1,473 research outputs found
Compartmentation policies for Android apps:A combinatorial optimization approach
Some smartphone platforms such as Android have a distinctive message passing system that allows for sophisticated interactions among app components, both within and across app boundaries. This gives rise to various security and privacy risks, including not only intentional collusion attacks via permission re-delegation but also inadvertent disclosure of information and service misuse through confused deputy attacks. In this paper, we revisit the perils of app coexistence in the same platform and propose a risk mitigation mechanism based on segregating apps into isolated groups following classical security compartmentation principles. Compartments can be implemented using lightweight approaches such as Inter-Component Communication (ICC) firewalling or through virtualization, effectively fencing off each group of apps. We then leverage recent works on quantified risk metrics for Android apps to couch compartmentation as a combinatorial optimization problem akin to the classical bin packing or knapsack problems. We study a number of simple yet effective numerical optimization heuristics, showing that very good compartmentation solutions can be obtained for the problem sizes expected in current’s mobile environments
Detecting Targeted Smartphone Malware with Behavior-Triggering Stochastic Models
none4sinoneGuillermo Suarez-Tangil; Mauro Conti; Juan E. Tapiador; and Pedro Peris-LopezGuillermo Suarez, Tangil; Conti, Mauro; Juan E., Tapiador; Pedro Peris, Lope
Hindering data theft with encrypted data trees
Data theft is a major threat for modern organizations with potentially large economic consequences. Although these attacks may well originate outside an organization’s information systems, the attacker—or else an insider—must even-tually make contact with the system where the information resides and extract it. In this work, we propose a scheme that hinders unauthorized data extraction by modifying the basic file system primitives used to access files. Intuitively, our proposal emulates the chains used to protect valuable items in certain clothing shopping centers, where shoplifting is prevented by forcing the thief to steal the whole rack of items. We achieve this by encrypting sensitive files using nonces (i.e., pseudorandom numbers used only once) as keys. Such nonces are available, also in encrypted form, in other objects of the file system. The system globally resembles a distributed Merkle hash tree, in such a way that getting access to a file requires previous access to a number of other files. This forces any potential attacker to extract not only the targeted sensitive information, but also all the files chained to it that are necessary to compute the associated key. Further-more, our scheme incorporates a probabilistic rekeying mechanism to limit the damage that might be caused by patient extractors. We report experimental results measuring the time overhead introduced by our proposal and compare it with the effort an attacker would need to successfully extract information from the system. Our results show that the scheme increases substantially the effort required by an insider, while the introduced overhead is feasible for standard computing platforms
Non-invasive multi-modal human identification system combining ECG, GSR, and airflow biosignals
A huge amount of data can be collected through a wide variety of sensor technologies. Data mining techniques are often useful for the analysis of gathered data. This paper studies the use of three wearable sensors that monitor the electrocardiogram, airflow, and galvanic skin response of a subject with the purpose of designing an efficient multi-modal human identification system. The proposed system, based on the rotation forest ensemble algorithm, offers a high accuracy (99.6 % true acceptance rate and just 0.1 % false positive rate). For its evaluation, the proposed system was testing against the characteristics commonly demanded in a biometric system, including universality, uniqueness, permanence, and acceptance. Finally, a proof-of-concept implementation of the system is demonstrated on a smartphone and its performance is evaluated in terms of processing speed and power consumption. The identification of a sample is extremely efficient, taking around 200 ms and consuming just a few millijoules. It is thus feasible to use the proposed system on a regular smartphone for user identification.This work was supported by MINECO grant TIN2013- 46469-R (SPINY: Security and Privacy in the Internet of You) and CAM grant S2013/ICE-3095 (CIBERDINE: Cybersecurity, Data, and Risks)
Análisis petrográficos de rocas silĂceas en el centro-este de la provincia de San Luis
En este trabajo se presentan los primeros resultados obtenidos en la caracterizaciĂłn de la Base Regional de Recursos LĂticos en las cuencas alta y media del rĂo Quinto (centro-este de la Provincia de San Luis). Los trabajos de campo fueron planificados desde la arqueolĂłgica distribucional y la geoarqueologĂa, con el objetivo de localizar fuentes de materia prima lĂtica potenciales y aquellas utilizadas por los grupos locales. A nivel macroregional, el cuarzo es la principal materia prima lĂtica registrada en sitios arqueolĂłgicos. Sin embargo, los antecedentes arqueolĂłgicos mencionan la utilizaciĂłn de rocas silĂceas de calidad superior para la talla. En este sentido, solo tres fuentes de este tipo fueron sistemáticamente estudiadas en la provincia. El análisis petrográfico permitiĂł determinar la presencia de tres nuevas fuentes potenciales de rocas silĂceas, identificadas microscĂłpicamente como calcedonias.Neste artigo, apresentamos os primeiros resultados obtidos na caracterização da Base Regional de Recursos LĂłgicos nas bacias superior e mĂ©dia do rio Quinto (leste central da ProvĂncia de San Luis). Os trabalhos de campo foram planejados a partir da arqueologia e geoarqueologia distributiva, com o objetivo de localizar fontes de matĂ©rias-primas lĂticas potenciais e as utilizadas pelos grupos locais. No nĂvel macrorregional, o quartzo Ă© a principal matĂ©ria-prima lĂtica registrada em sĂtios arqueolĂłgicos. No entanto, o registro arqueolĂłgico mencionou o uso de rochas siliciosas de qualidade superior para o tamanho. Nesse sentido, apenas trĂŞs fontes deste tipo foram estudadas sistematicamente na provĂncia. A análise petrográfica permitiu determinar a presença de trĂŞs novas fontes potenciais de rochas silĂceas, identificadas microscopicamente como calcedĂ´nia.In this paper we present the first results obtained in the characterization of the Regional Base of Lithic Resources in the upper and middle basins of the Quinto River (east-central of the Province of San Luis). The field works were planned from the distributional archeology and geoarchaeology, with the aim of locating sources of potential lithic raw material and those used by local groups. At the macroregional level, quartz is the main lithic raw material registered in archaeological sites. However, the archaeological record mentioned the use of siliceous rocks of superior quality for the size. In this sense, only three sources of this type were systematically studied in the province. The petrographic analysis allowed to determine the presence of three new potential sources of siliceous rocks, identified microscopically as chalcedonies.Fil: Borgo, Mariangeles. Universidad Nacional de San Luis. Facultad de Ciencias FĂsico Matemáticas y Naturales. Departamento de GeologĂa; Argentina. Consejo Nacional de Investigaciones CientĂficas y TĂ©cnicas. Centro CientĂfico TecnolĂłgico Conicet - San Luis; ArgentinaFil: Ramos, Gabriel Alejandro. Universidad Nacional de San Luis. Facultad de Ciencias FĂsico Matemáticas y Naturales. Departamento de GeologĂa; ArgentinaFil: Heider, Guillermo. Universidad Nacional de San Luis. Facultad de Ciencias FĂsico Matemáticas y Naturales. Departamento de GeologĂa; Argentina. Consejo Nacional de Investigaciones CientĂficas y TĂ©cnicas. Centro CientĂfico TecnolĂłgico Conicet - San Luis; ArgentinaFil: Chiesa, Jorge Orlando. Universidad Nacional de San Luis. Facultad de Ciencias FĂsico Matemáticas y Naturales. Departamento de GeologĂa; ArgentinaFil: Ortiz Suarez, Ariel Emilio. Universidad Nacional de San Luis. Facultad de Ciencias FĂsico Matemáticas y Naturales. Departamento de GeologĂa; ArgentinaFil: Curtoni, Rafael Pedro. Consejo Nacional de Investigaciones CientĂficas y TĂ©cnicas. Centro CientĂfico TecnolĂłgico Conicet - Tandil. Investigaciones ArqueolĂłgicas y PaleontolĂłgicas del Cuaternario Pampeano. Universidad Nacional del Centro de la Provincia de Buenos Aires. Investigaciones ArqueolĂłgicas y PaleontolĂłgicas del Cuaternario Pampeano; ArgentinaFil: Gil, Raul Andres. Consejo Nacional de Investigaciones CientĂficas y TĂ©cnicas. Centro CientĂfico TecnolĂłgico Conicet - San Luis. Instituto de QuĂmica de San Luis. Universidad Nacional de San Luis. Facultad de QuĂmica, BioquĂmica y Farmacia. Instituto de QuĂmica de San Luis; Argentin
Geoarchaeological studies of sources and lithic quarries in the Pampean Sierras and adjacent plains
El material lĂtico es el elemento de mayor abundancia en los registros arqueolĂłgicos de Sierras Centrales y sus llanuras adyacentes. Los estudios realizados sobre el mismo utilizan diferentes escalas espaciales, metodologĂas de campo y laboratorio. Sin embargo, los programas de investigaciĂłn orientados a la detecciĂłn de fuentes de aprovisionamiento y canteras arqueolĂłgicas no tienen en la regiĂłn un desarrollo similar al de otras regiones del Argentina. En este trabajo se presentan las lĂneas iniciales de un proyecto de escala macrorregional, especĂficamente orientado a su estudio. Los resultados alcanzados hasta el momento permitieron identificar numerosas canteras y fuentes en las provincias de San Luis, CĂłrdoba, La Rioja y Catamarca. En ese marco, proponemos un modelo de yacencia de rocas silĂceas. El mismo permite entender por un lado la gĂ©nesis de las rocas identificadas y, por otra parte, se constituye como el primer modelo predictivo de escala amplia para el centro de Argentina.Lithic materials are among the most abundant items in the archaeological record of the Central Ranges and their adjacent plains. The studies carried out with lithic artefacts use different spatial scales, as well as field and laboratory methodologies. However, the research programs oriented to the detection of lithic sources and archaeological quarries do not have in this region a similar development in comparison to other regions of Argentina. This paper presents the initial lines of a macroregional scale project, specifically oriented to their study. The results achieved so far allowed the identification of numerous quarries and lithic sources in San Luis, CĂłrdoba, La Rioja, and Catamarca provinces. We propose a model of deposit of the siliceous rocks which allows to understand the genesis of the identified rocks. On the other hand, it is the first wide-scale predictive occurrence model for the center of Argentina.Fil: Heider, Guillermo. Universidad Nacional de San Luis. Facultad de Ciencias FĂsico Matemáticas y Naturales. Departamento de GeologĂa; Argentina. Consejo Nacional de Investigaciones CientĂficas y TĂ©cnicas. Centro CientĂfico TecnolĂłgico Conicet - San Luis; ArgentinaFil: Ortiz Suarez, Ariel. Universidad Nacional de San Luis. Facultad de Ciencias FĂsico Matemáticas y Naturales. Departamento de GeologĂa; ArgentinaFil: Rivero, Diego Eduardo. Centro de Estudios HistĂłricos "Profesor Carlos S. A. Segreti". Instituto de Estudios HistĂłricos - Consejo Nacional de Investigaciones CientĂficas y TĂ©cnicas. Centro CientĂfico TecnolĂłgico Conicet - CĂłrdoba. Instituto de Estudios HistĂłricos; ArgentinaFil: Baldo, Edgardo Gaspar Agustin. Consejo Nacional de Investigaciones CientĂficas y TĂ©cnicas. Centro CientĂfico TecnolĂłgico Conicet - CĂłrdoba. Centro de Investigaciones en Ciencias de la Tierra. Universidad Nacional de CĂłrdoba. Facultad de Ciencias Exactas FĂsicas y Naturales. Centro de Investigaciones en Ciencias de la Tierra; ArgentinaFil: Pastor, Sebastián. Consejo Nacional de Investigaciones CientĂficas y TĂ©cnicas. Centro de Investigaciones y Transferencia de Catamarca. Universidad Nacional de Catamarca. Centro de Investigaciones y Transferencia de Catamarca; ArgentinaFil: Ramos, Gabriel. Universidad Nacional de San Luis. Facultad de Ciencias FĂsico Matemáticas y Naturales. Departamento de GeologĂa; ArgentinaFil: Borgo, Mariangeles. Universidad Nacional de San Luis. Facultad de Ciencias FĂsico Matemáticas y Naturales. Departamento de GeologĂa; Argentina. Consejo Nacional de Investigaciones CientĂficas y TĂ©cnicas. Centro CientĂfico TecnolĂłgico Conicet - San Luis; ArgentinaFil: Gil, Raul Andres. Consejo Nacional de Investigaciones CientĂficas y TĂ©cnicas. Centro CientĂfico TecnolĂłgico Conicet - San Luis. Instituto de QuĂmica de San Luis. Universidad Nacional de San Luis. Facultad de QuĂmica, BioquĂmica y Farmacia. Instituto de QuĂmica de San Luis; ArgentinaFil: Chiesa, Jorge. Universidad Nacional de San Luis. Facultad de Ciencias FĂsico Matemáticas y Naturales. Departamento de GeologĂa; ArgentinaFil: Costa, Carlos. Universidad Nacional de San Luis. Facultad de Ciencias FĂsico Matemáticas y Naturales. Departamento de GeologĂa; ArgentinaFil: Recalde, Maria Andrea. Centro de Estudios Historicos "prof. Carlos S.a. Segreti". Instituto de Estudios Historicos. - Consejo Nacional de Investigaciones Cientificas y Tecnicas. Centro Cientifico Tecnologico Conicet - Cordoba. Instituto de Estudios Historicos.; ArgentinaFil: Curtoni, Rafael Pedro. Consejo Nacional de Investigaciones CientĂficas y TĂ©cnicas. Centro CientĂfico TecnolĂłgico Conicet - Tandil. Investigaciones ArqueolĂłgicas y PaleontolĂłgicas del Cuaternario Pampeano. Universidad Nacional del Centro de la Provincia de Buenos Aires. Investigaciones ArqueolĂłgicas y PaleontolĂłgicas del Cuaternario Pampeano; ArgentinaFil: Capriolo, Ana Julieta. Universidad Nacional de San Luis. Facultad de Ciencias FĂsico Matemáticas y Naturales. Departamento de GeologĂa; Argentina. Consejo Nacional de Investigaciones CientĂficas y TĂ©cnicas. Centro CientĂfico TecnolĂłgico Conicet - San Luis; ArgentinaFil: Muñoz, Lucas. Universidad Nacional de San Luis. Facultad de Ciencias FĂsico Matemáticas y Naturales. Departamento de GeologĂa; Argentin
Power-aware anomaly detection in smartphones: An analysis of on-platform versus externalized operation
Hindering data theft with encrypted data trees
Data theft is a major threat for modern organizations with potentially large economic consequences. Although these attacks may well originate outside an organization’s information systems, the attacker—or else an insider—must even-tually make contact with the system where the information resides and extract it. In this work, we propose a scheme that hinders unauthorized data extraction by modifying the basic file system primitives used to access files. Intuitively, our proposal emulates the chains used to protect valuable items in certain clothing shopping centers, where shoplifting is prevented by forcing the thief to steal the whole rack of items. We achieve this by encrypting sensitive files using nonces (i.e., pseudorandom numbers used only once) as keys. Such nonces are available, also in encrypted form, in other objects of the file system. The system globally resembles a distributed Merkle hash tree, in such a way that getting access to a file requires previous access to a number of other files. This forces any potential attacker to extract not only the targeted sensitive information, but also all the files chained to it that are necessary to compute the associated key. Further-more, our scheme incorporates a probabilistic rekeying mechanism to limit the damage that might be caused by patient extractors. We report experimental results measuring the time overhead introduced by our proposal and compare it with the effort an attacker would need to successfully extract information from the system. Our results show that the scheme increases substantially the effort required by an insider, while the introduced overhead is feasible for standard computing platforms
Energy Estimation of Cosmic Rays with the Engineering Radio Array of the Pierre Auger Observatory
The Auger Engineering Radio Array (AERA) is part of the Pierre Auger
Observatory and is used to detect the radio emission of cosmic-ray air showers.
These observations are compared to the data of the surface detector stations of
the Observatory, which provide well-calibrated information on the cosmic-ray
energies and arrival directions. The response of the radio stations in the 30
to 80 MHz regime has been thoroughly calibrated to enable the reconstruction of
the incoming electric field. For the latter, the energy deposit per area is
determined from the radio pulses at each observer position and is interpolated
using a two-dimensional function that takes into account signal asymmetries due
to interference between the geomagnetic and charge-excess emission components.
The spatial integral over the signal distribution gives a direct measurement of
the energy transferred from the primary cosmic ray into radio emission in the
AERA frequency range. We measure 15.8 MeV of radiation energy for a 1 EeV air
shower arriving perpendicularly to the geomagnetic field. This radiation energy
-- corrected for geometrical effects -- is used as a cosmic-ray energy
estimator. Performing an absolute energy calibration against the
surface-detector information, we observe that this radio-energy estimator
scales quadratically with the cosmic-ray energy as expected for coherent
emission. We find an energy resolution of the radio reconstruction of 22% for
the data set and 17% for a high-quality subset containing only events with at
least five radio stations with signal.Comment: Replaced with published version. Added journal reference and DO
- …