liu.seSearch for publications in DiVA
Endre søk
Link to record
Permanent link

Direct link
BETA
Shahmehri, Nahid, Professor
Publikasjoner (10 av 134) Visa alla publikasjoner
Vapen, A., Carlsson, N., Mahanti, A. & Shahmehri, N. (2016). A Look at the Third-Party Identity Management Landscape. IEEE Internet Computing, 20(2), 18-25
Åpne denne publikasjonen i ny fane eller vindu >>A Look at the Third-Party Identity Management Landscape
2016 (engelsk)Inngår i: IEEE Internet Computing, ISSN 1089-7801, E-ISSN 1941-0131, Vol. 20, nr 2, s. 18-25Artikkel i tidsskrift (Fagfellevurdert) Published
Abstract [en]

Many websites act as relying parties (RPs) by allowing access to their services via third-party identity providers (IDPs), such as Facebook and Google. Using IDPs simplifies account creation, login activity, and information sharing across websites. However, different websites use of IDPs can have significant security and privacy implications for users. Here, the authors provide an overview of third-party identity managements current landscape. Using datasets collected through manual identification and large-scale crawling, they answer questions related to which sites act as RPs, which sites are the most successful IDPs, and how different classes of RPs select their IDPs.

sted, utgiver, år, opplag, sider
IEEE COMPUTER SOC, 2016
HSV kategori
Identifikatorer
urn:nbn:se:liu:diva-127053 (URN)10.1109/MIC.2016.38 (DOI)000372015500003 ()
Tilgjengelig fra: 2016-04-13 Laget: 2016-04-13 Sist oppdatert: 2018-01-10
Hiran, R., Carlsson, N. & Shahmehri, N. (2016). Does Scale, Size, and Locality Matter?: Evaluation of Collaborative BGP Security Mechanisms. In: 2016 IFIP NETWORKING CONFERENCE (IFIP NETWORKING) AND WORKSHOPS: . Paper presented at IFIP Networking Conference (IFIP Networking) and Workshops, Vienna, Austria, May 2016 (pp. 261-269). IEEE
Åpne denne publikasjonen i ny fane eller vindu >>Does Scale, Size, and Locality Matter?: Evaluation of Collaborative BGP Security Mechanisms
2016 (engelsk)Inngår i: 2016 IFIP NETWORKING CONFERENCE (IFIP NETWORKING) AND WORKSHOPS, IEEE , 2016, s. 261-269Konferansepaper, Publicerat paper (Fagfellevurdert)
Abstract [en]

The Border Gateway Protocol (BGP) was not designed with security in mind and is vulnerable to many attacks, including prefix/subprefix hijacks, interception attacks, and imposture attacks. Despite many protocols having been proposed to detect or prevent such attacks, no solution has been widely deployed. Yet, the effectiveness of most proposals relies on largescale adoption and cooperation between many large Autonomous Systems (AS). In this paper we use measurement data to evaluate some promising, previously proposed techniques in cases where they are implemented by different subsets of ASes, and answer questions regarding which ASes need to collaborate, the importance of the locality and size of the participating ASes, and how many ASes are needed to achieve good efficiency when different subsets of ASes collaborate. For our evaluation we use topologies and routing information derived from real measurement data. We consider collaborative detection and prevention techniques that use (i) prefix origin information, (ii) route path updates, or (iii) passively collected round-trip time (RTT) information. Our results and answers to the above questions help determine the effectiveness of potential incremental rollouts, incentivized or required by regional legislation, for example. While there are differences between the techniques and two of the three classes see the biggest benefits when detection/prevention is performed close to the source of an attack, the results show that significant gains can be achieved even with only regional collaboration.

sted, utgiver, år, opplag, sider
IEEE, 2016
HSV kategori
Identifikatorer
urn:nbn:se:liu:diva-129430 (URN)10.1109/IFIPNetworking.2016.7497237 (DOI)000383224900030 ()978-3-9018-8283-8 (ISBN)
Konferanse
IFIP Networking Conference (IFIP Networking) and Workshops, Vienna, Austria, May 2016
Tilgjengelig fra: 2016-06-19 Laget: 2016-06-19 Sist oppdatert: 2018-01-10
Vapen, A., Carlsson, N. & Shahmehri, N. (2016). Longitudinal Analysis of the Third-party Authentication Landscape. In: : . Paper presented at NDSS Workshop on Understanding and Enhancing Online Privacy Workshop (UEOP@NDSS).21-24 February 2016 Catamaran Resort Hotel & Spa in San Diego, California. Internet Society
Åpne denne publikasjonen i ny fane eller vindu >>Longitudinal Analysis of the Third-party Authentication Landscape
2016 (engelsk)Konferansepaper, Publicerat paper (Fagfellevurdert)
Abstract [en]

Many modern websites offer single sign-on (SSO) services, which allow the user to use an existing account with a third-party website such as Facebook to authenticate. When using SSO the user must approve an app-rights agreement that specifies what data related to the user can be shared between the two websites and any actions (e.g., posting comments) that the origin website is allowed to perform on behalf of the user on the third-party provider (e.g., Facebook). Both cross-site data sharing and actions performed on behalf of the user can have significant privacy implications. In this paper we present a longitudinal study of the third-party authentication landscape, its structure, and the protocol usage, data sharing, and actions associated with individual third-party relationships. The study captures the current state, changes in the structure, protocol usage, and information leakage risks.

sted, utgiver, år, opplag, sider
Internet Society, 2016
HSV kategori
Identifikatorer
urn:nbn:se:liu:diva-127301 (URN)1-891562-44-4 (ISBN)
Konferanse
NDSS Workshop on Understanding and Enhancing Online Privacy Workshop (UEOP@NDSS).21-24 February 2016 Catamaran Resort Hotel & Spa in San Diego, California
Merknad

DOI does not work: 10.14722/ueop.2016.23008

Tilgjengelig fra: 2016-04-19 Laget: 2016-04-19 Sist oppdatert: 2018-09-20bibliografisk kontrollert
Krishnamoorthi, V., Carlsson, N., Eager, D., Mahanti, A. & Shahmehri, N. (2015). Bandwidth-aware Prefetching for Proactive Multi-video Preloading and Improved HAS Performance. In: Proceedings of the ACM International Conference on Multimedia (ACM Multimedia): . Paper presented at ACM Multimedia 2015 (pp. 551-560). New York, USA: Association for Computing Machinery (ACM)
Åpne denne publikasjonen i ny fane eller vindu >>Bandwidth-aware Prefetching for Proactive Multi-video Preloading and Improved HAS Performance
Vise andre…
2015 (engelsk)Inngår i: Proceedings of the ACM International Conference on Multimedia (ACM Multimedia), New York, USA: Association for Computing Machinery (ACM), 2015, s. 551-560Konferansepaper, Publicerat paper (Fagfellevurdert)
Abstract [en]

This paper considers the problem of providing users playing one streaming video the option of instantaneous and seamless playback of alternative videos. Recommendation systems can easily provide a list of alternative videos, but there is little research on how to best eliminate the startup time for these alternative videos. The problem is motivated by services that want to retain increasingly impatient users, who frequently watch the beginning of multiple videos, before viewing a video to the end. We present the design, implementation, and evaluation of an HTTP-based Adaptive Streaming (HAS) solution that provides careful prefetching and buffer management. We also present the design and evaluation of three fundamental policy classes that provide different tradeoffs between how aggressively new alternative videos are prefetched versus the importance of ensuring high playback quality. We show that our solution allows us to reduce the startup times of alternative videos by an order of magnitude and effectively adapt the quality such as to ensure the highest possible playback quality of the video being viewed. By improving the channel utilization we also address the discrimination problem that HAS clients often suffer from, allowing us to in some cases simultaneously improve the playback quality of the video being viewed and provide the value-added service of allowing instantaneous playback of the prefetched alternative videos.

sted, utgiver, år, opplag, sider
New York, USA: Association for Computing Machinery (ACM), 2015
Emneord
HTTP-based adaptive streaming (HAS); Bandwidth-aware prefetching; Multi-video preloading; Seamless playback
HSV kategori
Identifikatorer
urn:nbn:se:liu:diva-128168 (URN)10.1145/2733373.2806270 (DOI)000387861300064 ()978-1-4503-3459-4 (ISBN)
Konferanse
ACM Multimedia 2015
Tilgjengelig fra: 2016-05-20 Laget: 2016-05-19 Sist oppdatert: 2018-02-06
Hiran, R., Carlsson, N. & Shahmehri, N. (2015). Crowd-based Detection of Routing Anomalies on the Internet. In: Proc. IEEE Conference on Communications and Network Security (IEEE CNS), Florence, Italy, Sept. 2015.: . Paper presented at Proc. IEEE Conference on Communications and Network Security (IEEE CNS), Florence, Italy, Sept. 2015. (pp. 388-396). IEEE Computer Society Digital Library
Åpne denne publikasjonen i ny fane eller vindu >>Crowd-based Detection of Routing Anomalies on the Internet
2015 (engelsk)Inngår i: Proc. IEEE Conference on Communications and Network Security (IEEE CNS), Florence, Italy, Sept. 2015., IEEE Computer Society Digital Library, 2015, s. 388-396Konferansepaper, Publicerat paper (Fagfellevurdert)
Abstract [en]

The Internet is highly susceptible to routing attacks and there is no universally deployed solution that ensures that traffic is not hijacked by third parties. Individuals or organizations wanting to protect themselves from sustained attacks must therefore typically rely on measurements and traffic monitoring to detect attacks. Motivated by the high overhead costs of continuous active measurements, we argue that passive monitoring combined with collaborative information sharing and statistics can be used to provide alerts about traffic anomalies that may require further investigation. In this paper we present and evaluate a user-centric crowd-based approach in which users passively monitor their network traffic, share information about potential anomalies, and apply combined collaborative statistics to identify potential routing anomalies. The approach uses only passively collected round-trip time (RTT) measurements, is shown to have low overhead, regardless if a central or distributed architecture is used, and provides an attractive tradeoff between attack detection rates (when there is an attack) and false alert rates (needing further investigation) under normal conditions. Our data-driven analysis using longitudinal and distributed RTT measurements also provides insights into detector selection and the relative weight that should be given to candidate detectors at different distances from the potential victim node.

sted, utgiver, år, opplag, sider
IEEE Computer Society Digital Library, 2015
HSV kategori
Identifikatorer
urn:nbn:se:liu:diva-129426 (URN)10.1109/CNS.2015.7346850 (DOI)000380401800048 ()978-1-4673-7876-5 (ISBN)
Konferanse
Proc. IEEE Conference on Communications and Network Security (IEEE CNS), Florence, Italy, Sept. 2015.
Tilgjengelig fra: 2016-06-19 Laget: 2016-06-19 Sist oppdatert: 2017-03-16
Byers, D. & Shahmehri, N. (2015). Graphical Modeling of Security Goals and Software Vulnerabilities. In: Vicente García Díaz, Juan Manuel Cueva Lovelle, B. Cristina Pelayo García-Bustelo (Ed.), Handbook of Research on Innovations in Systems and Software Engineering: (pp. 1-31). IGI Global
Åpne denne publikasjonen i ny fane eller vindu >>Graphical Modeling of Security Goals and Software Vulnerabilities
2015 (engelsk)Inngår i: Handbook of Research on Innovations in Systems and Software Engineering / [ed] Vicente García Díaz, Juan Manuel Cueva Lovelle, B. Cristina Pelayo García-Bustelo, IGI Global, 2015, s. 1-31Kapittel i bok, del av antologi (Fagfellevurdert)
Abstract [en]

Security has become recognized as a critical aspect of software development, leading to the development of various security-enhancing techniques, many of which use some kind of custom modeling language. Models in different languages cannot readily be related to each other, which is an obstacle to using several techniques together. The sheer number of languages is, in itself, also an obstacle to adoption by developers. The authors have developed a modeling language that can be used in place of four existing modeling languages: attack trees, vulnerability cause graphs, security activity graphs, and security goal indicator trees. Models in the new language can be transformed to and from the earlier language, and a precise definition of model semantics enables an even wider range of applications, such as testing and static analysis. This chapter explores this new language.

sted, utgiver, år, opplag, sider
IGI Global, 2015
Emneord
Software security, Software vulnerability, Security goal modelling, Secure software engineering
HSV kategori
Identifikatorer
urn:nbn:se:liu:diva-117722 (URN)10.4018/978-1-4666-6359-6.ch001 (DOI)978-146666-359-6 (ISBN)1-46666359-6 (ISBN)978-14-6666-360-2 (ISBN)
Tilgjengelig fra: 2015-05-07 Laget: 2015-05-07 Sist oppdatert: 2018-01-11
Vapen, A., Carlsson, N., Mahanti, A. & Shahmehri, N. (2015). Information Sharing and User Privacy in the Third-party Identity Management Landscape. In: Hannes Federrath, Dieter Gollmann (Ed.), ICT Systems Security and Privacy Protection: 30th IFIP TC 11 International Conference, SEC 2015, Hamburg, Germany, May 26-28, 2015, Proceedings. Paper presented at 30th IFIP TC 11 International Conference, SEC 2015, Hamburg, Germany, May 26-28, 2015 (pp. 174-188). Springer
Åpne denne publikasjonen i ny fane eller vindu >>Information Sharing and User Privacy in the Third-party Identity Management Landscape
2015 (engelsk)Inngår i: ICT Systems Security and Privacy Protection: 30th IFIP TC 11 International Conference, SEC 2015, Hamburg, Germany, May 26-28, 2015, Proceedings / [ed] Hannes Federrath, Dieter Gollmann, Springer, 2015, s. 174-188Konferansepaper, Publicerat paper (Fagfellevurdert)
Abstract [en]

The cross-site information sharing and authorized actions of third-party identity management can have significant privacy implications for the users. In this paper, we use a combination of manual analysis of identified third-party identity management relationships and targeted case studies to (i) capture how the protocol usage and third-party selection is changing, (ii) profile what information is requested to be shared (and actions to be performed) between websites, and (iii) identify privacy issues and practical problems that occur when using multiple accounts (associated with these services). By characterizing and quantifying the third-party relationships based on their cross-site information sharing, the study highlights differences in the privacy leakage risks associated with different classes of websites, and provides concrete evidence for how the privacy risks are increasing. For example, many news and file/video-sharing sites ask users to authorize the site to post information to the third-party website. We also observe a general increase in the breadth of information that is shared across websites, and find that due to usage of multiple third-party websites, in many cases, the user can lose (at least) partial control over which identities they can merge/relate and the information that is shared/posted on their behalf.

sted, utgiver, år, opplag, sider
Springer, 2015
Serie
IFIP Advances in Information and Communication Technology, ISSN 1868-4238 ; 455
HSV kategori
Identifikatorer
urn:nbn:se:liu:diva-117543 (URN)10.1007/978-3-319-18467-8_12 (DOI)000364779100012 ()978-3-319-18466-1 (ISBN)978-3-319-18467-8 (ISBN)
Konferanse
30th IFIP TC 11 International Conference, SEC 2015, Hamburg, Germany, May 26-28, 2015
Tilgjengelig fra: 2015-05-04 Laget: 2015-05-04 Sist oppdatert: 2017-03-16bibliografisk kontrollert
Vapen, A., Carlsson, N., Mahanti, A. & Shahmehri, N. (2015). Information Sharing and User Privacy in the Third-party Identity Management Landscape. In: Proc. ACM Conference on Data and Application Security and Privacy (ACM CODASPY): . Paper presented at ACM CODASPY (pp. 151-153). ACM Digital Library
Åpne denne publikasjonen i ny fane eller vindu >>Information Sharing and User Privacy in the Third-party Identity Management Landscape
2015 (engelsk)Inngår i: Proc. ACM Conference on Data and Application Security and Privacy (ACM CODASPY), ACM Digital Library, 2015, s. 151-153Konferansepaper, Poster (with or without abstract) (Fagfellevurdert)
Abstract [en]

Third-party identity management services enable cross-site information sharing, making Web access seamless but also raise significant privacy implications for the users. Using a combination of manual analysis of identified third-party identity management relationships and targeted case studies we capture how the protocol usage and third-party selection is changing, profile what information is requested to be shared (and actions to be performed) between websites, and identify privacy issues and practical problems that occur when using multiple accounts (associated with these services). The study highlights differences in the privacy leakage risks associated with different classes of websites, and shows that the use of multiple third-party websites, in many cases, can cause the user to lose (at least) partial control over which information is shared/posted on their behalf.

sted, utgiver, år, opplag, sider
ACM Digital Library, 2015
HSV kategori
Identifikatorer
urn:nbn:se:liu:diva-117542 (URN)10.1145/2699026.2699131 (DOI)978-1-4503-3191-3 (ISBN)
Konferanse
ACM CODASPY
Tilgjengelig fra: 2015-05-04 Laget: 2015-05-04 Sist oppdatert: 2017-03-16bibliografisk kontrollert
Kargén, U. & Shahmehri, N. (2015). Turning programs against each other: high coverage fuzz-testing using binary-code mutation and dynamic slicing. In: 2015 10TH JOINT MEETING OF THE EUROPEAN SOFTWARE ENGINEERING CONFERENCE AND THE ACM SIGSOFT SYMPOSIUM ON THE FOUNDATIONS OF SOFTWARE ENGINEERING (ESEC/FSE 2015) PROCEEDINGS: . Paper presented at 10th Joint Meeting on Foundations of Software Engineering (pp. 782-792). New York, NY, USA: Association for Computing Machinery (ACM)
Åpne denne publikasjonen i ny fane eller vindu >>Turning programs against each other: high coverage fuzz-testing using binary-code mutation and dynamic slicing
2015 (engelsk)Inngår i: 2015 10TH JOINT MEETING OF THE EUROPEAN SOFTWARE ENGINEERING CONFERENCE AND THE ACM SIGSOFT SYMPOSIUM ON THE FOUNDATIONS OF SOFTWARE ENGINEERING (ESEC/FSE 2015) PROCEEDINGS, New York, NY, USA: Association for Computing Machinery (ACM), 2015, s. 782-792Konferansepaper, Publicerat paper (Fagfellevurdert)
Abstract [en]

Mutation-based fuzzing is a popular and widely employed black-box testing technique for finding security and robustness bugs in software. It owes much of its success to its simplicity; a well-formed seed input is mutated, e.g. through random bit-flipping, to produce test inputs. While reducing the need for human effort, and enabling security testing even of closed-source programs with undocumented input formats, the simplicity of mutation-based fuzzing comes at the cost of poor code coverage. Often millions of iterations are needed, and the results are highly dependent on configuration parameters and the choice of seed inputs. In this paper we propose a novel method for automated generation of high-coverage test cases for robustness testing. Our method is based on the observation that, even for closed-source programs with proprietary input formats, an implementation that can generate well-formed inputs to the program is typically available. By systematically mutating the program code of such generating programs, we leverage information about the input format encoded in the generating program to produce high-coverage test inputs, capable of reaching deep states in the program under test. Our method works entirely at the machine-code level, enabling use-cases similar to traditional black-box fuzzing. We have implemented the method in our tool MutaGen, and evaluated it on 7 popular Linux programs. We found that, for most programs, our method improves code coverage by one order of magnitude or more, compared to two well-known mutation-based fuzzers. We also found a total of 8 unique bugs.

sted, utgiver, år, opplag, sider
New York, NY, USA: Association for Computing Machinery (ACM), 2015
Emneord
Fuzz testing, fuzzing, black-box, dynamic slicing, program mutation
HSV kategori
Identifikatorer
urn:nbn:se:liu:diva-128810 (URN)10.1145/2786805.2786844 (DOI)000382568700067 ()978-1-4503-3675-8 (ISBN)
Konferanse
10th Joint Meeting on Foundations of Software Engineering
Tilgjengelig fra: 2016-05-31 Laget: 2016-05-31 Sist oppdatert: 2019-08-16
Kargén, U. & Shahmehri, N. (2014). Efficient Utilization of Secondary Storage for Scalable Dynamic Slicing. In: Randall Bilof (Ed.), Proceedings of the 2014 IEEE 14th International Working Conference on Source Code Analysis and Manipulation: . Paper presented at 14th IEEE International Working Conference on Source Code Analysis and Manipulation, Victoria, British Columbia, Canada, September 28-29, 2014 (pp. 155-164). IEEE
Åpne denne publikasjonen i ny fane eller vindu >>Efficient Utilization of Secondary Storage for Scalable Dynamic Slicing
2014 (engelsk)Inngår i: Proceedings of the 2014 IEEE 14th International Working Conference on Source Code Analysis and Manipulation / [ed] Randall Bilof, IEEE , 2014, s. 155-164Konferansepaper, Publicerat paper (Fagfellevurdert)
Abstract [en]

Dynamic program slicing is widely recognized as a powerful aid for e.g. Program comprehension during debugging. However, its widespread use has been impeded in part by scalability issues that occur when constructing the dynamic dependence graph necessary to compute dynamic slices. A few seconds of execution time on a modern CPU can easily yield dynamic dependence graphs on the order of tens of gigabytes in size. Existing methods either produce imprecise slices, incur large time overheads during slice computation, or run out of memory for long program executions. By carefully designing our method to take advantage of locality, we are able to efficiently use secondary storage for dynamic dependence graphs, thus allowing our method to scale to long program executions. Our prototype implementation runs directly on x86 executables, eliminating problems with e.g. Binary-only libraries. We show in our experiments that graphs can be constructed for program runs with billions of executed instructions, at slowdowns ranging from 62x to 173x. Our optimized format also allows graphs to be traversed at speeds of several million dependence edges per second.

sted, utgiver, år, opplag, sider
IEEE, 2014
Emneord
binary analysis, debugging, dynamic dependence graph, dynamic slicing, x86
HSV kategori
Identifikatorer
urn:nbn:se:liu:diva-117289 (URN)10.1109/SCAM.2014.24 (DOI)000358876700020 ()978-0-7695-5304-7 (ISBN)
Konferanse
14th IEEE International Working Conference on Source Code Analysis and Manipulation, Victoria, British Columbia, Canada, September 28-29, 2014
Tilgjengelig fra: 2015-04-22 Laget: 2015-04-22 Sist oppdatert: 2019-08-16
Organisasjoner