Malaga, Spain
6-8 October, 2008
line decor
line decor

 Sponsored by


Universidad de Málaga


Pablo Najera



Sunday, 5 October

18:30 – 20:30



Monday, 6 October

08:00 – 08:45


08:45 – 09:00


09:00 – 10:30

Session 1: Intrusion Detection and Network Vulnerability Analysis



Multiprimary support for the Availability of Cluster-based Stateful Firewalls using FT-FW.

Pablo Neira Ayuso1, Rafael M. Gasca1, Laurent Lefevre2

1 University of Seville, Spain

2 France ENS de Lyon, INRIA


Identifying Critical Attack Assets In Dependency Attack Graphs.

Reginald E. Sawilla1, Xinming Ou2

1 Defence R&D Canada, Canada

2 Kansas State University, USA


Online Risk Assessment of Intrusion Scenarios Using D-S Evidence Theory.

C.P. Mu1, X.J. Li4, H.K. Huang2, S.F. Tian3
1 School of Mechatronic Engineering, Beijing Institute of Technology, PR China

2 School of Computer and Information Technology, Beijing Jiaotong University, PR China

3 School of Information Engineering, NanChang University, PR China

10:30 – 11:00


11:00 – 12:30

Session 2: Network Security



Strongly-Resilient and Non-Interactive Hierarchical Key-Agreement in MANETs.

Rosario Gennaro1, Shai Halevi1, Hugo Krawczyk1, Tal Rabin1, Steffen Reidt2, Stephen D. Wolthusen2

1 IBM, T.J. Watson Research Center Hawthorne, NY 10532, USA

2 Royal Holloway, Department of Mathematics, Royal Holloway, University of London, United Kingdom


Efficient Handling of Adversary Attacks in Aggregation Applications.

Gelareh Taban1, Virgil Gligor2

1 University of Maryland, USA

2 Carnegie Mellon University, USA


Symmetric Key Approaches to Securing BGP -- A Little Bit Trust is Enough.

Bezawada Bruhadeshwar1, Sandeep S. Kulkarni2, Alex X. Liu2

1 International Institute of Information Technology, India

2 Department of Computer Science and Engineering, Michigan State University, U.S.A.


12:30 – 13:30

INVITED TALK: Bart VAN-CAENEGEM, European Commission

"EU funded ICT Security Research in FP7"

13:30 – 14:30


14:30 – 16:00

Session 3: Smart Cards and Identity management



Dismantling MIFARE Classic.

Flavio D. Garcia, Gerhard de Koning Gans, Ruben Muijrers, Peter van Rossum, Roel Verdult, Ronny Wichers Schreur, Bart Jacobs

Radboud University Nijmegen, Netherlands


A Browser-based Kerberos Authentication Scheme.

Sebastian Gajek1, Tibor Jager1, Mark Manulis2, Jöerg Schwenk1

1 Horst Gartz Institute for IT-Security, Ruhr-University Bochum, Germany

2 UCL Crypto Group Louvain-la-Neuve, Belgium


CROO: A Universal Infrastructure and Protocol to Detect Identity Fraud.

Deholo Nali, Paul van Oorschot

Carleton University

16:00 – 16:30


16:30 – 18:00

Session 4: Data and Applications Security



Disclosure Analysis and Control in Statistical Databases.

Yingjiu Li1, Haibing Lu2

1 Singapore Management University

2 Rutgers University


TRACE: Zero-down-time Database Damage Tracking, Quarantine, and Cleansing with Negligible Run-time Overhead.

Kun Bai1, Meng Yu2, Peng Liu1

1 College of IST, The Pennsylvania State University

2 Computer Science Dept., Western Illinois University


Access Control Friendly Query Verification for Outsourced Data Publishing.

Hong Chen1, Xiaonan Ma2, Windsor Hsu2,Ninghui Li1, and Qihua Wang1

1 Purdue University

2 IBM Almaden Research Center



Tuesday, 7 October

08:30 – 09:00


09:00 – 10:30

Session 5: Privacy Enhancing Technologies



Sharemind: a framework for fast privacy-preserving computations.

Dan Bogdanov1, Sven Laur2, Jan Willemson1

1 University of Tartu/AS Cybernetica, Estonia

2 University of Tartu, Estonia


Modeling Privacy Insurance Contracts and their Utilization in Risk Management for ICT Firms.

Athanassios N. Yannacopoulos1, Costas Lambrinoudakis2 , Stefanos Gritzalis2, Stelios Z. Xanthopoulos2, Sokratis N. Katsikas3

1 Athens University of Economics and Business

2 University of the Aegean

3 University of Piraeus, Dept. of Technology Education & Digital Systems


Remote Integrity Check with Dishonest Storage Server.

Ee-Chien Chang, Jia Xu

School of Computing, National University of Singapore,  Singapore


10:30 – 11:00


11:00 – 12:30

Session 6: Anonymity and RFID Privacy



A low-variance random-walk procedure to provide anonymity in overlay networks.

Juan Pedro Muñoz-Gea, Jose Maria Malgosa-Sanahuja, Pilar Manzanares-Lopez, Juan Carlos Sanchez-Aarnoutse, Joan Garcia-Haro

Polytechnic University of Cartagena, Spain


RFID Privacy Models Revisited.

Ching Yu Ng1, Willy Susilo1, Yi Mu1, Rei Safavi-Naini2

1 Centre for Computer and Information Security Research, School of Computer Science & Software Engineering, University of Wollongong, Australia

2 Department of Computer Science , University of Calgary, Canada


A New Formal Proof Model for RFID Location Privacy.

JungHoon Ha1, SangJae Moon1, Jianying Zhou3, and JaeCheol Ha2

1 School of Electrical Eng. and Computer Science, Kyungpook National Univ., Korea

2 Dept. of Information Security, Hoseo Univ., Korea

3 Institute for Infocomm Research 21, Heng Mui Keng Terrace, Singapore


12:30 – 13:30

INVITED TALK: Pierangela Samarati, Università degli Studi di Milano

"Privacy in data dissemination and outsourcing"

13:30 – 14:30


14:30 – 16:00

Session 7: Access Control and Trust Negotiation



Distributed Authorization by Multiparty Trust Negotiation. 

Charles C. Zhang, Marianne Winslett     

University of Illinois at Urbana-Champaign, USA


Compositional Refinement of Policies in UML - Exemplified for Access Control.

Bjørnar Solhaug1, Ketil Stølen2

1 Dep. of Information Science and Media Studies, University of Bergen SITEF ICT

2 SINTEF ICT. Dep. of Informatics, University of Oslo


On the Security of Delegation in Access Control Systems.

Qihua Wang, Ninghui Li, Hong Chen

1 Department of Computer Science and CERIAS, Purdue University, USA


16:00 – 16:30


16:30 – 18:00

Session 8: Information Flow and Non-transferability



Termination-Insensitive Noninterference Leaks More Than Just a Bit.

Aslan Askarov1, Sebastian Hunt2, Andrei Sabelfeld1, David Sands1

1 Chalmers University of Technology, Sweden; 2 City University, London, UK


Security Provisioning in Pervasive Environments Using Multi-objective Optimization.

Rinku Dewri, Indrakshi Ray, Indrajit Ray, Darrell Whitley

Colorado State University, USA


Improved Security Notions and Protocols for Non-Transferable Identification.

Carlo Blundo1, Giuseppe Persiano1, Ahmad-Reza Sadeghi2, Ivan Visconti1

1 University of Salerno, Italy

2 Ruhr-University Bochum, Germany





Wednesday, 8 October

08:30 – 09:00


09:00 – 11:00

Session 9: Secure Electronic Voting and Web Applications Security



Human readable paper verification of Prêt à Voter.

David Lundin, Peter Y. A. Ryan

University of Surrey, United Kingdom; University of Newcastle upon Tyne, United Kingdom


A Distributed Implementation of the Certified Information Access Service.

Carlo Blundo1, Emiliano De Cristofaro1, Aniello Del Sorbo1, Clemente Galdi2,

Giuseppe Persiano1

1 Universita' di Salerno, Italy

2 Universita' di Napoli "Federico II", Italy


Exploring User Reactions to Browser Cues for Extended Validation Certificates.

Jennifer Sobey1, Robert Biddle2, Paul C. van Oorschot1, Andrew S. Patrick3

1 School of Computer Science, Carleton University, Canada

2 Human-Oriented Technology Lab, Carleton University, Canada

3 Institute for Information Technology, National Research Council, Canada


A Framework for the Analysis of Mix-Based Steganographic File Systems.

Claudia Diaz1, Carmela Troncoso1, Bart Preneel1

1 Katholieke Universiteit Leuven - COSIC, Belgium

11:00 – 11:30


11:30 – 13:30

Session 10: VoIP Security, Malware, and DRM



An adaptive policy-based approach to SPIT management.

Yannis Soupionis, Stelios Dritsas, Dimitris Gritzalis

Athens University of Economics & Business (AUEB), Greece


Structured Peer-to-Peer Overlay Networks: Ideal Botnets Command and Control Infrastructures?

Carlton R. Davis1, Stephen Neville2, José M. Fernández3, Jean-Marc Robert4, John McHugh5

1Ecole Polytechnique, Canada

2University of Victoria, Canada

3 Ecole Polytechnique de Montreal, Canada

4Ecole de technologie superieure, Canada

5Dalhousie University, Canada


Eureka: A Framework for Enabling Static Malware Analysis

Monirul Sharif1, Vinod Yegneswaran2, Hassen Saidi2, Phillip Porras2, Wenke Lee1

1 Georgia Institute of Technology, USA

2 SRI International, USA


New Considerations about the correct design of Turbo Fingerprinting Codes.

Joan Tomás-Buliart2, Marcel Fernández2, Miguel Soriano1,2

1 CTTC: Centre Tecnológic de Telecomunicacions de Catalunya / Parc Mediterrani de la Tecnologia (PMT), Spain

2 Department of Telematics Engineering, Universitat Politécnica de Catalunya, Spain.


13:30 – 14:30


14:30 – 16:00

Session 11: Formal Models and Cryptographic Protocols



Formally Bounding the Side-Channel Leakage in Unknown-Message Attacks.

Michael Backes1,2, Boris Köpf2

1 Saarland University and MPI-SWS



Cryptographic Protocol Explication and End-Point Projection.

Jay McCarthy1, Shriram Krishnamurthi2

1 Brown University (currently) , Brigham Young University (when conference occurs)

2 Brown University


State Space Reduction in the Maude-NRL Protocol Analyzer.

Santiago Escobar1, Catherine Meadows2, José Meseguer3

1 Universidad Politécnica de Valencia, Spain

2 Naval Research Laboratory, USA

3 University of Illinois at Urbana-Champaign, USA


16:00 – 16:30


16:30 – 17:30

Session 12: Language-based  and Hardware Security



Code-Carrying Authorization.

Sergio Maffeis1,2, Martin Abadi2,3, Cédric Fournet3, Andrew D. Gordon3

1 Imperial College London and University of California at Santa Cruz, UK

2 University of California at Santa Cruz, USA; 3 Microsoft Research


CPU bugs, CPU backdoors and consequences on security.

Loïc Duflot

Central Directorate for Information Systems Security (DCSSI)






Submission deadline: March 31 April 7 (hard)
Notification to authors: June 16 June 20
Camera Ready: July 7 July 14