2013 IEEE Security and Privacy Workshops

23-24 May 2013

Filter Results

Displaying Results 1 - 25 of 48
  • [Front cover]

    Publication Year: 2013, Page(s): C4
    Request permission for commercial reuse | PDF file iconPDF (409 KB)
    Freely Available from IEEE
  • [Title page i]

    Publication Year: 2013, Page(s): i
    Request permission for commercial reuse | PDF file iconPDF (18 KB)
    Freely Available from IEEE
  • [Title page iii]

    Publication Year: 2013, Page(s): iii
    Request permission for commercial reuse | PDF file iconPDF (61 KB)
    Freely Available from IEEE
  • [Copyright notice]

    Publication Year: 2013, Page(s): iv
    Request permission for commercial reuse | PDF file iconPDF (136 KB)
    Freely Available from IEEE
  • Table of contents

    Publication Year: 2013, Page(s):v - vii
    Request permission for commercial reuse | PDF file iconPDF (135 KB)
    Freely Available from IEEE
  • Message from the General Chair

    Publication Year: 2013, Page(s):viii - ix
    Request permission for commercial reuse | PDF file iconPDF (99 KB) | HTML iconHTML
    Freely Available from IEEE
  • DUMA 2013 Workshop Introduction

    Publication Year: 2013, Page(s): x
    Request permission for commercial reuse | PDF file iconPDF (83 KB) | HTML iconHTML
    Freely Available from IEEE
  • DUMA 2013 Program Committee

    Publication Year: 2013, Page(s): xi
    Request permission for commercial reuse | PDF file iconPDF (107 KB)
    Freely Available from IEEE
  • WRIT 2013 Workshop Introduction

    Publication Year: 2013, Page(s): xii
    Request permission for commercial reuse | PDF file iconPDF (104 KB) | HTML iconHTML
    Freely Available from IEEE
  • WRIT 2013 Program Committee

    Publication Year: 2013, Page(s): xiii
    Request permission for commercial reuse | PDF file iconPDF (72 KB)
    Freely Available from IEEE
  • IWCC 2013 Workshop Introduction

    Publication Year: 2013, Page(s): xiv
    Request permission for commercial reuse | PDF file iconPDF (87 KB) | HTML iconHTML
    Freely Available from IEEE
  • IWCC 2013 Program Committee

    Publication Year: 2013, Page(s): xv
    Request permission for commercial reuse | PDF file iconPDF (111 KB)
    Freely Available from IEEE
  • Log Design for Accountability

    Publication Year: 2013, Page(s):1 - 7
    Cited by:  Papers (6)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (374 KB) | HTML iconHTML

    Accountability is a requirement to be included in the initial design phase of systems because of its strong impact on log architecture implementation. As an illustration, the logs we examine here record actions by data controllers handling personally identifiable information to deliver services to data subjects. The structures of those logs seldom consider requirements for accountability, preventi... View full abstract»

    Open Access
  • An Integrated Formal Approach to Usage Control

    Publication Year: 2013, Page(s):8 - 12
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (351 KB) | HTML iconHTML

    Usage control enforcement is currently voluntary, due to a number of technical difficulties that cannot be addressed by means of purely cryptographic techniques. So, it is commonly argued that purely technical measures should be complemented by surveillance activities and sanctions prescribed by law. The effectiveness of such measures can-and should- be formally analyzed through game theoretic tec... View full abstract»

    Open Access
  • How Usage Control and Provenance Tracking Get Together - A Data Protection Perspective

    Publication Year: 2013, Page(s):13 - 17
    Cited by:  Papers (5)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (427 KB) | HTML iconHTML

    These days, sensitive and personal information is used within a wide range of applications. The exchange of this information is increasingly faster and more and more unpredictable. Hence, the person concerned cannot determine what happens with his personal data after it has been released. It is highly intransparent who is accountable for data misuse. Usage control and provenance tracking are two d... View full abstract»

    Open Access
  • The Cloud Needs Cross-Layer Data Handling Annotations

    Publication Year: 2013, Page(s):18 - 22
    Cited by:  Papers (13)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (270 KB) | HTML iconHTML

    Nowadays, an ever-increasing number of service providers takes advantage of the cloud computing paradigm in order to efficiently offer services to private users, businesses, and governments. However, while cloud computing allows to transparently scale back-end functionality such as computing and storage, the implied distributed sharing of resources has severe implications when sensitive or otherwi... View full abstract»

    Open Access
  • Privacy Preserving Data Analytics for Smart Homes

    Publication Year: 2013, Page(s):23 - 27
    Cited by:  Papers (9)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (829 KB) | HTML iconHTML

    A framework for maintaining security & preserving privacy for analysis of sensor data from smart homes, without compromising on data utility is presented. Storing the personally identifiable data as hashed values withholds identifiable information from any computing nodes. However the very nature of smart home data analytics is establishing preventive care. Data processing results should be identi... View full abstract»

    Open Access
  • Preventive Inference Control in Data-centric Business Models

    Publication Year: 2013, Page(s):28 - 33
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (626 KB) | HTML iconHTML

    Inference control is a modern topic in data usage management, especially in the context of data-centric business models. However, it is generally not well understood how protection mechanisms could be designed to protect the users. The contributions of this paper are threefold: firstly, it describes the inference problem and relate it to protection mechanisms; secondly, it reports on a simple mech... View full abstract»

    Open Access
  • The Probabilistic Provenance Graph

    Publication Year: 2013, Page(s):34 - 41
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (534 KB) | HTML iconHTML

    Previous provenance models have assumed that there is complete certainty in the provenance relationships. But what if this assumption does not hold? In this work, emaiwe propose a probabilistic provenance graph (PPG) model to characterize scenarios where provenance relationships are uncertain. We describe two motivating examples. The first example demonstrates the uncertainty associated with the p... View full abstract»

    Open Access
  • "I hereby leave my email to...": Data Usage Control and the Digital Estate

    Publication Year: 2013, Page(s):42 - 44
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (241 KB) | HTML iconHTML

    In most data control scenarios there is the opportunity for oversight by those who, while perhaps not directly involved in the creation of the data, understand the intended usage of the data. We argue that due to the proliferation of online data and our aging population, data owners will increasingly face requests for data access and usage when such oversight is not present because the original da... View full abstract»

    Open Access
  • Multi-Domain Information Fusion for Insider Threat Detection

    Publication Year: 2013, Page(s):45 - 51
    Cited by:  Papers (13)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (314 KB) | HTML iconHTML

    Malicious insiders pose significant threats to information security, and yet the capability of detecting malicious insiders is very limited. Insider threat detection is known to be a difficult problem, presenting many research challenges. In this paper we report our effort on detecting malicious insiders from large amounts of work practice data. We propose novel approaches to detect two types of i... View full abstract»

    Open Access
  • System Level User Behavior Biometrics using Fisher Features and Gaussian Mixture Models

    Publication Year: 2013, Page(s):52 - 59
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (728 KB) | HTML iconHTML

    We propose a machine learning-based method for biometric identification of user behavior, for the purpose of masquerade and insider threat detection. We designed a sensor that captures system-level events such as process creation, registry key changes, and file system actions. These measurements are used to represent a user's unique behavior profile, and are refined through the process of Fisher f... View full abstract»

    Open Access
  • Use of Domain Knowledge to Detect Insider Threats in Computer Activities

    Publication Year: 2013, Page(s):60 - 67
    Cited by:  Papers (5)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (294 KB) | HTML iconHTML

    This paper reports the first set of results from a comprehensive set of experiments to detect realistic insider threat instances in a real corporate database of computer usage activity. It focuses on the application of domain knowledge to provide starting points for further analysis. Domain knowledge is applied (1) to select appropriate features for use by structural anomaly detection algorithms, ... View full abstract»

    Open Access
  • Reporting Insider Threats via Covert Channels

    Publication Year: 2013, Page(s):68 - 71
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (293 KB) | HTML iconHTML

    Trusted insiders that betray an organization can inflict substantial harm. In addition to having privileged access to organization resources and information, these users may be familiar with the defenses surrounding valuable assets. Computers systems at the organization need a mechanism for communicating suspicious activity that is difficult for a malicious insider (or even an outsider) to detect ... View full abstract»

    Open Access
  • Differentiating User Authentication Graphs

    Publication Year: 2013, Page(s):72 - 75
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (283 KB) | HTML iconHTML

    Authentication using centralized methods is a primary trust mechanism within most large-scale, enterprise computer networks. This paper proposes using graphs to represent user authentication activity within the network. Using this mechanism over a real enterprise network dataset, we find that non-privileged users and users with system administration privileges have distinguishable graph attributes... View full abstract»

    Open Access