More Like this

1. K-LEAK: Towards Automating the Generation of Multi-Step Infoleak Exploits against the Linux Kernel

   https://doi.org/10.14722/ndss.2024.24935  

   Liang, Zhengchuan ; Zou, Xiaochen ; Song, Chengyu ; Qian, Zhiyun ( January 2024 , NDSS)
2. An Activity Theory Approach to Leak Detection and Mitigation in Patient Health Information (PHI)

   https://doi.org/10.17705/1jais.00687  

   Valecha, Rohit ; Upadhyaya, Shambhu ; Rao, H. Raghav ( January 2021 , Journal of the Association for Information Systems)

   The migration to electronic health records (EHR) in the healthcare industry has raised issues with respect to security and privacy. One issue that has become a concern for healthcare providers, insurance companies, and pharmacies is patient health information (PHI) leaks because PHI leaks can lead to violation of privacy laws, which protect the privacy of individuals’ identifiable health information, potentially resulting in a healthcare crisis. This study explores the issue of PHI leaks from an access control viewpoint. We utilize access control policies and PHI leak scenarios derived from semi structured interviews with four healthcare practitioners and use the lens of activity theory to articulate the design of an access control model for detecting and mitigating PHI leaks. Subsequently, we follow up with a prototype as a proof of concept. 

   more » « less
3. Why Does the Deep Western Boundary Current “Leak” around Flemish Cap?

   https://doi.org/10.1175/JPO-D-19-0247.1  

   Solodoch, Aviv ; McWilliams, James C. ; Stewart, Andrew L. ; Gula, Jonathan ; Renault, Lionel ( July 2020 , Journal of Physical Oceanography)

   null (Ed.)

   Abstract The southward-flowing deep limb of the Atlantic meridional overturning circulation is composed of both the deep western boundary current (DWBC) and interior pathways. The latter are fed by “leakiness” from the DWBC in the Newfoundland Basin. However, the cause of this leakiness has not yet been explored mechanistically. Here the statistics and dynamics of the DWBC leakiness in the Newfoundland Basin are explored using two float datasets and a high-resolution numerical model. The float leakiness around Flemish Cap is found to be concentrated in several areas (hot spots) that are collocated with bathymetric curvature and steepening. Numerical particle advection experiments reveal that the Lagrangian mean velocity is offshore at these hot spots, while Lagrangian variability is minimal locally. Furthermore, model Eulerian mean streamlines separate from the DWBC to the interior at the leakiness hot spots. This suggests that the leakiness of Lagrangian particles is primarily accomplished by an Eulerian mean flow across isobaths, though eddies serve to transfer around 50% of the Lagrangian particles to the leakiness hot spots via chaotic advection, and rectified eddy transport accounts for around 50% of the offshore flow along the southern face of Flemish Cap. Analysis of the model’s energy and potential vorticity budgets suggests that the flow is baroclinically unstable after separation, but that the resulting eddies induce modest modifications of the mean potential vorticity along streamlines. These results suggest that mean uncompensated leakiness occurs mostly through inertial separation, for which a scaling analysis is presented. Implications for leakiness of other major boundary current systems are discussed. 

   more » « less
4. When Good Turns Evil: Encrypted 5G/4G Voice Calls Can Leak Your Identities

   https://doi.org/10.1109/CNS59707.2023.10288900  

   Shi, Jingwen ; Xie, Tian ; Tu, Guan-Hua ; Peng, Chunyi ; Li, Chi-Yu ; Hou, Andrew ; Wang, Sihan ; Hu, Yiwen ; Lei, Xinyu ; Chen, Min-Yue ; et al ( October 2023 , 2023 IEEE Conference on Communications and Network Security (CNS))
5. Why Does Your Data Leak? Uncovering the Data Leakage in Cloud from Mobile Apps

   https://doi.org/10.1109/SP.2019.00009  

   Zuo, Chaoshun ; Lin, Zhiqiang ; Zhang, Yinqian ( May 2019 , 2019 IEEE Symposium on Security and Privacy)

   Increasingly, more and more mobile applications (apps for short) are using the cloud as the back-end, in particular the cloud APIs, for data storage, data analytics, message notification, and monitoring. Unfortunately, we have recently witnessed massive data leaks from the cloud, ranging from personally identifiable information to corporate secrets. In this paper, we seek to understand why such significant leaks occur and design tools to automatically identify them. To our surprise, our study reveals that lack of authentication, misuse of various keys (e.g., normal user keys and superuser keys) in authentication, or misconfiguration of user permissions in authorization are the root causes. Then, we design a set of automated program analysis techniques including obfuscation-resilient cloud API identification and string value analysis, and implement them in a tool called LeakScope to identify the potential data leakage vulnerabilities from mobile apps based on how the cloud APIs are used. Our evaluation with over 1.6 million mobile apps from the Google Play Store has uncovered 15, 098 app servers managed by mainstream cloud providers such as Amazon, Google, and Microsoft that are subject to data leakage attacks. We have made responsible disclosure to each of the cloud service providers, and they have all confirmed the vulnerabilities we have identified and are actively working with the mobile app developers to patch their vulnerable services. 

   more » « less