References of "Mauw, Sjouke 50002343"
     in
Bookmark and Share    
Full Text
Peer Reviewed
See detailActive Re-identification Attacks on Periodically Released Dynamic Social Graphs
Chen, Xihui UL; Kepuska, Ema UL; Mauw, Sjouke UL et al

in Chen, Liqun; Li, Ninghui; Liang, Kaitai (Eds.) et al Computer Security - ESORICS 2020 (2020, September 13)

Active re-identification attacks pose a serious threat to privacy-preserving social graph publication. Active attackers create fake accounts to enforce structural patterns that can be used to re-identify ... [more ▼]

Active re-identification attacks pose a serious threat to privacy-preserving social graph publication. Active attackers create fake accounts to enforce structural patterns that can be used to re-identify legitimate users on published anonymised graphs, even without additional background knowledge. So far, this type of attacks has only been studied in the scenario where the inherently dynamic social graph is published once. In this paper, we present the first active re-identification attack in the more realistic scenario where a dynamic social graph is periodically published. Our new attack leverages tempo-structural patterns, created by a dynamic set of sybil nodes, for strengthening the adversary. We evaluate our new attack through a comprehensive set of experiments on real-life and synthetic dynamic social graphs. We show that our new attack substantially outperforms the most effective static active attack in the literature by increasing success probability by at least two times and efficiency by at least 11 times. Moreover, we show that, unlike the static attack, our new attack remains at the same level of efficiency as the publication process advances. Additionally, we conduct a study on the factors that may thwart our new attack, which can help design dynamic graph anonymisation methods displaying a better balance between privacy and utility. [less ▲]

Detailed reference viewed: 20 (1 UL)
Full Text
Peer Reviewed
See detailPublishing Community-Preserving Attributed Social Graphs with a Differential Privacy Guarantee
Chen, Xihui UL; Mauw, Sjouke UL; Ramirez Cruz, Yunior UL

in Proceedings on Privacy Enhancing Technologies (2020), 2020(4), 131-152

We present a novel method for publishing differentially private synthetic attributed graphs. Our method allows, for the first time, to publish synthetic graphs simultaneously preserving structural ... [more ▼]

We present a novel method for publishing differentially private synthetic attributed graphs. Our method allows, for the first time, to publish synthetic graphs simultaneously preserving structural properties, user attributes and the community structure of the original graph. Our proposal relies on CAGM, a new community-preserving generative model for attributed graphs. We equip CAGM with efficient methods for attributed graph sampling and parameter estimation. For the latter, we introduce differentially private computation methods, which allow us to release communitypreserving synthetic attributed social graphs with a strong formal privacy guarantee. Through comprehensive experiments, we show that our new model outperforms its most relevant counterparts in synthesising differentially private attributed social graphs that preserve the community structure of the original graph, as well as degree sequences and clustering coefficients. [less ▲]

Detailed reference viewed: 54 (1 UL)
Full Text
Peer Reviewed
See detailFine-grained Code Coverage Measurement in Automated Black-box Android Testing
Pilgun, Aleksandr UL; Gadyatskaya, Olga UL; Zhauniarovich, Yury et al

in ACM Transactions on Software Engineering and Methodology (2020), 29(4), 1-35

Today, there are millions of third-party Android applications. Some of them are buggy or even malicious. To identify such applications, novel frameworks for automated black-box testing and dynamic ... [more ▼]

Today, there are millions of third-party Android applications. Some of them are buggy or even malicious. To identify such applications, novel frameworks for automated black-box testing and dynamic analysis are being developed by the Android community. Code coverage is one of the most common metrics for evaluating effectiveness of these frameworks. Furthermore, code coverage is used as a fitness function for guiding evolutionary and fuzzy testing techniques. However, there are no reliable tools for measuring fine-grained code coverage in black-box Android app testing. We present the Android Code coVerage Tool, ACVTool for short, that instruments Android apps and measures code coverage in the black-box setting at class, method and instruction granularity. ACVTool has successfully instrumented 96.9% of apps in our experiments. It introduces a negligible instrumentation time overhead, and its runtime overhead is acceptable for automated testing tools. We demonstrate practical value of ACVTool in a large-scale experiment with Sapienz, a state-of-art automated testing tool. Using ACVTool on the same cohort of apps, we have compared different coverage granularities applied by Sapienz in terms of the found amount of crashes. Our results show that none of the applied coverage granularities clearly outperforms others in this aspect. [less ▲]

Detailed reference viewed: 28 (1 UL)
Full Text
Peer Reviewed
See detailAttack-Tree Series: A Case for Dynamic Attack Tree Analysis
Gadyatskaya, Olga UL; Mauw, Sjouke UL

in Proc.\ 6th International Workshop on Graphical Models for Security (GraMSec'19) (2020)

Detailed reference viewed: 51 (0 UL)
Full Text
Peer Reviewed
See detailAttribute evaluation on attack trees with incomplete information
Buldas, Ahto; Gadyatskaya, Olga UL; Lenin, Aleksandr et al

in Computers and Security (2020), 88(101630),

Attack trees are considered a useful tool for security modelling because they support qualitative as well as quantitative analysis. The quantitative approach is based on values associated to each node in ... [more ▼]

Attack trees are considered a useful tool for security modelling because they support qualitative as well as quantitative analysis. The quantitative approach is based on values associated to each node in the tree, expressing, for instance, the minimal cost or probability of an attack. Current quantitative methods for attack trees allow the analyst to, based on an initial assignment of values to the leaf nodes, derive the values of the higher nodes in the tree. In practice, however, it shows to be very difficult to obtain reliable values for all leaf nodes. The main reasons are that data is only available for some of the nodes, that data is available for intermediate nodes rather than for the leaf nodes, or even that the available data is inconsistent. We address these problems by developing a generalisation of the standard bottom-up calculation method in three ways. First, we allow initial attributions of non-leaf nodes. Second, we admit additional relations between attack steps beyond those provided by the underlying attack tree semantics. Third, we support the calculation of an approximative solution in case of inconsistencies. We illustrate our method, which is based on constraint programming, by a comprehensive case study. [less ▲]

Detailed reference viewed: 42 (2 UL)
Full Text
Peer Reviewed
See detailÆGIS: Shielding Vulnerable Smart Contracts Against Attacks
Ferreira Torres, Christof UL; Steichen, Mathis UL; Norvill, Robert UL et al

in Proceedings of the 15th ACM Asia Conference on Computer and Communications Security (ASIA CCS ’20), October 5–9, 2020, Taipei, Taiwan (2020)

In recent years, smart contracts have suffered major exploits, cost- ing millions of dollars. Unlike traditional programs, smart contracts are deployed on a blockchain. As such, they cannot be modified ... [more ▼]

In recent years, smart contracts have suffered major exploits, cost- ing millions of dollars. Unlike traditional programs, smart contracts are deployed on a blockchain. As such, they cannot be modified once deployed. Though various tools have been proposed to detect vulnerable smart contracts, the majority fails to protect vulnera- ble contracts that have already been deployed on the blockchain. Only very few solutions have been proposed so far to tackle the issue of post-deployment. However, these solutions suffer from low precision and are not generic enough to prevent any type of attack. In this work, we introduce ÆGIS, a dynamic analysis tool that protects smart contracts from being exploited during runtime. Its capability of detecting new vulnerabilities can easily be extended through so-called attack patterns. These patterns are written in a domain-specific language that is tailored to the execution model of Ethereum smart contracts. The language enables the description of malicious control and data flows. In addition, we propose a novel mechanism to streamline and speed up the process of managing attack patterns. Patterns are voted upon and stored via a smart contract, thus leveraging the benefits of tamper-resistance and transparency provided by the blockchain. We compare ÆGIS to current state-of-the-art tools and demonstrate that our solution achieves higher precision in detecting attacks. Finally, we perform a large-scale analysis on the first 4.5 million blocks of the Ethereum blockchain, thereby confirming the occurrences of well reported and yet unreported attacks in the wild. [less ▲]

Detailed reference viewed: 139 (8 UL)
Full Text
Peer Reviewed
See detailPost-collusion security and distance bounding
Mauw, Sjouke UL; Smith, Zachary Daniel UL; Trujillo Rasua, Rolando UL et al

in Post-collusion security and distance bounding (2019, November 11)

Verification of cryptographic protocols is traditionally built upon the assumption that participants have not revealed their long-term keys. However, in some cases, participants might collude to defeat ... [more ▼]

Verification of cryptographic protocols is traditionally built upon the assumption that participants have not revealed their long-term keys. However, in some cases, participants might collude to defeat some security goals, without revealing their long-term secrets. We develop a model based on multiset rewriting to reason about collusion in security protocols. We introduce the notion of postcollusion security, which verifies security properties claimed in sessions initiated after collusion occurred. We use post-collusion security to analyse terrorist fraud on protocols for securing physical proximity, known as distance-bounding protocols. In a terrorist fraud attack, agents collude to falsely prove proximity, whilst no further false proximity proof can be issued without further collusion. Our definitions and the Tamarin prover are used to develop a modular framework for verification of distance-bounding protocols that accounts for all types of attack from literature. We perform a survey of over 25 protocols, which include industrial protocols such as Mastercard’s contactless payment PayPass and NXP’s MIFARE Plus with proximity check. For the industrial protocols we confirm attacks, propose fixes, and deliver computer-verifiable security proofs of the repaired versions [less ▲]

Detailed reference viewed: 83 (2 UL)
Full Text
Peer Reviewed
See detailBreaking Unlinkability of the ICAO 9303 Standard for e-Passports using Bisimilarity
Horne, Ross James UL; Mauw, Sjouke UL; Smith, Zachary Daniel UL et al

in Breaking Unlinkability of the ICAO 9303 Standard for e-Passports using Bisimilarity (2019, September 23)

We clear up confusion surrounding privacy claims about the ICAO 9303 standard for e-passports. The ICAO 9303 standard includes a Basic Access Control (BAC) protocol that should protect the user from being ... [more ▼]

We clear up confusion surrounding privacy claims about the ICAO 9303 standard for e-passports. The ICAO 9303 standard includes a Basic Access Control (BAC) protocol that should protect the user from being traced from one session to another. While it is well known that there are attacks on BAC, allowing an attacker to link multiple uses of the same passport, due to differences in implementation; there still remains confusion about whether there is an attack on unlinkability directly on the BAC protocol as specified in the ICAO 9303 standard. This paper clarifies the nature of the debate, and sources of potential confusion. We demonstrate that the original privacy claims made are flawed, by uncovering attacks on a strong formulation of unlinkability. We explain why the use of the bisimilarity equivalence technique is essential for uncovering our attacks. We also clarify what assumptions lead to proofs of formulations of unlinkability using weaker notions of equivalence. Furthermore, we propose a fix for BAC within the scope of the standard, and prove that it is correct, again using a state-of-the-art approach to bisimilarity. [less ▲]

Detailed reference viewed: 32 (2 UL)
Full Text
Peer Reviewed
See detailRobust active attacks on social graphs
Mauw, Sjouke UL; Ramirez Cruz, Yunior UL; Trujillo Rasua, Rolando UL

in Data Mining and Knowledge Discovery (2019), 33(5), 1357-1392

Detailed reference viewed: 84 (6 UL)
See detailProceedings of the 15th International Workshop on Security and Trust Management (STM 2019)
Mauw, Sjouke UL; Conti, Mauro

Book published by Springer (2019)

Detailed reference viewed: 61 (2 UL)
Full Text
Peer Reviewed
See detailAttack-Tree Series: A Case for Dynamic Attack Tree Analysis
Mauw, Sjouke UL; Gadyatskaya, Olga

in Proc. 6th International Workshop on Graphical Models for Security (GraMSec'19) (2019)

Detailed reference viewed: 21 (1 UL)
Full Text
Peer Reviewed
See detailSemi-automatically Augmenting Attack Trees using an Annotated Attack Tree Library
Jhawar, Ravi UL; Lounis, Karim UL; Mauw, Sjouke UL et al

in Katsikas, Sokratis; Alcaraz, Cristina (Eds.) Security and Trust Management. STM 2018. (2018, October)

Detailed reference viewed: 85 (5 UL)
Full Text
Peer Reviewed
See detailAutomated Identification of Desynchronisation Attacks on Shared Secrets
Mauw, Sjouke UL; Smith, Zachary Daniel UL; Toro Pozo, Jorge Luis UL et al

in Automated Identification of Desynchronisation Attacks on Shared Secrets (2018, September)

Key-updating protocols are a class of communication protocol that aim to increase security by having the participants change encryption keys between protocol executions. However, such protocols can be ... [more ▼]

Key-updating protocols are a class of communication protocol that aim to increase security by having the participants change encryption keys between protocol executions. However, such protocols can be vulnerable to desynchronisation attacks, a denial of service attack in which the agents are tricked into updating their keys improperly, so that they are no longer able to communicate. In this work we introduce a method that can be used to automatically verify (or falsify) resistance to desynchronisation attacks for a range of protocols. This approach is then used to identify previously unreported vulnerabilities in two published RFID grouping protocols. [less ▲]

Detailed reference viewed: 120 (8 UL)
Full Text
Peer Reviewed
See detailAnonymising social graphs in the presence of active attackers
Mauw, Sjouke UL; Ramirez Cruz, Yunior UL; Trujillo Rasua, Rolando UL

in Transactions on Data Privacy (2018), 11(2), 169-198

Detailed reference viewed: 52 (4 UL)
Full Text
Peer Reviewed
See detailThe Attacker Does not Always Hold the Initiative: Attack Trees with External Refinement
Horne, Ross James UL; Mauw, Sjouke UL; Tiu, Alwen

in Proc.\ 5th International Workshop on Graphical Models for Security (GraMSec'18) (2018, July 08)

Detailed reference viewed: 92 (10 UL)
Full Text
Peer Reviewed
See detailConditional adjacency anonymity in social graphs under active attacks
Mauw, Sjouke UL; Ramirez Cruz, Yunior UL; Trujillo Rasua, Rolando UL

in Knowledge and Information Systems (2018)

Detailed reference viewed: 128 (28 UL)
See detailProceedings of the Fourth International Workshop on Graphical Models for Security (GraMSec 2017)
Liu, Peng; Mauw, Sjouke UL; Stolen, Ketil

Book published by Springer (2018)

This book constitutes revised selected papers from the 4th International Workshop on Graphical Models for Security, GraMSec 2017, held in Santa Barbara, CA, USA, in August 2017. The 5 full and 4 short ... [more ▼]

This book constitutes revised selected papers from the 4th International Workshop on Graphical Models for Security, GraMSec 2017, held in Santa Barbara, CA, USA, in August 2017. The 5 full and 4 short papers presented in this volume were carefully reviewed and selected from 19 submissions. The book also contains one invited paper from the WISER project. The contributions deal with the latest research and developments on graphical models for security. [less ▲]

Detailed reference viewed: 31 (1 UL)
Full Text
Peer Reviewed
See detailDistance-Bounding Protocols: Verification without Time and Location
Mauw, Sjouke UL; Smith, Zachary Daniel UL; Toro Pozo, Jorge Luis UL et al

in Proceedings of IEEE Symposium on Security and Privacy (SP), San Francisco 21-23 May 2018 (2018)

Distance-bounding protocols are cryptographic protocols that securely establish an upper bound on the physi- cal distance between the participants. Existing symbolic verification frameworks for distance ... [more ▼]

Distance-bounding protocols are cryptographic protocols that securely establish an upper bound on the physi- cal distance between the participants. Existing symbolic verification frameworks for distance-bounding protocols consider timestamps and the location of agents. In this work we introduce a causality-based characterization of secure distance-bounding that discards the notions of time and location. This allows us to verify the correct- ness of distance-bounding protocols with standard pro- tocol verification tools. That is to say, we provide the first fully automated verification framework for distance- bounding protocols. By using our framework, we con- firmed known vulnerabilities in a number of protocols and discovered unreported attacks against two recently published protocols. [less ▲]

Detailed reference viewed: 143 (12 UL)
Full Text
Peer Reviewed
See detailRefinement-Aware Generation of Attack Trees
Gadyatskaya, Olga UL; Ravi, Jhawar; Mauw, Sjouke UL et al

in Livraga, Giovanni; Mitchell, Chris J. (Eds.) Security and Trust Management - 13th International Workshop (2017, September)

Detailed reference viewed: 154 (4 UL)
Full Text
Peer Reviewed
See detailModel-driven situational awareness for moving target defense
Jhawar, Ravi UL; Mauw, Sjouke UL

in Scanlon, Marc; Le-Khac, Nhien-An (Eds.) Proc. 16th European Conference on Cyber Warfare and Security (2017)

Moving Target Defense (MTD) presents dynamically changing attack surfaces and system configurations to attackers. This approach decreases the success probabilities of attacks and increases attacker's ... [more ▼]

Moving Target Defense (MTD) presents dynamically changing attack surfaces and system configurations to attackers. This approach decreases the success probabilities of attacks and increases attacker's workload since she must continually re-assess, re-engineer and re-launch her attacks. Existing research has provided a number of MTD techniques but approaches for gaining situational awareness and deciding when/how to apply these techniques are not well studied. In this paper, we present a conceptual framework that closely integrates a set of models with the system and obtains up-to-date situational awareness following the OODA loop methodology. To realize the framework, as the first step, we propose a modelling approach that provides insights about the dynamics between potential attacks and defenses, impact of attacks and adaptations on the system, and the state of the system. Based on these models, we demonstrate techniques to quantitatively assess the effectiveness of MTD and show how to formulate decision-making problems. [less ▲]

Detailed reference viewed: 67 (1 UL)