enter search term and/or author name
Introduction to ACM TISSEC special issue on CCS 2005
Article No.: 1
Automated trust negotiation using cryptographic credentials
Jiangtao Li, Ninghui Li, William H. Winsborough
Article No.: 2
In automated trust negotiation (ATN), two parties exchange digitally signed credentials that contain attribute information to establish trust and make access control decisions. Because the information in question is often sensitive, credentials...
We examine the problem of keyboard acoustic emanations. We present a novel attack taking as input a 10-minute sound recording of a user typing English text using a keyboard and recovering up to 96% of typed characters. There is no need for...
Control-flow integrity principles, implementations, and applications
Martín Abadi, Mihai Budiu, Úlfar Erlingsson, Jay Ligatti
Article No.: 4
Current software attacks often build on exploits that subvert machine-code execution. The enforcement of a basic safety property, control-flow integrity (CFI), can prevent such attacks from arbitrarily controlling program behavior. CFI enforcement...
Maintaining control while delegating trust: Integrity constraints in trust management
Sandro Etalle, William H. Winsborough
Article No.: 5
We introduce the use, monitoring, and enforcement of integrity constraints in trust management-style authorization systems. We consider what portions of the policy state must be monitored to detect violations of integrity constraints. Then, we...
Enforcing access control in Web-based social networks
Barbara Carminati, Elena Ferrari, Andrea Perego
Article No.: 6
In this article, we propose an access control mechanism for Web-based social networks, which adopts a rule-based approach for specifying access policies on the resources owned by network participants, and where authorized users are denoted in...
In this work, we consider privacy in Radio Frequency IDentification (RFID) systems. Our contribution is twofold: (i) We propose a simple, formal definition of strong privacy useful for basic analysis of RFID systems, as well as a different...
Compromising anonymous communication systems using blind source separation
Ye Zhu, Riccardo Bettati
Article No.: 8
We propose a class of anonymity attacks to both wired and wireless anonymity networks. These attacks are based on the blind source separation algorithms widely used to recover individual signals from mixtures of signals in statistical signal...
Efficient and secure protocols for privacy-preserving set operations
Yingpeng Sang, Hong Shen
Article No.: 9
Many applications require performing set operations without publishing individual datesets. In this article, we address this problem for five fundamental set operations including set intersection, cardinality of set intersection, element...
Cryptanalysis of the random number generator of the Windows operating system
Leo Dorrendorf, Zvi Gutterman, Benny Pinkas
Article No.: 10
The PseudoRandom Number Generator (PRNG) used by the Windows operating system is the most commonly used PRNG. The pseudorandomness of the output of this generator is crucial for the security of almost any application running in Windows....