Data and Applications Security and Privacy XXXVII: 37th Annual IFIP WG 11.3 Conference, DBSec 2023, Sophia-Antipolis, France, July 19–21, 2023, Proceedings (Lecture Notes in Computer Science)
معرفی کتاب «Data and Applications Security and Privacy XXXVII: 37th Annual IFIP WG 11.3 Conference, DBSec 2023, Sophia-Antipolis, France, July 19–21, 2023, Proceedings (Lecture Notes in Computer Science)» نوشتهٔ Vijayalakshmi Atluri (editor), Anna Lisa Ferrara (editor)، منتشرشده توسط نشر Springer Nature Switzerland AG در سال 2023. این کتاب در فرمت pdf، زبان انگلیسی ارائه شده است.
This volume LNCS 13942 constitutes the refereed proceedings of the 37th Annual IFIP WG 11.3 Conference, DBSec 2023, in Sophia-Antipolis, France, July 19–21, 2023. The 19 full papers presented together with 5 short papers were carefully reviewed and selected from 56 submissions. The conference focuses on secure data sharing; access control and vulnerability assessment; machine learning; and mobile applications. Preface Organization Contents Differential Privacy (Local) Differential Privacy has NO Disparate Impact on Fairness 1 Introduction 2 Related Work 3 Preliminaries and Background 3.1 Group Fairness Metrics 3.2 Local Differential Privacy 3.3 LDP Protocols 4 Problem Setting and Methodology 5 Experimental Evaluation 5.1 Setup of Experiments 5.2 Main Results 6 Conclusion and Perspectives References Building Quadtrees for Spatial Data Under Local Differential Privacy 1 Introduction 2 Preliminaries 2.1 Data Model and Notation 2.2 Local Differential Privacy 2.3 Spatial Decompositions and Quadtrees 2.4 Problem Formulation 3 Building Quadtrees Under LDP 3.1 Quadtrees Under Centralized DP 3.2 Baseline Solution for Building Quadtrees Under LDP 3.3 Proposed Solution for Building Quadtrees Under LDP 4 Experimental Evaluation 4.1 Experiment Setup 4.2 Utility Metrics 4.3 Results and Discussion 5 Related Work 6 Conclusion References Privacy-Preserving Genomic Statistical Analysis Under Local Differential Privacy 1 Introduction 2 Methods 2.1 Local Differentially Private Methods for Case-Control Studies 3 Experimental Results 3.1 Cochran–Armitage Trend Test 4 Conclusion References Secure Data Sharing New Results on Distributed Secret Sharing Protocols 1 Introduction 1.1 Contributions 1.2 Related Works 1.3 Organization 2 The Distributed Secret Sharing Model 3 On the Definitions of Security for DSSPs 4 Weakly-Secure Graph-Based DSSPs 5 A Weakly-Secure Graph-Based DSSP for Secrets of Different Sizes 6 Conclusions References Probabilistic Fingerprinting Scheme for Correlated Data 1 Introduction 2 Related Work 3 Problem Settings 3.1 System and Data Model 3.2 Threat Model 3.3 Robustness Measures 4 Probabilistic Fingerprinting Scheme for Correlated Data 4.1 Proposed Fingerprinting Algorithm 4.2 Detecting the Source of Data Leakage 5 Considering Colluding Service Providers 5.1 Probabilistic Majority Attack 5.2 Integrating Boneh-Shaw Codes 5.3 Detection Algorithm 6 Evaluation 6.1 Data Model and Settings 6.2 Flipping and Subset Attacks 6.3 Correlation Attack 6.4 Collusion Attack 7 Conclusion A Toy Example for the Probabilistic Majority Attack B Toy Example for Using Boneh-Shaw Codes in the Proposed Algorithm C The Fingerprinting Algorithm D Toy Example for the Proposed Detection Algorithm E Experimental Results E.1 Flipping and Subset Attacks E.2 Complexity and Practicality References Optimized Stream-Cipher-Based Transciphering by Means of Functional-Bootstrapping 1 Introduction 1.1 Transciphering 1.2 Related Work 1.3 Contribution 1.4 Paper Organization 2 TFHE 2.1 Notations 2.2 TFHE Structures 2.3 TFHE Bootstrapping 2.4 TFHE Functional Bootstrapping 3 Functional-Bootstrapping-Defined Boolean Operators 3.1 Bitwise Operators 3.2 Example: AND Gate with B = 4 3.3 Byte Shifts 3.4 Stream-Cipher Adaptation 4 Grain128-AEAD 5 Experimental Results 6 Conclusion References Applications Control is Nothing Without Trust a First Look into Digital Identity Wallet Trends 1 Introduction 2 Research Methodology 2.1 Research Questions 3 Wallet Requirements and Technology Framework 3.1 Requirements Elicitation 3.2 Reference Technology Framework 4 Wallet Analysis 4.1 Wallets Description 4.2 Answer to Research Questions 5 Conclusion References Impact of Using a Privacy Model on Smart Buildings Data for CO2 Prediction 1 Introduction 2 Background - Privacy Model and IoT Datasets 3 Experiment 3.1 Dataset Scenario and Data Collection 3.2 Data Transformation 3.3 Machine Learning Training 4 Results and Discussion 5 Related Work 6 Final Consideration and Future Work References Digital Twins for IoT Security Management 1 Introduction 2 Background 2.1 IoT Network Management 2.2 Digital Twin Network 3 Digital Twin-Based IoT Security Management 4 Proof of Concept 4.1 Security Use Cases 4.2 Experimental Setting 4.3 Results 5 Conclusion References Privacy Data Distribution Impact on Preserving Privacy in Centralized and Decentralized Learning 1 Introduction 2 Background 3 Related Work 4 Our Proposal 5 Performance Evaluation 5.1 Used Datasets 5.2 DILDP-FL Application 5.3 Experiment Configuration 5.4 Comparative Study Analysis 6 Conclusion References On the Utility Gain of Iterative Bayesian Update for Locally Differentially Private Mechanisms 1 Introduction 2 Preliminaries 2.1 Notations and Problem Statement 2.2 Local Differential Privacy (LDP) 2.3 Matrix Inversion (MI) Estimator 2.4 Iterative Bayesian Update (IBU) Estimator 3 LDP Distribution Estimation Mechanisms 3.1 LDP Mechanisms for One-Time Data Collection 3.2 LDP Mechanisms for Multiple Data Collections 4 Experimental Evaluation 4.1 Setup of Experiments 4.2 Main Results 5 Related Work 6 Conclusion and Perspectives References Differentially Private Streaming Data Release Under Temporal Correlations via Post-processing 1 Introduction 2 Related Work 3 Preliminaries 3.1 Differential Privacy 3.2 The Laplace Mechanism 4 Problem Statement 5 Methodology 5.1 Maximum a Posterior Estimation Framework for Correlated Data 5.2 Calculation of Terms of Objective Equation 5.3 Nonlinear Constrained Programming 6 Experiments 6.1 Utility Analysis 6.2 Synthetic Datasets 7 Conclusion References Access Control and Vulnerability Assessment Assurance, Consent and Access Control for Privacy-Aware OIDC Deployments 1 Introduction 2 Background 2.1 Privacy Principles 2.2 OAuth and OIDC 3 Related Work 4 OIDC Privacy Best Current Practices 4.1 Privacy-Supporting Features 4.2 BCPs for Assurance, Consent and Access Control 5 BCPs in the Wild 5.1 Private OPs 5.2 eIDAS OPs 6 Discussion, Conclusions and Future Work References Maintain High-Quality Access Control Policies: An Academic and Practice-Driven Approach*-4pt 1 Introduction 2 Background 2.1 Basic Definitions and Assumptions 2.2 Related Work 3 Problem Analysis 3.1 Expert Interviews 3.2 Identified Problems 4 Proposed ACP Maintenance Framework 4.1 Defining Strategic IAM Goals and ACP Quality Objectives 4.2 Implementing the ACP Maintenance Environment 4.3 Executing the ACP Maintenance Process 5 Evaluation with Real-World Enterprise Data 6 Discussion and Conclusion A Appendix References SMET: Semantic Mapping of CVE to ATT&CK and Its Application to Cybersecurity 1 Introduction 2 Motivation and Problem Statement 2.1 Motivation 2.2 Problem Statement 2.3 CVE-ATT&CK Association Analysis 3 Related Work 4 Approach 4.1 SMET Overview 4.2 Attack Vector Extraction 4.3 ATT&CK BERT 4.4 ATT&CK Mapping 5 Evaluation 5.1 Dataset 5.2 Results 5.3 SMET Component Analysis 6 Conclusion and Future Work References Machine Learning Classification Auto-Encoder Based Detector Against Diverse Data Poisoning Attacks 1 Introduction 2 Background and Related Work 2.1 Poisoning Attacks 2.2 Defense Against Poisoning Attacks 2.3 Auto-Encoders in Anomaly Detection 3 Classification Auto-Encoder Based Detector 3.1 Classification Auto-Encoder (CAE) 3.2 Enhanced Classification Auto-Encoder (CAE+) 4 Experiments 4.1 Experimental Setup 4.2 Results 5 Conclusion References CodeGraphSMOTE - Data Augmentation for Vulnerability Discovery 1 Introduction 2 Related Work 3 Vulnerability Discovery 3.1 Learning-Based Static Analyzer 3.2 Program Representations 3.3 Learning on Code Graphs 4 Data Augmentation 4.1 SMOTE 4.2 Graph Autoencoder 5 CodeGraphSMOTE 5.1 Overview 5.2 Code Graph Generation 5.3 Graph to Code Transformation 6 Evaluation 6.1 Experimental Setting 6.2 Results 7 Conclusion A Appendix A.1 Derivation of the Threshold Adjustment References An Autoencoder-Based Image Anonymization Scheme for Privacy Enhanced Deep Learning 1 Introduction 2 Related Works 3 Image Data Anonymization 3.1 Formulation 3.2 Multi-Output Classification Loss Function 3.3 Multi-output Classification Objective 3.4 Image Anonymization Loss Function 3.5 Image Anonymization Objective 4 Methods 4.1 Dataset 4.2 Anonymization Network Architecture 4.3 Training Procedure 5 Evaluation 5.1 Evaluating the Privacy/Utility Trade-Off 5.2 Evaluating Robustness to Attacks 6 Discussion 7 Conclusion References Mobile Applications Security and Privacy of Digital Mental Health: An Analysis of Web Services and Mobile Applications 1 Introduction 2 Related Work 2.1 Mental Healthcare Web Services 2.2 Mental Healthcare Mobile Applications 2.3 Security and Privacy Concerns in Mental Healthcare 3 Methodology 3.1 Web-Services Evaluation 3.2 Mobile Application Evaluation 4 Findings and Discussion 4.1 Web-Services Security 4.2 Privacy Policies of Mental Healthcare Web Services 4.3 Mobile Application Security and Privacy 5 Implications 5.1 Adopting Latest TLS Protocol Versions 5.2 Implementing Forward Secrecy Encryption 5.3 Enhancing User-Centered Privacy Policies 5.4 Refining Permission Management in Mobile Applications 5.5 Mitigating Vulnerabilities and Enhancing Security 5.6 Upgrading to More Secure Encryption Algorithms 6 Limitations and Future Work 7 Conclusion References Android Code Vulnerabilities Early Detection Using AI-Powered ACVED Plugin 1 Introduction 2 Background and Related Work 2.1 Source Code Vulnerabilities 2.2 Application Analysis and Vulnerability Scanning 2.3 Tools and Frameworks for Vulnerability Scanning 2.4 Datasets for ML-Based Vulnerability Detection 2.5 Understanding ML-Based Vulnerability Predictions with XAI 2.6 Tools for Assisting Android Developers 3 Development of Vulnerability Detection Model 3.1 Dataset Selection 3.2 Model Building 3.3 Web API 3.4 Prediction Probabilities with XAI 3.5 Continuous Model Enhancements 4 Application of ACVED Plugin 4.1 Plugin Integration and Usage 4.2 Plugin Performance 5 Conclusion and Future Work A Appendix References A Dynamic Approach to Defuse Logic Bombs in Android Applications 1 Introduction 2 Context Aware Permission Model with RPCDroid 3 Preliminary Evaluation 4 Related Works 5 Conclusion References Defense Mechanisms AMOE: A Tool to Automatically Extract and Assess Organizational Evidence for Continuous Cloud Audit 1 Introduction 2 Related Work 3 Background 3.1 Text Pre-processing 3.2 Language Encoding Models 3.3 Question Answering (QA) 4 Dataset 4.1 Organisational Metrics 4.2 Policy Documents 5 Methodology 5.1 Pre-processing 5.2 Evidence Extraction 5.3 Baseline: Whole-Doc Approach 6 Experimental Results 6.1 Computed Results 6.2 Empirical Results 7 Conclusion and Future Work References VIET: A Tool for Extracting Essential Information from Vulnerability Descriptions for CVSS Evaluation 1 Introduction 2 Preliminaries 2.1 NVD and CVSS Metrics 2.2 Motivating Example 3 Design of VIET 3.1 Overview 3.2 The Vulnerability Linguistic Model 3.3 Vulnerability Entity Extraction 4 Dataset 5 Experiment 5.1 Experiment Setup 5.2 Evaluation of the Vulnerability Linguistic Model 5.3 Evaluation of TheVIET Model 6 Related Work 7 Conclusion References An Analysis of Hybrid Consensus in Blockchain Protocols for Correctness and Progress 1 Introduction 2 Analysis of Ripple Consensus 2.1 A Brief on Existing Ripple Analysis 2.2 Ripple Analysis Using Rand Index 3 Analysis of Algorand Consensus 3.1 Our Analysis of Algorand Consensus 4 Analysis of Red Belly Consensus 5 Conclusion and Future Work References Author Index
دانلود کتاب Data and Applications Security and Privacy XXXVII: 37th Annual IFIP WG 11.3 Conference, DBSec 2023, Sophia-Antipolis, France, July 19–21, 2023, Proceedings (Lecture Notes in Computer Science)