Search For:

Displaying 1-43 out of 43 total
Efficient Authentication and Signing of Multicast Streams over Lossy Channels
Found in: Security and Privacy, IEEE Symposium on
By Adrian Perrig, J.D. Tygar, Dawn Song, Ran Canetti
Issue Date:May 2000
pp. 0056
Multicast stream authentication and signing is an important and challenging problem. Applications include the continuous authentication of radio and TV Internet broadcasts, and authenticated data distribution by satellite. The main challenges are fourfold....
 
Multi-Dimensional Range Query over Encrypted Data
Found in: Security and Privacy, IEEE Symposium on
By Elaine Shi, John Bethencourt, T-H. Hubert Chan, Dawn Song, Adrian Perrig
Issue Date:May 2007
pp. 350-364
We design an encryption scheme called Multi-dimensional Range Query over Encrypted Data (MRQED), to address the privacy concerns related to the sharing of network audit logs and various other applications. Our scheme allows a network gateway to encrypt sum...
 
New Constructions and Practical Applications for Private Stream Searching (Extended Abstract)
Found in: Security and Privacy, IEEE Symposium on
By John Bethencourt, Dawn Song, Brent Waters
Issue Date:May 2006
pp. 132-139
A system for private stream searching allows a client to retrieve documents matching some search criteria from a remote server while the server evaluating the request remains provably oblivious to the search criteria. In this extended abstract, we give a h...
 
SIFF: A Stateless Internet Flow Filter to Mitigate DDoS Flooding Attacks
Found in: Security and Privacy, IEEE Symposium on
By Abraham Yaar, Adrian Perrig, Dawn Song
Issue Date:May 2004
pp. 130
One of the fundamental limitations of the Internet is the inability of a packet flow recipient to halt disruptive flows before they consume the recipient's network link resources. Critical infrastructures and businesses alike are vulnerable to DoS attacks ...
 
Mining Permission Request Patterns from Android and Facebook Applications
Found in: 2012 IEEE 12th International Conference on Data Mining (ICDM)
By Mario Frank,Ben Dong,Adrienne Porter Felt,Dawn Song
Issue Date:December 2012
pp. 870-875
Android and Face book provide third-party applications with access to users' private data and the ability to perform potentially sensitive operations (e.g., post to a user's wall or place phone calls). As a security measure, these platforms restrict applic...
 
Cloud Data Protection for the Masses
Found in: Computer
By Dawn Song,Elaine Shi,Ian Fischer,Umesh Shankar
Issue Date:January 2012
pp. 39-45
Offering strong data protection to cloud users while enabling rich applications is a challenging task. Researchers explore a new cloud platform architecture called Data Protection as a Service, which dramatically reduces the per-application development eff...
 
A Learning-Based Approach to Reactive Security
Found in: IEEE Transactions on Dependable and Secure Computing
By Adam Barth,Benjamin I.P. Rubinstein,Mukund Sundararajan,John C. Mitchell,Dawn Song,Peter L. Bartlett
Issue Date:July 2012
pp. 482-493
Despite the conventional wisdom that proactive security is superior to reactive security, we show that reactive security can be competitive with proactive security as long as the reactive defender learns from past attacks instead of myopically overreacting...
 
Differential Slicing: Identifying Causal Execution Differences for Security Applications
Found in: Security and Privacy, IEEE Symposium on
By Noah M. Johnson, Juan Caballero, Kevin Zhijie Chen, Stephen McCamant, Pongsin Poosankam, Daniel Reynaud, Dawn Song
Issue Date:May 2011
pp. 347-362
A security analyst often needs to understand two runs of the same program that exhibit a difference in program state or output. This is important, for example, for vulnerability analysis, as well as for analyzing a malware program that features different b...
 
Design and Evaluation of a Real-Time URL Spam Filtering Service
Found in: Security and Privacy, IEEE Symposium on
By Kurt Thomas, Chris Grier, Justin Ma, Vern Paxson, Dawn Song
Issue Date:May 2011
pp. 447-462
On the heels of the widespread adoption of web services such as social networks and URL shorteners, scams, phishing, and malware have become regular threats. Despite extensive research, email-based spam filtering techniques generally fall short for protect...
 
Towards a Formal Foundation of Web Security
Found in: Computer Security Foundations Symposium, IEEE
By Devdatta Akhawe, Adam Barth, Peifung E. Lam, John Mitchell, Dawn Song
Issue Date:July 2010
pp. 290-304
We propose a formal model of web security based on an abstraction of the web platform and use this model to analyze the security of several sample web mechanisms and applications. We identify three distinct threat models that can be used to analyze web app...
 
A Symbolic Execution Framework for JavaScript
Found in: Security and Privacy, IEEE Symposium on
By Prateek Saxena, Devdatta Akhawe, Steve Hanna, Feng Mao, Stephen McCamant, Dawn Song
Issue Date:May 2010
pp. 513-528
As AJAX applications gain popularity, client-side JavaScript code is becoming increasingly complex. However, few automated vulnerability analysis tools for JavaScript exist. In this paper, we describe the first system for exploring the execution space of J...
 
Secure Content Sniffing for Web Browsers, or How to Stop Papers from Reviewing Themselves
Found in: Security and Privacy, IEEE Symposium on
By Adam Barth, Juan Caballero, Dawn Song
Issue Date:May 2009
pp. 360-371
Cross-site scripting defenses often focus on HTML documents, neglecting attacks involving the browser's content-sniffing algorithm, which can treat non-HTML content as HTML. Web applications, such as the one that manages this conference, must defend themse...
 
Beyond Output Voting: Detecting Compromised Replicas Using HMM-Based Behavioral Distance
Found in: IEEE Transactions on Dependable and Secure Computing
By Debin Gao, Michael K. Reiter, Dawn Song
Issue Date:April 2009
pp. 96-110
Many host-based anomaly detection techniques have been proposed to detect code-injection attacks on servers. The vast majority, however, are susceptible to
 
Automatic Patch-Based Exploit Generation is Possible: Techniques and Implications
Found in: Security and Privacy, IEEE Symposium on
By David Brumley, Pongsin Poosankam, Dawn Song, Jiang Zheng
Issue Date:May 2008
pp. 143-157
The automatic patch-based exploit generation problem is: given a program P and a patched version of the program P, automatically generate an exploit for the potentially unknown vulnerability present in P but fixed in P. In this paper, we propose techniques...
 
Creating Vulnerability Signatures Using Weakest Preconditions
Found in: Computer Security Foundations Symposium, IEEE
By David Brumley, Hao Wang, Somesh Jha, Dawn Song
Issue Date:July 2007
pp. 311-325
Signature-based tools such as network intrusion detection systems are widely used to protect critical systems. Automatic signature generation techniques are needed to enable these tools due to the speed at which new vulnerabilities are discovered. In parti...
 
Towards Automatic Generation of Vulnerability-Based Signatures
Found in: Security and Privacy, IEEE Symposium on
By David Brumley, James Newsome, Dawn Song, Hao Wang, Somesh Jha
Issue Date:May 2006
pp. 2-16
In this paper we explore the problem of creating vulnerability signatures. A vulnerability signature matches all exploits of a given vulnerability, even polymorphic or metamorphic variants. Our work departs from previous approaches by focusing on the seman...
 
Polygraph: Automatically Generating Signatures for Polymorphic Worms
Found in: Security and Privacy, IEEE Symposium on
By James Newsome, Brad Karp, Dawn Song
Issue Date:May 2005
pp. 226-241
It is widely believed that content-signature-based intrusion detection systems (IDSes) are easily evaded by polymorphic worms, which vary their payload on every infection attempt. In this paper, we present Polygraph, a signature generation system that succ...
 
Semantics-Aware Malware Detection
Found in: Security and Privacy, IEEE Symposium on
By Mihai Christodorescu, Somesh Jha, Sanjit A. Seshia, Dawn Song, Randal E. Bryant
Issue Date:May 2005
pp. 32-46
A malware detector is a system that attempts to determine whether a program has malicious intent. In order to evade detection, malware writers (hackers) frequently use obfuscation to morph malware. Malware detectors that use a pattern-matching approach (su...
 
Dynamic Quarantine of Internet Worms
Found in: Dependable Systems and Networks, International Conference on
By Cynthia Wong, Chenxi Wang, Dawn Song, Stan Bielski, Gregory R. Ganger
Issue Date:July 2004
pp. 73
If we limit the contact rate of worm traffic, can we alleviate and ultimately contain Internet worms? This paper sets out to answer this question. Specifically, we are interested in analyzing different deployment strategies of rate control mechanisms and t...
 
Pi: A Path Identification Mechanism to Defend against DDoS Attacks
Found in: Security and Privacy, IEEE Symposium on
By Abraham Yaar, Adrian Perrig, Dawn Song
Issue Date:May 2003
pp. 93
Distributed Denial of Service (DDoS) attacks continue to plague the Internet. Defense against these attacks is complicated by spoofed source IP addresses, which make it difficult to determine a packet?s true origin. We propose Pi (short for Path Identifier...
 
Random Key Predistribution Schemes for Sensor Networks
Found in: Security and Privacy, IEEE Symposium on
By Haowen Chan, Adrian Perrig, Dawn Song
Issue Date:May 2003
pp. 197
Key establishment in sensor networks is a challenging problem because asymmetric key cryptosystems are unsuitable for use in resource constrained sensor nodes, and also because the nodes could be physically compromised by an adversary. We present three new...
 
ELK, a New Protocol for Efficient Large-Group Key Distribution
Found in: Security and Privacy, IEEE Symposium on
By Adrian Perrig, Dawn Song, J.D. Tygar
Issue Date:May 2001
pp. 0247
Abstract: Secure media broadcast over the Internet poses unique security challenges. One problem access control to a large number of subscribers in a public broadcast. A common solution is to encrypt the broadcast data and to disclose the decryption key to...
 
SAM: A Flexible and Secure Auction Architecture Using Trusted Hardware
Found in: Parallel and Distributed Processing Symposium, International
By Adrian Perrig, Sean Smith, Dawn Song, J.D. Tygar
Issue Date:April 2001
pp. 30170b
<p>Increasing numbers of economic transactions are conducted through on-line auctions. Nevertheless, most current auction implementations fail to address important security concerns. In particular, most auction systems force buyers and sellers to tru...
 
SoK: Eternal War in Memory
Found in: 2013 IEEE Symposium on Security and Privacy (SP) Conference
By L. Szekeres,M. Payer, Tao Wei,Dawn Song
Issue Date:May 2013
pp. 48-62
Memory corruption bugs in software written in low-level languages like C or C++ are one of the oldest problems in computer security. The lack of safety in these languages allows attackers to alter the program's behavior or take full control over it by hija...
   
Practical Control Flow Integrity and Randomization for Binary Executables
Found in: 2013 IEEE Symposium on Security and Privacy (SP) Conference
By Chao Zhang, Tao Wei, Zhaofeng Chen, Lei Duan,L. Szekeres,S. McCamant,Dawn Song, Wei Zou
Issue Date:May 2013
pp. 559-573
Control Flow Integrity (CFI) provides a strong protection against modern control-flow hijacking attacks. However, performance and compatibility issues limit its adoption. We propose a new practical and realistic protection method called CCFIR (Compact Cont...
   
Expander Graphs for Digital Stream Authentication and Robust Overlay Networks
Found in: Security and Privacy, IEEE Symposium on
By Dawn Song, J. D. Tygar, David Zuckerman
Issue Date:May 2002
pp. 258
We use expander graphs to provide efficient new constructions for two security applications: authentication of long digital streams over lossy networks and building scalable, robust overlay networks. Here is a summaryof our contributions: (1) To authentica...
 
PHANTOM: practical oblivious computation in a secure processor
Found in: Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security (CCS '13)
By Dawn Song, Eric Love, John Kubiatowicz, Martin Maas, Mohit Tiwari, Elaine Shi, Emil Stefanov, Krste Asanovic
Issue Date:November 2013
pp. 311-324
We introduce PHANTOM [1] a new secure processor that obfuscates its memory access trace. To an adversary who can observe the processor's output pins, all memory access traces are computationally indistinguishable (a property known as obliviousness). We ach...
     
Evolution of social-attribute networks: measurements, modeling, and implications using google+
Found in: Proceedings of the 2012 ACM conference on Internet measurement conference (IMC '12)
By Dawn Song, Emil Stefanov, Ling Huang, Neil Zhenqiang Gong, Prateek Mittal, Vyas Sekar, Wenchang Xu
Issue Date:November 2012
pp. 131-144
Understanding social network structure and evolution has important implications for many aspects of network and system design including provisioning, bootstrapping trust and reputation systems via social networks, and defenses against Sybil attacks. Severa...
     
Opaak: using mobile phones to limit anonymous identities online
Found in: Proceedings of the 10th international conference on Mobile systems, applications, and services (MobiSys '12)
By Dawn Song, Elaine Shi, Gabriel Maganis, Hao Chen
Issue Date:June 2012
pp. 295-308
Trust and anonymity are both desirable properties on the Internet. However, online services and users often have to make the trade off between trust and anonymity due to the lack of usable frameworks for achieving them both. We propose Opaak, a practical a...
     
Path-exploration lifting: hi-fi tests for lo-fi emulators
Found in: Proceedings of the seventeenth international conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS '12)
By Dawn Song, Petros Maniatis, Pongsin Poosankam, Stephen McCamant, Lorenzo Martignoni
Issue Date:March 2012
pp. 337-348
Processor emulators are widely used to provide isolation and instrumentation of binary software. However they have proved difficult to implement correctly: processor specifications have many corner cases that are not exercised by common workloads. It is un...
     
Private and Continual Release of Statistics
Found in: ACM Transactions on Information and System Security (TISSEC)
By Dawn Song, Elaine Shi, T.-H. Hubert Chan
Issue Date:November 2011
pp. 1-24
We ask the question: how can Web sites and data aggregators continually release updated statistics, and meanwhile preserve each individual user’s privacy? Suppose we are given a stream of 0’s and 1’s. We propose a differentially private c...
     
Remote data checking using provable data possession
Found in: ACM Transactions on Information and System Security (TISSEC)
By Dawn Song, Giuseppe Ateniese, Joseph Herring, Lea Kissner, Osama Khan, Randal Burns, Reza Curtmola, Zachary Peterson
Issue Date:May 2011
pp. 1-34
We introduce a model for provable data possession (PDP) that can be used for remote data checking: A client that has stored data at an untrusted server can verify that the server possesses the original data without retrieving it. The model generates probab...
     
Emulating emulation-resistant malware
Found in: Proceedings of the 1st ACM workshop on Virtual machine security (VMSec '09)
By Dawn Song, Heng Yin, Min Gyung Kang, Stephen McCamant, Steve Hanna
Issue Date:November 2009
pp. 11-22
The authors of malware attempt to frustrate reverse engineering and analysis by creating programs that crash or otherwise behave differently when executed on an emulated platform than when executed on real hardware. In order to defeat such techniques and f...
     
Dispatcher: enabling active botnet infiltration using automatic protocol reverse-engineering
Found in: Proceedings of the 16th ACM conference on Computer and communications security (CCS '09)
By Christian Kreibich, Dawn Song, Juan Caballero, Pongsin Poosankam
Issue Date:November 2009
pp. 621-634
Automatic protocol reverse-engineering is important for many security applications, including the analysis and defense against botnets. Understanding the command-and-control (C&C) protocol used by a botnet is crucial for anticipating its repertoire of ...
     
Loop-extended symbolic execution on binary programs
Found in: Proceedings of the eighteenth international symposium on Software testing and analysis (ISSTA '09)
By Dawn Song, Pongsin Poosankam, Prateek Saxena, Stephen McCamant
Issue Date:July 2009
pp. 5-6
Mixed concrete and symbolic execution is an important technique for finding and understanding software bugs, including security-relevant ones. However, existing symbolic execution techniques are limited to examining one execution path at a time, in which s...
     
Measuring channel capacity to distinguish undue influence
Found in: Proceedings of the ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security (PLAS '09)
By Dawn Song, James Newsome, Stephen McCamant
Issue Date:June 2009
pp. 1-22
The channel capacity of a program is a quantitative measure of the amount of control that the inputs to a program have over its outputs. Because it corresponds to worst-case assumptions about the probability distribution over those inputs, it is particular...
     
New Techniques for Private Stream Searching
Found in: ACM Transactions on Information and System Security (TISSEC)
By Brent Waters, Dawn Song, John Bethencourt
Issue Date:January 2009
pp. 1-32
A system for private stream searching, introduced by Ostrovsky and Skeith, allows a client to provide an untrusted server with an encrypted search query. The server uses the query on a stream of documents and returns the matching documents to the client wh...
     
Provable data possession at untrusted stores
Found in: Proceedings of the 14th ACM conference on Computer and communications security (CCS '07)
By Dawn Song
Issue Date:October 2007
pp. 598-609
We introduce a model for provable data possession (PDP) that allows a client that has stored data at an untrusted server to verify that the server possesses the original data without retrieving it. The model generates probabilistic proofs of possession by ...
     
Polyglot: automatic extraction of protocol message format using dynamic binary analysis
Found in: Proceedings of the 14th ACM conference on Computer and communications security (CCS '07)
By Dawn Song
Issue Date:October 2007
pp. 317-329
Protocol reverse engineering, the process of extracting the application-level protocol used by an implementation, without access to the protocol specification, is important for many network security applications. Recent work [17] has proposed protocol reve...
     
Replayer: automatic protocol replay by binary analysis
Found in: Proceedings of the 13th ACM conference on Computer and communications security (CCS '06)
By David Brumley, Dawn Song, James Newsome, Jason Franklin
Issue Date:October 2006
pp. 311-321
We address the problem of replaying an application dialog between two hosts. The ability to accurately replay application dialogs is useful in many security-oriented applications, such as replaying an exploit for forensic analysis or demonstrating an explo...
     
Secure hierarchical in-network aggregation in sensor networks
Found in: Proceedings of the 13th ACM conference on Computer and communications security (CCS '06)
By Adrian Perrig, Dawn Song, Haowen Chan
Issue Date:October 2006
pp. 278-287
In-network aggregation is an essential primitive for performing queries on sensor network data. However, most aggregation algorithms assume that all intermediate nodes are trusted. In contrast, the standard threat model in sensor network security assumes t...
     
Design space and analysis of worm defense strategies
Found in: Proceedings of the 2006 ACM Symposium on Information, computer and communications security (ASIACCS '06)
By David Brumley, Dawn Song, Li-Hao Liu, Pongsin Poosankam
Issue Date:March 2006
pp. 125-137
We give the first systematic investigation of the design space of worm defense system strategies. We accomplish this by providing a taxonomy of defense strategies by abstracting away implementation-dependent and approach-specific details and concentrating ...
     
Gray-box extraction of execution graphs for anomaly detection
Found in: Proceedings of the 11th ACM conference on Computer and communications security (CCS '04)
By Dawn Song, Debin Gao, Michael K. Reiter
Issue Date:October 2004
pp. 318-329
Many host-based anomaly detection systems monitor a process by observing the system calls it makes, and comparing these calls to a model of behavior for the program that the process should be executing. In this paper we introduce a new model of system call...
     
 1