2011 Singapore Management University
Automated Removal Of Cross Site Scripting Vulnerabilities In Web Applications, Lwin Khin Shar, Hee Beng Kuan Tan
Research Collection School Of Computing and Information Systems
Context: Cross site scripting (XSS) vulnerability is among the top web application vulnerabilities according to recent surveys. This vulnerability occurs when a web application uses inputs received from users in web pages without properly checking them. This allows an attacker to inject malicious scripts in web pages via such inputs such that the scripts perform malicious actions when a client visits the exploited web pages. Such an attack may cause serious security violations such as account hijacking and cookie theft. Current approaches to mitigate this problem mainly focus on effective detection of XSS vulnerabilities in the programs or prevention of …
Launching Return-Oriented Programming Attacks Against Randomized Relocatable Executables, 2011 Singapore Management University
Launching Return-Oriented Programming Attacks Against Randomized Relocatable Executables, Limin Liu, Jin Han, Debin Gao, Jiwu Jing, Daren Zha
Research Collection School Of Computing and Information Systems
Since the day it was proposed, return-oriented programming has shown to be an effective and powerful attack technique against the write or execute only (W ⊕ X) protection. However, a general belief in the previous research is, systems deployed with address space randomization where the executables are also randomized at run-time are able to defend against return-oriented programming, as the addresses of all instructions are randomized. In this paper, we show that due to the weakness of current address space randomization technique, there are still ways of launching return-oriented programming attacks against those well-protected systems efficiently. We demonstrate and evaluate …
Profit-Maximizing Firm Investments In Customer Information Security, 2011 Arizona State University
Profit-Maximizing Firm Investments In Customer Information Security, Yong Yick Lee, Robert J. Kauffman, Ryan Sougstad
Research Collection School Of Computing and Information Systems
When a customer interacts with a firm, extensive personal information often is gathered without the individual's knowledge. Significant risks are associated with handling this kind of information. Providing protection may reduce the risk of the loss and misuse of private information, but it imposes some costs on both the firm and its customers. Nevertheless, customer information security breaches still may occur. They have several distinguishing characteristics: (1) typically it is hard to quantify monetary damages related to them; (2) customer information security breaches may be caused by intentional attacks, as well as through unintentional organizational and customer behaviors; and (3) …
Applying Time-Bound Hierarchical Key Assignment In Wireless Sensor Networks, 2011 Chinese Academy of Sciences
Applying Time-Bound Hierarchical Key Assignment In Wireless Sensor Networks, Wentao Zhu, Robert H. Deng, Jianying Zhou, Feng Bao
Research Collection School Of Computing and Information Systems
Access privileges in distributed systems can be effectively organized as a partial-order hierarchy that consists of distinct security classes, and are often designated with certain temporal restrictions. The time-bound hierarchical key assignment problem is to assign distinct cryptographic keys to distinct security classes according to their privileges so that users from a higher class can use their class key to derive the keys of lower classes, and these keys are time-variant with respect to sequentially allocated temporal units called time slots. In this paper, we explore applications of time-bound hierarchical key assignment in a wireless sensor network environment where there …
General Construction Of Chameleon All-But-One Trapdoor Functions, 2011 Shanghai Jiaotong University
General Construction Of Chameleon All-But-One Trapdoor Functions, Shengli Liu, Junzuo Lai, Robert H. Deng
Research Collection School Of Computing and Information Systems
Lossy trapdoor functions enable black-box construction of public key encryption (PKE) schemes secure against chosen-ciphertext attack [18]. Recently, a more efficient black-box construction of public key encryption was given in [12] with the help of chameleon all-but-one trapdoor functions (ABO-TDFs).In this paper, we propose a black-box construction for transforming any ABO-TDFs into chameleon ABO-TDFs with the help of chameleon hash functions. Instantiating the proposed general black-box construction of chameleon ABO-TDFs, we can obtain the first chameleon ABO-TDFs based on the Decisional Diffie-Hellman (DDH) assumption.
Adaptive Collision Resolution For Efficient Rfid Tag Identification, 2011 National Taiwan University of Science and Technology
Adaptive Collision Resolution For Efficient Rfid Tag Identification, Yung-Chun Chen, Kuo-Hui Yeh, Nai-Wei Lo, Yingjiu Li, Enrico Winata
Research Collection School Of Computing and Information Systems
In large-scale RFID systems, all of the communications between readers and tags are via a shared wireless channel. When a reader intends to collect all IDs from numerous existing tags, a tag identification process is invoked by the reader to collect the tags' IDs. This phenomenon results in tag-to-reader signal collisions which may suppress the system performance greatly. To solve this problem, we design an efficient tag identification protocol in which a significant gain is obtained in terms of both identification delay and communication overhead. A k-ary tree-based abstract is adopted in our proposed tag identification protocol as underlying architecture …
Privacy In "The Cloud": Applying Nissenbaum's Theory Of Contextual Integrity, 2011 Sacred Heart University
Privacy In "The Cloud": Applying Nissenbaum's Theory Of Contextual Integrity, Frances Grodzinsky, Herman T. Tavani
School of Computer Science & Engineering Faculty Publications
The present essay is organized into five main sections. We begin with a few preliminary remarks about "cloud computing," which are developed more fully in a later section. This is followed by a brief overview of the evolution of Helen Nissenbaum's framework of "privacy as contextual integrity." In particular, we examine Nissenbaum's "Decision Heuristic" model, described in her most recent work on privacy (Nissenabum 2010), to see how it enables the contextual-integrity framework to respond to privacy challenges posed by new and emerging technologies. We then apply that heuristic device to questions surrounding one aspect of cloud computing -- viz., …
Masthead, 2011 Embry-Riddle Aeronautical University
Front Matter, 2011 Embry-Riddle Aeronautical University
Back Matter, 2011 Embry-Riddle Aeronautical University
Packed, Printable, And Polymorphic Return-Oriented Programming, 2011 Singapore Management University
Packed, Printable, And Polymorphic Return-Oriented Programming, Kangjie Lu, Dabi Zou, Weiping Wen, Debin Gao
Research Collection School Of Computing and Information Systems
Return-oriented programming (ROP) is an attack that has been shown to be able to circumvent W ⊕ X protection. However, it was not clear if ROP can be made as powerful as non-ROP malicious code in other aspects, e.g., be packed to make static analysis difficult, be printable to evade non-ASCII filtering, be polymorphic to evade signature-based detection, etc. Research in these potential advances in ROP is important in designing counter-measures. In this paper, we show that ROP code could be packed, printable, and polymorphic. We demonstrate this by proposing a packer that produces printable and polymorphic ROP code. It …
A Novel Malware Target Recognition Architecture For Enhanced Cyberspace Situation Awareness, 2011 Air Force Institute of Technology
A Novel Malware Target Recognition Architecture For Enhanced Cyberspace Situation Awareness, Thomas E. Dube
Theses and Dissertations
The rapid transition of critical business processes to computer networks potentially exposes organizations to digital theft or corruption by advanced competitors. One tool used for these tasks is malware, because it circumvents legitimate authentication mechanisms. Malware is an epidemic problem for organizations of all types. This research proposes and evaluates a novel Malware Target Recognition (MaTR) architecture for malware detection and identification of propagation methods and payloads to enhance situation awareness in tactical scenarios using non-instruction-based, static heuristic features. MaTR achieves a 99.92% detection accuracy on known malware with false positive and false negative rates of 8.73e-4 and 8.03e-4 respectively. …
Detecting Man-In-The-Middle Attacks Against Transport Layer Security Connections With Timing Analysis, 2011 Air Force Institute of Technology
Detecting Man-In-The-Middle Attacks Against Transport Layer Security Connections With Timing Analysis, Lauren M. Wagoner
Theses and Dissertations
The Transport Layer Security (TLS) protocol is a vital component to the protection of data as it traverses across networks. From e-commerce websites to Virtual Private Networks (VPNs), TLS protects massive amounts of private information, and protecting this data from Man-in-the-Middle (MitM) attacks is imperative to keeping the information secure. This thesis illustrates how an attacker can successfully perform a MitM attack against a TLS connection without alerting the user to his activities. By deceiving the client machine into using a false certificate, an attacker takes away the only active defense mechanism a user has against a MitM. The goal …
An Empirical Analysis Of The Cascade Secret Key Reconciliation Protocol For Quantum Key Distribution, 2011 Air Force Institute of Technology
An Empirical Analysis Of The Cascade Secret Key Reconciliation Protocol For Quantum Key Distribution, Timothy I. Calver
Theses and Dissertations
The need to share key material with authorized entities in a secure, efficient and timely manner has driven efforts to develop new key distribution methods. The most promising method is Quantum Key Distribution (QKD) and is considered to be “unconditionally secure” because it relies upon the immutable laws of quantum physics rather than computational complexity. Unfortunately, the nonidealities present in actual implementations of QKD systems also result in errors manifested in the quantum data channel. As a consequence, an important component of any QKD system is the error reconciliation protocol which is used to identify and correct inconsistencies in the …
Linear Obfuscation To Combat Symbolic Execution, 2011 Singapore Management University
Linear Obfuscation To Combat Symbolic Execution, Zhi Wang, Jiang Ming, Chunfu Jia, Debin Gao
Research Collection School Of Computing and Information Systems
Trigger-based code (malicious in many cases, but not necessarily) only executes when specific inputs are received. Symbolic execution has been one of the most powerful techniques in discovering such malicious code and analyzing the trigger condition. We propose a novel automatic malware obfuscation technique to make analysis based on symbolic execution difficult. Unlike previously proposed techniques, the obfuscated code from our tool does not use any cryptographic operations and makes use of only linear operations which symbolic execution is believed to be good in analyzing. The obfuscated code incorporates unsolved conjectures and adds a simple loop to the original code, …
Improved Ordinary Measure And Image Entropy Theory Based Intelligent Copy Detection Method, 2011 Singapore Management University
Improved Ordinary Measure And Image Entropy Theory Based Intelligent Copy Detection Method, Dengpan Ye, Longfei Ma, Lina Wang, Robert H. Deng
Research Collection School Of Computing and Information Systems
Nowadays, more and more multimedia websites appear in social network. It brings some security problems, such as privacy, piracy, disclosure of sensitive contents and so on. Aiming at copyright protection, the copy detection technology of multimedia contents becomes a hot topic. In our previous work, a new computer-based copyright control system used to detect the media has been proposed. Based on this system, this paper proposes an improved media feature matching measure and an entropy based copy detection method. The Levenshtein Distance was used to enhance the matching degree when using for feature matching measure in copy detection. For entropy …