The program is also available in PDF.

Monday, September 10, 2012 -- 9.15 – 10.15

Invited talk: Mind the Gap: Smartphone Security and Privacy in Theory and Practice

Prof. Ahmad-Reza Sadeghi
Technische Universität Darmstadt

Monday, September 10, 2012 -- 10.45 – 12.45

Session 1A: Security and data protection in real systems
(chair: Amir Herzberg)

  • Modeling and Enhancing Android's Permission System (Elli Fragkaki, Lujo Bauer, Limin Jia and David Swasey)
  • Hardening Access Control and Data Protection in GFS-like File Systems (James Kelley, Roberto Tamassia and Nikos Triandopoulos)
  • Attack of the Clones: Detecting Cloned Applications on Android Markets (Jonathan Crussell, Clint Gibler and Hao Chen)
  • Boosting the Permissiveness of Dynamic Information-Flow Tracking by Testing (Arnar Birgisson, Daniel Hedin and Andrei Sabelfeld)

Session 1B: Formal models for cryptography and access control
(chair: Luigi Mancini)

  • Effective Symbolic Protocol Analysis via Equational Irreducibility Conditions (Serdar Erbatur, Santiago Escobar, Deepak Kapur, Zhiqiang Liu, Christopher Lynch, Catherine Meadows, Jose Meseguer, Paliath Narendran, Sonia Santiago and Ralf Sasse)
  • Deciding Epistemic and Strategic Properties of Cryptographic Protocols (Henning Schnoor)
  • Satisfiability and Feasibility in a Relationship-based Workflow Authorization Model (Arif Khan and Philip Fong)
  • Deciding Security for a Fragment of ASLan (Sebastian A. Mödersheim)

Monday, September 10, 2012 -- 14.15 – 15.45

Session 2A: Security and privacy in mobile and wireless networks
(chair: Roberto Di Pietro)

  • A Probabilistic Framework for Localization of Attackers in MANETs (Massimiliano Albanese, Alessandra De Benedictis, Sushil Jajodia and Paulo Shakarian)
  • Robust Probabilistic Fake Packet Injection for Receiver-Location Privacy in WSN (Ruben Rios, Jorge Cuellar and Javier Lopez)
  • Privacy-Aware Message Exchanges for Geographically Routed Human Movement Networks (Adam Aviv, Micah Sherr, Matt Blaze and Jonathan Smith)

Session 2B: Counteracting Man-in-the-Middle attacks
(chair: Lujo Bauer)

  • Trust No One Else: Detecting MITM Attacks Against SSL/TLS Without Third-Parties (Italo Dacosta, Mustaque Ahamad and Patrick Traynor)
  • X.509 Forensics: Detecting and Localising the SSL/TLS Men-in-the-middle (Ralph Holz, Thomas Riedmaier, Nils Kammenhuber and Georg Carle)
  • A Practical Man-In-The-Middle Attack on Signal-based Key Generation Protocols (Simon Eberz, Martin Strohmeier, Matthias Wilhelm and Ivan Martinovic)

Monday, September 10, 2012 -- 16.15 – 17.45

Session 3A: Network security
(chair: Ivan Martinovic)

  • The Silence of the LANs: Efficient Leakage Resilience for IPsec VPNs (Ahmad-Reza Sadeghi, Steffen Schulz and Vijay Varadharajan)
  • Security of Patched DNS (Amir Herzberg and Haya Shulman)
  • Revealing Abuses of Channel Assignment Protocols in Multi-Channel Wireless Networks: An Investigation Logic Approach (Qijun Gu, Kyle Jones, Wanyu Zang, Meng Yu and Peng Liu)

Session 3B: Users privacy and anonymity
(chair: Einar Snekkenes)

  • Exploring Linkablility of User Reviews (Mishari Almishari and Gene Tsudik)
  • Formal Analysis of Privacy in an eHealth Protocol (Naipeng Dong, Hugo Jonker and Jun Pang)
  • PRIVATUS: Wallet-Friendly Privacy Protection for Smart Meters (Jinkyu Koo, Xiaojun Lin and Saurabh Bagchi)

Tuesday, September 11, 2012 -- 9.15 – 10.15

Invited talk: Computer-Aided Cryptographic Proofs and Designs

Prof. Gilles Barthe
IMDEA Software Institute

Tuesday, September 11, 2012 -- 10.45 – 12.45

Session 4A: Location privacy
(chair: Keith Frikken)

  • SHARP: Private Proximity Test and Secure Handshake with Cheat-Proof Location Tags (Yao Zheng, Ming Li, Wenjing Lou and Y. Thomas Hou)
  • Secure Proximity Detection for NFC Devices based on Ambient Sensor Data (Tzipora Halevi, Di Ma, Nitesh Saxena and Tuo Xiang)
  • Enhancing Location Privacy for Electric Vehicles (at the right time) (Joseph Liu, Man Ho Au, Willy Susilo and Jianying Zhou)
  • Design and Implementation of a Terrorist Fraud Resilient Distance Bounding System (Aanjhan Ranganathan, Nils Ole Tippenhauer, Boris Skoric, Dave Singelee and Srdjan Capkun)

Session 4B: Voting protocols and anonymous communication
(chair: Mirek Kutylowski)

  • Applying Divertibility to Blind Ballot Copying in the Helios Internet Voting System (Yvo Desmedt and Pyrros Chaidos)
  • Defining Privacy for Weighted Votes, Single and Multi-Voter Coercion (Jannik Dreier, Pascal Lafourcade and Yassine Lakhnech)
  • TorScan: Tracing Long-lived Connections and Differential Scanning Attacks (Alex Biryukov, Ivan Pustogarov and Ralf Philipp Weinmann)
  • Introducing the gMix Open Source Framework for Mix Implementations (Karl-Peter Fuchs, Dominik Herrmann and Hannes Federrath)

Tuesday, September 11, 2012 -- 14.15 – 15.45

Session 5A: Private computation in cloud systems
(chair: Emiliano De Cristofaro)

  • Secure and Efficient Outsourcing of Sequence Comparisons (Marina Blanton, Mikhail J. Atallah, Keith B. Frikken and Qutaibah Malluhi)
  • Third-Party Private DFA Evaluation on Encrypted Files in the Cloud (Lei Wei and Michael Reiter)
  • New Algorithms for Secure Outsourcing of Modular Exponentiations (Xiaofeng Chen, Jin Li, Jianfeng Ma, Qiang Tang and Wenjing Lou)

Session 5B: Formal security models
(chair: Gilles Barthe)

  • Towards Symbolic Encryption Schemes (Naveed Ahmed, Christian Damsgaard Jensen and Erik Zenner)
  • Decision Procedures for Simulatability (Charanjit Jutla and Arnab Roy)
  • Model-Checking Bisimulation-based Information Flow Properties for Infinite State Systems (Deepak D'Souza and Raghavendra K. R.)

Tuesday, September 11, 2012 -- 16.15 – 17.45

Session 6A: Identity based encryption and group signature
(chair: Joachim Posegga)

  • Identity-Based Traitor Tracing with Short Private Key and Short Ciphertext (Fuchun Guo, Yi Mu and Willy Susilo)
  • Identity-Based Encryption with Master Key-Dependent Message Security and Leakage-Resilience (David Galindo, Javier Herranz and Jorge Villar)
  • Unique Group Signatures (Matthew Franklin and Haibin Zhang)

Session 6B: Authentication
(chair: Nora Cuppens)

  • Relations among Notions of Privacy for RFID Authentication Protocols (Daisuke Moriyama, Shin'Ichiro Matsuo and Miyako Ohkubo)
  • PE(AR)^2: Privacy-Enhanced Anonymous Authentication with Reputation and Revocation (Kin Ying Yu, Tsz Hon Yuen, Sherman S.M. Chow, S.M. Yiu and Lucas C.K. Hui)
  • Dismantling iClass and iClass Elite (Flavio D. Garcia, Gerhard de Koning Gans, Roel Verdult and Milosch Meriac)

Wednesday, September 12, 2012 -- 9.15 – 10.15

Invited talk: Integrity of Storage and Computations in the Cloud

Prof. Christian Cachin
IBM Research - Zurich

Wednesday, September 12, 2012 -- 10.45 – 12.45

Session 7: Encryption key and password security
(chair: Joaquin Garcia-Alfaro)

  • Evaluation of Standardized Password-based Key Derivation against Parallel Processing Platforms (Markus Dürmuth, Tim Güneysu, Markus Kasper, Christof Paar, Tolga Yalcin and Ralf Zimmermann)
  • Beyond eCK: Perfect Forward Secrecy under Actor Compromise and Ephemeral-Key Reveal (Cas Cremers and Michele Feltz)
  • Bleichenbacher’s Attack Strikes Again: Breaking PKCS#1 v1.5 in XML Encryption (Tibor Jager, Sebastian Schinzel and Juraj Somorovsky)
  • On The Security of Password Manager Database Formats (Paolo Gasti and Kasper Rasmussen)

Wednesday, September 12, 2012 -- 14.15 – 15.45

Session 8: Malware and phishing
(chair: Frédéric Cuppens)

  • Scalable Telemetry Classification for Automated Malware Detection (Jack Stokes, John Platt, Helen Wang, Joe Faulhaber, Jonathan Keller, Mady Marinescu, Anil Thomas and Marius Gheorghescu)
  • Abstraction-based Malware Analysis Using Rewriting and Model Checking (Philippe Beaucamps, Isabelle Gnaedig and Jean-Yves Marion)
  • Detecting Phishing Emails the Natural Language Way (Rakesh Verma, Narasimha Shashidhar and Nabil Hossain)

Wednesday, September 12, 2012 -- 16.15 – 17.45

Session 9: Software security
(chair: Dieter Gollmann)

  • JVM-Portable Sandboxing of Java’s Native Librarie (Mengtao Sun and Gang Tan)
  • Codejail: Application-transparent Isolation of Libraries with Tight Program Interactions (Yongzheng Wu, Sai Sathyanarayan Venkatraman, Roland Yap and Zhenkai Liang)
  • SocialImpact: Systematic Analysis of Underground Social Dynamics (Ziming Zhao, Gail-Joon Ahn, Hongxin Hu and Deepinder Mahi)

Data Privacy Management Workshop 2012 (DPM)

Thursday, September 13, 2012 -- 09.00 – 10.45

Session 1: Authentication, Anonymity and Location-Based Systems

  • 9:05-09:30: Fair Anonymous Authentication for Location Based Services, by Panayiotis Kotzanikolaou, Emmanouil Magkos and Nikolaos Petrakos.
  • 09:30-09:55: Enhancing Privacy in LTE Paging System using Physical Layer Identification, by Tuan Ta and John Baras.
  • 09:55-10:20: Post-hoc User Traceability Analysis in Electronic Toll Pricing Systems, by Xihui Chen, David Fonkwe and Jun Pang.
  • 10:20-10:45: An Efficient and Secure Coding-based Authenticated Encryption, by Mohammed Meziani and Rachid El Bansarkhani.

Thursday, September 13, 2012 -- 11.15 – 13.05

Session 2: Case Studies on Citizens' Privacy

  • Invited Talk 1: Authentication, Anonymity and Location-Based Systems On the Foundations of Trust in Networks of Humans and Computers, Virgil Gligor (Carnegie Mellon University, USA)
  • 12:15-12:40: Proposal of Non-Invasive Fingerprint Age Determination to Improve Data Privacy Management in Police Work from a Legal Perspective using the Example of Germany, by Ronny Merkel, Matthias Pocs, Jana Dittmann and Claus Vielhauer.
  • 12:40-13:05: Differential Privacy in Tripartite Interaction: A Case Study with Linguistic Minorities in Canada, by Arnaud Casteigts, Marie-Hélène Chomienne, Louise Bouchard and Guy-Vincent Jourdan.

Thursday, September 13, 2012 -- 14.15 – 15.45

Session 3: Privacy in Distributed Systems

  • 14:30-14:55: EsPRESSo: Efficient Privacy-Preserving Evaluation of Sample Set Similarity, by Carlo Blundo, Emiliano De Cristofaro and Paolo Gasti.
  • 14:55-15:20: SlopPy: Slope One with Privacy, by Sebastien Gambs and Julien Lolive.
  • 15:20-15:45: A Semi-Lattice Model for Multi-Lateral Security, by Florian Kammueller.

Thursday, September 13, 2012 -- 16.15 – 17.45

  • Invited Talk 2: Privacy in Distributed Systems Re-using existing security infrastructures, by Chris Mitchell (Royal Holloway, UK).

Friday, September 14, 2012 – 10.00– 10.45

Session 4: Privacy Policies

  • 10:00-10:25: Prioritized execution of privacy policies, by Paolo Mori and Marinella Petrocchi.
  • 10:25-10:50: What Websites Know About You - Privacy Policy Analysis Using Information Extraction, by Elisa Costante, Jerry Den Hartog and Milan Petkovic.

Friday, September 14, 2012 -- 11.15 – 12.45

  • Invited talk 3: Data Protection in Cloud Scenarios: Issues and Directions, by Pierangela Samarati (Universita` degli Studi di Milano, Italy).

9th European PKI Workshop: Research and Applications (EuroPKI 2012)

Thursday, September 13, 2012 -- 09.15 – 09.30

  • Welcome

Thursday, September 13, 2012 -- 09.30 – 10.45

  • Invited talk: Key Reuse in Public Key Cryptography: Theory and Practice, Kenny Paterson

Thursday, September 13, 2012 -- 11.15 – 12.45

Session 1: Cryptographic Schemas and Protocols

  • Analysis of Lattice Reduction Attack against the Somewhat Homomorphic Encryption Based on Ideal Lattices, Masaya Yasuda, Jun Yajima, Takeshi Shimoyama, Jun Kogure
  • Group Key Exchange Resilient to Leakage of Ephemeral Secret Keys with Strong Contributiveness, Cheng Chen, Yanfei Guo, Rui Zhang

Thursday, September 13, 2012 -- 14.15 – 15.45

Session 2: Public Key Infrastructure

  • How to avoid the Breakdown of Public Key Infrastructures - Forward Secure Signatures for Certificate Authorities, Johannes Braun, Andreas Hulsing, Alex Wiesmaier, Martin A. G. Vigil, Johannes Buchmann
  • Personal PKI for the Smart Device Era, John Lyle, Andrew Paverd, Justin King-Lacroix, Andrea Atzeni, Habib Virji, Ivan Flechais, Shamal Faily
  • The Notary Based PKI, Martin Vigil, Cristian Moecke, Ricardo Custodio, Melanie Volkamer

Thursday, September 13, 2012 -- 16.15 – 17.15

Session 3: Wireless Authentication and Trusted Computing

  • How to bootstrap trust among devices in home wireless environments via EAP-STLS, Massimiliano Pala
  • Anonymity Revocation through Standard Infrastructures , Jesus Diaz, David Arroyo, Francisco B. Rodriguez

Friday, September 14, 2012 -- 09.30 – 10.45

  • Invited talk: Roberto Di Pietro

Friday, September 14, 2012 -- 11.15 – 12.45

Session 4: Digital Signature and Trusted Computing

  • Cross-Unlinkable Hierarchical Group Signatures, Julien Bringer, Herve Chabanne, Alain Patey
  • Non-Interactive Public Accountability for Sanitizable Signatures, Christina Brzuska, Henrich C. Pohls, and Kai Samelin
  • Waltzing the Bear, or: A Trusted Virtual Security Module, Ronald Toegl, Florian Reimair, and Martin Pirker

Friday, September 14, 2012 -- 14.15 – 15.15

Session 5: Certificates and Public Key Encryption

  • GeoPKI: Translating Spatial Trust into Certificate Trust, Tiffany Hyun-Jin Kim, Adrian Perrig, Virgil Gligor
  • Efficient Public Key Encryption Admitting Decryption by Sender, Puwen Wei, Yuliang Zheng

International Workshop on Quantitative Aspects in Security Assurance (QASA)

Friday, September 14, 2012 -- 09.15 – 10.45

Session 1: Quantitative information flow

  • Invited Talk: Boris Koepf, Quantitative Information-Flow -- Fundamental Techniques and Applications to Side-Channel Analysis
  • Vladimir Klebanov. Precise Quantitative Information Flow Analysis Using Symbolic Model Counting

Friday, September 14, 2012 -- 11.15 – 12.45

Session 2: Information flow, risk, cooperation and decision making.

  • Adedayo Adetoye and Michael Goldsmith. From Qualitative to Quantitative Information Erasure
  • Alessandro Aldini and Alessandro Bogliolo. Trading Performance and Cooperation Incentives in User-Centric Networks
  • Gencer Erdogan, Fredrik Seehusen, Ketil Stølen and and Jan Aagedal. Assessing the Usefulness of Testing for Validating the Correctness of Security Risk Models Based on an Industrial Case Study
  • Adam Beautement, Angela Sasse, David Pym, Simon Arnell, Philip Inglesant and Brian Monahan. Systematic decision making in security management:: Modelling password usage and support

Friday, September 14, 2012 -- 14.15 – 15.45

Session 3: Panel

  • Panel on Quantitative Aspects of Security

Friday, September 14, 2012 -- 16.15 – 17.45

Session 4: Quantitative aspects in access and usage control

  • Francisco Moyano, Carmen Fernández Gag and Javier Lopez. Implementing Trust and Reputation Systems: A Framework for Developers' Usage
  • Leanid Krautsevich, Aliaksandr Lazouski, Paolo Mori and Artsiom Yautsiukhin. Quantitative Methods for Usage Control
  • Charles Morisset. Implementing Access Control Markov Decision Processes with GLPK/GMPL

5th SETOP International Workshop on Autonomous and Spontaneous Security (SETOP 2012)

Thursday, September 13, 2012 -- 09.15 – 10.45

Session 1:

  • Analyzing HTTP User Agent Anomalies for Malware Detection, Nizar Kheir
  • AS5: A Secure Searchable Secret Sharing Scheme for Privacy Preserving Database Outsourcing, Mohammad Ali Hadavi, Ernesto Damiani, Rasool Jalili, Stelvio Cimato and Zeinab Ganjei

Thursday, September 13, 2012 -- 11.15 – 12.45

  • Shared Session with DPM (in the DPM room)

Thursday, September 13, 2012 -- 14.15 – 15.45

Session 2:

  • On Adaptable Markov Chain based Anomaly Detection in Wireless Sensor Networks, Denise Dudek
  • μSec: A Security Protocol for Unicast Communication in Wireless Sensor Networks, Amrita Ghosal, Sanjib Sur and Sipra Das Bit
  • Security Monitoring for Content-Centric Networking, David Goergen, Thibault Cholez, Jérôme François and Thomas Engel

Thursday, September 13, 2012 -- 16.15 – 17.45

Session 3:

  • Automated Smartphone Security Configuration, William Michael Fitzgerald, Ultan Neville and Simon Foley
  • Configuration Assessment as a Service, Matteo Maria Casalino, Henrik Plate and Serena Elisa Ponta

Friday, September 14, 2012 -- 09.15 – 10.45

Session 4:

  • Towards Session-Aware RBAC Delegation: Function Switch, Meriam Ben Ghorbel Talbi, Frédéric Cuppens, Nora Cuppens-Boulahia and Stephane Morrucci
  • Policy Chain for Securing Service Oriented Architectures, Wihem Arsac, Annett Laube and Henrik Plate
  • Towards a Temporal Response Taxonomy, Wael Kanoun, Layal Samarji, Nora Cuppens-Boulahia, Samuel Dubus and Frédéric Cuppens

Friday, September 14, 2012 -- 11.15 – 12.45

  • Shared Session with DPM (in the DPM room)

8th International Workshop on Security and Trust Management (STM 2012)

Thursday, September 13, 2012 -- 09.15 – 10.45

Session 1: Policy Enforcement and Monitorig

  • Cost-aware Runtime Enforcement of Security Policies, Peter Drabik, Fabio Martinelli, and Charles Morisset
  • Enforcing More with Less: Formalizing Target-aware Run-time Monitors, Yannis Mallios, Lujo Bauer, Dilsun Kaynar, and Jay Ligatti
  • Lazy Security Controllers, Giulio Caravagna, Gabriele Costa, and Giovanni Pardini

Thursday, September 13, 2012 -- 11.15 – 12.45

Session 2: Access control

  • Automated Analysis of Scenario-based Specifications of Distributed Access Control Policies with Non-Mechanizable Activities, Michele Barletta, Silvio Ranise, and Luca Viganò
  • Labeled Goal-directed Search in Access Control Logic, Valerio Genovese, Deepak Garg, and Daniele Rispoli
  • A Use-based Approach for Enhancing UCON, Christos Grompanopoulos, Antonios Gouglidis, and Ioannis Mavridis
  • Analysis of Communicating Authorization Policies, Simone Frau and Mohammad Torabi Dashti

Thursday, September 13, 2012 -- 14.15 – 15.45

Session 3: Trust, Reputation, and Privacy

  • Building Trust and Reputation In: A Development Framework for Trust Models Implementation, Francisco Moyano, Carmen Fernandez-Gago, and Javier Lopez
  • Matrix Powers Algorithms for Trust Evaluation in Public-Key Infrastructures, Jean-Guillaume Dumas and Hicham Hossayni
  • Formal Modelling of (De)Pseudonymisation: A Case Study in Health Care Privacy, Meilof Veeningen, Benne de Weger, and Nicola Zannone

Thursday, September 13, 2012 -- 16.15 – 17.45

  • ERCIM PhD Award Talk

Friday, September 14, 2012 -- 09.15 – 10.45

Session 5: Distributed Systems and Physical Security

  • Switchwall: Automated Topology Fingerprinting & Behavior Deviation Identification, Nelson Nazzicari, Javier Almillategui, Angelos Stavrou, and Sushil Jajodia
  • DOT-COM: Decentralized Online Trading and COMmerce, Moti Geva and Amir Herzberg
  • Formalizing Physical Security Procedures, Catherine Meadows and Dusko Pavlovic

Friday, September 14, 2012 -- 11.15 – 12.45

Session 6: Authentication

  • A PUF-based Authentication Protocol to Address Ticket-Switching of RFID-tagged Items, Sjouke Mauw and Selwyn Piramuthu
  • Authenticating Email Search Results, Olga Ohrimenko, Hobart Reynolds, and Roberto Tamassia
  • Software Authentication to Enhance Trust in Body Sensor Networks, Joep de Groot, Vinh Bui, Jean-Paul Linnartz, Johan Lukkien, and Richard Verhoeven
  • YubiSecure? Formal Security Analysis Results for the Yubikey and YubiHSM, Robert Künnemann and Graham Steel

Friday, September 14, 2012 -- 14.15 – 15.45

Session 7: Security Policies

  • Boosting Model Checking to Analyse Large ARBAC Policies, Silvio Ranise, Anh Truong, and Alessandro Armando
  • Constrained Role Mining, Carlo Blundo and Stelvio Cimato
  • A Datalog Semantics for Paralocks, Bart van Delft, Niklas Broberg, and David Sands

To contact the general chair, send an e-mail to:
To contact the program chairs, send an e-mail to: