The Community for Technology Leaders
Computer Security Applications Conference, Annual (2006)
Miami Beach, Florida, USA
Dec. 11, 2006 to Dec. 15, 2006
ISSN: 1063-9527
ISBN: 0-7695-2716-7
TABLE OF CONTENTS

Reviewers (PDF)

pp. xi-xii
Introduction

Preface (PDF)

pp. ix

Reviewers (PDF)

pp. xi-xii

Sponsors (PDF)

pp. xiv
Distinguished Practitioner
Session: Applied Distributed Collaboration

Shamon: A System for Distributed Mandatory Access Control (Abstract)

Jonathan M. McCune , Carnegie Mellon University, USA
Trent Jaeger , Pennsylvania State University, USA
Stefan Berger , IBM T.J. Watson Research Center, USA
Ramon Caceres , IBM T.J. Watson Research Center, USA
Reiner Sailer , IBM T.J. Watson Research Center, USA
pp. 23-32

A Framework for a Collaborative DDoS Defense (Abstract)

George Oikonomou , University of Delaware, USA
Jelena Mirkovic , University of Delaware, USA
Peter Reiher , UCLA, USA
Max Robinson , Aerospace Corporation
pp. 33-42

V-COPS: A Vulnerability-Based Cooperative Alert Distribution System (Abstract)

Shiping Chen , George Mason University, USA; Sybase Inc., USA
Dongyu Liu , George Mason University, USA
Songqing Chen , George Mason University, USA
Sushil Jajodia , George Mason University, USA
pp. 43-56
Session: Client Access in Untrusted Environments

Delegate: A Proxy Based Architecture for Secure Website Access from an Untrusted Machine (Abstract)

Ravi Chandra Jammalamadaka , University of California, Irvine, USA
Timothy W. van der Horst , Brigham Young University, USA
Sharad Mehrotra , University of California, Irvine, USA
Kent E. Seamons , Brigham Young University, USA
Nalini Venkasubramanian , University of California, Irvine, USA
pp. 57-66

Vulnerability Analysis of MMS User Agents (Abstract)

Collin Mulliner , University of California, Santa Barbara, USA
Giovanni Vigna , University of California, Santa Barbara, USA
pp. 77-88
Session: Network Intrusion Detection

Backtracking Algorithmic Complexity Attacks against a NIDS (Abstract)

Randy Smith , University of Wisconsin-Madison, USA
Cristian Estan , University of Wisconsin-Madison, USA
Somesh Jha , University of Wisconsin-Madison, USA
pp. 89-98

NetSpy: Automatic Generation of Spyware Signatures for NIDS (Abstract)

Hao Wang , University of Wisconsin-Madison, USA
Somesh Jha , University of Wisconsin-Madison, USA
Vinod Ganapathy , University of Wisconsin-Madison, USA
pp. 99-108

Detecting Policy Violations through Traffic Analysis (Abstract)

Jeffrey Horton , University of Wollongong, Australia
Rei Safavi-Naini , University of Wollongong, Australia
pp. 109-120
Session: Network Security

Practical Attack Graph Generation for Network Defense (Abstract)

Kyle Ingols , MIT Lincoln Laboratory, USA
Richard Lippmann , MIT Lincoln Laboratory, USA
Keith Piwowarski , MIT Lincoln Laboratory, USA
pp. 121-130

Secure Distributed Cluster Formation in Wireless Sensor Networks (Abstract)

Kun Sun , Intelligent Automation, Inc.
Pai Peng , Opsware Inc.
Peng Ning , NC State University, USA
Cliff Wang , Army Research Office
pp. 131-140

Specification-Based Intrusion Detection in WLANs (Abstract)

Rupinder Gill , Queensland University of Technology, Australia
Jason Smith , Queensland University of Technology, Australia
Andrew Clark , Queensland University of Technology, Australia
pp. 141-152
Session: Security in Systems

From Languages to Systems: Understanding Practical Application Development in Security-typed Languages (Abstract)

Boniface Hicks , Pennsylvania State University, USA
Kiyan Ahmadizadeh , Pennsylvania State University, USA
Patrick McDaniel , Pennsylvania State University, USA
pp. 153-164

An Internet Voting System Supporting User Privacy (Abstract)

Aggelos Kiayias , University of Connecticut, USA
Michael Korman , University of Connecticut, USA
David Walluck , University of Connecticut, USA
pp. 165-174

A Study of Access Control Requirements for Healthcare Systems Based on Audit Trails from Access Logs (Abstract)

Lillian Rostad , Norwegian University of Science and Technology (NTNU), Norway
Ole Edsberg , Norwegian University of Science and Technology (NTNU), Norway
pp. 175-186
Invited Essayist

Engineering Sufficiently Secure Computing (Abstract)

Brian Witten , Symantec Research Labs
pp. 187-202
Session: Applied Sandboxing

A Module System for Isolating Untrusted Software Extensions (Abstract)

Philip W.L. Fong , University of Regina, Canada
Simon A. Orr , University of Regina, Canada
pp. 203-212

How to Automatically and Accurately Sandbox Microsoft IIS (Abstract)

Wei Li , Stony Brook University
Lap-chung Lam , Stony Brook University
Tzi-cker Chiueh , Stony Brook University
pp. 213-222

Data Sandboxing: A Technique for Enforcing Confidentiality Policies (Abstract)

Tejas Khatiwala , University of Illinois, Chicago, USA
Raj Swaminathan , University of Illinois, Chicago, USA
V.N. Venkatakrishnan , University of Illinois, Chicago, USA
pp. 223-234
Session: Malware

On Detecting Camouflaging Worm (Abstract)

Wei Yu , Texas A&M University, USA
Xun Wang , The Ohio State University, USA
Prasad Calyam , The Ohio State University, USA
Dong Xuan , The Ohio State University, USA
Wei Zhao , Texas A&M University, USA
pp. 235-244

Bluetooth Worms: Models, Dynamics, and Defense Implications (Abstract)

Guanhua Yan , Los Alamos National Laboratory
Stephan Eidenbenz , Los Alamos National Laboratory
pp. 245-256

Back to the Future: A Framework for Automatic Malware Removal and System Repair (Abstract)

Francis Hsu , University of California, Davis, USA
Hao Chen , University of California, Davis, USA
Thomas Ristenpart , University of California, Davis, USA; University of California, San Diego, USA
Jason Li , University of California, Davis, USA; Microsoft Corporation
Zhendong Su , University of California, Davis, USA
pp. 257-268
Session: Applied Detection Technologies

Static Detection of Vulnerabilities in x86 Executables (Abstract)

Marco Cova , University of California, Santa Barbara, USA
Viktoria Felmetsger , University of California, Santa Barbara, USA
Greg Banks , University of California, Santa Barbara, USA
Giovanni Vigna , University of California, Santa Barbara, USA
pp. 269-278

Foreign Code Detection on the Windows/X86 Platform (Abstract)

Susanta Nanda , SUNY at Stony Brook, USA
Wei Li , SUNY at Stony Brook, USA
Lap-Chung Lam , SUNY at Stony Brook, USA
Tzi-cker Chiueh , SUNY at Stony Brook, USA
pp. 279-288

PolyUnpack: Automating the Hidden-Code Extraction of Unpack-Executing Malware (Abstract)

Paul Royal , Georgia Institute of Technology, USA
Mitch Halpin , Georgia Institute of Technology, USA
David Dagon , Georgia Institute of Technology, USA
Robert Edmonds , Georgia Institute of Technology, USA
Wenke Lee , Georgia Institute of Technology, USA
pp. 289-300
Classic Papers

Risks of Untrustworthiness (Abstract)

Peter G. Neumann , SRI International, USA
pp. 321-328
Session: Applied Randomization

Address-Space Randomization for Windows Systems (Abstract)

Lixin Li , Global InfoTek, Inc., USA
James E. Just , Global InfoTek, Inc., USA
R. Sekar , Stony Brook University, USA
pp. 329-338

Address Space Layout Permutation (ASLP): Towards Fine-Grained Randomization of Commodity Software (Abstract)

Chongkyung Kil , North Carolina State University, USA
Jinsuk Jun , North Carolina State University, USA
Christopher Bookholt , North Carolina State University, USA
Jun Xu , Google, Inc.
Peng Ning , North Carolina State University, USA
pp. 339-348

Known/Chosen Key Attacks against Software Instruction Set Randomization (Abstract)

Yoav Weiss , Discretix Technologies Ltd., Israel
Elena Gabriela Barrantes , Universidad de Costa Rica, Costa Rica
pp. 349-360
Session: Intrusion Detection

Automatic Evaluation of Intrusion Detection Systems (Abstract)

Frederic Massicotte , Canada Communication Research Center, Canada
Francois Gagnon , Carleton University, Canada
Yvan Labiche , Carleton University, Canada
Lionel Briand , Carleton University, Canada
Mathieu Couture , Carleton University, Canada
pp. 361-370

Offloading IDS Computation to the GPU (Abstract)

Nigel Jacob , Tufts University, USA
Carla Brodley , Tufts University, USA
pp. 371-380

Anomaly Based Web Phishing Page Detection (Abstract)

Ying Pan , Singapore Management University, Singapore
Xuhua Ding , Singapore Management University, Singapore
pp. 381-392
Session: Messaging Security

Addressing SMTP-Based Mass-Mailing Activity within Enterprise Networks (Abstract)

David Whyte , Carleton University, Canada
P.C. van Oorschot , Carleton University, Canada
Evangelos Kranakis , Carleton University, Canada
pp. 393-402

Using Attribute-Based Access Control to Enable Attribute-Based Messaging (Abstract)

Rakesh Bobba , University of Illinios Urbana-Champaign, USA
Omid Fatemieh , University of Illinois Urbana-Champaign, USA
Fariba Khan , University of Illinois Urbana-Champaign, USA
Carl A. Gunter , University of Illinois Urbana-Champaign, USA
Himanshu Khurana , University of Illinois Urbana-Champaign, USA
pp. 403-413

Enhancing Collaborative Spam Detection with Bloom Filters (Abstract)

Jeff Yan , Newcastle University, UK
Pook Leong Cho , Newcastle University, UK
pp. 414-428
Session: Countermeasures

Extended Protection against Stack Smashing Attacks without Performance Loss (Abstract)

Yves Younan , Katholieke Universiteit Leuven, Belgium
Davide Pozza , Politecnico di Torino, Italy
Frank Piessens , Katholieke Universiteit Leuven, Belgium
Wouter Joosen , Katholieke Universiteit Leuven, Belgium
pp. 429-438

PAST: Probabilistic Authentication of Sensor Timestamps (Abstract)

Ashish Gehani , University of Notre Dame
Surendar Chandra , University of Notre Dame
pp. 439-448

Towards Database Firewall: Mining the Damage Spreading Patterns (Abstract)

Kun Bai , The Pennsylvania State University, USA
Peng Liu , The Pennsylvania State University, USA
pp. 449-462
Session: Information Flow and Leakage

A General Dynamic Information Flow Tracking Framework for Security Applications (Abstract)

Lap Chung Lam , Rether Networks, Inc., USA
Tzi-cker Chiueh , Rether Networks, Inc., USA
pp. 463-472

Covert and Side Channels Due to Processor Architecture (Abstract)

Zhenghong Wang , Princeton University
Ruby B. Lee , Princeton University
pp. 473-482

Protecting Privacy in Key-Value Search Systems (Abstract)

Yinglian Xie , Carnegie Mellon University, USA
Michael K. Reiter , Carnegie Mellon University, USA
David O'Hallaron , Carnegie Mellon University, USA
pp. 493-504
Author Index

Author Index (PDF)

pp. 505-506
84 ms
(Ver 3.3 (11022016))