CSDL - Proceedings A

Conference Committee (PDF)

pp. x

Program Committee (PDF)

pp. x

Reviewers (PDF)

pp. xi-xii

Steering Committee (PDF)

pp. xiii

Sponsors (PDF)

pp. xiv

Privacy and Security in Public Health: Maintaining the Delicate Balance between Personal Privacy and Population Safety (Abstract)

Distinguished Practitioner

Dixie B. Baker, Science Applications International Corporation

pp. 3-22

PDF

Session: Applied Distributed Collaboration

Shamon: A System for Distributed Mandatory Access Control (Abstract)

Jonathan M. McCune, Carnegie Mellon University, USA

Trent Jaeger, Pennsylvania State University, USA

Stefan Berger, IBM T.J. Watson Research Center, USA

Ramon Caceres, IBM T.J. Watson Research Center, USA

Reiner Sailer, IBM T.J. Watson Research Center, USA

pp. 23-32

PDF

A Framework for a Collaborative DDoS Defense (Abstract)

George Oikonomou, University of Delaware, USA

Jelena Mirkovic, University of Delaware, USA

Peter Reiher, UCLA, USA

Max Robinson, Aerospace Corporation

pp. 33-42

PDF

V-COPS: A Vulnerability-Based Cooperative Alert Distribution System (Abstract)

Shiping Chen, George Mason University, USA; Sybase Inc., USA

Dongyu Liu, George Mason University, USA

Songqing Chen, George Mason University, USA

Sushil Jajodia, George Mason University, USA

pp. 43-56

PDF

Session: Client Access in Untrusted Environments

Delegate: A Proxy Based Architecture for Secure Website Access from an Untrusted Machine (Abstract)

Ravi Chandra Jammalamadaka, University of California, Irvine, USA

Timothy W. van der Horst, Brigham Young University, USA

Sharad Mehrotra, University of California, Irvine, USA

Kent E. Seamons, Brigham Young University, USA

Nalini Venkasubramanian, University of California, Irvine, USA

pp. 57-66

PDF

KLASSP: Entering Passwords on a Spyware Infected Machine Using a Shared-Secret Proxy (Abstract)

Dinei Florencio, Microsoft Research, USA

Cormac Herley, Microsoft Research, USA

pp. 67-76

PDF

Vulnerability Analysis of MMS User Agents (Abstract)

Collin Mulliner, University of California, Santa Barbara, USA

Giovanni Vigna, University of California, Santa Barbara, USA

pp. 77-88

PDF

Session: Network Intrusion Detection

Backtracking Algorithmic Complexity Attacks against a NIDS (Abstract)

Randy Smith, University of Wisconsin-Madison, USA

Cristian Estan, University of Wisconsin-Madison, USA

Somesh Jha, University of Wisconsin-Madison, USA

pp. 89-98

PDF

NetSpy: Automatic Generation of Spyware Signatures for NIDS (Abstract)

Hao Wang, University of Wisconsin-Madison, USA

Somesh Jha, University of Wisconsin-Madison, USA

Vinod Ganapathy, University of Wisconsin-Madison, USA

pp. 99-108

PDF

Detecting Policy Violations through Traffic Analysis (Abstract)

Jeffrey Horton, University of Wollongong, Australia

Rei Safavi-Naini, University of Wollongong, Australia

pp. 109-120

PDF

Session: Network Security

Practical Attack Graph Generation for Network Defense (Abstract)

Kyle Ingols, MIT Lincoln Laboratory, USA

Richard Lippmann, MIT Lincoln Laboratory, USA

Keith Piwowarski, MIT Lincoln Laboratory, USA

pp. 121-130

PDF

Secure Distributed Cluster Formation in Wireless Sensor Networks (Abstract)

Kun Sun, Intelligent Automation, Inc.

Pai Peng, Opsware Inc.

Peng Ning, NC State University, USA

Cliff Wang, Army Research Office

pp. 131-140

PDF

Specification-Based Intrusion Detection in WLANs (Abstract)

Rupinder Gill, Queensland University of Technology, Australia

Jason Smith, Queensland University of Technology, Australia

Andrew Clark, Queensland University of Technology, Australia

pp. 141-152

PDF

Session: Security in Systems

From Languages to Systems: Understanding Practical Application Development in Security-typed Languages (Abstract)

Boniface Hicks, Pennsylvania State University, USA

Kiyan Ahmadizadeh, Pennsylvania State University, USA

Patrick McDaniel, Pennsylvania State University, USA

pp. 153-164

PDF

An Internet Voting System Supporting User Privacy (Abstract)

Aggelos Kiayias, University of Connecticut, USA

Michael Korman, University of Connecticut, USA

David Walluck, University of Connecticut, USA

pp. 165-174

PDF

A Study of Access Control Requirements for Healthcare Systems Based on Audit Trails from Access Logs (Abstract)

Lillian Rostad, Norwegian University of Science and Technology (NTNU), Norway

Ole Edsberg, Norwegian University of Science and Technology (NTNU), Norway

pp. 175-186

PDF

Invited Essayist

Engineering Sufficiently Secure Computing (Abstract)

Brian Witten, Symantec Research Labs

pp. 187-202

PDF

Session: Applied Sandboxing

A Module System for Isolating Untrusted Software Extensions (Abstract)

Philip W.L. Fong, University of Regina, Canada

Simon A. Orr, University of Regina, Canada

pp. 203-212

PDF

How to Automatically and Accurately Sandbox Microsoft IIS (Abstract)

Wei Li, Stony Brook University

Lap-chung Lam, Stony Brook University

Tzi-cker Chiueh, Stony Brook University

pp. 213-222

PDF

Data Sandboxing: A Technique for Enforcing Confidentiality Policies (Abstract)

Tejas Khatiwala, University of Illinois, Chicago, USA

Raj Swaminathan, University of Illinois, Chicago, USA

V.N. Venkatakrishnan, University of Illinois, Chicago, USA

pp. 223-234

PDF

Session: Malware

On Detecting Camouflaging Worm (Abstract)

Wei Yu, Texas A&M University, USA

Xun Wang, The Ohio State University, USA

Prasad Calyam, The Ohio State University, USA

Dong Xuan, The Ohio State University, USA

Wei Zhao, Texas A&M University, USA

pp. 235-244

PDF

Bluetooth Worms: Models, Dynamics, and Defense Implications (Abstract)

Guanhua Yan, Los Alamos National Laboratory

Stephan Eidenbenz, Los Alamos National Laboratory

pp. 245-256

PDF

Back to the Future: A Framework for Automatic Malware Removal and System Repair (Abstract)

Francis Hsu, University of California, Davis, USA

Hao Chen, University of California, Davis, USA

Thomas Ristenpart, University of California, Davis, USA; University of California, San Diego, USA

Jason Li, University of California, Davis, USA; Microsoft Corporation

Zhendong Su, University of California, Davis, USA

pp. 257-268

PDF

Session: Applied Detection Technologies

Static Detection of Vulnerabilities in x86 Executables (Abstract)

Marco Cova, University of California, Santa Barbara, USA

Viktoria Felmetsger, University of California, Santa Barbara, USA

Greg Banks, University of California, Santa Barbara, USA

Giovanni Vigna, University of California, Santa Barbara, USA

pp. 269-278

PDF

Foreign Code Detection on the Windows/X86 Platform (Abstract)

Susanta Nanda, SUNY at Stony Brook, USA

Wei Li, SUNY at Stony Brook, USA

Lap-Chung Lam, SUNY at Stony Brook, USA

Tzi-cker Chiueh, SUNY at Stony Brook, USA

pp. 279-288

PDF

PolyUnpack: Automating the Hidden-Code Extraction of Unpack-Executing Malware (Abstract)

Paul Royal, Georgia Institute of Technology, USA

Mitch Halpin, Georgia Institute of Technology, USA

David Dagon, Georgia Institute of Technology, USA

Robert Edmonds, Georgia Institute of Technology, USA

Wenke Lee, Georgia Institute of Technology, USA

pp. 289-300

PDF

Classic Papers

Fifteen Years after TX: A Look Back at High Assurance Multi-Level Secure Windowing (Abstract)

Jeremy Epstein, webMethods, Inc.

pp. 301-320

PDF

Risks of Untrustworthiness (Abstract)

Peter G. Neumann, SRI International, USA

pp. 321-328

PDF

Session: Applied Randomization

Address-Space Randomization for Windows Systems (Abstract)

Lixin Li, Global InfoTek, Inc., USA

James E. Just, Global InfoTek, Inc., USA

R. Sekar, Stony Brook University, USA

pp. 329-338

PDF

Address Space Layout Permutation (ASLP): Towards Fine-Grained Randomization of Commodity Software (Abstract)

Chongkyung Kil, North Carolina State University, USA

Jinsuk Jun, North Carolina State University, USA

Christopher Bookholt, North Carolina State University, USA

Jun Xu, Google, Inc.

Peng Ning, North Carolina State University, USA

pp. 339-348

PDF

Known/Chosen Key Attacks against Software Instruction Set Randomization (Abstract)

Yoav Weiss, Discretix Technologies Ltd., Israel

Elena Gabriela Barrantes, Universidad de Costa Rica, Costa Rica

pp. 349-360

PDF

Session: Intrusion Detection

Automatic Evaluation of Intrusion Detection Systems (Abstract)

Frederic Massicotte, Canada Communication Research Center, Canada

Francois Gagnon, Carleton University, Canada

Yvan Labiche, Carleton University, Canada

Lionel Briand, Carleton University, Canada

Mathieu Couture, Carleton University, Canada

pp. 361-370

PDF

Offloading IDS Computation to the GPU (Abstract)

Nigel Jacob, Tufts University, USA

Carla Brodley, Tufts University, USA

pp. 371-380

PDF

Anomaly Based Web Phishing Page Detection (Abstract)

Ying Pan, Singapore Management University, Singapore

Xuhua Ding, Singapore Management University, Singapore

pp. 381-392

PDF

Session: Messaging Security

Addressing SMTP-Based Mass-Mailing Activity within Enterprise Networks (Abstract)

David Whyte, Carleton University, Canada

P.C. van Oorschot, Carleton University, Canada

Evangelos Kranakis, Carleton University, Canada

pp. 393-402

PDF

Using Attribute-Based Access Control to Enable Attribute-Based Messaging (Abstract)

Rakesh Bobba, University of Illinios Urbana-Champaign, USA

Omid Fatemieh, University of Illinois Urbana-Champaign, USA

Fariba Khan, University of Illinois Urbana-Champaign, USA

Carl A. Gunter, University of Illinois Urbana-Champaign, USA

Himanshu Khurana, University of Illinois Urbana-Champaign, USA

pp. 403-413

PDF

Enhancing Collaborative Spam Detection with Bloom Filters (Abstract)

Jeff Yan, Newcastle University, UK

Pook Leong Cho, Newcastle University, UK

pp. 414-428

PDF

Session: Countermeasures

Extended Protection against Stack Smashing Attacks without Performance Loss (Abstract)

Yves Younan, Katholieke Universiteit Leuven, Belgium

Davide Pozza, Politecnico di Torino, Italy

Frank Piessens, Katholieke Universiteit Leuven, Belgium

Wouter Joosen, Katholieke Universiteit Leuven, Belgium

pp. 429-438

PDF

PAST: Probabilistic Authentication of Sensor Timestamps (Abstract)

Ashish Gehani, University of Notre Dame

Surendar Chandra, University of Notre Dame

pp. 439-448

PDF

Towards Database Firewall: Mining the Damage Spreading Patterns (Abstract)

Kun Bai, The Pennsylvania State University, USA

Peng Liu, The Pennsylvania State University, USA

pp. 449-462

PDF

Session: Information Flow and Leakage

A General Dynamic Information Flow Tracking Framework for Security Applications (Abstract)

Lap Chung Lam, Rether Networks, Inc., USA

Tzi-cker Chiueh, Rether Networks, Inc., USA

pp. 463-472

PDF

Covert and Side Channels Due to Processor Architecture (Abstract)

Zhenghong Wang, Princeton University

Ruby B. Lee, Princeton University

pp. 473-482

PDF

CryptoPage: An Efficient Secure Architecture with Memory Encryption, Integrity and Information Leakage Protection (Abstract)

Guillaume Duc, ENST Bretagne, France

Ronan Keryell, ENST Bretagne, France

pp. 483-492

PDF

Protecting Privacy in Key-Value Search Systems (Abstract)

Yinglian Xie, Carnegie Mellon University, USA

Michael K. Reiter, Carnegie Mellon University, USA

David O'Hallaron, Carnegie Mellon University, USA

pp. 493-504

PDF

Author Index

Author Index (PDF)

pp. 505-506