


default search action
20th CCS 2013: Berlin, Germany
- Ahmad-Reza Sadeghi, Virgil D. Gligor, Moti Yung:
2013 ACM SIGSAC Conference on Computer and Communications Security, CCS'13, Berlin, Germany, November 4-8, 2013. ACM 2013, ISBN 978-1-4503-2477-9
Session 1-A: trusted systems
- Frederik Armknecht
, Ahmad-Reza Sadeghi, Steffen Schulz, Christian Wachsmann:
A security framework for the analysis and design of software attestation. 1-12 - Emmanuel Owusu, Jorge Guajardo, Jonathan M. McCune, James Newsome, Adrian Perrig, Amit Vasudevan:
OASIS: on achieving a sanctuary for integrity and secrecy on untrusted platforms. 13-24 - John Butterworth, Corey Kallenberg, Xeno Kovah, Amy Herzog:
BIOS chronomancy: fixing the core root of trust for measurement. 25-36 - Liqun Chen
, Jiangtao Li:
Flexible and scalable digital signatures in TPM 2.0. 37-48
Session 1-B: how crypto breaks
- Sascha Fahl, Marian Harbach
, Henning Perl, Markus Koetter, Matthew Smith
:
Rethinking SSL development in an appified world. 49-60 - Kevin P. Dyer, Scott E. Coull, Thomas Ristenpart, Thomas Shrimpton:
Protocol misidentification made easy with format-transforming encryption. 61-72 - Manuel Egele, David Brumley, Yanick Fratantonio, Christopher Kruegel:
An empirical study of cryptographic misuse in android applications. 73-84 - Mobin Javed, Vern Paxson:
Detecting stealthy, distributed SSH brute-forcing. 85-96
Session 1-C: malware
- Fanny Lalonde Lévesque, Jude Nsiempba, José M. Fernandez
, Sonia Chiasson, Anil Somayaji:
A clinical study of risk factors related to malware infections. 97-108 - Kevin Borgolte, Christopher Kruegel, Giovanni Vigna:
Delta: automatic identification of unknown web-based infection campaigns. 109-120 - Yacin Nadji, Manos Antonakakis, Roberto Perdisci
, David Dagon, Wenke Lee:
Beheading hydras: performing effective botnet takedowns. 121-132 - Gianluca Stringhini, Christopher Kruegel, Giovanni Vigna:
Shady paths: leveraging surfing crowds to detect malicious web pages. 133-144
Session 2-A: passwords
- Ari Juels, Ronald L. Rivest:
Honeywords: making password-cracking detectable. 145-160 - Sebastian Uellenbeck, Markus Dürmuth
, Christopher Wolf, Thorsten Holz
:
Quantifying the security of graphical passwords: the case of android unlock patterns. 161-172 - Michelle L. Mazurek, Saranga Komanduri, Timothy Vidas, Lujo Bauer
, Nicolas Christin
, Lorrie Faith Cranor
, Patrick Gage Kelley, Richard Shay, Blase Ur:
Measuring password guessability for an entire university. 173-186 - Georgios Kontaxis, Elias Athanasopoulos, Georgios Portokalidis, Angelos D. Keromytis:
SAuth: protecting user accounts from password database leaks. 187-198
Session 2-B: control & information flow
- Ben Niu, Gang Tan
:
Monitor integrity protection with space efficiency and separate compilation. 199-210 - Máté Kovács, Helmut Seidl, Bernd Finkbeiner:
Relational abstract interpretation for the verification of 2-hypersafety properties. 211-222 - Mads Dam, Roberto Guanciale
, Narges Khakpour
, Hamed Nemati
, Oliver Schwarz:
Formal verification of information flow security for a simple arm-based separation kernel. 223-234 - Kangkook Jee, Vasileios P. Kemerlis
, Angelos D. Keromytis, Georgios Portokalidis:
ShadowReplica: efficient parallelization of dynamic data flow tracking. 235-246
Session 2-C: storage security
- Emil Stefanov, Elaine Shi:
Multi-cloud oblivious storage. 247-258 - Christian Cachin, Kristiyan Haralambiev, Hsu-Chun Hsiao
, Alessandro Sorniotti:
Policy-based secure deletion. 259-270 - Joel Reardon, Hubert Ritzdorf, David A. Basin, Srdjan Capkun:
Secure data deletion from persistent media. 271-284 - Dan Dobre, Ghassan Karame, Wenting Li
, Matthias Majuntke, Neeraj Suri
, Marko Vukolic:
PoWerStore: proofs of writing for efficient and robust storage. 285-298
Session 3-A: oblivious RAM and oblivious computation
- Emil Stefanov, Marten van Dijk
, Elaine Shi, Christopher W. Fletcher, Ling Ren, Xiangyao Yu, Srinivas Devadas:
Path ORAM: an extremely simple oblivious RAM protocol. 299-310 - Martin Maas, Eric Love, Emil Stefanov, Mohit Tiwari
, Elaine Shi, Krste Asanovic, John Kubiatowicz, Dawn Song:
PHANTOM: practical oblivious computation in a secure processor. 311-324 - Elaine Shi, Emil Stefanov, Charalampos Papamanthou:
Practical dynamic proofs of retrievability. 325-336
Session 3-B: anonymous channels
- Aaron Johnson, Chris Wacek, Rob Jansen, Micah Sherr, Paul F. Syverson:
Users get routed: traffic correlation on tor by realistic adversaries. 337-348 - Mashael AlSabah, Ian Goldberg:
PCTCP: per-circuit TCP-over-IPsec transport for anonymous communication overlay networks. 349-360 - John Geddes, Max Schuchard, Nicholas Hopper:
Cover your ACKs: pitfalls of covert channel censorship circumvention. 361-372
Session 3-C: protocol analysis & synthesis
- Christina Brzuska, Nigel P. Smart, Bogdan Warinschi, Gaven J. Watson:
An analysis of the EMV channel establishment protocol. 373-386 - Florian Giesen, Florian Kohlar, Douglas Stebila
:
On the security of TLS renegotiation. 387-398 - Joseph A. Akinyele, Matthew Green, Susan Hohenberger:
Using SMT solvers to automate design tasks for encryption and signature schemes. 399-410
Keynote
- Ravi S. Sandhu:
The science, engineering and business of cyber security. 411-412
Session 4-A: network security
- Seungwon Shin, Vinod Yegneswaran, Phillip A. Porras, Guofei Gu:
AVANT-GUARD: scalable and vigilant switch flow management in software-defined networks. 413-424 - W. Michael Petullo, Xu Zhang, Jon A. Solworth, Daniel J. Bernstein, Tanja Lange:
MinimaLT: minimal-latency networking through better security. 425-438
Session 4-B: critical infrastructures
- Rui Tan, Varun Badrinath Krishna, David K. Y. Yau, Zbigniew Kalbarczyk:
Impact of integrity attacks on real-time pricing in smart grids. 439-450 - Muhammad Qasim Ali, Ehab Al-Shaer:
Configuration-based IDS for advanced metering infrastructure. 451-462
Session 4-C: attribute-based encryption
- Yannis Rouselakis, Brent Waters:
Practical constructions and new proof methods for large universe attribute-based encryption. 463-474 - Zhen Liu, Zhenfu Cao
, Duncan S. Wong:
Blackbox traceable CP-ABE: how to catch people leaking their keys by selling decryption devices on ebay. 475-486
Session 5-A: programming securely
- Junyuan Zeng, Yangchun Fu, Kenneth A. Miller, Zhiqiang Lin, Xiangyu Zhang, Dongyan Xu:
Obfuscation resilient binary code reuse through trace-oriented programming. 487-498 - Fabian Yamaguchi, Christian Wressnegger, Hugo Gascon, Konrad Rieck:
Chucky: exposing missing checks in source code for vulnerability discovery. 499-510 - Maverick Woo, Sang Kil Cha, Samantha Gottlieb, David Brumley:
Scheduling black-box mutational fuzzing. 511-522
Session 5-B: secure multiparty computation
- Abhi Shelat, Chih-Hao Shen:
Fast two-party secure computation with minimal assumptions. 523-534 - Gilad Asharov
, Yehuda Lindell
, Thomas Schneider
, Michael Zohner:
More efficient oblivious transfer and extensions for faster secure computation. 535-548 - Marcel Keller
, Peter Scholl
, Nigel P. Smart:
An architecture for practical actively secure MPC with dishonest majority. 549-560
Session 5-C: formal methods
- Andrew K. Hirsch
, Michael R. Clarkson:
Belief semantics of authorization logic. 561-572 - Bruno Blanchet
, Miriam Paiola:
Automatic verification of protocols with lists of unbounded length. 573-584 - Philip W. L. Fong, Pooya Mehregan, Ram Krishnan:
Relational abstraction in community-based secure collaboration. 585-598
Session 6-A: mobile security issues
- Abdul Serwadda, Vir V. Phoha
:
When kids' toys breach mobile phone security. 599-610 - Yuan Zhang, Min Yang, Bingquan Xu, Zhemin Yang, Guofei Gu, Peng Ning, Xiaoyang Sean Wang, Binyu Zang:
Vetting undesirable behaviors in android apps with permission use analysis. 611-622 - Lei Wu, Michael C. Grace, Yajin Zhou, Chiachih Wu, Xuxian Jiang:
The impact of vendor customizations on android security. 623-634 - Rui Wang, Luyi Xing, XiaoFeng Wang, Shuo Chen:
Unauthorized origin crossing on mobile platforms: threats and mitigation. 635-646
Session 6-B: randomness
- Yevgeniy Dodis, David Pointcheval
, Sylvain Ruhault, Damien Vergnaud, Daniel Wichs:
Security analysis of pseudo-random number generators with input: /dev/random is not robust. 647-658 - Soo Hyeon Kim, Daewan Han, Dong Hoon Lee:
Predictability of Android OpenSSL's pseudo random number generator. 659-668 - Aggelos Kiayias, Stavros Papadopoulos, Nikos Triandopoulos, Thomas Zacharias
:
Delegatable pseudorandom functions and applications. 669-684 - Henry Corrigan-Gibbs, Wendy Mu, Dan Boneh, Bryan Ford
:
Ensuring high-quality randomness in cryptographic key generation. 685-696
Session 6-C: hardware security
- Adam Waksman, Matthew Suozzo, Simha Sethumadhavan:
FANCI: identification of stealthy malicious logic using boolean functional analysis. 697-708 - Jeyavijayan Rajendran, Michael Sam, Ozgur Sinanoglu
, Ramesh Karri
:
Security analysis of integrated circuit camouflaging. 709-720 - Albert Kwon, Udit Dhawan, Jonathan M. Smith, Thomas F. Knight Jr., André DeHon:
Low-fat pointers: compact encoding and efficient gate-level implementation of fat pointers for spatial safety and capability-based security. 721-732 - Clemens Helfmeier, Dmitry Nedospasov, Christopher Tarnovsky, Jan Starbug Krissler, Christian Boit, Jean-Pierre Seifert:
Breaking and entering through the silicon. 733-744
Session 7-A: web attacks
- Jonas Magazinius, Billy K. Rios, Andrei Sabelfeld:
Polyglots: crossing origins by crossing formats. 753-764 - Vacha Dave, Saikat Guha, Yin Zhang:
ViceROI: catching click-spam in search ad networks. 765-776 - Mario Heiderich, Jörg Schwenk, Tilman Frosch, Jonas Magazinius, Edward Z. Yang:
mXSS attacks: attacking well-secured web-applications by using innerHTML mutations. 777-788
Session 7-B: privacy-preserving protocols
- Changyu Dong, Liqun Chen
, Zikai Wen
:
When private set intersection meets big data: an efficient and scalable protocol. 789-800 - Valeria Nikolaenko, Stratis Ioannidis
, Udi Weinsberg, Marc Joye, Nina Taft, Dan Boneh:
Privacy-preserving matrix factorization. 801-812 - Yihua Zhang, Aaron Steele, Marina Blanton:
PICCO: a general-purpose compiler for private distributed computation. 813-826
Session 7-C: systems' attack mitigation
- Yinqian Zhang, Michael K. Reiter:
Düppel: retrofitting commodity operating systems to mitigate cache side channels in the cloud. 827-838 - Brendan Dolan-Gavitt, Tim Leek, Josh Hodosh, Wenke Lee:
Tappan Zee (north) bridge: mining memory accesses for introspection. 839-850 - Felix Schuster, Thorsten Holz
:
Towards reducing the attack surface of software backdoors. 851-862
Session 8-A: secure outsourcing protocols
- Michael Backes, Dario Fiore, Raphael M. Reischuk:
Verifiable delegation of computation on outsourced data. 863-874 - Stanislaw Jarecki, Charanjit S. Jutla, Hugo Krawczyk, Marcel-Catalin Rosu, Michael Steiner:
Outsourced symmetric private information retrieval. 875-888
Session 8-B: privacy models
- Ninghui Li, Wahbeh H. Qardaji, Dong Su, Yi Wu, Weining Yang:
Membership privacy: a unifying framework for privacy definitions. 889-900 - Miguel E. Andrés, Nicolás Emilio Bordenabe, Konstantinos Chatzikokolakis, Catuscia Palamidessi
:
Geo-indistinguishability: differential privacy for location-based systems. 901-914
Session 8-C: be aware & beware
- Tamara Denning, Adam Lerner, Adam Shostack, Tadayoshi Kohno:
Control-Alt-Hack: the design and evaluation of a card game for computer security awareness and education. 915-928 - Michael Weiner, Maurice Massar, Erik Tews, Dennis Giese, Wolfgang Wieser:
Security analysis of a widely deployed locking system. 929-940
Keynote
- Mikko Hypponen:
The cyber arms race. 941-942
Session 9-A: crypto tools
- Aggelos Kiayias, Qiang Tang:
How to keep a secret: leakage deterring public-key cryptosystems. 943-954 - Marek Jawurek, Florian Kerschbaum, Claudio Orlandi
:
Zero-knowledge using garbled circuits: how to prove non-algebraic statements efficiently. 955-966 - Daniel J. Bernstein, Mike Hamburg, Anna Krasnova, Tanja Lange:
Elligator: elliptic-curve points indistinguishable from uniform random strings. 967-980
Session 9-B: audit & code randomization
- Antonis Papadogiannakis, Laertis Loutsis, Vassilis Papaefstathiou, Sotiris Ioannidis:
ASIST: architectural support for instruction set randomization. 981-992 - Andrei Homescu, Stefan Brunthaler
, Per Larsen, Michael Franz:
Librando: transparent code randomization for just-in-time compilers. 993-1004 - Kyu Hyung Lee, Xiangyu Zhang, Dongyan Xu:
LogGC: garbage collecting audit log. 1005-1016
Session 9-C: mobile privacy
- Xiao-yong Zhou, Soteris Demetriou
, Dongjing He, Muhammad Naveed, Xiaorui Pan, XiaoFeng Wang, Carl A. Gunter, Klara Nahrstedt:
Identity, location, disease and more: inferring your secrets from android public resources. 1017-1028 - Adwait Nadkarni, William Enck:
Preventing accidental data disclosure in modern operating systems. 1029-1042 - Zhemin Yang, Min Yang, Yuan Zhang, Guofei Gu, Peng Ning, Xiaoyang Sean Wang:
AppIntent: analyzing sensitive data transmission in android for privacy leakage detection. 1043-1054
Session 10-A: graphics, vision & security
- Robert Kotcher, Yutong Pei, Pranjal Jumde, Collin Jackson:
Cross-origin pixel stealing: timing attacks using CSS filters. 1055-1062 - Yi Xu, Jared Heinly, Andrew M. White, Fabian Monrose, Jan-Michael Frahm:
Seeing double: reconstructing obscured typed input from repeated compromising reflections. 1063-1074 - Haichang Gao, Wei Wang, Jiao Qi, Xuqin Wang, Xiyang Liu, Jeff Yan:
The robustness of hollow CAPTCHAs. 1075-1086
Session 10-B: authentication
- Foteini Baldimtsi, Anna Lysyanskaya:
Anonymous credentials light. 1087-1098 - Masoud Rostami, Ari Juels, Farinaz Koushanfar
:
Heart-to-heart (H2H): authentication for implanted medical devices. 1099-1112 - Andrew Chi-Chih Yao, Yunlei Zhao:
OAKE: a new family of implicitly authenticated diffie-hellman protocols. 1113-1128
Session 10-C: privacy issues
- Gunes Acar, Marc Juarez
, Nick Nikiforakis, Claudia Díaz, Seda F. Gürses, Frank Piessens, Bart Preneel
:
FPDetective: dusting the web for fingerprinters. 1129-1140 - Mathias Humbert, Erman Ayday, Jean-Pierre Hubaux, Amalio Telenti:
Addressing the concerns of the lacks family: quantification of kin genomic privacy. 1141-1152 - David Isaac Wolinsky, Ewa Syta
, Bryan Ford
:
Hang with your buddies to resist intersection attacks. 1153-1166
Session 11-A: web and code security
- Alexander Moshchuk, Helen J. Wang, Yunxin Liu:
Content-based isolation: rethinking isolation policy design on client systems. 1167-1180 - Sooel Son
, Kathryn S. McKinley, Vitaly Shmatikov:
Diglossia: detecting code injection attacks with precision and efficiency. 1181-1192 - Sebastian Lekies, Ben Stock
, Martin Johns
:
25 million flows later: large-scale detection of DOM-based XSS. 1193-1204 - Adam Doupé, Weidong Cui, Mariusz H. Jakubowski, Marcus Peinado, Christopher Kruegel, Giovanni Vigna:
deDacota: toward preventing server-side XSS via automatic code and data separation. 1205-1216
Session 11-B: crypto symbolic analysis
- José Bacelar Almeida
, Manuel Barbosa
, Gilles Barthe
, François Dupressoir
:
Certified computer-aided cryptography: efficient provably secure machine code from high-level implementations. 1217-1230 - Gergei Bana, Koji Hasebe, Mitsuhiro Okada:
Computationally complete symbolic attacker and key exchange. 1231-1246 - Gilles Barthe
, Juan Manuel Crespo, Benjamin Grégoire, César Kunz, Yassine Lakhnech, Benedikt Schmidt, Santiago Zanella Béguelin
:
Fully automated analysis of padding-based encryption in the computational model. 1247-1260 - Florian Böhl, Véronique Cortier, Bogdan Warinschi:
Deduction soundness: prove one, get five for free. 1261-1272
Session 11-C: security/cryptographic utilities
- Kelsey Cairns, Thoshitha T. Gamage, Carl Hauser:
Efficient targeted key subset retrieval in fractal hash sequences. 1273-1284 - Sumeet Bajaj, Radu Sion:
HIFS: history independence for file systems. 1285-1296 - Shruti Tople, Shweta Shinde
, Zhaofeng Chen, Prateek Saxena:
AUTOCRYPT: enabling homomorphic computation on servers to protect sensitive web content. 1297-1310 - Xinshu Dong, Zhaofeng Chen, Hossein Siadati
, Shruti Tople, Prateek Saxena, Zhenkai Liang
:
Protecting sensitive web content from client-side vulnerabilities with CRYPTONS. 1311-1324
Demonstration presentations
- Florian Kerschbaum, Patrick Grofig, Isabelle Hang, Martin Härterich, Mathias Kohler, Andreas Schaad, Axel Schröpfer, Walter Tighzert:
Adjustably encrypted in-memory column-store. 1325-1328 - Xihui Chen, Carlo Harpes, Gabriele Lenzini, Miguel Martins, Sjouke Mauw
, Jun Pang:
Demonstrating a trust framework for evaluating GNSS signal integrity. 1329-1332 - Anthony Van Herrewege, André Schaller, Stefan Katzenbeisser, Ingrid Verbauwhede
:
Inherent PUFs and secure PRNGs on commercial off-the-shelf microcontrollers. 1333-1336 - Prabhakaran Kasinathan, Gianfranco Costamagna, Hussein Khaleel, Claudio Pastrone
, Maurizio A. Spirito
:
An IDS framework for internet of things empowered by 6LoWPAN. 1337-1340 - Raphael M. Reischuk, Florian Schröder, Johannes Gehrke:
Secure and customizable web development in the safe activation framework. 1341-1344 - Yury Zhauniarovich, Olga Gadyatskaya, Bruno Crispo:
Enabling trusted stores for android. 1345-1348 - Enrique Argones-Rúa, Francisco Javier García Salomón, Luis Pérez-Freire:
Gradiant asymmetric encryption and verification systems based on handwritten signature. 1349-1350 - Manish Shukla, Purushotam G. Radadia, Shirish Karande, Sachin Lodha:
On the real-time masking of the sound of credit cards using hot patching. 1351-1354
Poster presentations
- Stephan Neuhaus, Gabriela Gheorghe:
Critique of the CISSP common body of knowledge of cryptography. 1355-1358 - Gabriela Gheorghe, Stephan Neuhaus:
Preserving privacy and accountability for personal devices. 1359-1362 - Michael Brenner, Matthew Smith:
Caching oblivious memory access: an extension to the HCRYPT virtual machine. 1363-1366 - Leon Reznik
, Elisa Bertino:
Data quality evaluation: integrating security and accuracy. 1367-1370 - Cuong Xuan Nguyen, Hung-Hsuan Huang, Kyoji Kawagoe:
Graphical password using object-based image ranking. 1371-1374 - Hao Zhang
, Danfeng (Daphne) Yao
, Naren Ramakrishnan
:
A semantic-aware approach to reasoning about network traffic relations. 1375-1378 - Eitan Menahem, Asaf Shabtai, Adi Levhar:
Detecting malware through temporal function-based features. 1379-1382