18. CCS 2011: Chicago, Illinois, USA

Yan Chen, George Danezis, Vitaly Shmatikov (Eds.): Proceedings of the 18th ACM Conference on Computer and Communications Security, CCS 2011, Chicago, Illinois, USA, October 17-21, 2011. ACM 2011, ISBN 978-1-4503-0948-6

Keynote address

Farnam Jahanian:
Reflections on the evolution of internet threats: the growing imperative for a cyber secure society. 1-2

System security

Yanlin Li, Jonathan M. McCune, Adrian Perrig:
VIPER: verifying the integrity of PERipherals' firmware. 3-16
Mohammad Mannan, Beom Heyn Kim, Afshar Ganjali, David Lie:
Unicorn: two-factor attestation for data security. 17-28
Bin Zeng, Gang Tan, Greg Morrisett:
Combining control-flow integrity and static analysis for efficient and validated data sandboxing. 29-40

Composability of cryptographic protocols

Ralf Küsters, Max Tuengerthal:
Composition theorems without pre-established session identifiers. 41-50
Christina Brzuska, Marc Fischlin, Bogdan Warinschi, Stephen C. Williams:
Composability of bellare-rogaway key exchange protocols. 51-62
Véronique Cortier, Bogdan Warinschi:
A composable computational soundness notion. 63-74

Hardware, SCADA, and physical security

Nils Ole Tippenhauer, Christina Pöpper, Kasper Bonne Rasmussen, Srdjan Capkun:
On the requirements for successful GPS spoofing attacks. 75-86
Stephen E. McLaughlin, Patrick McDaniel, William Aiello:
Protecting consumer privacy from electric load monitoring. 87-98
Ashlesh Sharma, Lakshminarayanan Subramanian, Eric A. Brewer:
PaperSpeckle: microscopic fingerprinting of paper. 99-110
Amir Moradi, Alessandro Barenghi, Timo Kasper, Christof Paar:
On the vulnerability of FPGA bitstream encryption against power analysis attacks: extracting keys from xilinx Virtex-II FPGAs. 111-124

Authentication and access control

Elie Bursztein, Matthieu Martin, John C. Mitchell:
Text-based CAPTCHA strengths and weaknesses. 125-138
Nan Zheng, Aaron Paloski, Haining Wang:
An efficient user verification system via mouse movements. 139-150
Deepak Garg, Limin Jia, Anupam Datta:
Policy auditing over incomplete logs: theory, implementation and applications. 151-162
Karthick Jayaraman, Vijay Ganesh, Mahesh V. Tripunitara, Martin C. Rinard, Steve J. Chapin:
Automatic error finding in access-control policies. 163-174

Anonymous communications

Aaron Johnson, Paul F. Syverson, Roger Dingledine, Nick Mathewson:
Trust-based anonymous communication: adversary models and routing algorithms. 175-186
Amir Houmansadr, Giang T. K. Nguyen, Matthew Caesar, Nikita Borisov:
Cirripede: circumvention infrastructure using router redirection with plausible deniability. 187-200
Swagatika Prusty, Brian Neil Levine, Marc Liberatore:
Forensic investigation of the OneSwarm anonymous filesharing system. 201-214
Prateek Mittal, Ahmed Khurshid, Joshua Juen, Matthew Caesar, Nikita Borisov:
Stealthy traffic analysis of low-latency anonymous communication using throughput fingerprinting. 215-226

Web security

Eric Yawei Chen, Jason Bau, Charles Reis, Adam Barth, Collin Jackson:
App isolation: get the security of multiple browsers with just one. 227-238
Mario Heiderich, Tilman Frosch, Meiko Jensen, Thorsten Holz:
Crouching tiger - hidden payload: security risks of scalable vectors graphics. 239-250
Adam Doupé, Bryce Boe, Christopher Kruegel, Giovanni Vigna:
Fear the EAR: discovering and mitigating execution after redirect vulnerabilities. 251-262
Peter Chapman, David Evans:
Automated black-box detection of side-channel vulnerabilities in web applications. 263-274

Malware and intrusion detection

Kevin Coogan, Gen Lu, Saumya K. Debray:
Deobfuscation of virtualization-obfuscated software: a semantics-based approach. 275-284
Clemens Kolbitsch, Engin Kirda, Christopher Kruegel:
The power of procrastination: detection and mitigation of execution-stalling malicious code. 285-296
Giorgos Vasiliadis, Michalis Polychronakis, Sotiris Ioannidis:
MIDeA: a multi-parallel intrusion detection architecture. 297-308
Jiyong Jang, David Brumley, Shobha Venkataraman:
BitShred: feature hashing malware for scalable triage and semantic analysis. 309-320

Formal methods and verification

Vincent Cheval, Hubert Comon-Lundh, Stéphanie Delaune:
Trace equivalence decision: negative tests and non-determinism. 321-330
Mihhail Aizatulin, Andrew D. Gordon, Jan Jürjens:
Extracting and verifying cryptographic models from C protocol code by symbolic execution. 331-340
Cédric Fournet, Markulf Kohlweiss, Pierre-Yves Strub:
Modular code-based cryptographic verification. 341-350
Cédric Fournet, Jérémy Planul, Tamara Rezk:
Information-flow types for homomorphic encryptions. 351-360

Keynote address

Jan Camenisch:
Cryptographic primitives for building secure and privacy respecting protocols. 361-362

Virtual machines and hypervisors

Deepa Srinivasan, Zhi Wang, Xuxian Jiang, Dongyan Xu:
Process out-grafting: an efficient "out-of-VM" approach for fine-grained process execution monitoring. 363-374
Ahmed M. Azab, Peng Ning, Xiaolan Zhang:
SICE: a hardware-level strongly isolated computing environment for x86 multi-core platforms. 375-388
Sven Bugiel, Stefan Nürnberger, Thomas Pöppelmann, Ahmad-Reza Sadeghi, Thomas Schneider:
AmazonIA: when elasticity snaps back. 389-400
Jakub Szefer, Eric Keller, Ruby B. Lee, Jennifer Rexford:
Eliminating the hypervisor attack surface for a more secure cloud. 401-412

Applied cryptography

Tibor Jager, Somorovsky Juraj:
How to break XML encryption. 413-422
Mihir Bellare, David Cash, Sriram Keelveedhi:
Ciphers that securely encipher their own keys. 423-432
Ali Bagherzandi, Stanislaw Jarecki, Nitesh Saxena, Yanbin Lu:
Password-protected secret sharing. 433-444
Ran Canetti, Ben Riva, Guy N. Rothblum:
Practical delegation of computation using multiple servers. 445-454

Wild woolly web

Tyler Moore, Nektarios Leontiadis, Nicolas Christin:
Fashion crimes: trending-term exploitation on the web. 455-466
Long Lu, Roberto Perdisci, Wenke Lee:
SURF: detecting and measuring search poisoning. 467-476
David Y. Wang, Stefan Savage, Geoffrey M. Voelker:
Cloak and dagger: dynamics of web search cloaking. 477-490

Cloud computing

Shai Halevi, Danny Harnik, Benny Pinkas, Alexandra Shulman-Peleg:
Proofs of ownership in remote storage systems. 491-500
Kevin D. Bowers, Marten van Dijk, Ari Juels, Alina Oprea, Ronald L. Rivest:
How to tell if your cloud files are vulnerable to drive crashes. 501-514
Kehuan Zhang, Xiao-yong Zhou, Yangyi Chen, XiaoFeng Wang, Yaoping Ruan:
Sedic: privacy-aware data intensive computing on hybrid clouds. 515-526

Side-channel attacks and defenses

Rahul Raguram, Andrew M. White, Dibyendusekhar Goswami, Fabian Monrose, Jan-Michael Frahm:
iSpy: automatic reconstruction of typed input from compromising reflections. 527-536
Miro Enev, Sidhant Gupta, Tadayoshi Kohno, Shwetak N. Patel:
Televisions, video privacy, and powerline electromagnetic interference. 537-550
Philip Marquardt, Arunabh Verma, Henry Carter, Patrick Traynor:
(sp)iPhone: decoding vibrations from nearby keyboards using mobile phone accelerometers. 551-562
Danfeng Zhang, Aslan Askarov, Andrew C. Myers:
Predictive mitigation of timing channels in interactive systems. 563-574

Securing web applications

Prithvi Bisht, Timothy Hinrichs, Nazari Skrupsky, V. N. Venkatakrishnan:
WAPTEC: whitebox analysis of web applications for parameter tampering exploit construction. 575-586
Mike Samuel, Prateek Saxena, Dawn Song:
Context-sensitive auto-sanitization in web templating languages using type qualifiers. 587-600
Prateek Saxena, David Molnar, Benjamin Livshits:
SCRIPTGARD: automatic context-sensitive sanitization for large-scale legacy web applications. 601-614
Shuo Tang, Nathan Dautenhahn, Samuel T. King:
Fortifying web-based applications automatically. 615-626

Privacy and mobile security

Adrienne Porter Felt, Erika Chin, Steve Hanna, Dawn Song, David Wagner:
Android permissions demystified. 627-638
Peter Hornyack, Seungyeop Han, Jaeyeon Jung, Stuart E. Schechter, David Wetherall:
These aren't the droids you're looking for: retrofitting android to protect data from imperious applications. 639-652
Raluca A. Popa, Andrew J. Blumberg, Hari Balakrishnan, Frank Li:
Privacy and accountability for location-based aggregate statistics. 653-666
Alexey Reznichenko, Saikat Guha, Paul Francis:
Auctions in do-not-track compliant internet advertising. 667-676

Making secure computation practical

Ryan Henry, Femi G. Olumofin, Ian Goldberg:
Practical PIR for electronic commerce. 677-690
Pierre Baldi, Roberta Baronio, Emiliano De Cristofaro, Paolo Gasti, Gene Tsudik:
Countering GATTACA: efficient and secure testing of fully-sequenced human genomes. 691-702
Florian Kerschbaum:
Automatically optimizing secure computation. 703-714
Lior Malka:
VMCrypt: modular software architecture for scalable secure computation. 715-724

Poster and demo session

Florian Adamsky, Hassan Khan, Muttukrishnan Rajarajan, Syed Ali Khayam, Rudolf Jäger:
Poster: Destabilizing BitTorrent's clusters to attack high bandwidth leechers. 725-728
Seyed Ali Ahmadzadeh, Gordon B. Agnew:
Poster: a geometric approach for multicast authentication in adversarial channels. 729-732
Patrik Bichsel, Franz-Stefan Preiss:
Demo: a comprehensive framework enabling data-minimizing authentication. 733-736
Erik-Oliver Blass, Kaoutar Elkhiyaoui, Refik Molva, Olivier Savry, Cédric Vérhilac:
Demo: the f_f hardware prototype for privacy-preserving RFID authentication. 737-740
Sven Bugiel, Lucas Davi, Alexandra Dmitrienko, Thomas Fischer, Ahmad-Reza Sadeghi, Bhargava Shastry:
Poster: the quest for security against privilege escalation attacks on android. 741-744
Yinzhi Cao, Vinod Yegneswaran, Phillip A. Porras, Yan Chen:
Poster: a path-cutting approach to blocking XSS worms in social web networks. 745-748
Lucas Davi, Alexandra Dmitrienko, Manuel Egele, Thomas Fischer, Thorsten Holz, Ralf Hund, Stefan Nürnberger, Ahmad-Reza Sadeghi:
Poster: control-flow integrity for smartphones. 749-752
Shlomi Dolev, Niv Gilboa, Ofer Hermoni:
Poster: arbitrators in the security infrastructure, supporting positive anonymity. 753-756
Shlomi Dolev, Niv Gilboa, Marina Kopeetsky:
Poster: attribute based broadcast encryption with permanent revocation. 757-760
Carol J. Fung, Quanyan Zhu, Raouf Boutaba, Tamer Basar:
Poster: SMURFEN: a rule sharing collaborative intrusion detection network. 761-764
Ma'ayan Gafny, Asaf Shabtai, Lior Rokach, Yuval Elovici:
Poster: applying unsupervised context-based analysis for detecting unauthorized data disclosure. 765-768
Hongyu Gao, Yan Chen, Kathy Lee, Diana Palsetia, Alok N. Choudhary:
Poster: online spam filtering in social networks. 769-772
Xi Gong, Ting Yu, Adam J. Lee:
Poster: on trust evaluation with missing information in reputation systems. 773-776
Weili Han, Zheran Fang, Weifeng Chen, Wenyuan Xu, Chang Lei:
Poster: collaborative policy administration. 777-780
Weili Han, Chenguang Shen, Yuliang Yin, Yun Gu, Chen Chen:
Poster: using quantified risk and benefit to strengthen the security of information sharing. 781-784
Jun Hu, Hongyu Gao, Zhichun Li, Yan Chen:
Poster: CUD: crowdsourcing for URL spam detection. 785-788
Ashar Javed:
Poster: DIEGO: a fine-grained access control for web browsers. 789-792
Arjan Jeckmans, Qiang Tang, Pieter H. Hartel:
Poster: privacy-preserving profile similarity computation in online social networks. 793-796
Ünal Koçabas, Ahmad-Reza Sadeghi, Christian Wachsmann, Steffen Schulz:
Poster: practical embedded remote attestation using physically unclonable functions. 797-800
Yao Liu, Peng Ning:
Poster: mimicry attacks against wireless link signature. 801-804
Stefano Maggi, Alberto Volpatto, Simone Gasparini, Giacomo Boracchi, Stefano Zanero:
Poster: fast, automatic iPhone shoulder surfing. 805-808
Shah Mahmood, Yvo Desmedt:
Poster: preliminary analysis of Google+'s privacy. 809-812
Nayantara Mallesh, Matthew Wright:
Poster: shaping network topology for privacy and performance. 813-816
Ramon Francisco Pacquiao Mejia, Yuichi Kaji, Hiroyuki Seki:
Poster: trans-organizational role-based access control. 817-820
Mohamed Nabeel, Elisa Bertino:
Poster: towards attribute based group key management. 821-824
Rishab Nithyanand, Radu Sion, John Solis:
Poster: making the case for intrinsic personal physical unclonable functions (IP-PUFs). 825-828
Ben Niu, Gang Tan:
Poster: uPro: a compartmentalization tool supporting fine-grained and flexible security configuration. 829-832
Peng Liao, Xiang Cui, Shuhao Li, Chaoge Liu:
Poster: recoverable botnets: a hybrid C&C approach. 833-836
Henning Perl, Michael Brenner, Matthew Smith:
Poster: an implementation of the fully homomorphic smart-vercauteren crypto-system. 837-840
Muhammad Rizwan Asghar, Giovanni Russello, Bruno Crispo:
Poster: ESPOON_ERBAC: enforcing security policies in outsourced environments with encrypted RBAC. 841-844
Mohammad Saiful Islam, Mehmet Kuzu, Murat Kantarcioglu:
Poster: inference attacks against searchable encryption protocols. 845-448
Axel Schröpfer, Florian Kerschbaum:
Demo: secure computation in JavaScript. 849-852
Chao Shen, Zhongmin Cai, Xiaohong Guan:
Poster: can it be more practical?: improving mouse dynamics biometric performance. 853-856
Patrick Stewin, Jean-Pierre Seifert, Collin Mulliner:
Poster: Towards detecting DMA malware. 857-860
Pengfei Sun, Qingni Shen, Ying Chen, Zhonghai Wu, Cong Zhang, Anbang Ruan, Liang Gu:
Poster: LBMS: load balancing based on multilateral security in cloud. 861-864
Daniel Trivellato, Nicola Zannone, Sandro Etalle:
Poster: protecting information in systems of systems. 865-868
Xiaoxin Wu, Lei Xu, Xinwen Zhang:
Poster: a certificateless proxy re-encryption scheme for cloud-based data sharing. 869-872
Zhi Yang, Lihua Yin, Miyi Duan, Shuyuan Jin:
Poster: towards formal verification of DIFC policies. 873-876
Ji Zhu, Mudhakar Srivatsa:
Poster: on quantitative information flow metrics. 877-880
Yan Zhu, Hongxin Hu, Gail-Joon Ahn, Xiaorui Gong, Shimin Chen:
Poster: temporal attribute-based encryption in clouds. 881-884

Last update Tue May 22 23:23:28 2012 CET by the DBLP Team —

Data released under the ODC-BY 1.0 license — See also our legal information page