2005 IEEE Symposium on Security and Privacy

May 8-11, 2005

The Claremont Resort
Oakland, California, USA

sponsored by the
IEEE Computer Society Technical Committee on Security and Privacy
in co-operation with
The International Association for Cryptologic Research (IACR)



Sunday, May 8, 2005

16:00-19:00 Registration and Reception


Monday, May 9, 2005

8:45-9:00 Opening Remarks (Steve Tate, Michael Waidner)

Session: Intrusion Detection (Wenke Lee)

Language-Based Generation and Evaluation of NIDS Signatures
Shai Rubin, Somesh Jha, Barton P. Miller

Efficient Intrusion Detection using Automaton Inlining
Rajeev Gopalakrishna, Eugene H. Spafford, Jan Vitek

Semantics-Aware Malware Detection
Mihai Christodorescu, Somesh Jha, Sanjit Seshia, Dawn Song, Randal E. Bryant

10:30-11:00 Break

Invited Talk (Vern Paxson)

Physical Security -- the Good, the Bad, and the Ugly
Mark Seiden

Physical security is an oft-overlooked but critical prerequisite for information security. Now that software has leaked into all aspects of modern life, physical security mechanisms often are badly designed, rely extensively on Security through Obscurity, contain substantial snake oil components, include back doors, use piece-part solutions which have nontrivial real-world interactions, and need to function in a system but ignore environmental context.

I'll tell some stories about tests of outsourcing and colocation facilities, components and badge systems as examples of such security flaws.

12:00-13:30 Lunch

Session: Sensor Networks (Birgit Pfitzmann)

Distributed Detection of Node Replication Attacks in Sensor Networks
Bryan Parno, Adrian Perrig, Virgil Gligor

Detection of Denial-Of-Message Attacks on Sensor Network Broadcasts
Jonathan M. McCune, Elaine Shi, Adrian Perrig, Michael K. Reiter

14:30-15:00 Break

Session: 5-minute Work-in-progress Talks (Vern Paxson, Michael Waidner)


Tuesday, May 10, 2005


Session: Access Control and Authentication (Virgil Gligor)

Distributed Proving in Access-Control Systems
Lujo Bauer, Scott Garriss, Michael K. Reiter

On Safety in Discretionary Access Control
Ninghui Li, Mahesh V. Tripunitara

Seeing-Is-Believing: Using Camera Phones For Human-Verifiable Authentication
Jonathan M. McCune, Adrian Perrig, Michael K. Reiter

10:30-11:00 Break
11:00-12:00 Invited Talk (Michael Waidner)

Model-driven Security
David Basin

We present an approach to integrating security into the system design process. Namely, models are made of system designs along with their security requirements, and security architectures are automatically generated from the resulting security-design models. We call the resulting approach "Model Driven Security" as it represents a specialization of model driven development to the domain of system security.

To illustrate these ideas we present SecureUML, a modeling language based on UML for modeling system designs along with their security requirements. From SecureUML models, we automatically generate security architectures, built from declarative and procedural access control mechanisms, for distributed middleware-based applications. The process has been implemented in the ArcStyler tool, which generates security infrastructures based on Sun's Enterprise Java Bean standard. We report on case studies using this tool, which illustrate the flexibility and power of our approach.

12:00-13:30 Lunch

Session: Integrity (Michael K. Reiter)

A Generic Attack on Checksumming-Based Software Tamper Resistance
Glenn Wurster, Paul van Oorschot, Anil Somayaji

Towards Constant Bandwidth Overhead Integrity Checking of Untrusted Data
Dwaine Clarke, G. Edward Suh, Blaise Gassend, Ajay Sudan, Marten van Dijk, Srinivas Devadas

Bind: A Time-Of-Use Attestation Service For Secure Distributed System
Elaine Shi, Adrian Perrig, Leendert Van Doorn

15:00-15:30 Break

Session: Cryptography and Protocols (Josh Benaloh)

Relating Symbolic And Cryptographic Secrecy
Michael Backes, Birgit Pfitzmann

Low-Cost Traffic Analysis Of Tor
Steven Murdoch, George Danezis

Leap-Frog Packet Linking and Diverse Key Distributions for Improved Integrity In Network Broadcasts
Michael T. Goodrich


Wednesday, May 11, 2005

9:00-10:00 Panel Discussion (Michael Backes)

Security in Ad-hoc and Sensor Networks
Panelists: Virgil Gligor, Gene Tsudik, David Wagner

Ad-hoc and sensor networks have recently received increasing attention in the security community. The panel aims to highlight new challenges in this area, addressing both open theoretical questions and issues concerning the usability of such networks in security-critical practical scenarios.

10:00-10:30 Break

Worms and Network Forensics (Giovanni Vigna)

Remote Physical Device Fingerprinting
Tadayoshi Kohno, Andre Broido, KC Claffy

Polygraph: Automatically Generating Signatures For Polymorphic Worms
James Newsome, Brad Karp, Dawn Song

Worm Origin Identification Using Random Moonwalks
Yinglian Xie, Vyas Sekar, David A. Maltz, Michael K. Reiter, Hui Zhang


Last modified: Sat Apr 16 22:30:50 Romance Daylight Time 2005