Qi Xie

Bio: Qi Xie is an academic researcher from Hangzhou Normal University. The author has contributed to research in topics: Information security. The author has an hindex of 1, co-authored 1 publications receiving 6 citations.

Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security

Abstract: It is our great pleasure to welcome you to the 8th ACM Symposium on Information, Computer and Communications Security - ASIACCS 2013, which will be held in Hangzhou, China, May 7-10, 2013. The inaugural ASIACCS was held in Taipei (2006). Since then ASIACCS have been held in Singapore (2007), Tokyo (2008), Sydney (2009), Beijing (2010), Hong Kong (2011), and Seoul (2012). ASIACCS is a major international forum for information security researchers, practitioners, developers, and users to explore and exchange the newest cyber security ideas, breakthroughs, findings, techniques, tools, and experiences. We welcome subm issions from academia, government, and industry presenting novel research on all theoretical and practical aspects of computer and network security. The conference received 216 paper submissions, and accepted 35 regular papers and 27 short papers for presentation at the conference. The final versions of the accepted papers, which the authors finalized on the basis of comments from the reviewers, were included in the proceedings. Each accepted paper was carefully reviewed by at least three program committee members on the basis of its significance, novelty, and technical quality. The reviewing process was double-blind. It was followed by a Web-based discussion. Based on the comments and scores given by reviewers, the final decisions on acceptance were made.

Attribute-Based Access to Scalable Media in Cloud-Assisted Content Sharing Networks

Abstract: This paper presents a novel Multi-message Ciphertext Policy Attribute-Based Encryption (MCP-ABE) technique, and employs the MCP-ABE to design an access control scheme for sharing scalable media based on data consumers' attributes (e.g., age, nationality, or gender) rather than an explicit list of the consumers' names. The scheme is efficient and flexible because MCP-ABE allows a content provider to specify an access policy and encrypt multiple messages within one ciphertext such that only the users whose attributes satisfy the access policy can decrypt the ciphertext. Moreover, the paper shows how to support resource-limited mobile devices by offloading computational intensive operations to cloud servers while without compromising data privacy.

Privacy-Preserving and Secure Sharing of PHR in the Cloud

Abstract: As a new summarized record of an individual's medical data and information, Personal Health Record (PHR) can be accessible online. The owner can control fully his/her PHR files to be shared with different users such as doctors, clinic agents, and friends. However, in an open network environment like in the Cloud, these sensitive privacy information may be gotten by those unauthorized parties and users. In this paper, we consider how to achieve PHR data confidentiality and provide fine-grained access control of PHR files in the public Cloud based on Attribute Based Encryption(ABE). Differing from previous works, we also consider the privacy preserving of the receivers since the attributes of the receivers relate to their identity or medical information, which would make some sensitive data exposed to third services. Anonymous ABE(AABE) not only enforces the security of PHR of the owners but also preserves the privacy of the receivers. But a normal AABE with a single private key generation(PKG) center may not match a PHR system in the hierarchical architecture. Therefore, we discuss not only the construction of the PHR sharing system base on AABE but also how to construct the PHR sharing system based on the hierarchical AABE. The proposed schemes(especially based on hierarchical AABE) have many advantages over the available such as short public keys, constant-size private keys, which overcome the weaknesses in the existing works. In the standard model, the introduced schemes achieve compact security in the prime order groups.

A Similarity Search Scheme over Encrypted Cloud Images based on Secure Transformation

Abstract: With the growing popularity of cloud computing, more and more users outsource their private data to the cloud. To ensure the security of private data, data owners usually encrypt their private data before outsourcing the data to the cloud server, which brings incommodity of data operating. This paper proposes a scheme for similar search on encrypted images. In the setup phase, image owner extracts feature vectors to represent the images as usual image retrieval system does. Then, the feature vectors are transformed by an invertible matrix, which not only protect the information of feature vector but also support similarity evaluation between the vectors. The encrypted vectors and image identifies are used to construct inverted index, which is finally uploaded along with the encrypted image to the cloud. In the search phase, with a query image, the authorized image user extracts and encrypts feature vector to generate the trapdoor. The trapdoor is submitted to the cloud and can be used to calculate the similarity with the transformed feature vectors. The encryption on features does not degrade the result accuracy. Moreover, the image owner could update the encrypted image database as well as the secure index very easily.

Overall static analysis system for Android authority-escalated attack

Abstract: The present invention discloses an overall static analysis system for an Android authority-escalated attack, comprising the following units: a suspicion analysis unit configured to separate a program with suspicious characteristics from all programs, the suspicion analysis unit comprising: an authority detection module configured to extract an Android application program sensitive authority, a component detection module configured to identify an Android application program open component, an Intent operation detection module configured to identify Android application program Intent communication, wherein the Intent is an abstract description of an operation to be performed, a file detection module configured to identify Android application program file access, and an identify socket detection module configured to identify network communication between android application programs; and a leakage path analysis unit configured to extract an explicit capability leakage path in the suspicious program, wherein the leakage path analysis unit comprises a module configured to analyze sensitive behavior code, and a module configured to analyze sensitive data transmission code.