IEEE Symposium on Security and Privacy

Advance Program

Sunday, 16 May 2010
Registration and Welcome Reception
Registration will be open next to the Boardroom from 4-7pm Sunday. Symposium registration is sold out. No walk-in registrations will be allowed except for the workshops only.

Monday, 17 May 2010
Registration desk will be open 7:30am-5pm Monday.

Claremont Ballroom

Opening Remarks [PPTX] [PDF]
Ulf Lindqvist, David Evans, Giovanni Vigna

Session 1: Malware Analysis
Chair: Jon Giffin, Georgia Institute of Technology
Inspector Gadget: Automated Extraction of Proprietary Gadgets from Malware Binaries [Slides: PDF]
Clemens Kolbitsch (Vienna University of Technology), Thorsten Holz (Vienna University of Technology), Christopher Kruegel (University of California, Santa Barbara), Engin Kirda (Institute Eurecom)
Synthesizing Near-Optimal Malware Specifications from Suspicious Behaviors
Matt Fredrikson (University of Wisconsin), Mihai Christodorescu (IBM Research), Somesh Jha (University of Wisconsin), Reiner Sailer (IBM Research), Xifeng Yan (University of California, Santa Barbara)
Identifying Dormant Functionality in Malware Programs [Slides: PDF]
Paolo Milani Comparetti (Technical University Vienna), Guido Salvaneschi (Politecnico di Milano), Clemens Kolbitsch (Technical University Vienna), Engin Kirda (Institut Eurecom), Christopher Kruegel (University of California, Santa Barbara), Stefano Zanero (Politecnico di Milano)
Session 2: Information Flow
Chair: David Molnar, Microsoft Research Redmond
Reconciling Belief and Vulnerability in Information Flow
Sardaouna Hamadou (University of Southampton), Vladimiro Sassone (University of Southampton), Catuscia Palamidessi (École Polytechnique)
Towards Static Flow-Based Declassification for Legacy and Untrusted Programs [Slides: PPTX, PDF]
Bruno P.S. Rocha (Eindhoven University of Technology), Sruthi Bandhakavi (University of Illinois at Urbana Champaign), Jerry I. den Hartog (Eindhoven University of Technology), William H. Winsborough (University of Texas at San Antonio), Sandro Etalle (Eindhoven University of Technology)
Non-Interference Through Secure Multi-Execution [Slides: PDF]
Object Capabilities and Isolation of Untrusted Web Applications [Slides: PDF]
Sergio Maffeis (Imperial College London), John C. Mitchell (Stanford University), Ankur Taly (Stanford University)
Session 3: Root of Trust
Chair: Radu Sion, Stony Brook University
TrustVisor: Efficient TCB Reduction and Attestation [Slides: PPTX, PDF]
Jonathan McCune (Carnegie Mellon University), Yanlin Li (Carnegie Mellon University), Ning Qu (Nvidia), Zongwei Zhou (Carnegie Mellon University), Anupam Datta (Carnegie Mellon University), Virgil Gligor (Carnegie Mellon University), Adrian Perrig (Carnegie Mellon University)
Overcoming an Untrusted Computing Base: Detecting and Removing Malicious Hardware Automatically [Slides: PPTPDF]
Matthew Hicks (University of Illinois), Murph Finnicum (University of Illinois), Samuel T. King (University of Illinois), Milo M. K. Martin (University of Pennsylvania), Jonathan M. Smith (University of Pennsylvania)
Tamper Evident Microprocessors [Slides: PDF, PPT]
Adam Waksman, Simha Sethumadhavan (Columbia University)
Session 4: Information Abuse
Chair: Patrick Traynor, Georgia Institute of Technology
Side-Channel Leaks in Web Applications: a Reality Today, a Challenge Tomorrow [Slides: PPT, PDF]
Shuo Chen (Microsoft Research), Rui Wang (Indiana University Bloomington), XiaoFeng Wang (Indiana University Bloomington), Kehuan Zhang (Indiana University Bloomington)
Investigation of Triangular Spamming: a Stealthy and Efficient Spamming Technique [Slides: PPTX]
Zhiyun Qian (University of Michigan), Z. Morley Mao (University of Michigan), Yinglian Xie (Microsoft Research Silicon Valley), Fang Yu (Microsoft Research Silicon Valley)
A Practical Attack to De-Anonymize Social Network Users [Slides: PDF]
Gilbert Wondracek (Vienna University of Technology), Thorsten Holz (Vienna University of Technology), Engin Kirda (Institute Eurecom), Christopher Kruegel (University of California, Santa Barbara)
SCiFI - A System for Secure Face Identification [Slides: PDFPDF 6-up]
Margarita Osadchy, Benny Pinkas, Ayman Jarrous, Boaz Moskovich (Univesity of Haifa)
Best Paper Award!
Buses start loading for special event
Buses will leave from the Claremont front entrance to the reception. [Walking directions (about 30 minutes)]
Reception at Pauley Ballroom
Special Gala Dinner Celebrating the 30th Anniversary of Security and Privacy (at the Pauley Ballroom)
Reception, dinner and awards ceremony
Master of Ceremonies: Peter G. Neumann
Buses start to leave from Pauley Ballroom back to Claremont

Tuesday, 18 May 2010
Claremont Ballroom
Session 5: Network Security
Chair: Nikita Borisov, University of Illinois at Urbana-Champaign
Round-Efficient Broadcast Authentication Protocols for Fixed Topology Classes [Slides: PPT, PDF]
Haowen Chan, Adrian Perrig (Carnegie Mellon University)
Revocation Systems with Very Small Private Keys [Slides: PPT]
Allison Lewko (University of Texas at Austin), Amit Sahai (University of California, Los Angeles), Brent Waters (University of Texas at Austin)
Authenticating Primary Users' Signals in Cognitive Radio Networks via Integrated Cryptographic and Wireless Link Signatures
Yao Liu, Peng Ning, Huaiyu Dai (North Carolina State University)
Session 6: Systematization of Knowledge I
Chair: Z. Morley Mao, University of Michigan
Outside the Closed World: On Using Machine Learning For Network Intrusion Detection [Slides: PDF]
Robin Sommer (International Computer Science Institute / Lawrence Berkeley National Laboratory), Vern Paxson (International Computer Science Institute / University of California, Berkeley)
All You Ever Wanted to Know about Dynamic Taint Analysis and Forward Symbolic Execution (but might have been afraid to ask) [Slides: PPTXPDF]
Thanassis Avgerinos, Edward Schwartz, David Brumley (Carnegie Mellon University)
State of the Art: Automated Black-Box Web Application Vulnerability Testing
Jason Bau, Elie Bursztein, Divij Gupta, John Mitchell (Stanford University)
Lunch and Business Meeting [Slides: PPTX, PDF]
Session 7: Secure Systems
Chair: Jonathan McCune, Carnegie Mellon University
A Proof-Carrying File System
Deepak Garg, Frank Pfenning (Carnegie Mellon University)
Scalable Parametric Verification of Secure Systems: How to Verify Reference Monitors without Worrying about Data Structure Size [Slides: PPTX]
Jason Franklin (Carnegie Mellon University), Sagar Chaki (Carnegie Mellon University), Anupam Datta (Carnegie Mellon University), Arvind Seshadri (IBM Research)
HyperSafe: A Lightweight Approach to Provide Lifetime Hypervisor Control-Flow Integrity [Slides: PDF]
Zhi Wang, Xuxian Jiang (North Carolina State University)
Session 8: Systematization of Knowledge II
Chair: Ed Suh, Cornell University
How Good are Humans at Solving CAPTCHAs? A Large Scale Evaluation
Elie Bursztein, Steven Bethard, John C. Mitchell, Dan Jurafsky (Stanford University), Céline Fabry
Bootstrapping Trust in Commodity Computers [Slides: PPTXPDF]
Bryan Parno, Jonathan M. McCune, Adrian Perrig (Carnegie Mellon University)
Short Talks
Short Talks Chair: Angelos Stavrou, George Mason University
Call for Short Talks (abstract submissions due 1 May 2010)
Reception and Poster Session
Poster Session Chair: Carrie Gates (CA Labs) and Terry Benzel (USC-ISI)

Wednesday, 19 May 2010
Claremont Ballroom
Session 9: Analyzing Deployed Systems
Chair: J. Alex Halderman, University of Michigan
Chip and PIN is Broken [Slides: PDF, Prezi]
Steven J. Murdoch, Saar Drimer, Ross Anderson, Mike Bond (University of Cambridge)
Best Practical Paper Award!
Experimental Security Analysis of a Modern Automobile
Karl Koscher, Alexei Czeskis, Franziska Roesner, Shwetak Patel, Tadayoshi Kohno (University of Washington), Stephen Checkoway, Damon McCoy, Brian Kantor, Danny Anderson, Hovav Shacham, Stefan Savage (University of California, San Diego)
On the Incoherencies in Web Browser Access Control Policies
Kapil Singh (Georgia Institute of Technology), Alexander Moshchuk (Microsoft Research), Helen J. Wang (Microsoft Research), Wenke Lee (Georgia Institute of Technology)
Session 10: Language-Based Security
Chair: David Brumley,Carnegie Mellon University
ConScript: Specifying and Enforcing Fine-Grained Security Policies for JavaScript in the Browser [Slides: PPT, PDF]
Leo Meyerovich (University of California, Berkeley), Benjamin Livshits (Microsoft Research)
TaintScope: A Checksum-Aware Directed Fuzzing Tool for Automatic Software Vulnerability Detection [Slides: PPTXPDF]
Tielei Wang (Peking University), Tao Wei (Peking University), Guofei Gu (Texas A & M University), Wei Zou (Peking University)
Best Student Paper Award!
A Symbolic Execution Framework for JavaScript
Prateek Saxena, Devdatta Akhawe, Steve Hanna, Stephen McCamant, Dawn Song, Feng Mao (University of California, Berkeley)
Ulf Lindqvist, David Evans, Giovanni Vigna

Thursday, 20 May 2010
Claremont Ballroom (for workshop participants only)
All Day

See you in 2011!