By Topic

2007 IEEE Symposium on Security and Privacy (SP '07)

Date 20-23 May 2007

Filter Results

Displaying Results 1 - 25 of 38
  • 2007 IEEE Symposium on Security and Privacy - Cover

    Publication Year: 2007, Page(s): c1
    Request permission for commercial reuse | PDF file iconPDF (818 KB)
    Freely Available from IEEE
  • 2007 IEEE Symposium on Security and Privacy - Title page

    Publication Year: 2007, Page(s): i
    Request permission for commercial reuse | PDF file iconPDF (36 KB)
    Freely Available from IEEE
  • [2007 IEEE Symposium on Security and Privacy - Copyright notice]

    Publication Year: 2007, Page(s): iv
    Request permission for commercial reuse | PDF file iconPDF (49 KB)
    Freely Available from IEEE
  • 2007 IEEE Symposium on Security and Privacy - Table of contents

    Publication Year: 2007, Page(s):v - vii
    Request permission for commercial reuse | PDF file iconPDF (45 KB)
    Freely Available from IEEE
  • Message from the Program Chairs

    Publication Year: 2007, Page(s): viii
    Request permission for commercial reuse | PDF file iconPDF (30 KB) | HTML iconHTML
    Freely Available from IEEE
  • Conference Organizers

    Publication Year: 2007, Page(s): ix
    Request permission for commercial reuse | PDF file iconPDF (27 KB)
    Freely Available from IEEE
  • Program Committee

    Publication Year: 2007, Page(s): x
    Request permission for commercial reuse | PDF file iconPDF (30 KB)
    Freely Available from IEEE
  • External reviewers

    Publication Year: 2007, Page(s): list
    Request permission for commercial reuse | PDF file iconPDF (27 KB)
    Freely Available from IEEE
  • Accurate Real-time Identification of IP Prefix Hijacking

    Publication Year: 2007, Page(s):3 - 17
    Cited by:  Papers (46)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (402 KB) | HTML iconHTML

    We present novel and practical techniques to accurately detect IP prefix hijacking attacks in real time to facilitate mitigation. Attacks may hijack victim's address space to disrupt network services or perpetrate malicious activities such as spamming and DoS attacks without disclosing identity. We propose novel ways to significantly improve the detection accuracy by combining analysis of passivel... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • DSSS-Based Flow Marking Technique for Invisible Traceback

    Publication Year: 2007, Page(s):18 - 32
    Cited by:  Papers (51)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (338 KB) | HTML iconHTML

    Law enforcement agencies need the ability to conduct electronic surveillance to combat crime, terrorism, or other malicious activities exploiting the Internet. However, the proliferation of anonymous communication systems on the Internet has posed significant challenges to providing such traceback capability. In this paper, we develop a new class of flow marking technique for invisible traceback b... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • On the Safety and Efficiency of Firewall Policy Deployment

    Publication Year: 2007, Page(s):33 - 50
    Cited by:  Papers (14)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (307 KB) | HTML iconHTML

    Firewall policy management is challenging and error-prone. While ample research has led to tools for policy specification, correctness analysis, and optimization, few researchers have paid attention to firewall policy deployment: the process where a management tool edits a firewall's configuration to make it run the policies specified in the tool. In this paper, we provide the first formal definit... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The Emperor's New Security Indicators

    Publication Year: 2007, Page(s):51 - 65
    Cited by:  Papers (56)  |  Patents (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (867 KB) | HTML iconHTML

    We evaluate Website authentication measures that are designed to protect users from man-in-the-middle, 'phishing', and other site forgery attacks. We asked 67 bank customers to conduct common online banking tasks. Each time they logged in, we presented increasingly alarming clues that their connection was insecure. First, we removed HTTPS indicators. Next, we removed the participant's site-authent... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Cryptanalysis of a Cognitive Authentication Scheme (Extended Abstract)

    Publication Year: 2007, Page(s):66 - 70
    Cited by:  Papers (9)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (129 KB) | HTML iconHTML

    We present attacks against two cognitive authentication schemes [9] proposed at the 2006 IEEE Symposium on Security and Privacy. These authentication schemes are designed to be secure against eavesdropping attacks while relying only on human cognitive skills. They achieve authentication via challenge response protocols based on a shared secret set of pictures. Our attacks use a SAT solver to recov... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A Systematic Approach to Uncover Security Flaws in GUI Logic

    Publication Year: 2007, Page(s):71 - 85
    Cited by:  Papers (4)  |  Patents (7)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (661 KB) | HTML iconHTML

    To achieve end-to-end security, traditional machine-to-machine security measures are insufficient if the integrity of the human-computer interface is compromised. GUI logic flaws are a category of software vulnerabilities that result from logic bugs in GUI design/implementation. Visual spoofing attacks that exploit these flaws can lure even security- conscious users to perform unintended actions. ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Extended Abstract: Forward-Secure Sequential Aggregate Authentication

    Publication Year: 2007, Page(s):86 - 91
    Cited by:  Papers (13)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (148 KB) | HTML iconHTML

    Wireless sensors are employed in a wide range of applications. One common feature of many sensor settings is the need to communicate sensed data to some collection point or sink. This communication can be direct (to a mobile collector) or indirect-via other sensors towards a remote sink. In either case, a sensor might not be able to communicate to a sink at will. Instead it might collect data and ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Extended Abstract: Provable-Security Analysis of Authenticated Encryption in Kerberos

    Publication Year: 2007, Page(s):92 - 100
    Cited by:  Papers (5)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (248 KB) | HTML iconHTML

    Kerberos is a widely-deployed network authentication protocol that is being considered for standardization. Many works have analyzed its security, identifying flaws and often suggesting fixes, thus helping the protocol's evolution. Several recent results present successful formal-methods-based verification of a significant portion of the current version 5, and some even imply security in the compu... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Endorsed E-Cash

    Publication Year: 2007, Page(s):101 - 115
    Cited by:  Papers (7)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (309 KB) | HTML iconHTML

    An electronic cash (e-cash) scheme lets a user withdraw money from a bank and then spend it anonymously. E-cash can be used only if it can be securely and fairly exchanged for electronic goods or services. In this paper, we introduce and realize endorsed e-cash. An endorsed e-coin consists of a lightweight endorsement x and the rest of the coin which is meaningless without x. We reduce the problem... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Network Flow Watermarking Attack on Low-Latency Anonymous Communication Systems

    Publication Year: 2007, Page(s):116 - 130
    Cited by:  Papers (48)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (274 KB) | HTML iconHTML

    Many proposed low-latency anonymous communication systems have used various flow transformations such as traffic padding, adding cover traffic (or bogus packets), packet dropping, flow mixing, flow splitting, and flow merging to achieve anonymity. It has long been believed that these flow transformations would effectively disguise net-workflows, thus achieve good anonymity. In this paper, we inves... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Improving the Robustness of Private Information Retrieval

    Publication Year: 2007, Page(s):131 - 148
    Cited by:  Papers (18)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (283 KB) | HTML iconHTML

    Since 1995, much work has been done creating protocols for private information retrieval (PIR). Many variants of the basic PIR model have been proposed, including such modifications as computational vs. information-theoretic privacy protection, correctness in the face of servers that fail to respond or that respond incorrectly, and protection of sensitive data against the database servers themselv... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Beyond Stack Inspection: A Unified Access-Control and Information-Flow Security Model

    Publication Year: 2007, Page(s):149 - 163
    Cited by:  Papers (11)  |  Patents (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (221 KB) | HTML iconHTML

    Modern component-based systems, such as Java and Microsoft .NET common language runtime (CLR), have adopted stack-based access control (SBAC). Its purpose is to use stack inspection to verify that all the code responsible for a security-sensitive action is sufficiently authorized to perform that action. Previous literature has shown that the security model enforced by SBAC is flawed in that stack ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Usable Mandatory Integrity Protection for Operating Systems

    Publication Year: 2007, Page(s):164 - 178
    Cited by:  Papers (11)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (275 KB) | HTML iconHTML

    Existing mandatory access control systems for operating systems are difficult to use. We identify several principles for designing usable access control systems and introduce the usable mandatory integrity protection (UMIP) model that adds usable mandatory access control to operating systems. The UMIP model is designed to preserve system integrity in the face of network-based attacks. The usabilit... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Enforcing Semantic Integrity on Untrusted Clients in Networked Virtual Environments

    Publication Year: 2007, Page(s):179 - 186
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (157 KB) | HTML iconHTML

    In the computer gaming industry, large-scale simulations of realistic physical environments over the Internet have attained increasing importance. Networked virtual environments (NVEs) are typically based on a client-server architecture where part of the simulation workload is delegated to the clients. This architecture renders the simulation vulnerable to attacks against the semantic integrity of... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Information Flow in the Peer-Reviewing Process

    Publication Year: 2007, Page(s):187 - 191
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (167 KB) | HTML iconHTML

    We investigate a new type of information flow in the electronic publishing process. We show that the use of PostScript in this process introduces serious confidentiality issues. In particular, we explain how the reviewer's anonymity in the peer-reviewing process can be compromised by maliciously prepared PostScript documents. A demonstration of this attack is available. We briefly discuss how this... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A Cryptographic Decentralized Label Model

    Publication Year: 2007, Page(s):192 - 206
    Cited by:  Papers (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (269 KB) | HTML iconHTML

    Information-flow security policies are an appealing way of specifying confidentiality and integrity policies in information systems. Most previous work on language-based security has assumed that programs run in a closed, managed environment and that they use potentially unsafe constructs, such as declassification, to interface to external communication channels, perhaps after encrypting data to p... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Gradual Release: Unifying Declassification, Encryption and Key Release Policies

    Publication Year: 2007, Page(s):207 - 221
    Cited by:  Papers (22)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (250 KB) | HTML iconHTML

    Information security has a challenge to address: enabling information-flow controls with expressive information release (or declassification) policies. Existing approaches tend to address some aspects of information release, exposing the other aspects for possible attacks. It is striking that these approaches fall into two mostly separate categories: revelation-based (as in information purchase, a... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.