Conference Program

Program Overview

Monday, October 17, 2011, Pre-Conference Full Day Workshops, Tutorials, and Welcome Reception
7:00 - 8:30
Breakfast -- Grand Foyer
8:30 - 17:00
Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM) -- Grand II
Workshop on Scalable Trusted Computing (STC) -- Grand III
Workshop on Privacy in the Electronic Society (WPES) -- Grand I
9:00 - 12:00 Tutorial 1: Analysing risk in practice: The CORAS approach to model-driven risk analysis    -- Alpine I
12:00 - 13:00
Lunch -- Geneva/Currents
14:00 - 17:00 Tutorial 2: Developing Standardized Processes for Incident Response: Challenges and Opportunities -- Alpine I
18:00 - 21:00 Welcome Reception -- Edelweiss
 
Tuesday, October 18, 2011, Main Conference
7:30 - 8:30
Continental Breakfast -- Grand Foyer/Currents
8:30 - 10:00 Welcoming remarks and Keynote talk by Prof. Farnam Jahanian -- Grand I-II-III
10:00 - 10:30
Coffee-Break -- Grand Foyer
10:30 - 12:00 Session 1A : System security
Session chair: Srjdan Capkun
-- Grand I-II-III

Session 1B : Composability of cryptographic protocols
Session chair: Cédric Fournet
-- Alpine I-II

12:00 - 13:30
Lunch -- Geneva/Currents/Edelweiss
13:30 - 15:30 Session 2A: Hardware, SCADA,
and physical security
Session chair: Ahmad-Reza Sadeghi
-- Grand I-II-III
Session 2B: Authentication, access control, and audit
Session chair: Jaeyeon Jung
-- Alpine I-II

15:30 - 16:00
Coffee-Break -- Grand Foyer
16:00 - 17:30 Session 3A: Wild Woolly Web
Session chair: Apu Kapadia
-- Grand I-II-III
 
Session 3B: Cloud computing
Session chair: Thomas Ristenpart
-- Alpine I-II
19:00 - 22:00 Tour of Chicago Shedd Aquarium and Buffet Dinner
  
Wednesday, October 19, 2011, Main Conference
7:30 - 8:30
Continental Breakfast -- Grand Foyer/Currents
8:30 - 10:30 Session 4A: Malware and intrusion
detection
Session chair: Ben Livshits
-- Grand I-II-III
Session 4B: Formal methods and verification
Session chair: Anupam Datta
-- Alpine I-II

10:30 - 11:00
Coffee-Break -- Grand Foyer
11:00 - 12:00 Keynote talk by Dr. Jan Camenisch -- Grand I-II-III
12:00 - 13:30
Lunch -- Geneva/Currents/Edelweiss
13:30 - 15:30 Session 5A: Virtual machines and hypervisors  
Session chair: Úlfar Erlingsson
-- Grand I-II-III
Session 5B: Applied cryptography
Session chair: Ralf Kuesters

-- Alpine I-II
15:30 - 16:00
Coffee-Break -- Grand Foyer
16:00 - 18:00 Session 6A: Anonymous communications
Session chair: Nick Hopper
-- Alpine I-II
Session 6B: Web security
Session chair: XiaoFeng Wang
-- Grand I-II-III

  
18:00 - 20:00 Poster Session and Receptions -- Grand II-III
  
Thursday, October 20, 2011, Main Conference
7:00 - 8:00
Continental Breakfast -- Grand Foyer/Currents
8:00 - 10:00 Session 7A: Side-channel attacks and defenses
Session chair: Nikita Borisov
-- Alpine I-II
Session 7B: Securing Web applications
Session chair: Chris Kruegel
-- Grand I-II-III

10:00 - 10:30
Coffee-Break -- Grand Foyer
10:30 - 12:30 Session 8A: Privacy and mobile security
Session chair: Yan Chen
-- Grand I-II-III

Session 8B: Making secure computation practical
Session chair: Stefan Katzenbeisser
-- Alpine I-II
14:00 - 17:00 Tutorial 3: Benchmarking Computer Security through the Worldwide -- Grand I-II
Tutorial 4: Secure Distributed Programming Alpine I-II
  
Friday, October 21, 2011, Post-Conference Full Day Workshops
7:30 - 8:30
Breakfast -- Grand Foyer
8:30 - 17:00
12:00 - 13:30
Lunch -- Geneva/Currents

Detailed Program :

Tuesday, October 18, 2011

08:30 - 10:00 Welcome remarks and Keynote Talk: Farnam Jahanian
10:00 - 10:30 Coffee-break
10:30 - 12:00 Session 1A: System security
Session chair: Srjdan Capkun

VIPER: Verifying the Integrity of PERipherals' Firmware
Yanlin Li, Jonathan McCune and Adrian Perrig

Unicorn: Two-Factor Attestation for Data Security
Mohammad Mannan, Beom Kim, Afshar Ganjali and David Lie

Combining Control-Flow Integrity and Static Analysis for Efficient and Validated Data Sandboxing
Bin Zeng, Gang Tan and Greg Morrisett

Session 1B: Composability of cryptographic protocols
Session chair: Cédric Fournet

Composition Theorems Without Pre-Established Session Identifiers
Ralf Kuesters and Max Tuengerthal

Composability of Bellare-Rogaway Key Exchange Protocols
Christina Brzuska, Marc Fischlin, Bogdan Warinschi and Stephen C. Williams

A composable computational soundness notion
Veronique Cortier and Bogdan Warinschi

12:00 - 13:30 Lunch
13:30 - 15:30 Session 2A: Hardware, SCADA, and physical security
Session chair: Ahmad-Reza Sadeghi

On the Requirements for Successful GPS Spoofing Attacks
Nils Ole Tippenhauer, Christina Pöpper, Kasper Bonne Rasmussen and Srdjan Capkun

Protecting Consumer Privacy from Electric Load Monitoring
Stephen Mclaughlin, William Aiello and Patrick Mcdaniel

PaperSpeckle: Microscopic fingerprinting of paper
Ashlesh Sharma, Lakshminarayanan Subramanian and Eric Brewer

On the Vulnerability of FPGA Bitstream Encryption against Power Analysis Attacks - Extracting Keys from Xilinx Virtex-II FPGAs
Amir Moradi, Alessandro Barenghi, Timo Kasper and Christof Paar

Session 2B: Authentication, access control, and audit
Session chair: Jaeyeon Jung

Text-based CAPTCHA Strengths and Weaknesses
Elie Bursztein, Matthieu Martin and John Mitchell

An Efficient User Verification System via Mouse Movements
Nan Zheng, Aaron Paloski and Haining Wang

Policy Auditing over Incomplete Logs: Theory, Implementation and Applications
Deepak Garg, Limin Jia and Anupam Datta

Automatic Error Finding in Access-Control Policies
Karthick Jayaraman, Vijay Ganesh, Mahesh Tripunitara, Martin Rinard and Steve Chapin

15:30 - 16:00 Coffee-break
16:00 - 17:30 Session 3A: Wild Woolly Web
Session chair: Apu Kapadia

Fashion Crimes: Trending-Term Exploitation on the Web
Tyler Moore, Nektarios Leontiadis and Nicolas Christin

SURF: Detecting and Measuring Search Poisoning
Long Lu, Roberto Perdisci and Wenke Lee

Cloak and Dagger: Dynamics of Web Search Cloaking
David Wang, Stefan Savage and Geoff Voelker

Session 3B: Cloud computing
Session chair: Thomas Ristenpart

Proofs of Ownerhip in Remote Storage Systems
Shai Halevi, Danny Harnik, Benny Pinkas and Alexandra Shulman-Peleg

How to Tell if Your Cloud Files Are Vulnerable to Drive Crashes
Kevin D. Bowers, Marten Van Dijk, Ari Juels, Alina Oprea and Ronald L. Rivest

Sedic: Privacy-Aware Data Intensive Computing on Hybrid Cloud
Kehuan Zhang, Xiaoyong Zhou, Yangyi Chen, Xiaofeng Wang and Yaoping Ruan

19:00 - 22:00 Tour of Chicago Shedd Aquarium and Buffet Dinner

Wednesday, October 19, 2011

8:30 - 10:30 Session 4A: Malware and intrusion detection
Session chair: Ben Livshits

Deobfuscating Virtualization-Obfuscated Software: A Semantics-Based Approach
Kevin Coogan, Gen Lu and Saumya Debray

The Power of Procrastination: Detection and Mitigation of Execution-Stalling Malicious Code
Clemens Kolbitsch, Christopher Kruegel and Engin Kirda

MIDeA: A Multi-Parallel Intrusion Detection Architecture
Giorgos Vasiliadis, Michalis Polychronakis and Sotiris Ioannidis

BitShred: Feature Hashing Malware for Scalable Triage and Semantic Analysis
Jiyong Jang, David Brumley and Shobha Venkataraman

Session 4B: Formal methods and verification
Session chair: Anupam Datta

Trace equivalence decision: negative tests and non-determinism
Vincent Cheval, Hubert Comon-Lundh and Stephanie Delaune

Extracting and Verifying Cryptographic Models from C Protocol Code by Symbolic Execution
Mihhail Aizatulin, Andrew Gordon and Jan Jürjens

Modular Code-Based Cryptographic Verification
Cedric Fournet, Markulf Kohlweiss and Pierre-Yves Strub

Information-Flow Types for Homomorphic Encryptions
Cedric Fournet, Jérémy Planul and Tamara Rezk

10:30 - 11:00 Coffee-break
11:00 - 12:00 Invited Talk: Jan Camenisch
12:00 - 13:30 Lunch
13:30 - 15:30 Session 5A: Virtual machines and hypervisors
Session chair: Úlfar Erlingsson

Process Out-Grafting: An Efficient “Out-of-VM” Approach for Fine-Grained Process Execution Monitoring
Deepa Srinivasan, Zhi Wang, Xuxian Jiang and Dongyan Xu

SICE: A Hardware-Level Strongly Isolated Computing Environment for x86 Multi-core Platforms
Ahmed Azab, Peng Ning and Xiaolan Zhang

AmazonIA: When Elasticity Snaps Back
Sven Bugiel, Stefan Nürnberger, Thomas Pöppelmann, Ahmad-Reza Sadeghi and Thomas Schneider

Eliminating the Hypervisor Attack Surface for a More Secure Cloud
Jakub Szefer, Eric Keller, Ruby B. Lee and Jennifer Rexford

Session 5B: Applied cryptography
Session chair: Ralf Kuesters

How to Break XML Encryption
Tibor Jager and Juraj Somorovsky

Ciphers that Encipher their own Keys
Mihir Bellare, David Cash and Sriram Keelveedhi

Password Protected Secret Sharing
Ali Bagherzandi, Stanislaw Jarecki, Nitesh Saxena and Yanbin Lu

Practical Delegation of Computation using Multiple Servers
Ben Riva, Ran Canetti and Guy N. Rothblum

15:30 - 16:00 Coffee-break
16:00 - 18:00 Session 6A: Anonymous communications
Session chair: Nick Hopper

Trust-based Anonymous Communication: Adversary Models and Routing Algorithms
Paul Syverson, Aaron Johnson, Roger Dingledine and Nick Mathewson

Cirripede: Circumvention Infrastructure using Router Redirection with Plausible Deniability
Amir Houmansadr, Giang T. K. Nguyen, Matthew Caesar and Nikita Borisov

Forensic Investigation of the OneSwarm Anonymous Filesharing System
Swagatika Prusty, Marc Liberatore and Brian N. Levine

Stealthy Traffic Analysis of Low-Latency Anonymous Communication Using Throughput Fingerprinting
Prateek Mittal, Ahmed Khurshid, Joshua Juen, Matthew Caesar and Nikita Borisov

Session 6B: Web security
Session chair: XiaoFeng Wang

App Isolation: Get the Security of Multiple Browsers with Just One
Eric Chen, Jason Bau, Charles Reis, Adam Barth and Collin Jackson

Crouching Tiger - Hidden Payload: Security Risks of Scalable Vectors Graphics
Mario Heiderich, Tilman Frosch, Meiko Jensen and Thorsten Holz

Fear the EAR: Discovering and Mitigating Execution After Redirect Vulnerabilities
Adam Doupe, Bryce Boe, Christopher Kruegel and Giovanni Vigna

Automated Black-box Detection of Side-Channel Vulnerabilities in Web Applications
Peter Chapman and David Evans

18:00 - 20:00 Poster Session and Receptions

Thursday, October 20, 2011

8:00 - 10:00 Session 7A: Side-channel attacks and defenses
Session chair: Nikita Borisov

iSpy: Automatic Reconstruction of Typed Input from Compromising Reflections
Rahul Raguram, Andrew White, Dibyendusekhar Goswami, Fabian Monrose and Jan-Michael Frahm

Televisions, Video Privacy, and Powerline Electromagnetic Interference
Miro Enev, Sidhant Gupta, Tadayoshi Kohno and Shwetak Patel

(sp)iPhone: Decoding Vibrations From Nearby Keyboards Using Mobile Phone Accelerometers
Philip Marquardt, Arunabh Verma, Henry Carter and Patrick Traynor

Predictive Mitigation of Timing Channels in Interactive Systems
Danfeng Zhang, Aslan Askarov and Andrew Myers

Session 7B: Securing Web applications
Session chair: Chris Kruegel

Whitebox Analysis of Web Applications for Parameter Tampering Exploit Construction
Prithvi Bisht, Timothy Hinrichs, Nazari Skrupsky and Venkat Venkatakrishnan

Context-Sensitive Auto-Sanitization in Web Templating Languages Using Type Qualifiers
Mike Samuel, Prateek Saxena and Dawn Song

ScriptGard: Automatic Context-Sensitive Sanitization for Large-Scale Legacy Web Applications
Prateek Saxena, David Molnar and Benjamin Livshits

Fortifying Web-Based Applications Automatically
Shuo Tang, Nathan Dautenhahn and Samuel T. King

10:00 - 10:30 Coffee-break
10:30 - 12:30 Session 8A: Privacy and mobile security
Session chair: Yan Chen

Android Permissions Demystified
Adrienne Felt, Erika Chin, Steve Hanna, David Wagner and Dawn Song

These Aren't the Droids You're Looking For: Retrofitting Android to Protect Data from Imperious Applications
Peter Hornyack, Seungyeop Han, Jaeyeon Jung, Stuart Schechter and David Wetherall.

Privacy and Accountability for Location-based Aggregate Statistics
Raluca Ada Popa, Andrew J. Blumberg, Hari Balakrishnan and Frank H. Li

Auctions in Do-Not-Track Compliant Internet Advertising
Alexey Reznichenko, Saikat Guha and Paul Francis

Session 8B: Making secure computation practical
Session chair: Stefan Katzenbeisser

Practical PIR for Electronic Commerce
Ryan Henry, Femi Olumofin and Ian Goldberg

Countering GATTACA: Efficient and Secure Testing of Fully-Sequenced Human Genomes
Pierre Baldi, Roberta Baronio, Emiliano De Cristofaro, Paolo Gasti and Gene Tsudik

Automatically Optimizing Secure Computation
Florian Kerschbaum

VMCrypt - Modular Software Architecture for Scalable Secure Computation
Lior Malka

14:00 - 17:00 Tutorial 3: Benchmarking Computer Security through the Worldwide
Tutorial 4: Secure Distributed Programming