15. CCS 2008: Alexandria, VA, USA

Keynote address

• Martín Abadi:
  The good, the bad, and the provable. 1
  

Attacks 1

• Chris Kanich, Christian Kreibich, Kirill Levchenko, Brandon Enright, Geoffrey M. Voelker, Vern Paxson, Stefan Savage:
  Spamalytics: an empirical analysis of spam marketing conversion. 3-14
  
• Aurélien Francillon, Claude Castelluccia:
  Code injection attacks on harvard-architecture devices. 15-26
  
• Erik Buchanan, Ryan Roemer, Hovav Shacham, Stefan Savage:
  When good instructions go bad: generalizing return-oriented programming to RISC. 27-38
  

Software security 1

• Walter Chang, Brandon Streiff, Calvin Lin:
  Efficient and extensible security enforcement using dynamic data flow analysis. 39-50
  
• Artem Dinaburg, Paul Royal, Monirul I. Sharif, Wenke Lee:
  Ether: malware analysis via hardware virtualization extensions. 51-62
  
• Diptikalyan Saha:
  Extending logical attack graphs for efficient vulnerability analysis. 63-74
  

Browser security

• Adam Barth, Collin Jackson, John C. Mitchell:
  Robust defenses for cross-site request forgery. 75-88
  
• Terri Oda, Glenn Wurster, Paul C. van Oorschot, Anil Somayaji:
  SOMA: mutual approval for included content in web pages. 89-98
  
• Steven Crites, Francis Hsu, Hao Chen:
  OMash: enabling secure web mashups via object abstractions. 99-108
  

Formal methods 1

• Hubert Comon-Lundh, Véronique Cortier:
  Computational soundness of observational equivalence. 109-118
  
• Cas J. F. Cremers:
  Unbounded verification, falsification, and characterization of security protocols by pattern refinement. 119-128
  
• Ralf Küsters, Tomasz Truderung:
  Reducing protocol analysis with XOR to the XOR-free case in the horn theory based approach. 129-138
  

Privacy 1

• Peter Williams, Radu Sion, Bogdan Carbunar:
  Building castles out of mud: practical access pattern privacy and correctness on untrusted storage. 139-148
  
• Kasper Bonne Rasmussen, Srdjan Capkun:
  Location privacy of distance bounding protocols. 149-160
  

Software security 2

• Matthew Finifter, Adrian Mettler, Naveen Sastry, David Wagner:
  Verifiable functional purity in java. 161-174
  
• Mudhakar Srivatsa, Shane Balfe, Kenneth G. Paterson, Pankaj Rohatgi:
  Trust management for secure information flows. 175-188
  

Network security

• Hitesh Ballani, Paul Francis:
  Mitigating DNS DoS attacks. 189-198
  
• Maxim Raya, Mohammad Hossein Manshaei, Márk Félegyházi, Jean-Pierre Hubaux:
  Revocation games in ephemeral networks. 199-210
  
• David Dagon, Manos Antonakakis, Paul Vixie, Tatuya Jinmei, Wenke Lee:
  Increased DNS forgery resistance through 0x20-bit encoding: security via leet queries. 211-222
  

System security 1

• Arnar Birgisson, Mohan Dhawan, Úlfar Erlingsson, Vinod Ganapathy, Liviu Iftode:
  Enforcing authorization policies using transactional memory introspection. 223-234
  
• Lucas Ballard, Seny Kamara, Fabian Monrose, Michael K. Reiter:
  Towards practical biometric key generation with randomized biometric templates. 235-244
  
• Rui Wang, XiaoFeng Wang, Kehuan Zhang, Zhuowei Li:
  Towards automatic reverse engineering of software security configurations. 245-256
  

Privacy 2

• Assaf Ben-David, Noam Nisan, Benny Pinkas:
  FairplayMP: a system for secure multi-party computation. 257-266
  
• Prateek Mittal, Nikita Borisov:
  Information leaks in structured peer-to-peer anonymous communication systems. 267-278
  
• Jaeyeon Jung, Anmol Sheth, Ben Greenstein, David Wetherall, Gabriel Maganis, Tadayoshi Kohno:
  Privacy oracle: a system for finding application leaks with black box differential testing. 279-288
  

Access control

• Lars E. Olson, Carl A. Gunter, P. Madhusudan:
  A formal framework for reflective database access control policies. 289-298
  
• Mario Frank, David A. Basin, Joachim M. Buhmann:
  A class of probabilistic models for role engineering. 299-310
  
• Sabrina De Capitani di Vimercati, Sara Foresti, Sushil Jajodia, Stefano Paraboschi, Pierangela Samarati:
  Assessing query privileges via safe and efficient permission composition. 311-322
  

Anonymity

• Wei Wang, Mehul Motani, Vikram Srinivasan:
  Dependent link padding algorithms for low latency anonymity systems. 323-332
  
• Patrick P. Tsang, Man Ho Au, Apu Kapadia, Sean W. Smith:
  PEREA: towards practical TTP-free revocation in anonymous authentication. 333-344
  
• Jan Camenisch, Thomas Groß:
  Efficient attributes for anonymous credentials. 345-356
  

Formal methods 2

• Michael Backes, Catalin Hritcu, Matteo Maffei:
  Type-checking zero-knowledge. 357-370
  
• Judicaël Courant, Marion Daubignard, Cristian Ene, Pascal Lafourcade, Yassine Lakhnech:
  Towards automated proofs for asymmetric encryption schemes in the random oracle model. 371-380
  
• Avik Chaudhuri, Prasad Naldurg, Sriram K. Rajamani, G. Ramalingam, Lakshmisubrahmanyam Velaga:
  EON: modeling and analyzing dynamic access control systems with logic programs. 381-390
  

System security 2

• Weidong Cui, Marcus Peinado, Karl Chen, Helen J. Wang, Luis Irún-Briz:
  Tupni: automatic reverse engineering of input formats. 391-402
  
• Kevin R. B. Butler, Stephen E. McLaughlin, Patrick Drew McDaniel:
  Rootkit-resistant disks. 403-416
  

Identity-based encryption

• Alexandra Boldyreva, Vipul Goyal, Virendra Kumar:
  Identity-based encryption with efficient revocation. 417-426
  
• Vipul Goyal, Steve Lu, Amit Sahai, Brent Waters:
  Black-box accountable authority identity-based encryption. 427-436
  

Applied cryptography 1

• Charalampos Papamanthou, Roberto Tamassia, Nikos Triandopoulos:
  Authenticated hash tables. 437-448
  
• Ali Bagherzandi, Jung Hee Cheon, Stanislaw Jarecki:
  Multisignatures secure under the discrete logarithm assumption and a generalized forking lemma. 449-458
  
• Karthikeyan Bhargavan, Cédric Fournet, Ricardo Corin, Eugen Zalinescu:
  Cryptographically verified implementations for TLS. 459-468
  

Device security

• Benjamin Laxton, Kai Wang, Stefan Savage:
  Reconsidering physical key secrecy: teleduplication via optical decoding. 469-478
  
• Alexei Czeskis, Karl Koscher, Joshua R. Smith, Tadayoshi Kohno:
  RFIDs and secret handshakes: defending against ghost-and-leech attacks and unauthorized reads with context-aware communications. 479-490
  
• Carmit Hazay, Yehuda Lindell:
  Constructions of truly practical secure protocols using standardsmartcards. 491-500
  

Applied cryptography 2

• Dan Boneh, Moni Naor:
  Traitor tracing with constant size ciphertext. 501-510
  
• Benoît Libert, Damien Vergnaud:
  Multi-use unidirectional proxy re-signatures. 511-520
  
• Haowen Chan, Adrian Perrig:
  Efficient security primitives derived from a secure aggregation algorithm. 521-534
  

Attacks 2

• Philippe Golle:
  Machine learning attacks against the Asirra CAPTCHA. 535-542
  
• Jeff Yan, Ahmad Salah El Ahmad:
  A low-cost attack on a Microsoft captcha. 543-554
  
• Ellick Chan, Jeffrey C. Carlyle, Francis M. David, Reza Farivar, Roy H. Campbell:
  BootJacker: compromising computers using forced restarts. 555-564
  
• Justin Cappos, Justin Samuel, Scott M. Baker, John H. Hartman:
  A look in the mirror: attacks on package managers. 565-574