Accepted Papers
| 1. | Mitigating DNS DoS Attacks Hitesh Ballani (Cornell University, USA) and Paul Francis (Cornell University, USA) |
| 2. | Constructions of Truly Practical Secure Protocols using Standard Smartcards Carmit Hazay (Bar-Ilan University, Israel) and Yehuda Lindell (Bar-Ilan University, Israel) |
| 3. | Traitor Tracing with Constant Size Ciphertext Dan Boneh (Stanford University, USA) and Moni Naor (Weizmann Institute, Israel) |
| 4. | Machine Learning Attacks Against the ASIRRA CAPTCHA Philippe Golle (Palo Alto Research Center, USA) |
| 5. | Efficient and Extensible Security Enforcement Using Dynamic Data Flow Analysis Walter Chang (The University of Texas at Austin, USA), Brandon Streiff (The University of Texas at Austin, USA) and Calvin Li (The University of Texas at Austin, USA) |
| 6. | Revocation Games in Ephemeral Networks Maxim Raya (EPFL, Switzerland), Mohammad Hossein Manshaei ((EPFL, Switzerland), Mark Felegyhazi ( University of California, Berkeley, USA), Jean-Pierre Hubaux ((EPFL, Switzerland) |
| 7. | Trust Management for Secure Information Flows Shane Balfe (Royal Holloway, University of London, UK), Mudhakar Srivatsa (IBM T.J. Watson Research Center, USA), Kenneth Paterson (Royal Holloway, University of London, UK), and Pankaj Rohatgi (IBM T.J. Watson Research Center, USA) |
| 8. | Robust Defenses for Cross-Site Request Forgery Adam Barth (Stanford University, USA), Collin Jackson (Stanford University, USA) and John C. Mitchell (Stanford University, USA) |
| 9. | Multi-Use Unidirectional Proxy Re-Signatures Benoit Libert (UCL Crypto Group, Belgium) and Damien Vergnau (Ecole Normale Superieure, CNRS-INRIA, France) |
| 10. | Dependent Link Padding Algorithms for Low Latency Anonymity Systems Wei Wang (National University of Singapore, Singapore), Mehul Motani (National University of Singapore, Singapore), and Vikram Srinivasan (Bell Labs Research, India) |
| 11. | Computational soundness of observational equivalence Hubert Comon-Lundh (ENS Cachan, France and AIST, Japan) and Veronique Cortier (CNRS, Loria, France) |
| 12. | Efficient Security Primitives Derived from a Secure Aggregation Algorithm Haowen Chan (Carnegie Mellon University, USA) and Adrian Perrig (Carnegie Mellon University, USA) |
| 13. | A Low-cost Attack on a Microsoft CAPTCHA Jeff Yan (Newcastle University, UK) and Ahmad Salah El Ahmad (Newcastle University, UK) |
| 14. | Location Privacy of Distance Bounding Protocols Kasper Bonne Rasmussen (ETH Zurich, Switzerland) and Srdjan Capkun (ETH Zurich, Switzerland) |
| 15. | Enforcing Authorization Policies using Transactional Memory Introspection Arnar Birgisson (Reykjavik University, Iceland), Mohan Dhawan (Rutgers University, USA), Ulfar Erlingsson (Reykjavik University, Iceland), Vinod Ganapathy (Rutgers University, USA), and Liviu Iftode (Rutgers University, USA) |
| 16. | EON: Modeling and Analyzing Dynamic Access Control Systems with Logic Programs Avik Chaudhuri (UC, Santa Cruz, USA), Prasad Naldurg (Microsoft Research, India), Sriram Rajamani (Microsoft Research, India), Ganesan Ramalingam (Microsoft Research, India), and Lakshmisubrahmanyam Velaga (Indian Institute of Management Bangalore, India) |
| 17. | Unbounded Verification, Falsification, and Characterization of Security Protocols by Pattern Refinement C.J.F. Cremers (ETH Zurich, Switzerland) |
| 18. | Efficient Attributes for Anonymous Credentials Jan Camenisch (IBM Research, Zurich Research Laboratory, Switzerland) and Thomas Gross (IBM Research, Switzerland) |
| 19. | FairplayMP -- A System for Secure Multi-Party Computation Assaf Ben-David (Hebrew University, Israel), Noam Nisan (Hebrew University, Israel), and Benny Pinkas (University of Haifa, Israel) |
| 20. | A Class of Probabilistic Models for Role Engineering Mario Frank (ETH, Zurich, Switzerland), David Basin (ETH, Zurich, Switzerland), and Joachim M. Buhmann (ETH, Zurich, Switzerland) |
| 21. | Information Leaks in Structured Peer-to-peer Anonymous Communication Systems Prateek Mittal (University of Illinois at Urbana-Champaign, USA), and Nikita Borisov (University of Illinois at Urbana-Champaign, USA) |
| 22. | Privacy Oracle: a System for Finding Application Leaks with Black Box Differential Testing Jaeyeon Jung (Intel Research, USA), Anmol Sheth (Intel Research, USA), Ben Greenstein (Intel Research, USA), David Wetherall (Intel Research, USA), Gabriel Maganis (University of Washington,USA), and Yoshi Kohno (University of Washington, USA) |
| 23. | Towards Practical Biometric Key Generation with Randomized Biometric Templates Lucas Ballard (Google, USA), Seny Kamara (Microsoft Research, USA), Fabian Monrose (University of North Carolina at Chapel Hill, USA), and Michael K. Reiter (University of North Carolina at Chapel Hill, USA) |
| 24. | When Good Instructions Go Bad: Generalizing Return-Oriented Programming to RISC Erik Buchanan (UCSD, USA), Ryan Roemer (UCSD, USA), Hovav Shacham (UCSD, USA), and Stefan Savage (UCSD, USA) |
| 25. | Reducing Protocol Analysis with XOR to the XOR-free Case in the Horn Theory Based Approach Ralf Kuesters (University of Trier, Germany) and Tomasz Truderung (University of Trier, Germany) |
| 26. | Towards Automatic Reverse Engineering of Software Security Configuration Rui Wang (Indiana University at Bloomington, USA), XiaoFeng Wang (Indiana University at Bloomington, USA), Kehuan Zhang (IUB, USA and Hunan University, China), and Zhuowei Li (Center for Software Excellence, Microsoft, USA) |
| 27. | Building Castles out of Mud: Practical Access Pattern Privacy and Correctness on Untrusted Storage Peter Williams (Stony Brook University, USA), Radu Sion (Stony Brook University, USA), and Bogdan Carbunar (Motorola Labs, USA) |
| 28. | Tupni: Automatic Reverse Engineering of Input Formats Weidong Cui (Microsoft Research, USA), Marcus Peinado (Microsoft Corporation, USA), Karl Chen (University of California, Berkeley, USA), Helen Wang (Microsoft Research, USA), and Luis Irun-Briz (Microsoft Corporation, USA) |
| 29. | Identity-based Encryption with Efficient Revocation Alexandra Boldyreva (Georgia Institute of Technology, USA), Vipul Goyal (UCLA, USA), and Virendra Kumar (Georgia Institute of Technology, USA) |
| 30. | BootJacker: Compromising Computers using Forced Restarts Ellick M. Chan (University of Illinois at Urbana-Champaign, USA), Jeffrey C. Carlyle (University of Illinois at Urbana-Champaign, USA), Francis M. David (University of Illinois at Urbana-Champaign, USA), Reza Farivar (University of Illinois at Urbana-Champaign, USA), and Roy H. Campbell (University of Illinois at Urbana-Champaign, USA) |
| 31. | Increased DNS Forgery Resistance Through 0x20-Bit Encoding David Dagon (Georgia Institute of Technology, USA), Manos Antonakakis (Georgia Institute of Technology, USA), Paul Vixie (Internet Systems Consortium, USA), Jinmei Tatuya (Internet Systems Consortium, Japan), and Wenke Lee (Georgia Institute of Technology, USA) |
| 32. | SOMA: Mutual Approval for Included Content in Web Pages Terri Oda (Carleton University, Canada) , Glenn Wurster (Carleton University, Canada), Paul Van Oorschot (Carleton University, Canada), and Anil Somayaji (Carleton University, Canada) |
| 33. | Ether: Malware Analysis via Hardware Virtualization Extensions Artem Dinaburg (Georgia Institute of Technology and Damballa, USA), Paul Royal (Damballa and Georgia Institute of Technology, USA), Monirul Sharif (Georgia Institute of Technology and Damballa, USA), and Wenke Lee (Damballa and Georgia Institute of Technology, USA) |
| 34. | Rootkit-Resistant Disks Kevin Butler (Pennsylvania State University, USA), Stephen McLaughlin (Pennsylvania State University, USA), and Patrick McDaniel (Pennsylvania State University, USA) |
| 35. | A Framework for Reflective Database Access Control Policies Lars E. Olson (University of Illinois at Urbana-Champaign, USA), Carl A. Gunter (University of Illinois at Urbana-Champaign, USA), and Madhusudan Parthasarathy (University of Illinois at Urbana-Champaign, USA) |
| 36. | Type-checking Zero-knowledge Michael Backes (Saarland University and MPI-SWS, Germany), Catalin Hritcu (Saarland University, Germany), and Matteo Maffei (Saarland University, Germany) |
| 37. | PEREA: Towards Practical TTP-Free Revocation in Anonymous Authentication Patrick P. Tsang (Dartmouth College, USA), Man Ho Au (University of Wollongong, Australia), Apu Kapadia (Dartmouth College, USA), and Sean Smith (Dartmouth College, USA) |
| 38. | Extending Logical Attack Graphs for Efficient Vulnerability Analysis Diptikalyan Saha (Motorola India Research Lab, India) |
| 39. | A Look In the Mirror: Attacks on Package Managers Justin Cappos (University of Arizona, USA), Justin Samuel (University of Arizona, USA), Scott Baker (University of Arizona, USA), and John Hartman (University of Arizona, USA) |
| 40. | Verifiable functional purity in Java Matthew Finifter (UC, Berkeley, USA), Adrian Mettler (UC, Berkeley, USA), Naveen Sastry (UC, Berkeley, USA), and David Wagner (UC, Berkeley, USA) |
| 41. | Towards Automated Proofs of Asymmetric Encryption Schemes in the Random Oracle Model Pascal Lafourcade (University of Grenoble, France), Yassine Lakhnech (University of Grenoble, France), Cristian Ene (University of Grenoble, France) , Judicaël Courant (University of Grenoble, France) , and Marion Daubignard (University of Grenoble, France) |
| 42. | Reconsidering Physical Key Secrecy: Teleduplication via Optical Decoding Benjamin Laxton (UCSD, USA), Kai Wang(UCSD, USA), and Stefan Savage (UCSD, USA) |
| 43. | Authenticated Hash Tables Charalampos Papamanthou (Brown University, USA), Roberto Tamassia (Brown University, USA), and Nikos Triandopoulos (University of Aarhus, Denmark) |
| 44. | Black Box Accountable Authority Identity-Based Encryption Vipul Goyal (UCLA, USA), Steve Lu (UCLA, USA), Amit Sahai (UCLA, USA), Brent Waters (SRI International, USA) |
| 45. | Multisignatures Secure under the Discrete Logarithm Assumption and a Generalized Forking Lemma Stanislaw Jarecki (UC, Irvine, USA), Ali Bagherzandi (UC, Irvine, USA), and Jung Hee Cheon (Seoul National University, South Korea) |
| 46. | OMash: Enabling Secure Web Mashups via Object Abstractions Steven Crites (UC Davis, USA), Francis Hsu (UC Davis, USA), and Hao Chen (UC Davis, USA) |
| 47. | Spamalytics: An Empirical Analysis of Spam Marketing Conversion Chris Kanich (UC San Diego, USA), Christian Kreibich (ICSI, USA), Kirill Levchenko (UC San Diego, USA), Brandon Enright (UC San Diego, USA), Geoff Voelker (UC San Diego, USA), Vern Paxson (ICSI, USA), and Stefan Savage (UC San Diego, USA) |
| 48. | Code Injection Attacks on Harvard-Architecture Devices Aurelien Francillon (INRIA, France) and Claude Castelluccia (INRIA, France) |
| 49. | Assessing Query Privileges via Safe and Efficient Permission Composition Sabrina De Capitani di Vimercati (DTI - Universita' degli Studi di Milano, Italy), Sara Foresti (DTI - Universita' degli Studi di Milano, Italy), Sushil Jajodia (George Mason University, USA), Stefano Paraboschi (Universit-di Bergamo, Italy) and Pierangela Samarati (Universita' degli Studi di Milano, Italy) |
| 50. | Cryptographically Verified Implementations for TLS Karthikeyan Bhargavan (Microsoft Research Cambridge, UK), Ricardo Corin (MSR-INRIA Joint Centre, France), Cédric Fournet (Microsoft Research, UK), and Eugen Zalinescu (MSR-INRIA Joint Centre, France) |
| 51. | RFIDS and Secret Handshakes: Defending Against Ghost-and-Leech Attacks and
Unauthorized Reads with Context-Aware Communications Alexei Czeskis (University of Washington, USA), Karl Koscher (University of Washington, USA), Joshua R. Smith (Intel Research, USA), and Tadayoshi Kohno (University of Washington, USA) |