Main Page

ASIACCS 2017

ASIACCS 2017 Workshops

CCS 2016

CCS 2016
Workshops

CODASPY 2017

CODASPY 2017 Workshops

SACMAT 2017

WiSec 2016

Compilation Author Index

ACM SIGSAC Membership Application

CODASPY'17 Table of Contents

CODASPY'17 Conference/General Chairs' Welcome Message
Alexander Pretschner (Technische Universität München)
Gabriel Ghinita (University of Massachusetts at Boston)
Gail-Joon Ahn (Arizona State University)

CODASPY 2017 Conference Organization

CODASPY'17 Sponsor & Supporters

Keynote I
Session Chair: Gail Joon Ahn (Arizona State University)

Research Issues and Approaches for Connected and Automated Vehicles (Page 1)
Kang G. Shin (University of Michigan)

Session 1: Threats and Anomaly Detection
Session Chair: Alexander Pretschner (Technische Universität München)

Ghostbuster: A Fine-grained Approach for Anomaly Detection in File System Accesses (Page 3)
Shagufta Mehnaz (Purdue University)
Elisa Bertino (Purdue University)

Mining Attributed Graphs for Threat Intelligence (Page 15)
Hugo Gascon (Technische Universität Braunschweig)
Bernd Grobauer (Siemens AG)
Thomas Schreck (Siemens AG)
Lukas Rist (Symantec Corporation)
Daniel Arp (Technische Universität Braunschweig)
Konrad Rieck (Technische Universität Braunschweig)

Decompression Quines and Anti-Viruses (Page 23)
Margaux Canet (Inria, Université Grenoble Alpes)
Amrit Kumar (Inria, Université Grenoble Alpes)
Cédric Lauradoux (Inria)
Mary-Andréa Rakotomanga (Inria, Université Grenoble Alpes)
Reihaneh Safavi-Naini (University of Calgary)

Statistical Security Incident Forensics against Data Falsification in Smart Grid Advanced Metering Infrastructure (Page 35)
Shameek Bhattacharjee (Missouri University of Science and Technology)
Aditya Thakur (Missouri University of Science and Technology)
Simone Silvestri (Missouri University of Science and Technology)
Sajal K. Das (Missouri University of Science and Technology)

Session 2: Access Control
Session Chair: Elisa Bertino (Purdue University)

Canonical Completeness in Lattice-Based Languages for Attribute-Based Access Control (Page 47)
Jason Crampton (Royal Holloway, University of London)
Conrad Williams (Royal Holloway, University of London)

Classifying and Comparing Attribute-Based and Relationship-Based Access Control (Page 59)
Tahmina Ahmed (University of Texas at San Antonio)
Ravi Sandhu (University of Texas at San Antonio)
Jaehong Park (University of Alabama in Huntsville)

SAMPAC: Socially-Aware collaborative Multi-Party Access Control (Page 71)
Panagiotis Ilia (Foundation for Research and Technology - Hellas (FORTH))
Barbara Carminati (University of Insubria)
Elena Ferrari (University of Insubria)
Paraskevi Fragopoulou (Foundation for Research and Technology - Hellas (FORTH))
Sotiris Ioannidis (Foundation for Research and Technology - Hellas (FORTH))

Session 3: Privacy I
Session Chair: Adam J. Lee (University of Pittsburgh)

Privacy-Preserving HMM Forward Computation (Page 83)
Jan Henrik Ziegeldorf (RWTH Aachen University)
Jan Metzke (RWTH Aachen University)
Jan Rüth (RWTH Aachen University)
Martin Henze (RWTH Aachen University)
Klaus Wehrle (RWTH Aachen University)

Share a pie? Privacy-Preserving Knowledge Base Export through Count-min Sketches (Page 95)
Daniele Ucci ("La Sapienza", University of Rome)
Leonardo Aniello ("La Sapienza", University of Rome)
Roberto Baldoni ("La Sapienza", University of Rome)

Efficient Commodity Matching for Privacy-Preserving Two-Party Bartering (Page 107)
Fabian Förg (Stevens Institute of Technology)
Susanne Wetzel (Stevens Institute of Technology)
Ulrike Meyer (RWTH Aachen University)

Session 4: Privacy II
Session Chair: Ram Krishnan (University of Texas at San Antonio)

Achieving Differential Privacy in Secure Multiparty Data Aggregation Protocols on Star Networks (Page 115)
Vincent Bindschaedler (University of Illinois)
Shantanu Rane (Palo Alto Research Center)
Alejandro Brito (Palo Alto Research Center)
Vanishree Rao (Palo Alto Research Center)
Ersin Uzun (Palo Alto Research Center)

"If You Can't Beat them Join them": A Usability Approach to Interdependent Privacy in Cloud Apps (Page 127)
Hamza Harkous (École Polytechnique Fédérale de Lausanne)
Karl Aberer (École Polytechnique Fédérale de Lausanne)

Session 5: Reception and Poster Session
Session Chair: Jaehong Park (The University of Alabama in Huntsville)

Sound and Static Analysis of Session Fixation Vulnerabilities in PHP Web Applications (Page 139)
Abdelouahab Amira (CERIST & A.MIRA University)
Abdelraouf Ouadjaout (LIP6, University Pierre and Marie Curie)
Abdelouahid Derhab (King Saud University)
Nadjib Badache (CERIST)

A New Bloom Filter Structure for Searchable Encryption Schemes (Page 143)
Chi Sing Chum (City University of New York)
Xiaowen Zhang (City University of New York)

Seamless and Secure Bluetooth LE Connection Migration (Page 147)
Syed Rafiul Hussain (Purdue University)
Shagufta Mehnaz (Purdue University)
Shahriar Nirjon (University of North Carolina Chapel Hill)
Elisa Bertino (Purdue University)

Differentially-Private Big Data Analytics for High-Speed Research Network Traffic Measurement (Page 151)
Oana-Georgiana Niculaescu (Umass Boston)
Mihai Maruseac (Umass Boston)
Gabriel Ghinita (Umass Boston)

Comprehensive Method for Detecting Phishing EmailsUsing Correlation-based Analysis and User Participation (Page 155)
Rakesh Verma (University of Houston)
Ayman El Aassal (ENSIAS)

Prioritized Analysis of Inter-App Communication Risks (Page 159)
Fang Liu (Virginia Tech)
Haipeng Cai (Washington State University)
Gang Wang (Virginia Tech)
Danfeng (Daphne) Yao (Virginia Tech)
Karim O. Elish (Florida Polytechnic University)
Barbara G. Ryder (Virginia Tech)

The Authorization Policy Existence Problem (Page 163)
Pierre Bergé (Universite Paris-Saclay)
Jason Crampton (Royal Holloway, University of London)
Gregory Gutin (Royal Holloway, University of London)
Rémi Watrigant (INRIA Sophia-Antipolis)

Towards Practical Privacy-Preserving Life Cycle Assessment Computations (Page 167)
Cetin Sahin (University of California, Santa Barbara)
Brandon Kuczenski (University of California, Santa Barbara)
Omer Egecioglu (University of California, Santa Barbara)
Amr El Abbadi (University of California, Santa Barbara)

Keynote II
Session Chair: Gabriel Ghinita (University of Massachusetts Boston)

The Human Capital Model for Security Research: New Insights into Technology Transition (Page 171)
S. Raj Rajagopalan (Honeywell)

Session 6: Protection Against Malware and Static Analysis
Session Chair: Alexandros Kapravelos (North Carolina State University)

PT-CFI: Transparent Backward-Edge Control Flow Violation Detection Using Intel Processor Trace (Page 173)
Yufei Gu (Cloudera Inc. & The University of Texas at Dallas)
Qingchuan Zhao (The University of Texas at Dallas)
Yinqian Zhang (The Ohio State University)
Zhiqiang Lin (The University of Texas at Dallas)

Detecting Patching of Executables without System Calls (Page 185)
Sebastian Banescu (Technische Universität München)
Mohsen Ahmadvand (Technische Universität München)
Alexander Pretschner (Technische Universität München)
Robert Shield (Google Inc.)
Chris Hamilton (Google Inc.)

Fault Attacks on Encrypted General Purpose Compute Platforms (Page 197)
Robert Buhren (Technical University of Berlin)
Shay Gueron (University of Haifa & Intel Corporation)
Jan Nordholz (Technical University of Berlin)
Jean-Pierre Seifert (Technical University of Berlin)
Julian Vetter (Technical University of Berlin)

Analysis of Exception-Based Control Transfers (Page 205)
Babak Yadegari (University of Arizona)
Jon Stephens (University of Arizona)
Saumya Debray (University of Arizona)

Session 7: Panel Trustworthy Data Science
Session Chair: Adam Doupe (Arizona State University)

Panel: Trustworthy Data Science (Page 217)
Adam Doupé (Arizona State University)

Session 8: Malware Detection
Session Chair: Rakesh Verma (University of Houston)

Detecting ROP with Statistical Learning of Program Characteristics (Page 219)
Mohamed Elsabagh (George Mason University)
Daniel Barbara (George Mason University)
Dan Fleck (George Mason University)
Angelos Stavrou (George Mason University)

Large-Scale Identification of Malicious Singleton Files (Page 227)
Bo Li (University of Michigan)
Kevin Roundy (Symantec Research Labs)
Chris Gates (Symantec Research Labs)
Yevgeniy Vorobeychik (Vanderbilt University)

Scalable Function Call Graph-based Malware Classification (Page 239)
Mehadi Hassen (Florida Institute of Technology)
Philip K. Chan (Florida Institute of Technology)

Session 9: Virtualization and Hardware
Session Chair: Mahesh Tripunitara (University of Waterloo)

All Your VMs are Disconnected: Attacking Hardware Virtualized Network (Page 249)
Zhe Zhou (Chinese University of Hong Kong & CUHK Shenzhen Research Institute)
Zhou Li (ACM Member)
Kehuan Zhang (Chinese University of Hong Kong & CUHK Shenzhen Research Institute)

SGXIO: Generic Trusted I/O Path for Intel SGX (Page 261)
Samuel Weiser (Graz University of Technology)
Mario Werner (Graz University of Technology)

A Study of Security Vulnerabilities on Docker Hub (Page 269)
Rui Shu (North Carolina State University)
Xiaohui Gu (North Carolina State University)
William Enck (North Carolina State University)

Session 10: Mobile Security
Session Chair: Gabriel Ghinita (University of Massachusetts Boston)

Ripple: Reflection Analysis for Android Apps in Incomplete Information Environments (Page 281)
Yifei Zhang (University of New South Wales)
Tian Tan (University of New South Wales)
Yue Li (University of New South Wales)
Jingling Xue (University of New South Wales)

Detecting Mobile Application Spoofing Attacks by Leveraging User Visual Similarity Perception (Page 289)
Luka Malisa (ETH Zurich)
Kari Kostiainen (ETH Zurich)
Srdjan Capkun (ETH Zurich)

Deep Android Malware Detection (Page 301)
Niall McLaughlin (Queen's University Belfast)
Jesus Martinez del Rincon (Queen's University Belfast)
BooJoong Kang (Queen's University Belfast)
Suleiman Yerima (Queen's University Belfast)
Paul Miller (Queen's University Belfast)
Sakir Sezer (Queen's University Belfast)
Yeganeh Safaei (Arizona State University)
Erik Trickel (Arizona State University)
Ziming Zhao (Arizona State University)
Adam Doupe (Arizona State University)
Gail Joon Ahn (Arizona State University)

DroidSieve: Fast and Accurate Classification of Obfuscated Android Malware (Page 309)
Guillermo Suarez-Tangil (Royal Holloway, University of London)
Santanu Kumar Dash (Royal Holloway, University of London)
Mansour Ahmadi (University of Cagliari)
Johannes Kinder (Royal Holloway, University of London)
Giorgio Giacinto (University of Cagliari)
Lorenzo Cavallaro (Royal Holloway, University of London)

Session 11: Applications
Session Chair: Jaehong Park (The University of Alabama in Huntsville)

Aegis: Automatic Enforcement of Security Policies in Workflow-driven Web Applications (Page 321)
Luca Compagna (SAP Labs France)
Daniel Ricardo dos Santos (Fondazione Bruno Kessler & SAP Labs France)
Serena Elisa Ponta (SAP Labs France)
Silvio Ranise (Fondazione Bruno Kessler)

Discovering Browser Extensions via Web Accessible Resources (Page 329)
Alexander Sjösten (Chalmers University of Technology)
Steven Van Acker (Chalmers University of Technology)
Andrei Sabelfeld (Chalmers University of Technology)

Graph Automorphism-Based, Semantics-Preserving Security for the Resource Description Framework (RDF) (Page 337)
Zhiyuan Lin (University of Waterloo)
Mahesh Tripunitara (University of Waterloo)

Secure Free-Floating Car Sharing for Offline Cars (Page 349)
Alexandra Dmitrienko (ETH Zurich)
Christian Plappert (Fraunhofer SIT)

Identifying HTTPS-Protected Netflix Videos in Real-Time (Page 361)
Andrew Reed (United States Military Academy at West Point)
Michael Kranch (United States Military Academy at West Point)