IFIP TC6 Open Digital Library

SEC 2012: Crete, Greece

Information Security and Privacy Research - 27th IFIP TC 11 Information Security and Privacy Conference, SEC 2012, Heraklion, Crete, Greece, June 4-6, 2012. Proceedings

Dimitris Gritzalis, Steven Furnell, Marianthi Theoharidou

Springer, IFIP Advances in Information and Communication Technology 376, ISBN: 978-3-642-30435-4



Contents

Attacks and Malicious Code

Relay Attacks on Secure Element-Enabled Mobile Devices - Virtual Pickpocketing Revisited.

Michael Roland, Josef Langer, Josef Scharinger

 1-12

Would You Mind Forking This Process? A Denial of Service Attack on Android (and Some Countermeasures).

Alessandro Armando, Alessio Merlo, Mauro Migliardi, Luca Verderame

 13-24

An Approach to Detecting Inter-Session Data Flow Induced by Object Pooling.

Bernhard J. Berger, Karsten Sohr

 25-36

Embedded Eavesdropping on Java Card.

Guillaume Barbu, Christophe Giraud, Vincent Guerin

 37-48

Security Architectures

Authenticated Key Exchange (AKE) in Delay Tolerant Networks.

Sofia-Anna Menesidou, Vasilios Katos

 49-60

OFELIA - A Secure Mobile Attribute Aggregation Infrastructure for User-Centric Identity Management.

Alexandre B. Augusto, Manuel Eduardo Correia

 61-74

Smart OpenID: A Smart Card Based OpenID Protocol.

Andreas Leicher, Andreas U. Schmidt, Yogendra Shah

 75-86

Peer to Peer Botnet Detection Based on Flow Intervals.

David Zhao, Issa Traoré, Ali A. Ghorbani, Bassam Sayed, Sherif Saad, Wei Lu

 87-102

System Security

Towards a Universal Data Provenance Framework Using Dynamic Instrumentation.

Eleni Gessiou, Vasilis Pappas, Elias Athanasopoulos, Angelos D. Keromytis, Sotiris Ioannidis

 103-114

Improving Flask Implementation Using Hardware Assisted In-VM Isolation.

Baozeng Ding, Fufeng Yao, Yanjun Wu, Yeping He

 115-125

HyperForce: Hypervisor-enForced Execution of Security-Critical Code.

Francesco Gadaleta, Nick Nikiforakis, Jan Tobias Mühlberg, Wouter Joosen

 126-137

RandHyp: Preventing Attacks via Xen Hypercall Interface.

Feifei Wang, Ping Chen, Bing Mao, Li Xie

 138-149

Access Control

Role Mining under Role-Usage Cardinality Constraint.

John C. John, Shamik Sural, Vijayalakshmi Atluri, Jaideep Vaidya

 150-161

HIDE_DHCP: Covert Communications through Network Configuration Messages.

Ruben Rios, Jose Antonio Onieva, Javier Lopez

 162-173

Handling Stateful Firewall Anomalies.

Frédéric Cuppens, Nora Cuppens-Boulahia, Joaquín García-Alfaro, Tarik Moataz, Xavier Rimasson

 174-186

A Framework for Threat Assessment in Access Control Systems.

Hemanth Khambhammettu, Sofiene Boulares, Kamel Adi, Luigi Logrippo

 187-198

Database Security

Support for Write Privileges on Outsourced Data.

Sabrina De Capitani di Vimercati, Sara Foresti, Sushil Jajodia, Stefano Paraboschi, Pierangela Samarati

 199-210

Malicious Users' Transactions: Tackling Insider Threat.

Weihan Li, Brajendra Panda, Qussai Yaseen

 211-222

Privacy Attitudes and Properties

Privacy-Preserving Television Audience Measurement Using Smart TVs.

George Drosatos, Aimilia Tasidou, Pavlos S. Efraimidis

 223-234

Tracking Users on the Internet with Behavioral Patterns: Evaluation of Its Practical Feasibility.

Christian Banse, Dominik Herrmann, Hannes Federrath

 235-248

Smartphone Forensics: A Proactive Investigation Scheme for Evidence Acquisition.

Alexios Mylonas, Vasilis Meletiadis, Bill Tsoumas, Lilian Mitrou, Dimitris Gritzalis

 249-260

Social Networks and Social Engineering

Modeling Social Engineering Botnet Dynamics across Multiple Social Networks.

Shuhao Li, Xiao-chun Yun, Zhiyu Hao, Yongzheng Zhang 0002, Xiang Cui, Yipeng Wang

 261-272

Layered Analysis of Security Ceremonies.

Giampaolo Bella, Lizzie Coles-Kemp

 273-286

Applied Cryptography, Anonymity and Trust

A Small Depth-16 Circuit for the AES S-Box.

Joan Boyar, René Peralta

 287-298

Formal Verification of the mERA-Based eServices with Trusted Third Party Protocol.

Maria Christofi, Aline Gouget

 299-314

Usable Security

My Authentication Album: Adaptive Images-Based Login Mechanism.

Amir Herzberg, Ronen Margulies

 315-326

Balancing Security and Usability of Local Security Mechanisms for Mobile Devices.

Shuzhe Yang, Gökhan Bal

 327-338

Analyzing Value Conflicts for a Work-Friendly ISS Policy Implementation.

Ella Kolkowska, Bart De Decker

 339-351

When Convenience Trumps Security: Defining Objectives for Security and Usability of Systems.

Gurpreet Dhillon, Tiago Oliveira, Santa R. Susarapu, Mário M. Caldeira

 352-363

Security and Trust Models

Security-by-Contract for the OSGi Platform.

Olga Gadyatskaya, Fabio Massacci, Anton Philippov

 364-375

Cyber Weather Forecasting: Forecasting Unknown Internet Worms Using Randomness Analysis.

Hyundo Park, Sung-Oh David Jung, Heejo Lee, Hoh Peter In

 376-387

Incentive Compatible Moving Target Defense against VM-Colocation Attacks in Clouds.

Yulong Zhang, Min Li, Kun Bai, Meng Yu, Wanyu Zang

 388-399

Give Rookies A Chance: A Trust-Based Institutional Online Supplier Recommendation Framework.

Han Jiao, Jixue Liu, Jiuyong Li, Chengfei Liu

 400-411

Security Economics

A Game-Theoretic Formulation of Security Investment Decisions under Ex-ante Regulation.

Giuseppe D'Acquisto, Marta Flamini, Maurizio Naldi

 412-423

Optimizing Network Patching Policy Decisions.

Yolanta Beres, Jonathan Griffin

 424-442

A Risk Assessment Method for Smartphones.

Marianthi Theoharidou, Alexios Mylonas, Dimitris Gritzalis

 443-456

Empirical Benefits of Training to Phishing Susceptibility.

Ronald Dodge, Kathryn Coronges, Ericka Rovira

 457-464

Authentication and Delegation

Multi-modal Behavioural Biometric Authentication for Mobile Devices.

Hataichanok Saevanee, Nathan L. Clarke, Steven M. Furnell

 465-474

Analysis and Modeling of False Synchronizations in 3G-WLAN Integrated Networks.

Christoforos Ntantogian, Christos Xenakis, Ioannis Stavrakakis

 475-488

Password Protected Smart Card and Memory Stick Authentication against Off-Line Dictionary Attacks.

Yongge Wang

 489-500

Distributed Path Authentication for Dynamic RFID-Enabled Supply Chains.

Shaoying Cai, Yingjiu Li, Yunlei Zhao

 501-512

Enhanced Dictionary Based Rainbow Table.

Vrizlynn L. L. Thing, Hwei-Ming Ying

 513-524

Short Papers

Authorization Policies for Materialized Views.

Sarah Nait Bahloul, Emmanuel Coquery, Mohand-Said Hacid

 525-530

Enhancing the Security of On-line Transactions with CAPTCHA Keyboard.

Yongdong Wu, Zhigang Zhao

 531-536

Fighting Pollution Attack in Peer-to-Peer Streaming Networks: A Trust Management Approach.

Xin Kang, Yongdong Wu

 537-542

A Framework for Anonymizing GSM Calls over a Smartphone VoIP Network.

Ioannis Psaroudakis, Vasilios Katos, Pavlos S. Efraimidis

 543-548

A Browser-Based Distributed System for the Detection of HTTPS Stripping Attacks against Web Pages.

Marco Prandini, Marco Ramilli

 549-554

Privacy-Preserving Mechanisms for Organizing Tasks in a Pervasive eHealth System.

Milica Milutinovic, Vincent Naessens, Bart De Decker

 555-560

Web Services Security Assessment: An Authentication-Focused Approach.

Yannis Soupionis, Miltiadis Kandias

 561-566

Open Issues and Proposals in the IT Security Management of Commercial Ports: The S-PORT National Case.

Nineta Polemi, Theodoros Ntouskas

 567-572

A Response Strategy Model for Intrusion Response Systems.

Nor Badrul Anuar, Maria Papadaki, Steven Furnell, Nathan L. Clarke

 573-578

Intrusion Tolerance of Stealth DoS Attacks to Web Services.

Massimo Ficco, Massimiliano Rak

 579-584

Towards Use-Based Usage Control.

Christos Grompanopoulos, Ioannis Mavridis

 585-590