08:00 – 08:45

Registration

08:45 – 09:00

Opening

09:00 – 10:30

Session 1: Intrusion Detection and Network Vulnerability Analysis

Multiprimary support for the Availability of Cluster-based Stateful Firewalls using FT-FW.

Pablo Neira Ayuso¹, Rafael M. Gasca¹, Laurent Lefevre²

¹ University of Seville, Spain

² France ENS de Lyon, INRIA

Identifying Critical Attack Assets In Dependency Attack Graphs.

Reginald E. Sawilla¹, Xinming Ou²

¹ Defence R&D Canada, Canada

² Kansas State University, USA

Online Risk Assessment of Intrusion Scenarios Using D-S Evidence Theory.

C.P. Mu¹, X.J. Li⁴, H.K. Huang², S.F. Tian^3
1 School of Mechatronic Engineering, Beijing Institute of Technology, PR China

² School of Computer and Information Technology, Beijing Jiaotong University, PR China

³ School of Information Engineering, NanChang University, PR China

10:30 – 11:00

Coffee-break

11:00 – 12:30

Session 2: Network Security

Strongly-Resilient and Non-Interactive Hierarchical Key-Agreement in MANETs.

Rosario Gennaro¹, Shai Halevi¹, Hugo Krawczyk¹, Tal Rabin¹, Steffen Reidt², Stephen D. Wolthusen²

¹ IBM, T.J. Watson Research Center Hawthorne, NY 10532, USA

² Royal Holloway, Department of Mathematics, Royal Holloway, University of London, United Kingdom

Efficient Handling of Adversary Attacks in Aggregation Applications.

Gelareh Taban¹, Virgil Gligor²

¹ University of Maryland, USA

² Carnegie Mellon University, USA

Symmetric Key Approaches to Securing BGP -- A Little Bit Trust is Enough.

Bezawada Bruhadeshwar¹, Sandeep S. Kulkarni², Alex X. Liu²

¹ International Institute of Information Technology, India

² Department of Computer Science and Engineering, Michigan State University, U.S.A.

12:30 – 13:30

INVITED TALK: Bart VAN-CAENEGEM, European Commission

"EU funded ICT Security Research in FP7"

13:30 – 14:30

Lunch

14:30 – 16:00

Session 3: Smart Cards and Identity management

Dismantling MIFARE Classic.

Flavio D. Garcia, Gerhard de Koning Gans, Ruben Muijrers, Peter van Rossum, Roel Verdult, Ronny Wichers Schreur, Bart Jacobs

Radboud University Nijmegen, Netherlands

A Browser-based Kerberos Authentication Scheme.

Sebastian Gajek¹, Tibor Jager¹, Mark Manulis², Jöerg Schwenk¹

¹ Horst Gartz Institute for IT-Security, Ruhr-University Bochum, Germany

² UCL Crypto Group Louvain-la-Neuve, Belgium

CROO: A Universal Infrastructure and Protocol to Detect Identity Fraud.

Deholo Nali, Paul van Oorschot

Carleton University

16:00 – 16:30

Coffee-break

16:30 – 18:00

Session 4: Data and Applications Security

Disclosure Analysis and Control in Statistical Databases.

Yingjiu Li¹, Haibing Lu²

¹ Singapore Management University

² Rutgers University

TRACE: Zero-down-time Database Damage Tracking, Quarantine, and Cleansing with Negligible Run-time Overhead.

Kun Bai¹, Meng Yu², Peng Liu¹

¹ College of IST, The Pennsylvania State University

² Computer Science Dept., Western Illinois University

Access Control Friendly Query Verification for Outsourced Data Publishing.

Hong Chen¹, Xiaonan Ma², Windsor Hsu²,Ninghui Li¹, and Qihua Wang¹

¹ Purdue University

² IBM Almaden Research Center

08:30 – 09:00

Registration

09:00 – 10:30

Session 5: Privacy Enhancing Technologies

Sharemind: a framework for fast privacy-preserving computations.

Dan Bogdanov¹, Sven Laur², Jan Willemson¹

¹ University of Tartu/AS Cybernetica, Estonia

² University of Tartu, Estonia

Modeling Privacy Insurance Contracts and their Utilization in Risk Management for ICT Firms.

Athanassios N. Yannacopoulos¹, Costas Lambrinoudakis² , Stefanos Gritzalis², Stelios Z. Xanthopoulos², Sokratis N. Katsikas³

¹ Athens University of Economics and Business

² University of the Aegean

³ University of Piraeus, Dept. of Technology Education & Digital Systems

Remote Integrity Check with Dishonest Storage Server.

Ee-Chien Chang, Jia Xu

School of Computing, National University of Singapore,  Singapore

10:30 – 11:00

Coffee-break

11:00 – 12:30

Session 6: Anonymity and RFID Privacy

A low-variance random-walk procedure to provide anonymity in overlay networks.

Juan Pedro Muñoz-Gea, Jose Maria Malgosa-Sanahuja, Pilar Manzanares-Lopez, Juan Carlos Sanchez-Aarnoutse, Joan Garcia-Haro

Polytechnic University of Cartagena, Spain

RFID Privacy Models Revisited.

Ching Yu Ng¹, Willy Susilo¹, Yi Mu¹, Rei Safavi-Naini²

¹ Centre for Computer and Information Security Research, School of Computer Science & Software Engineering, University of Wollongong, Australia

² Department of Computer Science , University of Calgary, Canada

A New Formal Proof Model for RFID Location Privacy.

JungHoon Ha¹, SangJae Moon¹, Jianying Zhou³, and JaeCheol Ha²

¹ School of Electrical Eng. and Computer Science, Kyungpook National Univ., Korea

² Dept. of Information Security, Hoseo Univ., Korea

³ Institute for Infocomm Research 21, Heng Mui Keng Terrace, Singapore

12:30 – 13:30

INVITED TALK: Pierangela Samarati, Università degli Studi di Milano

"Privacy in data dissemination and outsourcing"

13:30 – 14:30

Lunch

14:30 – 16:00

Session 7: Access Control and Trust Negotiation

Distributed Authorization by Multiparty Trust Negotiation. 

Charles C. Zhang, Marianne Winslett     

University of Illinois at Urbana-Champaign, USA

Compositional Refinement of Policies in UML - Exemplified for Access Control.

Bjørnar Solhaug¹, Ketil Stølen²

¹ Dep. of Information Science and Media Studies, University of Bergen SITEF ICT

² SINTEF ICT. Dep. of Informatics, University of Oslo

On the Security of Delegation in Access Control Systems.

Qihua Wang, Ninghui Li, Hong Chen

¹ Department of Computer Science and CERIAS, Purdue University, USA

16:00 – 16:30

Coffee-break

16:30 – 18:00

Session 8: Information Flow and Non-transferability

Termination-Insensitive Noninterference Leaks More Than Just a Bit.

Aslan Askarov¹, Sebastian Hunt², Andrei Sabelfeld¹, David Sands¹

¹ Chalmers University of Technology, Sweden; ² City University, London, UK

Security Provisioning in Pervasive Environments Using Multi-objective Optimization.

Rinku Dewri, Indrakshi Ray, Indrajit Ray, Darrell Whitley

Colorado State University, USA

Improved Security Notions and Protocols for Non-Transferable Identification.

Carlo Blundo¹, Giuseppe Persiano¹, Ahmad-Reza Sadeghi², Ivan Visconti¹

¹ University of Salerno, Italy

² Ruhr-University Bochum, Germany

20:30

GALA DINNER

08:30 – 09:00

Registration

09:00 – 11:00

Session 9: Secure Electronic Voting and Web Applications Security

Human readable paper verification of Prêt à Voter.

David Lundin, Peter Y. A. Ryan

University of Surrey, United Kingdom; University of Newcastle upon Tyne, United Kingdom

A Distributed Implementation of the Certified Information Access Service.

Carlo Blundo¹, Emiliano De Cristofaro¹, Aniello Del Sorbo¹, Clemente Galdi²,

Giuseppe Persiano¹

¹ Universita' di Salerno, Italy

² Universita' di Napoli "Federico II", Italy

Exploring User Reactions to Browser Cues for Extended Validation Certificates.

Jennifer Sobey¹, Robert Biddle², Paul C. van Oorschot¹, Andrew S. Patrick³

¹ School of Computer Science, Carleton University, Canada

² Human-Oriented Technology Lab, Carleton University, Canada

³ Institute for Information Technology, National Research Council, Canada

A Framework for the Analysis of Mix-Based Steganographic File Systems.

Claudia Diaz¹, Carmela Troncoso¹, Bart Preneel¹

¹ Katholieke Universiteit Leuven - COSIC, Belgium

11:00 – 11:30

Coffee-break

11:30 – 13:30

Session 10: VoIP Security, Malware, and DRM

An adaptive policy-based approach to SPIT management.

Yannis Soupionis, Stelios Dritsas, Dimitris Gritzalis

Athens University of Economics & Business (AUEB), Greece

Structured Peer-to-Peer Overlay Networks: Ideal Botnets Command and Control Infrastructures?

Carlton R. Davis¹, Stephen Neville², José M. Fernández³, Jean-Marc Robert⁴, John McHugh⁵

¹Ecole Polytechnique, Canada

²University of Victoria, Canada

³ Ecole Polytechnique de Montreal, Canada

⁴Ecole de technologie superieure, Canada

⁵Dalhousie University, Canada

Eureka: A Framework for Enabling Static Malware Analysis

Monirul Sharif¹, Vinod Yegneswaran², Hassen Saidi², Phillip Porras², Wenke Lee¹

¹ Georgia Institute of Technology, USA

² SRI International, USA

New Considerations about the correct design of Turbo Fingerprinting Codes.

Joan Tomás-Buliart², Marcel Fernández², Miguel Soriano^1,2

¹ CTTC: Centre Tecnológic de Telecomunicacions de Catalunya / Parc Mediterrani de la Tecnologia (PMT), Spain

² Department of Telematics Engineering, Universitat Politécnica de Catalunya, Spain.

13:30 – 14:30

Lunch

14:30 – 16:00

Session 11: Formal Models and Cryptographic Protocols

Formally Bounding the Side-Channel Leakage in Unknown-Message Attacks.

Michael Backes^1,2, Boris Köpf²

¹ Saarland University and MPI-SWS

² MPI-SWS

Cryptographic Protocol Explication and End-Point Projection.

Jay McCarthy¹, Shriram Krishnamurthi²

¹ Brown University (currently) , Brigham Young University (when conference occurs)

² Brown University

State Space Reduction in the Maude-NRL Protocol Analyzer.

Santiago Escobar¹, Catherine Meadows², José Meseguer³

¹ Universidad Politécnica de Valencia, Spain

² Naval Research Laboratory, USA

³ University of Illinois at Urbana-Champaign, USA

16:00 – 16:30

Coffee-break

16:30 – 17:30

Session 12: Language-based  and Hardware Security

Code-Carrying Authorization.

Sergio Maffeis^1,2, Martin Abadi^2,3, Cédric Fournet³, Andrew D. Gordon³

¹ Imperial College London and University of California at Santa Cruz, UK

² University of California at Santa Cruz, USA; ³ Microsoft Research

CPU bugs, CPU backdoors and consequences on security.

Loïc Duflot

Central Directorate for Information Systems Security (DCSSI)

17:30

Farewell