Visible to the public Deterrence, 2014 (ACM Publications)

SoS Newsletter- Advanced Book Block

SoS Logo

Deterrence, 2014 (ACM Publications)


Finding ways both technical and behavioral to provide disincentives to threats is a promising area of research. Since most cybersecurity is “bolt on” rather than embedded, and since detection, response and forensics are expensive, time consuming processes, discouraging attacks can be a cost effective cybersecurity approach. The research works cited here were presented and published in 2014 in various publications of the ACM.  


Mohammed H. Almeshekah, Eugene H. Spafford; “Planning and Integrating Deception into Computer Security Defenses;” NSPW '14 Proceedings of the 2014 workshop on New Security Paradigms Workshop, September 2014, Pages 127-138. Doi: 10.1145/2683467.2683482 Abstract: Deceptive techniques played a prominent role in many human conflicts throughout history. Digital conflicts are no different as the use of deception has found its way to computing since at least the 1980s. However, many computer defenses that use deception were ad-hoc attempts to incorporate deceptive elements. In this paper, we present a model that can be used to plan and integrate deception in computer security defenses. We present an overview of fundamental reasons why deception works and the essential principles involved in using such techniques. We investigate the unique advantages deception-based mechanisms bring to traditional computer security defenses. Furthermore, we show how our model can be used to incorporate deception in many part of computer systems and discuss how we can use such techniques effectively. A successful deception should present plausible alternative(s) to the truth and these should be designed to exploit specific adversaries' biases. We investigate these biases and discuss how can they be used by presenting a number of examples.
Keywords: biases, computer security, deception (ID#: 15-5071)


Kazuya Okada, Hiroaki Hazeyama, Youki Kadobayashi; “Oblivious DDoS Mitigation With Locator/ID Separation Protocol;” CFI '14 Proceedings of The Ninth International Conference on Future Internet Technologies, June 2014, Article No. 8. Doi: 10.1145/2619287.2619291 Abstract: The need to keep an attacker oblivious of an attack mitigation effort is a very important component of a defense against denial of services (DoS) and distributed denial of services (DDoS) attacks because it helps to dissuade attackers from changing their attack patterns. Conceptually, DDoS mitigation can be achieved by two components. The first is a decoy server that provides a service function or receives attack traffic as a substitute for a legitimate server. The second is a decoy network that restricts attack traffic to the peripheries of a network, or which reroutes attack traffic to decoy servers. In this paper, we propose the use of a two-stage map table extension Locator/ID Separation Protocol (LISP) to realize a decoy network. We also describe and demonstrate how LISP can be used to implement an oblivious DDoS mitigation mechanism by adding a simple extension on the LISP MapServer. Together with decoy servers, this method can terminate DDoS traffic on the ingress end of an LISP-enabled network. We verified the effectiveness of our proposed mechanism through simulated DDoS attacks on a simple network topology. Our evaluation results indicate that the mechanism could be activated within a few seconds, and that the attack traffic can be terminated without incurring overhead on the MapServer.
Keywords:  DoS/DDoS, LISP, mitigation, routing (ID#: 15-5072)


Nicola Nostro, Andrea Ceccarelli, Andrea Bondavalli, Francesco Brancati; “Insider Threat Assessment: a Model-Based Methodology;” ACM SIGOPS Operating Systems Review, Volume 48 Issue 2, July 2014, Pages 3-12. Doi: 10.1145/2694737.2694740 Abstract: Security is a major challenge for today's companies, especially ICT ones which manage large scale cyber-critical systems. Amongst the multitude of attacks and threats to which a system is potentially exposed, there are insider attackers i.e., users with legitimate access which abuse or misuse of their power, thus leading to unexpected security violation (e.g., acquire and disseminate sensitive information). These attacks are very difficult to detect and mitigate due to the nature of the attackers, which often are company's employees motivated by socio-economical reasons, and to the fact that attackers operate within their granted restrictions. It is a consequence that insider attackers constitute an actual threat for ICT organizations. In this paper we present our methodology, together with the application of existing supporting libraries and tools from the state-of-the-art, for insider threats assessment and mitigation. The ultimate objective is to define the motivations and the target of an insider, investigate the likeliness and severity of potential violations, and finally identify appropriate countermeasures. The methodology also includes a maintenance phase during which the assessment can be updated to reflect system changes. As case study, we apply our methodology to the crisis management system Secure!, which includes different kinds of users and consequently is potentially exposed to a large set of insider threats.
Keywords: attack path, insider threats, risk assessment, security (ID#: 15-5073)


Adina Uta, Ion Ivan, Marius Popa, Cristian Ciurea, Mihai Doinea; “Security of Virtual Entities” CompSysTech '14 Proceedings of the 15th International Conference on Computer Systems and Technologies, June 2014, Pages 278-285. Doi:  10.1145/2659532.2659634 Abstract: The concepts of basic virtual entity and derived virtual entity are presented. Their quality characteristics are defined in the context of multiple accessing by heterogeneous target group members. The development conditions of derived entities are established. For collections of basic virtual entities and derived entities, are constructed and implemented algorithms to ensure and increase the level of security in the virtual environment. To implement a complete set of virtual entities, measurements of the security level are performed, using a special metric built.
Keywords: basic entities, derived entities, multi-access, security, security metric, target group, virtual environment (ID#: 15-5074)


Jafar Haadi H. Jafarian, Ehab Al-Shaer, Qi Duan; “Spatio-temporal Address Mutation for Proactive Cyber Agility against Sophisticated Attackers;” MTD '14 Proceedings of the First ACM Workshop on Moving Target Defense, December 2014, Pages 69-78. Doi: 10.1145/2663474.2663483 Abstract: The static one-to-one binding of hosts to IP addresses allows adversaries to conduct thorough reconnaissance in order to discover and enumerate network assets. Specifically, this fixed address mapping allows distributed network scanners to aggregate information gathered at multiple locations over different times in order to construct an accurate and persistent view of the network. The unvarying nature of this view enables adversaries to collaboratively share and reuse their collected reconnaissance information in various stages of attack planning and execution. This paper presents a novel moving target defense (MTD) technique which enables host-to-IP binding of each destination host to vary randomly across the network based on the source identity (spatial randomization) as well as time (temporal randomization). This spatio-temporal randomization will distort attackers' view of the network by causing the collected reconnaissance information to expire as adversaries transition from one host to another or if they stay long enough in one location. Consequently, adversaries are forced to re-scan the network frequently at each location or over different time intervals. These recurring probings significantly raises the bar for the adversaries by slowing down the attack progress, while improving its detectability. We introduce three novel metrics for quantifying the effectiveness of MTD defense techniques: deterrence, deception, and detectability. Using these metrics, we perform rigorous theoretical and experimental analysis to evaluate the efficacy of this approach. These analyses show that our approach is effective in countering a significant number of sophisticated threat models including collaborative reconnaissance, worm propagation, and advanced persistent threat (APT), in an evasion-free manner.
Keywords: adversary-awareness, ip address randomization, moving target defense (mtd), reconnaissance (ID#: 15-5075)


Aron Laszka, Benjamin Johnson, Pascal Schöttle, Jens Grossklags, Rainer Böhme; “Secure Team Composition to Thwart Insider Threats and Cyber-Espionage;” ACM Transactions on Internet Technology (TOIT) - Special Issue on Pricing and Incentives in Networks and Systems and Regular Papers, Volume 14 Issue 2-3, October 2014,  Article No. 19. Doi: 10.1145/2663499 Abstract: We develop a formal nondeterministic game model for secure team composition to counter cyber-espionage and to protect organizational secrets against an attacker who tries to sidestep technical security mechanisms by offering a bribe to a project team member. The game captures the adversarial interaction between the attacker and the project manager who has a secret she wants to protect but must share with a team of individuals selected from within her organization. Our interdisciplinary work is important in the face of the multipronged approaches utilized by well-motivated attackers to circumvent the fortifications of otherwise well-defended targets.
Keywords: Insider threat, access control, cyber-espionage, game theory, human factor, management of information security (ID#: 15-5076)


Robert Crossler, France Bélanger; ”An Extended Perspective on Individual Security Behaviors: Protection Motivation Theory and a Unified Security Practices (USP) Instrument;” ACM SIGMIS, Volume 45 Issue 4, November 2014, Pages 51-71. Doi: 10.1145/2691517.2691521 Abstract: Security threats regularly affect users of home computers. As such, it is important to understand the practices of users for protecting their computers and networks, and to identify determinants of these practices. Several recent studies utilize Protection Motivation Theory (PMT) to explore these practices. However, these studies focus on one specific security protection behavior or on intentions to use a generic measure of security protection tools or techniques (practices). In contrast, this study empirically tests the effectiveness of PMT to explain a newly developed measure for collectively capturing several individual security practices. The results show that PMT explains an important portion of the variance in the unified security practices measure, and demonstrates the importance of explaining individual security practices as a whole as opposed to one particular behavior individually. Implications of the study for research and practice are discussed.
Keywords: home user, information security, protection motivation theory, security practices (ID#: 15-5077)


Joan Feigenbaum, Aaron D. Jaggard, Rebecca N. Wright; “Open vs. Closed Systems for Accountability;” HotSoS '14 Proceedings of the 2014 Symposium and Bootcamp on the Science of Security, April 2014, Article No. 4.  Doi: 10.1145/2600176.2600179 Abstract: The relationship between accountability and identity in online life presents many interesting questions. Here, we first systematically survey the various (directed) relationships among principals, system identities (nyms) used by principals, and actions carried out by principals using those nyms. We also map these relationships to corresponding accountability-related properties from the literature. Because punishment is fundamental to accountability, we then focus on the relationship between punishment and the strength of the connection between principals and nyms. To study this particular relationship, we formulate a utility-theoretic framework that distinguishes between principals and the identities they may use to commit violations. In doing so, we argue that the analogue applicable to our setting of the well known concept of quasilinear utility is insufficiently rich to capture important properties such as reputation. We propose more general utilities with linear transfer that do seem suitable for this model.  In our use of this framework, we define notions of "open" and "closed" systems. This distinction captures the degree to which system participants are required to be bound to their system identities as a condition of participating in the system. This allows us to study the relationship between the strength of identity binding and the accountability properties of a system.
Keywords: accountability, identity, utility (ID#: 15-5078)


Md. Sadek Ferdous, Gethin Norman, Ron Poet; “Mathematical Modelling of Identity, Identity Management and Other Related Topics;” SIN '14 Proceedings of the 7th International Conference on Security of Information and Networks, September 2014, Pages 9. Doi: 10.1145/2659651.2659729 Abstract: There exist disparate sets of definitions with different semantics on different topics of Identity Management which often lead to misunderstanding. A few efforts can be found compiling several related vocabularies into a single place to build up a set of definitions based on a common semantic. However, these efforts are not comprehensive and are only textual in nature. In essence, a mathematical model of identity and identity management covering all its aspects is still missing. In this paper we build up a mathematical model of different core topics covering a wide range of vocabularies related to Identity Management. At first we build up a mathematical model of Digital Identity. Then we use the model to analyse different aspects of Identity Management. Finally, we discuss three applications to illustrate the applicability of our approach. Being based on mathematical foundations, the approach can be used to build up a solid understanding on different topics of Identity Management.
Keywords: Identity, Identity Management, Mathematical Modelling (ID#: 15-5079)


Enric Junqué de Fortuny, Marija Stankova, Julie Moeyersoms, Bart Minnaert, Foster Provost, David Martens; “Corporate Residence Fraud Detection;”  KDD '14 Proceedings of the 20th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, August 2014, Pages 1650-1659. Doi: 10.1145/2623330.2623333 Abstract: With the globalisation of the world's economies and ever-evolving financial structures, fraud has become one of the main dissipaters of government wealth and perhaps even a major contributor in the slowing down of economies in general. Although corporate residence fraud is known to be a major factor, data availability and high sensitivity have caused this domain to be largely untouched by academia. The current Belgian government has pledged to tackle this issue at large by using a variety of in-house approaches and cooperations with institutions such as academia, the ultimate goal being a fair and efficient taxation system. This is the first data mining application specifically aimed at finding corporate residence fraud, where we show the predictive value of using both structured and fine-grained invoicing data. We further describe the problems involved in building such a fraud detection system, which are mainly data-related (e.g. data asymmetry, quality, volume, variety and velocity) and deployment-related (e.g. the need for explanations of the predictions made).
Keywords: corporate residence fraud, fraud detection, structured data, transactional data (ID#: 15-5080)


Antonio M. Mora, Paloma De las Cuevas, Juan Julián Merelo, Sergio Zamarripa, Anna I. Esparcia-Alcázar; “Enforcing Corporate Security Policies via Computational Intelligence Techniques;”  GECCO Comp '14 Proceedings of the 2014 Conference Companion on Genetic and Evolutionary Computation Companion, July 2014, Pages 1245-1252. Doi: 10.1145/2598394.2605438 Abstract: This paper presents an approach, based in a project in development, which combines Data Mining, Machine Learning and Computational Intelligence techniques, in order to create a user-centric and adaptable corporate security system. Thus, the system, named MUSES, will be able to analyse the user's behaviour (modelled as events) when interacting with the company's server, accessing to corporate assets, for instance. As a result of this analysis, and after the application of the aforementioned techniques, the Corporate Security Policies, and specifically, the Corporate Security Rules will be adapted to deal with new anomalous situations, or to better manage user's behaviour. The work reviews the current state of the art in security issues resolution by means of these kind of methods. Then it describes the MUSES features in this respect and compares them with the existing approaches.
Keywords: computational intelligence, corporate security policies, evolutionary computation, security rules (ID#: 15-5081)


Chuangang Ren, Kai Chen, Peng Liu; “Droidmarking: Resilient Software Watermarking for Impeding Android Application Repackaging;” ASE '14 Proceedings of the 29th ACM/IEEE International Conference on Automated Software Engineering, September 2014, Pages 635-646. Doi: 10.1145/2642937.2642977 Abstract: Software plagiarism in Android markets (app repackaging) is raising serious concerns about the health of the Android ecosystem. Existing app repackaging detection techniques fall short in detection efficiency and in resilience to circumventing attacks; this allows repackaged apps to be widely propagated and causes extensive damages before being detected. To overcome these difficulties and instantly thwart app repackaging threats, we devise a new dynamic software watermarking technique - Droidmarking - for Android apps that combines the efforts of all stakeholders and achieves the following three goals: (1) copyright ownership assertion for developers, (2) real-time app repackaging detection on user devices, and (3) resilience to evading attacks. Distinct from existing watermarking techniques, the watermarks in Droidmarking are non-stealthy, which means that watermark locations are not intentionally concealed, yet still are impervious to evading attacks. This property effectively enables normal users to recover and verify watermark copyright information without requiring a confidential watermark recognizer. Droidmarking is based on a primitive called self-decrypting code (SDC). Our evaluations show that Droidmarking is a feasible and robust technique to effectively impede app repackaging with relatively small performance overhead.
Keywords: android, app repackaging, software watermarking (ID#: 15-5082)


Wu Zhou, Zhi Wang, Yajin Zhou, Xuxian Jiang: “DIVILAR: Diversifying Intermediate Language for Anti-Repackaging on Android Platform;” CODASPY '14 Proceedings of the 4th ACM Cnference on Data and Application Security and Privacy, March 2014, Pages 199-210. Doi: 10.1145/2557547.2557558  Abstract: App repackaging remains a serious threat to the emerging mobile app ecosystem. Previous solutions have mostly focused on the postmortem detection of repackaged apps by measuring similarity among apps. In this paper, we propose DIVILAR, a virtualization-based protection scheme to enable self-defense of Android apps against app repackaging. Specifically, it re-encodes an Android app in a diversified virtual instruction set and uses a specialized execute engine for these virtual instructions to run the protected app. However, this extra layer of execution may cause significant performance overhead, rendering the solution unacceptable for daily use. To address this challenge, we leverage a light-weight hooking mechanism to hook into Dalvik VM, the execution engine for Dalvik bytecode, and piggy-back the decoding of virtual instructions to that of Dalvik bytecode. By compositing virtual and Dalvik instruction execution, we can effectively eliminate this extra layer of execution and significantly reduce the performance overhead. We have implemented a prototype of DIVILAR. Our evaluation shows that DIVILAR is resilient against existing static and dynamic analysis, including these specific to VM-based protection. Further performance evaluation demonstrates its efficiency for daily use (an average of 16.2 and 8.9 increase to the start time and run time, respectively).
Keywords: android, anti-repackaging, virtual machine (ID#: 15-5083)


Ewa Syta, Henry Corrigan-Gibbs, Shu-Chun Weng, David Wolinsky, Bryan Ford, Aaron Johnson; “Security Analysis of Accountable Anonymity in Dissent;” ACM Transactions on Information and System Security (TISSEC), Volume 17 Issue 1, August 2014, Article No. 4. Doi: 10.1145/2629621 Abstract: Users often wish to communicate anonymously on the Internet, for example, in group discussion or instant messaging forums. Existing solutions are vulnerable to misbehaving users, however, who may abuse their anonymity to disrupt communication. Dining Cryptographers Networks (DC-nets) leave groups vulnerable to denial-of-service and Sybil attacks; mix networks are difficult to protect against traffic analysis; and accountable voting schemes are unsuited to general anonymous messaging. Dissent is the first general protocol offering provable anonymity and accountability for moderate-size groups, while efficiently handling unbalanced communication demands among users. We present an improved and hardened dissent protocol, define its precise security properties, and offer rigorous proofs of these properties. The improved protocol systematically addresses the delicate balance between provably hiding the identities of well-behaved users, while provably revealing the identities of disruptive users, a challenging task because many forms of misbehavior are inherently undetectable. The new protocol also addresses several nontrivial attacks on the original dissent protocol stemming from subtle design flaws.
Keywords: Anonymous communication, accountable anonymity, provable security (ID#: 15-5084)


Mengtao Sun, Gang Tan; “NativeGuard: Protecting Android Applications from Third-Party Native Libraries;” WiSec '14 Proceedings of the 2014 ACM Conference on Security and Privacy in Wireless & Mobile Networks, July 2014, Pages 165-176. Doi: 10.1145/2627393.2627396 Abstract: Android applications often include third-party libraries written in native code. However, current native components are not well managed by Android's security architecture. We present NativeGuard, a security framework that isolates native libraries from other components in Android applications. Leveraging the process-based protection in Android, NativeGuard isolates native libraries of an Android application into a second application where unnecessary privileges are eliminated. NativeGuard requires neither modifications to Android nor access to the source code of an application. It addresses multiple technical issues to support various interfaces that Android provides to the native world. Experimental results demonstrate that our framework works well with a set of real-world applications, and incurs only modest overhead on benchmark programs.
Keywords: android, java native interface, privilege isolation (ID#: 15-5085)


Christopher Smowton, Jacob R. Lorch, David Molnar, Stefan Saroiu, Alec Wolman; “Zero-effort Payments: Design, Deployment, and Lessons;” UbiComp '14 Proceedings of the 2014 ACM International Joint Conference on Pervasive and Ubiquitous Computing, September 2014, Pages 763-774. Doi: 10.1145/2632048.2632067 Abstract: This paper presents Zero-Effort Payments (ZEP), a seamless mobile computing system designed to accept payments with no effort on the customer's part beyond a one-time opt-in. With ZEP, customers need not present cards nor operate smartphones to convey their identities. ZEP uses three complementary identification technologies: face recognition, proximate device detection, and human assistance. We demonstrate that the combination of these technologies enables ZEP to scale to the level needed by our deployments.  We designed and built ZEP, and demonstrated its usefulness across two real-world deployments lasting five months of continuous deployment, and serving 274 customers. The different nature of our deployments stressed different aspects of our system. These challenges led to several system design changes to improve scalability and fault-tolerance.
Keywords: BLE, biometrics, Bluetooth, face recognition, fault tolerance, indoor localization, latency, mobile payments, scalability (ID#: 15-5086)


Chunyi Peng, Chi-Yu Li, Hongyi Wang, Guan-Hua Tu, Songwu Lu; “Real Threats to Your Data Bills: Security Loopholes and Defenses in Mobile Data Charging;” CCS '14 Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, November 2014, Pages 727-738. Doi: 10.1145/2660267.2660346 Abstract: Secure mobile data charging (MDC) is critical to cellular network operations. It must charge the right user for the right volume that (s)he authorizes to consume (i.e., requirements of authentication, authorization, and accounting (AAA)). In this work, we conduct security analysis of the MDC system in cellular networks. We find that all three can be breached in both design and practice, and identify three concrete vulnerabilities: authentication bypass, authorization fraud and accounting volume inaccuracy. The root causes lie in technology fundamentals of cellular networks and the Internet IP design, as well as imprudent implementations. We devise three showcase attacks to demonstrate that, even simple attacks can easily penetrate the operational 3G/4G cellular networks. We further propose and evaluate defense solutions.
Keywords:  aaa, accounting, attack, authentication, authorization, cellular networks, defense, mobile data services (ID#: 15-5087)


Agostino Bruzzone, Marina Massei, Francesco Longo, Simonluca Poggi, Matteo Agresta, Christian Bartolucci, Letizia Nicoletti; “Human Behavior Simulation for Complex Scenarios Based on Intelligent Agents;” ANSS '14 Proceedings of the 2014 Annual Simulation Symposium, April 2014, Article No. 10. Doi: 2664292.2664302 Abstract: The focus of this paper is to develop a scenario and realistic case study to be applied in the human behavior simulation for complex scenarios involving coalition operations; for this purpose the intelligent agents will be used in order to reproduce the interactions among forces, local population and interest groups as well as the consequences of different COAs (Courses of Actions). The proposed modeling approach considers the complex interactions among many variables and resulting as effects of the Commander decisions in a comprehensive scenario involving multiple layers(i.e. Political, Military, Economic, Diplomatic, Social, Media and Infrastructure); the authors proposes here a realistic scenario for using Interoperable Simulation on Crisis Management related to a NEO (Non-combatant Evacuation Operation).
Keywords: computer generated forces, crisis management, human behavior models, intelligent agents, interoperable simulation, non combatant evacuation operations (ID#: 15-5088)


R. Cohen, D. Y. Lam, N. Agarwal, M. Cormier, J. Jagdev, T. Jin, M. Kukreti, J. Liu, K. Rahim, R. Rawat, W. Sun, D. Wang, M. Wexler; “Using Computer Technology to Address the Problem of Cyberbullying;” ACM SIGCAS Computers and Society, Volume 44 Issue 2, July 2014, Pages 52-61. Doi: 10.1145/2656870.2656876 Abstract: The issue of cyberbullying is a social concern that has arisen due to the prevalent use of computer technology today. In this paper, we present a multi-faceted solution to mitigate the effects of cyberbullying, one that uses computer technology in order to combat the problem. We propose to provide assistance for various groups affected by cyberbullying (the bullied and the bully, both). Our solution was developed through a series of group projects and includes i) technology to detect the occurrence of cyberbullying ii) technology to enable reporting of cyberbullying iii) proposals to integrate third-party assistance when cyberbullying is detected iv) facilities for those with authority to manage online social networks or to take actions against detected bullies. In all, we demonstrate how this important social problem which arises due to computer technology can also leverage computer technology in order to take steps to better cope with the undesirable effects that have arisen.
Keywords: cyberbullying, education, online safety, social network (ID#: 15-5089)


Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.