http://www.sigsac.org/ccs/CCS2008/program.html
Conference Program
Program Overview
| Monday, October
27, 2008, Pre-Conference Full Day Workshops and Welcome Reception |
|
9:00 - 17:00
|
Workshop on Formal
Methods in Security Engineering (FMSE) - Plaza Ballroom I |
|
Workshop on
Quality of Protection (QoP) -
Plaza Ballroom II |
| Workshop on Privacy in the
Electronic Society (WPES) - Plaza Ballroom III |
| Workshop
on Digital Rights Management (DRM) -
Beech A |
| Workshop on AISec - Beech B |
| 19:00 - 21:00 |
Welcome
Reception |
| |
| Tuesday, October
28, 2008, Main Conference |
| 9:00 - 9:30 |
Welcoming
remarks |
| 9:30 - 10:30 |
Keynote
talk: Martín Abadi
Session Chair: Paul Syverson |
| 10:30 - 11:00 |
Break
|
| 11:00 - 12:30 |
Session 1:
Attacks 1
Session Chair: Michael Reiter |
Session 2:
Software Security 1
Session Chair: Mihai Christodorescu |
| 12:30 - 14:00 |
Lunch
|
| 14:00 - 15:30 |
Session 3:
Browser Security
Session Chair: Xiaofeng Wang |
Session 4:
Formal Methods 1
Session Chair: Anupam Datta |
Tutorial
1: Trusted Hardware
Radu Sion |
| 15:30 - 16:00 |
Break
|
| 16:00 - 17:00 |
Session 5:
Privacy 1
Session Chair: George Danezis |
Session 6:
Software Security 2
Session Chair: Vinod Ganapathy |
| 18:30 - 21:30 |
Conferecen Reception |
| |
| Wednesday,
October 29, 2008, Main Conference |
| 9:00 - 10:30 |
Session 7:
Network Security
Session Chair: Paul Van Oorschot |
Session 8:
System Security 1
Session Chair: Wenke Lee |
Tutorial
2: RFID Security and Privacy
Kevin Fu |
| 10:30 - 11:00 |
Break
|
| 11:00 - 12:30 |
Session 9:
Privacy 2
Session Chair: Patrick McDaniel |
Session 10:
Access Control
Session Chair: Ting Yu |
| 12:30 - 14:00 |
Lunch
|
| 14:00 - 15:30 |
Session 11:
Anonymity
Session Chair: Aaron Johnson |
Session 12:
Formal Methods 2
Session Chair: Cédric Fournet |
Tutorial
3: Understanding Android's Security Framework
William Enck |
| 15:30 - 16:00 |
Break
|
| 16:00 - 17:00 |
Session 13:
System Security 2
Session Chair: Radu Sion |
Session 14:
Identity-Based Encryption
Session Chair: Steven Myers |
| |
| Thursday,
October 30, 2008, Main Conference |
| 9:00 - 10:30 |
Session 15:
Applied Cryptography 1
Session Chair: Philippe Golle |
Session 16:
Device Security
Session Chair: J. Alex Halderman |
| 10:30 - 11:00 |
Break
|
| 11:00 - 13:00 |
Session 17:
Applied Cryptography 2
Session Chair: Catherine Meadows |
Session 18:
Attacks 2
Session Chair: Sven Dietrich |
| |
|
|
| Friday, October
31, 2008, Post-Conference Full Day Workshops |
| 9:00 - 17:00 |
|
| |
|
|
|
|
|
|
|
|
|
|
|
Detailed Program
| Tuesday, October
28, 2008 |
| 9:30
- 10:30 |
Keynote Talk
Session Chair: Paul Syverson |
| |
The Good, The Bad, and The Provable
Martín Abadi (University of California at Santa Cruz and
Microsoft Research) |
| 11:00 -
12:30 |
Session 1: Attacks 1
Session Chair: Michael Reiter |
| |
Spamalytics: An Empirical Analysis of Spam Marketing
Conversion
Chris
Kanich (UC San Diego), Christian Kreibich (ICSI), Kirill Levchenko (UC
San Diego) Brandon Enright (UC San Diego), Geoff Voelker (UC San
Diego), Vern Paxson (ICSI, USA), and Stefan Savage (UC San Diego)
Code Injection Attacks on Harvard-Architecture Devices
Aurelien Francillon (INRIA) and
Claude Castelluccia (INRIA)
When Good Instructions Go Bad: Generalizing Return-Oriented
Programming to RISC
Erik Buchanan (UCSD), Ryan
Roemer (UCSD), Hovav
Shacham (UCSD), and Stefan Savage (UCSD)
|
| |
Session 2: Software Security 1
Session Chair: Mihai Christodorescu (IBM Research) |
| |
Efficient and Extensible Security Enforcement Using Dynamic
Data Flow Analysis
Walter
Chang (The University of Texas at Austin), Brandon Streiff (The
University of Texas at Austin) and Calvin Li (The University of Texas
at Austin)
Ether: Malware Analysis via Hardware Virtualization Extensions
Artem Dinaburg (Georgia
Institute of Technology and Damballa), Paul Royal (Damballa and Georgia
Institute of Technology), Monirul Sharif (Georgia Institute of
Technology and Damballa), and Wenke Lee (Damballa and Georgia Institute
of Technology)
Extending Logical Attack Graphs for Efficient Vulnerability
Analysis
Diptikalyan Saha (Motorola
India Research Lab)
|
| 14:00 -
15:30 |
Session 3: Browser Security
Session Chair: Xiaofeng Wang (Indiana University at Bloomington) |
| |
Robust Defenses for Cross-Site Request Forgery
Adam Barth (Stanford
University), Collin Jackson (Stanford University) and John C. Mitchell
(Stanford University, USA)
SOMA: Mutual Approval for Included Content in Web Pages
Terri Oda (Carleton University)
, Glenn Wurster (Carleton University) Paul Van Oorschot (Carleton
University), and Anil Somayaji (Carleton University)
OMash: Enabling Secure Web Mashups via Object Abstractions
Steven Crites (UC Davis),
Francis Hsu (UC Davis), and Hao Chen (UC Davis)
|
| |
Session 4: Formal Methods 1
Session Chair: Anupam Datta (Carnegie Mellon University) |
| |
Computational soundness of observational equivalence
Hubert Comon-Lundh (ENS Cachan
and AIST) and Veronique
Cortier (CNRS, Loria)
Unbounded Verification, Falsification, and Characterization of
Security Protocols by Pattern Refinement
C.J.F. Cremers (ETH Zurich)
Reducing Protocol Analysis with XOR to the XOR-free Case in
the Horn Theory Based Approach
Ralf Kuesters (University of
Trier) and Tomasz Truderung (University of Trier)
|
| |
Tutorial 1 |
| |
Trusted Hardware (abstract)
Radu Sion (Stony Brook University) |
| 16:00 -
17:00 |
Session 5: Privacy 1
Session Chair: George Danezis (Microsoft Research, Cambridge) |
| |
Building Castles out of Mud: Practical Access Pattern Privacy
and Correctness on Untrusted Storage
Peter Williams (Stony Brook
University), Radu Sion (Stony Brook University), and Bogdan Carbunar
(Motorola Labs)
Location Privacy of Distance Bounding Protocols
Kasper Bonne Rasmussen (ETH
Zurich) and Srdjan Capkun (ETH Zurich)
|
| |
Session 6: Software Security 2
Session Chair: Vinod Ganapathy (Rutgers University) |
| |
Verifiable functional purity in Java
Matthew Finifter (UC, Berkeley), Adrian Mettler (UC, Berkeley), Naveen
Sastry (UC, Berkeley), and David Wagner (UC, Berkeley)
Trust Management for Secure Information Flows
Mudhakar Srivatsa (IBM T.J. Watson Research Center), Shane Balfe (Royal
Holloway, University of London), Kenneth Paterson (Royal Holloway,
University of London), and Pankaj Rohatgi (IBM T.J. Watson Research
Center)
|
| 18:30 -
21:00 |
Conference Reception |
| |
Brief presentations by funding agencies
|
| |
|
| Wednesday,
October 29, 2008 |
| 9:00 -
10:30 |
Session 7: Network Security
Session Chair: Paul Van Oorschot (Carleton University) |
| |
Mitigating DNS DoS Attacks
Hitesh Ballani (Cornell
University) and Paul Francis (Cornell University)
Revocation Games in Ephemeral Networks
Maxim Raya (EPFL, Switzerland),
Mohammad Hossein Manshaei (EPFL, Switzerland), Mark Felegyhazi (
University of California, Berkeley), Jean-Pierre Hubaux (EPFL)
Increased DNS Forgery Resistance Through 0x20-Bit Encoding
David Dagon (Georgia Institute
of Technology), Manos Antonakakis (Georgia Institute of Technology),
Paul Vixie (Internet Systems Consortium, USA), Jinmei Tatuya (Internet
Systems Consortium, Japan), and Wenke Lee (Georgia Institute of
Technology)
|
| |
Session 8: System Security 1
Session Chair: Wenke Lee (Georgia Institute of Technology) |
| |
Enforcing Authorization Policies using Transactional Memory
Introspection
Arnar Birgisson (Reykjavik
University), Mohan Dhawan (Rutgers University), Ulfar Erlingsson
(Reykjavik University), Vinod Ganapathy (Rutgers University), and Liviu
Iftode (Rutgers University)
Towards Practical Biometric Key Generation with Randomized
Biometric Templates
Lucas Ballard (Google), Seny
Kamara (Microsoft Research), Fabian Monrose (University of North
Carolina at Chapel Hill), and Michael K. Reiter (University of North
Carolina at Chapel Hill)
Towards Automatic Reverse Engineering of Software Security
Configuration
Rui Wang (Indiana University at
Bloomington), XiaoFeng Wang (Indiana University at Bloomington), Kehuan
Zhang (IUB and Hunan University), and Zhuowei Li (Center for Software
Excellence, Microsoft)
|
| |
Tutorial 2 |
| |
RFID Security and Privacy (abstract)
Kevin Fu (University of Massachusetts Amherst) |
| 11:00 -
12:30 |
Session 9: Privacy 2
Session Chair: Patrick McDaniel (Pennsylvania State University) |
| |
FairplayMP -- A System for Secure Multi-Party Computation
Assaf Ben-David (Hebrew
University), Noam Nisan (Hebrew University), and Benny Pinkas
(University of Haifa)
Information Leaks in Structured Peer-to-peer Anonymous
Communication Systems
Prateek Mittal (University of
Illinois at Urbana-Champaign) and Nikita Borisov (University of
Illinois at Urbana-Champaign)
Privacy Oracle: a System for Finding Application Leaks with
Black Box Differential Testing
Jaeyeon Jung (Intel Research),
Anmol Sheth (Intel Research), Ben Greenstein (Intel Research), David
Wetherall (Intel Research), Gabriel Maganis (University of Washington),
and Yoshi Kohno (University of Washington)
|
| |
Session 10: Access Control
Session Chair: Ting Yu (North Carolina State University) |
| |
A Framework for Reflective Database Access Control Policies
Lars E. Olson (University of
Illinois), Carl A. Gunter (University of Illinois), and Madhusudan
Parthasarathy (University of Illinois)
A Class of Probabilistic Models for Role Engineering
Mario Frank (ETH, Zurich),
David Basin (ETH, Zurich), and Joachim M. Buhmann (ETH, Zurich)
Assessing Query Privileges via Safe and Efficient Permission
Composition
Sabrina De Capitani di
Vimercati (DTI - Universita' degli Studi di Milano) Sara Foresti (DTI -
Universita' degli Studi di Milano) Sushil Jajodia (George Mason
University) Stefano Paraboschi (Universit-di Bergamo), and Pierangela
Samarati (Universita` degli Studi di Milano)
|
| 14:00 -
15:30 |
Session 11: Anonymity
Session Chair: Aaron Johnson (Yale University) |
| |
Dependent Link Padding Algorithms for Low Latency Anonymity
Systems
Wei Wang (National University
of Singapore), Mehul Motani (National University of Singapore), and
Vikram Srinivasan (Bell Labs Research, India)
PEREA: Towards Practical TTP-Free Revocation in Anonymous
Authentication
Patrick P. Tsang (Dartmouth
College), Man Ho Au (University of Wollongong), Apu Kapadia (Dartmouth
College), and Sean Smith (Dartmouth College)
Efficient Attributes for Anonymous Credentials
Jan Camenisch (IBM Research,
Zurich Research Laboratory) and Thomas Gross (IBM Research, Zurich
Research Laboratory)
|
| |
Session 12: Formal Methods 2
Session Chair: Cédric Fournet (Microsoft Research Cambridge) |
| |
Type-checking Zero-knowledge
Michael Backes (Saarland
University and MPI-SWS), Catalin Hritcu (Saarland University), and
Matteo Maffei (Saarland University)
Towards Automated Proofs of Asymmetric Encryption Schemes in
the Random Oracle Model
Pascal
Lafourcade (University of Grenoble, France), Yassine Lakhnech
(University of Grenoble, France), Cristian Ene (University of Grenoble,
France) , Judicaël Courant (University of Grenoble, France) , and
Marion Daubignard (University of Grenoble, France)
EON: Modeling and Analyzing Dynamic Access Control Systems
with Logic Programs
Avik Chaudhuri (UC, Santa Cruz), Prasad Naldurg (Microsoft Research
India), Sriram Rajamani (Microsoft Research India), Ganesan Ramalingam
(Microsoft Research India) Lakshmisubrahmanyam Velaga (Indian Institute
of Management Bangalore)
|
| |
Tutorial 3 |
| |
Understanding Android's Security Framework (abstract)
William Enck and Patrick McDaniel (Pennsylvania State
University) |
| 16:00 -
17:00 |
Session 13: System Security 2
Session Chair: Radu Sion (Stonybrook University) |
| |
Tupni: Automatic Reverse Engineering of Input Formats
Weidong Cui (Microsoft
Research), Marcus Peinado (Microsoft Corporation) Karl Chen (University
of California, Berkeley), Helen Wang (Microsoft Research), and Luis
Irun-Briz (Microsoft Corporation)
Rootkit-Resistant Disks
Kevin Butler (Pennsylvania
State University), Stephen McLaughlin (Pennsylvania State University),
and Patrick McDaniel (Pennsylvania State University)
|
| |
Session 14: Identity-Based Encryption
Session Chair: Steven Myers (Indiana University at Bloomington) |
| |
Identity-based Encryption with Efficient Revocation
Alexandra Boldyreva (Georgia
Institute of Technology), Vipul Goyal (UCLA), and Virendra Kumar
(Georgia Institute of Technology)
Black Box Accountable Authority Identity-Based Encryption
Vipul Goyal (UCLA), Steve Lu
(UCLA), Amit Sahai (UCLA), Brent Waters (SRI International)
|
| |
|
| Thursday,
October 30, 2008 |
| 9:00 -
10:30 |
Session 15: Applied Cryptography 1
Session Chair: Philippe Golle (Palo Alto Research Center) |
| |
Authenticated Hash Tables
Charalampos Papamanthou (Brown
University), Roberto Tamassia (Brown University), and Nikos
Triandopoulos (University of Aarhus)
Multisignatures Secure under the Discrete Logarithm Assumption
and a Generalized Forking Lemma
Stanislaw Jarecki (UC, Irvine),
Ali Bagherzandi (UC, Irvine), and Jung Hee Cheon (Seoul National
University)
Cryptographically Verified Implementations for TLS
Karthikeyan
Bhargavan (Microsoft Research Cambridge, UK), Ricardo Corin (MSR-INRIA
Joint Centre, France), Cédric Fournet (Microsoft Research, UK), and
Eugen Zalinescu (MSR-INRIA Joint Centre, France) |
| |
Session 16: Device Security
Session Chair: J. Alex Halderman (Princeton University) |
| |
Reconsidering Physical Key Secrecy: Teleduplication via
Optical Decoding
Benjamin Laxton (UCSD), Kai
Wang(UCSD), and Stefan Savage (UCSD)
RFIDS and Secret Handshakes: Defending Against Ghost-and-Leech
Attacks and Unauthorized Reads with Context-Aware Communications
Alexei Czeskis (University of
Washington), Karl Koscher (University of Washington), Joshua R. Smith
(Intel Research), and Tadayoshi Kohno (University of Washington)
Constructions of Truly Practical Secure Protocols using
Standard Smartcards
Carmit Hazay (Bar-Ilan
University) and Yehuda Lindell (Bar-Ilan University)
|
| 11:00 -
13:00 |
Session 17: Applied Cryptography 2
Session Chair: Catherine Meadows (U.S. Naval Research Laboratory) |
| |
Traitor Tracing with Constant Size Ciphertext
Dan Boneh (Stanford University)
and Moni Naor (Weizmann Institute)
Multi-Use Unidirectional Proxy Re-Signatures
Benoit Libert (UCL Crypto
Group) and Damien Vergnau (Ecole Normale Superieure, CNRS-INRIA)
Efficient Security Primitives Derived from a Secure
Aggregation Algorithm
Haowen Chan (Carnegie Mellon
University) and Adrian Perrig (Carnegie Mellon University)
|
| |
Session 18: Attacks 2
Session Chair: Sven Dietrich (Stevens Institute of Technology) |
| |
Machine Learning Attacks Against the ASIRRA CAPTCHA
Philippe Golle (Palo Alto
Research Center)
A Low-cost Attack on a Microsoft CAPTCHA
Jeff Yan (Newcastle University)
and Ahmad Salah El Ahmad (Newcastle University)
BootJacker: Compromising Computers using Forced Restarts
Ellick M. Chan (University of
Illinois at Urbana-Champaign), Jeffrey C. Carlyle (University of
Illinois at Urbana-Champaign), Francis M. David (University of Illinois
at Urbana-Champaign), Reza Farivar (University of Illinois at
Urbana-Champaign) , and Roy H. Campbell (University of Illinois at
Urbana-Champaign)
A Look In the Mirror: Attacks on Package Managers
Justin Cappos (University of
Arizona), Justin Samuel (University of Arizona), Scott Baker
(University of Arizona), and John Hartman (University of Arizona)
|
|
