IEEE Symposium on Security and Privacy
Advance Program

[1-page PDF Version for Printing]

Sunday, 17 May 2009
Welcome Reception
Registration will be open outside Lanai 2 from 4-7pm Sunday

Monday, 18 May 2009
Registration desk will be open 7:30am-5pm Monday.

Opening Remarks
Andrew Myers, David Evans, David Du

Session 1: Attacks and Defenses
Chair: Tadayoshi Kohno (University of Washington)
Wirelessly Pickpocketing a Mifare Classic Card (Best Practical Paper Award)
Flavio D. Garcia, Peter van Rossum, Roel Verdult, Ronny Wichers Schreur (Radboud University Nijmegen)
Plaintext Recovery Attacks Against SSH
Martin R. Albrecht, Kenneth G. Paterson, Gaven J. Watson (Royal Holloway, University of London)
Exploiting Unix File-System Races via Algorithmic Complexity Attacks
Xiang Cai, Yuwei Gui, Rob Johnson (Stony Brook University)
Session 2: Information Security
Chair: Patrick Traynor (Georgia Institute of Technology)
Practical Mitigations for Timing-Based Side-Channel Attacks on Modern x86 Processors
Bart Coppens (Ghent University), Ingrid Verbauwhede (Katholieke Universiteit Leuven), Bjorn De Sutter (Ghent University), Koen De Bosschere (Ghent University)
Non-Interference for a Practical DIFC-Based Operating System
Maxwell Krohn (Carnegie Mellon University), Eran Tromer (Massachusetts Institute of Technology)
Special 30th Anniversary Event (Location TBA)
Session 3: Malicious Code
Chair: Úlfar Erlingsson (Reykjavik University)
Native Client: A Sandbox for Portable, Untrusted x86 Native Code (Best Paper Award)
Bennet Yee, David Sehr, Gregory Dardyk, Brad Chen, Robert Muth, Tavis Ormandy, Shiki Okasaka, Neha Narula, Nicholas Fullagar (Google)
Automatic Reverse Engineering of Malware Emulators (Best Student Paper Award)
Monirul Sharif, Andrea Lanzi, Jonathon Giffin, Wenke Lee (Georgia Institute of Technology)
Prospex: Protocol Specification Extraction
Paolo Milani Comparetti (Technical University Vienna), Gilbert Wondracek (Technical University Vienna), Christopher Kruegel (University of California, Santa Barbara), Engin Kirda (Institute Eurecom)
Session 4: Information Leaks
Chair: Radu Sion (Stony Brook University)
Quantifying Information Leaks in Outbound Web Traffic
Kevin Borders (Web Tap Security, Inc.), Atul Prakash (University of Michigan)
Automatic Discovery and Quantification of Information Leaks
Michael Backes (Saarland University and Max Planck Institute for Software Systems), Boris Köpf (Max Planck Institute for Software Systems), Andrey Rybalchenko (Max Planck Institute for Software Systems)
CLAMP: Practical Prevention of Large-Scale Data Leaks
Bryan Parno, Jonathan M. McCune, Dan Wendlandt, David G. Andersen, Adrian Perrig (Carnegie Mellon University)
Reception and Poster Session

Tuesday, 19 May 2009
Session 5: Privacy
Chair: George Danezis, Microsoft Research, Cambridge, UK
De-anonymizing Social Networks
Arvind Narayanan, Vitaly Shmatikov (University of Texas, Austin)
Privacy Weaknesses in Biometric Sketches
Koen Simoens (Katholieke Universiteit Leuven), Pim Tuyls (Intrinsic-ID), Bart Preneel (Katholieke Universiteit Leuven)
The Mastermind Attack on Genomic Data
Michael T. Goodrich (University of California, Irvine)
Session 6: Formal Foundations
Chair: Vitaly Shmatikov (University of Texas, Austin)
A Logic of Secure Systems and its Application to Trusted Computing
Anupam Datta, Jason Franklin, Deepak Garg, Dilsun Kaynar (Carnegie Mellon University)
Formally Certifying the Security of Digital Signature Schemes
Santiago Zanella-Béguelin (INRIA Sophia Antipolis Méditerranée and INRIA-Microsoft Research Joint Centre), Gilles Barthe (IMDEA Software), Benjamin Grégoire (INRIA Sophia Antipolis Méditerranée and INRIA-Microsoft Research Joint Centre), Federico Olmedo (Universidad Nacional de Rosario, Argentina)
Note: There was an error printing the mathematical fonts in this paper in the proceedings. This PDF file corrects the problem.
An Epistemic Approach to Coercion-Resistance for Electronic Voting Protocols
Ralf Kuesters, Tomasz Truderung (University of Trier)
Session 7: Network Security
Chair: Jonathon Giffin (Georgia Institute of Technology)
Sphinx: A Compact and Provably Secure Mix Format
George Danezis (Microsoft Research), Ian Goldberg (University of Waterloo)
DSybil: Optimal Sybil-Resistance for Recommendation Systems
Haifeng Yu (National University of Singapore), Chenwei Shi (National University of Singapore), Michael Kaminsky (Intel Research Pittsburgh), Phillip B. Gibbons (Intel Research Pittsburgh), Feng Xiao (National University of Singapore)
Session 8: Physical Security
Chair: Farinaz Koushanfar (Rice University)
Fingerprinting Blank Paper Using Commodity Scanners
William Clarkson (Princeton University), Tim Weyrich (University College London), Adam Finkelstein, Nadia Heninger, Alex Halderman, Ed Felten (Princeton University)
Tempest in a Teapot: Compromising Reflections Revisited
Michael Backes (Saarland University and Max Planck Institute for Software Systems), Tongbo Chen (Max Planck Institute for Informatics), Markus Duermuth (Saarland University), Hendrik P. A. Lensch (Max Planck Institute for Informatics), Martin Welk (Saarland University)
Business Meeting

Wednesday, 20 May 2009
Session 9: Web Security
Chair: Sam King (University of Illinois, Urbana-Champaign)
Blueprint: Robust Prevention of Cross-site Scripting Attacks for Existing Browsers
Mike Ter Louw, V.N. Venkatakrishnan (University of Illinois at Chicago)
Pretty-Bad-Proxy: An Overlooked Adversary in Browsers' HTTPS Deployments
Shuo Chen (Microsoft Research), Ziqing Mao (Purdue University), Yi-Min Wang, Ming Zhang (Microsoft Research)
Secure Content Sniffing for Web Browsers, or How to Stop Papers from Reviewing Themselves
Adam Barth (University of California, Berkeley), Juan Caballero (Carnegie Mellon and University of California, Berkeley), Dawn Song (University of California, Berkeley)
Session 10: Humans and Secrets
Chair: Michael Backes (Saarland University and MPI-SWS)
It's No Secret. Measuring the Security and Reliability of Authentication via ‘Secret’ Questions
Stuart Schechter, A. J. Bernheim Brush (Microsoft Research), Serge Egelman (Carnegie Mellon University)
Password Cracking Using Probabilistic Context-Free Grammars
Matt Weir, Sudhir Aggarwal, Bill Glodek, Breno de Medeiros (Florida State University)
Symposium Closing
Tutorials (separate registration required)

Radu Sion (Stony Brook University)
Models and Methods for Disclosure Limitation
Johannes Gehrke (Cornell University) and Ashwin Machanavajjhala (Yahoo! Research)

Thursday, 21 May 2009

See workshop schedule
Workshops (separate registration required)

Rob Erbacher (Utah State University), Matt Bishop (UC Davis), and Sean Peisert (UC Davis)
Web 2.0 Security and Privacy 2009
Larry Koved (IBM Research), Dan S. Wallach (Rice University), and Adam Barth (UC Berkeley)

See you in 2010!