IEEE Symposium on Security and Privacy

Download the program as a PDF

Advance Program

Sunday, 22 May 2010
Registration and Welcome Reception
Registration will be open next to the Boardroom from 4-7pm Sunday. The symposium registration is sold out, but registration spaces remain available for workshops.

Monday, 23 May 2011
7:30am - 5pm
Registration desk hours
The symposium is at capacity. If you'd like to have a comfortable room to spread out while still being able to view slides and listen to presentations, this will be available in the upstairs Sonoma room throughout the duration of the symposium.
Claremont Ballroom
8:30 - 8:45
Opening Remarks: Deb Frincke, Giovanni Vigna
8:45 - 10:00
Session 1: Security of authentication and protection mechanisms
Chair: Patrick Traynor
Hookt on fon-iks: Phonotactic Reconstruction of Encrypted VoIP Conversations
Andrew M. White, Kevin Snow, Austin Matthews, Fabian Monrose (University of North Carolina at Chapel Hill)
The Failure of Noise-Based Non-Continuous Audio Captchas
Elie Bursztein (Stanford University), Romain Beauxis (Tulane University), Hristo Spassimirov Paskov (Stanford University), Daniele Perito (INRIA), Celine Fabry, John C. Mitchell (Stanford University)
Using Fingerprint Authentication to Reduce System Security: An Empirical Study
Hugh Wimberly, Lorie M. Liebrock (New Mexico Institute of Mining and Technology)
10:00 - 10:20
10:20 - 11:10
Session 2: Hardware Security
Chair: Mike Reiter
Silencing Hardware Backdoors
Adam Waksman, Simha Sethumadhavan (Columbia University)
Defeating UCI: Building Stealthy and Malicious Hardware
Cynthia Sturton (UC Berkeley), Matthew Hicks (University of Illinois Urbana-Champaign), David Wagner (UC Berkele), Samuel T. King (University of Illinois Urbana-Champaign)
11:10 - noon
Session 3: Systematization of Knowledge I
Chair: Guofei Gu
Formalizing Anonymous Blacklisting Systems
Ryan Henry, Ian Goldberg (University of Waterloo)
Mobile Security Catching Up? - Revealing the nuts and bolts of the security of mobile devices
Michael Becher (University of Mannheim), Felix C. Freiling (University of Mannheim), Johannes Hoffmann (Ruhr-University Bochum), Thorsten Holz (Ruhr-University Bochum), Sebastian Uellenbeck (Ruhr-University Bochum), Christopher Wolf (Ruhr-University Bochum)
noon - 1:30
1:30 - 2:45
Session 4: Browsing Security and Privacy
Chair: Venkat Venkatakrishnan
Verified Security for Browser Extensions
Arjun Guha (Brown University), Matthew Fredrikson (University of Wisconsin), Benjamin Livshits (Microsoft Research), Nikhil Swamy (Microsoft Research)
RePriv: Re-Imagining Content Personalization and In-Browser Privacy
Matthew Fredrikson (University of Wisconsin), Benjamin Livshits (Microsoft Research)
I Still Know What You Visited Last Summer: User interaction and side-channel attacks on browsing history
Zachary Weinberg, Eric Y. Chen, Pavithra Ramesh Jayaraman, Collin Jackson (Carnegie Mellon University)
2:45 - 3:15
3:15 - 4:55
Session 5: Secure Information Flow and Information Policies
Chair: Andrew Myers
Verification of Information Flow and Access Control Policies via Dependent Types
Aleksandar Nanevski (IMDEA Software Institute), Anindya Banerjee (IMDEA Software Institute), Deepak Garg (Carnegie Mellon University)
Inference of expressive declassification policies
Jeffrey Vaughan (UC Los Angeles), Stephen Chong (Harvard University)
The Complexity of Intransitive Noninterference
Sebastian Eggert (Kiel University), Ron van der Meyden (University Of New South Wales), Henning Schnoor (Kiel University), Thomas Wilke (Kiel University)
SCION: Scalability, Control, and Isolation On Next-Generation Networks
Xin Zhang, Hsu-Chun Hsiao, Geoffrey Hasker, Haowen Chan, Adrian Perrig, David Andersen (Carnegie Mellon University)
5:30 - 7:30
Reception and Poster Session

Abstracts available here.

Tuesday, 24 May 2011
Claremont Ballroom
8:45 - 10:00
Session 6: Privacy and Social Networks
Chair: Lujo Bauer
"You Might Also Like:" Privacy Risks of Collaborative Filtering
Joseph A. Calandrino (Princeton University), Ann Kilzer (University of Texas at Austin), Arvind Narayanan (Stanford University), Edward W. Felten (Princeton University), Vitaly Shmatikov (University of Texas at Austin)
Quantifying Location Privacy
Reza Shokri, George Theodorakopoulos, Jean-Yves Le Boudec, Jean-Pierre Hubaux (EPFL)
Preventing Sybil Attacks by Privilege Attenuation: A Design Principle for Social Network Systems
Philip W. L. Fong (University of Calgary)
10:00 - 10:20
10:20 - noon
Session 7: Virtualization and Trusted Computing
Chair: Jonathan McCune
PRISM: Program Replication and Integration for Seamless MILS
Chris Owen, Duncan Grove, Tristan Newby, Alex Murray, Chris North, Michael Pope (Defence Science and Technology Organisation)
Virtuoso: Narrowing the Semantic Gap in Virtual Machine Introspection
Brendan Dolan-Gavitt (Georgia Institute of Technology), Tim Leek (MIT Lincoln Laboratory), Michael Zhivich (MIT Lincoln Laboratory), Jonathon Giffin (Georgia Institute of Technology), Wenke Lee (Georgia Institute of Technology)
HomeAlone: Co-Residency Detection in the Cloud via Side-Channel Analysis
Yinqian Zhang (University of North Carolina at Chapel Hill), Ari Juels (RSA Laboratories), Alina Oprea (RSA Laboratories), Michael K. Reiter (University of North Carolina at Chapel Hill)
TxBox: Building Secure, Efficient Sandboxes with System Transactions
Suman Jana (University of Texas at Austin), Vitaly Shmatikov (University of Texas at Austin), Donald E. Porter (Stony Brook University)
noon - 1:30
1:30 - 2:45
Session 8: Program Security Analysis
Chair: Weidong Cui
Differential Slicing: Identifying Causal Execution Differences for Security Applications
Noah Johnson (UC Berkeley) Juan Caballero (IMDEA Software Institute) Kevin Chen (UC Berkeley) Stephen McCamant (UC Berkeley Pongsin Poosankam (UC Berkeley, Carnegie Mellon University) Daniel Reynaud (UC Berkeley) Dawn Song (UC Berkeley)
Automated Analysis of Security-Critical JavaScript APIs
Ankur Taly (Stanford University), Ulfar Erlingsson (Google), Mark Miller (Google), John C. Mitchell (Stanford University), Jasvir Nagra (Google)
Memoir: Practical State Continuity for Protected Modules
Bryan Parno (Microsoft Research), Jacob R. Lorch (Microsoft Research), John R. Douceur (Microsoft Research), James Mickens (Microsoft Research), Jonathan M. McCune (Carnegie Mellon University)
2:45 - 3:05
3:05 - 3:55
Session 9: Systematization of Knowledge II
Chair: Adrian Perrig
A Formal Foundation for the Security Features of Physical Functions
Frederik Armknecht (University of Mannheim), Roel Maes (Katholieke Universiteit Leuven), Ahmad-Reza Sadeghi (TU Darmstadt, Fraunhofer SIT Darmstadt), Francois-Xavier Standaert (Université Catholique de Louvain), Christian Wachsmann (TU Darmstadt)
Timing- and Termination-Sensitive Secure Information Flow: Exploring a New Approach
Vineeth Kashyap (UC Santa Barbara), Ben Wiedermann (Virginia Tech), Ben Hardekopf (UC Santa Barbara)
3:55- 4:45
Session 10: Underground Economy/Malware
Chair: Kevin Fu
Click Trajectories: End-to-End Analysis of the Spam Value Chain
Kirill Levchenko (UC San Diego), Andreas Pitsillidis (UC San Diego), Neha Chachra (UC San Diego), Brandon Enright (UC San Diego), Mark Felegyhazi (Budapest University of Technology and Economics), Chris Grier (International Computer Science Institute and UC Berkeley), Tristan Halvorson (UC San Diego), Chris Kanich (UC San Diego), Christian Kreibich (International Computer Science Institute), He Liu (UC San Diego), Damon McCoy (UC San Diego), Nicholas Weaver (International Computer Science Institute), Vern Paxson (International Computer Science Institute and UC Berkeley), Geoffrey M. Voelker (UC San Diego), Stefan Savage (UC San Diego)
Design and Evaluation of a Real-Time URL Spam Filtering Service
Kurt Thomas, Chris Grier, Justin Ma, Vern Paxson, Dawn Song (UC Berkeley)
5:00 - 5:50
Short talks
6:00 - 7:00
TC business meeting

Wednesday, 25 May 2011
Claremont Ballroom
9:00 - 10:40
Session 11: Vulnerability Analysis
Chair: Christopher Kruegel
How to Shop for Free Online - Security Analysis of Cashier-as-a-Service Based Web Stores
Rui Wang (Indiana University Bloomington), Shuo Chen (Microsoft Research), XiaoFeng Wang (Indiana University Bloomington), Shaz Qadeer (Microsoft Research)
Cryptography in the Web: The Case of Cryptographic Design Flaws in ASP.NET
Cache Games - Bringing Access-Based Cache Attacks on AES to Practice
Endre Bangerter, David Gullasch, Stephan Krenn (Bern University of Applied Sciences and University of Fribourg)
OpenConflict: Preventing Real Time Map Hacks in Online Games
Elie Bursztein, Mike Hamburg, Jocelyn Lagarenne, Dan Boneh (Stanford University)
10:40 - 11:00
11:00 - 11:50
Session 12: Anonymity and Voting
Chair: David Wagner
Extending Nymble-like Systems
Ryan Henry, Ian Goldberg (University of Waterloo)
Verifiability, Privacy, and Coercion-Resistance: New Insights from a Case Study
Ralf Kuesters, Tomasz Truderung, Andreas Vogt (University of Trier)
11:50 - noon
Closing remarks, General Chair and Incoming General Chair 2012
1:30 - 5:00
Federal Cyber-Security R&D
Special co-located event open to all attendees
Immediately following the symposium representatives from NSF, DHS, and other agencies will present updated strategic thrusts for Federal cyber-security R&D. The thrusts define a set of interrelated priorities for the agencies of the U.S. government that conduct or sponsor R&D in cyber security. This event, organized by the NITRD Program, will provide insights into the priorities that are shaping the direction of Federal research activities.

Found an error? Email

Conference News
Conference Proceedings Available Online
All the papers for the 2011 symposium have been made available free of charge on the website.
Conference Photo Album
Photo set from IEEE Security and Privacy 2011 now on flickr!
Paper awards
Congratulations to the paper award winners!
Best Paper: Hookt on fon-iks
Best Student Paper: OpenConflict
Best Practical Paper: How to Shop for Free Online
Poster abstracts posted
Posted here.
Ethics Workshop Cancelled
The "Community Workshop on Ethical Guidelines for Security Research" has been cancelled. Those who registered will receive a full refund. The other workshops remain open and available.
Call for short talks
We are soliciting short talks (5 minutes) that present preliminary research results or summaries of emerging topics to the Oakland community.
Registration complete
Registration for the 2011 conference is complete, with the exception of offering replacements for last minute cancellations. We ask that those who would have come to the conference provide their contact info via the registration page, so we can size venues for future years.
Registration is nearly full
Registration for the 2011 conference is nearly full, and we are accepting applications to the wait list. Please let the registration chair know if you will not be able to attend the conference so we can let others in. Workshop registrations remain open and slots are available.