IFIP Information Security Conference & Privacy Conference - IFIP Technical Commitee 11



Abstacts of the pesented papers at the IFIP SEC 2015

Parallel Session 1a: Privacy I (Chair: Jaap-Henk Hoepman)

O-PSI: Delegated Private Set Intersection on Outsourced Datasets
Aydin Abadi, Sotirios Terzis and Changyu Dong

Flexible and Robust Privacy-Preserving Implicit Authentication
Josep Domingo-Ferrer, Qianhong Wu and Alberto Blanco-Justicia

Towards Relations between the Hitting-Set Attack and the Statistical Disclosure Attack
Dang Vinh Pham and Dogan Kesdogan

Parallel Session 1b: Web Security (Chair: Carlos Rieder)

Cache Timing Attacks revisited: efficient and repeatable browser history, OS and network sniffing
Chetan Bansal, Sören Preibusch and Natasa Milic-Frayling

Enforcing Usage Constraints on Credentials for Web Applications
Jinwei Hu, Heiko Mantel and Sebastian Ruhleder

A Survey of Alerting Websites: Risks and Solutions
Amrit Kumar and Cedric Lauradoux

Parallel Session 2a: Privacy II (Chair: Bart De Decker)

POSN: A Personal Online Social Network
Esra Erdin, Eric Klukovich, Mehmet Gunes and Gurhan Gunduz

Strategic Noninterference
Wojciech Jamroga and Masoud Tabatabaei

Verifying Observational Determinism
Jaber Karimpour, Ayaz Isazadeh and Ali A. Noroozi

Parallel Session 2b: Mobile and Cloud Services Security I (Chair: Nathan Clarke)

ApkCombiner: Combining Multiple Android Apps to Support Inter-AppAnalysis
Li Li, Alexandre Bartel, Tegawendé F. Bissyandé, Jacques Klein and Yves Le Traon

Assessment of the Susceptibility to Data Manipulation of Android Games with In-app Purchases
Francisco Vigário, Miguel Neto, Diogo Fonseca, Mário M. Freire and Pedro R. M. Inácio

An Empirical Study on Android for Saving Non-shared Data on Public Storage
Xiangyu Liu, Zhe Zhou, Wenrui Diao, Zhou Li and Kehuan Zhang

Parallel Session 3a: Security Management and Human Aspects of Security I (Chair: Ingrid Schaumüller-Bichl)

Social groupings and information security obedience within organizations
Teodor Sommestad

Attack Trees with Sequential Conjunction
Ravi Jhawar, Barbara Kordy, Sjouke Mauw, Sasa Radomirovic and Rolando Trujillo-Rasua

Enhancing the Security of Image CAPTCHAs through Noise Addition
David Lorenzi, Emre Uzun, Jaideep Vaidya, Shamik Sural and Vijay Atluri

Parallel Session 3b: Mobile and Cloud Services Security II (Chair: Leon Strous)

The Dual-Execution-Environment Approach: Analysis and Comparative Evaluation
Mohamed Sabt, Mohammed Achemlal and Abdelmadjid Bouabdallah

On the Privacy, Security and Safety of Blood Pressure and Diabetes Apps
Konstantin Knorr, David Aspinall and Maria Wolters

A Cloud-based eHealth Architecture for Privacy Preserving Data Integration
Alevtina Dubovitskaya, Visara Urovi, Matteo Vasirani, Karl Aberer and Michael I. Schumacher

Parallel Session 4a: Applied Cryptography (Chair: Dominik Herrmann)

Fast Revocation of Attribute-Based Credentials for Both Users and Verifiers
Wouter Lueks, Gergely Alpar, Jaap-Henk Hoepman and Pim Vullers

Chaotic Chebyshev polynomials based remote user authentication scheme in client-server environment
Toan-Thinh Truong, Minh-Triet Tran, Anh-Duc Duong and Isao Echizen

A Secure Exam Protocol Without Trusted Parties
Giampaolo Bella, Rosario Giustolisi, Gabriele Lenzini and P. Y. A. Ryan

Parallel Session 4b: Software Security I (Chair: André Zúquete)

SHRIFT System-wide HybRid Information Flow Tracking
Enrico Lovat, Alexander Fromm, Martin Mohr and Alexander Pretschner

ISboxing: an Instruction Substitution based Data Sandboxing for x86 Untrusted Libraries
Liang Deng, Qingkai Zeng and Yao Liu

Exploit Generation for Information Flow Leaks in Object-Oriented Programs
Quoc Huy Do, Richard Bubel and Reiner Hähnle

Parallel Session 5a: Access Control, Trust and Identity Management I (Chair: Dogan Kesdogan)

A Generalization of ISO/IEC 24761 to Enhance Remote Authentication with Trusted Product at Claimant
Asahiko Yamada

Enhancing Passwords Security using Deceptive Covert Communication
Mohammed Almeshekah, Mikhail Atallah and Eugene Spafford

Information Sharing and User Privacy in the Third-party Identity Management Landscape
Anna Vapen, Niklas Carlsson, Anirban Mahanti and Nahid Shahmehri

Parallel Session 5b: Software Security II (Chair: Hannes Federrath)

Memoized Semantics-Based Binary Diffing with Application to Malware Lineage Inference
Jiang Ming, Dongpeng Xu and Dinghao Wu

Mitigating Code-Reuse Attacks on CISC Architectures in a Hardware Approach
Zhijiao Zhang, Yashuai Lü, Yu Chen, Yongqiang Lü and Yuanchun Shi

Integrity for Approximate Joins on Untrusted Computational Servers
Sabrina De Capitani Di Vimercati, Sara Foresti, Sushil Jajodia, Stefano Paraboschi and Pierangela Samarati

Parallel Session 6a: Access Control, Trust and Identity Management II (Chair: Simone Fischer-Hübner)

An Iterative Algorithm for Reputation Aggregation in Multi-dimensional and Multinomial Rating Systems
Mohsen Rezvani, Mohammad Allahbakhsh, Lorenzo Vigentini, Aleksandar Ignjatovic and Sanjay Jha

A Comparison of PHY-Based Fingerprinting Methods Used to Enhance Network Access Control
Timothy Carbino, Michael Temple and Juan Lopez Jr.

Model-driven Integration and Analysis of Access-control Policies in Multi-layer Information Systems
Salvador Martínez, Joaquin Garcia-Alfaro, Frédéric Cuppens, Nora Cuppens-Boulahia and Jordi Cabot

Parallel Session 6b: Network Security (Chair: Kai Rannenberg)

Authenticated File Broadcast Protocol
Simão Reis, André Zúquete, Carlos Faneca and José Vieira

Automated Classification of C&C Connections through Malware URL Clustering
Nizar Kheir, Gregory Blanc, Hervé Debar, Joaquin Garcia-Alfaro and Dingqi Yang

B.Hive: A Zero Configuration Forms Honeypot for Productive Web Applications
Christoph Pohl, Alf Zugenmaier, Michael Meier and Hans-Joachim Hof

Parallel Session 7a: Security Management and Human Aspects of Security II (Chair: Philippos Peleties)

Investigation of Employee Security Behaviour: A Grounded Theory Approach
Lena Connolly, Michael Lang and Doug J. Tygar

Practice-Based Discourse Analysis of InfoSec Policies
Fredrik Karlsson, Goran Goldkuhl and Karin Hedström

Understanding Collaborative Challenges in IT Security Preparedness Exercises
Maria B. Line and Nils Brede Moe

Parallel Session 7b: Cyber-physical Systems and Critical Infrastructures Security (Chair: Peter Lambert)

Application of a Game Theoretic Approach in Smart Sensor Data Trustworthiness Problems
Konstantinos Maraslis, Theodoros Spyridopoulos, George Oikonomou, Theo Tryfonas and Mo Haghighi

Securing BACnet’s Pitfalls
Jaspreet Kaur, Jernej Tonejc, Steffen Wendzel and Michael Meier

On the secure distribution of vendor-specific keys in deployment scenarios
Nicolai Kuntze and Carsten Rudolph