Privacy and Security (TOPS)


Search Issue
enter search term and/or author name


ACM Transactions on Information and System Security (TISSEC), Volume 14 Issue 2, September 2011

Checksum-Aware Fuzzing Combined with Dynamic Taint Analysis and Symbolic Execution
Tielei Wang, Tao Wei, Guofei Gu, Wei Zou
Article No.: 15
DOI: 10.1145/2019599.2019600

Fuzz testing has proven successful in finding security vulnerabilities in large programs. However, traditional fuzz testing tools have a well-known common drawback: they are ineffective if most generated inputs are rejected at the early stage of...

Formal Reasoning about Physical Properties of Security Protocols
David Basin, Srdjan Capkun, Patrick Schaller, Benedikt Schmidt
Article No.: 16
DOI: 10.1145/2019599.2019601

Traditional security protocols are mainly concerned with authentication and key establishment and rely on predistributed keys and properties of cryptographic operators. In contrast, new application areas are emerging that establish and rely on...

Authenticated Dictionaries: Real-World Costs and Trade-Offs
Scott A. Crosby, Dan S. Wallach
Article No.: 17
DOI: 10.1145/2019599.2019602

Authenticated dictionaries are a widely discussed paradigm to enable verifiable integrity for data storage on untrusted servers, such as today’s widely used “cloud computing” resources, allowing a server to provide a...

Security Seals on Voting Machines: A Case Study
Andrew W. Appel
Article No.: 18
DOI: 10.1145/2019599.2019603

Tamper-evident seals are used by many states’ election officials on voting machines and ballot boxes, either to protect the computer and software from fraudulent modification or to protect paper ballots from fraudulent substitution or...

Empowering End Users to Confine Their Own Applications: The Results of a Usability Study Comparing SELinux, AppArmor, and FBAC-LSM
Z. Cliffe Schreuders, Tanya McGill, Christian Payne
Article No.: 19
DOI: 10.1145/2019599.2019604

Protecting end users from security threats is an extremely difficult, but increasingly critical, problem. Traditional security models that focused on separating users from each other have proven ineffective in an environment of widespread software...

Practical Oblivious Outsourced Storage
Peter Williams, Radu Sion, Miroslava Sotakova
Article No.: 20
DOI: 10.1145/2019599.2019605

In this article we introduce a technique, guaranteeing access pattern privacy against a computationally bounded adversary, in outsourced data storage, with communication and computation overheads orders of magnitude better than existing...

CANTINA+: A Feature-Rich Machine Learning Framework for Detecting Phishing Web Sites
Guang Xiang, Jason Hong, Carolyn P. Rose, Lorrie Cranor
Article No.: 21
DOI: 10.1145/2019599.2019606

Phishing is a plague in cyberspace. Typically, phish detection methods either use human-verified URL blacklists or exploit Web page features via machine learning techniques. However, the former is frail in terms of new phish, and the latter...