23rd International Information Security Conference (SEC 2008) co-located with IFIP World Computer Congress 2008 Milan, Italy - September 8 - 10, 2008

Program

Concert and Gala Dinner on Sunday, September 7, 2008

Monday, September 8, 2008

09:15 - 09:30 Welcome and Opening

09:30 - 10:30 Invited talk (Chair: Pierangela Samarati)

Prof. Francesco Pizzetti, President of the Italian Data Protection Authority [short bio]

10:30 - 11:00 Coffee break

11:00 - 12:30 (parallel sessions)

Session 1: Privacy Protection (Chair: Yves Deswarte)

Hiding in Groups: On the Expressiveness of Privacy Distributions
Karsten Nohl and David Evans

Practical Privacy-Preserving Benchmarking
Florian Kerschbaum

Enhancing Privacy in Remote Data Classification
A. Piva, C. Orlandi, M. Caini, T. Bianchi, and M. Barni

Session 2: Web Applications Security and Malware (Chair: Teemupekka Virtanen)

Minimizing SSO Effort in Verifying SSL Anti-phishing Indicators
Yongdong WU, Haixia Yao, and Feng Bao

Robbing Banks with Their Own Software-an Exploit against Norwegian Online Banks
Yngve Espelid, Lars-Helge Netland, André N. Klingsheim, and Kjell J. Hole

Collaborative Architecture for Malware Detection and Analysis
Michele Colajanni, Daniele Gozzi, and Mirco Marchetti

12:30 - 14:30 Lunch

14:30 - 16:00 (parallel sessions)

Session 3: Sensor and Wireless Security (Chair: Jaap-Henk Hoepman)

Realizing Stateful Public Key Encryption in Wireless Sensor Network
Joonsang Baek, Han Chiang Tan, Jianying Zhou, and Jun Wen Wong

Establishing Secure Links in Low-rate Wireless Personal Area Networks
Maurizio Adriano Strangio

An Asynchronous Node Replication Attack in Wireless Sensor Networks
Jianying Zhou, Tanmoy Kanti Das, and Javier Lopez

Session 4: Security Policies (Chair: Yuko Murayama)

A B Formal Framework for Security Developments in the Domain of Smart Card Applications
Frédéric Dadeau, Marie-Laure Potet, and Régis Tissot

An Implementation of a Privacy Enforcement Scheme based on the Java Security Framework using XACML Policies
Thomas Scheffler, Stefan Geiss, and Bettina Schnor

Negotiation of Prohibition: an Approach Based on Policy Rewriting
Nora Cuppens-Boulahia, Frédéric Cuppens, Diala Abi Haidar, and Hervé Debar

16:00 - 16:30 Coffee break

16:30 - 18:00 (parallel sessions)

Session 5: Access Control in Distributed Systems (Chair: Bart De Decker)

An Integrity Lock Architecture for Supporting Distributed Authorizations in Database Federations
Wei Li, Lingyu Wang, Bo Zhu, and Lei Zhang

Role Signatures for Access Control in Open Distributed Systems
Jason Crampton and Hoon Wei Lim

Policies and Security Aspects For Distributed Scientific Laboratories
Nicoletta Dessì, Maria Grazia Fugini, and R. A. Balachandar

Session 6: Intrusion Detection (Chair: Jianying Zhou)

A Fuzzy Model for the Composition of Intrusion Detectors
Inez Raguenet and Carlos Maziero

Investigating the Problem of IDS False Alarms: an Experimental Study Using Snort
G. C. Tjhai, M. Papadaki, S. M. Furnell, and N. L. Clarke

User Session Modeling for Effective Application Intrusion Detection
Kapil Kumar Gupta, Baikunth Nath (Sr. MIEEE), and Kotagiri Ramamohanarao

Tuesday, September 9, 2008

09:30 - 10:30 Kristian Beckman award and talk (Chair: Louise Yngström)

Pierangela Samarati, Università degli Studi di Milano

10:30 - 11:00 Coffee break

11:00 - 12:30 (parallel sessions)

Session 7: Anomaly Detection (Chair: Tatjana Welzer)

A Product Machine Model for Anomaly Detection of Interposition Attacks on Cyber-Physical Systems
Carlo Bellettini and Julian L. Rrushi

Anomaly Detection with Diagnosis in Diversified Systems using Information Flow Graphs
Frédéric Majorczyk, Eric Totel, Ludovic Mé, and Ayda Saidane

Behavioral Intrusion Detection Indicators
Jacques Saraydaryan, Luc Paffumi, Véronique Legrand, and Stephane Ubeda

Session 8: Role Mining and Content Protection (Chair: TBA)

Leveraging Lattices to Improve Role Mining
Alessandro Colantonio, Roberto Di Pietro, and Alberto Ocello

A Parallelization Framework for Exact Knowledge Hiding in Transactional Databases
Aris Gkoulalas-Divanis and Vassilios S. Verykios

Efficient Coalition Detection in Traitor Tracing
Hongxia Jin, Jeffery Lotspiech, and Nimrod Megiddo

12:30 - 14:30 Lunch

14:30 - 16:00 (parallel sessions)

Session 9: VoIP and Network Security (Chair: TBA)

SPIT Identification Criteria Implementation: Effectiveness and Lessons Learned
S. Dritsas, Y. Soupionis, M. Theoharidou, Y. Mallios, and D. Gritzalis

Detecting More SIP Attacks on VoIP Services by Combining Rule Matching and State Transition Models
Dongwon Seo, Heejo Lee, and Ejovi Nuwere

A Decentralized Bayesian Attack Detection Algorithm for Network Security
Kien C. Nguyen, Tansu Alpcan, and Tamer Basar

Session 10: Network Devices Security and Cyber Warfare (Chair: Dimitris Gritzalis)

An Operation-Based Metric for DPA Resistance
J. Pan, J. I. den Hartog, and E. P. de Vink

YASIR: A Low-Latency, High-Integrity Security Retrofit for Legacy SCADA Systems
Patrick P. Tsang and Sean W. Smith

Adversary Modeling and Simulation in Cyber Warfare
Samuel N. Hamilton and Wendy L. Hamilton

16:00 - 16:30 Coffee break

16:30 - 18:00 (parallel sessions)

Session 11: Short papers (Chair: Leon Strous)

HoneyID : Unveiling Hidden Spywares by Generating Bogus Events
Jeheon Han, Jonghoon Kwon, and Heejo Lee

A Security Protocol for Self-Organizing Data Storage
Nouha Oualha, Melek Önen, and Yves Roudier

Protecting Financial Institutions from Brute-Force Attacks
Cormac Herley and Dinei Florencio

Agency Theory: Can It Be Used to Strengthen IT Governance?
Shaun Posthumus and Rossouw von Solms

A new Accounting Mechanism for Modern and Future AAA Services
Alexandros Tsakountakis, Georgios Kambourakis, and Stefanos Gritzalis

A User Survey on The Sense of Security, Anshin
Yasuhiro Fujihara, Yuko Murayama, and Kentarou Yamaguchi

Session 12: Short papers (Chair: TBA)

Multi-Layer Encryption for Multi-Level Access Control in Wireless Sensor Networks
Po-Yuan Teng, Shih-I Huang, and Adrian Perrig

A Comparative Study of Anomaly Detection Techniques in Web Site Defacement Detection
Giorgio Davanzo, Eric Medvet, and Alberto Bartoli

Managing the Lifecycle of XACML Delegation Policies in Federated Environments
Manuel Sánchez, Oscar Cánovas, Gabriel López, and Antonio F. Gómez-Skarmeta

Assessing the Likelihood of Privacy Policy Compliance
George O.M. Yee, Larry Korba, and Ronggong Song

Classification Features for Detecting Server-side and Client-side Web Attacks
Benferhat Salem and Tabia Karim

Wednesday, September 10, 2008

09:00 - 10:30 (parallel sessions)

Session 13: Security Compliance (Chair: TBA)

Interactive Selection of ISO 27001 Controls under Multiple Objectives
Thomas Neubauer, Andreas Ekelhart, and Stefan Fenz

Feasibility of Automated Information Security Compliance Auditing
Longley D., Branagan M., Caelli W. J., and Kwok LF

Software Licence Protection and Management for Organisations
Muntaha Alawneh and Imad M. Abbadi

Session 14: Risk and Security Analysis (Chair: TBA)

A Vulnerability Prioritization System Using A Fuzzy Risk Analysis Approach
Maxwell G. Dondo

ASTRA: A Security Analysis Method Based on Asset Tracking
Daniel Le Métayer and Claire Loiseaux

A Knowledge-Based Bayesian Model for Analyzing a System after an Insider Attack
Qutaibah Althebyan and Brajendra Panda

10:30 - 11:00 Coffee break

11:00 - 12:30 (parallel sessions)

Session 15: Identity and Trust Management (Chair: TBA)

Portable User-Centric Identity Management
Gail-Joon Ahn, Moo Nam Ko, and Mohamed Shehab

Ubiquitous Privacy-Preserving Identity Management
Kristof Verslype and Bart De Decker

Facilitating Privacy Related Decisions in Different Privacy Contexts on the Internet By Evaluating Trust in Recipients of Private Data
Indrajit Ray and Sudip Chakraborty

Session 16: Virtualization and Digital Forensics (Chair: TBA)

Using Virtualization to Create and Deploy Computer Security Lab Exercises
Brian Hay, Ronald Dodge, and Kara Nance

DigForNet: Digital Forensic in Networking
Slim Rekhis, Jihene Krichene, and Noureddine Boudriga

A Live Digital Forensic System for Windows Network
Roberto Battistoni, Alessandro Di Biagio, Roberto Di Pietro, Matteo Formica, and Luigi V. Mancini