Privacy and Security (TOPS)


Search Issue
enter search term and/or author name


ACM Transactions on Information and System Security (TISSEC), Volume 13 Issue 1, October 2009

Introduction to ACM TISSEC special issue on CCS 2005
Catherine Meadows
Article No.: 1
DOI: 10.1145/1609956.1609957

Automated trust negotiation using cryptographic credentials
Jiangtao Li, Ninghui Li, William H. Winsborough
Article No.: 2
DOI: 10.1145/1609956.1609958

In automated trust negotiation (ATN), two parties exchange digitally signed credentials that contain attribute information to establish trust and make access control decisions. Because the information in question is often sensitive, credentials...

Keyboard acoustic emanations revisited
Li Zhuang, Feng Zhou, J. D. Tygar
Article No.: 3
DOI: 10.1145/1609956.1609959

We examine the problem of keyboard acoustic emanations. We present a novel attack taking as input a 10-minute sound recording of a user typing English text using a keyboard and recovering up to 96% of typed characters. There is no need for...

Control-flow integrity principles, implementations, and applications
Martín Abadi, Mihai Budiu, Úlfar Erlingsson, Jay Ligatti
Article No.: 4
DOI: 10.1145/1609956.1609960

Current software attacks often build on exploits that subvert machine-code execution. The enforcement of a basic safety property, control-flow integrity (CFI), can prevent such attacks from arbitrarily controlling program behavior. CFI enforcement...

Maintaining control while delegating trust: Integrity constraints in trust management
Sandro Etalle, William H. Winsborough
Article No.: 5
DOI: 10.1145/1609956.1609961

We introduce the use, monitoring, and enforcement of integrity constraints in trust management-style authorization systems. We consider what portions of the policy state must be monitored to detect violations of integrity constraints. Then, we...

Enforcing access control in Web-based social networks
Barbara Carminati, Elena Ferrari, Andrea Perego
Article No.: 6
DOI: 10.1145/1609956.1609962

In this article, we propose an access control mechanism for Web-based social networks, which adopts a rule-based approach for specifying access policies on the resources owned by network participants, and where authorized users are denoted in...

Defining strong privacy for RFID
Ari Juels, Stephen A. Weis
Article No.: 7
DOI: 10.1145/1609956.1609963

In this work, we consider privacy in Radio Frequency IDentification (RFID) systems. Our contribution is twofold: (i) We propose a simple, formal definition of strong privacy useful for basic analysis of RFID systems, as well as a different...

Compromising anonymous communication systems using blind source separation
Ye Zhu, Riccardo Bettati
Article No.: 8
DOI: 10.1145/1609956.1609964

We propose a class of anonymity attacks to both wired and wireless anonymity networks. These attacks are based on the blind source separation algorithms widely used to recover individual signals from mixtures of signals in statistical signal...

Efficient and secure protocols for privacy-preserving set operations
Yingpeng Sang, Hong Shen
Article No.: 9
DOI: 10.1145/1609956.1609965

Many applications require performing set operations without publishing individual datesets. In this article, we address this problem for five fundamental set operations including set intersection, cardinality of set intersection, element...

Cryptanalysis of the random number generator of the Windows operating system
Leo Dorrendorf, Zvi Gutterman, Benny Pinkas
Article No.: 10
DOI: 10.1145/1609956.1609966

The PseudoRandom Number Generator (PRNG) used by the Windows operating system is the most commonly used PRNG. The pseudorandomness of the output of this generator is crucial for the security of almost any application running in Windows....