By Topic

2011 IEEE Symposium on Security and Privacy

22-25 May 2011

Filter Results

Displaying Results 1 - 25 of 46
  • [Front cover]

    Publication Year: 2011, Page(s): C1
    Request permission for commercial reuse | PDF file iconPDF (12712 KB)
    Freely Available from IEEE
  • [Title page i]

    Publication Year: 2011, Page(s): i
    Request permission for commercial reuse | PDF file iconPDF (82 KB)
    Freely Available from IEEE
  • [Title page iii]

    Publication Year: 2011, Page(s): iii
    Request permission for commercial reuse | PDF file iconPDF (161 KB)
    Freely Available from IEEE
  • [Copyright notice]

    Publication Year: 2011, Page(s): iv
    Request permission for commercial reuse | PDF file iconPDF (117 KB)
    Freely Available from IEEE
  • Table of contents

    Publication Year: 2011, Page(s):v - viii
    Request permission for commercial reuse | PDF file iconPDF (164 KB)
    Freely Available from IEEE
  • Message from General Chair

    Publication Year: 2011, Page(s):ix - x
    Request permission for commercial reuse | PDF file iconPDF (94 KB) | HTML iconHTML
    Freely Available from IEEE
  • Message from the Program Chairs

    Publication Year: 2011, Page(s): xi
    Request permission for commercial reuse | PDF file iconPDF (82 KB) | HTML iconHTML
    Freely Available from IEEE
  • Symposium Organizers

    Publication Year: 2011, Page(s): xii
    Request permission for commercial reuse | PDF file iconPDF (83 KB)
    Freely Available from IEEE
  • Program Committee

    Publication Year: 2011, Page(s):xiii - xiv
    Request permission for commercial reuse | PDF file iconPDF (92 KB)
    Freely Available from IEEE
  • Additional Reviewers

    Publication Year: 2011, Page(s): xv
    Request permission for commercial reuse | PDF file iconPDF (66 KB)
    Freely Available from IEEE
  • Phonotactic Reconstruction of Encrypted VoIP Conversations: Hookt on Fon-iks

    Publication Year: 2011, Page(s):3 - 18
    Cited by:  Papers (14)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (718 KB) | HTML iconHTML

    In this work, we unveil new privacy threats against Voice-over-IP (VoIP) communications. Although prior work has shown that the interaction of variable bit-rate codecs and length-preserving stream ciphers leaks information, we show that the threat is more serious than previously thought. In particular, we derive approximate transcripts of encrypted VoIP conversations by segmenting an observed pack... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The Failure of Noise-Based Non-continuous Audio Captchas

    Publication Year: 2011, Page(s):19 - 31
    Cited by:  Papers (15)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1589 KB) | HTML iconHTML

    CAPTCHAs, which are automated tests intended to distinguish humans from programs, are used on many web sites to prevent bot-based account creation and spam. To avoid imposing undue user friction, CAPTCHAs must be easy for humans and difficult for machines. However, the scientific basis for successful CAPTCHA design is still emerging. This paper examines the widely used class of audio CAPTCHAs base... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Using Fingerprint Authentication to Reduce System Security: An Empirical Study

    Publication Year: 2011, Page(s):32 - 46
    Cited by:  Papers (5)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (681 KB) | HTML iconHTML

    Choosing the security architecture and policies for a system is a demanding task that must be informed by an understanding of user behavior. We investigate the hypothesis that adding visible security features to a system increases user confidence in the security of a system and thereby causes users to reduce how much effort they spend in other security areas. In our study, 96 volunteers each creat... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Silencing Hardware Backdoors

    Publication Year: 2011, Page(s):49 - 63
    Cited by:  Papers (43)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (802 KB) | HTML iconHTML

    Hardware components can contain hidden backdoors, which can be enabled with catastrophic effects or for ill-gotten profit. These backdoors can be inserted by a malicious insider on the design team or a third-party IP provider. In this paper, we propose techniques that allow us to build trustworthy hardware systems from components designed by untrusted designers or procured from untrusted third-par... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Defeating UCI: Building Stealthy and Malicious Hardware

    Publication Year: 2011, Page(s):64 - 77
    Cited by:  Papers (35)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (316 KB) | HTML iconHTML

    In previous work Hicks et al. proposed a method called Unused Circuit Identification (UCI) for detecting malicious backdoors hidden in circuits at design time. The UCI algorithm essentially looks for portions of the circuit that go unused during design-time testing and flags them as potentially malicious. In this paper we construct circuits that have malicious behavior, but that would evade detect... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Formalizing Anonymous Blacklisting Systems

    Publication Year: 2011, Page(s):81 - 95
    Cited by:  Papers (5)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (282 KB) | HTML iconHTML

    Anonymous communications networks, such as Tor, help to solve the real and important problem of enabling users to communicate privately over the Internet. However, in doing so, anonymous communications networks introduce an entirely new problem for the service providers - such as websites, IRC networks or mail servers - with which these users interact, in particular, since all anonymous users look... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Mobile Security Catching Up? Revealing the Nuts and Bolts of the Security of Mobile Devices

    Publication Year: 2011, Page(s):96 - 111
    Cited by:  Papers (39)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (480 KB) | HTML iconHTML

    We are currently moving from the Internet society to a mobile society where more and more access to information is done by previously dumb phones. For example, the number of mobile phones using a full blown OS has risen to nearly 200% from Q3/2009 to Q3/2010. As a result, mobile security is no longer immanent, but imperative. This survey paper provides a concise overview of mobile network security... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Verified Security for Browser Extensions

    Publication Year: 2011, Page(s):115 - 130
    Cited by:  Papers (11)  |  Patents (5)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1091 KB) | HTML iconHTML

    Popup blocking, form filling, and many other features of modern web browsers were first introduced as third-party extensions. New extensions continue to enrich browsers in unanticipated ways. However, powerful extensions require capabilities, such as cross-domain network access and local storage, which, if used improperly, pose a security risk. Several browsers try to limit extension capabilities,... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • RePriv: Re-imagining Content Personalization and In-browser Privacy

    Publication Year: 2011, Page(s):131 - 146
    Cited by:  Papers (12)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (985 KB) | HTML iconHTML

    We present RePriv, a system that combines the goals of privacy and content personalization in the browser. RePriv discovers user interests and shares them with third parties, but only with an explicit permission of the user. We demonstrate how always-on user interest mining can effectively infer user interests in a real browser. We go on to discuss an extension framework that allows third-party co... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • I Still Know What You Visited Last Summer: Leaking Browsing History via User Interaction and Side Channel Attacks

    Publication Year: 2011, Page(s):147 - 161
    Cited by:  Papers (12)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (586 KB) | HTML iconHTML

    History sniffing attacks allow web sites to learn about users' visits to other sites. The major browsers have recently adopted a defense against the current strategies for history sniffing. In a user study with 307 participants, we demonstrate that history sniffing remains feasible via interactive techniques which are not covered by the defense. While these techniques are slower and cannot hope to... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Verification of Information Flow and Access Control Policies with Dependent Types

    Publication Year: 2011, Page(s):165 - 179
    Cited by:  Papers (15)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (305 KB) | HTML iconHTML

    We present Relational Hoare Type Theory (RHTT), a novel language and verification system capable of expressing and verifying rich information flow and access control policies via dependent types. We show that a number of security policies which have been formalized separately in the literature can all be expressed in RHTT using only standard type-theoretic constructions such as monads, higher-orde... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Inference of Expressive Declassification Policies

    Publication Year: 2011, Page(s):180 - 195
    Cited by:  Papers (8)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (434 KB) | HTML iconHTML

    We explore the inference of expressive human-readable declassification policies as a step towards providing practical tools and techniques for strong language-based information security. Security-type systems can enforce expressive information-security policies, but can require enormous programmer effort before any security benefit is realized. To reduce the burden on the programmer, we focus on i... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The Complexity of Intransitive Noninterference

    Publication Year: 2011, Page(s):196 - 211
    Cited by:  Papers (4)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (441 KB) | HTML iconHTML

    The paper considers several definitions of information flow security for intransitive policies from the point of view of the complexity of verifying whether a finite-state system is secure. The results are as follows. Checking (i) P-security (Goguen and Meseguer), (ii) IP-security (Haigh and Young), and (iii) TA-security (van der Meyden) are all in PTIME, while checking TO-security (van der Meyden... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • SCION: Scalability, Control, and Isolation on Next-Generation Networks

    Publication Year: 2011, Page(s):212 - 227
    Cited by:  Papers (23)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (398 KB) | HTML iconHTML

    We present the first Internet architecture designed to provide route control, failure isolation, and explicit trust information for end-to-end communications. SCION separates ASes into groups of independent routing sub-planes, called trust domains, which then interconnect to form complete routes. Trust domains provide natural isolation of routing failures and human misconfiguration, give endpoints... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • "You Might Also Like:" Privacy Risks of Collaborative Filtering

    Publication Year: 2011, Page(s):231 - 246
    Cited by:  Papers (27)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1786 KB) | HTML iconHTML

    Many commercial websites use recommender systems to help customers locate products and content. Modern recommenders are based on collaborative filtering: they use patterns learned from users' behavior to make recommendations, usually in the form of related-items lists. The scale and complexity of these systems, along with the fact that their outputs reveal only relationships between items (as oppo... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.