IEEE Symposium on Security and Privacy

Advance Program

[1-page PDF Version for Printing]

Sunday, 17 May 2009

4-7pm

Welcome Reception
Registration will be open outside Lanai 2 from 4-7pm Sunday

Monday, 18 May 2009

7:30am-5pm

Registration desk will be open 7:30am-5pm Monday.

8:30–8:45

Opening Remarks
Andrew Myers, David Evans, David Du

8:45–10:15

Session 1: Attacks and Defenses

Chair: Tadayoshi Kohno (University of Washington)

Wirelessly Pickpocketing a Mifare Classic Card (Best Practical Paper Award)

Flavio D. Garcia, Peter van Rossum, Roel Verdult, Ronny Wichers Schreur (Radboud University Nijmegen)

Plaintext Recovery Attacks Against SSH

Martin R. Albrecht, Kenneth G. Paterson, Gaven J. Watson (Royal Holloway, University of London)

Exploiting Unix File-System Races via Algorithmic Complexity Attacks

Xiang Cai, Yuwei Gui, Rob Johnson (Stony Brook University)

10:30–11:30

Session 2: Information Security

Chair: Patrick Traynor (Georgia Institute of Technology)

Practical Mitigations for Timing-Based Side-Channel Attacks on Modern x86 Processors

Bart Coppens (Ghent University), Ingrid Verbauwhede (Katholieke Universiteit Leuven), Bjorn De Sutter (Ghent University), Koen De Bosschere (Ghent University)

Non-Interference for a Practical DIFC-Based Operating System

Maxwell Krohn (Carnegie Mellon University), Eran Tromer (Massachusetts Institute of Technology)

11:30–12:00

Special 30th Anniversary Event (Location TBA)

12:00–1:30

Lunch

1:30pm

Short Talk Submission Deadline

1:30–3:00

Session 3: Malicious Code

Chair: Úlfar Erlingsson (Reykjavik University)

Native Client: A Sandbox for Portable, Untrusted x86 Native Code (Best Paper Award)

Bennet Yee, David Sehr, Gregory Dardyk, Brad Chen, Robert Muth, Tavis Ormandy, Shiki Okasaka, Neha Narula, Nicholas Fullagar (Google)

Automatic Reverse Engineering of Malware Emulators (Best Student Paper Award)

Monirul Sharif, Andrea Lanzi, Jonathon Giffin, Wenke Lee (Georgia Institute of Technology)

Prospex: Protocol Specification Extraction

Paolo Milani Comparetti (Technical University Vienna), Gilbert Wondracek (Technical University Vienna), Christopher Kruegel (University of California, Santa Barbara), Engin Kirda (Institute Eurecom)

3:30–5:00

Session 4: Information Leaks

Chair: Radu Sion (Stony Brook University)

Quantifying Information Leaks in Outbound Web Traffic

Kevin Borders (Web Tap Security, Inc.), Atul Prakash (University of Michigan)

Automatic Discovery and Quantification of Information Leaks

Michael Backes (Saarland University and Max Planck Institute for Software Systems), Boris Köpf (Max Planck Institute for Software Systems), Andrey Rybalchenko (Max Planck Institute for Software Systems)

CLAMP: Practical Prevention of Large-Scale Data Leaks

Bryan Parno, Jonathan M. McCune, Dan Wendlandt, David G. Andersen, Adrian Perrig (Carnegie Mellon University)

6:00–8:00

Reception and Poster Session

Tuesday, 19 May 2009

8:30–10:00

Session 5: Privacy

Chair: George Danezis, Microsoft Research, Cambridge, UK

De-anonymizing Social Networks

Arvind Narayanan, Vitaly Shmatikov (University of Texas, Austin)

Privacy Weaknesses in Biometric Sketches

Koen Simoens (Katholieke Universiteit Leuven), Pim Tuyls (Intrinsic-ID), Bart Preneel (Katholieke Universiteit Leuven)

The Mastermind Attack on Genomic Data

Michael T. Goodrich (University of California, Irvine)

10:30–12:00

Session 6: Formal Foundations

Chair: Vitaly Shmatikov (University of Texas, Austin)

A Logic of Secure Systems and its Application to Trusted Computing

Anupam Datta, Jason Franklin, Deepak Garg, Dilsun Kaynar (Carnegie Mellon University)

Formally Certifying the Security of Digital Signature Schemes

Santiago Zanella-Béguelin (INRIA Sophia Antipolis Méditerranée and INRIA-Microsoft Research Joint Centre), Gilles Barthe (IMDEA Software), Benjamin Grégoire (INRIA Sophia Antipolis Méditerranée and INRIA-Microsoft Research Joint Centre), Federico Olmedo (Universidad Nacional de Rosario, Argentina)

Note: There was an error printing the mathematical fonts in this paper in the proceedings. This PDF file corrects the problem.

An Epistemic Approach to Coercion-Resistance for Electronic Voting Protocols

Ralf Kuesters, Tomasz Truderung (University of Trier)

12:00–1:30

Lunch

1:30–2:30

Session 7: Network Security

Chair: Jonathon Giffin (Georgia Institute of Technology)

Sphinx: A Compact and Provably Secure Mix Format

George Danezis (Microsoft Research), Ian Goldberg (University of Waterloo)

DSybil: Optimal Sybil-Resistance for Recommendation Systems

Haifeng Yu (National University of Singapore), Chenwei Shi (National University of Singapore), Michael Kaminsky (Intel Research Pittsburgh), Phillip B. Gibbons (Intel Research Pittsburgh), Feng Xiao (National University of Singapore)

3:00–4:00

Session 8: Physical Security

Chair: Farinaz Koushanfar (Rice University)

Fingerprinting Blank Paper Using Commodity Scanners

William Clarkson (Princeton University), Tim Weyrich (University College London), Adam Finkelstein, Nadia Heninger, Alex Halderman, Ed Felten (Princeton University)

Tempest in a Teapot: Compromising Reflections Revisited

Michael Backes (Saarland University and Max Planck Institute for Software Systems), Tongbo Chen (Max Planck Institute for Informatics), Markus Duermuth (Saarland University), Hendrik P. A. Lensch (Max Planck Institute for Informatics), Martin Welk (Saarland University)

4:15–5:30

Short Talks

5:45–7:00

Business Meeting

Wednesday, 20 May 2009

9:00–10:30

Session 9: Web Security

Chair: Sam King (University of Illinois, Urbana-Champaign)

Blueprint: Robust Prevention of Cross-site Scripting Attacks for Existing Browsers

Mike Ter Louw, V.N. Venkatakrishnan (University of Illinois at Chicago)

Pretty-Bad-Proxy: An Overlooked Adversary in Browsers' HTTPS Deployments

Shuo Chen (Microsoft Research), Ziqing Mao (Purdue University), Yi-Min Wang, Ming Zhang (Microsoft Research)

Secure Content Sniffing for Web Browsers, or How to Stop Papers from Reviewing Themselves

Adam Barth (University of California, Berkeley), Juan Caballero (Carnegie Mellon and University of California, Berkeley), Dawn Song (University of California, Berkeley)

11:00–12:00

Session 10: Humans and Secrets

Chair: Michael Backes (Saarland University and MPI-SWS)

It's No Secret. Measuring the Security and Reliability of Authentication via ‘Secret’ Questions

Stuart Schechter, A. J. Bernheim Brush (Microsoft Research), Serge Egelman (Carnegie Mellon University)

Password Cracking Using Probabilistic Context-Free Grammars

Matt Weir, Sudhir Aggarwal, Bill Glodek, Breno de Medeiros (Florida State University)

12:00–12:15

Symposium Closing

1:00–5:00

Tutorials (separate registration required)

A Quick Intro to Trusted Hardware

Radu Sion (Stony Brook University)

Models and Methods for Disclosure Limitation

Johannes Gehrke (Cornell University) and Ashwin Machanavajjhala (Yahoo! Research)

Thursday, 21 May 2009

See workshop schedule

Workshops (separate registration required)

Fourth International IEEE Workshop on Systematic Approaches to Digital Forensic Engineering

Rob Erbacher (Utah State University), Matt Bishop (UC Davis), and Sean Peisert (UC Davis)

Web 2.0 Security and Privacy 2009

Larry Koved (IBM Research), Dan S. Wallach (Rice University), and Adam Barth (UC Berkeley)

See you in 2010!