Visible to the public Biblio

Found 459 results

Filters: First Letter Of Last Name is D  [Clear All Filters]
A B C [D] E F G H I J K L M N O P Q R S T U V W X Y Z   [Show ALL]
D
Deng, Juan, Zhou, Bing, Shi, YiLiang.  2018.  Application of Improved Image Hash Algorithm in Image Tamper Detection. 2018 International Conference on Intelligent Transportation, Big Data Smart City (ICITBS). :629—632.

In order to study the application of improved image hashing algorithm in image tampering detection, based on compressed sensing and ring segmentation, a new image hashing technique is studied. The image hash algorithm based on compressed sensing and ring segmentation is proposed. First, the algorithm preprocesses the input image. Then, the ring segment is used to extract the set of pixels in each ring region. These aggregate data are separately performed compressed sensing measurements. Finally, the hash value is constructed by calculating the inner product of the measurement vector and the random vector. The results show that the algorithm has good perceived robustness, uniqueness and security. Finally, the ROC curve is used to analyze the classification performance. The comparison of ROC curves shows that the performance of the proposed algorithm is better than FM-CS, GF-LVQ and RT-DCT.

Deng, L., Luo, J., Zhou, J., Wang, J..  2020.  Identity-based Secret Sharing Access Control Framework for Information-Centric Networking. 2020 IEEE/CIC International Conference on Communications in China (ICCC). :507–511.
Information-centric networking (ICN) has played an increasingly important role in the next generation network design. However, to make better use of request-response communication mode in the ICN network, revoke user privileges more efficiently and protect user privacy more safely, an effective access control mechanism is needed. In this paper, we propose IBSS (identity-based secret sharing), which achieves efficient content distribution by using improved Shamir's secret sharing method. At the same time, collusion attacks are avoided by associating polynomials' degree with the number of users. When authenticating user identity and transmitting content, IBE and IBS are introduced to achieve more efficient and secure identity encryption. From the experimental results, the scheme only introduces an acceptable delay in file retrieval, and it can request follow-up content very efficiently.
Deng, Lijin, Piao, Yan, Liu, Shuo.  2018.  Research on SIFT Image Matching Based on MLESAC Algorithm. Proceedings of the 2Nd International Conference on Digital Signal Processing. :17-21.

The difference of sensor devices and the camera position offset will lead the geometric differences of the matching images. The traditional SIFT image matching algorithm has a large number of incorrect matching point pairs and the matching accuracy is low during the process of image matching. In order to solve this problem, a SIFT image matching based on Maximum Likelihood Estimation Sample Consensus (MLESAC) algorithm is proposed. Compared with the traditional SIFT feature matching algorithm, SURF feature matching algorithm and RANSAC feature matching algorithm, the proposed algorithm can effectively remove the false matching feature point pairs during the image matching process. Experimental results show that the proposed algorithm has higher matching accuracy and faster matching efficiency.

Deng, M., Wu, X., Feng, P., Zeng, W..  2020.  Sparse Support Vector Machine for Network Behavior Anomaly Detection. 2020 IEEE 8th International Conference on Information, Communication and Networks (ICICN). :199–204.
Network behavior anomaly detection (NBAD) require fast mechanisms for learning from the large scale data. However, the training velocity of general machine learning approach is largely limited by the adopted training weights of all features in the NBAD. In this paper, we notice, however, that the related weights matching of NBAD features is sparse, which is not necessary for holding all weights. Hence, in this paper, we consider an efficient support vector machine (SVM) approach for NBAD by imposing 1 -norm. Essentially, we propose to use sparse SVM (S-SVM), where sparsity in model, i.e. in weights is used to interfere with special feature selection and that can achieve feature selection and classification efficiently.
Deng, Xiaolong, Dou, Yingtong, Huang, Yihua.  2016.  CPS Model Based Online Opinion Governance Modeling and Evaluation of Emergency Accidents. Proceedings of the Second ACM SIGSPATIALInternational Workshop on the Use of GIS in Emergency Management. :8:1–8:6.

In the last decades, there have been much more public health crises in the world such as H1N1, H7N9 and Ebola out-break. In the same time, it has been proved that our world has come into the time when public crisis accidents number was growing fast. Sometimes, crisis response to these public emergency accidents is involved in a complex system consisting of cyber, physics and society domains (CPS Model). In order to collect and analyze these accidents with higher efficiency, we need to design and adopt some new tools and models. In this paper, we used CPS Model based Online Opinion Governance system which constructed on cellphone APP for data collection and decision making in the back end. Based on the online opinion data we collected, we also proposed the graded risk classification. By the risk classification method, we have built an efficient CPS Model based simulated emergency accident replying and handling system. It has been proved useful in some real accidents in China in recent years.

Deng, Xiyue, Mirkovic, Jelena.  2017.  Commoner Privacy And A Study On Network Traces. Proceedings of the 33rd Annual Computer Security Applications Conference. :566–576.
Differential privacy has emerged as a promising mechanism for privacy-safe data mining. One popular differential privacy mechanism allows researchers to pose queries over a dataset, and adds random noise to all output points to protect privacy. While differential privacy produces useful data in many scenarios, added noise may jeopardize utility for queries posed over small populations or over long-tailed datasets. Gehrke et al. proposed crowd-blending privacy, with random noise added only to those output points where fewer than k individuals (a configurable parameter) contribute to the point in the same manner. This approach has a lower privacy guarantee, but preserves more research utility than differential privacy. We propose an even more liberal privacy goal—commoner privacy—which fuzzes (omits, aggregates or adds noise to) only those output points where an individual's contribution to this point is an outlier. By hiding outliers, our mechanism hides the presence or absence of an individual in a dataset. We propose one mechanism that achieves commoner privacy—interactive k-anonymity. We also discuss query composition and show how we can guarantee privacy via either a pre-sampling step or via query introspection. We implement interactive k-anonymity and query introspection in a system called Patrol for network trace processing. Our evaluation shows that commoner privacy prevents common attacks while preserving orders of magnitude higher research utility than differential privacy, and at least 9-49 times the utility of crowd-blending privacy.
Deng, Y., Lu, D., Chung, C., Huang, D., Zeng, Z..  2018.  Personalized Learning in a Virtual Hands-on Lab Platform for Computer Science Education. 2018 IEEE Frontiers in Education Conference (FIE). :1—8.

This Innovate Practice full paper presents a cloud-based personalized learning lab platform. Personalized learning is gaining popularity in online computer science education due to its characteristics of pacing the learning progress and adapting the instructional approach to each individual learner from a diverse background. Among various instructional methods in computer science education, hands-on labs have unique requirements of understanding learner's behavior and assessing learner's performance for personalization. However, it is rarely addressed in existing research. In this paper, we propose a personalized learning platform called ThoTh Lab specifically designed for computer science hands-on labs in a cloud environment. ThoTh Lab can identify the learning style from student activities and adapt learning material accordingly. With the awareness of student learning styles, instructors are able to use techniques more suitable for the specific student, and hence, improve the speed and quality of the learning process. With that in mind, ThoTh Lab also provides student performance prediction, which allows the instructors to change the learning progress and take other measurements to help the students timely. For example, instructors may provide more detailed instructions to help slow starters, while assigning more challenging labs to those quick learners in the same class. To evaluate ThoTh Lab, we conducted an experiment and collected data from an upper-division cybersecurity class for undergraduate students at Arizona State University in the US. The results show that ThoTh Lab can identify learning style with reasonable accuracy. By leveraging the personalized lab platform for a senior level cybersecurity course, our lab-use study also shows that the presented solution improves students engagement with better understanding of lab assignments, spending more effort on hands-on projects, and thus greatly enhancing learning outcomes.

Deng, Zhaoxia, Feldman, Ariel, Kurtz, Stuart A., Chong, Frederic T..  2017.  Lemonade from Lemons: Harnessing Device Wearout to Create Limited-Use Security Architectures. Proceedings of the 44th Annual International Symposium on Computer Architecture. :361–374.

Most architectures are designed to mitigate the usually undesirable phenomenon of device wearout. We take a contrarian view and harness this phenomenon to create hardware security mechanisms that resist attacks by statistically enforcing an upper bound on hardware uses, and consequently attacks. For example, let us assume that a user may log into a smartphone a maximum of 50 times a day for 5 years, resulting in approximately 91,250 legitimate uses. If we assume at least 8-character passwords and we require login (and retrieval of the storage decryption key) to traverse hardware that wears out in 91,250 uses, then an adversary has a negligible chance of successful brute-force attack before the hardware wears out, even assuming real-world password cracking by professionals. M-way replication of our hardware and periodic re-encryption of storage can increase the daily usage bound by a factor of M. The key challenge is to achieve practical statistical bounds on both minimum and maximum uses for an architecture, given that individual devices can vary widely in wearout characteristics. We introduce techniques for architecturally controlling these bounds and perform a design space exploration for three use cases: a limited-use connection, a limited-use targeting system and one-time pads. These techniques include decision trees, parallel structures, Shamir's secret-sharing mechanism, Reed-Solomon codes, and module replication. We explore the cost in area, energy and latency of using these techniques to achieve system-level usage targets given device-level wearout distributions. With redundant encoding, for example, we can improve exponential sensitivity to device lifetime variation to linear sensitivity, reducing the total number of NEMS devices by 4 orders of magnitude to about 0.8 million for limited-use connections (compared with 4 billion if without redundant encoding).

Denning, Dorothy E..  1976.  A Lattice Model of Secure Information Flow. Commun. ACM. 19:236–243.

This paper investigates mechanisms that guarantee secure information flow in a computer system. These mechanisms are examined within a mathematical framework suitable for formulating the requirements of secure information flow among security classes. The central component of the model is a lattice structure derived from the security classes and justified by the semantics of information flow. The lattice properties permit concise formulations of the security requirements of different existing systems and facilitate the construction of mechanisms that enforce security. The model provides a unifying view of all systems that restrict information flow, enables a classification of them according to security objectives, and suggests some new approaches. It also leads to the construction of automatic program certification mechanisms for verifying the secure flow of information through a program.

This article was identified by the SoS Best Scientific Cybersecurity Paper Competition Distinguished Experts as a Science of Security Significant Paper.

The Science of Security Paper Competition was developed to recognize and honor recently published papers that advance the science of cybersecurity. During the development of the competition, members of the Distinguished Experts group suggested that listing papers that made outstanding contributions, empirical or theoretical, to the science of cybersecurity in earlier years would also benefit the research community.

Denning, Dorothy E..  1976.  A Lattice Model of Secure Information Flow. Commun. ACM. 19:236–243.
This paper investigates mechanisms that guarantee secure information flow in a computer system. These mechanisms are examined within a mathematical framework suitable for formulating the requirements of secure information flow among security classes. The central component of the model is a lattice structure derived from the security classes and justified by the semantics of information flow. The lattice properties permit concise formulations of the security requirements of different existing systems and facilitate the construction of mechanisms that enforce security. The model provides a unifying view of all systems that restrict information flow, enables a classification of them according to security objectives, and suggests some new approaches. It also leads to the construction of automatic program certification mechanisms for verifying the secure flow of information through a program.
Dennis Griffith, University of Illinois at Urbana-Champaign, Elsa Gunter, University of Illinois at Urbana-Champaign.  2013.  LiquidPi: Inferable Dependent Session Types. 5th International NASA Formal Methods (NFM 2013) .

The Pi Calculus is a popular formalism for modeling distributed computation. Session Types extend the Pi Calculus with a static, inferable type system. Dependent Types allow for a more precise characterization of the behavior of programs, but in their full generality are not inferable. In this paper, we present LiquidPi an approach that combines the dependent type inferencing of Liquid Types with Honda’s Session Types to give a more precise automatically derived description of the behavior of distributed programs. These types can be used to describe/enforce safety properties of distributed systems. We present a type system parametric over an underlying functional language with Pi Calculus connectives and give an inference algorithm for it by means of efficient external solvers and a set of dependent qualifier templates.

Dennis Matthews, University of Illinois at Urbana-Champaign, Timothy Bretl, University of Illinois at Urbana-Champaign.  2012.  Experiments in Quasi-Static Manipulation of a Planar Elastic Rod. IEEE/RSJ International Conference on Intelligent Robots and Systems (IROS).

In this paper, we introduce and experimentally validate a sampling-based planning algorithm for quasi-static manipulation of a planar elastic rod. Our algorithm is an immediate consequence of deriving a global coordinate chart of finite dimension that suffices to describe all possible configurations of the rod that can be placed in static equilibrium by fixing the position and orientation of each end. Hardware experiments confirm this derivation in the case where the “rod” is a thin, flexible strip of metal that has a fixed base and that is held at the other end by an industrial robot. We show an example in which a path of the robot that was planned by our algorithm causes the metal strip to move between given start and goal configurations while remaining in quasi-static equilibrium.

Dennis, R., Owenson, G., Aziz, B..  2016.  A Temporal Blockchain: A Formal Analysis. 2016 International Conference on Collaboration Technologies and Systems (CTS). :430–437.

This paper presents a possible solution to a fundamental limitation facing all blockchain-based systems; scalability. We propose a temporal rolling blockchain which solves the problem of its current exponential growth, instead replacing it with a constant fixed-size blockchain. We conduct a thorough analysis of related work and present a formal analysis of the new rolling blockchain, comparing the results to a traditional blockchain model to demonstrate that the deletion of data from the blockchain does not impact on the security of the proposed blockchain model before concluding our work and presenting future work to be conducted.

Denysyuk, Oksana, Woelfel, Philipp.  2016.  Are Shared Objects Composable Under an Oblivious Adversary? Proceedings of the 2016 ACM Symposium on Principles of Distributed Computing. :335–344.

Linearizability [5] of a concurrent object ensures that operations on that object appear to execute atomically. It is well known that linearizable implementations are composable: in an algorithm designed to work with atomic objects, replacing any atomic object with a linearizable implementation preserves the correctness of the original algorithm. However, replacing atomic objects with linearizable ones in a randomized algorithm can break the original probabilistic guarantees [3]. With an adaptive adversary, this problem is solved by using strongly linearizable [3] objects in the composition. How about with an oblivious adversary. In this paper, we ask the fundamental question of what property makes implementations composable under an oblivious adversary. It turns out that the property depends on the entire collection of objects used in the algorithm. We show that the composition of every randomized algorithm with a collection of linearizable objects OL is sound if and only if OL satisfies a property called library homogeneity. Roughly, this property says that, for each process, every operation on OL has the same length and linearization point. This result has several important implications. First, for an oblivious adversary, there is nothing analogous to linearizability to ensure that the atomic objects of an algorithm can be replaced with their implementations. Second, in general, algorithms cannot use implemented objects alongside atomic objects provided by the system, such as registers. These results show that, with an oblivious adversary, it is much harder to implement reusable object types than previously believed.

Deo, Amit, Dash, Santanu Kumar, Suarez-Tangil, Guillermo, Vovk, Volodya, Cavallaro, Lorenzo.  2016.  Prescience: Probabilistic Guidance on the Retraining Conundrum for Malware Detection. Proceedings of the 2016 ACM Workshop on Artificial Intelligence and Security. :71–82.

Malware evolves perpetually and relies on increasingly so- phisticated attacks to supersede defense strategies. Data-driven approaches to malware detection run the risk of becoming rapidly antiquated. Keeping pace with malware requires models that are periodically enriched with fresh knowledge, commonly known as retraining. In this work, we propose the use of Venn-Abers predictors for assessing the quality of binary classification tasks as a first step towards identifying antiquated models. One of the key benefits behind the use of Venn-Abers predictors is that they are automatically well calibrated and offer probabilistic guidance on the identification of nonstationary populations of malware. Our framework is agnostic to the underlying classification algorithm and can then be used for building better retraining strategies in the presence of concept drift. Results obtained over a timeline-based evaluation with about 90K samples show that our framework can identify when models tend to become obsolete.

Depping, Ansgar E., Mandryk, Regan L., Johanson, Colby, Bowey, Jason T., Thomson, Shelby C..  2016.  Trust Me: Social Games Are Better Than Social Icebreakers at Building Trust. Proceedings of the 2016 Annual Symposium on Computer-Human Interaction in Play. :116–129.

Interpersonal trust is one of the key components of efficient teamwork. Research suggests two main approaches for trust formation: personal information exchange (e.g., social icebreakers), and creating a context of risk and interdependence (e.g., trust falls). However, because these strategies are difficult to implement in an online setting, trust is more difficult to achieve and preserve in distributed teams. In this paper, we argue that games are an optimal environment for trust formation because they can simulate both risk and interdependence. Results of our online experiment show that a social game can be more effective than a social task at fostering interpersonal trust. Furthermore, trust formation through the game is reliable, but trust depends on several contingencies in the social task. Our work suggests that gameplay interactions do not merely promote impoverished versions of the rich ties formed through conversation; but rather engender genuine social bonds. \textbackslash

Derhab, A., Bouras, A., Bin Muhaya, F., Khan, M.K., Yang Xiang.  2014.  Spam Trapping System: Novel security framework to fight against spam botnets. Telecommunications (ICT), 2014 21st International Conference on. :467-471.

In this paper, we inspire from two analogies: the warfare kill zone and the airport check-in system, to tackle the issue of spam botnet detection. We add a new line of defense to the defense-in-depth model called the third line. This line is represented by a security framework, named the Spam Trapping System (STS) and adopts the prevent-then-detect approach to fight against spam botnets. The framework exploits the application sandboxing principle to prevent the spam from going out of the host and detect the corresponding malware bot. We show that the proposed framework can ensure better security against malware bots. In addition, an analytical study demonstrates that the framework offers optimal performance in terms of detection time and computational cost in comparison to intrusion detection systems based on static and dynamic analysis.

Dering, M. L., Tucker, C. S..  2017.  Generative Adversarial Networks for Increasing the Veracity of Big Data. 2017 IEEE International Conference on Big Data (Big Data). :2595–2602.

This work describes how automated data generation integrates in a big data pipeline. A lack of veracity in big data can cause models that are inaccurate, or biased by trends in the training data. This can lead to issues as a pipeline matures that are difficult to overcome. This work describes the use of a Generative Adversarial Network to generate sketch data, such as those that might be used in a human verification task. These generated sketches are verified as recognizable using a crowd-sourcing methodology, and finds that the generated sketches were correctly recognized 43.8% of the time, in contrast to human drawn sketches which were 87.7% accurate. This method is scalable and can be used to generate realistic data in many domains and bootstrap a dataset used for training a model prior to deployment.

Derler, David, Slamanig, Daniel.  2018.  Highly-Efficient Fully-Anonymous Dynamic Group Signatures. Proceedings of the 2018 on Asia Conference on Computer and Communications Security. :551–565.
Group signatures are a central tool in privacy-enhancing cryptography, which allow members of a group to anonymously produce signatures on behalf of the group. Consequently, they are an attractive means to implement privacy-friendly authentication mechanisms. Ideally, group signatures are dynamic and thus allow to dynamically and concurrently enroll new members to a group. For such schemes, Bellare et al. (CT-RSA»05) proposed the currently strongest security model (BSZ model). This model, in particular, ensures desirable anonymity guarantees. Given the prevalence of the resource asymmetry in current computing scenarios, i.e., a multitude of (highly) resource-constrained devices are communicating with powerful (cloud-powered) services, it is of utmost importance to have group signatures that are highly-efficient and can be deployed in such scenarios. Satisfying these requirements in particular means that the signing (client) operations are lightweight. We propose a novel, generic approach to construct dynamic group signature schemes, being provably secure in the BSZ model and particularly suitable for resource-constrained devices. Our results are interesting for various reasons: We can prove our construction secure without requiring random oracles. Moreover, when opting for an instantiation in the random oracle model (ROM) the so obtained scheme is extremely efficient and outperforms the fastest constructions providing anonymity in the BSZ model - which also rely on the ROM - known to date. Regarding constructions providing a weaker anonymity notion than BSZ, we surprisingly outperform the popular short BBS group signature scheme (CRYPTO»04; also proven secure in the ROM) and thereby even obtain shorter signatures. We provide a rigorous comparison with existing schemes that highlights the benefits of our scheme. On a more theoretical side, we provide the first construction following the "without encryption" paradigm introduced by Bichsel et al. (SCN»10) in the strong BSZ model.
Dermouche, Soumia, Pelachaud, Catherine.  2016.  Sequence-based Multimodal Behavior Modeling for Social Agents. Proceedings of the 18th ACM International Conference on Multimodal Interaction. :29–36.

The goal of this work is to model a virtual character able to converse with different interpersonal attitudes. To build our model, we rely on the analysis of multimodal corpora of non-verbal behaviors. The interpretation of these behaviors depends on how they are sequenced (order) and distributed over time. To encompass the dynamics of non-verbal signals across both modalities and time, we make use of temporal sequence mining. Specifically, we propose a new algorithm for temporal sequence extraction. We apply our algorithm to extract temporal patterns of non-verbal behaviors expressing interpersonal attitudes from a corpus of job interviews. We demonstrate the efficiency of our algorithm in terms of significant accuracy improvement over the state-of-the-art algorithms.

Desai, N.N., Diwanji, H., Shah, J.S..  2014.  A temporal packet marking detection scheme against MIRA attack in MANET. Engineering and Computational Sciences (RAECS), 2014 Recent Advances in. :1-5.

Mobile Ad-hoc Network is highly susceptible towards the security attacks due to its dynamic topology, resource constraint, energy constraint operations, limited physical security and lack of infrastructure. Misleading routing attack (MIRA) in MANET intend to delay packet to its fullest in order to generate time outs at the source as packets will not reach in time. Its main objective is to generate delay and increase network overhead. It is a variation to the sinkhole attack. In this paper, we have proposed a detection scheme to detect the malicious nodes at route discovery as well as at packet transmissions. The simulation results of MIRA attack indicate that though delay is increased by 91.30% but throughput is not affected which indicates that misleading routing attack is difficult to detect. The proposed detection scheme when applied to misleading routing attack suggests a significant decrease in delay.

Deshotels, Luke, Deaconescu, Razvan, Chiroiu, Mihai, Davi, Lucas, Enck, William, Sadeghi, Ahmad-Reza.  2016.  SandScout: Automatic Detection of Flaws in iOS Sandbox Profiles. Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. :704–716.

Recent literature on iOS security has focused on the malicious potential of third-party applications, demonstrating how developers can bypass application vetting and code-level protections. In addition to these protections, iOS uses a generic sandbox profile called "container" to confine malicious or exploited third-party applications. In this paper, we present the first systematic analysis of the iOS container sandbox profile. We propose the SandScout framework to extract, decompile, formally model, and analyze iOS sandbox profiles as logic-based programs. We use our Prolog-based queries to evaluate file-based security properties of the container sandbox profile for iOS 9.0.2 and discover seven classes of exploitable vulnerabilities. These attacks affect non-jailbroken devices running later versions of iOS. We are working with Apple to resolve these attacks, and we expect that SandScout will play a significant role in the development of sandbox profiles for future versions of iOS.

Deshotels, Luke, Deaconescu, Razvan, Carabas, Costin, Manda, Iulia, Enck, William, Chiroiu, Mihai, Li, Ninghui, Sadeghi, Ahmad-Reza.  2018.  iOracle: Automated Evaluation of Access Control Policies in iOS. Proceedings of the 2018 on Asia Conference on Computer and Communications Security. :117-131.

Modern operating systems, such as iOS, use multiple access control policies to define an overall protection system. However, the complexity of these policies and their interactions can hide policy flaws that compromise the security of the protection system. We propose iOracle, a framework that logically models the iOS protection system such that queries can be made to automatically detect policy flaws. iOracle models policies and runtime context extracted from iOS firmware images, developer resources, and jailbroken devices, and iOracle significantly reduces the complexity of queries by modeling policy semantics. We evaluate iOracle by using it to successfully triage executables likely to have policy flaws and comparing our results to the executables exploited in four recent jailbreaks. When applied to iOS 10, iOracle identifies previously unknown policy flaws that allow attackers to modify or bypass access control policies. For compromised system processes, consequences of these policy flaws include sandbox escapes (with respect to read/write file access) and changing the ownership of arbitrary files. By automating the evaluation of iOS access control policies, iOracle provides a practical approach to hardening iOS security by identifying policy flaws before they are exploited.