Conference Program
Program Overview
Monday, October 27, 2008, Pre-Conference Full Day Workshops and Welcome Reception | |||
9:00 - 17:00 |
Workshop on Formal Methods in Security Engineering (FMSE) - Plaza Ballroom I | ||
Workshop on Quality of Protection (QoP) - Plaza Ballroom II | |||
Workshop on Privacy in the Electronic Society (WPES) - Plaza Ballroom III | |||
Workshop on Digital Rights Management (DRM) - Beech A | |||
Workshop on AISec - Beech B | |||
19:00 - 21:00 | Welcome Reception | ||
Tuesday, October 28, 2008, Main Conference | |||
9:00 - 9:30 | Welcoming remarks | ||
9:30 - 10:30 | Keynote talk: Martín Abadi Session Chair: Paul Syverson |
||
10:30 - 11:00 | Break |
||
11:00 - 12:30 | Session 1: Attacks 1 Session Chair: Michael Reiter |
Session 2: Software Security 1 Session Chair: Mihai Christodorescu |
|
12:30 - 14:00 | Lunch |
||
14:00 - 15:30 | Session 3: Browser Security Session Chair: Xiaofeng Wang |
Session 4: Formal Methods 1 Session Chair: Anupam Datta |
Tutorial 1: Trusted Hardware Radu Sion |
15:30 - 16:00 | Break |
||
16:00 - 17:00 | Session 5: Privacy 1 Session Chair: George Danezis |
Session 6: Software Security 2 Session Chair: Vinod Ganapathy |
|
18:30 - 21:30 | Conferecen Reception | ||
Wednesday, October 29, 2008, Main Conference | |||
9:00 - 10:30 | Session 7: Network Security Session Chair: Paul Van Oorschot |
Session 8: System Security 1 Session Chair: Wenke Lee |
Tutorial 2: RFID Security and Privacy Kevin Fu |
10:30 - 11:00 | Break |
||
11:00 - 12:30 | Session 9: Privacy 2 Session Chair: Patrick McDaniel |
Session 10: Access Control Session Chair: Ting Yu |
|
12:30 - 14:00 | Lunch |
||
14:00 - 15:30 | Session 11: Anonymity Session Chair: Aaron Johnson |
Session 12: Formal Methods 2 Session Chair: Cédric Fournet |
Tutorial 3: Understanding Android's Security Framework William Enck |
15:30 - 16:00 | Break |
||
16:00 - 17:00 | Session 13: System Security 2 Session Chair: Radu Sion |
Session 14: Identity-Based Encryption Session Chair: Steven Myers |
|
Thursday, October 30, 2008, Main Conference | |||
9:00 - 10:30 | Session 15: Applied Cryptography 1 Session Chair: Philippe Golle |
Session 16: Device Security Session Chair: J. Alex Halderman |
|
10:30 - 11:00 | Break |
||
11:00 - 13:00 | Session 17: Applied Cryptography 2 Session Chair: Catherine Meadows |
Session 18: Attacks 2 Session Chair: Sven Dietrich |
|
Friday, October 31, 2008, Post-Conference Full Day Workshops | |||
9:00 - 17:00 | Workshop on Digital Identity Management (DIM) - Meeting Room A |
||
Workshop on Secure Web Services (SWS) - Meeting Room B |
|||
Workshop on Computer Security Architectures (CSAW) - Meeting Room C |
|||
Workshop on Scalable Trusted Computing (STC) - Meeting Room D |
|||
Workshop on Network Data Anonymization (NDA) - Meeting Room E |
|||
Workshop on Storage Security and Survivability (StorageSS) - Meeting Room F |
|||
Workshop on Virtual Machine Security (VMSEC) - Meeting Room G |
Detailed Program
Tuesday, October 28, 2008 | |
9:30 - 10:30 | Keynote Talk Session Chair: Paul Syverson |
The Good, The Bad, and The Provable Martín Abadi (University of California at Santa Cruz and Microsoft Research) |
|
11:00 - 12:30 | Session 1: Attacks 1 Session Chair: Michael Reiter |
Spamalytics: An Empirical Analysis of Spam Marketing Conversion Chris Kanich (UC San Diego), Christian Kreibich (ICSI), Kirill Levchenko (UC San Diego) Brandon Enright (UC San Diego), Geoff Voelker (UC San Diego), Vern Paxson (ICSI, USA), and Stefan Savage (UC San Diego) Code Injection Attacks on Harvard-Architecture Devices When Good Instructions Go Bad: Generalizing Return-Oriented
Programming to RISC |
|
Session 2: Software Security 1 Session Chair: Mihai Christodorescu (IBM Research) |
|
Efficient and Extensible Security Enforcement Using Dynamic Data Flow Analysis Ether: Malware Analysis via Hardware Virtualization Extensions Extending Logical Attack Graphs for Efficient Vulnerability Analysis |
|
14:00 - 15:30 | Session 3: Browser Security Session Chair: Xiaofeng Wang (Indiana University at Bloomington) |
Robust Defenses for Cross-Site Request Forgery SOMA: Mutual Approval for Included Content in Web Pages OMash: Enabling Secure Web Mashups via Object Abstractions |
|
Session 4: Formal Methods 1 Session Chair: Anupam Datta (Carnegie Mellon University) |
|
Computational soundness of observational equivalence Unbounded Verification, Falsification, and Characterization of Security Protocols by Pattern Refinement Reducing Protocol Analysis with XOR to the XOR-free Case in the Horn
Theory Based Approach |
|
Tutorial 1 | |
Trusted Hardware (abstract) Radu Sion (Stony Brook University) |
|
16:00 - 17:00 | Session 5: Privacy 1 Session Chair: George Danezis (Microsoft Research, Cambridge) |
Building Castles out of Mud: Practical Access Pattern Privacy and
Correctness on Untrusted Storage Location Privacy of Distance Bounding Protocols |
|
Session 6: Software Security 2 Session Chair: Vinod Ganapathy (Rutgers University) |
|
Verifiable functional purity in Java Trust Management for Secure Information Flows |
|
18:30 - 21:00 | Conference Reception |
Brief presentations by funding agencies |
|
Wednesday, October 29, 2008 | |
9:00 - 10:30 | Session 7: Network Security Session Chair: Paul Van Oorschot (Carleton University) |
Mitigating DNS DoS Attacks Revocation Games in Ephemeral Networks Increased DNS Forgery Resistance Through 0x20-Bit Encoding |
|
Session 8: System Security 1 Session Chair: Wenke Lee (Georgia Institute of Technology) |
|
Enforcing Authorization Policies using Transactional Memory
Introspection Towards Practical Biometric Key Generation with Randomized Biometric Templates Towards Automatic Reverse Engineering of Software Security
Configuration |
|
Tutorial 2 | |
RFID Security and Privacy (abstract) Kevin Fu (University of Massachusetts Amherst) |
|
11:00 - 12:30 | Session 9: Privacy 2 Session Chair: Patrick McDaniel (Pennsylvania State University) |
FairplayMP -- A System for Secure Multi-Party Computation Information Leaks in Structured Peer-to-peer Anonymous Communication
Systems Privacy Oracle: a System for Finding Application Leaks with Black Box
Differential Testing |
|
Session 10: Access Control Session Chair: Ting Yu (North Carolina State University) |
|
A Framework for Reflective Database Access Control Policies A Class of Probabilistic Models for Role Engineering Assessing Query Privileges via Safe and Efficient Permission
Composition |
|
14:00 - 15:30 | Session 11: Anonymity Session Chair: Aaron Johnson (Yale University) |
Dependent Link Padding Algorithms for Low Latency Anonymity Systems PEREA: Towards Practical TTP-Free Revocation in Anonymous Authentication
Efficient Attributes for Anonymous Credentials |
|
Session 12: Formal Methods 2 Session Chair: Cédric Fournet (Microsoft Research Cambridge) |
|
Type-checking Zero-knowledge Towards Automated Proofs of Asymmetric Encryption Schemes in the Random Oracle Model EON: Modeling and Analyzing Dynamic Access Control Systems with Logic
Programs |
|
Tutorial 3 | |
Understanding Android's Security Framework (abstract) William Enck and Patrick McDaniel (Pennsylvania State University) |
|
16:00 - 17:00 | Session 13: System Security 2 Session Chair: Radu Sion (Stonybrook University) |
Tupni: Automatic Reverse Engineering of Input Formats Rootkit-Resistant Disks |
|
Session 14: Identity-Based Encryption Session Chair: Steven Myers (Indiana University at Bloomington) |
|
Identity-based Encryption with Efficient Revocation Black Box Accountable Authority Identity-Based Encryption |
|
Thursday, October 30, 2008 | |
9:00 - 10:30 | Session 15: Applied Cryptography 1 Session Chair: Philippe Golle (Palo Alto Research Center) |
Authenticated Hash Tables Multisignatures Secure under the Discrete Logarithm Assumption and a Generalized Forking Lemma Karthikeyan Bhargavan (Microsoft Research Cambridge, UK), Ricardo Corin (MSR-INRIA Joint Centre, France), Cédric Fournet (Microsoft Research, UK), and Eugen Zalinescu (MSR-INRIA Joint Centre, France) |
|
Session 16: Device Security Session Chair: J. Alex Halderman (Princeton University) |
|
Reconsidering Physical Key Secrecy: Teleduplication via Optical
Decoding RFIDS and Secret Handshakes: Defending Against Ghost-and-Leech Attacks and Unauthorized Reads with Context-Aware Communications Constructions of Truly Practical Secure Protocols using Standard
Smartcards |
|
11:00 - 13:00 | Session 17: Applied Cryptography 2 Session Chair: Catherine Meadows (U.S. Naval Research Laboratory) |
Traitor Tracing with Constant Size Ciphertext Multi-Use Unidirectional Proxy Re-Signatures Efficient Security Primitives Derived from a Secure Aggregation
Algorithm |
|
Session 18: Attacks 2 Session Chair: Sven Dietrich (Stevens Institute of Technology) |
|
Machine Learning Attacks Against the ASIRRA CAPTCHA A Low-cost Attack on a Microsoft CAPTCHA BootJacker: Compromising Computers using Forced Restarts A Look In the Mirror: Attacks on Package Managers |