Privacy and Security (TOPS)


Search Issue
enter search term and/or author name


ACM Transactions on Information and System Security (TISSEC), Volume 16 Issue 4, April 2014

Off-Path TCP Injection Attacks
Yossi Gilad, Amir Herzberg
Article No.: 13
DOI: 10.1145/2597173

We present practical off-path TCP injection attacks for connections between current, nonbuggy browsers and Web servers. The attacks allow Web-cache poisoning with malicious objects such as spoofed Web pages and scripts; these objects can be...

Exposure: A Passive DNS Analysis Service to Detect and Report Malicious Domains
Leyla Bilge, Sevil Sen, Davide Balzarotti, Engin Kirda, Christopher Kruegel
Article No.: 14
DOI: 10.1145/2584679

A wide range of malicious activities rely on the domain name service (DNS) to manage their large, distributed networks of infected machines. As a consequence, the monitoring and analysis of DNS queries has recently been proposed as one of the most...

Cross-Domain Password-Based Authenticated Key Exchange Revisited
Liqun Chen, Hoon Wei Lim, Guomin Yang
Article No.: 15
DOI: 10.1145/2584681

We revisit the problem of secure cross-domain communication between two users belonging to different security domains within an open and distributed environment. Existing approaches presuppose that either the users are in possession of public key...

An Anti-Phishing System Employing Diffused Information
Teh-Chung Chen, Torin Stepan, Scott Dick, James Miller
Article No.: 16
DOI: 10.1145/2584680

The phishing scam and its variants are estimated to cost victims billions of dollars per year. Researchers have responded with a number of anti-phishing systems, based either on blacklists or on heuristics. The former cannot cope with the churn of...

Sophisticated Access Control via SMT and Logical Frameworks
Konstantine Arkoudas, Ritu Chadha, Jason Chiang
Article No.: 17
DOI: 10.1145/2595222

We introduce a new methodology for formulating, analyzing, and applying access-control policies. Policies are expressed as formal theories in the SMT (satisfiability-modulo-theories) subset of typed first-order logic, and represented in a...