Scheduled System Maintenance
On Friday, October 20, IEEE Xplore will be unavailable from 9:00 PM-midnight ET. We apologize for the inconvenience.
Notice: There is currently an issue with the citation download feature. Learn more.

2015 IEEE Security and Privacy Workshops

21-22 May 2015

Filter Results

Displaying Results 1 - 25 of 36
  • [Title page i]

    Publication Year: 2015, Page(s): i
    Request permission for commercial reuse | PDF file iconPDF (16 KB)
    Freely Available from IEEE
  • [Title page iii]

    Publication Year: 2015, Page(s): iii
    Request permission for commercial reuse | PDF file iconPDF (77 KB)
    Freely Available from IEEE
  • [Copyright notice]

    Publication Year: 2015, Page(s): iv
    Request permission for commercial reuse | PDF file iconPDF (128 KB)
    Freely Available from IEEE
  • Table of contents

    Publication Year: 2015, Page(s):v - vii
    Request permission for commercial reuse | PDF file iconPDF (133 KB)
    Freely Available from IEEE
  • Message from the Chair

    Publication Year: 2015, Page(s):viii - ix
    Request permission for commercial reuse | PDF file iconPDF (77 KB) | HTML iconHTML
    Freely Available from IEEE
  • GenoPri 2015 Organizers

    Publication Year: 2015, Page(s):x - xi
    Request permission for commercial reuse | PDF file iconPDF (74 KB)
    Freely Available from IEEE
  • LangSec 2015 Organizers

    Publication Year: 2015, Page(s): xii
    Request permission for commercial reuse | PDF file iconPDF (71 KB)
    Freely Available from IEEE
  • IWPE 2015 Organizers

    Publication Year: 2015, Page(s):xiii - xiv
    Request permission for commercial reuse | PDF file iconPDF (76 KB)
    Freely Available from IEEE
  • Efficient Secure Outsourcing of Genome-Wide Association Studies

    Publication Year: 2015, Page(s):3 - 6
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (205 KB) | HTML iconHTML

    A genome-wide association study aimed at finding genetic variations associated with a particular disease is a common approach used in genetic epidemiology. We present a new efficient secure outsourcing computation of GWAS using homomorphic encryption based on ring-LWE. Our method works by virtue of the fact that integer vectors can be packed into a single cipher text and a scalar product of intege... View full abstract»

    Freely Available from IEEE
  • Privacy-Preserving Statistical Analysis by Exact Logistic Regression

    Publication Year: 2015, Page(s):7 - 16
    Cited by:  Papers (4)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (668 KB) | HTML iconHTML

    Logistic regression is the method of choice in most genome-wide association studies (GWAS). Due to the heavy cost of performing iterative parameter updates when training such a model, existing methods have prohibitive communication and computational complexities that make them unpractical for real-life usage. We propose a new sampling-based secure protocol to compute exact statistics, that require... View full abstract»

    Freely Available from IEEE
  • Passing Go with DNA Sequencing: Delivering Messages in a Covert Transgenic Channel

    Publication Year: 2015, Page(s):17 - 26
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1116 KB) | HTML iconHTML

    DNA which carries genetic information in living organisms has become a new steganographic carrier of secret information. Various researchers have used this technique to try to develop watermarks to be used to protect proprietary products, however, as recent advances in genetic engineering have made it possible to use DNA as a carrier of information, we have realized that DNA steganography in the l... View full abstract»

    Freely Available from IEEE
  • Privacy Threats and Practical Solutions for Genetic Risk Tests

    Publication Year: 2015, Page(s):27 - 31
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (219 KB) | HTML iconHTML

    Recently, several solutions have been proposed to address the complex challenge of protecting individuals' genetic data during personalized medicine tests. In this short paper, we analyze different privacy threats and propose simple countermeasures for the generic architecture mainly used in the literature. In particular, we present and evaluate a new practical solution against a critical attack o... View full abstract»

    Freely Available from IEEE
  • Quantifying Genomic Privacy via Inference Attack with High-Order SNV Correlations

    Publication Year: 2015, Page(s):32 - 40
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (677 KB) | HTML iconHTML

    As genomic data becomes widely used, the problem of genomic data privacy becomes a hot interdisciplinary research topic among geneticists, bioinformaticians and security and privacy experts. Practical attacks have been identified on genomic data, and thus break the privacy expectations of individuals who contribute their genomic data to medical research, or simply share their data online. Frustrat... View full abstract»

    Freely Available from IEEE
  • One Size Doesn't Fit All: Measuring Individual Privacy in Aggregate Genomic Data

    Publication Year: 2015, Page(s):41 - 49
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (348 KB) | HTML iconHTML

    Even in the aggregate, genomic data can reveal sensitive information about individuals. We present a new model-based measure, PrivMAF, that provides provable privacy guarantees for aggregate data (namely minor allele frequencies) obtained from genomic studies. Unlike many previous measures that have been designed to measure the total privacy lost by all participants in a study, PrivMAF gives an in... View full abstract»

    Freely Available from IEEE
  • Genomic Privacy Metrics: A Systematic Comparison

    Publication Year: 2015, Page(s):50 - 59
    Cited by:  Papers (4)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1461 KB) | HTML iconHTML

    The human genome uniquely identifies, and contains highly sensitive information about, individuals. This creates a high potential for misuse of genomic data (e.g., Genetic discrimination). This paper investigates how genomic privacy can be measured in scenarios where an adversary aims to infer a person's genome by constructing probability distributions on the values of genetic variations. Specific... View full abstract»

    Freely Available from IEEE
  • Genomic Privacy and Direct-to-Consumer Genetics: Big Consumer Genetic Data -- What's in that Contract?

    Publication Year: 2015, Page(s):60 - 64
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (173 KB) | HTML iconHTML

    This is a brief position paper providing a summary of current research on the legal regulation of Direct-to-Consumer Genetic Testing (DTCGT), focussing on the contracts used by DTCGT companies. The overall aim of the larger project has been to explore the existing legal mechanims for the protection of the rights of consumers in their sequenced genetic data in the context of DTCGT. There are severa... View full abstract»

    Freely Available from IEEE
  • Seeking a "Race to the Top" in Genomic Cloud Privacy?

    Publication Year: 2015, Page(s):65 - 69
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (167 KB) | HTML iconHTML

    The relationship between data-privacy lawmakers and genomics researchers may have gotten off on the wrong foot. Critics of protectionism in the current laws advocate that we abandon the existing paradigm, which was formulated in an entirely different medical research context. Genomic research no longer requires physically risky interventions that directly affect participants' integrity. But to sim... View full abstract»

    Freely Available from IEEE
  • The Correctness-Security Gap in Compiler Optimization

    Publication Year: 2015, Page(s):73 - 87
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (641 KB) | HTML iconHTML

    There is a significant body of work devoted to testing, verifying, and certifying the correctness of optimizing compilers. The focus of such work is to determine if source code and optimized code have the same functional semantics. In this paper, we introduce the correctness-security gap, which arises when a compiler optimization preserves the functionality of but violates a security guarantee mad... View full abstract»

    Freely Available from IEEE
  • Grammatical Inference and Language Frameworks for LANGSEC

    Publication Year: 2015, Page(s):88 - 98
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (315 KB) | HTML iconHTML

    Formal Language Theory for Security (LANGSEC) has proposed that formal language theory and grammars be used to define and secure protocols and parsers. The assumption is that by restricting languages to lower levels of the Chomsky hierarchy, it is easier to control and verify parser code. In this paper, we investigate an alternative approach to inferring grammars via pattern languages and elementa... View full abstract»

    Freely Available from IEEE
  • Error-Correcting Codes as Source for Decoding Ambiguity

    Publication Year: 2015, Page(s):99 - 105
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (472 KB) | HTML iconHTML

    Data decoding, format, or language ambiguities have been long known for amusement purposes. Only recently it came to attention that they also pose a security risk. In this paper, we present decoder manipulations based on deliberately caused ambiguities facilitating the error correction mechanisms used in several popular applications. This can be used to encode data in multiple formats or even the ... View full abstract»

    Freely Available from IEEE
  • Verification State-Space Reduction through Restricted Parsing Environments

    Publication Year: 2015, Page(s):106 - 116
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (249 KB) | HTML iconHTML

    We discuss the potential for significant reduction in size and complexity of verification tasks for input-handling software when such software is constructed according to Lang Sec principles, i.e., Is designed as a recognizer for a particular language of valid inputs and is compiled for a suitably limited computational model no stronger than needed for the recognition task. We introduce Crema, a p... View full abstract»

    Freely Available from IEEE
  • On the Generality and Convenience of Etypes

    Publication Year: 2015, Page(s):117 - 124
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (217 KB) | HTML iconHTML

    The Ethos operating system provides a number of features which aid programmers as they craft robust computer programs. One such feature of Ethos is its distributed, mandatory type system -- Etypes. Etypes provides three key properties: (1) every Ethos object (e.g., A file or network connection) has a declared type, (2) Ethos forbids programs from writing ill-formed data to an object, and (3) Ethos... View full abstract»

    Freely Available from IEEE
  • Protocol State Machines and Session Languages: Specification, implementation, and Security Flaws

    Publication Year: 2015, Page(s):125 - 133
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1335 KB) | HTML iconHTML

    Input languages, which describe the set of valid inputs an application has to handle, play a central role in language-theoretic security, in recognition of the fact that overly complex, sloppily specified, or incorrectly implemented input languages are the root cause of many security vulnerabilities. Often an input language not only involves a language of individual messages, but also some protoco... View full abstract»

    Freely Available from IEEE
  • Towards More Security in Data Exchange: Defining Unparsers with Context-Sensitive Encoders for Context-Free Grammars

    Publication Year: 2015, Page(s):134 - 141
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (183 KB) | HTML iconHTML

    To exchange complex data structures in distributed systems, documents written in context-free languages are exchanged among communicating parties. Unparsing these documents correctly is as important as parsing them correctly because errors during unparsing result in injection vulnerabilities such as cross-site scripting (XSS) and SQL injection. Injection attacks are not limited to the web world. E... View full abstract»

    Freely Available from IEEE
  • Nom, A Byte oriented, streaming, Zero copy, Parser Combinators Library in Rust

    Publication Year: 2015, Page(s):142 - 148
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (163 KB) | HTML iconHTML

    The recently created language Rust has been presented as a safer way to write low level code, even able to replace C. Is it able to produce safe and efficient parsers? We show that Rust's features, like slicing, allow for powerful memory management, and that its type safety helps in writing correct parsers. We then study briefly how it can make streaming parsers, and how to provide better usabilit... View full abstract»

    Freely Available from IEEE