Saturday, May 17:

CREDS: Cyber-security Research Ethics Dialog & Strategy
DUMA: 5th International Workshop on Data Usage Management
MoST: Mobile Security Technologies

Sunday, May 18:

IWCC: International Workshop on Cyber Crime
LangSec: The First Workshop on Language-Theoretic Security
WRIT: 3rd Workshop on Research for Insider Threat
W2SP: Web 2.0 Security and Privacy

Saturday, May 17:

CREDS: Cyber-security Research Ethics Dialog & Strategy
DUMA: 5th International Workshop on Data Usage Management
MoST: Mobile Security Technologies (MoST) 2014

(California Room)
(Empire Room)
(Valley Room)
7:30-8:30 Breakfast
8:30-9:00 Welcome (9:00-9:15) Welcome (8:45-9:00) Welcome (8:45-9:10)
9:00-10:00 (9:15-10:15)

Case Study in Developing Malware Ethics Education
(John Sullin)

Ethics in Data Sharing- Developing a Model for Best Practice
(Sven Dietrich, et al.)

Position Paper and Proposal: Four Ethical Issues in Online Trust
(Robin Wilton)

Session: Beyond Data Usage Control

Gringotts: Securing Data for Digital Evidence
(Catherine MS Redfield, Hiroyuki Date)

Hurdles for Genomic Data Usage Management
(Muhammad Naveed)

Data Driven Authentication: On the Effectiveness of User Behaviour Modeling with Mobile Device Sensors
(Gunes Kayacik, Mike Just, Lynne Baillie, David Aspinall, Nicholas Micallef)

Differentially Private Location Privacy in Practice
(Vincent Primault, Sonia Ben Mokhtar, Cédric Lauradoux, Lionel Brunie)

Location Privacy without Carrier Cooperation
(Keen Sung, Brian Neil Levine, Marc Liberatore)
10:00-10:30 Morning Break
Morning Break
Morning Break
10:50-12:20 (10:45–12:00)

Program Committee Session:

What leadership should be engaged (i.e., institutional, government, peer groups), and what should their respective roles and responsibilities be?

What is the role of Program Committees in ensuring published papers meet standards of ethics?

What might the focus and structure of a community-informed "best practices" look like?

Session: Technology

Architecture, Workflows, and Prototype for Stateful Data Usage Control in Cloud
(Aliaksandr Lazouski, Gaetano Mancini, Fabio Martinelli, Paolo Mori)

Resilience as a New Enforcement Model for IT Security based on Usage Control
(Sven Wohlgemuth)

Structure Matters - A New Approach for Data Flow Tracking
(Enrico Lovat, Florian Kelbert)

An Application Package Configuration Approach to Mitigating Android SSL Vulnerabilities
(Vasant Tendulkar, William Enck)

Two Novel Defenses against Motion-Based Keystroke Inference Attacks
(Yihang Song, Madhur Kukreti, Rahul Rawat, Urs Hengartner)

Sprobes: Enforcing Kernel Code Integrity on the TrustZone Architecture
(Xinyang Ge, Hayawardh Vijayakumar, Trent Jaeger)
12:00-13:15 Lunch (12:00-13:00) Lunch Lunch
13:15-14:30 (13:00–14:30) Chairs Session:

Exploring the Pillars in Practice: the growing market of practical controversies where both industry and researchers have a stake (and sometimes even a co-dependency) in the outcomes

Botnet takedown (e.g. proxying consent for vulnerable users, account suspension/blocking thresholds and criteria).

Session: Keynote and Languages

Keynote: Privacy through Accountability: The Case of Web Services
(Anupam Datta, CMU)

P2U: A Privacy Policy Specification Language for Secondary Data Sharing and Usage
(Johnson Iyilade, Julita Vassileva)

Keynote: Dawn Song
(FireEye and UC Berkeley)

14:30-15:00 Afternoon Break Afternoon Break (14:45-15:15) Afternoon Break
15:00-16:00 Open Discussion and Closing Remarks

Session: Accountability

RAPPD: A language and prototype for recipient-accountable private personal data
(Yuan J. Kang, Allan M. Schiffman, Jeff Shrager

Panel: Data Usage Management by and for Accountability
(Nick Doty, Aaron Jaggard, Erin Kenneally, Jeff Shrager, Michael Tschantz. Moderator: Anupam Datta)

Enter Sandbox: Android Sandbox Comparison
(Sebastian Neuner, Victor van der Veen, Martina Lindorfer, Markus Huber, Georg Merzdovnik, Martin Mulazzani Edgar Weippl)

Andlantis: Large-scale Android Dynamic Analysis
(Michael Bierma, Eric Gustafson, Jeremy Erickson, David Fritz, Yung Ryn Choe)

A Systematic Security Evaluation of Android's Multi-User Framework
(Paul Ratazzi, Yousra Aafer, Amit Ahlawat, Hao Hao, Yifei Wang, Wenliang Du)

A First Look at Firefox OS Security
(Daniel Defreez, Bhargava Shastry, Hao Chen, Jean-Pierre Seifert)

Code Injection Attacks on HTML5-based Mobile Apps
(Xing Jin, Tongbo Luo, Derek G. Tsui, Wenliang Du)
17:20-17:30 Thanks and Wrap-up

Sunday, May 18:

IWCC: International Workshop on Cyber Crime
LangSec: The First Workshop on Language-Theoretic Security
WRIT: 3rd Workshop on Research for Insider Threat
W2SP: Web 2.0 Security and Privacy

Time IWCC:
(Garden Room)
(Empire Room)
(Valley Room)
(California Room)
7:30-8:30 Breakfast
8:30-9:00 Welcome
Keynote Welcome
9:00-10:00 (9:15-10:00)

Prateek Mittal (Princeton University)

"Combatting Cybercrime via Network Science"

Caspar Bowden
Keynote: "The Privacy Engineer's Manifesto
Michelle Finneran Dennedy

(Vice President & Chief Privacy Officer, McAfee)
10:00-10:30 Morning Break Morning Break Morning Break Morning Break
10:30-12:00 DF-C2M2: A Capability Maturity Model for Digital Forensics Organisations
(Ebrahim Al Hanaei, Awais Rashid)

Asset Risk Scoring in Enterprise Network with Mutually Reinforced Reputation Propagation
(Xin Hu, Ting Wang, Marc Stoecklin, Doug Schales, Jiyong Jang, Reiner Sailer)

Collusion and fraud detection on electronic energy meters: a use case of forensics investigation procedures
(Rubens Faria, Keiko Fonseca, Bertoldo Schneider Jr, Sing Kiong Nguang)

Towards Forensic Analysis of Attacks with DNSSEC
(Haya Shulman, Michael Waidner)
Mind Your Language(s): A Discussion about Languages and Security
(Eric Jaeger, Olivier Levillain)

LEGOs for Reactive Programming
(Dennis Volpano)

Nail: A Practical Interface Generator for Binary Formats
(Julian Bangert, Nickolai Zeldovich, Frans Kaashoek)

Ethos' Deeply Integrated Distributed Types
(W. Michael Petullo, Wenyuan Fei, Pat Gavlin, Jon Solworth)
Understanding Insider Threat: A Framework for Characterising Attacks
(Jason Nurse, Oliver Buckley, Philip Legg, Gordon Wright, Monica Whitty, Michael Goldsmith, Sadie Creese)

Combining Generated Data Models with Formal Invalidation for Insider Threat Analysis
(Florian Kammueller, Christian W. Probst)

Analysis of Unintentional Insider Threats Deriving from Social Engineering Exploits
(Frank Greitzer, Jeremy Strozer, Sholom Cohen, Andrew Moore, David Mundie, Jennifer Cowley)
A study on the Unawareness of Shared Photos in Social Network Services
(Benjamin Henne, Marcel Linke, and Matthew Smith)

Uncovering Facebook Side Channels and User Attitudes
(Sai Lu, Janne Lindqvist and Rebecca Wright)

I Know Where You’ve Been: Geo-Triangulation Attacks via the Browser Cache
(Yaoqi Jia, Xinshu Dong, Zhenkai Liang, Prateek Saxena)
12:00-13:15 Lunch Lunch Lunch Lunch
13:15-14:30 The Tricks of the Trade: What Makes Spam Campaigns Successful?
(Jane Iedemska, Gianluca Stringhini, Richard Kemmerer, Christopher Kruegel, Giovanni Vigna)

Constructing and Analyzing Criminal Networks
(Hamed Sarvari, Ehab Abozinadah, Alex Mbaziira, Damon McCoy)

Steganography in Long Term Evolution Systems
(Iwona Grabska, Krzysztof Szczypiorski)

Improving Hard Disk Contention-based Covert Channel in Cloud Computing Environment
(Bartosz Lipinski, Wojciech Mazurczyk, Krzysztof Szczypiorski)
Phantom Boundaries and Cross-layer Illusions in Digital Radio
(Travis Goodspeed)

Fast State Machine Parsing for Internet Protocols: Faster Than You Think
(Robert David Graham, Peter C. Johnson)

Parsifal: a Pragmatic Solution to the Binary Parsing Problem
(Olivier Levillain)

Pitfalls of Protocol Design: Attempting to Write a Formally Verified PDF Parser
(Andreas Bogk, Marco Schöpl)
Insider Threat Detection by Process Analysis
(Matt Bishop, Borislava Simidchieva, Heather Conboy, Huong Phan, Leon Osterweil, Lori Clarke, George Avrunin, Sean Peisert)

Insider Attack Identification and Prevention Using a Declarative Approach
(Anandarup Sarkar, Sven Koehler, Sean Riddle, Bertram Ludaescher, Matt Bishop)

Detecting Unknown Insider Threat Scenarios
(William Young, Alex Memory, Henry Goldberg, Ted Senator)

Studying the Effectiveness of Security Images in Internet Banking
(Joel Lee, Lujo Bauer)

An Experimental Study of TLS Forward Secrecy Deployment
(Lin-Shung Huang, Shrikant Adhikarla, Dan Boneh, Collin Jackson)

PHAD-A Phishing Avoidance and Detection Tool Using Invisible Digital Watermarking
(Sonali Batra)
14:30-15:00 Afternoon Break Afternoon Break Afternoon Break Afternoon Break
15:00-16:45 PeerShark: Detecting Peer-to-Peer Botnets
(Pratik Narang, Subhajit Ray, Chittaranjan Hota, Venkat Venkatakrishnan)

Automatic Identification of Replicated Criminal Websites Using Consensus Clustering Methods
(Jake Drew, Tyler Moore)

iCOP: Automatically Identifying New Child Abuse Media in P2P Networks
(Claudia Peersman, Christian Schulze, Awais Rashid, Margaret Brennan, Carl Fischer)

Can we identify NAT behavior by analyzing Traffic Flows?
(Yasemin Gokcen, Vahid Aghaei Foroushani, A. Nur Zincir-Heywood)
The Weird Machines in Proof-Carrying Code
(Julien Vanegue)

(Additional Research Reports or a Roundtable Discussion)

Selling LangSec: Tales from the Alchemist's Apprentice
(Felix 'FX' Lindner)
Panel Discussion Application-screen Masking: A Hybrid Approach
(Ksenya Kveler, Abigail Goldsteen, Tamar Domany, Igor Gokhman, Boris Rozenberg, Ariel Farkash)

PriView: Media Consumption and Recommendation Meet Privacy Against Inference Attacks
(Amy Zhang, Sandilya Bhamidipati, Nadia Fawaz, Branislav Kveton)

I Know What You Watched Last Sunday - A New Survey Of Privacy In HbbTV
(Marco Ghiglieri)

Short paper: On the Privacy Concerns of URL Query Strings
(Andrew West, Adam Aviv)
16:45-17:00 Closing Remarks Closing Remarks
17:00-17:30 Thanks and Further Research Directions
17:30-19:00 SPW/SSP Reception
(Market Street Foyer, 16:00-19:00)

Our Supporters



Workshop News
Schedule Now Available
May 12, 2014
The schedule for this weekend's Security and Privacy Workshops is now available. You can access the schedule here.
Registration Now Open!
March 7, 2014
Registration is now open! Please visit our registration site for more information.
Hotel Information Posted
March 7, 2014
Information on how to reserve your room at a discounted rate for the S&P Workshops is available on the Travel page.
Travel Information Posted
February 26, 2014
Information about Student Travel Grants is available on the Travel page.
Workshops Announced
September 27, 2013
Details regarding the 7 workshops are featured on our Workshops page.
Workshop submission deadline is September 13
August 28, 2013
See the Call for Workshops page for details.
Sponsored by
IEEE Computer Society Technical Committee on Security and Privacy: website

The Security and Privacy Workshops (SPW 2014)
May 17-18, 2014
The Fairmont Hotel, San Jose, California

The Security and Privacy Workshops precede the 35th IEEE Symposium on Security and Privacy

Last Update: May 13, 2014