IEEE Symposium on Security and Privacy 2013

Program in alternative formats:

Interactive mobile version with the option to provide feedback for talks.
Experimental apps for Android and iOS. Search the corresponding app store for "IEEE SP".
PDF for printing

All sessions are in the Grand Ballroom. All breaks including lunches and breakfast will be in Italian, Colonial, Borgia, and Georgian room.

Sunday, 19 May 2013

4pm-7pm

Afternoon Registration and Welcome Reception
Serving canapés. Registration will be open
Location: Italian Foyer and Colonial Ballroom

Monday, 20 May 2013

7:30

Registration and Hot Breakfast
Registration Location: Italian Foyer

8:30-8:45

Opening Remarks

8:45-10:25

Session 1: Programming Language Security

Chair: Ben Livshits

All Your IFCException Are Belong To Us

Catalin Hritcu (University of Pennsylvania), Michael Greenberg (University of Pennsylvania), Ben Karel (University of Pennsylvania), Benjamin C. Pierce (University of Pennsylvania), and Greg Morrisett (Harvard University)

Declarative, Temporal, and Practical Programming with Capabilities

William R. Harris (University of Wisconsin, Madison), Somesh Jha (University of Wisconsin, Madison), Thomas Reps (University of Wisconsin, Madison), Jonathan Anderson (University of Cambridge), and Robert N. M. Watson (University of Cambridge)

Towards Practical Reactive Security Audit Using Extended Static Checkers

Julien Vanegue (Bloomberg LP) and Shuvendu K. Lahiri (Microsoft Research)

SoK: Eternal War in Memory

Laszlo Szekeres (Stony Brook University and UC Berkeley), Mathias Payer (UC Berkeley), Tao Wei (UC Berkeley and Peking University), and Dawn Song (UC Berkeley)

10:25-10:55

Break

10:55-11:45

Session 2: Anonymous Network Communication

Chair: Srdjan Capkun

The Parrot is Dead: Observing Unobservable Network Communications

Amir Houmansadr (The University of Texas at Austin), Chad Brubaker (The University of Texas at Austin), and Vitaly Shmatikov (The University of Texas at Austin)

Trawling for Tor Hidden Services: Detection, Measurement, Deanonymization

Alex Biryukov (University of Luxembourg), Ivan Pustogarov (University of Luxembourg), and Ralf-Philipp Weinmann (University of Luxembourg)

11:45-1:00

Buffet Lunch

1:00-2:15

Session 3: Botnets and Other Underground Activities

Chair: Thorsten Holz

SoK: P2PWNED — Modeling and Evaluating the Resilience of Peer-to-Peer Botnets

Christian Rossow (Institute for Internet Security), Dennis Andriesse (VU University Amsterdam), Tillmann Werner (The Honeynet Project), Brett Stone-Gross (Dell SecureWorks), Daniel Plohmann (Fraunhofer FKIE), Christian J. Dietrich (Institute for Internet Security), and Herbert Bos (VU University Amsterdam)

Finding the Linchpins of the Dark Web: a Study on Topologically Dedicated Hosts on Malicious Web Infrastructures

Zhou Li (Indiana University at Bloomington), Sumayah Alrwais (Indiana University at Bloomington), Yinglian Xie (Microsoft Research), Fang Yu (Microsoft Research), and XiaoFeng Wang (Indiana University at Bloomington)

The Crossfire Attack

Min Suk Kang (Carnegie Mellon University), Soo Bum Lee (Carnegie Mellon University), and Virgil D. Gligor (Carnegie Mellon University)

2:15-2:45

Break

2:45-4:00

Session 4: Jamming Uses and Defenses

Chair: Yinglian Xie

Ghost Talk: Mitigating EMI Signal Injection Attacks against Analog Sensors

Denis Foo Kune (University of Michigan), John Backes (University of Minnesota), Shane Clark (University of Massachusetts Amherst), Dan Kramer, MD (Beth Israel Deaconess Medical Center), Matthew Reynolds, MD (Harvard Clinical Research Institute), Kevin Fu (University of Michigan), Yongdae Kim (KAIST), Wenyuan Xu (University of South Carolina)

On Limitations of Friendly Jamming for Confidentiality

Nils Ole Tippenhauer (ETH Zurich), Luka Malisa (ETH Zurich), Aanjhan Ranganathan (ETH Zurich), and Srdjan Capkun (ETH Zurich)

Ally Friendly Jamming: How to Jam Your Enemy and Maintain Your Own Wireless Connectivity at the Same Time

Wenbo Shen (North Carolina State University), Peng Ning (North Carolina State University), Xiaofan He (North Carolina State University), Huaiyu Dai (North Carolina State University)

4:00-4:30

Break

4:30-5:25

Session 5: Secure Operating Systems (I)

Chair: Ahmad-Reza Sadeghi

Practical Timing Side Channel Attacks Against Kernel Space ASLR

Ralf Hund (Ruhr-University Bochum), Carsten Willems (Ruhr-University Bochum), and Thorsten Holz (Ruhr-University Bochum)

PrivExec: Private Execution as an Operating System Service

Kaan Onarlioglu (Northeastern University), Collin Mulliner (Northeastern University), William Robertson (Northeastern University), Engin Kirda (Northeastern University)

6pm-8pm

Poster Session And Reception
Location: California Room
Serving hot and cold hors d'oeuvres.

List of posters available here.

Tuesday, 21 May 2013

7:30-8:30

Breakfast

8:30-8:45

Awards

8:45-10:00

Session 6: Cryptographic Tools for Building Verifiable Cloud Computing

Chair: XiaoFeng Wang

A Hybrid Architecture for Interactive Verifiable Computation

Victor Vu (University of Texas, Austin), Srinath Setty (University of Texas, Austin), Andrew J. Blumberg (University of Texas, Austin), and Michael Walfish (University of Texas, Austin)

Pinocchio: Nearly Practical Veriﬁable Computation

Bryan Parno (Microsoft Research), Craig Gentry (IBM Research), Jon Howell (Microsoft Research), and Mariana Raykova (IBM Research)

ObliviStore: High Performance Oblivious Cloud Storage

Emil Stefanov (UC Berkeley) and Elaine Shi (University of Maryland)

10:00-10:30

Break

10:30-11:45

Session 7: Hardware Security

Chair: Jon McCune

Hiding Information in Flash Memory

Yinglei Wang (Cornell University), Wing-kei Yu (Cornell University), Sarah Q. Xu (Cornell University), Edwin Kan (Cornell University), and G. Edward Suh (Cornell University)

PUFs in Security Protocols: Attack Models and Security Evaluations

Ulrich Rührmair (Technische Universität München) and Marten van Dijk (MIT)

SoK: Secure Data Deletion

Joel Reardon (ETH Zurich), David Basin (ETH Zurich), and Srdjan Capkun (ETH Zurich)

11:45-1:00

Buffet Lunch

1:00-2:15

Session 8: Privacy

Chair: Anupam Datta

Anon-Pass: Practical Anonymous Subscriptions

Michael Z. Lee (The University of Texas at Austin), Alan M. Dunn (The University of Texas at Austin), Brent Waters (The University of Texas at Austin), Emmett Witchel (The University of Texas at Austin), and Jonathan Katz (University of Maryland)

Privacy-Preserving Ridge Regression on Hundreds of Millions of Records

Valeria Nikolaenko (Stanford University), Udi Weinsberg (Technicolor), Stratis Ioannidis (Technicolor), Marc Joye (Technicolor), Dan Boneh (Stanford University), Nina Taft (Technicolor)

A Scanner Darkly: Protecting User Privacy From Perceptual Applications

Suman Jana (The University of Texas at Austin), Arvind Narayanan (Princeton University), Vitaly Shmatikov (University of Texas at Austin)

2:15-2:45

Break

2:45-4:00

Session 9: Application Security (Voting, Sybil, Bitcoin)

Chair: Michael Backes

Caveat Coercitor: Coercion-Evidence in Electronic Voting

Gurchetan S. Grewal (University of Birmingham), Mark D. Ryan (University of Birmingham), Sergiu Bursuc (Queen's University Belfast), and Peter Y. A. Ryan (University of Luxembourg)

SoK: The Evolution of Sybil Defense via Social Networks

Lorenzo Alvisi (University of Texas Austin), Allen Clement (MPI-SWS), Alessandro Epasto (Sapienza University of Rome), Silvio Lattanzi (Google, Inc), and Alessandro Panconesi (Sapienza University of Rome)

Zerocoin: Anonymous Distributed E-Cash from Bitcoin

Ian Miers (The Johns Hopkins University), Christina Garman (The Johns Hopkins University), Matthew Green (The Johns Hopkins University), and Aviel D. Rubin (The Johns Hopkins University)

4:00-4:30

Break

4:30-5:45

Short Talks

6:00-7:00

Business Meeting
Location: Grand Ballroom
Agenda

Wednesday, 22 May 2013

7:30-8:30

Breakfast

8:30-8:45

Remarks

8:45-10:00

Session 10: Formal Methods for Building Secure Systems

Chair: Lujo Bauer

seL4: from General Purpose to a Proof of Information Flow Enforcement

Toby Murray (NICTA and University of New South Wales), Daniel Matichuk (NICTA), Matthew Brassil (NICTA), Peter Gammie (NICTA), Timothy Bourke (NICTA), Sean Seefried (NICTA), Corey Lewis (NICTA), Xin Gao (NICTA), and Gerwin Klein (NICTA and University of New South Wales)

Design, Implementation and Verification of an eXtensible and Modular Hypervisor Framework

Amit Vasudevan (CyLab, Carnegie Mellon University), Sagar Chaki (SEI, Carnegie Mellon University), Limin Jia (CyLab, Carnegie Mellon University), Jonathan M. McCune (Google Inc.), James Newsome, and Anupam Datta (CyLab, Carnegie Mellon University)

Implementing TLS with Verified Cryptographic Security

Karthikeyan Bhargavan (INRIA), Cedric Fournet (Microsoft Research), Markulf Kohlweiss (Microsoft Research), Alfredo Pironti (INRIA), and Pierre-Yves Strub (IMDEA)

10:00-10:30

Break

10:30-11:45

Session 11: Crypto

Chair: Bryan Parno

An Ideal-Security Protocol for Order-Preserving Encoding

Raluca Ada Popa (MIT CSAIL), Frank Li (MIT CSAIL), and Nickolai Zeldovich (MIT CSAIL)

Efficient Garbling from a FixedKey Blockcipher

Mihir Bellare (University of California, San Diego), Viet Tung Hoang (University of California, Davis), Sriram Keelveedhi (University of California, San Diego), and Phillip Rogaway (University of California, Davis)

Circuit Structures for Improving Efficiency of Security and Privacy Tools

Samee Zahur (University of Virginia) and David Evans (University of Virginia)

11:45-1:00

Boxed Lunch

1:00-2:15

Session 12: SSL / TLS, Web Security

Chair: Kapil Singh

SoK: SSL and HTTPS: Revisiting Past Challenges and Evaluating Certificate Trust Model Enhancements

Jeremy Clark (Carleton University) and Paul C. van Oorschot (Carleton University)

Lucky Thirteen: Breaking the TLS and DTLS Record Protocols

Nadhem J. AlFardan (Royal Holloway, University of London) and Kenneth G. Paterson (Royal Holloway, University of London)

Cookieless Monster: Exploring the Ecosystem of Web-based Device Fingerprinting

Nick Nikiforakis (KU Leuven), Alexandros Kapravelos (University of California, Santa Barbara), Wouter Joosen (KU Leuven), Christopher Kruegel (University of California, Santa Barbara), Frank Piessens (KU Leuven), Giovanni Vigna (University of California, Santa Barbara)

2:15-2:45

Break

2:45-4:00

Session 13: Secure Operating Systems (II)

Chair: Herbert Bos

Practical Control Flow Integrity & Randomization for Binary Executables

Chao Zhang (Peking University), Tao Wei (Peking University and UC Berkeley), Zhaofeng Chen (Peking University), Lei Duan (Peking University), László Szekeres (Stony Brook University), Stephen McCamant (University of Minnesota), Dawn Song (UC Berkeley), and Wei Zou (Peking University)

Just-In-Time Code Reuse: On the Effectiveness of Fine-Grained Address Space Layout Randomization

Kevin Z. Snow (The University of North Carolina at Chapel Hill), Fabian Monrose (The University of North Carolina at Chapel Hill), Lucas Davi (Technische Universität Darmstadt), Alexandra Dmitrienko (Fraunhofer SIT, Darmstadt), Christopher Liebchen (Technische Universität Darmstadt), and Ahmad-Reza Sadeghi (Technische Universität Darmstadt)

Welcome to the Entropics: Boot-Time Entropy in Embedded Devices

Keaton Mowery (UC San Diego), Michael Wei (UC San Diego), David Kohlbrenner (UC San Diego), Hovav Shacham (UC San Diego), and Steven Swanson (UC San Diego)

4:00-4:30

Break

4:30-5:45

Panel Discussion: Privacy Research (Video)

The control of one's privacy in the digital age is an important individual and societal concern. Protection of privacy is a priority in our democracy. At the same time, many important public priorities depend on the ability to collect, analyze and use large amounts of personal information, everything from medical research to social sciences and innovative new commercial services, to law enforcement and national security applications. Current technical and legal approaches to privacy protection have proven inadequate to the task in many of these applications. Can we envision scientific and engineering foundations to support various privacy requirements in cyberspace? Are there unique objectives for research in privacy? Is privacy research different from research in security? Furthermore, the need for privacy research arises in Federal initiatives such as Health IT, Smart Grid, or the National Strategy for Trusted Identities in Cyberspace (NSTIC), and has been called for by the President's Council of Advisors on Science and Technology (PCAST) in their 2010 and 2013 review of Federal IT R&D. This panel, jointly organized with the US Government's Senior Steering Group for cybersecurity R&D will take an interdisciplinary approach to exploring questions, opportunities, and challenges in privacy research.

Moderator: Daniel Weitzner, Director, Decentralized Information Group, MIT Computer Science and Artificial Intelligence Lab

Panelists:

Vijayalakshmi (Vijay) Atluri, NSF/SaTC Progam Director (privacy research)
Joan Feigenbaum, professor of computer science, Yale University
Karyn Higa-Smith, IdM/privacy R&D Program Manager, DHS S&T Cyber Security Division
Deirdre Mulligan, professor of law, UC Berkeley School of Information and Berkeley Center for Law and Technology
Betsy Masiello, Senior Manager, Global Public Policy, Google
Jeannette Wing, VP, Head of Microsoft Research International

6:00-7:30

S&P/SPW Bridging Reception
Location: California Room
Serving canapés.

6:30-7:30

Birds-of-a-Feather Sessions
Location: Elizabethan 1-4

Challenges and Visions for a More Secure Internet (Robert Broberg, Cisco)
Working with Operations to Access Data (Scott Campbell, NERSC)
Launching University Startups - What's Important and What's Not (Sudip Chakrabarti, Osage University Partners)
Human-Centered Privacy and Security (Apu Kapadia, Indiana University)