وبلاگ بلیان

Computer Security – ESORICS 2022: 27th European Symposium on Research in Computer Security, Copenhagen, Denmark, September 26–30, 2022, Proceedings, Part II (Lecture Notes in Computer Science)

معرفی کتاب «Computer Security – ESORICS 2022: 27th European Symposium on Research in Computer Security, Copenhagen, Denmark, September 26–30, 2022, Proceedings, Part II (Lecture Notes in Computer Science)» نوشتهٔ Vijayalakshmi Atluri (editor), Roberto Di Pietro (editor), Christian D. Jensen (editor), Weizhi Meng (editor)، منتشرشده توسط نشر Springer Nature Switzerland AG در سال 2022. این کتاب در فرمت pdf، زبان انگلیسی ارائه شده است.

The three volume set LNCS 13554, 13555, 13556 constitutes the proceedings of the 27th European Symposium on Research in Computer Security, ESORICS 2022, which took place in September 2022. The conference took place in Copenhagen, Denmark, in a hybrid mode. The 104 full papers and 6 poster papers presented in these proceedings were carefully reviewed and selected from 562 submissions. They were organized in topical sections as follows: Part I: Blockchain security; privacy; crypto; attacks; sidechannels; Part II: Anonymity; cloud security; access control; authentication; digital signatures; IoT security; applications; Part III: Formal analysis; Web security; hardware security; multiparty computation; ML techniques; cyber-physical systems security; network and software security; posters. Preface Organization Contents – Part II Anonymity A Machine Learning Approach to Detect Differential Treatment of Anonymous Users 1 Introduction 2 Related Work 3 Methodology 3.1 Collection and Labeling of Training Data 3.2 Feature Selection 3.3 Classifier Training and Tuning 4 Results: Differential Treatment of Tor Users 4.1 Data Collection 4.2 Block Rates by Visit Type 4.3 Block Rates by Characteristics of Tor Exit Nodes 4.4 Block Rates by Characteristics of Web Sites 4.5 CAPTCHA Rates 5 Limitations 6 Conclusion A Classifier Performance B Labeling C Block Rates for Subsites and Searches References Utility-Preserving Biometric Information Anonymization 1 Introduction 2 Basic Concepts and Problem Statement 2.1 Basic Concepts 2.2 Problem Statement 2.3 Attack Model 3 Rationale of Approach 4 Methodology 4.1 Dynamically Assembled Random Set 4.2 Selective Weighted Mean-Based Transformation 5 Experimental Evaluation 5.1 Experimental Setup 5.2 Results 6 Related Work 7 Conclusions References Anonymous Traceback for End-to-End Encryption 1 Introduction 1.1 Our Contributions 1.2 Related Work 2 Definitions and Security Models 2.1 Anonymous Traceback Syntax 2.2 Security Model 3 Warm-Up: Anonymous Path Traceback 3.1 Construction Details 4 Anonymous Source Traceback 4.1 Construction Details 5 Implementation and Performance 6 Proof Sketches 6.1 Anonymous Path Traceback 6.2 Anonymous Source Traceback References Cloud Security Public Cloud Data Auditing Revisited: Removing the Tradeoff Between Proof Size and Storage Cost 1 Introduction 1.1 Motivation 1.2 Our Contributions 2 Related Work 3 Definitions of Public (Third-Party) Auditing 4 Our Constructions 4.1 Basic Public Cloud Data Auditing Scheme 4.2 Public Cloud Data Auditing Scheme with Reduced Storage Cost 5 Proof of Security 6 Implementation Results 7 Conclusion References DEKS: A Secure Cloud-Based Searchable Service Can Make Attackers Pay 1 Introduction 1.1 Motivation 1.2 A High-Level Overview of Our Idea 1.3 Our Contributions 2 KGA Revisited 3 System Definition and Model 3.1 System Overview 3.2 Definition of DEKS 3.3 SS-CKA Security 4 A Concrete Construction for DEKS 4.1 Mathematical Tools 4.2 The Construction 4.3 Correctness and Security Proof 5 Evaluation 5.1 Complexity Analysis 5.2 Experimental Analysis 6 Conclusion References Lighter is Better: A Lighter Multi-client Verifiable Outsourced Computation with Hybrid Homomorphic Encryption 1 Introduction 2 Multi-client Verifiable Computation 2.1 Syntax 2.2 Security Definition 3 Building Blocks 3.1 Garbling Scheme 3.2 Fully Homomorphic Encryption 4 Multi-client Outsourced Garbled Circuits 4.1 Syntax of MOGC 4.2 Construction of MOGC 5 Construction 5.1 One-Time Multi-client Verifiable Computation (OT-MVC) 5.2 Construction of MVOC 5.3 From Semi-honest Clients to Malicious Clients 6 Evaluation 6.1 Efficiency Analysis 6.2 Implementation and Evaluation 7 Conclusion References Verifying the Quality of Outsourced Training on Clouds 1 Introduction 2 Background and Problem Statement 2.1 Background 2.2 Problem Statement 3 System Framework 4 Design Details 4.1 Extra Task Construction 4.2 Training Quality Verification 5 Evaluation 5.1 Experiment Setup 5.2 Results 5.3 Visualizing Training Examples 6 Related Work 7 Conclusion A Proof of Theorem 1 References SecQuant: Quantifying Container System Call Exposure 1 Introduction 2 Secure Containers and Threat Model 3 Design of SecQuant 3.1 SCAR: System Call Assessment of Risk 3.2 SCED: System Call Exposure Discovery 3.3 Container Syscall Exposure Measure 4 System Call Analysis Results 4.1 Verification of CF-IDF Metric 4.2 System Call Risk Weights 4.3 Pass-Through System Calls Across Containers 5 Container Runtime Security Analysis 5.1 Container Syscall Exposure Measure Scores 5.2 Historical Trends Across Versions 6 Related Work 7 Considerations for Improvements 8 Conclusion A Complete Ranking of System Calls by Risk Weights B Break-down of Sample Risk Weights C Experiment Setup References Robust and Scalable Process Isolation Against Spectre in the Cloud 1 Introduction 2 Background and Related Work 3 Remote Spectre Attacks on Cloudflare Workers 3.1 Threat Model and Attack Overview 3.2 Building Blocks 3.3 Attack on Cloudflare Workers 4 DyPrIs 4.1 Detecting Spectre Attacks 4.2 Process Isolation 5 Evaluation 5.1 Normalized Performance Counters 5.2 DyPrIs 6 Discussion 7 Conclusion References III Access Control Administration of Machine Learning Based Access Control 1 Introduction 2 Related Work 2.1 ML for Administration of Policy-Based Access Control 2.2 MLBAC 3 MLBAC Administration 3.1 Requirements 3.2 Problem Statement and Approach 3.3 Terminologies 3.4 Methodology 4 MLBAC Administration Prototype 4.1 System for MLBAC Administration Experimentation 4.2 Symbolic and Non-symbolic ML Models 4.3 Administration Strategies in MLBAC 5 Evaluation 5.1 Evaluation Methodology 5.2 Results 6 Conclusion A Additional AAT Generation B Data Generation C Dataset Visualization D List of Simulated Task and Criteria References Real-Time Policy Enforcement with Metric First-Order Temporal Logic 1 Introduction 2 Related Work 3 Policy Enforcement 4 Metric First-Order Temporal Logic 5 MFOTL Enforceability 6 MFOTL Enforcement in the Finite Case 6.1 Monitoring MFOTL Formulae 6.2 Enforcer 6.3 Correctness and Transparency 7 Implementation 8 Evaluation 9 Conclusion A Evaluation Data References A Tale of Four Gates 1 Introduction 1.1 Contributions 1.2 Responsible Disclosure 2 Background 3 Related Work 4 Analysis of App Components Across User Profiles 5 Analysis of Sensor Background Access 5.1 Stealthy Background Spyware 6 Evaluation 6.1 Four Gates Inspector 6.2 Real-World Tests 6.3 Evaluation and Results 6.4 Limitations 7 Discussion and Mitigation 8 Conclusion 9 Appendix References Authentication Sequential Digital Signatures for Cryptographic Software-Update Authentication 1 Introduction 2 Notation 3 Stateless Signatures 3.1 Digital Signatures: DS 3.2 Strictly One-Time Digital Signatures: SOT-DS 4 Sequential Digital Signatures: SDS 5 Constructions 5.1 Hash Function Based SOT-DS 5.2 SDS from SOT-DS 6 Implementation and Evaluation A Extractors References On Committing Authenticated-Encryption 1 Introduction 2 Preliminaries 3 Committing AE 4 The CTX Construction 5 Commitment Security of GCM and OCB 6 Other Committing AE Notions References Quantum-Resistant Password-Based Threshold Single-Sign-On Authentication with Updatable Server Private Key 1 Introduction 1.1 Motivation 1.2 Contributions 2 Preliminaries 2.1 Lattices, SIS, and DRLWE 2.2 Distributed Key Generation Protocol Over Lattices 2.3 Threshold Homomorphic Aggregate Signatures Over Lattices 2.4 Oblivious Pseudorandom Function Over Lattices 3 Basic Scheme Architecture and Security Model 3.1 Password-Based Threshold SSO Authentication 3.2 Security Model 4 Quantum-Resistant Password-Based Threshold Single-Sign-On Authentication with Secret Update 5 Security Analysis 6 Efficiency Analysis and Protocol Comparison 7 Conclusion and Future Work A Security of TOPRF B Proof of Theorem 1 References The Revenge of Password Crackers: Automated Training of Password Cracking Tools 1 Introduction 2 Background and Related Work 3 Building a Reliable Password Dataset 3.1 Dataset Analysis 4 Dictionaries with Off-the-Shelf Rules 5 Training Masks 6 Training Rules 7 Conclusion References Fuzzy Authenticated Key Exchange with Tight Security 1 Introduction 2 Preliminary 3 Fuzzy Authenticated Key Exchange 3.1 Definition of Fuzzy Authenticated Key Exchange 3.2 Security Model of FAKE 4 Our FAKE Scheme 5 Security Proof of FAKE 6 Instantiation of Our FAKE Construction A Figure5: The Security Experiment ExpFAKE,,,A for FAKE B Figure6: The Security Games G0-G6 for FAKE References Continuous Authentication in Secure Messaging 1 Introduction 1.1 Contributions 1.2 Further Related Work 2 Continuous Authentication 2.1 Messaging Schemes 2.2 Security Game 3 Introducing Authentication Steps 3.1 Recording Ciphertexts 3.2 Authentication Steps 3.3 Detecting Compromised Long-Term Secrets 4 Security of the Authentication Steps Protocol 5 Implementation and Benchmarks 6 Observations on the Official Implementation 7 Conclusion A Security of the Authentication Steps Protocol A.1 Upper Bound for False Negatives A.2 Upper Bound for False Positives References Digital Signatures Half-Aggregation of Schnorr Signatures with Tight Reductions 1 Introduction 1.1 Contributions 2 Preliminaries 2.1 Aggregate Signatures 2.2 Sequential Aggregate Signatures 2.3 Algebraic Group Model 2.4 Schnorr Signatures 3 Half-Aggregation of Schnorr Signatures, Revisited 3.1 Scheme Description 3.2 Security in the AGM+ROM 4 Incremental Aggregation of Schnorr Signatures 4.1 Scheme Description 4.2 Security 5 Sequential Aggregation of Schnorr Signatures with Tight Reduction in the ROM 5.1 Scheme Description 5.2 A New Security Model for SAS Schemes 5.3 Security References Ring Signatures with User-Controlled Linkability 1 Introduction 2 Ring Signatures with User-Controlled Linkability 2.1 Standard Linkability 2.2 Autonomous Linking 2.3 Correctness 2.4 Security Model 3 Anonymous Key Randomisable Signatures 3.1 Class Hiding 3.2 Existential Unforgeability Under Chosen Message Attacks 3.3 Accumulation Soundness 4 Constructions for RS-UCL and RS-UCAL 4.1 A RS-UCAL Construction 4.2 Construction for Ring Signatures with User Controlled Linkability 5 AKRS Instantiations 5.1 Construction from Schnorr Signatures 5.2 Lattice Construction 6 Conclusions A Full Definitions for our AKRS Model B Full Definitions for our Ring Signature Models References DualDory: Logarithmic-Verifier Linkable Ring Signatures Through Preprocessing 1 Introduction 2 Technical Overview 2.1 Overview of Dualring 2.2 Adding Linkability 2.3 Reducing Signature Size and Verification Time Simultaneously 3 Preliminaries 3.1 Arguments of Knowledge 3.2 Signatures of Knowledge 4 Prefix-Linkable Ring Signature Schemes 5 Our Construction 6 Evaluation A Security Analysis References Efficient Unique Ring Signatures from Lattices 1 Introduction 1.1 Contributions 1.2 Overview of the Results 2 Preliminaries 2.1 Framework of Unique Ring Signatures 2.2 Lattices and Hardness Assumptions 2.3 Accumulator Schemes 2.4 String Commitment Schemes 2.5 Zero Knowledge Arguments of Knowledge (ZKAoK) 2.6 Weak Pseudorandom Function (wPRF) 3 The Underlying Accumulator for Our URS 3.1 The Parameterized Lattice-Based Accumulator Scheme 4 Lattice-Based Unique Ring Signature from Accumulator 4.1 The Unique Ring Signature Construction 4.2 A ZKAoK for the Unique Ring Signatures 4.3 Analysis of the ZKAoK for the Relation RURS 4.4 Analysis of the Unique Ring Signature Scheme 5 Concrete Parameters 6 Conclusions References Verifiable Timed Linkable Ring Signatures for Scalable Payments for Monero 1 Introduction 1.1 Our Contribution 1.2 Related Work and Discussion 2 Technical Overview 2.1 VTLRS for Monero 2.2 (Uni-directional) Payment Channels in Monero 3 Verifiable Timed Linkable Ring Signature 3.1 Definition 3.2 Our VTLRS Construction 4 Benchmarking 5 Conclusions A Preliminaries B Transaction Scheme of Monero B.1 Definition References Deterministic Wallets for Adaptor Signatures 1 Introduction 1.1 Our Contribution 1.2 Related Work 2 Preliminaries 2.1 Non-interactive Zero-Knowledge Proofs 2.2 (Witness Rerandomizable) Hard Relation 2.3 Adaptor Signatures 2.4 ECDSA-Based Adaptor Signature 3 Adaptor Signatures with Rerandomizable Keys 3.1 Definition 3.2 Construction 3.3 Discussion 4 Adaptor Wallets 4.1 Model and Construction 4.2 Impossibility of Independent Statement/Witness Derivation References Puncturable Signature: A Generic Construction and Instantiations 1 Introduction 1.1 Related Work 1.2 Overview of Technique 1.3 Our Contribution 1.4 Organization 2 Preliminary 2.1 Puncturable Signature 2.2 Lattices 2.3 Bilinear Maps and CDH Assumption 2.4 Multivariate Public Key Cryptography 3 Generic PS Construction from IBS 3.1 Identity-Based Signature 3.2 Generic Construction 4 Instantiations of Puncturable Signature 4.1 Lattice-Based Instantiation 4.2 Pairing-Based Instantiation 4.3 Multivariate-Based Instantiation 5 Conclusion A Proof for Lattice-Based Instantiation B Security Analysis for Multivariate-Based Instantiation References IoT Security fASLR: Function-Based ASLR for Resource-Constrained IoT Systems 1 Introduction 2 Related Work 3 System Architecture 3.1 Threat Model 3.2 Design Goals 3.3 System Architecture 3.4 Workflow 3.5 Challenges 4 Memory Management and Addressing 4.1 Memory Management 4.2 Memory Addressing 5 Security and Performance Analysis 5.1 Effectiveness Against ROP 5.2 Randomization Entropy 5.3 Time Overhead 5.4 Memory Overhead 5.5 Size Requirement of the Randomization Region 6 Evaluation 6.1 Experiment Setup 6.2 Randomization Entropy 6.3 Runtime Overhead 6.4 Memory Overhead 7 Conclusion References An Infection-Identifying and Self-Evolving System for IoT Early Defense from Multi-Step Attacks 1 Introduction 2 Background 2.1 Cyber Kill Chains 2.2 Attention Mechanism 3 Architecture of IoTEDef 3.1 Design Principles 3.2 Overview 4 Detail of IoTEDef 4.1 Problem Definition 4.2 Probability Distribution Assignment 4.3 Probability-Based Embedding 4.4 Attention-Based Translation 4.5 Self-Evolving Strategies 5 Evaluation 5.1 Experimental Setting 5.2 Impact of Probability-based Embedding 5.3 Impact of Classifiers of Per-step Detectors 5.4 Other Identification Algorithms 5.5 Self-Evolving Strategies 5.6 Comparison with Attention-based NIDSes 6 Related Work 7 Conclusion A Dataset Generation References IoTEnsemble: Detection of Botnet Attacks on Internet of Things 1 Introduction 2 Related Work 2.1 IoT Security, Malware and Botnet 2.2 Network Anomaly Detection System 2.3 Activity Clustering 3 Threat Model 4 Flow Clustering by Activity 4.1 IoT Network 4.2 Design Goal 4.3 A Motivating Case: TP-Link Camera 4.4 Clustering Method 5 IoTEnsemble Design 5.1 Overview 5.2 Preprocessing Module 5.3 Anomaly Detection Module 6 Evaluation 6.1 Testbed and Dataset 6.2 Metrics 6.3 Validity of Activity Clustering 6.4 Overall Performance 6.5 Discussion 7 Conclusion and Future Work A Maximum Likelihood Estimation B Complete Dataset Information and Evaluation Result References IoTPrivComp: A Measurement Study of Privacy Compliance in IoT Apps 1 Introduction 2 The Problem and Baseline Solution 2.1 Problem Statement 2.2 The Baseline Solution Using Off-the-Shelf Tools 3 IoTPrivComp: Privacy Compliance for IoT Apps 3.1 Data Collection 3.2 Ontology Definition for IoT App Privacy Policies 3.3 SuSi-MNB-IoT: Analyzing Sinks and Data Flows in IoT Apps 3.4 PoliCheck-BERT-IoT: Policy and Consistency Analysis 4 Evaluation and Analysis 4.1 Performance Evaluation of IoTPrivComp 4.2 Policy and Data Flow Analysis 4.3 IoT Privacy Compliance Analysis 5 Case Studies 6 Discussions and Future Work 7 Related Work 8 Conclusion A Ontologies References No-Label User-Level Membership Inference for ASR Model Auditing 1 Introduction 2 No-Label Audio Auditor 2.1 Problem Statement 2.2 No-Label User-Level Membership Inference 3 Experimental Setup and Evaluation 3.1 Experimental Setup 3.2 Experimental Evaluation 4 Related Work and Discussion 5 Conclusion A Appendix References Applications A Toolbox for Verifiable Tally-Hiding E-Voting Systems 1 Introduction 2 Description of the Tally-Hiding Toolbox 2.1 Encryption Scheme: Paillier vs ElGamal 2.2 Key Elements of ElGamal-Based MPC 2.3 MPC Toolbox 2.4 Security 3 Tally-Hiding Schemes for Condorcet-Schulze 3.1 Ballots as Matrices 3.2 Ballots as List of Integers 3.3 Implementation 4 Other Counting Methods 4.1 Single Vote 4.2 Majority Judgment 4.3 Single Transferable Vote 5 Application to E-Voting Security 5.1 Definitions 5.2 TH-voting References How to Verifiably Encrypt Many Bits for an Election? 1 Introduction 1.1 Contributions 2 The Baseline 3 Fixed-Base Exponentiation 4 Multi-ElGamal 5 Adapting the ZK 0-1 Proofs – Linear Techniques 5.1 From 5 to 4 Exponentiations 5.2 A 0-1 Product Proof 5.3 Batching the Product Proof 6 Adapting the ZK 0-1 Proofs - Logarithmic Batching 6.1 Notations 6.2 Intuition 6.3 Proof of Inner Product 6.4 The Many-Bits Case 7 Benchmarking 7.1 Precomputation and Exponentiations 7.2 Verifiable Bit Encryption Using Linear Techniques 7.3 Verifiable Bit Encryption Using Logarithmic Proof Techniques 8 Conclusions References A Framework for Constructing Single Secret Leader Election from MPC 1 Introduction 1.1 Our Contribution 1.2 Background 1.3 Related Work 2 Definitions 2.1 Preliminaries 2.2 Single Secret Leader Election 3 (Non-secret) Single Leader Election Constructions 4 Our SSLE from DDH 5 Our SSLE Based on Garbled Circuits 6 Evaluation 6.1 Experimental Setup 6.2 Construction 1 (Sect. 4) 6.3 Construction 2 (Sect.5) 7 Practical Considerations 7.1 Non-uniform Distributions A Security Analysis References AppBastion: Protection from Untrusted Apps and OSes on ARM 1 Introduction 2 Threat Model 3 Overview 3.1 Shielded Apps 4 Details 4.1 Normal World OS Instrumentation 4.2 Protecting App and OS Code Integrity 4.3 Protecting Confidential App Data 4.4 Hardening App Control Flow 4.5 Protecting Network Communication 4.6 Trusted I/O Paths 5 Evaluation 6 Discussion 7 Related Work 7.1 Protecting the OS 7.2 Protecting Apps Running Under Untrusted OSes 8 Conclusions References Collaborative Anomaly Detection System for Charging Stations 1 Introduction 2 Related Work 3 CADS4CS: Datasets and Architecture 3.1 Data Models, Datasets and Anomalies 3.2 Collaborative Anomaly Detection System 4 Analyses, Experiments and Results 4.1 A1: Analyzing CADS4CS Using a Shared Dataset 4.2 A2: Analyzing CADS4CS Using Incomplete Datasets 4.3 Discussions: A1 vs A2 5 Conclusion and Future Work A Design and threats of a public charging infrastructure References Correction to: Real-Time Policy Enforcement with Metric First-Order Temporal Logic Correction to: Chapter “Real-Time Policy Enforcement with Metric First-Order Temporal Logic” in: V. Atluri et al. (Eds.): Computer Security – ESORICS 2022, LNCS 13555, https://doi.org/10.1007/978-3-031-17146-8_11 Author Index
دانلود کتاب Computer Security – ESORICS 2022: 27th European Symposium on Research in Computer Security, Copenhagen, Denmark, September 26–30, 2022, Proceedings, Part II (Lecture Notes in Computer Science)