Keep It Simple Stupid

A set of research papers to familiarize oneself with. Part 2

| comments

Hello there!

Today’s article is the second part of the one listing interesting research papers. Part 3 is here, and part 4 is here.

  • Mirjam Wattenhofer, Roger Wattenhofer, Zack Zhu. The YouTube Social Network

Today, YouTube is the largest user-driven video content provider in the world; it has become a major platform for disseminating multimedia information. A major contribution to its success comes from the user-to-user social experience that differentiates it from traditional content broadcasters. This work examines the social network aspect of YouTube by measuring the fullscale YouTube subscription graph, comment graph, and video content corpus. We find YouTube to deviate significantly from network characteristics that mark traditional online social networks, such as homophily, reciprocative linking, and assortativity. However, comparing to reported characteristics of another content-driven online social network, Twitter, YouTube is remarkably similar. Examining the social and content facets of user popularity, we find a stronger correlation between a user’s social popularity and his/her most popular content as opposed to typical content popularity. Finally, we demonstrate an application of our measurements for classifying YouTube Partners, who are selected users that share YouTube’s advertisement revenue. Results are motivating despite the highly imbalanced nature of the classification problem.

  • Agha, Gul Abdulnabi. ACTORS: A Model of Concurrent Computation in Distributed Systems

A foundational model of concurrency is developed in this thesis. We examine issues in the design of parallel systems and show why the actor model is suitable for exploiting large-scale parallelism. Concurrency in actors is constrained only by the availability of hardware resources and by the logical dependence inherent in the computation. Unlike dataflow and functional programming, however, actors are dynamically reconfigurable and can model shared resources with changing local state. Concurrency is spawned in actors using asynchronous message-passing, pipelining, and the dynamic creation of actors. This thesis deals with some central issues in distributed computing. Specifically, problems of divergence and deadlock are addressed. For example, actors permit dynamic deadlock detection and removal. The problem of divergence is contained because independent transactions can execute concurrently and potentially infinite processes are nevertheless available for interaction.

  • Andrey Belenko, Dmitry Sklyarov. “Secure Password Managers” and “Military-Grade Encryption” on Smartphones: Oh Really?

In this paper we will analyze applications designed to facilitate storing and management of passwords on mobile platforms, such as Apple iOS and BlackBerry. We will specifically focus our attention on the security of data at rest. We will show that many password keeper apps fail to provide claimed level of protection.

  • Rahul Raguram, Andrew M. White, Dibenyendu Goswami, Fabian Monrose and Jan-Michael Frahm. iSpy: Automatic Reconstruction of Typed Input from Compromising Reflections

We investigate the implications of the ubiquity of personal mobile devices and reveal new techniques for compromising the privacy of users typing on virtual keyboards. Specifically, we show that so-called compromising reflections (in, for example, a victim’s sunglasses) of a device’s screen are sufficient to enable automated reconstruction, from video, of text typed on a virtual keyboard. Despite our deliberate use of low cost commodity video cameras, we are able to compensate for variables such as arbitrary camera and device positioning and motion through the application of advanced computer vision and machine learning techniques. Using footage captured in realistic environments (e.g., on a bus), we show that we are able to reconstruct fluent translations of recorded data in almost all of the test cases, correcting users’ typing mistakes at the same time. We believe these results highlight the importance of adjusting privacy expectations in response to emerging technologies.

  • iMPERVA. Imperva’s Hacker Intelligence Summary Report The Anatomy of an Anonymous Attack

During 2011, Imperva witnessed an assault by the hacktivist group ‘Anonymous’ that lasted 25 days. Our observations give insightful information on Anonymous, including a detailed analysis of hacking methods, as well as an examination of how social media provides a communications platform for recruitment and attack coordination. Hacktivism has grown dramatically in the past year and has become a priority for security organizations worldwide. Understanding Anonymous’ attack methods will help organizations prepare if they are ever a target.

  • Michael Grace, Yajin Zhou, Zhi Wang, Xuxian Jiang. Systematic Detection of Capability Leaks in Stock Android Smartphones

Recent years have witnessed a meteoric increase in the adoption of smartphones. To manage information and features on such phones, Android provides a permission-based security model that requires each application to explicitly request permissions before it can be installed to run. In this paper, we analyze eight popular Android smartphones and discover that the stock phone images do not properly enforce the permission model. Several privileged permissions are unsafely exposed to other applications which do not need to request them for the actual use. To identify these leaked permissions or capabilities, we have developed a tool called Woodpecker. Our results with eight phone images show that among 13 privileged permissions examined so far, 11 were leaked, with individual phones leaking up to eight permissions. By exploiting them, an untrusted application can manage to wipe out the user data, send out SMS messages, or record user conversation on the affected phones – all without asking for any permission.

  • Roxana Geambasu, Amit A.Arvind Krishnamurthy, Levy, Tadayoshi Kohno, Henry M. Levy. Comet: An active distributed key-value store

Distributed key-value storage systems are widely used in corporations and across the Internet. Our research seeks to greatly expand the application space for key-value storage systems through application-specific customization. We designed and implemented Comet, an extensible, distributed key-value store. Each Comet node stores a collection of active storage objects (ASOs) that consist of a key, a value, and a set of handlers. Comet handlers run as a result of timers or storage operations, such as get or put, allowing an ASO to take dynamic, application-specific actions to customize its behavior. Handlers are written in a simple sandboxed extension language, providing properties of safety and isolation.

We implemented a Comet prototype for the Vuze DHT, deployed Comet nodes on Vuze from PlanetLab, and built and evaluated over a dozen Comet applications. Our experience demonstrates that simple, safe, and restricted extensibility can significantly increase the power and range of applications that can run on distributed active storage systems. This approach facilitates the sharing of a single storage system by applications with diverse needs, allowing them to reap the consolidation benefits inherent in today’s massive clouds.

  • Александр Навалихин. Популярные интернет-сервисы: удобство или безопасность?

Сегодня социальные сети и интернет-порталы стали по-настоящему массовыми сервисами, которыми пользуются миллионы людей. При этом многие пользователи регулярно забывают пароли к своим страницам и почтовым ящикам, после чего в службы поддержки приходят тысячи писем с просьбой о помощи. Специально для подобных ситуаций интернет-ресурсы предлагают процедуру восстановления пароля. Именно процесс восстановления пароля при ближайшем рассмотрении может оказаться слабым местом в системе безопасности популярных онлайн-сервисов.

Цель настоящего исследования – понять, насколько легко получить доступ к учётным записям пользователей социальных сетей и почтовых сервисов исключительно методами социальной инженерии, без специальных знаний и хакерского инструментария. В ходе исследования эксперты Исследовательского центра Positive Research, инновационного подразделения компании Positive Technologies, провели несколько «социальных атак», объектами которых стали популярные социальные сети ВКонтакте и Facebook, а также сервисы Mail.Ru, Яндекс и Google. Вектор атак был направлен не на пользователей, а на сами сервисы (через процедуры восстановления паролей и виртуальное взаимодействие с сотрудниками службы поддержки). В результате этих действий эксперты Positive Research смогли получить доступ к учетным записям пользователей нескольких ведущих интернет-сервисов. При этом использовалась только общедоступная информация о пользователе из Интернета.Исследование_восстановление%20пароля.pdf

Part 1, Part 2, Part 3, Part 4.

IT, reading

Don't hesitate to leave a comment below. NB! If you don't see a comment form under the post, it's most likely that an extension (such as Ghostery, NoScript, or AdBlock) of your browser blocks the scripts from, and you can unblock that.

« Stop soiling my flash drive Git SSH Keys on Windows »