Painless migration from passwords to two factor authentication

Abstract-In spite of growing frequency and sophistication of attacks two factor authentication schemes have seen very limited adoption in the US, and passwords remain the single factor of authentication for most bank and brokerage accounts. Clearly the cost benefit analysis is not as strongly in favor of two factor as we might imagine. Upgrading from passwords to a two factor authentication system usually involves a large engineering effort, a discontinuity of user experience and a hard key management problem. In this paper we describe a system to convert a legacy password authentication server into a two factor system. The existing password system is untouched, but is cascaded with a new server that verifies possession of a smartphone device. No alteration, patching or updates to the legacy system is necessary. There are now two alternative authentication paths: one using passwords alone, and a second using passwords and possession of the trusted device. The bank can leave the password authentication path available while users migrate to the two factor scheme. Once migration is complete the passwordonly path can be severed. We have implemented the system and carried out two factor authentication against real accounts at several major banks

AMD-DBSCAN: An Adaptive Multi-density DBSCAN for datasets of extremely variable density

DBSCAN has been widely used in density-based clustering algorithms. However, with the increasing demand for Multi-density clustering, previous traditional DSBCAN can not have good clustering results on Multi-density datasets. In order to address this problem, an adaptive Multi-density DBSCAN algorithm (AMD-DBSCAN) is proposed in this paper. An improved parameter adaptation method is proposed in AMD-DBSCAN to search for multiple parameter pairs (i.e., Eps and MinPts), which are the key parameters to determine the clustering results and performance, therefore allowing the model to be applied to Multi-density datasets. Moreover, only one hyperparameter is required for AMD-DBSCAN to avoid the complicated repetitive initialization operations. Furthermore, the variance of the number of neighbors (VNN) is proposed to measure the difference in density between each cluster. The experimental results show that our AMD-DBSCAN reduces execution time by an average of 75% due to lower algorithm complexity compared with the traditional adaptive algorithm. In addition, AMD-DBSCAN improves accuracy by 24.7% on average over the state-of-the-art design on Multi-density datasets of extremely variable density, while having no performance loss in Single-density scenarios. Our code and datasets are available at https://github.com/AlexandreWANG915/AMD-DBSCAN.Comment: Accepted at DSAA202

RITA: Boost Autonomous Driving Simulators with Realistic Interactive Traffic Flow

High-quality traffic flow generation is the core module in building simulators for autonomous driving. However, the majority of available simulators are incapable of replicating traffic patterns that accurately reflect the various features of real-world data while also simulating human-like reactive responses to the tested autopilot driving strategies. Taking one step forward to addressing such a problem, we propose Realistic Interactive TrAffic flow (RITA) as an integrated component of existing driving simulators to provide high-quality traffic flow for the evaluation and optimization of the tested driving strategies. RITA is developed with consideration of three key features, i.e., fidelity, diversity, and controllability, and consists of two core modules called RITABackend and RITAKit. RITABackend is built to support vehicle-wise control and provide traffic generation models from real-world datasets, while RITAKit is developed with easy-to-use interfaces for controllable traffic generation via RITABackend. We demonstrate RITA's capacity to create diversified and high-fidelity traffic simulations in several highly interactive highway scenarios. The experimental findings demonstrate that our produced RITA traffic flows exhibit all three key features, hence enhancing the completeness of driving strategy evaluation. Moreover, we showcase the possibility for further improvement of baseline strategies through online fine-tuning with RITA traffic flows.Comment: 8 pages, 5 figures, 3 table

Improving real-world access control systems by identifying the true origins of a request

Access control is the traditional center of gravity of computer security. In order to make correct access control decisions, a critical step is to identify the origins of an access request. The origins of a request are the principals who cause the request to be issued and the principals who affect the content of the request. Therefore, the origins are responsible for the request. The access control decision should be based on the permissions of the origins. In this dissertation, we examined two real-world access control systems, operating system access control and browser access control. They are vulnerable to certain attacks because of their limitations in identifying the origins of a request. In particular, the discretionary access control (DAC) in the operating system is vulnerable to Trojan horses and vulnerability exploits, while the same origin policy (SoP) in the browser is vulnerable to the malicious proxy adversary against HTTPS and the cross-site request forgery attack. We proposed enhancements of both systems by identifying the true origins of a request. We discussed the design details, the prototype implementations, and the experimental evaluations of the enhancements

Administration in Role-Based Access Control

Administration of large-scale RBAC systems is a challenging open problem. We propose a principled approach in designing and analyzing administrative models for RBAC. We identify six design requirements for administrative models of RBAC. These design requirements are motivated by three principles for designing security mechanisms: (1) flexibility and scalability, (2) psychological acceptability, and (3) economy of mechanism. We then use these requirements to analyze several approaches to RBAC administration, including ARBAC97 [21, 23, 22], SARBAC [4, 5], and the RBAC system in the Oracle DBMS. Based on these requirements and the lessons learned in analyzing existing approaches, we design UARBAC, a new family of administrative models for RBAC that has significant advantages over existing models

Usable Mandatory Integrity Protection for Operating Systems

Existing mandatory access control systems for operating systems are difficult to use. We identify several principles for designing usable access control systems and introduce the Usable Mandatory Integrity Protection (UMIP) model that adds usable mandatory access control to operating systems. The UMIP model is designed to preserve system integrity in the face of network-based attacks. The usability goals for UMIP are twofold. First, configuring a UMIP system should not be more difficult than installing and configuring an operating system. Second, existing applications and common usage practices can still be used under UMIP. UMIP has several novel features to achieve these goals. For example, it introduces several concepts for expressing partial trust in programs. Furthermore, it leverages information in the existing discretionary access control mechanism to derive file labels for mandatory integrity protection. We also discuss our implementation of the UMIP model for Linux using the Linux Security Modules framework, and show that it is simple to configure, has low overhead, and effectively defends against a number of network-based attacks.