Zhiyuan Wan,Xin Xia,David Lo,Jiachi Chen,Xiapu Luo,Xiaohu Yang

DOI: https://doi.org/10.1109/icse-companion52605.2021.00104

2021-01-01

Abstract:Smart contracts have been plagued by security incidents, which resulted in substantial financial losses. Given numerous research efforts in addressing the security issues of smart contracts, we wondered how software practitioners build security into smart contracts in practice. We performed a mixture of qualitative and quantitative studies with 13 interviewees and 156 survey respondents from 35 countries across six continents to understand practitioners' perceptions and practices on smart contract security. Our study uncovers practitioners' motivations and deterrents of smart contract security, as well as how security efforts and strategies fit into the development lifecycle. We also find that blockchain platforms have astatistically significant impact on practitioners' security perceptions and practices of smart contract development. Based on our findings, we highlight future research directions and provide recommendations for practitioners.

Gang Pan,Zhiwen Yu,Sha Zhao,Anind K. Dey

DOI: https://doi.org/10.1145/3267305.3274137

2018-01-01

Abstract:Smartphone applications (abbr. apps) are becoming ubiquitous in our everyday life. Apps on smartphones can sense users' behaviors and activities, providing a lens for understanding users, which is an important point in the community of ubiquitous computing. In UbiComp 2018, we would like to run a workshop on mining and learning from smartphone apps for users (AppLens). It seeks for participants interested in understanding users from their use of smartphone apps, such as mining user attributes and discovering life patterns, discovering cultural and social phenomenon by analyzing app usage, such as social event detection, recognizing app usage behaviors, such as app overuse detection, and studying smartphone apps, such as app categorization and app popularity prediction. This workshop will include paper sessions, two invited talks, and a panel session, so as to keep participants engaged to make the workshop more interactive. It provides a forum for the participants to communicate and discuss issues to promote the emerging research field. Moreover, we will select a few accepted papers to be extended and published in a prestigious journal special issue.

Zeqing Guo,Weili Han,Liangxing Liu,Wenyuan Xu,Ruiqi Bu,Minyue Ni

DOI: https://doi.org/10.1145/2752952.2752974

2015-01-01

Abstract:More and more powerful personal smart devices take users, especially the elder, into a disaster of policy administration where users are forced to set personal management policies in these devices. Considering a real case of this issue in the Android security, it is hard for users, even some programmers, to generally identify malicious permission requests when they install a third-party application. Motivated by the popularity of mutual assistance among friends (including family members) in the real world, we propose a novel framework for policy administration, referring to Socialized Policy Administration (SPA for short), to help users manage the policies in widely deployed personal devices. SPA leverages a basic idea that a user may invite his or her friends to help set the applications. Especially, when the size of invited friends increases, the setting result can be more resilient to a few malicious or unprofessional friends. We define the security properties of SPA, and propose an enforcement framework where users' friends can help users set applications without the leakage of friends' preferences with the supports of a privacy preserving mechanism. In our prototype, we only leverage partially homomorphic encryption cryptosystems to implement our framework, because the fully homomorphic encryption is not acceptable to be deployed in a practical service at the moment. Based on our prototype and performance evaluation, SPA is promising to support major types of policies in current popular applications with acceptable performance.

Sha Zhao,Yong Li,Sasu Tarkoma,Zhiwen Yu,Anind K. Dey,Gang Pan

DOI: https://doi.org/10.1145/3341162.3347760

2019-01-01

Abstract:Smartphone apps are becoming ubiquitous in our everyday life. Apps on smartphones sense users' behaviors and activities, providing a lens for understanding users, which is an important point in the community of ubiquitous computing. In UbiComp 2018, we successfully held the first International workshop AppLens 2018: mining and learning from smartphone apps for users. In UbiComp 2019, we would like to run the second International workshop AppLens 2019. It seeks for participants interested in characterizing users from their use of smartphone apps, discovering cultural and social phenomenon by analyzing app usage, recognizing app usage behaviors, studying smartphone apps, user privacy issues, etc. In order to attract more participants, we will open two app datasets. This workshop will include paper sessions, invited talks, and a panel session, to provide a forum for the participants to communicate and discuss issues to promote the emerging research field. Moreover, we will select a few accepted papers to be extended and published in a prestigious journal special issue.

Xingming Sun,Elaine Shi,Kui Ren

2013-01-01

Abstract:It is our great pleasure to welcome you to the the 2013 International Workshop on Security in Cloud Computing (SCC). Cloud computing has emerged as today's most exciting computing paradigm shift in information technology, since it promises numerous benefits, including lower costs, rapid scaling, easier maintenance, and ubiquitous availability. Meanwhile, cloud computing also raises many security and privacy challenges such as data protection, recovery, privacy, access control, trusted computing, as well as legal issues in areas such as regulatory compliance, auditing, and many others. This workshop aims to bring together the research efforts from both the academia and industry in all security aspects related to cloud computing. This is the first year for our SCC workshop. We received 18 submissions from China, United States, Japan, and Canada. The submissions were reviewed by a technical program committee of 40 experts. The final program contains 9 papers, representing an acceptance rate of 50%. Our program also features a keynote speech "Secure Access to Outsourced Data" by Prof. Robert Deng from Singapore Management University.

Yan Chen,Jaideep Vaidya

2011-01-01

Abstract:It is my great pleasure to welcome you to the 10th annual ACM Workshop on Privacy in the Electronic Society -- WPES 2011. The purpose of this workshop is to discuss problems of privacy in the global interconnected societies and to propose solutions to these problems. This year WPES continues to be a workshop at the ACM CCS conference. The call for papers attracted 73 submissions from North America, South America, Africa, Asia, Australia, and Europe. This was a record number of submissions and each paper was reviewed by at least 3 program committee members, and sometimes 4. The program committee accepted 12 full papers and 9 short papers that cover a variety of topics, including social network privacy, cloud privacy, privacy policies, anonymity systems, privacy preferences, and location privacy. We hope that these proceedings will serve as a valuable reference for privacy researchers and developers.

Robert Deng,Elaine Shi,Kui Ren

2014-01-01

Abstract:It is our great pleasure to welcome you to the 2014 International Workshop on Security in Cloud Computing (SCC). Cloud computing has emerged as today's most exciting computing paradigm shift in information technology, since it promises numerous benefits, including lower costs, rapid scaling, easier maintenance, and ubiquitous availability. Meanwhile, cloud computing also raises many security and privacy challenges such as data protection, recovery, privacy, access control, trusted computing, as well as legal issues in areas such as regulatory compliance, auditing, and many others. This workshop aims to bring together the research efforts from both the academia and industry in all security aspects related to cloud computing. This is the second year for our SCC workshop. We received 21 submissions from nine countries covering four continents, including Canada, China, Egypt, France, India, Oman, Sudan, Sweden, and United States. The submissions were reviewed by a technical program committee of 48 experts. The final program contains 9 papers, representing an acceptance rate of 43%. Our program also features a keynote speech \"On the Security of Cloud Data Storage and Sharing\" by Dr. Jianying Zhou from Infocomm Security Department at Institute for Infocomm Research, Singapore.

Mario Gerla,Yanyong Zhang

2014-01-01

Abstract:On behalf of the Organizing Committees, it is our pleasure to welcome you to the 2014 ACM International Workshop on Mobile Sensing, Computing and Communication - MSCC'14. This workshop is held in conjunction with ACM MobiHoc 2014, Philadelphia, PA, USA, in August 2014. All submissions to this workshop were carefully peer-reviewed by at least two Program Committee members or external reviewers. The submissions have been ranked according to their original contribution, quality, presentation, and relevance to the workshop. Based on the review, six high quality papers were accepted for presentation and inclusion in the proceedings. We aim to attract and bring together researchers working on cloud computing, mobile computing and resource management to share their latest research results. In addition to regular paper presentations, the workshop also features one Invited Keynote Speech delivered by Peng-Jun Wan, Professor from Illinois Institute of Technology.

Kefei Chen,Qi Xie,Weidong Qiu,Shouhuai Xu,Yunlei Zhao

DOI: https://doi.org/10.1145/2484389

2013-01-01

Abstract:It is our great pleasure to usher in the First ACM Asia Public-Key Cryptography Workshop (AsiaPKC'13), held on May 7, 2013 and affiliated with The 8th ACM Symposium on Information, Computer and Communications Security (ASIACCS'13). Public-key cryptography plays a crucial role in processing various kinds of data, while assuring various flavors of security properties. The mission of this new workshop is to bring together public-key cryptography researchers and practitioners, who need solutions for securely processing their data, to share and discuss recent advances and results in addressing emerging problems. The topics of interests cover both the theoretic and applied aspects of public-key cryptography. The call for papers attracted 18 submissions from Asia, Europe and the United States. The program committee accepted 4 regular papers and 4 short papers, based on their overall quality and novelty. In addition, the program includes an invited talk by Dr. Goichiro Hanaoka of the National Institute of Advanced Industrial Science and Technology, Japan ("On the Properties of Public Key Encryption from Group Signatures"). We hope these proceedings will serve as a valuable reference for researchers and practitioners in the field of public-key cryptography as well as its applications.

Rui Chang,Liehui Jiang,Wenzhi Chen,Hongqi He,Shuiqiao Yang

DOI: https://doi.org/10.1109/cit.2016.14

2016-01-01

Abstract:As the number of smart devices continues to grow dramatically, programmes and data handled by such smart devices have become the primary targets of hackers and malwares. ARM-Android is the most widespread platform for smart devices. Access to privacy-and security-relevant parts of the API is controlled by the corresponding permission in a manifest. However, while requesting access to permissions, these applications may offer opportunities to malicious codes to gain access to other inaccessible resources which will cause a series of security issues. Recently, many researchers focus on the permission-based mechanism which restricts accesses of users and applications to critical resources on an ARM-Android device. Few works among permission analysis, however, pay attention to the prevention of permission leakage on both hardware and software frameworks. In this paper we tackle the challenge of providing our permission-based security architecture on ARM-Android platform. We propose an usage and access control model and an effective method of preventing permission leakage based on ARM TrustZone security extension. In contrast to previous work, the proposed security architecture provides a flexible mandatory access control on Android middleware, Linux kernel, and hardware layers. The evaluation results demonstrate the effectiveness in mitigating permission leakage vulnerabilities.

Yan Chen,Alvaro A. Cárdenas,Rachel Greenstadt,Ben Rubinstein

2011-01-01

Abstract:It is our great pleasure to welcome you to the 4th ACM Workshop on Artificial Intelligence & Security — AISec’2011. This year’s workshop continues on its original mission of stimulating collaboration and cross-pollination between the Security & Privacy and Artificial Intelligence research communities. We are delighted to once again be co-located with the premier ACM Computer and Communication Security (CCS 2011) conference. The call for papers attracted 18 high quality submissions spanning North & South America, Europe, the Middle East & Asia, and representing both academia and industry. Of these submissions, the Program Committee accepted 7 research papers and 3 position papers, making for a wonderful program that will bring together leading researchers with backgrounds in both Security & Privacy and AI. This year’s ACM AISec will cover such topics as identifying workers hired online for web service abuse, malware and malicious webpage detection, probabilistic attack planning, and intrusion analysis. In addition the program includes an exciting keynote by Prof. Dawn Song of UC Berkeley who is an internationally recognized leader in Security & Privacy research with extensive experience applying state-of-the-art techniques from Machine Learning to exposing vulnerabilities in real-world systems and to developing robust defenses. These proceedings feature an invited paper, Adversarial Machine Learning, following from the AISec’2010 keynote delivered by Prof. J. D. Tygar (UC Berkeley), whose work investigates Machine Learning through the lens of Security & Privacy, an important topic also covered by one of this year’s position papers.

Sheng Zhong,Anna Squicciarini

2016-01-01

Abstract:We are very delighted to welcome everybody to the 2016 International Workshop on Security in Cloud Computing (SCC). There is no doubt that cloud computing has changed the paradigm of computing greatly. Hence, the security and privacy problems in cloud computing are of high importance. A lot of research and development efforts have been invested on related topics. The objective of this workshop is thus to bring together researchers and developers in this field, to enable them to share information about their recent progresses. The year of 2016 is the fourth for the SCC workshop. In total, 31 submissions were made from fifteen countries and regions, including Australia, Austria, Canada, China, Colombia, France, Germany, Hong Kong, India, Italy, Japan, Luxembourg, Singapore, United Kingdom, and United States. After a careful review by the program committee, 12 papers were selected for presentation at the workshop. We thank the Program Committee members as well as the external reviewers for their hard work. This year's SCC workshop also features a keynote speech Giano - toward Large Scale Access Security Management in Private Cloud, by Dr. Ye Wu from Baidu, Inc. Given the leadership of Baidu in the Internet industry and Dr. Wu's splendid record of success in building cloud security systems, we believe this keynote speech will be very beneficial to all participants.

Kefei Chen,Qi Xie,Weidong Qiu,Shouhuai Xu,Yunlei Zhao

2013-01-01

Abstract:It is our great pleasure to usher in the First ACM Asia Public-Key Cryptography Workshop (AsiaPKC'13), held on May 7, 2013 and affiliated with The 8th ACM Symposium on Information, Computer and Communications Security (ASIACCS'13). Public-key cryptography plays a crucial role in processing various kinds of data, while assuring various flavors of security properties. The mission of this new workshop is to bring together public-key cryptography researchers and practitioners, who need solutions for securely processing their data, to share and discuss recent advances and results in addressing emerging problems. The topics of interests cover both the theoretic and applied aspects of public-key cryptography. The call for papers attracted 18 submissions from Asia, Europe and the United States. The program committee accepted 4 regular papers and 4 short papers, based on their overall quality and novelty. In addition, the program includes an invited talk by Dr. Goichiro Hanaoka of the National Institute of Advanced Industrial Science and Technology, Japan ("On the Properties of Public Key Encryption from Group Signatures"). We hope these proceedings will serve as a valuable reference for researchers and practitioners in the field of public-key cryptography as well as its applications.

Indrajit Ray,Xiofeng Wang,Kui Ren

2015-01-01

Abstract:The 5th International Workshop on Trustworthy Embedded Devices (TrustED 2015) was held October 16th, 2015 in Denver, Colorado, USA, and has been co-located with the 22nd ACM Conference on Computer and Communications Security (CCS 2015). TrustED 2015 is a continuation of previous workshops in this series, which were held in conjunction with ESORICS 2011, IEEE Security & Privacy 2012, ACM CCS 2013, and ACM CCS 2014 (see http://www.trusted-workshop.de for details). The Internet of Things promises to make reality Mark Weisser's vision of ubiquitous computation set out in his 1991 influential paper. This vision has already started to become reality through modern technologies that allow for electronic systems to be embedded practically everywhere. Yet to make such vision successful, it is widely acknowledged that security of super large distributed systems has to be guaranteed and the privacy of the collected data protected. The Internet of Things, made possible through the wide deployment of embedded devices, differs significantly from classical systems, such as desktop (networked) PCs, in various aspects, which include: severe computational, memory, and power constraints, lack of advanced user interfaces, an increased vulnerability with respect to physical or network attacks, inability to provide strong hardware security guarantees, and as mentioned previously, their tendency to collect potentially highly privacy sensitive data. Given the above, major themes of TrustED 2015 include security and privacy aspects of the Internet of Things and in particular of embedded devices as parts of cyber physical systems and their environments. It aims to bring together experts from academia and research institutes, industry, and government in the field of security and privacy in cyber physical systems to discuss and investigate the problems, challenges, and recent scientific and technological developments in this field. This year, eleven papers have been submitted. Each paper received at least three reviews, which were followed by an online discussion to decide on the program. Papers co-authored by one PC chair were exclusively handled by the other. The program committee accepted six papers that cover a variety of topics, including Physical Unclonable Functions, side-channel attacks, hardware security, system security, and digital rights management in embedded platforms. In addition to the technical program, the workshop featured four internationally highly renowned speakers: Geremy Condra, Marten van Dijk, Jakub Szefer, and Andre Weimerskirch.

Rui Chang,Liehui Jiang,Wenzhi Chen,Hong-qi He,Shuiqiao Yang,Hang Jiang,Wei Liu,Yong Liu

DOI: https://doi.org/10.1002/cpe.4180

2018-01-01

Abstract:This paper discusses security issues on the user equipment, which is the last mile of social networks. One of the main Achilles' heel of social networks is not the organization of networks themselves, but the user devices, typically Android ones. The existing system of privileges makes it easy to infiltrate the network via applications installed on users' devices. Conventional signature-based and static analysis methods are vulnerable. Access to privacy- and security-relevant parts of the application programming interface is controlled by the corresponding permission in a manifest file. While requesting access to permissions, it may offer opportunities to malicious codes, which will cause security issues. Few works among permission analysis, however, pay attention to the prevention of permission leakage on both hardware and software frameworks. In this paper we tackle the challenge of providing our multilayered permission-based security extension scheme on Android platforms. We propose a usage and access control model and an effective method of preventing permission leakage based on ARM TrustZone security extension mechanism. In contrast to previous work, the proposed security architecture provides a permission-based mandatory access control on Android middleware, Linux kernel, and hardware layers. The evaluation results demonstrate the effectiveness of the proposed scheme in mitigating permission leakage vulnerabilities.

Feng Qiu,Xiaoqian Li

DOI: https://doi.org/10.1007/978-3-319-49145-5_11

2016-01-01

Abstract:To address the information leakage problems existed in the smartphone mobility office of enterprises and institutions, we propose security mobile office architecture and design application security authentication mechanism, software and hardware resource control mechanism, security storage isolation mechanism, which provide safe protection for sensitive data. To evaluate the propose schemes, we implement them in the android system and cloud service platform. The evaluation results verify the feasibility and effectiveness of the security mobile office technology.

Jianping Wu,Kilnam Chon,Lixia Zhang,Songwu Lu,Hewu Li

2009-01-01

Abstract:It is our great pleasure to welcome you to the 1th ACM Workshop on Mobile Internet through Cellular Networks - Operations Challenges and Solutions (MICNET)--MICNET'09. Our workshop brings together the wireless mobility research community as well as the vendor and operator community to share the recent advances in wireless cellular technology and their views on the future mobile Internet. The mission of the workshop is to identify new issues from the operational realities of cellular networks, and to formulate and present new problems to the research community. MICNET offers researchers, vendors, and operators a unique opportunity to share their perspectives with others interested in the various aspects of mobile Internet. The call for papers attracted 15 submissions from Australia, China, Iran, Korea and USA. The program committee accepted 10 papers that cover a variety of topics, including mobility and monitoring, protocol and algorithm, performance-enhancing techniques for mobile Internet. In addition, the program includes two panels and a keynote speech. We hope that this workshop will offer a valuable venue for researchers and developers of mobile Internet.

CHEN Zhen,XU Jian-lin,YU Yi-fan,LIU Hong-jian

DOI: https://doi.org/10.3969/j.issn.1671-1122.2013.12.002

2013-01-01

Abstract:With the wide application of mobile terminal, security issues of mobile network software system have become increasingly prominent, the world has many researchers devoted themselves to the study of mobile network system security. This paper analyzes the current commonly used in mobile network software architecture and security risk, put forward a variety of security solutions for the direction and methods, summarizes the progress of research in the field on each direction, the security tools are analyzed, and the future research ideas are discussed.

chenren xu,pei zhang,stephan sigg

DOI: https://doi.org/10.1145/2809695.2809697

2015-01-01

Abstract:After a very successful edition of the IoT-App workshop, its second edition is conducted in conjunction with SenSys 2015. Again, the workshop succeeded in attracting a high number of high-quality submissions. The topics of the papers submitted feature most prominently urban sensing and smart home or city. Further directions are programming concepts for IoT devices as well as advances in machine learning, particularly deep learning for IoT devices.

Ashley Allen,Alexios Mylonas,Stilianos Vidalis,Dimitris Gritzalis

DOI: https://doi.org/10.3390/s24175465

IF: 3.9

2024-08-25

Sensors

Abstract:Smart security devices, such as smart locks, smart cameras, and smart intruder alarms are increasingly popular with users due to the enhanced convenience and new features that they offer. A significant part of this convenience is provided by the device's companion smartphone app. Information on whether secure and ethical development practices have been used in the creation of these applications is unavailable to the end user. As this work shows, this means that users are impacted both by potential third-party attackers that aim to compromise their device, and more subtle threats introduced by developers, who may track their use of their devices and illegally collect data that violate users' privacy. Our results suggest that users of every application tested are susceptible to at least one potential commonly found vulnerability regardless of whether their device is offered by a known brand name or a lesser-known manufacturer. We present an overview of the most common vulnerabilities found in the scanned code and discuss the shortcomings of state-of-the-art automated scanners when looking at less structured programming languages such as C and C++. Finally, we also discuss potential methods for mitigation, and provide recommendations for developers to follow with respect to secure coding practices.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation