CCS 2005

Advance Program (Research Track)


Conference Program

Tuesday November 8, 2005


Welcoming Remarks by General Chair and Program Chair
Remarks on SIGSAC status by SIGSAC Chair


Keynote - Homeland Security: Cyber Security R&D Initiatives
                 Douglas Maughan, Department of Homeland Security
                 Chair: Catherine Meadows


Session I: Formal Analysis of Crypto Protocols
                  Chair: Andre Scedrov

A Modular Correctness Proof of IEEE 802.11i and TLS

Changhua He, Mukund Sundararajan, Anupam Datta, Ante Derek, and John C. Mitchell


Deciding security of protocols against off-line guessing attacks

Mathieu Baudet


Secrecy Types for a Simulatable Cryptographic Library

Peeter Laud




Session II: Trust Management
                 Chair: Marianne WInslett

Prevent Attribute Information Leakage in Automated Trust Negotiation

Keith Irwin and Ting Yu


Automated Trust Negotiation Using Cryptographic Credentials

Jiangtao Li, Ninghui Li, and William H. Winsborough


Secure Collaboration in Mediator-Free Environments

Mohamed Shehab, Elisa Bertino, and Arif Ghafoor



Session III: Privacy and Anonymity
                 Chair: Rebecca Wright

Applications of Secure Electronic Voting to Automated Privacy-Preserving Troubleshooting

Qiang Huang, David Jao, and Helen Wang


Tracking Anonymous Peer-to-Peer VoIP Calls on the Internet

Xinyuan Wang, Shiping Chen, and Sushil Jajodia


Untraceable RFID Tags via Insubvertible Encryption

Giuseppe Ateniese, Jan Camenisch, and Breno de Medeiros


Obfuscated Databases and Group Privacy

Arvind Narayanan and Vitaly Shmatikov



Wednesday November 9, 2005


Session IV: Authentication
                 Chair: Jonathan Katz

New Approaches for Deniable Authentication

Mario Di Raimondo and Rosario Gennaro


On authenticated computing and RSA-based authentication

Jean-Pierre Seifert


Aggregated Path Authentication for Efficient BGP Security

Meiyuan Zhao, Sean Smith, and David Nicol


Improving Brumley and Boneh Timing Attack on Unprotected SSL Implementations

Onur AciiÇmez, Werner Schindler, and Çetin Kaya KoÇ



Session V: Access Control
                 Chair: Paul Syverson

CPOL: High-Performance Policy Evaluation

Kevin Borders, Xin Zhao, and Atul Prakash


Understanding and developing role-based administrative models

Jason Crampton


PeerAccess: A Logic for Distributed Authorization

Marianne Winslett, Charles Zhang, and Piero Andrea Bonatti



Session VI: Key Management , Key Exchange, and Pseudo-Random Generation
                 Chair: Joan Feigenbaum

Modeling Insider Attacks on Group Key-Exchange Protocols

Jonathan Katz and Ji Sun Shin


Dynamic and Efficient Key Management for Access Hierarchies

Mikhail Atallah, Keith Frikken, and Marina Blanton


An architecture for robust pseudo-random generation and Applications to /dev/random

Boaz Barak and Shai Halevi



Session VII: Intrusion Detection and Prevention
                 Chair: Somesh Jha

Fast and Automated Generation of Attack Signatures: A Basis for Building Self-Protecting Servers

Zhenkai Liang and R. Sekar


Automatic Diagnosis and Response to Memory Corruption Vulnerabilities?

Jun Xu, Peng Ning, Chongkyung Kil, Yan Zhai, and Chris Bookholt


On Deriving Unknown Vulnerabilities from Zero-Day Polymorphic and Metamorphic Worm Exploits

Jedidiah R. Crandall, Zhendong Su, S. Felix Wu, and Frederic T. Chong


Countering DoS Attacks With Stateless Multipath Overlays

Angelos Stavrou and Angelos D. Keromytis



Thursday November 10, 2005


Session VIII: Security for Diffuse Computing
                 Chair: Joshua Guttman

A Framework for Concrete Reputation-Systems with Applications to History-Based Access Control

Karl Krukow, Mogens Nielsen, and Vladimiro Sassone


Anomaly Detection as a Reputation System for Online Auctioning

Shai Rubin, Mihai Christodorescu, Vinod Ganapathy, Jonathon Giffin, Nicholas Kidd, Louis Kruger, and Hao Wang


On the Cost-Ineffectiveness of Redundancy in Commercial P2P Computing

Matthew Yurkewych, Brian N. Levine, and Arnold L. Rosenberg


Securing Publish-Subscribe Overlay Services with EventGuard

Mudhakar Srivatsa and Ling Liu



Session IX: Cryptography
                 Chair: Rei Safavi-Naini

Password Authenticated Key Exchange Using Hidden Smooth Subgroups

Craig Gentry, Philip MacKenzie, and Zulfikar Ramzan


Proxy Re-Signatures: New Definitions, Algorithms, and Applications

Giuseppe Ateniese and Susan Hohenberger


Direct Chosen Ciphertext Security from Identity-Based Techniques

Xavier Boyen, Qixiang Mei, and Brent Waters



Session X: Automated Analysis
                 Chair: Ninghui Li

Automatic Placement of Authorization Hooks in the Linux Security Modules Framework

Vinod Ganapathy, Trent Jaeger, and Somesh Jha


Control-Flow Integrity: Principles, Implementations, and Applications

Martin Abadi, Mihai Budiu, Ulfar Erlingsson, and Jay Ligatti


Preventing Format-String Attacks via Automatic and Efficient Dynamic Checking

Michael F. Ringenburg and Dan Grossman



Session XI: Attacking passwords and bringing down the network
                 Chair: Catherine Meadows

Fast Dictionary Attacks on Human-Memorable Passwords Using Time-Space Tradeoff

Arvind Narayanan and Vitaly Shmatikov


Keyboard Acoustic Emanations Revisited

Li Zhuang, Feng Zhou, and J. D. Tygar


Misbehaving TCP Receivers Can Cause Internet-Wide Congestion Collapse

Rob Sherwood, Bobby Bhattacharjee, and Ryan Braud


Exploiting Open Functionality in SMS-Capable Cellular Networks

Patrick Traynor, William Enck, Tom La Porta, and Patrick McDaniel