ISSEC is a scholarly, scientific journal that publishes original research papers in all areas of information and system security, including technologies, systems, applications, and policies.

ACM Transactions on Information and System Security is a scholarly and scientific journal that publishes original research papers in all areas of information and system security, including technologies, systems, applications, and policies.

《ACM Transactions on Information and System Security》是一本学术性、科学性的期刊，致力于发表信息与系统安全领域的原创研究论文，涵盖技术、系统、应用和政策等各个方面。

ACM Transactions on Information and System Security

Tor is one of the more popular systems for anonymizing near-real-time communications on the Internet. Borisov et al. [2007] proposed a denial-of-service-based attack on Tor (and related systems) that significantly increases the probability of compromising the anonymity provided. In this article, we analyze the effectiveness of the attack using both an analytic model and simulation. We also describe two algorithms for detecting such attacks, one deterministic and proved correct, the other probabilistic and verified in simulation.

Norman Danner

Sam Defabbia-Kane

Danny Krizanc

Marc Liberatore

Effectiveness and detection of denial-of-service attacks in tor

Tor中拒绝服务攻击的有效性和检测

It is generally believed to be a tedious, time-consuming, and error-prone process to develop a virtual machine introspection (VMI) tool because of the semantic gap. Recent advance shows that the semantic-gap can be largely narrowed by reusing the executed code from a trusted OS kernel. However, the limitation for such an approach is that it only reuses the exercised code through a training process, which suffers the code coverage issues. Thus, in this article, we present Vmst, a new technique that can seamlessly bridge the semantic gap and automatically generate the VMI tools. The key idea is that, through system wide instruction monitoring, Vmst automatically identifies the introspection related data from a secure-VM and online redirects these data accesses to the kernel memory of a product-VM, without any training. Vmst offers a number of new features and capabilities. Particularly, it enables an in-VM inspection program (e.g., ps) to automatically become an out-of-VM introspection program. We have tested Vmst with over 25 commonly used utilities on top of a number of different OS kernels including Linux and Microsoft Windows. The experimental results show that our technique is general (largely OS-independent), and it introduces 9.3X overhead for Linux utilities and 19.6X overhead for Windows utilities on average for the introspected program compared to the native in-VM execution without data redirection.

Yangchun Fu

Zhiqiang Lin

Bridging the Semantic Gap in Virtual Machine Introspection via Online Kernel Data Redirection

通过在线内核数据重定向弥合虚拟机自省中的语义鸿沟

Cloud computing services are becoming more prevalent and readily available today, bringing to us economies of scale and making large-scale computation feasible. Security and privacy considerations, however, stand in the way of fully utilizing the benefits of such services and architectures. In this work we address the problem of secure outsourcing of large-scale biometric experiments to a cloud or grid in a way that the client can verify that with very high probability the task was computed correctly. We conduct thorough theoretical analysis of the proposed techniques and provide implementation results that indicate that our solution imposes modest overhead.

Marina Blanton

Yihua Zhang

Keith B. Frikken

Secure and verifiable outsourcing of large-scale biometric computations

安全可验证的大规模生物特征计算外包

For performance and for incorporating legacy libraries, many Java applications contain native-code components written in unsafe languages such as C and C++. Native-code components interoperate with Java components through the Java Native Interface (JNI). As native code is not regulated by Java's security model, it poses serious security threats to the managed Java world. We introduce a security framework that extends Java's security model and brings native code under control. Leveraging software-based fault isolation, the framework puts native code in a separate sandbox and allows the interaction between the native world and the Java world only through a carefully designed pathway. Two different implementations were built. In one implementation, the security framework is integrated into a Java Virtual Machine (JVM). In the second implementation, the framework is built outside of the JVM and takes advantage of JVM-independent interfaces. The second implementation provides JVM portability, at the expense of some performance degradation. Evaluation of our framework demonstrates that it incurs modest runtime overhead while significantly enhancing the security of Java applications.

Mengtao Sun

Gang Tan

Joseph Siefers

Bin Zeng

Greg Morrisett

Bringing java's wild native world under control

掌控Java的狂野原生世界

General-purpose communication systems such as GSM and UMTS have been in the focus of security researchers for over a decade now. Recently also technologies that are only used under more specific circumstances have come into the spotlight of academic research and the hacker scene alike. A striking example of this is recent work [Driessen et al. 2012] that analyzed the security of the over-the-air encryption in the two existing ETSI satphone standards GMR-1 and GMR-2. The firmware of handheld devices was reverse-engineered and the previously unknown stream ciphers A5-GMR-1 and A5-GMR-2 were recovered. In a second step, both ciphers were cryptanalized, resulting in a ciphertext-only attack on A5-GMR-1 and a known-plaintext attack on A5-GMR-2. In this work, we extend the aforementioned results in the following ways: First, we improve the proposed attack on A5-GMR-1 and reduce its average-case complexity from 2 32 to 2 21 steps. Second, we implement a practical attack to successfully record communications in the Thuraya network and show that it can be done with moderate effort for approximately $5,000. We describe the implementation of our modified attack and the crucial aspects to make it practical. Using our eavesdropping setup, we recorded 30 seconds of our own satellite-to-satphone communication and show that we are able to recover Thuraya session keys in half an hour (on average). We supplement these results with experiments designed to highlight the feasibility of also eavesdropping on the satphone's emanations. The purpose of this article is threefold: Develop and demonstrate more practical attacks on A5-GMR-1, summarize current research results in the field of GMR-1 and GMR-2 security, and shed light on the amount of work and expertise it takes from setting out to analyze a complex system to actually break it in the real world.

Benedikt Driessen

Ralf Hund

Carsten Willems

Christof Paar

Thorsten Holz

An experimental security analysis of two satphone standards

两个卫星电话标准的实验性安全分析

Password-composition policies are the result of service providers becoming increasingly concerned about the security of online accounts. These policies restrict the space of user-created passwords to preclude easily guessed passwords and thus make passwords more difficult for attackers to guess. However, many users struggle to create and recall their passwords under strict password-composition policies, for example, ones that require passwords to have at least eight characters with multiple character classes and a dictionary check. Recent research showed that a promising alternative was to focus policy requirements on password length instead of on complexity. In this work, we examine 15 password policies, many focusing on length requirements. In doing so, we contribute the first thorough examination of policies requiring longer passwords. We conducted two online studies with over 20,000 participants, and collected both usability and password-strength data. Our findings indicate that password strength and password usability are not necessarily inversely correlated: policies that lead to stronger passwords do not always reduce usability. We identify policies that are both more usable and more secure than commonly used policies that emphasize complexity rather than length requirements. We also provide practical recommendations for service providers who want their users to have strong yet usable passwords.

Richard Shay

Saranga Komanduri

Adam L. Durity

Phillip (Seyoung) Huh

Michelle L. Mazurek

Sean M. Segreti

Blase Ur

Lujo Bauer

Nicolas Christin

Lorrie Faith Cranor

Designing Password Policies for Strength and Usability

设计强密码策略与可用性

Despite the tremendous amount of research fronting the use of touch gestures as a mechanism of continuous authentication on smart phones, very little research has been conducted to evaluate how these systems could behave if attacked by sophisticated adversaries. In this article, we present two Lego-driven robotic attacks on touch-based authentication: a population statistics--driven attack and a user-tailored attack. The population statistics--driven attack is based on patterns gleaned from a large population of users, whereas the user-tailored attack is launched based on samples stolen from the victim. Both attacks are launched by a Lego robot that is trained on how to swipe on the touch screen. Using seven verification algorithms and a large dataset of users, we show that the attacks cause the system’s mean false acceptance rate (FAR) to increase by up to fivefold relative to the mean FAR seen under the standard zero-effort impostor attack. The article demonstrates the threat that robots pose to touch-based authentication and provides compelling evidence as to why the zero-effort attack should cease to be used as the benchmark for touch-based authentication systems.

Abdul Serwadda

Vir V. Phoha

Zibo Wang

Rajesh Kumar

Diksha Shukla

Toward Robotic Robbery on the Touch Screen

面向触摸屏的机器人抢劫

When people utilize social applications and services, their privacy suffers a potential serious threat. In this article, we present a novel, robust, and effective de-anonymization attack to mobility trace data and social data. First, we design a Unified Similarity (US) measurement, which takes account of local and global structural characteristics of data, information obtained from auxiliary data, and knowledge inherited from ongoing de-anonymization results. By analyzing the measurement on real datasets, we find that some data can potentially be de-anonymized accurately and the other can be de-anonymized in a coarse granularity. Utilizing this property, we present a US-based De-Anonymization (DA) framework, which iteratively de-anonymizes data with accuracy guarantee. Then, to de-anonymize large-scale data without knowledge of the overlap size between the anonymized data and the auxiliary data, we generalize DA to an Adaptive De-Anonymization (ADA) framework. By smartly working on two core matching subgraphs , ADA achieves high de-anonymization accuracy and reduces computational overhead. Finally, we examine the presented de-anonymization attack on three well-known mobility traces: St Andrews, Infocom06, and Smallblue, and three social datasets: ArnetMiner, Google+, and Facebook. The experimental results demonstrate that the presented de-anonymization framework is very effective and robust to noise. The source code and employed datasets are now publicly available at SecGraph [2015].

Shouling Ji

Weiqing Li

Mudhakar Srivatsa

Jing Selena He

Raheem Beyah

General Graph Data De-Anonymization

通用图数据去匿名化

Biometric authentication verifies a user based on its inherent, unique characteristics—who you are. In addition to physiological biometrics, behavioral biometrics has proven very useful in authenticating a user. Mouse dynamics, with their unique patterns of mouse movements, is one such behavioral biometric. In this article, we present a user verification system using mouse dynamics, which is transparent to users and can be naturally applied for continuous reauthentication. The key feature of our system lies in using much more fine-grained (point-by-point) angle-based metrics of mouse movements for user verification. These new metrics are relatively unique from person to person and independent of a computing platform. Moreover, we utilize support vector machines (SVMs) for quick and accurate classification. Our technique is robust across different operating platforms, and no specialized hardware is required. The efficacy of our approach is validated through a series of experiments, which are based on three sets of user mouse movement data collected in controllable environments and in the field. Our experimental results show that the proposed system can verify a user in an accurate and timely manner, with minor induced system overhead.

Nan Zheng

Aaron Paloski

Haining Wang

An Efficient User Verification System Using Angle-Based Mouse Movement Biometrics

基于角度特征的鼠标移动生物识别高效用户验证系统

Aggregator-oblivious encryption is a useful notion put forward by Shi et al. in 2011 that allows an untrusted aggregator to periodically compute an aggregate value over encrypted data contributed by a set of users. Such encryption schemes find numerous applications, particularly in the context of privacy-preserving smart metering. This article presents a general framework for constructing privacy-preserving aggregator-oblivious encryption schemes using a variant of Cramer-Shoup’s paradigm of smooth projective hashing. This abstraction leads to new schemes based on a variety of complexity assumptions. It also improves upon existing constructions, providing schemes with shorter ciphertexts and better encryption times.

涉及主题	计算机科学计算机安全操作系统计算机网络数学程序设计语言工程类政治学法学生物人工智能算法哲学经济万维网生态学访问控制统计地理理论计算机科学
出版信息	出版商: Association for Computing Machinery (ACM)，出版周期: Quarterly，期刊类型: journal，开源期刊: 否
基本数据	创刊年份: 1999，原创研究文献占比: 0.00%，自引率:N.A.， Gold OA占比: 0.00%
平均审稿周期	网友分享经验：平均6.0个月
平均录用比例	网友分享经验：容易

ACM Transactions on Information and System Security

期刊引文格式

有 1 位以上作者的期刊

有 2 位作者的期刊

有 3 位作者的期刊

有 5 位以上作者的期刊

书籍引用格式

学位论文引用格式

网页引用格式

专利引用格式

手工熬夜修改参考文献？研飞自动匹配期刊，一键轻松成稿，支持 Word/WPS

投稿经验分享