A paper got accepted!

We are thrilled to announce that our paper has been accepted for presentation at the twentieth Symposium on Usable Privacy and Security (SOUPS 2024). Congratulations to Lachlan-kun and Hasegawa-san!

Lachlan Moore, Tatsuya Mori, Ayako Hasegawa, “Negative Effects of Social Triggers on User Security and Privacy Behaviors,” Proceedings of the twentieth Symposium on Usable Privacy and Security (SOUPS 2024), Aug 2024 (accepted) (acceptance rate: 33/156=21.1%)

People often make decisions influenced by those around them. Previous studies have shown that users frequently adopt security practices based on advice from others and have proposed collaborative and community-based approaches to enhance user security behaviors.

In this paper, we focused on the negative effects of social triggers and investigated whether users’ risky behaviors are socially triggered. We conducted an online survey to understand the triggers for risky behaviors and the sharing practices associated with these behaviors. Our findings revealed that a significant percentage of participants experienced social triggers before engaging in risky behaviors. Moreover, we found that these socially triggered risky behaviors are more likely to be shared with others, creating negative chains of risky behaviors.

Our results suggest the need for more efforts to reduce the negative social effects on user security and privacy behaviors. We propose specific approaches to mitigate these effects and enhance overall user security.

A paper got accepted!

We are thrilled to announce that our paper has been accepted for presentation at the 9th IEEE European Symposium on Security and Privacy (Euro S&P 2024). Congratulations to Oyama-kun and the team!

H. Oyama, R. Iijima, T. Mori, “DeGhost: Unmasking Phantom Intrusions in Autonomous Recognition Systems,” Proceedings of Euro S&P 2024 (accepted for publication), pp. xxxx-xxxx, July 2024

This study addresses the vulnerability of autonomous systems to phantom attacks, where adversaries project deceptive illusions that are mistaken for real objects. Initial research assessed attack success rates from various distances and angles. Experiments used two setups: a black-box with DJI Mavic Air, and a white-box with Tello drone equipped with YOLOv3. To counteract these threats, the DeGhost deep learning framework was developed to distinguish between real objects and illusions, testing it across multiple surfaces and against top object detection models. DeGhost demonstrated excellent performance, achieving an AUC of 0.998, with low false negative and positive rates, and was further enhanced by an advanced Fourier technique. This study substantiates the risk of phantom attacks and presents DeGhost as an effective security measure for autonomous systems.

A paper got accepted!

We are pleased to announce that our paper has been accepted for publication at the Journal of Information Processing Information Processing Society of Japan (IPSJ). Congraturations, Watanabe-kun and the team!

T. Watanabe, E. Shioji, M. Akiyama, T. Mori, “Understanding the Breakdown of Same-Origin Policies in Web Services That Rehost Websites,” Journal of Information Processing, vol. xx, no. xx., pp. xxxx-xxxxx (in press)

This paper extends our original work presented at NDSS 2020 by providing detailed insights into the countermeasures implemented by global service providers, including Google, in response to our recommendations. These enhancements are crucial for understanding the evolving landscape of web service security. We elaborate on the real-world impact of our research in collaboration with JPCERT/CC.

Presented five posters at NDSS 2024

This year at NDSS 2024 held in San Diego, our team had the privilege of presenting five poster presentations, all focusing on the autonomous vehicle security. Some of these works were also showcased at VehicleSec 2024, reflecting our ongoing research projects under the JST CREST. The feedback we received from attendees was invaluable. Engaging with the community allowed us to gain new insights and perspectives, which are essential for refining our research and approaches.

Additionally, we organized a Mini NDSS Japan Night, an event that gathered around 20 researchers/students from the field. This intimate gathering proved to be a productive time for all, fostering discussions and collaborations that could shape the future of security research in Japan. These experiences underscore the importance of community and dialogue in the security research community. We are grateful for the engaging conversations and look forward to contributing further to this vital field.

A paper got accepted!

We are pleaased to announce that our paper has been accepted for publication at the 21st Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA 2024). Congratulations to Matsuo-kun and the team!

Kazuki Matsuo, Satoshi Tanda, Yuhei Kawakoya, Kuniyasu Suzaki, and Tatsuya Mori, “SmmPack: Obfuscation for SMM Modules,” Proceedings of DIMVA 2024 (accepted for publication)

In this paper, we address the urgent need to improve computer security for System Management Mode (SMM), the most privileged operating mode in x86 and x86-64 processors. Recognizing that SMM is frequently exploited by attackers to bypass critical security measures, we developed SmmPack. The key idea is to encrypt the SMM modules, making it much harder for hackers to access and analyze. Our extensive testing has shown that SmmPack not only effectively strengthens security, but also preserves computer performance. In addition, we have demonstrated the practicality of deploying and managing SmmPack, including during BIOS updates. This breakthrough represents a significant advancement in protecting the highly privileged SMM and securing computers against advanced cyber threats.

Image generated by ChatGPT