IEEE Symposium on Security and Privacy 2010

The symposium will include presentations of the 31 accepted papers listed below. More details on the full program and schedule will be available soon.

Accepted Systematization of Knowledge Papers

All You Ever Wanted to Know about Dynamic Taint Analysis and Forward Symbolic Execution (but might have been afraid to ask)

Thanassis Avgerinos, Edward Schwartz, David Brumley (Carnegie Mellon University)

State of the Art: Automated Black-Box Web Application Vulnerability Testing

Jason Bau, Elie Bursztein, Divij Gupta, John Mitchell (Stanford University)

How Good are Humans at Solving CAPTCHAs? A Large Scale Evaluation

Elie Bursztein, Steven Bethard, John C. Mitchell, Dan Jurafsky (Stanford University), Céline Fabry

Bootstrapping Trust in Commodity Computers

Bryan Parno, Jonathan M. McCune, Adrian Perrig (Carnegie Mellon University)

Outside the Closed World: On Using Machine Learning For Network Intrusion Detection

Robin Sommer (International Computer Science Institute / Lawrence Berkeley National Laboratory), Vern Paxson (International Computer Science Institute / University of California, Berkeley)

Accepted Research Papers

Round-Efficient Broadcast Authentication Protocols for Fixed Topology Classes

Haowen Chan, Adrian Perrig (Carnegie Mellon University)

Side-Channel Leaks in Web Applications: a Reality Today, a Challenge Tomorrow

Shuo Chen (Microsoft Research), Rui Wang (Indiana University Bloomington), XiaoFeng Wang (Indiana University Bloomington), Kehuan Zhang (Indiana University Bloomington)

Identifying Dormant Functionality in Malware Programs

Paolo Milani Comparetti (Technical University Vienna), Guido Salvaneschi (Politecnico di Milano), Clemens Kolbitsch (Technical University Vienna), Engin Kirda (Institut Eurecom), Christopher Kruegel (University of California, Santa Barbara), Stefano Zanero (Politecnico di Milano)

Non-Interference Through Secure Multi-Execution

Dominique Devriese, Frank Piessens (K. U. Leuven)

Chip and PIN is Broken

Steven J. Murdoch, Saar Drimer, Ross Anderson, Mike Bond (University of Cambridge)

Scalable Parametric Verification of Secure Systems: How to Verify Reference Monitors without Worrying about Data Structure Size

Jason Franklin (Carnegie Mellon University), Sagar Chaki (Carnegie Mellon University), Anupam Datta (Carnegie Mellon University), Arvind Seshadri (IBM Research)

Synthesizing Near-Optimal Malware Specifications from Suspicious Behaviors

Matt Fredrikson (University of Wisconsin), Mihai Christodorescu (IBM Research), Somesh Jha (University of Wisconsin), Reiner Sailer (IBM Research), Xifeng Yan (University of California, Santa Barbara)

A Proof-Carrying File System

Deepak Garg, Frank Pfenning (Carnegie Mellon University)

Reconciling Belief and Vulnerability in Information Flow

Sardaouna Hamadou (University of Southampton), Vladimiro Sassone (University of Southampton), Catuscia Palamidessi (École Polytechnique)

Overcoming an Untrusted Computing Base: Detecting and Removing Malicious Hardware Automatically

Matthew Hicks (University of Illinois), Murph Finnicum (University of Illinois), Samuel T. King (University of Illinois), Milo M. K. Martin (University of Pennsylvania), Jonathan M. Smith (University of Pennsylvania)

Inspector Gadget: Automated Extraction of Proprietary Gadgets from Malware Binaries

Clemens Kolbitsch (Vienna University of Technology), Thorsten Holz (Vienna University of Technology), Christopher Kruegel (University of California, Santa Barbara), Engin Kirda (Institute Eurecom)

Experimental Security Analysis of a Modern Automobile

Karl Koscher, Alexei Czeskis, Franziska Roesner, Shwetak Patel, Tadayoshi Kohno (University of Washington), Stephen Checkoway, Damon McCoy, Brian Kantor, Danny Anderson, Hovav Shacham, Stefan Savage (University of California, San Diego)

Revocation Systems with Very Small Private Keys

Allison Lewko (University of Texas at Austin), Amit Sahai (University of California, Los Angeles), Brent Waters (University of Texas at Austin)

Authenticating Primary Users' Signals in Cognitive Radio Networks via Integrated Cryptographic and Wireless Link Signatures

Yao Liu, Peng Ning, Huaiyu Dai (North Carolina State University)

Object Capabilities and Isolation of Untrusted Web Applications

Sergio Maffeis (Imperial College London), John C. Mitchell (Stanford University), Ankur Taly (Stanford University)

TrustVisor: Efficient TCB Reduction and Attestation

Jonathan McCune (Carnegie Mellon University), Yanlin Li (Carnegie Mellon University), Ning Qu (Nvidia), Zongwei Zhou (Carnegie Mellon University), Anupam Datta (Carnegie Mellon University), Virgil Gligor (Carnegie Mellon University), Adrian Perrig (Carnegie Mellon University)

ConScript: Specifying and Enforcing Fine-Grained Security Policies for JavaScript in the Browser

Leo Meyerovich (University of California, Berkeley), Benjamin Livshits (Microsoft Research)

SCiFI - A System for Secure Face Identification

Margarita Osadchy, Benny Pinkas, Ayman Jarrous, Boaz Moskovich (Univesity of Haifa)

Investigation of Triangular Spamming: a Stealthy and Efficient Spamming Technique

Zhiyun Qian (University of Michigan), Z. Morley Mao (University of Michigan), Yinglian Xie (Microsoft Research Silicon Valley), Fang Yu (Microsoft Research Silicon Valley)

Towards Static Flow-based Declassification for Legacy and Untrusted Programs

Bruno P.S. Rocha (Eindhoven University of Technology), Sruthi Bandhakavi (University of Illinois at Urbana Champaign), Jerry I. den Hartog (Eindhoven University of Technology), William H. Winsborough (University of Texas at San Antonio), Sandro Etalle (Eindhoven University of Technology)

A Symbolic Execution Framework for JavaScript

Prateek Saxena, Devdatta Akhawe, Steve Hanna, Stephen McCamant, Dawn Song, Feng Mao (University of California, Berkeley)

On the Incoherencies in Web Browser Access Control Policies

Kapil Singh (Georgia Institute of Technology), Alexander Moshchuk (Microsoft Research), Helen J. Wang (Microsoft Research), Wenke Lee (Georgia Institute of Technology)

Tamper Evident Microprocessors

Adam Waksman, Simha Sethumadhavan (Columbia University)

TaintScope: A Checksum-Aware Directed Fuzzing Tool for Automatic Software Vulnerability Detection

Tielei Wang (Peking University), Tao Wei (Peking University), Guofei Gu (Texas A & M University), Wei Zou (Peking University)

HyperSafe: A Lightweight Approach to Provide Lifetime Hypervisor Control-Flow Integrity

Zhi Wang, Xuxian Jiang (North Carolina State University)

A Practical Attack to De-Anonymize Social Network Users

Gilbert Wondracek (Vienna University of Technology), Thorsten Holz (Vienna University of Technology), Engin Kirda (Institute Eurecom), Christopher Kruegel (University of California, Santa Barbara)