ACM CCS 2010

Conference Program

Program Overview

Hotel Maps: Map1 , Map2 , Silver Level, Blue Level, Green Level, Bronze Level.

Monday, October 4, 2010, Pre-Conference Full Day Workshops and Welcome Reception
7:30 - 8:30	Continental Breakfast -- Third level hallway
8:30 - 17:00	Workshop on Assurable and Usable Security Configuration -- MCCORMIC
	Workshop on Digital Rights Management -- WRIGHT
	Workshop on Privacy in the Electronic Society -- FIELD
	Workshop on Scalable Trusted Computing -- BURNHAM
18:00 - 19:30	Happy Hour -- TRUFFLES

Tuesday, October 5, 2010, Main Conference
7:30 - 8:30	Continental Breakfast
8:30 - 9:00	Welcoming remarks --
9:00 - 10:00	Keynote talk: Dr. Jon Millen -- Crystal A, B and C Session Chair: Vitaly Shmatikov
10:00 - 10:30	Break
10:30 - 12:00	Session 1A : Security Analysis Session Chair: XiaoFeng Wang (IU) -- Crystal A	Session 1B : System Security Session Chair: Angelos Stavro (GMU) -- Crystal C
12:00 - 13:30	Lunch -- Crystal B
13:30 - 15:30	Session 2A: Wireless and Phone Security Session Chair: Fabian Monrose -- Crystal A	Session 2B: Applied Cryptography I Session Chair: Nikita Borisov -- Crystal C
15:30 - 16:00	Break
16:00 - 17:30	Tutorial 1: Role Engineering (Crystal A) Ian Molloy (IBM T.J. Watson Research), Mario Frank (Swiss Federal Institute of Technology (ETH)	Tutorial 2: Security Risk Analysis of Computer Networks: Techniques and Challenge (Crystal C) Anoop Singhal (NIST) and Xinming Ou (Kansas State University)
18:00 - 20:30	Conference Reception & Poster Session -- Crystal B and Foyer
19:30 - 22:30	OC Meeting (TBD)

Wednesday, October 6, 2010, Main Conference
7:30 - 8:30	Continental Breakfast
8:30 - 10:00	Session 3A: Passwords and Captchas Session Chair: George Danezis -- Cyrstal A	Session 3B: SandBoxing Session Chair: Engin Kirda -- Crystal C
10:00 - 10:30	Break
10:30 - 12:00	Session 4A: Attacks on Secure Hardware Session Chair: J. Alex Halderman -- Crystal A	Session 4B: Information Flow Session Chair: Emery Berger -- Crystal C
12:00 - 13:30	Lunch -- Crystal B
13:30 - 15:30	Session 5A: Anonymity Networks Session Chair: Roger Dingledine -- Crystal A	Session 5B: Formal Methods Session Chair: Ralf Kuesters -- Crystal C
15:30 - 16:00	Break
16:00 - 18:00	Session 6A: Malware Session Chair: Thomas Reps -- Crystal A	Session 6B: Applied Cryptography II Session Chair: Jonathan Trostle -- Crystal C
18:30 - 21:30	Conference Banquet & Social Event

Thursday, October 7, 2010, Main Conference
7:30 - 8:30	Continental Breakfast
8:00 - 10:00	Session 7: Cryptographic Protocols Session Chair: Steve Myers -- Crystal A
8:30 - 10:00	Tutorial 3: Cloud Computing Security -- Dongwan Shin (New Mexico Tech), Bill Claycomb, Vincent Urias (Sandia National Lab) -- Crystal C
10:00 - 10:30	Break
10:30 - 12:30	Session 8: Memory Safety and Binary Code Session Chair: Ulfar Erlingsson -- Crystal A
10:30 - 12:00	Tutorial 3 (Continuation): Cloud Computing Security -- Dongwan Shin (New Mexico Tech), Bill Claycomb, Vincent Urias (Sandia National Lab) -- Crystal C
12:00 - 13:30	Lunch -- Crystal B
13:30 - 15:30	Session 9: Web Security Session Chair: Mihai Christodorescu (IBM) -- Crystal A
13:30 - 15:00	Tutorial 4: Formal Methods For Safe Configuration of Cyberinfrastructure -- Sanjai Narain (Telcordia Technologies) and Ehab Al Shaer (UNC Charlotte) -- Crystal C
15:00 - 15:30	Break
15:30 - 17:30	Tutorial 4 (Continuation): Formal Methods For Safe Configuration of Cyberinfrastructure -- Sanjai Narain (Telcordia Technologies) and Ehab Al Shaer (UNC Charlotte) -- Crystal C

Friday, October 8, 2010, Post-Conference Full Day Workshops
7:30 - 8:30	Continental Breakfast -- COMISKEY
8:30 - 17:00	Workshop Cloud Computing Security -- Acapulco

	Workshop on Digital Identity Management -- Soldier Field
	Workshop on Insider Threats -- Buckingham
	Workshop on Artificial Intelligence and Security -- Columbian
	Workshop on Security and Privacy in Medical and Home-Care Systems -- Gold Coast
13:30 - 16:30	Tutorial 5: "Web Application Security", Robert Zakon (Zakon Group LLC) -- PICASSO

Detailed Program :

Tuesday, October 5, 2010

08:00 - 08:30	Registration
08:30 - 09:00	Welcoming Remarks
09:00 - 10:00	Keynote Talk: Jon Millen Session chair: Vitaly Shmatikov
10:00 - 10:30	Coffee-break
10:30 - 12:00	Session 1A: Security Analysis Session chair: XiaoFeng Wang (IU)
	Security Analysis of India's Electronic Voting Machines Scott Wolchok, Erik Wustrow, J. Alex Halderman (University of Michiga), Hari Prasad (NetIndia (P) Ltd.), Rop Gonggrijp Dissecting One Click Frauds Nicolas Christin , Sally S. Yanagihara, Keisuke Kamataki @spam: The Underground on 140 Characters or Less Chris Grier , Kurt Thomas , Vern Paxson , Michael Zhang
	Session 1B: System Security Session chair: Angelos Stavrou
	HyperSentry: Enabling Stealthy In-context Measurement of Hypervisor Integrity Ahmed M. Azab, Peng Ning, Zhi Wang, Xuxian Jiang , Xiaolan Zhang , Nathan C. Skalsky Trail of Bytes: Efficient Support for Forensic Analysis Srinivas Krishnan, Kevin Z. Snow, Fabian Monrose Survivable Key Compromise in Software Update Systems Justin Samuel , Nick Mathewson, Justin Cappos , Roger Dingledine
12:00 - 13:30	Lunch
13:30 - 15:30	Session 2A: Wireless and Phone Security Session chair: Fabian Monrose
	A Methodology for Empirical Analysis of the Permission-Based Security Models and its Application to Android David Barrera, H. Gunes Kayacik, Paul C. van Oorschot, Anil Somayaji Mobile Location Tracking in Metropolitan Areas: malnets and others Nathanial Husted, Steve Myers On Pairing Constrained Wireless Devices Based on Secrecy of Auxiliary Channels: The Case of Acoustic Eavesdropping Tzipora Halevi, Nitesh Saxena PinDr0p: Using Single-Ended Audio Features to Determine Call Provenance Vijay A. Balasubramaniyan, Aamir Poonawalla, Mustaque Ahamad, Michael T. Hunter, Patrick Traynor
	Session 2B: Applied Cryptography I Session chair: Nikita Borisov
	Building Efficient Fully Collusion-Resilient Traitor Tracing and Revocation Schemes Sanjam Garg, Abishek Kumarasubramanian, Amit Sahai , Brent Waters Algebraic Pseudorandom Functions with Improved Efficiency from the Augmented Cascade Dan Boneh, Hart Montgomery, Ananth Raghunathan Practical Leakage-Resilient Pseudorandom Generators Yu Yu, Francois-Xavier Standaert, Olivier Pereira , Moti Yung Practical Leakage-Resilient Identity-Based Encryption from Simple Assumptions Sherman S.M. Chow, Yevgeniy Dodis, Yannis Rouselakis, Brent Waters

15:30 - 16:00	Coffee-break
16:00 - 17:30	Tutorials:

	Tutorial 1: Role Engineering
	Tutorial 2: Security Risk Analysis of Computer Networks: Techniques and Challenge

Wednesday, October 6, 2010

08:00 - 08:30	Registration
8:30 - 10:00	Session 3A: Passwords and Captchas Session chair: George Danezis
	ting Metrics for Password Creation Policies by Attacking Large Sets of Revealed Passwords Matt Weir, Sudhir Aggarwal , Michael Collins , Henry Stern The Security of Modern Password Expiration: An Algorithmic Framework and Empirical Analysis Yinqian Zhang, Fabian Monrose, Michael K. Reiter Attacks and Design of Image Recognition CAPTCHAs Bin Zhu , Jeff Yan , Chao Yang, Qiujie Li , Jiu Liu , Ning Xu , Meng Yi
	Session 3B: SandBoxing Session chair: Engin Kirda
	Robusta: Taming the Native Beast of the JVM Joseph Siefers, Gang Tan, Greg Morrisett Retaining Sandbox Containment Despite Bugs in Privileged Memory-Safe Code Justin Cappos, Armon Dadgar, Jeff Rasley, Justin Samuel, Ivan Beschastnikh, Cosmin Barsan, Arvind Krishnamurthy, Thomas Anderson A Control Point for Reducing Root Abuse of File-System Privileges Glenn Wurster, Paul C. van Oorschot
10:00 - 10:30	Coffee-break
10:30 - 12:00	Session 4A: Attacks on Secure Hardware Session chair: J. Alex Halderman
	Modeling Attacks on Physical Unclonable Functions Ulrich Ruehrmair, Frank Sehnke, Jan Soelter , Gideon Dror , Srinivas Devadas , Juergen Schmidhuber Dismantling SecureMemory, CryptoMemory and CryptoRF Flavio D. Garcia, Peter van Rossum, Roel Verdult, Ronny Wichers Schreur Attacking and Fixing PKCS#11 Security Tokens Matteo Bortolozzo, Matteo Centenaro, Riccardo Focardi , Graham Steel
	Session 4B: Information Flow Session chair: Emery Berger
	An Empirical Study of Privacy-Violating Information Flows in JavaScript Web Applications Dongseok Jang, Ranjit Jhala, Sorin Lerner, Hovav Shacham DIFC Programs by Automatic Instrumentation William Harris, Somesh Jha, Thomas Reps Predictive Black-box Mitigation of Timing Channels Aslan Askarov, Danfeng Zhang, Andrew Myers
12:00 - 13:30	Lunch
13:30 - 15:30	Session 5A: Anonymity Networks Session chair: Roger Dingledine
	In Search of an Anonymous and Secure Lookup: Attacks on Structured Peer-to-peer Anonymous Communication Systems Qiyan Wang, Prateek Mittal, Nikita Borisov Recruiting New Tor Relays with BRAIDS Rob Jansen, Nicholas Hopper, Yongdae Kim An Improved Algorithm for Tor Circuit Scheduling Can Tang, Ian Goldberg Dissent: Accountable Anonymous Group Messaging Henry Corrigan-Gibbs, Bryan Ford
	Session 5B: Formal Methods Session chair: Ralf Kuesters
	Abstraction by Set-Membership --- Verifying Security Protocols and Web Services with Databases Sebastian Moedersheim Developing Security Protocols by Refinement Christoph Sprenger, David Basin Computational Indistinguishability Logic Gilles Barthe , Marion Daubignard , Bruce Kapron , Yassine Lakhnech Computationally Sound Verification of Source Code Michael Backes , Matteo Maffei, Dominique Unruh
15:30 - 16:00	Coffee-break
16:00 - 18:00	Session 6A: Malware Session chair: Thomas Reps
	BLADE: An Attack-Agnostic Approach for Preventing Drive-By Malware Infections Long Lu , Vinod Yegneswaran, Phillip Porras , Wenke Lee AccessMiner: Using System-Centric Models for Malware Protection Andrea Lanzi, Davide Balzarotti , Christopher Kruegel, Mihai Christodorescu , Engin Kirda Input Generation via Decomposition and Re-Stitching: Finding Bugs in Malware Juan Caballero, Pongsin Poosankam , Stephen McCamant, Domagoj Babic, Dawn Song Inference and Analysis of Formal Models of Botnet Command and Control Protocols Chia Yuan Cho, Domagoj Babic, Eui Chul Richard Shin, Dawn Song
	Session 6B: Applied Cryptography II Session chair: Jonathan Trostle
	TASTY: Tool for Automating Secure Two-partY computations Wilko Henecka, Stefan Koegl, Ahmad-Reza Sadeghi, Thomas Schneider, Immo Wehrenberg Worry-Free Encryption: Functional Encryption with Public Keys Hakan Seyalioglu, Amit Sahai Synchronized Aggregate Signatures Jae Hyun Ahn, Matthew Green, Susan Hohenberger Secure Text Processing with Applications to Private DNA Matching Lior Malka, Jonathan Katz
18:30 - 21:30	Gala Dinner

Thursday, October 7, 2010

08:00 - 08:30	Registration
08:00 - 10:00	Session 7: Cryptographic Protocols Session chair: Steve Myers
	On the (In)Security of IPsec in MAC-then-Encrypt Configurations Jean Paul Degabriele, Kenneth G. Paterson On the Soundness of Authenticate-then-Encrypt: Formalizing the Malleability of Symmetric Encryption Ueli Maurer, Bjoern Tackmann A New Framework for Efficient Password-Based Authenticated Key Exchange Adam Groce, Jonathan Katz Accountability: Definition and Relationship to Verifiability Ralf Kuesters, Tomasz Truderung, Andreas Vogt
08:30 - 10:00	Tutorial 3: Cloud Computing Security -- Dongwan Shin (New Mexico Tech), Bill Claycomb, Vincent Urias (Sandia National Lab)
10:00 - 10:30	Coffee-break
10:30 - 12:00	Session 8: Memory Safety and Binary Code Session chair: Ulfar Erlingsson
	Mimimorphism: A New Approach to Binary Code Obfuscation Zhenyu Wu, Steven Gianvecchio, Mengjun Xie, Haining Wang Platform-Independent Program Sang Kil Cha, Brian Pak, David Brumley Richard J. Lipton Return-Oriented Programming Without Returns Stephen Checkoway , Lucas Davi, Alexandra Dmitrienko, Ahmad-Reza Sadeghi , Hovav Shacham , Marcel Winandy DieHarder: Securing the Heap Gene Novark, Emery D. Berger
10:30 - 12:00	Tutorial 3: Cloud Computing Security -- Dongwan Shin (New Mexico Tech), Bill Claycomb, Vincent Urias (Sandia National Lab)
12:00 - 13:30	Lunch
13:30 - 15:30	Session 9: Web Security Session chair: Mihai Christodorescu (IBM)
	Symbolic Security Analysis of Ruby-on-Rails Web Applications Avik Chaudhuri, Jeffrey S. Foster Sidebuster: Automated Detection and Quantification of Side-Channel Leaks in Web Application Development Kehuan Zhang, Zhou Li, Rui Wang, XiaoFeng Wang, Shuo Chen NoTamper: Automated Blackbox Detection of Parameter Tampering Opportunities in Web Applications Prithvi Bisht , Timothy Hinrichs, Nazari Skrupsky, Radoslaw Bobrowicz, V.N. Venkatakrishnan Protecting Browsers from Cross-Origin CSS Attacks Lin-Shung Huang , Zack Weinberg , Chris Evans, Collin Jackson
13:30 - 17:30	Tutorial 4: Formal Methods For Safe Configuration of Cyberinfrastructure