ACM CCS 2015

22nd ACM Conference on Computer and Communications Security

The Denver Marriot City Center, Denver, Colorado, US

October 12-16, 2015

  • Aspens
  • Pikes Peak
  • Denver Skyline
  • Welcome to Colorado
  • Denver Museum of Nature and Science
  • Denver Zoo
  • Garden of the Gods
  • Rocky Mountain National Park


Tutorial Chairs:
James Joshi
University of Pittsburgh, USA
Rinku Dewri
University of Denver, USA
Patrick Tague
Carnegie Melon University, USA

Tutorial Abstracts and Lecturer Resumes

Tutorial 1:
Fraud Detection through Graph-Based User Behavior Modeling

  • Alex Beutel (Carnegie Mellon University, USA)
  • Leman Akoglu (Stony Brook University, USA)
  • Christos Faloutsos (Carnegie Mellon University, USA)
Date: October 13, 2015
Duration: 3 hours

How do anomalies, fraud, and spam effect our models of normal user behavior? How can we modify our models to catch fraudsters? In this tutorial we will answer these questions - connecting graph analysis tools for user behavior modeling to anomaly and fraud detection. In particular, we will focus on three data mining techniques: subgraph analysis, label propagation and latent factor models; and their application to static graphs, e.g. social networks, evolving graphs, e.g. "who-calls-whom" networks, and attributed graphs, e.g. the "who-reviews-what" graphs of Amazon and Yelp. For each of these techniques we will give an explanation of the algorithms and the intuition behind them. We will then give brief examples of recent research using the techniques to model, understand and predict normal behavior. With this intuition for how these methods are applied to graphs and user behavior, we will focus on state-of-the-art research showing how the outcomes of these methods are effected by fraud, and how they have been used to catch fraudsters.


Alex Beutel is a fifth year Ph.D. candidate at Carnegie Mellon University in the Computer Science Department. He previously received his B.S. from Duke University. His Ph.D. research focuses on large scale user behavior modeling, covering both recommendation systems and fraud detection systems. He has interned at Facebook on both the Site Integrity and News Feed Ranking teams, at Microsoft in the Cloud and Information Services Laboratory, and at Google Research. Alex's research is supported by the National Science Foundation Graduate Research Fellowship Program and a Facebook Fellowship. More details can be found at

Leman Akoglu is an Assistant Professor in the Department of Computer Science at Stony Brook University. She received her Ph.D. from the Computer Science Department at Carnegie Mellon University in 2012. She also worked at IBM T. J. Watson Research Labs and Microsoft Research at Redmond during summers. Her research interests span a wide range of data mining and machine learning topics with a focus on algorithmic problems arising in graph mining, pattern discovery, social and information networks, and especially anomaly mining; outlier, fraud, and event detection. Dr. Akoglu's research has won 4 publication awards; Best Research Paper at SIAM SDM 2015, Best Paper at ADC 2014, Best Paper at PAKDD 2010, and Best Knowledge Discovery Paper at ECML/PKDD 2009. She also holds 3 U.S. patents filed by IBM T. J. Watson Research Labs. Dr. Akoglu is a recipient of the NSF CAREER award (2015) and Army Research Office Young Investigator award (2013). Her research is currently supported by the National Science Foundation, the US Army Research Office, DARPA, and a gift from Northrop Grumman Aerospace Systems. More details can be found at

Christos Faloutsos is a Professor at Carnegie Mellon University. He has received the Presidential Young Investigator Award by the National Science Foundation (1989), the Research Contributions Award in ICDM 2006, the Innovations award in KDD'10, 20 "best paper" awards, and several teaching awards. He has served as a member of the executive committee of SIGKDD; he has published over 200 refereed articles, 11 book chapters and one monograph. He holds five patents and he has given over 30 tutorials and over 10 invited distinguished lectures. His research interests include data mining for graphs and streams, fractals, database performance, and indexing for multimedia and bio-informatics data. More details can be found at

Tutorial 2:
Program Analysis for Mobile Application Integrity and Privacy Enforcement

  • Marco Pistoia (IBM T. J. Watson Research Center, USA)
Date: October 14, 2015
Duration: 4 hours

Program analysis has become an essential tool to verify the correctness of programs before these are deployed to end users' computers and devices. Detecting security problems in today's mobile applications by just relying on manual code inspection is unrealistic. Testing is also limited because there is often no guarantee that all the possible paths of execution of an application are tested under all the possible inputs, and so false negatives may arise. Static analysis is a very promising solution but suffers from the dual problem of false positives.

This long tutorial presents both static and dynamic analysis approaches to enforce privacy of mobile applications, and includes a hands-on lab that teaches the audience how to use an open-source tool to create a static-analysis solution that verifies the integrity and confidentiality of the data managed by the program itself.The only two prerequisites to attend this tutorial are basic knowledge of application security and understanding of programming languages concepts.

This tutorial provides an introduction to privacy problems in mobile applications, and explains also how information-flow security problems (such as integrity and confidentiality violations) can be detected using static analysis, dynamic analysis, and hybrid approaches. A literature survey will also be presented in order to show attendees the state of the art in the area of program analysis for mobile application security enforcement.

A key feature of this tutorial is a lab, which will guide attendees towards the installation of an open-source static-analysis framework, called Watson Libraries for Analysis (WALA)
( and the design and development of a privacy analysis tool. At the end of the tutorial, the attendees will know about the state of the art in program analysis for mobile applications, and will have be exposed to sample code implementing program analysis solutions for mobile application security enforcement.


Marco Pistoia, Ph.D. is a Senior Manager and Principal Research Staff Member at the IBM Thomas J. Watson Research Center in New York, where he manages the Mobile Enterprise Software research group. In January 2010, he was one of 38 IBM researchers worldwide to be bestowed the title of IBM Master Inventor. He is the inventor of 90 patents issued and 70 patent applications filed in the United States Patent and Trademark Office. Dr. Pistoia has designed and implemented numerous analysis components and contributed large amounts of code to IBM's main products for static quality analysis and mobile application management.

Dr. Pistoia received his Ph.D. degree in Mathematics from New York University, Polytechnic School of Engineering, in May 2005. He has written ten books and published numerous papers and journal articles on various aspects of Program Analysis, Language-Based Security and Mobile Computing. He has published and presented at numerous conferences worldwide, including OOPSLA, ECOOP, PLDI, ICSE, ACSAC, ISSTA, CCS, VMCAI, PLAS and S&P. He has also been invited to lecture at several research institutions worldwide. He has been the recipient of three ACM SIGSOFT Distinguished Paper Awards, a Pat Goldberg Memorial Best Paper, and a European Community Erasmus Fellowship Award.

Tutorial 3: Introduction to Cryptocurrencies

  • Stefan Dziembowski (University of Warsaw, Poland)
Date: October 15, 2015
Duration: 4 hours

The goal of this tutorial is to provide a research-oriented introduction to the cryptographic currencies. We will start with a description of Bitcoin and its main design principles. We will then discuss some of its weaknesses, including the selfish mining attack, and show some ideas for dealing with these problems. We will talk about the mechanics of the mining pools and ideas for discouraging the mining pool creation. We will also provide an introduction to the smart contracts, and give some examples of them, including the multiparty lotteries.

We will then present alternative currencies that were designed to remedy some of the problems of Bitcoin. In particular, we will talk about the Litecoin (which was created to make hardware mining less profitable), the Primecoin and Permacoin (created to make mining "useful" for some purpose), the Proofs of Stake and the Proofs of Space (which is an attempt to replace the proofs of work by some other method for reaching consensus). We will also discuss the problem of true anonymity in cryptocurrencies and explain the main ideas behind the Zerocoin, which is a new currency that provides the true anonymity. Finally, we will present some examples of the blockchain technology being used for other (non-financial) purposes.

We will be mostly interested in the "conceptual" aspects of this topic. In other words: our goal will be to explain the most interesting ideas that emerged in this area, and we will ignore many technical details that are not relevant to this (like: the practical aspects of setting up a Bitcoin miner). We will also discuss the most important research challenges in this area.


Stefan Dziembowski is professor at the University of Warsaw. He is interested in theoretical and applied cryptography. Dziembowski received a PhD degree in computer science from the University of Aarhus, Denmark. He was a post-doc at the ETH Zurich, CNR Pisa and the Sapienza University of Rome, where he joined the faculty in 2008. In 2010 he moved to the University of Warsaw where he leads the Cryptography and Data Security Group.

His papers appeared at leading computer science conferences (FOCS, STOC, CRYPTO, EUROCRYPT, ASIACRYPT, IEEE S&P, and TCC), and journals (Journal of Cryptology, IEEE Transactions on Information Theory). He also served as a PC member of several international conferences, including CRYPTO, EUROCRYPT, and ASIACRYPT. His paper on secure computations on Bitcoin received the Best Paper Award on IEEE S&P 2014. He published two papers on the Workshop on Bitcoin Research, and two other papers on topics related to Bitcoin on CRYPTO 2015. He also got the Best Paper Award on EUROCRYPT 2014 for a paper concerning the leakage-resilient cryptography.

He served as the general chair of the Twelfth Theory of Cryptography Conference (TCC'15). He is a recipient of an ERC Starting grant and an FNP Welcome grant.