The Community for Technology Leaders
Computer Security Applications Conference, Annual (2005)
Tucson, Arizona
Dec. 5, 2005 to Dec. 9, 2005
ISSN: 1063-9527
ISBN: 0-7695-2461-3
TABLE OF CONTENTS
Cover
Introduction

Program Committee (PDF)

pp. xviii
Distinguished Practitioner

We Need Assurance! (Abstract)

Brian Snow , U. S. National Security Agency
pp. 3-10
Track A: Software Security

Model Checking An Entire Linux Distribution for Security Violations (Abstract)

Hao Chen , University of California, Berkeley
Jacob West , University of California, Berkeley
Wei Tu , University of California, Berkeley
Benjamin Schwarz , University of California, Berkeley
David Wagner , University of California, Berkeley
Jeremy Lin , University of California, Berkeley
Geoff Morrison , University of California, Berkeley
pp. 13-22

Strengthening Software Self-Checksumming via Self-Modifying Code (Abstract)

Jonathon T. Giffin , University of Wisconsin
Mihai Christodorescu , University of Wisconsin
Louis Kruger , University of Wisconsin
pp. 23-32

Countering Trusting Trust through Diverse Double-Compiling (Abstract)

David Wheeler , Institute for Defense Analyses
pp. 33-48
Track B: Network Intrusion Detection

A Framework for Detecting Network-based Code Injection Attacks Targeting Windows and UNIX (Abstract)

Andrew Clark , Queensland University of Technology, Australia
George Mohay , Queensland University of Technology, Australia
Stig Andersson , Queensland University of Technology, Australia
Jacob Zimmermann , Queensland University of Technology, Australia
Bradley Schatz , Queensland University of Technology, Australia
pp. 49-58

A Host-Based Approach to Network Attack Chaining Analysis (Abstract)

Joseph Pamula , Center for Secure Information Systems George Mason University
Julie Street , ISE Department George Mason University
Paul Ammann , ISE Department George Mason University
Ronald Ritchey , Booz Allen & Hamilton
pp. 72-84
Track A: Security Designs

A Nitpicker?s guide to a minimal-complexity secure GUI (Abstract)

Norman Feske , Technische Universitat Dresden
Christian Helmuth , Technische Universitat Dresden
pp. 85-94

A User-level Framework for Auditing and Monitoring (Abstract)

Wu Yongzheng , National University of Singapore
Roland H. C. Yap , National University of Singapore
pp. 95-105

TARP: Ticket-based Address Resolution Protocol (Abstract)

Patrick McDaniel , Pennsylvania State University
William Enck , Pennsylvania State University
Wesam Lootah , Pennsylvania State University
pp. 106-116
Track B: Protocol Analysis

Verify Results of Network Intrusion Alerts Using Lightweight Protocol Analysis (Abstract)

Matt Bishop , University of California, Davis
Jingmin Zhou , University of California, Davis
Adam J. Carlson , University of California, Davis
pp. 117-126

Replay Attack in TCG Specification and Solution (Abstract)

Danilo Bruschi , Universita degli Studi di Milano
Lorenzo Cavallaro , Universita degli Studi di Milano
Andrea Lanzi , Universita degli Studi di Milano
Mattia Monga , Universita degli Studi di Milano
pp. 127-137
Track A: Vulnerability Assessment

Automated and Safe Vulnerability Assessment (Abstract)

Fanglu Guo , Stony Brook University, NY
Yang Yu , Stony Brook University, NY
Tzi-cker Chiueh , Stony Brook University, NY
pp. 150-159

Understanding Complex Network Attack Graphs through Clustered Adjacency Matrices (Abstract)

Steven Noel , George Mason University
Sushil Jajodia , George Mason University
pp. 160-169

Intrusion Detection in RBAC-administered Databases (Abstract)

Athena Vakali , Aristotle University
Ashish Kamra , Purdue University
Evimaria Terzi , University of Helsinki
Elisa Bertino , Purdue University
pp. 170-182
Track B: Hot Topics I
Invited Essayist
Track A: Automation

ScriptGen: an automated script generation tool for honeyd (Abstract)

Corrado Leita , Institut Eurecom Sophia Antipolis, France
Marc Dacier , Institut Eurecom Sophia Antipolis, France
Ken Mermoud , Institut Eurecom Sophia Antipolis, France
pp. 203-214

Evolving Successful Stack Overflow Attacks for Vulnerability Testing (Abstract)

Malcolm Heywood , Dalhousie University, Halifax, Nova Scotia
H. Gunes Kayacyk , Dalhousie University, Halifax, Nova Scotia
A. Nur Zincir-Heywood , Dalhousie University, Halifax, Nova Scotia
pp. 225-234
Track B: Security Analysis

Java for Mobile Devices: A Security Study (Abstract)

Chamseddine Talhi , Concordia University, Montreal, Canada
Mourad debbabi , Concordia University, Montreal, Canada
Sami Zhioua , Concordia University, Montreal, Canada
Mohamed Saleh , Concordia University, Montreal, Canada
pp. 235-244

Lessons Learned: A Security Analysis of the Internet Chess Club (Abstract)

Martin Cochran , University of Colorado
John Black , University of Colorado
Martin Ryan Gardner , University of Colorado
pp. 245-253

Building Evidence Graphs for Network Forensics Analysis (Abstract)

Wei Wang , Iowa State University
Thomas E. Daniels , Iowa State University
pp. 254-266
Track A: Operating System Security Mechanisms

Multi-Level Security Requirements for Hypervisors (Abstract)

Paul A. Karger , IBM Thomas J. Watson Research Center
pp. 267-275

Building a MAC-Based Security Architecture for the Xen Open-Source Hypervisor (Abstract)

Ramon Caceres , IBM T. J. Watson Research Center, Hawthorne, NY
Reiner Sailer , IBM T. J. Watson Research Center, Hawthorne, NY
Ronald Perez , IBM T. J. Watson Research Center, Hawthorne, NY
Leendert van Doorn , IBM T. J. Watson Research Center, Hawthorne, NY
Enriquillo Valdez , IBM T. J. Watson Research Center, Hawthorne, NY
Stefan Berger , IBM T. J. Watson Research Center, Hawthorne, NY
Trent Jaeger , IBM T. J. Watson Research Center, Hawthorne, NY
John Linwood Griffin , IBM T. J. Watson Research Center, Hawthorne, NY
pp. 276-285

e-NeXSh: Achieving an Effectively Non-Executable Stack and Heap via System-Call Policing (Abstract)

Angelos D. Keromytis , Columbia University, New York, NY
Gaurav S. Kc , Google Inc., Mountain View, CA
pp. 286-302
Track B: Data Integrity

Dynamic Taint Propagation for Java (Abstract)

Michael Franz , University of California, Irvine, CA
Deepak Chandra , University of California, Irvine, CA
Vivek Haldar , University of California, Irvine, CA
pp. 303-311

Paranoid: A Global Secure File Access Control System (Abstract)

Ashish Gehani , University of Notre Dame
Gershon Kedem , Duke University
Fareed Zaffar , Duke University
pp. 322-332
Track C: Hot Topics II
Classic Papers

The Pump: A Decade of Covert Fun (Abstract)

Myong H. Kang , Naval Research Laboratory Washington, DC
Stanley Chincheck , Naval Research Laboratory Washington, DC
Ira S. Moskowitz , Naval Research Laboratory Washington, DC
pp. 352-360
Track A: Malware

Design and Implementation of an Extrusion-based Break-In Detector for Personal Computers (Abstract)

Wai-tian Tan , University of California, Berkeley and Hewlett-Packard Laboratories
Randy H. Katz , University of California, Berkeley and Hewlett-Packard Laboratories
Weidong Cui , University of California, Berkeley and Hewlett-Packard Laboratories
pp. 361-370

Detecting Intra-enterprise Scanning Worms based on Address Resolution (Abstract)

Evangelos Kranakis , Carleton University, Ottawa, Canada
David Whyte , Carleton University, Ottawa, Canada
Paul C. van Oorschot , Carleton University, Ottawa, Canada
pp. 371-380

Stealth Breakpoints (Abstract)

Ramesh Yerraballi , University of Texas at Arlington
Amit Vasudevan , University of Texas at Arlington
pp. 381-392
Track B: Panel

Highlights from the 2005 New Security Paradigms Workshop (PDF)

Angelos D. Keromytis , Columbia University
Paul van Oorschot , Carleton University
Richard Ford , Florida Institute of Technology
John McDermott , Naval Research Laboratory
Julie Thorpe , Carleton University
Stelios Sidiroglou , Columbia University
Michael E. Locasto , Columbia University
Abe Singer , University of California at San Diego
Anil Somayaji , Carleton University
Simon Simon Foley , University College Cork
Mark Bush , Florida Institute of Technology
Alex Boulatov , Florida Institute of Technology
pp. 393-396
Track A: Distributed System Security

mSSL: Extending SSL to Support Data Sharing Among Collaborative Clients (Abstract)

Jun Li , University of Oregon
Xun Kang , University of Oregon
pp. 397-408

Layering Public Key Distribution Over Secure DNS using Authenticated Delegation (Abstract)

Daniel F. Berger , University of California, Riverside
Chinya V. Ravishankar , University of California, Riverside
John P. Jones , University of California, Riverside
pp. 409-418
Track B: Access Control

Uniform Application-level Access Control Enforcement of Organizationwide Policies (Abstract)

Tine Verhanneman , Katholieke Universiteit Leuven
Bart De Win , Katholieke Universiteit Leuven
Frank Piessens , Katholieke Universiteit Leuven
Wouter Joosen , Katholieke Universiteit Leuven
pp. 431-440

Using Continuous Biometric Verification to Protect Interactive Login Sessions (Abstract)

Sheng Zhang , National University of Singapore
Sandeep Kumar , National University of Singapore
Terence Sim , National University of Singapore
Rajkumar Janakiraman , National University of Singapore
pp. 441-450

Improved Port Knocking with Strong Authentication (Abstract)

John Aycock , University of Calgary
Rennie deGraaf , University of Calgary
Michael Jr. Jacobson , University of Calgary
pp. 451-462
Track A: Passwords and Applied Crypto

Graphical Passwords: A Survey (Abstract)

Ying Zhu , Georgia State University
G. Scott. Owen , Georgia State University
Xiaoyuan Suo , Georgia State University
pp. 463-472

Fault Attacks on Dual-Rail Encoded Systems (Abstract)

David Wagner , University of California, Berkeley
Jason Waddle , University of California, Berkeley
pp. 483-494
Track B: Defense in Depth/Database Security

Survivability Architecture of a Mission Critical System: The DPASA Example (Abstract)

Partha Pal , BBN Technologies, Cambridge, MA
Michael Atigetchi , BBN Technologies, Cambridge, MA
Jennifer Chong , BBN Technologies, Cambridge, MA
Franklin Webber , BBN Technologies, Cambridge, MA
Paul Rubel , BBN Technologies, Cambridge, MA
pp. 495-504

Generating Policies for Defense in Depth (Abstract)

Charles Payne , Adventium Labs, Minneapolis, MN
Michael Ihde , University of Illinois at Urbana-Champaign
Paul Rubel , BBN Technologies, Cambridge, MA
Steven Harp , Adventium Labs, Minneapolis, MN
pp. 505-514

Defensive Execution of Transactional Processes against Attacks (Abstract)

Meng Yu , Monmouth University
Peng Liu , Pennsylvania State University
Wanyu Zang , Monmouth University
pp. 515-526
Track C: Privacy

Privacy Requirements Implemented with a JavaCard (Abstract)

Yves Deswarte , LAAS-CNRS, Toulouse, France
Anas Abou el Kalam , LIFO - CNRS / ENSIB, France
pp. 527-536

Privacy-Preserving Alert Correlation: A Concept Hierarchy Based Approach (Abstract)

Peng Ning , North Carolina State University
Dingbang Xu , North Carolina State University
pp. 537-546

Securing Email Archives through User Modeling (Abstract)

Anil Somayaji , Carleton University
Yiru Li , Carleton University
pp. 547-556
Author Index

Author Index (PDF)

pp. 557
131 ms
(Ver 3.1 (10032016))