ACM SIGSAC Hilton Alexandria Mark Center
ACM CCS 2007

Research Track Program

Tuesday, October 30, 2007

9:30 - 10:30

Keynote Talk

Session Chair: Sabrina De Capitani di Vimercati

Title TBA

Steve Lipner, Microsoft USA

10:30 - 11:00


11:00 - 12:30

Session 1: Web Applications Security

Session Chair: Marianne Winslett

An Analysis of Browser Domain-Isolation Bugs and A Light-Weight Transparent Defense Mechanism

Shuo Chen, Yi-Min Wang and David Ross (Microsoft Research, USA)

CANDID: Preventing SQL Injection Attacks Using Dynamic Candidate Evaluations

Sruthi Bandhakavi (UIUC, USA), Prithvi Bisht (UI Chicago, USA), Madhusudan Parthasarathy (UIUC, USA) and V.N. Venkatakrishnan (UI Chicago, USA)

Multi-Module Vulnerability Analysis of Web-based Applications

Davide Balzarotti, Marco Cova, Viktoria Felmetsger and Giovanni Vigna (UC Santa Barbara, USA)

11:00 - 12:30

Session 2: Authentication and Passwords

Session Chair: Jianying Zhou

Do Background Images Improve "Draw a Secret" Graphical Passwords?

Paul Dunphy and Jeff Yan (Newcastle University, UK)

BeamAuth: Two-Factor Web Authentication with a Bookmark

Ben Adida (Harvard University, USA)

Dynamic pharming attacks and the locked same-origin policies for web browsers

Chris Karlof (UC Berkeley, USA), Umesh Shankar (Google, Inc., USA), J.D. Tygar (UC Berkeley, USA) and David Wagner (UC Berkeley, USA)

12:30 - 14:00


14:00 - 15:30

Session 3: Anonymity

Session Chair: Claudia Diaz

Blacklistable Anonymous Credentials: Blocking Misbehaving Users without TTPs

Patrick Tsang (Dartmouth College, USA), Man Ho Au (University of Wollongong, Australia), Apu Kapadia (Dartmouth College, USA), Sean Smith (Dartmouth College, USA)

How much anonymity does network latency leak?

Nicholas Hopper, Eugene Vasserman and David Chan-Tin (University of Minnesota, USA)

Denial of Service or Denial of Security? How Attacks on Reliability can Compromise Anonymity

Nikita Borisov (UIUC, USA), George Danezis (K.U. Leuven, Belgium), Prateek Mittal (UIUC, USA) and Parisa Tabriz (Google, Inc., USA)

14:00 - 15:30

Session 4: Operating Systems and Malware

Session Chair: Sencun Zhu

Automated Detection of Persistent Kernel Control-Flow Attacks

Nick Petroni and Michael Hicks (University of Maryland, USA)

Panorama: Capturing System-wide Information Flow for Malware Detection and Analysis

Heng Yin (CMU & College of William and Mary, USA), Dawn Song (UC Berkeley & CMU, USA), Manuel Egele, Engin Kirda and Christopher Kruege (Technical University Vienna, Austria)

Stealthy Malware Detection Through VMM-Based "Out-of-the-Box" Semantic View Reconstruction

Xuxian Jiang (George Mason University, USA), Xinyuan Wang (George Mason University, USA) and Dongyan Xu (Purdue University, USA)

15:30 - 16:00


16:00 - 17:30

Session 5: Traffic Analysis and Location Privacy

Session Chair: Peng Liu

Shunting: A Hardware/Software Architecture for Flexible, High-Performance Network Intrusion Prevention

Jose Maria Gonzalez, Vern Paxson and Nicholas Weaver (International Computer Science Institute, USA)

Highly Efficient Techniques for Network Forensics

Miroslav Ponec, Paul Giura, Herve Bronnimann and Joel Wein (Polytechnic University, USA)

Preserving Privacy in GPS Traces via Uncertainty-Aware Path Cloaking

Baik Hoh (Rutgers University, USA), Marco Gruteser (Rutgers University, USA), Hui Xiong (Rutgers University, USA) and Ansaf Alrabady (General Motors Corporation, USA)

16:00 - 17:30

Session 6: Cryptography

Session Chair: Gene Tsudik

Robust Computational Secret Sharing and a Unified Account of Classical Secret-Sharing Goals

Mihir Bellare (UC San Diego, USA) and Phillip Rogaway (UC Davis, USA)

Chosen-Ciphertext Secure Proxy Re-Encryption

Ran Canetti (IBM T.J. Watson Research Center, USA) and Susan Hohenberger (Johns Hopkins University, USA)

Attribute-Based Encryption with Non-Monotonic Access Structures

Rafail Ostrovsky (UC Los Angeles, USA), Amit Sahai (UC Los Angeles, USA) and Brent Waters (SRI International, USA)


Wednesday, October 31, 2007

8:30 - 10:30

Session 7: Network Security

Session Chair: Rachel Greenstadt

Optimal Security Hardening Using Multi-objective Optimization on Attack Tree Models of Networks

Rinku Dewri, Nayot Poolsappasit, Indrajit Ray and Darrell Whitley (Colorado State University, USA)

On the Accuracy of Decentralized Virtual Coordinate Systems in Adversarial Networks

David Zage and Cristina Nita-Rotaru (Purdue University, USA)

Analyzing the Vulnerability of the Superpeer Networks Against Attack

Bivas Mitra, Sujoy Ghose and Niloy Ganguly (Indian Institute of Technology, Kharagpur, India)

Towards Automated Provisioning of Secure Virtualized Networks

Serdar Cabuk (HP Labs Bristol, UK), Chris I. Dalton (HP Labs Bristol, UK), HariGovind V. Ramasamy (IBM Zurich Research Laboratory, Switzerland) and Matthias Schunter (IBM Zurich Research Laboratory, Switzerland)

8:30 - 10:30

Session 8: Election Systems and Applied Cryptography

Session Chair: Matt Edman

Split-Ballot Voting: Everlasting Privacy With Distributed Trust

Tal Moran and Moni Naor (Weizmann Institute of Science, Israel)

An Independent Audit Framework for Software Dependent Voting Systems

Sujata Garera and Aviel D. Rubin (Johns Hopkins University, USA)

Forward-Secure Signatures in Untrusted Update Environments: Efficient and Generic Constructions

Benoit Libert (Universite' Catholique de Louvain, Belgium), Jean-Jacques Quisquater (Universite' Catholique de Louvain, Belgium) and Moti Yung (Columbia University & RSA Labs, USA)

Ordered Multisignatures and Identity-Based Sequential Aggregate Signatures, with Applications to Secure Routing

Alexandra Boldyreva (Georgia Tech, USA), Craig Gentry (Stanford University, USA), Adam O'Neill (Georgia Tech, USA) and Dae Hyun Yum (Pohang University of Science and Technology, South Korea)

10:30 - 11:00


11:00 - 12:30

Session 9: Side and Covert Channels Detection

Session Chair: Matthew Wright

An Information-Theoretic Model for Adaptive Side-Channel Attacks

Boris Koepf and David Basin (ETH Zurich, Switzerland)

Covert Channels in Privacy-Preserving Identification Systems

Dan Bailey (RSA Security, USA), Dan Boneh (Stanford University, USA), Eu-Jin Goh (Stanford University, USA) and Ari Juels (RSA Laboratories, USA)

Detecting Covert Timing Channels: An Entropy-Based Approach

Steven Gianvecchio and Haining Wang (College of William and Mary, USA)

11:00 - 12:30

Session 10: Protocols and Spam Filters

Session Chair: Sven Dietrich

Polyglot: Automatic Extraction of Protocol Format using Dynamic Binary Analysis

Juan Caballero (CMU, USA) and Dawn Song (UC Berkeley & CMU, USA)

Harvesting Verifiable Challenges from Oblivious Online Sources

Alex Halderman (Princeton University, USA) and Brent Waters (SRI International, USA)

Filtering Spam with Behavioral Blacklisting

Anirudh Ramachandran, Nick Feamster and Santosh Vempala (Georgia Tech, USA)

12:30 - 14:00


14:00 - 15:30

Session 11: Internet Security

Session Chair: Roger Dingledine

ConceptDoppler: A Weather Tracker for Internet Censorship

Jedidiah R. Crandall (University of New Mexico, USA), Daniel Zinn (UC Davis, USA), Michael Byrd (UC Davis, USA), Earl Barr (UC Davis, USA) and Rich East (Independent Researcher, USA)

Asirra: A CAPTCHA that Exploits Interest-Aligned Manual Image Categorization

Jeremy Elson, John Douceur and Jon Howell (Microsoft Research, USA)

An Inquiry into the Nature and Causes of the Wealth of Internet Miscreants

Jason Franklin (CMU, USA), Vern Paxson (International Computer Science Institute, USA), Adrian Perrig (CMU, USA) and Stefan Savage (International Computer Science Institute, USA)

14:00 - 15:30

Session 12: Key Management

Session Chair: Radu Sion

Hardware-rooted Trust for Secure Key Management and Transient Trust

Jeffrey Dwoskin and Ruby B. Lee (Princeton University, USA)

Robust Key Generation from Signal Envelopes in Wireless Networks

Babak Azimi-Sadjadi (Intelligent Automation, Inc., USA), Aggelos Kiayias (University of Connecticut, USA), Alejandra Mercado (RPI, USA) and Bulent Yener (RPI, USA)

Robust Group Key Agreement using Short Broadcasts

Jihye Kim, Stanislaw Jarecki and Gene Tsudik (UC Irvine, USA)

15:30 - 16:00


16:00 - 17:30

Session 13: Policies

Session Chair: William Winsborough

Protecting Browsers from DNS Rebinding Attacks

Collin Jackson, Adam Barth, Andrew Bortz, Weidong Shao and Dan Boneh (Stanford University, USA)

Alpaca: Extensible Authorization for Distributed Services

Christopher Lesniewski-Laas, Bryan Ford, Jacob Strauss, M. Frans Kaashoek and Robert Morris (MIT, USA)

Efficient Policy Analysis for Administrative Role Based Access

Scott Stoller (Stony Brook University, USA), Ping Yang (Binghamton University, USA), C.R. Ramakrishnan (Stony Brook University, USA) and Mikhail Gofman (Binghamton University, USA)

16:00 - 17:30

Session 14: Cryptography and Cryptoanalysis

Session Chair: Ari Juels

Provably Secure Ciphertext Policy ABE

Ling Cheung and Calvin Newport (MIT, USA)

Security under Key-Dependent Inputs

Shai Halevi and Hugo Krawczyk (IBM T.J. Watson Research Center, USA)

Cryptanalysis of the Windows Random Number Generator

Leo Dorrendorf (Hebrew University of Jerusalem, Israel), Zvi Gutterman (Hebrew University of Jerusalem, Israel) and Benny Pinkas (University of Haifa, Israel)


Thursday, November 1, 2007

8:30 - 10:30

Session 15: Data Privacy

Session Chair: Wenliang (Kevin) Du

Secure 2-party k-Means Clustering

Paul Bunn and Rafail Ostrovsky (UC Los Angeles, USA)

Privacy-Preserving Remote Diagnostics

Justin Brickell, Don Porter, Vitaly Shmatikov and Emmett Witchel (University of Texas at Austin, USA)

Automaton Segmentation: A New Approach to Preserve Privacy in XML Information Brokering

Fengjun Li, Bo Luo, Peng Liu, Dongwon Lee and Chao-Hsien Chu (Pennsylvania State University, USA)

Privacy Preserving Error Resilient DNA Searching through Oblivious Automata

Juan Ramon Troncoso-Pastoriza (University of Vigo, Spain), Stefan Katzenbeisser (Philips Research Europe, The Netherlands) and Mehmet Celik (Philips Research Europe, The Netherlands)

8:30 - 10:30

Session 16: Software Security

Session Chair: Nick Weaver

Predicting Vulnerable Software Components

Stephan Neuhaus, Thomas Zimmermann and Andreas Zeller (Saarland University, Germany)

On the Infeasibility of Modeling Polymorphic Shellcode

Yingbo Song, Michael Locasto, Angelos Stavrou, Angelos Keromytis and Salvatore Stolfo (Columbia University, USA)

The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86)

Hovav Shacham (UC San Diego, USA)

MemSherlock: An Automated Debugger for Unknown Memory Corruption Vulnerabilities

Emre Can Sezer (North Carolina State University, USA), Peng Ning (North Carolina State University, USA), Chongkyung Kil (North Carolina State University, USA) and Jun Xu (Google, Inc., USA)

10:30 - 11:00


11:00 - 12:30

Session 17: Data Disclosure 

Session Chair: Vitaly Shmatikov

Information Disclosure under Realistic Assumptions: Privacy versus Optimality

Lei Zhang, Sushil Jajodia and Alexander Brodsky (George Mason University, USA)

PORs: Proofs of Retrievability for Large Files

Ari Juels (RSA Laboratory, USA) and Burt Kaliski (EMC Corporation, USA)

Provable Data Possession at Untrusted Stores

Giuseppe Ateniese, Randal Burns, Reza Curtmola, Joseph Herring (Johns Hopkins University, USA), Lea Kissner (Google Inc., USA), Zachary Peterson (Johns Hopkins University, USA) and Dawn Song (UC Berkeley & CMU, USA)