Conference Program

Tuesday November 8, 2005

Welcoming Remarks by General Chair and Program Chair
Remarks on SIGSAC status by SIGSAC Chair

Keynote - Homeland Security: Cyber Security R&D Initiatives
                 Douglas Maughan, Department of Homeland Security
                 Chair: Catherine Meadows

Session I: Formal Analysis of Crypto Protocols
                  Chair: Andre Scedrov

A Modular Correctness Proof of IEEE 802.11i and TLS

Changhua He, Mukund Sundararajan, Anupam Datta, Ante Derek, and John C. Mitchell

Deciding security of protocols against off-line guessing attacks

Mathieu Baudet

Secrecy Types for a Simulatable Cryptographic Library

Peeter Laud

Session II: Trust Management
                 Chair: Marianne WInslett

Prevent Attribute Information Leakage in Automated Trust Negotiation

Keith Irwin and Ting Yu

Automated Trust Negotiation Using Cryptographic Credentials

Jiangtao Li, Ninghui Li, and William H. Winsborough

Secure Collaboration in Mediator-Free Environments

Mohamed Shehab, Elisa Bertino, and Arif Ghafoor

Session III: Privacy and Anonymity
                 Chair: Rebecca Wright

Applications of Secure Electronic Voting to Automated Privacy-Preserving Troubleshooting

Qiang Huang, David Jao, and Helen Wang

Tracking Anonymous Peer-to-Peer VoIP Calls on the Internet

Xinyuan Wang, Shiping Chen, and Sushil Jajodia

Untraceable RFID Tags via Insubvertible Encryption

Giuseppe Ateniese, Jan Camenisch, and Breno de Medeiros

Obfuscated Databases and Group Privacy

Arvind Narayanan and Vitaly Shmatikov

Wednesday November 9, 2005

Session IV: Authentication
                 Chair: Jonathan Katz

New Approaches for Deniable Authentication

Mario Di Raimondo and Rosario Gennaro

On authenticated computing and RSA-based authentication

Jean-Pierre Seifert

Aggregated Path Authentication for Efficient BGP Security

Meiyuan Zhao, Sean Smith, and David Nicol

Improving Brumley and Boneh Timing Attack on Unprotected SSL Implementations

Onur AciiÇmez, Werner Schindler, and Çetin Kaya KoÇ

Session V: Access Control
                 Chair: Paul Syverson

CPOL: High-Performance Policy Evaluation

Kevin Borders, Xin Zhao, and Atul Prakash

Understanding and developing role-based administrative models

Jason Crampton

PeerAccess: A Logic for Distributed Authorization

Marianne Winslett, Charles Zhang, and Piero Andrea Bonatti

Session VI: Key Management , Key Exchange, and Pseudo-Random Generation
                 Chair: Joan Feigenbaum

Modeling Insider Attacks on Group Key-Exchange Protocols

Jonathan Katz and Ji Sun Shin

Dynamic and Efficient Key Management for Access Hierarchies

Mikhail Atallah, Keith Frikken, and Marina Blanton

An architecture for robust pseudo-random generation and Applications to /dev/random

Boaz Barak and Shai Halevi

Session VII: Intrusion Detection and Prevention
                 Chair: Somesh Jha

Fast and Automated Generation of Attack Signatures: A Basis for Building Self-Protecting Servers

Zhenkai Liang and R. Sekar

Automatic Diagnosis and Response to Memory Corruption Vulnerabilities?

Jun Xu, Peng Ning, Chongkyung Kil, Yan Zhai, and Chris Bookholt

On Deriving Unknown Vulnerabilities from Zero-Day Polymorphic and Metamorphic Worm Exploits

Jedidiah R. Crandall, Zhendong Su, S. Felix Wu, and Frederic T. Chong

Countering DoS Attacks With Stateless Multipath Overlays

Angelos Stavrou and Angelos D. Keromytis

Thursday November 10, 2005

Session VIII: Security for Diffuse Computing
                 Chair: Joshua Guttman

A Framework for Concrete Reputation-Systems with Applications to History-Based Access Control

Karl Krukow, Mogens Nielsen, and Vladimiro Sassone

Anomaly Detection as a Reputation System for Online Auctioning

Shai Rubin, Mihai Christodorescu, Vinod Ganapathy, Jonathon Giffin, Nicholas Kidd, Louis Kruger, and Hao Wang

On the Cost-Ineffectiveness of Redundancy in Commercial P2P Computing

Matthew Yurkewych, Brian N. Levine, and Arnold L. Rosenberg

Securing Publish-Subscribe Overlay Services with EventGuard

Mudhakar Srivatsa and Ling Liu

Session IX: Cryptography
                 Chair: Rei Safavi-Naini

Password Authenticated Key Exchange Using Hidden Smooth Subgroups

Craig Gentry, Philip MacKenzie, and Zulfikar Ramzan

Proxy Re-Signatures: New Definitions, Algorithms, and Applications

Giuseppe Ateniese and Susan Hohenberger

Direct Chosen Ciphertext Security from Identity-Based Techniques

Xavier Boyen, Qixiang Mei, and Brent Waters

Session X: Automated Analysis
                 Chair: Ninghui Li

Automatic Placement of Authorization Hooks in the Linux Security Modules Framework

Vinod Ganapathy, Trent Jaeger, and Somesh Jha

Control-Flow Integrity: Principles, Implementations, and Applications

Martin Abadi, Mihai Budiu, Ulfar Erlingsson, and Jay Ligatti

Preventing Format-String Attacks via Automatic and Efficient Dynamic Checking

Michael F. Ringenburg and Dan Grossman

Session XI: Attacking passwords and bringing down the network
                 Chair: Catherine Meadows

Fast Dictionary Attacks on Human-Memorable Passwords Using Time-Space Tradeoff

Arvind Narayanan and Vitaly Shmatikov

Keyboard Acoustic Emanations Revisited

Li Zhuang, Feng Zhou, and J. D. Tygar

Misbehaving TCP Receivers Can Cause Internet-Wide Congestion Collapse

Rob Sherwood, Bobby Bhattacharjee, and Ryan Braud

Exploiting Open Functionality in SMS-Capable Cellular Networks

Patrick Traynor, William Enck, Tom La Porta, and Patrick McDaniel