RevCast

Schulman, Aaron; Levin, Dave; Spring, Neil

doi:10.1145/2660267.2660376

Cited by 20 publications

(2 citation statements)

References 29 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We did not include certificate transparency in our SoK since it is a moderation of identities rather than content. However, certificate transparency often performs fully client-private exact matching with negligible or zero false positives, often by pushing as much as possible to the client [219,263,286,330,338,343,345].…”

Section: Detectionmentioning

confidence: 99%

SoK: Content Moderation for End-to-End Encryption

Scheffler

Mayer

2023

PoPETs

View full text Add to dashboard Cite

Popular messaging applications now enable end-to-end-encryption (E2EE) by default, and E2EE data storage is becoming common. These important advances for security and privacy create new content moderation challenges for online services, because services can no longer directly access plaintext content. While ongoing public policy debates about E2EE and content moderation in the United States and European Union emphasize child sexual abuse material and misinformation in messaging and storage, we identify and synthesize a wealth of scholarship that goes far beyond those topics. We bridge literature that is diverse in both content moderation subject matter, such as malware, spam, hate speech, terrorist content, and enterprise policy compliance, as well as intended deployments, including not only privacy-preserving content moderation for messaging, email, and cloud storage, but also private introspection of encrypted web traffic by middleboxes. In this work, we systematize the study of content moderation in E2EE settings. We set out a process pipeline for content moderation, drawing on a broad interdisciplinary literature that is not specific to E2EE. We examine cryptography and policy design choices at all stages of this pipeline, and we suggest areas of future research to fill gaps in literature and better understand possible paths forward.

show abstract

Section: Detectionmentioning

confidence: 99%

SoK: Content Moderation for End-to-End Encryption

Scheffler

Mayer

2023

PoPETs

View full text Add to dashboard Cite

show abstract

“…CRLite uses a filter cascade to compress the set of revoked certificates [76]. Schulman et al proposes a method for disseminating revocation data over FM radio [106]. The efforts of CAs and website administrators are, however, pointless if user-agents do not perform OCSP lookups or utilize the response, as has been observed in prior work [81].…”

Section: Related Workmentioning

confidence: 99%

Hammurabi

Larisch

Aqeel

Lum

et al. 2022

Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security

Self Cite

View full text Add to dashboard Cite

This paper proposes using a logic programming language to disentangle X.509 certificate validation policy from mechanism. Expressing validation policies in a logic programming language provides multiple benefits. First, policy and mechanism can be more independently written, augmented, and analyzed compared to the current practice of interweaving them within a C or C++ implementation. Once written, these policies can be easily shared and modified for use in different TLS clients. Further, logic programming allows us to determine when clients differ in their policies and use the power of imputation to automatically generate interesting certificates, e.g., a certificate that will be accepted by one browser but not by another.We present a new framework called Hammurabi for expressing validation policies, and we demonstrate that we can express the complex policies of the Google Chrome and Mozilla Firefox web browsers in this framework. We confirm the fidelity of the Hammurabi policies by comparing the validation decisions they make with those made by the browsers themselves on over ten million certificate chains derived from Certificate Transparency logs, as well as 100K synthetic chains. We also use imputation to discover nine validation differences between the two browsers' policies. Finally, we demonstrate the feasibility of integrating Hammurabi into Firefox and the Go language in less than 100 lines of code each. CCS CONCEPTS• Security and privacy → Web protocol security; Logic and verification.

show abstract