SEC 2017
32nd International Conference on
ICT Systems Security and Privacy Protection - IFIP SEC 2017
May 29 - 31, 2017, Rome, Italy
National Research Council of Italy

Program Committee
Call for Papers
Important Dates
Paper Submission
Conference Program
Co-Located Events
Social Program
Travel Information
Conference Venue
Keynote Speakers
Kristian Beckman Award
Best Student Paper Award

Preliminary Program (IFIP SEC 2017)

Monday May 29th 2017

08:00 - 08:50 Registration
08:50 - 09:00 Opening
09:00 - 10:00 Keynote: Jan Camenisch, IBM:
Cryptography for People

10:00 - 10:30 Coffee Break
10:30 - 12:35 SESSION 1 - Network security and cyber attacks (session chair: Javier Lopez)

Wilfried Mayer and Martin Schmiedecker
Turning Active TLS Scanning to Eleven

Tulio A. Pascoal, Yuri Gil Dantas, Iguatemi E. Fonseca and Vivek Nigam
Slow TCAM Exhaustion DDoS Attack

Gheorghe Hajmasan, Alexandra Mondoc, Radu Portase, Octacian Cret
Evasive Malware Detection using Groups of Processes

Michael Denzel, Mark Ryan and Eike Ritter
A Malware-Tolerant, Self-Healing Industrial Control System Framework

David Myers, Kenneth Radke, Suriadi Suriadi and Ernest Foo
Process Discovery for Industrial Control System Cyber Attack Detection
12:35 - 14:00 Lunch Break
14:00 - 15:40 SESSION 2 - Security and privacy in social applications and cyber attacks defense (session chair: Yazan Boshmaf)

Pablo Picazo-Sanchez, Raul Pardo and Gerardo Schneiderz
Secure Photo Sharing in Social Networks

Lin Yuan, Joel Theytaz and Touradj Ebrahimi
Context-Dependent Privacy-Aware Photo Sharing based on Machine Learning

Khondker Jahid Reza, Md Zahidul Islam and Vladimir Estivill-Castro
3LP: Three Layers of Protection for Individual Privacy in Facebook

Vasiliki Diamantopoulou, Christos Kalloniatis, Stefanos Gritzalis and Haralambos Mouratidis
Supporting Privacy by Design using Privacy Process Patterns
15:40 - 16:10 Coffee Break
16:10 - 17:25 SESSION 3 - Private queries and aggregations (session chair: Kai Rannemberg)

Ruben Rios, David Nunez and Javier Lopez
Query Privacy in Sensing-as-a-Service Platforms

Hafiz Asif, Jaideep Vaidya, Basit Shafiq and Nabil Adam
Secure and Efficient k-NN Queries

Stephane Grumbach, Robert Riemann
Secure and Trustable Distributed Aggregation based on Kademlia
18:15 Bus transfer to the Casina Valadier
19:30 - 23:00 Concert and Social Dinner

Tuesday May 30th 2017

09:00 - 10:00 Keynote (Kristian Beckman Award): Gene Spafford, Purdue University:
Reflections on the state of cyber security
10:00 - 10:30 Coffee Break
10:30 - 12:35 SESSION 4 - Operating system and firmware security (session chair: Bruno Crispo)

Warren J. Connell, Massimiliano Albanese and Sridhar Venkatesan
A Framework for Moving Target Defense Quantification

Mariem Graa, Nora Cuppens, Frederic Cuppens, Jean-Louis Lanet and Routa Moussaileb
Detection of Side Channel Attacks based on Data Tainting in Android Systems

Minsik Shin, JungBeen Yu, Youngjin Yoon and Taekyoung Kwon
The Fuzzing Awakens: File Format-Aware Mutational Fuzzing on Smartphone Media Server Daemons

Andrei Costin, Apostolis Zarras and Aurelien Francillon
Towards Automated Classification of Firmware Images and Identification of Embedded Devices

Andreas Fuchs, Christoph Krauß and Jürgen Repp
Runtime Firmware Product Lines using TPM2.0
12:35 - 14:00 Lunch Break
14:00 - 15:40 SESSION 5 - User authentication and policies (session chair: Frederic Cuppens)

Lydia Kraus, Robert Schmidt, Marcel Walch, Florian Schaub and Sebastian Moller
On the Use of Emojis in Mobile Authentication

David Lorenzi, Jaideep Vaidya, Achyuta Aich, Shamik Sural, Vijay Atluri and Joseph Calca
EmojiTCHA: Using Emotion Recognition to Tell Computers and Humans Apart

Umberto Morelli and Silvio Ranise
Assisted Authoring, Analysis and Enforcement of Access Control Policies in the Cloud

Joseph Hallett and David Aspinall
Capturing Policies for BYOD
15:40 - 16:10 Coffee Break
16:10 - 17:50 SESSION 6 - Applied cryptography and voting schemes (session chair: Joachim Posegga)

Jean-Francois Couchot, Raphael Couturier and Michel Salomon
Improving Blind Steganalysis in Spatial Domain using a Criterion to Choose the Appropriate Steganalyzer between CNN and SRM+EC

Lina Nouh, Ashkan Rahimian, Djedjiga Mouheb, Mourad Debbabi and Aiman Hanna
BinSign: Fingerprinting Binary Functions to Support Automated Analysis of Code Executables

Cecilia Pasquini, Pascal Schoettle and Rainer Boehme
Decoy Password Vaults: At Least As Hard As Steganography?

Stephan Neumann, Manuel Noll and Melanie Volkamer
Election-Dependent Security Evaluation of Internet Voting Schemes
18:15 - 21:15 Tour of Rome by Bus

Wednesday May 31st 2017

09:00 - 10:00 Keynote Roberto Di Pietro, Nokia Bell Labs:
Unleashing e-health potential: security and architectural issues
10:00 - 10:30 Coffee Break
10:30 - 12:35 SESSION 7 - Software security and privacy (session chair: Bart De Decker)

Julian Kirsch, Clemens Jonischkeit, Thomas Kittel, Apostolis Zarras and Claudia Eckert
Combating Control Flow Linearization

Jeffrey Avery and Eugene H. Spafford
Ghost Patches: Fake Patches for Fake Vulnerabilities

Hongfa Xue, Yurong Chen, Fan Yao, Yongbo Li, Tian Lan and Guru Venkataramani
SIMBER: Eliminating Redundant Memory Bound Checks via Statistical Inference

Rene Meis and Maritta Heisel
Towards Systematic Privacy and Operability (PRIOP) Studies

Thibaud Antignac, David Sands and Gerardo Schneider
Data Minimisation: a Language-Based Approach

12:35 - 14:00 Lunch Break
14:00 - 15:40 SESSION 8 - Privacy (session chair: Yuko Murayama)

Jun Wang and Qiang Tang
Differentially Private Neighborhood-based Recommender Systems

Somayeh Taheri, Md Morshedul Islam and Reihaneh Safavi-Naini
Privacy-enhanced Profile-based Authentication using Sparse Random Projection

Edoardo Serra, Jaideep Vaidya, Haritha Akella and Ashish Sharma
Evaluating the Privacy Implications of Frequent Itemset Disclosure

Roberto Di Pietro, Federico Franzoni and Flavio Lombardi
HyBIS: Advanced Introspection for Effective Windows Guest Protection
15:40 - 16:10 Coffee Break
16:10 - 17:50 SESSION 9 - Digital Signature, risk management, and code reuse attacks

Jihye Kim and Hyunok Oh
Forward-Secure Digital Signature Schemes with Optimal Computation and Storage of Signers

Alessio Merlo and Gabriel Claudiu Georgiu
RiskInDroid: Machine Learning-based Risk Analysis on Android

Ahmed Seid Yesuf, Jetzabel Serna-Olvera and Kai Rannenberg
Using Fraud Patterns for Fraud Risk Assessment of E-services

Liwei Chen, Mengyu Ma, Wenhao Zhang, Gang Shi and Dan Meng
Gadget Weighted Tagging: A Flexible Framework to Protect Against Code Reuse Attacks
17:50 - 18:00 IFIP SEC Best Student Paper Award and Closing

WISE 10 Provisional Programme

Monday May 29th 2017

08:00 - 08:50 Registration
08:50 - 10:00 Joint Program with IFIP SEC
10:00 - 10:30 Coffee Break
10:30 - 12:20 SESSION 1 - Information Security Training
Chair: Lynn Futcher

Lynn Futcher
Welcome by IFIP WG 11.8 Chair

Natalia Miloslavskaya and Alexander Tolstoy
ISO/IEC Competence Requirements for Information Security Professionals

Lynette Drevin, Hennie Kruger, Anna-Marie Bell and Tjaart Steyn
A linguistic approach to information security awareness education in a healthcare environment

Thando Mabece, Lynn Futcher and Kerry-Lynn Thomson
South African Computing Educators’ Perspectives on Information Security Behaviour

Konstantin Kogos and Sergey Zapechnikov
Studying Formal Security Proofs for Cryptographic Protocols

12:35 - 14:00 Lunch Break
14:00 - 16:00 SESSION 2 - Cyberesecurity Training
Chair: Natalia Miloslavskaya

Keynote: Louise Yngstrom (Founder of WISE Conference)

Noluxolo Gcaza and Rossouw Von Solms
Cybersecurity Culture: An ill-defined Problem

Susanne Wetzel
Pathways in Cybersecurity: Translating Theory into Practice

Erik Moore, Dan Likarish and Steven Fulton
Evaluating a Multi-Agency Cyber Security Training Program Using Pre-Post event assessment and Longitudinal Analysis

16:00 - 16:10 Break
16:10 - 23:00 Joint Program with IFIP SEC

Tuesday May 30th 2017

09:00 - 10:00 Joint Program with IFIP SEC
10:00 - 10:30 Coffee Break
10:30 - 12:35 SESSION 3 - Education and Training
Chair: Lynette Drevin

Odwa Yekela, Kerry-Lynn Thomson and Johan van Niekerk
Assessing the Effectiveness of the Cisco Network Academy Program in Developing Countries

Matt Bishop, Melissa Dark, Ida Ngambeki, Jun Dai, Phillip Nico and Minghua Zh
Evaluating Secure Programming Knowledge

Elmarie Kritzinger, Maria Bada and Jason Nurse
A study into the cybersecurity awareness initiatives for school learners in South Africa and the UK

Natalia Miloslavskaya and Alexander Tolstoy
Designing Degree Programmes for Bachelors and Masters in Information Security

Matt Bishop, Diana Burley, Scott Buck, Joseph Ekstrom, Lynn Futcher, David Gibson, Elizabeth Hawthorne, Siddharth Kaza, Yair Levy, Herbert Mattord and Allen Parrish
Cybersecurity Curricular Guidelines
12:35 - 14:00 Lunch Break
14:00 - 16:00 SESSION 4 - Network Security Education
Chair: Erik Moore

Stig Mjolsnes and Ruxandra F. Olimid
Introducing Mobile Network Security Experiments to Communication Technology Education

Natalia Miloslavskaya, Alexander Tolstoy and Anton Migalin
"Network Security Intelligence" Educational and Research Center

Matt Bishop, Diana Burley and Lynn Futcher
Workshop on the ACM Joint Task Force Cybersecurity Curricular Guidelines – Phase 1

16:00 - 17:50 Joint Program with IFIP SEC
19:00 - 23:00 Informal Wise Dinner

Wednesday May 31st 2017

09:00 - 10:00 Joint Program with IFIP SEC
10:00 - 10:30 Coffee Break
10:30 - 11:30 Matt Bishop, Diana Burley and Lynn Futcher
Workshop on the ACM Joint Task Force Cybersecurity Curricular Guidelines – Phase 2

11:30 - 11:40 Closing of WISE10
11:40 - 13:00 IFIP WG 11.8 AGM and Strategic Planning Workshop (IFIP WG11.8 members)
13:00 - 14:00 Lunch Break

iNetSec 2017 Program

The following is the iNetSec program.

Wednesday May 31st 2017

12:35 - 14:00 Lunch Break
14:00 - 15:40 SESSION 1 - Network

Vladimir Oleshchuk
Trust-Aware Security for Disruption-Tolerant Networks

Sadaf Momeni, Tooska Dargahi and Hossein Shafiei
Post Disaster Resilient Networks: Design Guidelines for Rescue Operations

Alfonso de La Rocha and Panos Papadimitratos
Blockchain-based Public Key Infrastructure for Inter-Domain Secure Routing
15:40 - 16:10 Coffee Break
16:10 - 17:15 SESSION 2 - Privacy

Stig F. Mjolsnes and Ruxandra F. Olimid
The Challenge of Private Identification

Yudhistira Nugraha and Andrew Martin
Understanding Security-related SLAs as Trust-Enhancing Instruments: Concepts, Approaches and Open Research Issues

NeCS Program

The following is the NeCS program.

Monday May 29th 2017

08:00 - 08:50 Registration
08:50 - 10:00 Joint Program with IFIP SEC
10:00 - 10:30 Coffee Break
10:30 - 12:35 SESSION 1 - Risk management for Cyber-security

Ganbayar Uuganbayar
Risk assessment for cyber-insurance

Salman Manzoor
Security risk measurement & SLAs

Sandeep Gupta
Attack vectors & cyber-threats

Oleksii Osliak
Dynamic threat assessment & prediction

Wagner Medeiros dos Santos
Risk Metrics for vulnerabilities
12:35 - 14:00 Lunch Break
14:00 - 15:00 Invited Talk: Afonso Ferreira:
Strategic thinking in information security
15:00 - 15:40 SESSION 2 - Cyber-security Operations Systems & Services

Davide Ferraris
Trust metrics for cyber-security

Imad Mahaini
Modelling and analysing trust and influence in social networks

15:40 - 16:10 Coffee Break
16:10 - 17:30 SESSION 3 - Cyber-security intelligence and information sharing

Mario Faiella
Intelligence & incident information sharing

Athanasios Rizos
Usage control for information sharing

Martin Kolar
Trustworthy information exchange

Adham Albakri
Privacy - and Secrecy - preserving, Secure Processing of Big-Data / EU policy compliance
17:30 - 18:00 Final Discussion