Visible to the public Deterrence

SoS Newsletter- Advanced Book Block

SoS Logo



Finding ways both technical and behavioral to provide disincentives to threats is a promising area of research. Since most cybersecurity is “bolt on” rather than embedded, and since detection, response, and forensics are expensive, time-consuming processes, discouraging attacks can be a cost-effective cybersecurity approach.  The research works cited here were presented and published in 2014. 


Fahl, Sascha; Dechand, Sergej; Perl, Henning; Fischer, Felix; Smrcek, Jaromir; Smith, Matthew; “Hey, NSA: Stay Away from My Market! Future Proofing App Markets Against Powerful Attackers;” CCS '14 Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, November 2014, Pages 1143-1155. Doi: 10.1145/2660267.2660311
Abstract: Mobile devices are evolving as the dominant computing platform and consequently application repositories and app markets are becoming the prevalent paradigm for deploying software. Due to their central and trusted position in the software ecosystem, coerced, hacked or malicious app markets pose a serious threat to user security. Currently, there is little that hinders a nation state adversary (NSA) or other powerful attackers from using such central and trusted points of software distribution to deploy customized (malicious) versions of apps to specific users. Due to intransparencies in the current app installation paradigm, this kind of attack is extremely hard to detect.  In this paper, we evaluate the risks and drawbacks of current app deployment in the face of powerful attackers. We assess the app signing practices of 97% of all free Google Play apps and find that the current practices make targeted attacks unnecessarily easy and almost impossible to detect for users and app developers alike. We show that high profile Android apps employ intransparent and unaccountable strategies when they publish apps to (multiple) alternative markets. We then present and evaluate Application Transparency (AT), a new framework that can defend against ``targeted-and-stealthy'' attacks, mount by malicious markets.   We deployed AT in the wild and conducted an extensive field study in which we analyzed app installations on 253,819 real world Android devices that participate in a popular anti-virus app's telemetry program. We find that AT can effectively protect users against malicious targeted attack apps and furthermore adds transparency and accountability to the current intransparent signing and packaging strategies employed by many app developers.
Keywords:  android, apps, market, nsa, security, transparency (ID#: 15-5051)


Almeshekah, Mohammed H.; Spafford, Eugene H.; “Planning and Integrating Deception into Computer Security Defenses;” NSPW '14 Proceedings of the 2014 Workshop on New Security Paradigms, September 2014, Pages  127-138. Doi:  10.1145/2683467.2683482 Abstract: Deceptive techniques played a prominent role in many human conflicts throughout history. Digital conflicts are no different as the use of deception has found its way to computing since at least the 1980s. However, many computer defenses that use deception were ad-hoc attempts to incorporate deceptive elements. In this paper, we present a model that can be used to plan and integrate deception in computer security defenses. We present an overview of fundamental reasons why deception works and the essential principles involved in using such techniques. We investigate the unique advantages deception-based mechanisms bring to traditional computer security defenses. Furthermore, we show how our model can be used to incorporate deception in many part of computer systems and discuss how we can use such techniques effectively. A successful deception should present plausible alternative(s) to the truth and these should be designed to exploit specific adversaries' biases. We investigate these biases and discuss how can they be used by presenting a number of examples.
Keywords: biases, computer security, deception (ID#: 15-5052)


Dubey, N.K.; Kumar, S., "A Review of Watermarking Application in Digital Cinema for Piracy Deterrence," Communication Systems and Network Technologies (CSNT), 2014 Fourth International Conference on, pp.626,630, 7-9 April 2014. doi: 10.1109/CSNT.2014.131 Abstract: Many pirated digital movies by camcorder capture are found on the Internet or on the street market before their official release. During piracy of cinema footage, composite geometric distortions commonly occur due to the angle of the camcorder relative to the screen. There are various research has been done to utilize the geometric distortions that will be occur during piracy in theatre to estimate the position of pirate in theatre via watermarking scheme followed by LACF (local auto correlation function). This paper present the notion of Watermarking and the features required to design a watermarked video for piracy deterrence. We review several methods, and introduce frequently used key techniques. The aim of this paper is to focus on the watermarking technique that is good for piracy deterrence. The majority of the reviewed methods based on watermarking emphasize on the notion of secure spread spectrum way of watermarking followed by LACF for estimating the position of pirate.
Keywords: copy protection; video cameras; video watermarking; LACF; camcorder capture; cinema footage; digital cinema; geometric distortions; local auto correlation function; piracy deterrence; secure spread spectrum; watermarking application; Acoustics; Correlation; Estimation; Internet; Motion pictures; Video equipment; Watermarking; Digital cinema; audio watermarking; local auto-correlation function; local auto-correlation function (LACF); video watermarking (ID#: 15-5053)


Shepherd, M.; Mejias, R.; Klein, G., "A Longitudinal Study to Determine Non-technical Deterrence Effects of Severity and Communication of Internet Use Policy for Reducing Employee Internet Abuse," System Sciences (HICSS), 2014 47th Hawaii International Conference on, pp. 3159,3168, 6-9 Jan. 2014. doi: 10.1109/HICSS.2014.392 Abstract: This is the second part of a longitudinal study that examines how employee Internet abuse may be reduced by non-technical deterrence methods, specifically via IT acceptable use policies (AUP). Both studies used actual usage and audit logs (not self-reporting measures) to monitor the web activity of employees. In the earlier study, a mild AUP reminder to company employees resulted in a 12 percent decrease in non-work Internet usage. The current study utilized a more severe AUP communication and resulted in a 33 percent decrease in non-work Internet usage. For both studies, the AUP reminder resulted in an immediate decrease in non-work Internet usage. Results indicate that while non-work traffic under both treatments returned over time, the longevity effect of the severe AUP message was greater than the mild AUP message and non-work traffic did not return to its previous pre-treatment level by the end of the study.
Keywords: Internet; authorisation; industrial property; personnel; social aspects of automation; AUP; IT acceptable use policy; Internet use policy; Web activity; employee Internet abuse; longevity effect; longitudinal study; nontechnical deterrence effect; nonwork Internet usage; nonwork traffic; Companies; Employment; Information security; Internet; Monitoring; AUP; Internet abuse mitigation (ID#: 15-5054)


Axelrod, C.W., "Reducing Software Assurance Risks for Security-Critical and Safety-Critical Systems," Systems, Applications and Technology Conference (LISAT), 2014 IEEE Long Island pp.1,6, 2-2 May 2014. doi: 10.1109/LISAT.2014.6845212 Abstract: According to the Office of the Assistant Secretary of Defense for Research and Engineering (ASD(R&E)), the US Department of Defense (DoD) recognizes that there is a “persistent lack of a consistent approach ... for the certification of software assurance tools, testing and methodologies” [1]. As a result, the ASD(R&E) is seeking “to address vulnerabilities and weaknesses to cyber threats of the software that operates ... routine applications and critical kinetic systems ...” The mitigation of these risks has been recognized as a significant issue to be addressed in both the public and private sectors. In this paper we examine deficiencies in various software-assurance approaches and suggest ways in which they can be improved. We take a broad look at current approaches, identify their inherent weaknesses and propose approaches that serve to reduce risks. Some technical, economic and governance issues are: (1) Development of software-assurance technical standards (2) Management of software-assurance standards (3) Evaluation of tools, techniques, and metrics (4) Determination of update frequency for tools, techniques (5) Focus on most pressing threats to software systems (6) Suggestions as to risk-reducing research areas (7) Establishment of models of the economics of software-assurance solutions, and testing and certifying software We show that, in order to improve current software assurance policy and practices, particularly with respect to security, there has to be a major overhaul in how software is developed, especially with respect to the requirements and testing phases of the SDLC (Software Development Lifecycle). We also suggest that the current preventative approaches are inadequate and that greater reliance should be placed upon avoidance and deterrence. We also recommend that those developing and operating security-critical and safety-critical systems exchange best-of-breed software assurance methods to prevent the vulnerability of components leading to compromise of entire systems of systems. The recent catastrophic loss of a Malaysia Airlines airplane is then presented as an example of possible compromises of physical and logical security of on-board communications and management and control systems.
Keywords: program testing; safety-critical software; software development management; software metrics; ASD(R&E);Assistant Secretary of Defense for Research and Engineering; Malaysia Airlines airplane; SDLC;US Department of Defense; US DoD; component vulnerability prevention; control systems; critical kinetic systems; cyber threats; economic issues; governance issues; logical security; management systems; on-board communications; physical security; private sectors; public sectors; risk mitigation; safety-critical systems ;security-critical systems; software assurance risk reduction; software assurance tool certification; software development; software development lifecycle; software methodologies ;software metric evaluation; software requirements; software system threats; software technique evaluation; software testing; software tool evaluation; software-assurance standard management ;software-assurance technical standard development ;technical issues; update frequency determination; Measurement; Organizations; Security; Software systems; Standards; Testing; cyber threats; cyber-physical systems; governance; risk; safety-critical systems; security-critical systems; software assurance; technical standards; vulnerabilities; weaknesses (ID#: 15-5055)


Lodhi, F.K.; Hasan, S.R.; Hasan, O.; Awwad, F., "Low Power Soft Error Tolerant Macro Synchronous Micro Asynchronous (MSMA) Pipeline," VLSI (ISVLSI), 2014 IEEE Computer Society Annual Symposium on, pp. 601, 606, 9-11 July 2014. doi: 10.1109/ISVLSI.2014.59 Abstract: Advancement in deep submicron (DSM) technologies led to miniaturization. However, it also increased the vulnerability against some electrical and device non-idealities, including the soft errors. These errors are significant threat to the reliable functionality of digital circuits. Several techniques for the detection and deterrence of soft errors (to improve the reliability) have been proposed, both in synchronous and asynchronous domain. In this paper we propose a low power and soft error tolerant solution for synchronous systems that leverages the asynchronous pipeline within a synchronous framework. We named our technique as macro synchronous micro asynchronous (MSMA) pipeline. We provided a framework along with timing analysis of the MSMA technique. MSMA is implemented using a macro synchronous system and soft error tolerant and low power version of null convention logic (NCL) asynchronous circuit. It is found out that this solution can easily replace the intermediate stages of synchronous and asynchronous pipelines without changing its interface protocol. Such NCL asynchronous circuits can be used as a standard cell in the synchronous ASIC design flow. Power and performance analysis is done using electrical simulations, which shows that this techniques consumes at least 22% less power and 45% less energy delay product (EDP) compared to state-of-the-art solutions.
Keywords: asynchronous circuits; circuit simulation; integrated circuit design; integrated logic circuits; low-power electronics; radiation hardening (electronics);deep submicron technologies; electrical simulations; energy delay product; low power soft error tolerant MSMA pipeline; macrosynchronous;  microasynchronous; null convention logic asynchronous circuit; synchronous ASIC design flow; Adders; Asynchronous circuits; Delays; Logic gates; Pipelines; Rails; Registers; Low power Asynchronous circuits; NCL pipeline; SE tolerant circuits; Soft Error (ID#: 15-5056)


Jahyun Goo; Myung-Seong Yim; Kim, D.J., "A Path to Successful Management of Employee Security Compliance: An Empirical Study of Information Security Climate," Professional Communication, IEEE Transactions on, vol.57, no.4, pp.286,308, Dec. 2014. doi: 10.1109/TPC.2014.2374011 Abstract: Research problem: Although organizations have been exerting a significant effort to leverage policies and procedures to improve information security, their impact and effectiveness is under scrutiny as employees' compliance with information security procedures remains problematic. Research questions: (1) What is the role of information security climate (ISC) in cultivating individual's compliance with security policy? (2) Do individual affective and normative states mediate the effect of ISC to increase security policy compliance intention while thwarting employees' security avoidance? Literature review: Drawing upon Griffin and Neal's safety climate model, which states the effect of safety climate on individual safety behaviors that lead to specific performance outcomes, we develop an ISC model to empirically examine the efficacy of security climate in governing employee's policy compliance. The literature suggests that there could be practical reasons for employees not to observe the security policies and procedures. These go beyond the simple lack of use or negligence, and include rationalizing security violation, particularly in light of the fact that they are under pressure to get something done without delays in daily work. To empirically address such employee behavior, we employed the term, security avoidance in this study-an employee's deliberate intention to avoid security policies or procedures in daily work despite the need and opportunity to do so. Methodology: We surveyed IT users in South Korea about individuals' perception about various organizational/managerial information security practices in the work environment. Results and discussion: The results from 581 participants strongly support the fundamental proposition that the information security climate has a significant positive impact on employee's conformity with the security policy. The study also reveals that the security climate nurtures the employee's affective and cognitive states - hrough affective commitment and normative commitment. These, in turn, mediate the influence of security climate on employee policy compliance by facilitating rule adherence among employees while, at the same time, inspiring self-adjusted behaviors to neutralize their deliberate intents of negligence. Overall, the findings support our view that the creation of strong security climate is the adequate alternative to a sanction-based deterrence to employees' security policy compliance, which limits the presence of security avoidance. The implications to theory are the multidimensional nature of ISC construct and its linkage to a systematic view of individual level information security activities. The implications to practice are the ISC's favorable role of discouraging employee's security avoidance while inducing the security policy compliance intention at the same time, given the limit of sanctions.
Keywords: personnel; security of data; ISC; employee security policy compliance; information security climate; security avoidance; Employment; Information security; Organizations; Personnel; Security; Employee security behavior; partial least squares; security avoidance; security climate; security policy compliance (ID#: 15-5057)


Jafarian, Jafar Haadi H.; Al-Shaer, Ehab; Duan, Qi; “Spatio-temporal Address Mutation for Proactive Cyber Agility Against Sophisticated Attackers;” MTD ’14 Proceedings of the First ACM Workshop on Moving Target Defense; November 2014, Pages 69-78. Doi: 10.1145/2663474.2663483 Abstract: The static one-to-one binding of hosts to IP addresses allows adversaries to conduct thorough reconnaissance in order to discover and enumerate network assets. Specifically, this fixed address mapping allows distributed network scanners to aggregate information gathered at multiple locations over different times in order to construct an accurate and persistent view of the network. The unvarying nature of this view enables adversaries to collaboratively share and reuse their collected reconnaissance information in various stages of attack planning and execution. This paper presents a novel moving target defense (MTD) technique which enables host-to-IP binding of each destination host to vary randomly across the network based on the source identity (spatial randomization) as well as time (temporal randomization). This spatio-temporal randomization will distort attackers' view of the network by causing the collected reconnaissance information to expire as adversaries transition from one host to another or if they stay long enough in one location. Consequently, adversaries are forced to re-scan the network frequently at each location or over different time intervals. These recurring probings significantly raise the bar for the adversaries by slowing down the attack progress, while improving its detectability. We introduce three novel metrics for quantifying the effectiveness of MTD defense techniques: deterrence, deception, and detectability. Using these metrics, we perform rigorous theoretical and experimental analysis to evaluate the efficacy of this approach. These analyses show that our approach is effective in countering a significant number of sophisticated threat models including collaborative reconnaissance, worm propagation, and advanced persistent threat (APT), in an evasion-free manner.
Keywords: adversary-awareness; ip address randomization; moving target defense (mtd); reconnaissance (ID#: 15-5058)


Crossler, Robert; B'elanger, France; “An Extended Perspective on Individual Security Behaviors: Protection Motivation Theory and a Unified Security Practices (USP) Instrument;” ACM SIGMIS Database, Volume 45 Issue 4, November 2014, Pages 51-71. Doi: 10.1145/2691517.2691521 Abstract: Security threats regularly affect users of home computers. As such, it is important to understand the practices of users for protecting their computers and networks, and to identify determinants of these practices. Several recent studies utilize Protection Motivation Theory (PMT) to explore these practices. However, these studies focus on one specific security protection behavior or on intentions to use a generic measure of security protection tools or techniques (practices). In contrast, this study empirically tests the effectiveness of PMT to explain a newly developed measure for collectively capturing several individual security practices. The results show that PMT explains an important portion of the variance in the unified security practices measure, and demonstrates the importance of explaining individual security practices as a whole as opposed to one particular behavior individually. Implications of the study for research and practice are discussed.
Keywords: home user, information security, protection motivation theory, security practices (ID#: 15-5059)


Feigenbaum, Joan; Jaggard, Aaron D.; Wright, Rebecca N.; “Open vs. Closed Systems for Accountability;”  HotSoS '14 Proceedings of the 2014 Symposium and Bootcamp on the Science of Security, April 2014, Article No. 4. Doi: 10.1145/2600176.2600179 Abstract: The relationship between accountability and identity in online life presents many interesting questions. Here, we first systematically survey the various (directed) relationships among principals, system identities (nyms) used by principals, and actions carried out by principals using those nyms. We also map these relationships to corresponding accountability-related properties from the literature.  Because punishment is fundamental to accountability, we then focus on the relationship between punishment and the strength of the connection between principals and nyms. To study this particular relationship, we formulate a utility-theoretic framework that distinguishes between principals and the identities they may use to commit violations. In doing so, we argue that the analogue applicable to our setting of the well known concept of quasilinear utility is insufficiently rich to capture important properties such as reputation. We propose more general utilities with linear transfer that do seem suitable for this model.  In our use of this framework, we define notions of "open" and "closed" systems. This distinction captures the degree to which system participants are required to be bound to their system identities as a condition of participating in the system. This allows us to study the relationship between the strength of identity binding and the accountability properties of a system.
Keywords: accountability, identity, utility (ID#: 15-5060)


Ferdous, Md. Sadek; Norman, Gethin; Poet, Ron; “Mathematical Modelling of Identity, Identity Management and Other Related Topics;” SIN '14 Proceedings of the 7th International Conference on Security of Information and Networks, September 2014, Pages 9. Doi:  10.1145/2659651.2659729 Abstract: There exist disparate sets of definitions with different semantics on different topics of Identity Management which often lead to misunderstanding. A few efforts can be found compiling several related vocabularies into a single place to build up a set of definitions based on a common semantic. However, these efforts are not comprehensive and are only textual in nature. In essence, a mathematical model of identity and identity management covering all its aspects is still missing. In this paper we build up a mathematical model of different core topics covering a wide range of vocabularies related to Identity Management. At first we build up a mathematical model of Digital Identity. Then we use the model to analyse different aspects of Identity Management. Finally, we discuss three applications to illustrate the applicability of our approach. Being based on mathematical foundations, the approach can be used to build up a solid understanding on different topics of Identity Management.
Keywords: Identity, Identity Management, Mathematical Modelling (ID#: 15-5061)


Mora, Antonio M.; De las Cuevas, Paloma; Merelo, Juan Julian; Zamarripa, Sergio; Esparcia-Alcazar, Anna I.; “Enforcing Corporate Security Policies via Computational Intelligence Techniques;” GECCO Comp '14 Proceedings of the 2014 Conference Companion On Genetic And Evolutionary Computation Companion, July 2014, Pages 1245-1252. Doi:  10.1145/2598394.2605438 Abstract: This paper presents an approach, based in a project in development, which combines Data Mining, Machine Learning and Computational Intelligence techniques, in order to create a user-centric and adaptable corporate security system. Thus, the system, named MUSES, will be able to analyse the user's behaviour (modelled as events) when interacting with the company's server, accessing to corporate assets, for instance. As a result of this analysis, and after the application of the aforementioned techniques, the Corporate Security Policies, and specifically, the Corporate Security Rules will be adapted to deal with new anomalous situations, or to better manage user's behaviour. The work reviews the current state of the art in security issues resolution by means of these kind of methods. Then it describes the MUSES features in this respect and compares them with the existing approaches.
Keywords: computational intelligence, corporate security policies, evolutionary computation, security rules (ID#: 15-5062)


Syta, Ewa; Corrigan-Gibbs, Henry; Weng, Shu-Chun; Wolinsky, David; Ford, Bryan; Johnson, Aaron; “Security Analysis of Accountable Anonymity in Dissent;” ACM Transactions on Information and System Security (TISSEC), Volume 17, Issue 1, August 2014, Article No. 4.  Doi: 10.1145/2629621 Abstract: Users often wish to communicate anonymously on the Internet, for example, in group discussion or instant messaging forums. Existing solutions are vulnerable to misbehaving users, however, who may abuse their anonymity to disrupt communication. Dining Cryptographers Networks (DC-nets) leave groups vulnerable to denial-of-service and Sybil attacks; mix networks are difficult to protect against traffic analysis; and accountable voting schemes are unsuited to general anonymous messaging.  Dissent is the first general protocol offering provable anonymity and accountability for moderate-size groups, while efficiently handling unbalanced communication demands among users. We present an improved and hardened dissent protocol, define its precise security properties, and offer rigorous proofs of these properties. The improved protocol systematically addresses the delicate balance between provably hiding the identities of well-behaved users, while provably revealing the identities of disruptive users, a challenging task because many forms of misbehavior are inherently undetectable. The new protocol also addresses several nontrivial attacks on the original dissent protocol stemming from subtle design flaws.
Keywords: Anonymous communication, accountable anonymity, provable security (ID#: 15-5063)


Ren, Chuangang; Chen, Kai; Liu, Peng; “Droidmarking: Resilient Software Watermarking for Impeding Android Application Repackaging;” ASE '14 Proceedings of the 29th ACM/IEEE International Conference on Automated Software Engineering, September 2014, Pages 635-646. Doi: 10.1145/2642937.2642977 Abstract: Software plagiarism in Android markets (app repackaging) is raising serious concerns about the health of the Android ecosystem. Existing app repackaging detection techniques fall short in detection efficiency and in resilience to circumventing attacks; this allows repackaged apps to be widely propagated and causes extensive damages before being detected. To overcome these difficulties and instantly thwart app repackaging threats, we devise a new dynamic software watermarking technique - Droidmarking - for Android apps that combines the efforts of all stakeholders and achieves the following three goals: (1) copyright ownership assertion for developers, (2) real-time app repackaging detection on user devices, and (3) resilience to evading attacks. Distinct from existing watermarking techniques, the watermarks in Droidmarking are non-stealthy, which means that watermark locations are not intentionally concealed, yet still are impervious to evading attacks. This property effectively enables normal users to recover and verify watermark copyright information without requiring a confidential watermark recognizer. Droidmarking is based on a primitive called self-decrypting code (SDC). Our evaluations show that Droidmarking is a feasible and robust technique to effectively impede app repackaging with relatively small performance overhead.
Keywords: android, app repackaging, software watermarking (ID#: 15-5064)


Zhou, Wu; Wang, Zhi; Zhou, Yajin; Jiang, Xuxian; “DIVILAR: Diversifying Intermediate Language for Anti-repackaging on Android Platform;” CODASPY '14 Proceedings of the 4th ACM Conference on Data and Application Security and Privacy, March 2014, Pages 199-210. Doi:  10.1145/2557547.2557558 Abstract: App repackaging remains a serious threat to the emerging mobile app ecosystem. Previous solutions have mostly focused on the postmortem detection of repackaged apps by measuring similarity among apps. In this paper, we propose DIVILAR, a virtualization-based protection scheme to enable self-defense of Android apps against app repackaging. Specifically, it re-encodes an Android app in a diversified virtual instruction set and uses a specialized execute engine for these virtual instructions to run the protected app. However, this extra layer of execution may cause significant performance overhead, rendering the solution unacceptable for daily use. To address this challenge, we leverage a light-weight hooking mechanism to hook into Dalvik VM, the execution engine for Dalvik bytecode, and piggy-back the decoding of virtual instructions to that of Dalvik bytecode. By compositing virtual and Dalvik instruction execution, we can effectively eliminate this extra layer of execution and significantly reduce the performance overhead. We have implemented a prototype of DIVILAR. Our evaluation shows that DIVILAR is resilient against existing static and dynamic analysis, including these specific to VM-based protection. Further performance evaluation demonstrates its efficiency for daily use (an average of 16.2 and 8.9 increase to the start time and run time, respectively).
Keywords: android, anti-repackaging, virtual machine (ID#: 15-5065)


Sun, Mengtao; Tan, Gang; “NativeGuard: Protecting Android Applications from Third-party Native Libraries;” WiSec '14 Proceedings of the 2014 ACM Conference on Security and Privacy in Wireless & Mobile Networks,  July 2014, pages 165-176.  Doi:  10.1145/2627393.2627396 Abstract: Android applications often include third-party libraries written in native code. However, current native components are not well managed by Android's security architecture. We present NativeGuard, a security framework that isolates native libraries from other components in Android applications. Leveraging the process-based protection in Android, NativeGuard isolates native libraries of an Android application into a second application where unnecessary privileges are eliminated. NativeGuard requires neither modifications to Android nor access to the source code of an application. It addresses multiple technical issues to support various interfaces that Android provides to the native world. Experimental results demonstrate that our framework works well with a set of real-world applications, and incurs only modest overhead on benchmark programs.
Keywords: android, java native interface, privilege isolation (ID#: 15-5066)


Peng, Chunyi; Li, Chi-Yu; Wang, Hongyi; Tu, Guan-Hua; Lu, Songwu; “Real Threats to Your Data Bills: Security Loopholes and Defenses in Mobile Data Charging;” CCS '14 Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, November 2014, Pages 727-738. Doi: 10.1145/2660267.2660346 Abstract:  Secure mobile data charging (MDC) is critical to cellular network operations. It must charge the right user for the right volume that (s)he authorizes to consume (i.e., requirements of authentication, authorization, and accounting (AAA)). In this work, we conduct security analysis of the MDC system in cellular networks. We find that all three can be breached in both design and practice, and identify three concrete vulnerabilities: authentication bypass, authorization fraud and accounting volume inaccuracy. The root causes lie in technology fundamentals of cellular networks and the Internet IP design, as well as imprudent implementations. We devise three showcase attacks to demonstrate that, even simple attacks can easily penetrate the operational 3G/4G cellular networks. We further propose and evaluate defense solutions.
Keywords: aaa, accounting, attack, authentication, authorization, cellular networks, defense, mobile data services (ID#: 15-5067)


Nostro, Nicola; Ceccarelli, Andrea; Bondavalli, Andrea; Brancati, Francesco; “Insider Threat Assessment: A Model-Based Methodology;” ACM SIGOPS Operating Systems Review, Volume 48, Issue 2, July 2014, Pages 3-12. Doi:   10.1145/2694737.2694740 Abstract:  Security is a major challenge for today's companies, especially ICT ones which manage large scale cyber-critical systems. Amongst the multitude of attacks and threats to which a system is potentially exposed, there are insider attackers i.e., users with legitimate access which abuse or misuse of their power, thus leading to unexpected security violation (e.g., acquire and disseminate sensitive information). These attacks are very difficult to detect and mitigate due to the nature of the attackers, which often are company's employees motivated by socio-economical reasons, and to the fact that attackers operate within their granted restrictions. It is a consequence that insider attackers constitute an actual threat for ICT organizations. In this paper we present our methodology, together with the application of existing supporting libraries and tools from the state-of-the-art, for insider threats assessment and mitigation. The ultimate objective is to define the motivations and the target of an insider, investigate the likeliness and severity of potential violations, and finally identify appropriate countermeasures. The methodology also includes a maintenance phase during which the assessment can be updated to reflect system changes. As case study, we apply our methodology to the crisis management system Secure!, which includes different kinds of users and consequently is potentially exposed to a large set of insider threats.
Keywords: attack path, insider threats, risk assessment, security (ID#: 15-5068)


Uta, Adina; Ivan, Ion; Popa, Marius; Ciurea, Cristian; Doinea, Mihai; “Security of Virtual Entities;” CompSysTech '14 Proceedings of the 15th International Conference on Computer Systems and Technologies, June 2014, Pages 278-285. Doi: 10.1145/2659532.2659634 Abstract: The concepts of basic virtual entity and derived virtual entity are presented. Their quality characteristics are defined in the context of multiple accessing by heterogeneous target group members. The development conditions of derived entities are established. For collections of basic virtual entities and derived entities, are constructed and implemented algorithms to ensure and increase the level of security in the virtual environment. To implement a complete set of virtual entities, measurements of the security level are performed, using a special metric built.
Keywords: basic entities, derived entities, multi-access, security, security metric, target group, virtual environment (ID#: 15-5069)


Okada, Kazuya; Hazeyama, Hiroaki; Kadobayashi, Youki; “Oblivious DDoS Mitigation with Locator/ID Separation Protocol;” CFI '14 Proceedings of The Ninth International Conference on Future Internet Technologies, June 2014, Article No. 8. Doi: 10.1145/2619287.2619291 Abstract: The need to keep an attacker oblivious of an attack mitigation effort is a very important component of a defense against denial of services (DoS) and distributed denial of services (DDoS) attacks because it helps to dissuade attackers from changing their attack patterns. Conceptually, DDoS mitigation can be achieved by two components. The first is a decoy server that provides a service function or receives attack traffic as a substitute for a legitimate server. The second is a decoy network that restricts attack traffic to the peripheries of a network, or which reroutes attack traffic to decoy servers. In this paper, we propose the use of a two-stage map table extension Locator/ID Separation Protocol (LISP) to realize a decoy network. We also describe and demonstrate how LISP can be used to implement an oblivious DDoS mitigation mechanism by adding a simple extension on the LISP MapServer. Together with decoy servers, this method can terminate DDoS traffic on the ingress end of an LISP-enabled network. We verified the effectiveness of our proposed mechanism through simulated DDoS attacks on a simple network topology. Our evaluation results indicate that the mechanism could be activated within a few seconds, and that the attack traffic can be terminated without incurring overhead on the MapServer.
Keywords: DoS/DDoS, LISP, mitigation, routing (ID#: 15-5070)


Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.