17. CCS 2010: Chicago, Illinois, USA

Ehab Al-Shaer, Angelos D. Keromytis, Vitaly Shmatikov (Eds.): Proceedings of the 17th ACM Conference on Computer and Communications Security, CCS 2010, Chicago, Illinois, USA, October 4-8, 2010. ACM 2010, ISBN 978-1-4503-0245-6

Security analysis

Scott Wolchok, Eric Wustrow, J. Alex Halderman, Hari K. Prasad, Arun Kankipati, Sai Krishna Sakhamuri, Vasavya Yagati, Rop Gonggrijp:
Security analysis of India's electronic voting machines. 1-14
Nicolas Christin, Sally S. Yanagihara, Keisuke Kamataki:
Dissecting one click frauds. 15-26
Chris Grier, Kurt Thomas, Vern Paxson, Chao Michael Zhang:
@spam: the underground on 140 characters or less. 27-37

System security

Ahmed M. Azab, Peng Ning, Zhi Wang, Xuxian Jiang, Xiaolan Zhang, Nathan C. Skalsky:
HyperSentry: enabling stealthy in-context measurement of hypervisor integrity. 38-49
Srinivas Krishnan, Kevin Z. Snow, Fabian Monrose:
Trail of bytes: efficient support for forensic analysis. 50-60
Justin Samuel, Nick Mathewson, Justin Cappos, Roger Dingledine:
Survivable key compromise in software update systems. 61-72

Wireless and phone security

David Barrera, Hilmi Günes Kayacik, Paul C. van Oorschot, Anil Somayaji:
A methodology for empirical analysis of permission-based security models and its application to android. 73-84
Nathaniel Husted, Steven Myers:
Mobile location tracking in metro areas: malnets and others. 85-96
Tzipora Halevi, Nitesh Saxena:
On pairing constrained wireless devices based on secrecy of auxiliary channels: the case of acoustic eavesdropping. 97-108
Vijay A. Balasubramaniyan, Aamir Poonawalla, Mustaque Ahamad, Michael T. Hunter, Patrick Traynor:
PinDr0p: using single-ended audio features to determine call provenance. 109-120

Applied cryptography I

Sanjam Garg, Abishek Kumarasubramanian, Amit Sahai, Brent Waters:
Building efficient fully collusion-resilient traitor tracing and revocation schemes. 121-130
Dan Boneh, Hart William Montgomery, Ananth Raghunathan:
Algebraic pseudorandom functions with improved efficiency from the augmented cascade. 131-140
Yu Yu, François-Xavier Standaert, Olivier Pereira, Moti Yung:
Practical leakage-resilient pseudorandom generators. 141-151
Sherman S. M. Chow, Yevgeniy Dodis, Yannis Rouselakis, Brent Waters:
Practical leakage-resilient identity-based encryption from simple assumptions. 152-161

Passwords and CAPTCHAs

Matt Weir, Sudhir Aggarwal, Michael Collins, Henry Stern:
Testing metrics for password creation policies by attacking large sets of revealed passwords. 162-175
Yinqian Zhang, Fabian Monrose, Michael K. Reiter:
The security of modern password expiration: an algorithmic framework and empirical analysis. 176-186
Bin B. Zhu, Jeff Yan, Qiujie Li, Chao Yang, Jia Liu, Ning Xu, Meng Yi, Kaiwei Cai:
Attacks and design of image recognition CAPTCHAs. 187-200

Sandboxing

Joseph Siefers, Gang Tan, Greg Morrisett:
Robusta: taming the native beast of the JVM. 201-211
Justin Cappos, Armon Dadgar, Jeff Rasley, Justin Samuel, Ivan Beschastnikh, Cosmin Barsan, Arvind Krishnamurthy, Thomas E. Anderson:
Retaining sandbox containment despite bugs in privileged memory-safe code. 212-223
Glenn Wurster, Paul C. van Oorschot:
A control point for reducing root abuse of file-system privileges. 224-236

Attacks on secure hardware

Ulrich Rührmair, Frank Sehnke, Jan Sölter, Gideon Dror, Srinivas Devadas, Jürgen Schmidhuber:
Modeling attacks on physical unclonable functions. 237-249
Flavio D. Garcia, Peter van Rossum, Roel Verdult, Ronny Wichers Schreur:
Dismantling SecureMemory, CryptoMemory and CryptoRF. 250-259
Matteo Bortolozzo, Matteo Centenaro, Riccardo Focardi, Graham Steel:
Attacking and fixing PKCS#11 security tokens. 260-269

Information flow

Dongseok Jang, Ranjit Jhala, Sorin Lerner, Hovav Shacham:
An empirical study of privacy-violating information flows in JavaScript web applications. 270-283
William R. Harris, Somesh Jha, Thomas W. Reps:
DIFC programs by automatic instrumentation. 284-296
Aslan Askarov, Danfeng Zhang, Andrew C. Myers:
Predictive black-box mitigation of timing channels. 297-307

Anonymity networks

Qiyan Wang, Prateek Mittal, Nikita Borisov:
In search of an anonymous and secure lookup: attacks on structured peer-to-peer anonymous communication systems. 308-318
Rob Jansen, Nicholas Hopper, Yongdae Kim:
Recruiting new tor relays with BRAIDS. 319-328
Can Tang, Ian Goldberg:
An improved algorithm for tor circuit scheduling. 329-339
Henry Corrigan-Gibbs, Bryan Ford:
Dissent: accountable anonymous group messaging. 340-350

Formal methods

Sebastian Mödersheim:
Abstraction by set-membership: verifying security protocols and web services with databases. 351-360
Christoph Sprenger, David A. Basin:
Developing security protocols by refinement. 361-374
Gilles Barthe, Marion Daubignard, Bruce M. Kapron, Yassine Lakhnech:
Computational indistinguishability logic. 375-386
Michael Backes, Matteo Maffei, Dominique Unruh:
Computationally sound verification of source code. 387-398

Malware

Andrea Lanzi, Davide Balzarotti, Christopher Kruegel, Mihai Christodorescu, Engin Kirda:
AccessMiner: using system-centric models for malware protection. 399-412
Juan Caballero, Pongsin Poosankam, Stephen McCamant, Domagoj Babic, Dawn Song:
Input generation via decomposition and re-stitching: finding bugs in Malware. 413-425
Chia Yuan Cho, Domagoj Babic, Eui Chul Richard Shin, Dawn Song:
Inference and analysis of formal models of botnet command and control protocols. 426-439
Long Lu, Vinod Yegneswaran, Phillip A. Porras, Wenke Lee:
BLADE: an attack-agnostic approach for preventing drive-by malware infections. 440-450

Applied cryptography II

Wilko Henecka, Stefan Kögl, Ahmad-Reza Sadeghi, Thomas Schneider, Immo Wehrenberg:
TASTY: tool for automating secure two-party computations. 451-462
Amit Sahai, Hakan Seyalioglu:
Worry-free encryption: functional encryption with public keys. 463-472
Jae Hyun Ahn, Matthew Green, Susan Hohenberger:
Synchronized aggregate signatures: new definitions, constructions and applications. 473-484
Jonathan Katz, Lior Malka:
Secure text processing with applications to private DNA matching. 485-492

Cryptographic protocols

Jean Paul Degabriele, Kenneth G. Paterson:
On the (in)security of IPsec in MAC-then-encrypt configurations. 493-504
Ueli Maurer, Björn Tackmann:
On the soundness of authenticate-then-encrypt: formalizing the malleability of symmetric encryption. 505-515
Adam Groce, Jonathan Katz:
A new framework for efficient password-based authenticated key exchange. 516-525
Ralf Küsters, Tomasz Truderung, Andreas Vogt:
Accountability: definition and relationship to verifiability. 526-535

Memory safety and binary code

Zhenyu Wu, Steven Gianvecchio, Mengjun Xie, Haining Wang:
Mimimorphism: a new approach to binary code obfuscation. 536-546
Sang Kil Cha, Brian Pak, David Brumley, Richard Jay Lipton:
Platform-independent programs. 547-558
Stephen Checkoway, Lucas Davi, Alexandra Dmitrienko, Ahmad-Reza Sadeghi, Hovav Shacham, Marcel Winandy:
Return-oriented programming without returns. 559-572
Gene Novark, Emery D. Berger:
DieHarder: securing the heap. 573-584

Web security

Avik Chaudhuri, Jeffrey S. Foster:
Symbolic security analysis of ruby-on-rails web applications. 585-594
Kehuan Zhang, Zhou Li, Rui Wang, XiaoFeng Wang, Shuo Chen:
Sidebuster: automated detection and quantification of side-channel leaks in web application development. 595-606
Prithvi Bisht, Timothy Hinrichs, Nazari Skrupsky, Radoslaw Bobrowicz, V. N. Venkatakrishnan:
NoTamper: automatic blackbox detection of parameter tampering opportunities in web applications. 607-618
Lin-Shung Huang, Zack Weinberg, Chris Evans, Collin Jackson:
Protecting browsers from cross-origin CSS attacks. 619-629

Demo presentations

Lujun Fang, Heedo Kim, Kristen LeFevre, Aaron Tami:
A privacy recommendation wizard for users of social networking sites. 630-632
Ruixuan Li, Meng Dong, Bin Liu, Jianfeng Lu, Xiaopu Ma, Kai Li:
SecTag: a multi-policy supported secure web tag framework. 633-635
Georgia Sakellari, Erol Gelenbe:
Demonstrating cognitive packet network resilience to worm attacks. 636-638
Patrick Stewin, Jean-Pierre Seifert:
In God we trust all others we monitor. 639-641

Poster presentations

Walid Bechkit, Abdelmadjid Bouabdallah, Yacine Challal:
Enhancing resilience of probabilistic key pre-distribution schemes for WSNs through hash chaining. 642-644
Prithvi Bisht, A. Prasad Sistla, V. N. Venkatakrishnan:
TAPS: automatically preparing safe SQL queries. 645-647
Bernard Butler, Brendan Jennings, Dmitri Botvich:
XACML policy performance evaluation using a flexible load testing framework. 648-650
Kevin R. B. Butler, Stephen E. McLaughlin, Patrick Drew McDaniel:
Protecting portable storage with host validation. 651-653
Yinzhi Cao, Zhichun Li, Vaibhav Rastogi, Yan Chen:
Virtual browser: a web-level sandbox to secure third-party JavaScript without sacrificing functionality. 654-656
David W. Chadwick, George Inman, Paul Coxwell:
CardSpace in the cloud. 657-659
Eric Chan-Tin, Nicholas Hopper:
Secure latency estimation with treeple. 660-662
Weiqi Dai, Hai Jin, Deqing Zou, Shouhuai Xu, Weide Zheng, Lei Shi:
TEE: a virtual DRTM based execution environment for secure cloud-end computing. 663-665
Trajce Dimkov, Wolter Pieters, Pieter H. Hartel:
Laptop theft: a case study on the effectiveness of security mechanisms in open organizations. 666-668
Shlomi Dolev, Niv Gilboa, Marina Kopeetsky, Giuseppe Persiano, Paul G. Spirakis:
Information security for sensors by overwhelming random sequences and permutations. 669-671
Juan Du, Xiaohui Gu, Ting Yu:
On verifying stateful dataflow processing services in large-scale cloud systems. 672-674
Achille Fokoue, Mudhakar Srivatsa, Robert Young:
Assessing trust in uncertain information using Bayesian description logic. 675-677
Denis Foo Kune, Yongdae Kim:
Timing attacks on PIN input devices. 678-680
Hongyu Gao, Jun Hu, Christo Wilson, Zhichun Li, Yan Chen, Ben Y. Zhao:
Detecting and characterizing social spam campaigns. 681-683
Xun Gong, Negar Kiyavash, Nikita Borisov:
Fingerprinting websites using remote traffic analysis. 684-686
Kyusuk Han, Jangseong Kim, Kwangjo Kim, Taeshik Shon:
Efficient sensor node authentication via 3GPP mobile communication networks. 687-689
Ofer Hermoni, Niv Gilboa, Eyal Felstaine, Yuval Elovici, Shlomi Dolev:
Rendezvous tunnel for anonymous publishing. 690-692
Markus Huber, Martin Mulazzani, Edgar Weippl, Gerhard Kitzler, Sigrun Goluch:
Exploiting social networking sites for spam. 693-695
Mihaela Ion, Giovanni Russello, Bruno Crispo:
An implementation of event and filter confidentiality in pub/sub systems and its application to e-health. 696-698
Marian Kamal Iskander, Adam J. Lee, Daniel Mossé:
Privacy and robustness for data aggregation in wireless sensor networks. 699-701
Sachin Kadloor, Xun Gong, Negar Kiyavash, Parv Venkitasubramaniam:
Designing router scheduling policies: a privacy perspective. 702-704
Dongho Kim, Jerry T. Chiang, Yih-Chun Hu, Adrian Perrig, P. R. Kumar:
CRAFT: a new secure congestion control architecture. 705-707
Tobias Limmer, Falko Dressler:
Dialog-based payload aggregation for intrusion detection. 708-710
Kazuhiro Minami, Nikita Borisov:
Protecting location privacy against inference attacks. 711-713
Abedelaziz Mohaisen, Nicholas Hopper, Yongdae Kim:
Designs to account for trust in social network-based sybil defenses. 714-716
Abedelaziz Mohaisen, Eugene Y. Vasserman, Max Schuchard, Denis Foo Kune, Yongdae Kim:
Secure encounter-based social networks: requirements, challenges, and designs. 717-719
Yanlin Peng, Wenji Chen, J. Morris Chang, Yong Guan:
Secure online banking on untrusted computers. 720-722
Rahul Potharaju, Bogdan Carbunar, Cristina Nita-Rotaru:
iFriendU: leveraging 3-cliques to enhance infiltration attacks in online social networks. 723-725
Max Schuchard, Abedelaziz Mohaisen, Denis Foo Kune, Nicholas Hopper, Yongdae Kim, Eugene Y. Vasserman:
Losing control of the internet: using the data plane to attack the control plane. 726-728
Abdul Serwadda, Vir V. Phoha, Idris A. Rai:
Size-based scheduling: a recipe for DDOS? 729-731
Qiang Tang:
User-friendly matching protocol for online social networks. 732-734
Guojun Wang, Qin Liu, Jie Wu:
Hierarchical attribute-based encryption for fine-grained access control in cloud storage services. 735-737
Tao Wei, Tielei Wang, Lei Duan, Jing Luo:
Secure dynamic code generation against spraying. 738-740
Qianhong Wu, Bo Qin, Lei Zhang, Josep Domingo-Ferrer:
Ad hoc broadcast encryption. 741-743
Lan Yao, Zhiliang Yu, Tie Zhang, Fuxiang Gao:
Dynamic window based multihop authentication for WSN. 744-746
Xiaowei Ying, Xintao Wu, Daniel Barbará:
Spectrum based fraud detection in social networks. 747-749
Dawei Zhang, Zhen Han, Guangwen Yan:
A portable TPM based on USB key. 750-752
Zhibin Zhou, Dijiang Huang:
On efficient ciphertext-policy attribute based encryption and broadcast encryption: extended abstract. 753-755
Yan Zhu, Huaixi Wang, Zexing Hu, Gail-Joon Ahn, Hongxin Hu, Stephen S. Yau:
Efficient provable data possession for hybrid clouds. 756-758
Peng Zou, Chaokun Wang, Zhang Liu, Jianmin Wang, Jia-Guang Sun:
A cloud based SIM DRM scheme for the mobile internet. 759-761

Last update Tue May 22 23:23:28 2012 CET by the DBLP Team —

Data released under the ODC-BY 1.0 license — See also our legal information page