The Experts below are selected from a list of 111 Experts worldwide ranked by ideXlab platform
Raheem Beyah - One of the best experts on this subject based on the ideXlab platform.
-
On the relative de-anonymizability of graph data: Quantification and evaluation
IEEE INFOCOM 2016 - The 35th Annual IEEE International Conference on Computer Communications, 2016Co-Authors: Shouling Ji, Weiqing Li, Shukun Yang, Prateek Mittal, Raheem BeyahAbstract:In this paper, we propose a structural importance-aware approach to quantify the Vulnerability/de-anonymizability of graph data to structure-based De-Anonymization (DA) attacks [1][2][3][4]. Specifically, we quantify both the seed-based and the seed-free Relative De-anonymizability (RD) of graph data for both perfect DA (successfully de-anonymizing all the target users) and partial DA (where some DA error is tolerated) under a general data model. In our relative quantification, instead of treating all the users in graph data as structurally equivalent, we adaptively quantify their RD in terms of their structural importance. Leveraging 15 Real world graph datasets, we validate the accuracy of our relative quantifications and compare them with state-of-the-art seed-based and seed-free quantification techniques. The results demonstrate that our structural importance-aware relative quantifications are more sound and precise when measuring graph data's Real Vulnerability/de-anonymizability.
-
INFOCOM - On the relative de-anonymizability of graph data: Quantification and evaluation
IEEE INFOCOM 2016 - The 35th Annual IEEE International Conference on Computer Communications, 2016Co-Authors: Shouling Ji, Weiqing Li, Shukun Yang, Prateek Mittal, Raheem BeyahAbstract:In this paper, we propose a structural importance-aware approach to quantify the Vulnerability/de-anonymizability of graph data to structure-based De-Anonymization (DA) attacks [1][2][3][4]. Specifically, we quantify both the seed-based and the seed-free Relative De-anonymizability (RD) of graph data for both perfect DA (successfully de-anonymizing all the target users) and partial DA (where some DA error is tolerated) under a general data model. In our relative quantification, instead of treating all the users in graph data as structurally equivalent, we adaptively quantify their RD in terms of their structural importance. Leveraging 15 Real world graph datasets, we validate the accuracy of our relative quantifications and compare them with state-of-the-art seed-based and seed-free quantification techniques. The results demonstrate that our structural importance-aware relative quantifications are more sound and precise when measuring graph data's Real Vulnerability/de-anonymizability.
Yu-ting Kuang - One of the best experts on this subject based on the ideXlab platform.
-
Using data visualization technique to detect sensitive information re-identification problem of Real open dataset
Journal of Systems Architecture, 2017Co-Authors: Chih-hung Hsieh, Yu-ting Kuang, Chuan-kai YangAbstract:Abstract With plenty valuable information, open data are often deemed as great assets to academia or industry. In spite of some de-identification processing that most of data owners will perform before releasing the data, the more datasets are opened to public, the more likely personal privacy will be exposed. According to previous Real case studies, even though the personally identifiable information has been de-identified, sensitive personal information could still be uncovered by heterogeneous or cross-domain data joining operations. The involved privacy re-identification processes are usually too complicated or obscure to be Realized by data owners, not to mention that this problem will be more severe as the scale of data will get larger and larger. For preventing the leakage of sensitive information, this paper shows how to use a novel visualization analysis tool for open data de-identification (ODD Visualizer) to verify whether there exists sensitive information leakage problem in the target datasets. The high effectiveness that the ODD Visualizer can provide mainly comes from implementing a scalable computing platform as well as developing an efficient data visualization technique. Our demonstrations show that the ODD Visualizer can indeed uncover Real Vulnerability of record linkage attacks among open datasets available on the Internet.
-
Using Data Visualization Technique to Detect Sensitive Information Re-Identification Problem of Real Open Dataset
2016 International Computer Symposium (ICS), 2016Co-Authors: Chih-hung Hsieh, Yu-ting KuangAbstract:Opening data of plenty valuable information as public dataset provides great potential treasure to academy or industry. Despite of de-identification process that most of data owner will take before releasing those data, however, the more datasets are opened to public, the more likely personal privacy exposed will be. Previous studies have shown that personal identity and sensitive information might be re-identified by joining two or more de-identified data table with common attributes. According to previous Real case studies, even though the personally identifiable information have been de-identified, sensitive personal information still could be uncovered by heterogeneous or cross-domain data joining operation. This kind of privacy re-identification are usually too complicated or obscure to be Realized by data owner, not to mention that this problem will be more severe as the scale of data goes large. For the purpose of preventing damage of sensitive information leakage, this paper shows how to use a novel open data de-identification visualization analysis tool (ODD Visualizer) to verify whether there exists sensitive information leakage problem in the target datasets. The high effectiveness, that ODD Visualizer can provide, mainly comes from implementing scalable computing platform as well as developing efficient data visualization technique. Demonstration proves that ODD Visualizer indeed uncovered one Real Vulnerability of record linkage attack among open datasets available on the internet.
Nuno Laranjeiro - One of the best experts on this subject based on the ideXlab platform.
-
LADC - Towards Understanding the Value of False Positives in Static Code Analysis
2016 Seventh Latin-American Symposium on Dependable Computing (LADC), 2016Co-Authors: Carlo Dimastrogiovanni, Nuno LaranjeiroAbstract:Static code analysis is a well-known technique used to detect potential software security issues. Nowadays, given the large variety of vulnerabilities and the increasing complexity of web applications, it is difficult for static code analyzers to identify vulnerabilities in a precise manner. The main problem is with the typically high number of false positives reported by these tools, which refer to vulnerabilities that, in practice, do not exist. The common view is that the information regarding false positives is useless. In this paper we give an initial step towards investigating the hypothesis that false positives may be, in fact, a link to potential security problems. We analyzed 3 open-source web applications using a well-known static analyzer, then identified false positives and linked these to potential security problems. Preliminary results suggest that, in many cases, the presence of a false positive indicates a fragility of the application, which is prone, in different degrees, to turn into a Real Vulnerability.
-
Towards Understanding the Value of False Positives in Static Code Analysis
2016 Seventh Latin-American Symposium on Dependable Computing (LADC), 2016Co-Authors: Carlo Dimastrogiovanni, Nuno LaranjeiroAbstract:Static code analysis is a well-known technique used to detect potential software security issues. Nowadays, given the large variety of vulnerabilities and the increasing complexity of web applications, it is difficult for static code analyzers to identify vulnerabilities in a precise manner. The main problem is with the typically high number of false positives reported by these tools, which refer to vulnerabilities that, in practice, do not exist. The common view is that the information regarding false positives is useless. In this paper we give an initial step towards investigating the hypothesis that false positives may be, in fact, a link to potential security problems. We analyzed 3 open-source web applications using a well-known static analyzer, then identified false positives and linked these to potential security problems. Preliminary results suggest that, in many cases, the presence of a false positive indicates a fragility of the application, which is prone, in different degrees, to turn into a Real Vulnerability.
Chih-hung Hsieh - One of the best experts on this subject based on the ideXlab platform.
-
Using data visualization technique to detect sensitive information re-identification problem of Real open dataset
Journal of Systems Architecture, 2017Co-Authors: Chih-hung Hsieh, Yu-ting Kuang, Chuan-kai YangAbstract:Abstract With plenty valuable information, open data are often deemed as great assets to academia or industry. In spite of some de-identification processing that most of data owners will perform before releasing the data, the more datasets are opened to public, the more likely personal privacy will be exposed. According to previous Real case studies, even though the personally identifiable information has been de-identified, sensitive personal information could still be uncovered by heterogeneous or cross-domain data joining operations. The involved privacy re-identification processes are usually too complicated or obscure to be Realized by data owners, not to mention that this problem will be more severe as the scale of data will get larger and larger. For preventing the leakage of sensitive information, this paper shows how to use a novel visualization analysis tool for open data de-identification (ODD Visualizer) to verify whether there exists sensitive information leakage problem in the target datasets. The high effectiveness that the ODD Visualizer can provide mainly comes from implementing a scalable computing platform as well as developing an efficient data visualization technique. Our demonstrations show that the ODD Visualizer can indeed uncover Real Vulnerability of record linkage attacks among open datasets available on the Internet.
-
Using Data Visualization Technique to Detect Sensitive Information Re-Identification Problem of Real Open Dataset
2016 International Computer Symposium (ICS), 2016Co-Authors: Chih-hung Hsieh, Yu-ting KuangAbstract:Opening data of plenty valuable information as public dataset provides great potential treasure to academy or industry. Despite of de-identification process that most of data owner will take before releasing those data, however, the more datasets are opened to public, the more likely personal privacy exposed will be. Previous studies have shown that personal identity and sensitive information might be re-identified by joining two or more de-identified data table with common attributes. According to previous Real case studies, even though the personally identifiable information have been de-identified, sensitive personal information still could be uncovered by heterogeneous or cross-domain data joining operation. This kind of privacy re-identification are usually too complicated or obscure to be Realized by data owner, not to mention that this problem will be more severe as the scale of data goes large. For the purpose of preventing damage of sensitive information leakage, this paper shows how to use a novel open data de-identification visualization analysis tool (ODD Visualizer) to verify whether there exists sensitive information leakage problem in the target datasets. The high effectiveness, that ODD Visualizer can provide, mainly comes from implementing scalable computing platform as well as developing efficient data visualization technique. Demonstration proves that ODD Visualizer indeed uncovered one Real Vulnerability of record linkage attack among open datasets available on the internet.
Shouling Ji - One of the best experts on this subject based on the ideXlab platform.
-
On the relative de-anonymizability of graph data: Quantification and evaluation
IEEE INFOCOM 2016 - The 35th Annual IEEE International Conference on Computer Communications, 2016Co-Authors: Shouling Ji, Weiqing Li, Shukun Yang, Prateek Mittal, Raheem BeyahAbstract:In this paper, we propose a structural importance-aware approach to quantify the Vulnerability/de-anonymizability of graph data to structure-based De-Anonymization (DA) attacks [1][2][3][4]. Specifically, we quantify both the seed-based and the seed-free Relative De-anonymizability (RD) of graph data for both perfect DA (successfully de-anonymizing all the target users) and partial DA (where some DA error is tolerated) under a general data model. In our relative quantification, instead of treating all the users in graph data as structurally equivalent, we adaptively quantify their RD in terms of their structural importance. Leveraging 15 Real world graph datasets, we validate the accuracy of our relative quantifications and compare them with state-of-the-art seed-based and seed-free quantification techniques. The results demonstrate that our structural importance-aware relative quantifications are more sound and precise when measuring graph data's Real Vulnerability/de-anonymizability.
-
INFOCOM - On the relative de-anonymizability of graph data: Quantification and evaluation
IEEE INFOCOM 2016 - The 35th Annual IEEE International Conference on Computer Communications, 2016Co-Authors: Shouling Ji, Weiqing Li, Shukun Yang, Prateek Mittal, Raheem BeyahAbstract:In this paper, we propose a structural importance-aware approach to quantify the Vulnerability/de-anonymizability of graph data to structure-based De-Anonymization (DA) attacks [1][2][3][4]. Specifically, we quantify both the seed-based and the seed-free Relative De-anonymizability (RD) of graph data for both perfect DA (successfully de-anonymizing all the target users) and partial DA (where some DA error is tolerated) under a general data model. In our relative quantification, instead of treating all the users in graph data as structurally equivalent, we adaptively quantify their RD in terms of their structural importance. Leveraging 15 Real world graph datasets, we validate the accuracy of our relative quantifications and compare them with state-of-the-art seed-based and seed-free quantification techniques. The results demonstrate that our structural importance-aware relative quantifications are more sound and precise when measuring graph data's Real Vulnerability/de-anonymizability.
