Data and Applications Security and Privacy XXXI
31st Annual IFIP WG 11.3 Conference, DBSec 2017, Philadelphia, PA, USA, July 19-21, 2017, Proceedings
Published on 19. June 2017
XIII, 556 pages
978-3-319-61176-1 (ISBN)
Description
This book constitutes the refereed proceedings of the 31st Annual IFIP WG 11.3 International Working Conference on Data and Applications Security and Privacy, DBSec 2017, held in Philadelphia, PA, USA, in July 2017.
The 21 full papers and 9 short papers presented were carefully reviewed and selected from 59 submissions. The papers are organized in topical sections on access control, privacy, cloud security, secure storage in the cloud, secure systems, and security in networks and Web.
The 21 full papers and 9 short papers presented were carefully reviewed and selected from 59 submissions. The papers are organized in topical sections on access control, privacy, cloud security, secure storage in the cloud, secure systems, and security in networks and Web.
More details
Series
Edition
1st ed. 2017
Language
English
Place of publication
Cham
Switzerland
Publishing group
Springer International Publishing
Product notice
Reflowable
Illustrations
XIII, 556 p. 137 illus.
File size
31,70 MB
ISBN-13
978-3-319-61176-1 (9783319611761)
DOI
10.1007/978-3-319-61176-1
Schweitzer Classification
Other editions
Additional editions
Giovanni Livraga | Sencun Zhu
Data and Applications Security and Privacy XXXI
31st Annual IFIP WG 11.3 Conference, DBSec 2017, Philadelphia, PA, USA, July 19-21, 2017, Proceedings
Book
06/2017
Springer
€53.49
Shipment within 10-15 days
Content
- Intro
- Preface
- Organization
- Contents
- Access Control
- Cryptographically Enforced Role-Based Access Control for NoSQL Distributed Databases
- 1 Introduction
- 2 Background and Related Work
- 3 Proposed Design
- 3.1 Read/Write Access
- 3.2 Write Access Issues
- 3.3 ACP Updates
- 3.4 Formal Description of the Protocol
- 4 Conclusions
- References
- Resilient Reference Monitor for Distributed Access Control via Moving Target Defense
- 1 Introduction
- 2 Background and Related Works
- 2.1 Protection of Access Control Subsystems
- 2.2 Moving Target Defense
- 2.3 Leader Election
- 2.4 Consensus Algorithms
- 2.5 Byzantine Fault Tolerance
- 2.6 Service Location Protocol
- 3 Architecture Overview
- 3.1 Access Control Architecture Components
- 3.2 Threat Model
- 4 Distributed Access Control Architecture
- 4.1 The Client
- 4.2 The Authorization Control Service
- 4.3 The Discovery Service
- 4.4 The Resource Access Service
- 5 Implementation
- 5.1 Clients and Resource Access Service
- 5.2 Authorization Control Server
- 5.3 Discovery Service
- 6 Conclusion and Future Work
- References
- Preventing Unauthorized Data Flows
- 1 Introduction
- 2 Preliminaries
- 3 Access Control Systems Data Leakage Free by Design
- 3.1 MDFP is NP-complete
- 3.2 ILP Formulation
- 3.3 Compact ILP Formulation
- 4 Preventing Data Leakages with Monitors
- 5 Experimental Evaluation
- 6 Related Work
- 7 Conclusions and Future Work
- 7.1 Proof of Lemma1
- 7.2 Proof of Theorem2
- 7.3 Proof of Theorem4
- References
- Object-Tagged RBAC Model for the Hadoop Ecosystem
- 1 Introduction
- 2 Multi-layer Authorization in Hadoop Ecosystem
- 3 Hadoop Ecosystem Access Control Model
- 4 Object-Tagged RBAC for Hadoop Ecosystem
- 5 Proposed Implementation
- 6 Attributes Based Extensions to OT-RBAC
- 6.1 Dynamic Roles
- 6.2 Attribute Centric
- 6.3 Role Centric
- 7 Related Work
- 8 Conclusion and Future Work
- References
- Identification of Access Control Policy Sentences from Natural Language Policy Documents
- 1 Introduction
- 2 Related Work
- 3 Background
- 3.1 Pointwise Mutual Information
- 3.2 Measures of Syntactic Complexity
- 3.3 Machine Learning
- 3.4 Attribute-Based Access Control
- 4 The Proposed Methodology
- 4.1 Preprocess Engine
- 4.2 Feature Engine
- 4.3 Classification
- 5 Experiments and Results
- 5.1 Dataset(s)
- 5.2 Evaluation Criteria
- 5.3 Experimental Results
- 6 Discussion
- 7 Conclusion and Future Work
- References
- Fast Distributed Evaluation of Stateful Attribute-Based Access Control Policies
- 1 Introduction
- 2 Algorithm
- 3 Evaluation
- 4 Related Work
- References
- Privacy
- Gaussian Mixture Models for Classification and Hypothesis Tests Under Differential Privacy
- 1 Introduction
- 1.1 Differential Privacy
- 2 Related Work
- 3 Hypothesis Tests Under Differential Privacy
- 3.1 One Sample z Test
- 3.2 One Sample t Test
- 3.3 Two Sample t Test with Equal Variance
- 3.4 Experimental Evaluation
- 4 Differentially Private Bayesian Classifier for Gaussian Mixture Models
- 4.1 Repair Noise Added Variance-Covariance Matrix
- 4.2 Experimental Evaluation
- 5 Summary
- References
- Differentially Private K-Skyband Query Answering Through Adaptive Spatial Decomposition
- 1 Introduction
- 2 Preliminaries
- 2.1 Differential Privacy
- 2.2 K-Skyband Queries
- 3 Approaches
- 3.1 BBS-Priv
- 3.2 Differentially Private K-Skyband Tree
- 4 Evaluations
- 4.1 Results on Synthetic Datasets
- 4.2 Results on Real Datasets
- 5 Related Work
- 6 Conclusion
- A Algorithm of k-Skyband Tree
- B Results with Different Error Tolerance Rates
- References
- Mutually Private Location Proximity Detection with Access Control
- 1 Introduction
- 1.1 Motivation
- 1.2 Existing and Potential Solutions
- 1.3 Our Contributions
- 2 Related Work
- 2.1 Location Perturbation and Transformation
- 2.2 Access Control
- 2.3 Private Information Retrieval
- 2.4 Encryption
- 3 Problem Setting and Preliminaries
- 3.1 Framework Model
- 3.2 Privacy Model
- 3.3 Ciphertext Policy Attribute Based Encryption
- 3.4 Hidden Vector Encryption
- 4 Protocol Description
- 4.1 AOI and User Attributes
- 4.2 Setup
- 4.3 Encrypting AOIs with Access Policy
- 4.4 Encrypting User Location
- 4.5 Querying Proximity to AOIs
- 5 Security and Privacy
- 6 Experiments
- 7 Conclusion
- References
- Privacy-Preserving Elastic Net for Data Encrypted by Different Keys - With an Application on Biomarker Discovery
- 1 Introduction
- 2 Model Description
- 3 Preliminaries
- 3.1 Elastic Net Regression
- 3.2 Support Vector Machine with Squared Hinge Loss
- 3.3 Reduction from Elastic Net to SVM
- 4 Our Scheme
- 4.1 Building Blocks
- 4.2 Our Construction
- 5 Security Analysis
- 6 Experimental Evaluation
- 7 Discussion and Conclusions
- References
- Privacy-Preserving Community-Aware Trending Topic Detection in Online Social Media
- 1 Introduction
- 2 Related Work
- 3 Data and Attack Models
- 3.1 Data Model
- 3.2 Attack Model
- 4 Privacy Model
- 4.1 Sensitive Attribute Inference
- 4.2 Naive Bayes Inference
- 5 Privacy Preservation Methodology
- 5.1 Utility of Trending Topics
- 5.2 Community Attribute Anonymization
- 5.3 Finding the Best Anonymization Strategy
- 6 Experimental Results
- 7 Conclusions
- References
- Privacy-Preserving Outlier Detection for Data Streams
- 1 Introduction
- 2 Related Work
- 3 Preliminaries
- 4 Relaxed Differential Privacy
- 4.1 Relaxed Sensitivity
- 4.2 Approximation of Relaxed Sensitivity
- 5 Outliers and False Negative Types
- 6 Relaxed Differentially Private Outlier Detection and Correction
- 6.1 Correction Algorithm
- 6.2 Privacy of the Correction Algorithm
- 7 Outlier Detection Evaluation
- 8 Conclusion
- References
- Undoing of Privacy Policies on Facebook
- 1 Introduction
- 2 Access Control in Facebook: User Representation, Social Graph
- 2.1 Social Graph of Facebook
- 2.2 Representation of User Events and Interpretation of Privacy Policies
- 3 Policy Specification for Access over Users in Facebook
- 3.1 Lists as Policy: Extensional vs Intensional Information Classification
- 3.2 Policy Evaluation and End-to-End Enforcement
- 3.3 Reasoning About Access Control in Facebook w.r.t. Social Graph
- 4 Analysis of Privacy-Preservation in Facebook Through User Specified Policies/Actions
- 5 Is There a Way to Preserve the Intentions of Policies?
- 6 Related Work
- 7 Conclusion
- A Appendix
- References
- Cloud Security
- Towards Actionable Mission Impact Assessment in the Context of Cloud Computing
- 1 Introduction
- 2 Our Approach
- 3 The Semantic Gap Between the Attack Graph and the Mission Dependency Graph
- 4 Incorporating Cloud-Level Attack Graphs
- 5 Mission Impact Graph and Graph Generation
- 6 Case Study
- 7 Related Work
- 8 Conclusion
- References
- Reducing Security Risks of Clouds Through Virtual Machine Placement
- 1 Introduction
- 2 Related Work
- 3 Problem Formulation
- 3.1 Threat Model and Security Assumptions
- 3.2 Security Assessment
- 3.3 An Example Using Our Model and Metrics
- 3.4 Objectives in VM Placement
- 4 SMOOP Design
- 4.1 Security-Aware Multi-objective Optimization Based VMP
- 4.2 Crossover and Mutation Operation
- 4.3 Prioritize the Objectives
- 5 Evaluation
- 5.1 Computing Complexity
- 5.2 Effectiveness in Risk Reduction
- 5.3 Effectiveness of Multi-objective Optimization
- 5.4 Comparison with Random-FFD Algorithm
- 6 Conclusion
- References
- Firewall Policies Provisioning Through SDN in the Cloud
- 1 Related Work
- 2 SDN Firewall Policy Provisioning Model
- 2.1 Scenario Description
- 2.2 Expression of Firewall Policies
- 2.3 Assessment of Firewall Policies
- 2.4 Establishment of Contract
- 2.5 Enforcement of Security Policy
- 3 Evaluation
- 4 Conclusion and Perspectives
- A RENP Protocol
- References
- Budget-Constrained Result Integrity Verification of Outsourced Data Mining Computations
- 1 Introduction
- 2 Preliminaries
- 2.1 Budgeted Maximization Coverage (BMC) Problem
- 2.2 Budget-Constrained Verification
- 2.3 Verification Goal
- 3 NC-based Verification Approach
- 3.1 Basic Approach
- 3.2 A More Robust Approach
- 4 Experiments
- 4.1 Setup
- 4.2 Robustness of Probabilistic Verification
- 4.3 Verification Performance
- 4.4 Comparison with Metamorphic Testing (MT)
- 5 Related Work
- 6 Conclusion
- References
- Searchable Encryption to Reduce Encryption Degradation in Adjustably Encrypted Databases
- 1 Introduction
- 2 Related Work
- 2.1 Queries on Encrypted Data
- 2.2 Searchable Encryption
- 3 Searchable Encryption
- 3.1 Definitions
- 3.2 Performance Calibration
- 4 Detecting and Handling Infrequently Used Columns
- 4.1 Problem
- 4.2 Algorithm
- 4.3 Cost Estimation
- 5 Experimental Results
- 5.1 Security Measure
- 5.2 Performance Measure
- 5.3 Experimental Setup
- 5.4 Budget Increment
- 5.5 Budget Upper Limit
- 5.6 Budget Update Strategy
- References
- Efficient Protocols for Private Database Queries
- 1 Introduction
- 1.1 Reviews of Recent Works
- 1.2 Our Contribution
- 2 Our Protocols
- 2.1 Attribute Matching
- 2.2 Batch Processing
- 2.3 Protocol for Conjunctive Query
- 2.4 Protocol for Disjunctive Query
- 3 Packing Method
- 3.1 Our Packing Method for Value Matching
- 4 Secure Computation Procedure
- 4.1 Matching the Values in the Record
- 4.2 Secure Computation of Our Protocols
- 4.3 Hiding Additional Information from Leakage
- 5 Performance Analysis
- 5.1 Theoretical Evaluation
- 5.2 Parameter Settings and Security Level
- 5.3 Implementation Details
- 6 Conclusions
- References
- Toward Group-Based User-Attribute Policies in Azure-Like Access Control Systems
- 1 Introduction
- 2 Motivating Example
- 3 Preliminaries
- 3.1 Access Control in Azure
- 3.2 Generalized User Role Assignment
- 3.3 Administrative Role Based Access Control
- 4 User Attribute-Based Access Control in Azure-Like Platforms and State Transition System
- 4.1 User Attribute-Based Access Control
- 4.2 User Attribute-Based Systems
- 5 Group, Attribute and Role Reachability
- 6 Related Work
- 7 Concluding Remarks
- References
- Secure Storage in the Cloud
- High-Speed High-Security Public Key Encryption with Keyword Search
- 1 Introduction
- 1.1 Research Gap
- 1.2 Our Contribution
- 2 Preliminaries
- 2.1 NTRU-Based Cryptographic Tools
- 2.2 Identity-Based Encryption
- 2.3 Public Key Encryption with Keyword Search
- 2.4 Consistency of PEKS
- 3 Proposed Scheme
- 3.1 Completeness and Consistency
- 3.2 Discussion on Alternative NTRU-Based Constructions
- 4 Security Analysis
- 5 Performance Evaluation
- 5.1 Experimental Setup and Evaluation Metrics
- 5.2 Performance Evaluation and Comparisons
- 5.3 Discussion
- 6 Related Work
- 7 Conclusion
- References
- HardIDX: Practical and Secure Index with SGX
- 1 Introduction
- 2 Background
- 2.1 Intel Software Guard Extensions (SGX)
- 2.2 Side Channel Attacks
- 3 High Level Design
- 3.1 HardIDX Overview
- 3.2 Assumptions and Attacker Model.
- 4 Notation and Definitions
- 4.1 B+-tree
- 4.2 Probabilistic Symmetric Encryption
- 4.3 Hardware Secured B+-tree (HSBT)
- 5 Search Algorithms
- 5.1 Construction 1
- 5.2 Construction 2
- 5.3 Side Channels
- 6 Performance Evaluation
- 6.1 Construction 1 vs. Construction 2
- 6.2 Memory Management
- 6.3 Comparison with Related Work
- 7 Related Work
- 7.1 Searchable Encryption
- 7.2 Encrypted Databases
- 7.3 TEE-Based Applications
- 8 Conclusion
- A Proof Framework
- B (to.Lenc, Lhw)to.-Security Proof
- C Multiple Users
- References
- A Novel Cryptographic Framework for Cloud File Systems and CryFS, a Provably-Secure Construction
- 1 Introduction
- 1.1 Our Contribution
- 1.2 Related Work
- 2 A Security Model for Cryptographic File Systems
- 2.1 Basic Definitions
- 2.2 Modelling Non-adaptive Security
- 2.3 Modelling Adaptive Security
- 2.4 Modelling Integrity
- 2.5 Security Against Chosen Ciphertext Attacks
- 3 CryFS: An Encrypted File System for the Cloud
- 3.1 Data Structures, Blocks and Files
- 3.2 Directory Structure
- 3.3 Encryption and Integrity
- 4 Proving the Security of CryFS
- 5 Performance
- 6 Conclusion and Future Work
- A Adaptive Security of CryFS
- B Integrity of CryFS
- C Achieving Multi-user-Compatibility
- References
- Secure Systems
- Keylogger Detection Using a Decoy Keyboard
- 1 Introduction
- 2 Approach
- 2.1 Modeling Human Keystroke Dynamics
- 2.2 Low-Level Deceptive Driver
- 2.3 Keyboard Shadowing
- 2.4 First and Second Order Detection
- 3 Evaluation
- 4 Related Work
- 5 Conclusion
- References
- The Fallout of Key Compromise in a Proxy-Mediated Key Agreement Protocol
- 1 Introduction
- 2 Description of the Authenticated Key Agreement Protocol
- 2.1 Symmetric Proxy Re-encryption Primitive
- 2.2 Protocol Setting
- 2.3 Trust Assumptions
- 2.4 AKAPR Protocol Flow
- 3 Attacks to the AKAPR Protocol
- 3.1 Breaking Forward Secrecy
- 3.2 Key Compromise Impersonation Attacks
- 3.3 Limited Scope of Key Revocation and Update
- 4 Discussion
- 5 Conclusions
- References
- Improving Resilience of Behaviometric Based Continuous Authentication with Multiple Accelerometers
- 1 Introduction
- 2 Related Work
- 3 Challenges with Gait Authentication Schemes
- 3.1 Different Body Positions and Sensor Displacement
- 3.2 Misauthentication Resistance Under Different Motion Activities
- 3.3 Security Threats and Attacker Model
- 4 Evaluation
- 4.1 Activity-Agnostic Behaviometrics
- 4.2 Optimal Sensor Positions on the Body
- 4.3 Impact of Sensor Displacements
- 4.4 Impact of Other Motion Activities
- 4.5 Resilience Against Observation Attacks
- 5 Conclusion
- References
- Security in Networks and Web
- A Content-Aware Trust Index for Online Review Spam Detection
- 1 Introduction
- 2 Related Work
- 3 Aspect-Specific Opinion Indicator
- 3.1 Aspect Extraction
- 3.2 Opinion Vector and Quality Vector
- 4 Content-Based Trust Computation
- 5 Experiments
- 5.1 Dataset
- 5.2 Aspect Category and Sentiment Polarity Classifications
- 5.3 Trustworthiness Scores Computation
- 6 Conclusion
- References
- Securing Networks Against Unpatchable and Unknown Vulnerabilities Using Heterogeneous Hardening Options
- 1 Introduction
- 2 The Model
- 2.1 Extended Resource Graph
- 2.2 Heterogeneous Hardening Control and Cost Model
- 2.3 Problem Formulation
- 3 The Methodology
- 3.1 Optimization Algorithm
- 3.2 Case Studies
- 3.3 Heuristic Algorithm
- 4 Simulations
- 5 Related Work
- 6 Conclusions
- References
- A Distributed Mechanism to Protect Against DDoS Attacks
- 1 Introduction
- 2 Distributed Responsive Defense Approach
- 2.1 Identification Model
- 2.2 Bloom Filter Mechanism
- 2.3 Responsive Points' Identification
- 2.4 Packet Filtering
- 3 Evaluation
- 3.1 Metrics
- 3.2 Percentage of Collaborative SFProbes
- 3.3 Efficiency of Distributed Approach
- 3.4 End User's Utilization
- 3.5 Validation with Real Network Dataset
- 4 Conclusion
- References
- Securing Web Applications with Predicate Access Control
- 1 Introduction
- 2 Background
- 2.1 Modern Web Application Structure
- 2.2 Current SQL Access Controls
- 2.3 Threat Model
- 3 Toy Application: Gradebook
- 4 Application Interface
- 4.1 User Authentication Function
- 4.2 Predicate Access Control
- 4.3 Composition
- 4.4 Revocation, Ownership and De-authentication
- 5 Implementation
- 5.1 Architecture
- 5.2 PostgreSQL
- 5.3 On CONNECT Trigger
- 5.4 Policy Compiler
- 6 Evaluation
- 6.1 Expressiveness
- 6.2 Security
- 6.3 Performance
- 7 Related Work
- 7.1 Database Mechanisms
- 7.2 Non-DBMS Mechanisms
- 8 Conclusion
- References
- Author Index
