Security and Trust Management: 18th International Workshop, STM 2022, Copenhagen, Denmark, September 29, 2022, Proceedings

Preface
Organization
Contents
Security and Authentication
SIMple ID: QR Codes for Authentication Using Basic Mobile Phones in Developing Countries
1 Introduction
2 Preliminaries
2.1 Mobile Phones in Developing Countries
2.2 UICC and (U)SIM Cards
2.3 QR Codes
2.4 Cryptographic Primitives and Notation
3 The Foundational eID Model
3.1 Authentication
3.2 Threat Model
4 CAT QR Codes
4.1 Native Icon Protocol
4.2 QR Code Rendering
5 SIMple ID
6 Evaluation and Discussion
6.1 Security
6.2 Privacy
6.3 Implementation
6.4 QR Codes
7 Related Work
8 Conclusion
References
A Hierarchical Watermarking Scheme for PRFs from Standard Lattice Assumptions
1 Introduction
2 Preliminaries
2.1 The Hypergeometric Distribution
2.2 Lattice Preliminaries
3 A Variant of Translucent Constrained PRFs
3.1 Security Definitions
4 The Construction of PTP
4.1 The Variant of the Translucent PRF Construction
5 A Hierarchical Watermarking Scheme for PRFs
5.1 A Hierarchical Watermarking Scheme for PRFs
A Proof of Theorem 6
B Proof of Theorem 7
B.1 Proof of Correctness
B.2 Proof of Unremovability
B.3 Proof of Unforgeability
References
Evaluating the Future Device Security Risk Indicator for Hundreds of IoT Devices
1 Introduction
2 Related Work
3 Preliminaries
4 Predicting the Patch Trend
4.1 Data-Set Observation
4.2 Prediction Model Evaluation
4.3 Prediction Accuracy
5 Predicting the Vulnerability Trend
5.1 Data-Set Observation
5.2 Prediction Model Evaluation
5.3 Prediction Accuracy
6 Predicting the Future Device Security Risk Indicator
6.1 Definition of the Future Device Security Risk Indicator
6.2 Classifying the Future Device Security Risk Indicator
7 Discussion
7.1 Limitations
7.2 Comparing with Related Work
8 Summary and Future Work
8.1 Future Work
References
Server-Supported Decryption for Mobile Devices
1 Introduction
2 Desired Properties of Distributed Decryption
3 Building Blocks
4 The Encryption Scheme
5 Fit for Our Main Use-Case
References
Deep Learning for Security and Trust
Software Vulnerability Detection via Multimodal Deep Learning
1 Introduction
2 Related Work
3 Background and Approach
3.1 Data Representations
3.2 Potential Vulnerable Statement
3.3 Abstract Syntax Tree
3.4 Program Dependence Graph
3.5 TDFG and ASTG
3.6 Sub-graph Extractions
3.7 Pipeline
3.8 Vulnerability Highlighter
4 Neural Network Models
4.1 Attention-Based BGRU
4.2 Multisource Deep Learner
5 Dataset
5.1 Preprocessing and Tokenization
6 Experimental Results and Analysis
7 Conclusion
A Appendix
A.1 Limitations
References
Assessing Deep Learning Predictions in Image-Based Malware Detection with Activation Maps
1 Introduction
2 Background
3 Methodology
4 Experiments
5 Conclusion and Future Works
References
Data Analysis of Security and Trust
M2M: A General Method to Perform Various Data Analysis Tasks from a Differentially Private Sketch
1 Introduction
2 Background
2.1 Sketches
2.2 Differential Privacy
2.3 Differentially Private Sketching
2.4 Related Work
3 The Moment-to-Moment Method
3.1 Method Description
3.2 Optimizing the M2M Model
3.3 Sources of Error
3.4 Statistical Estimation with M2M
3.5 Classification and Regression by Approximation of the Loss
4 Experiments
4.1 Tasks Involving Columns in Isolation
4.2 Multi-column Tasks
4.3 Logistic Regression
5 Future Work and Conclusion
A Proof of Theorem 1
B M2M Learning Procedure
References
JChainz: Automatic Detection of Deserialization Vulnerabilities for the Java Language
1 Introduction
2 Background
2.1 Deserialization Terminology
2.2 Running Attack Example
3 Overview
3.1 Call Graph Accuracy
3.2 Data Type Inconsistency
3.3 Validation Algorithm
4 Experimental Evaluation
4.1 Dataset
4.2 Finder Results
4.3 Analyzer Results
5 Limitations
6 Related Works
7 Conclusion
1 Appendix
1.1 Case Studies
References
FlowADGAN: Adversarial Learning for Deep Anomaly Network Intrusion Detection
1 Introduction
2 Related Works
2.1 Review of Anomaly Detection Algorithms
2.2 Deep Anomaly Detection Algorithms in IDS
3 Methodology
3.1 FlowADGAN Model Design
3.2 FlowADGAN Pipeline
3.3 Algorithm
3.4 Anomaly Scores
3.5 Threshold Selection
4 Evaluation
4.1 Evaluation Settings and Chosen Datasets
4.2 Ablation Study
4.3 Performance Evaluation
4.4 Experiment Discussion
5 Conclusion
References
Trust and Security
The Relevance of Consent in the Digital Age: A Consideration of Its Origins and Its Fit for Digital Application
1 The Origins of Consent
1.1 From Biomedical Treatment to Clinical Research
1.2 Consent as Legal Right
1.3 Ethical v Legal Consent
2 Digital Consent
2.1 Habituation and Information Overload
2.2 Consideration and Comprehension
2.3 Action Futility
3 Conclusion
References
HoneyGAN: Creating Indistinguishable Honeywords with Improved Generative Adversarial Networks
1 Introduction
2 Honeyword Generation Techniques
2.1 HoneyGAN
2.2 Baseline Models
3 Evaluation
3.1 Datasets
3.2 Internal Similarity Between Honeywords and Real Passwords
3.3 Attack Model: Normalized Top-SW
3.4 Results
4 User Study
4.1 Study Design
4.2 Results
5 Discussion
6 Conclusions
References
Author Index