By Topic

2006 IEEE Symposium on Security and Privacy (S&P'06)

Date 21-24 May 2006

Filter Results

Displaying Results 1 - 25 of 41
  • 2006 IEEE Symposium on Security and Privacy

    Publication Year: 2006, Page(s): c1
    Request permission for commercial reuse | PDF file iconPDF (821 KB)
    Freely Available from IEEE
  • IEEE Symposium on Security and Privacy - Title

    Publication Year: 2006, Page(s):i - iii
    Request permission for commercial reuse | PDF file iconPDF (31 KB)
    Freely Available from IEEE
  • IEEE Symposium on Security and Privacy - Copyright

    Publication Year: 2006, Page(s): iv
    Request permission for commercial reuse | PDF file iconPDF (39 KB)
    Freely Available from IEEE
  • IEEE Symposium on Security and Privacy - Table of contents

    Publication Year: 2006, Page(s):v - vii
    Request permission for commercial reuse | PDF file iconPDF (46 KB)
    Freely Available from IEEE
  • Message from the Program Chairs

    Publication Year: 2006, Page(s): viii
    Request permission for commercial reuse | PDF file iconPDF (27 KB) | HTML iconHTML
    Freely Available from IEEE
  • Conference organizers

    Publication Year: 2006, Page(s): ix
    Request permission for commercial reuse | PDF file iconPDF (24 KB)
    Freely Available from IEEE
  • Program Committee

    Publication Year: 2006, Page(s): ix
    Request permission for commercial reuse | PDF file iconPDF (24 KB)
    Freely Available from IEEE
  • External reviewers

    Publication Year: 2006, Page(s): x
    Request permission for commercial reuse | PDF file iconPDF (29 KB)
    Freely Available from IEEE
  • Towards automatic generation of vulnerability-based signatures

    Publication Year: 2006, Page(s):15 pp. - 16
    Cited by:  Papers (58)  |  Patents (15)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (462 KB) | HTML iconHTML

    In this paper we explore the problem of creating vulnerability signatures. A vulnerability signature matches all exploits of a given vulnerability, even polymorphic or metamorphic variants. Our work departs from previous approaches by focusing on the semantics of the program and vulnerability exercised by a sample exploit instead of the semantics or syntax of the exploit itself. We show the semant... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Misleading worm signature generators using deliberate noise injection

    Publication Year: 2006, Page(s):15 pp. - 31
    Cited by:  Papers (24)  |  Patents (7)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (413 KB) | HTML iconHTML

    Several syntactic-based automatic worm signature generators, e.g., Polygraph, have recently been proposed. These systems typically assume that a set of suspicious flows are provided by a flow classifier, e.g., a honeynet or an intrusion detection system, that often introduces "noise" due to difficulties and imprecision inflow classification. The algorithms for extracting the worm signatures from t... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Hamsa: fast signature generation for zero-day polymorphic worms with provable attack resilience

    Publication Year: 2006, Page(s):15 pp. - 47
    Cited by:  Papers (27)  |  Patents (5)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (585 KB) | HTML iconHTML

    Zero-day polymorphic worms pose a serious threat to the security of Internet infrastructures. Given their rapid propagation, it is crucial to detect them at edge networks and automatically generate signatures in the early stages of infection. Most existing approaches for automatic signature generation need host information and are thus not applicable for deployment on high-speed network links. In ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Dataflow anomaly detection

    Publication Year: 2006, Page(s):15 pp. - 62
    Cited by:  Papers (24)  |  Patents (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (515 KB) | HTML iconHTML

    Beginning with the work of Forrest et al, several researchers have developed intrusion detection techniques based on modeling program behaviors in terms of system calls. A weakness of these techniques is that they focus on control flows involving system calls, but not their arguments. This weakness makes them susceptible to several classes of attacks, including attacks on security-critical data, r... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A framework for the evaluation of intrusion detection systems

    Publication Year: 2006, Page(s):15 pp. - 77
    Cited by:  Papers (11)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (404 KB) | HTML iconHTML

    Classification accuracy in intrusion detection systems (IDSs) deals with such fundamental problems as how to compare two or more IDSs, how to evaluate the performance of an IDS, and how to determine the best configuration of the IDS. In an effort to analyze and solve these related problems, evaluation metrics such as the Bayesian detection rate, the expected cost, the sensitivity and the intrusion... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Siren: catching evasive malware

    Publication Year: 2006, Page(s):6 pp. - 85
    Cited by:  Papers (5)  |  Patents (10)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (199 KB) | HTML iconHTML

    With the growing popularity of anomaly detection systems, which is due partly to the rise in zero-day attacks, a new class of threats have evolved where the attacker mimics legitimate activity to blend in and avoid detection. We propose a new system called Siren that injects crafted human input alongside legitimate user activity to thwart these mimicry attacks. The crafted input is specially desig... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Fundamental limits on the anonymity provided by the MIX technique

    Publication Year: 2006, Page(s):14 pp. - 99
    Cited by:  Papers (4)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (452 KB) | HTML iconHTML

    The MIX technique forms the basis of many popular services that offer anonymity of communication in open and shared networks such as the Internet. In this paper, fundamental limits on the anonymity provided by the MIX technique are found by considering two different settings. First, we consider an information theoretic setting to determine the extent of information inherent in observations of the ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Locating hidden servers

    Publication Year: 2006, Page(s):15 pp. - 114
    Cited by:  Papers (36)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (499 KB) | HTML iconHTML

    Hidden services were deployed on the Tor anonymous communication network in 2004. Announced properties include server resistance to distributed DoS. Both the EFF and Reporters Without Borders have issued guides that describe using hidden services via Tor to protect the safety of dissidents as well as to resist censorship. We present fast and cheap attacks that reveal the location of a hidden serve... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Practical inference control for data cubes

    Publication Year: 2006, Page(s):6 pp. - 120
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (246 KB) | HTML iconHTML

    The fundamental problem for inference control in data cubes is how to efficiently calculate the lower and upper bounds for each cell value given the aggregations of cell values over multiple dimensions. In this paper, we provide the first practical solution for estimating exact bounds in two-dimensional irregular data cubes (i.e., data cubes in which certain cell values are known to a snooper). Ou... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Deterring voluntary trace disclosure in re-encryption mix networks

    Publication Year: 2006, Page(s):11 pp. - 131
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (334 KB) | HTML iconHTML

    An all too real threat to the privacy offered by a mix network is that individual mix administrators may volunteer partial tracing information to a coercer. While this threat can never be eliminated - coerced mix servers could simply be forced to reveal all their secret data - we can deter administrators from succumbing to coercive attacks by raising the stakes. We introduce the notion of a trace-... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • New constructions and practical applications for private stream searching

    Publication Year: 2006, Page(s):6 pp. - 139
    Cited by:  Papers (7)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (274 KB) | HTML iconHTML

    A system for private stream searching allows a client to retrieve documents matching some search criteria from a remote server while the server evaluating the request remains provably oblivious to the search criteria. In this extended abstract, we give a high level outline of a new scheme for this problem and an experimental analysis of its scalability. The new scheme is highly efficient in practi... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A computationally sound mechanized prover for security protocols

    Publication Year: 2006, Page(s):15 pp. - 154
    Cited by:  Papers (17)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (493 KB) | HTML iconHTML

    We present a new mechanized prover for secrecy properties of cryptographic protocols. In contrast to most previous provers, our tool does not rely on the Dolev-Yao model, but on the computational model. It produces proofs presented as sequences of games; these games are formalized in a probabilistic polynomial-time process calculus. Our tool provides a generic method for specifying security proper... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A logic for constraint-based security protocol analysis

    Publication Year: 2006, Page(s):14 pp. - 168
    Cited by:  Papers (13)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (395 KB) | HTML iconHTML

    We propose VS-LTL, a pure-past security linear temporal logic that allows the specification of a variety of authentication, secrecy and data freshness properties. Furthermore, we present a sound and complete decision procedure to establish the validity of security properties for symbolic execution traces, and show the integration with constraint-based analysis techniques View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Simulatable security and polynomially bounded concurrent composability

    Publication Year: 2006, Page(s):14 pp. - 183
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (424 KB) | HTML iconHTML

    Simulatable security is a security notion for multi-party protocols that implies strong composability features. The main definitional flavours of simulatable security are standard simulatability, universal simulatability, and black-box simulatability. All three come in "computational," "statistical" and "perfect" subflavours indicating the considered adversarial power. Universal and black-box simu... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Privacy and contextual integrity: framework and applications

    Publication Year: 2006, Page(s):15 pp. - 198
    Cited by:  Papers (48)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (375 KB) | HTML iconHTML

    Contextual integrity is a conceptual framework for understanding privacy expectations and their implications developed in the literature on law, public policy, and political philosophy. We formalize some aspects of contextual integrity in a logical framework for expressing and reasoning about norms of transmission of personal information. In comparison with access control and privacy policy framew... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • FIREMAN: a toolkit for firewall modeling and analysis

    Publication Year: 2006, Page(s):15 pp. - 213
    Cited by:  Papers (54)  |  Patents (9)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (420 KB) | HTML iconHTML

    Security concerns are becoming increasingly critical in networked systems. Firewalls provide important defense for network security. However, misconfigurations in firewalls are very common and significantly weaken the desired security. This paper introduces FIREMAN, a static analysis toolkit for firewall modeling and analysis. By treating firewall configurations as specialized programs, FIREMAN ap... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Retrofitting legacy code for authorization policy enforcement

    Publication Year: 2006, Page(s):15 pp. - 229
    Cited by:  Papers (4)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (444 KB) | HTML iconHTML

    Researchers have argued that the best way to construct a secure system is to proactively integrate security into the design of the system. However, this tenet is rarely followed because of economic and practical considerations. Instead, security mechanisms are added as the need arises, by retrofitting legacy code. Existing techniques to do so are manual and ad hoc, and often result in security hol... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.