IFIP TC6 Open Digital Library

SEC 2012: Crete, Greece

Information Security and Privacy Research - 27th IFIP TC 11 Information Security and Privacy Conference, SEC 2012, Heraklion, Crete, Greece, June 4-6, 2012. Proceedings

Dimitris Gritzalis, Steven Furnell, Marianthi Theoharidou

Springer, IFIP Advances in Information and Communication Technology 376, ISBN: 978-3-642-30435-4


Attacks and Malicious Code

Relay Attacks on Secure Element-Enabled Mobile Devices - Virtual Pickpocketing Revisited.

Michael Roland, Josef Langer, Josef Scharinger


Would You Mind Forking This Process? A Denial of Service Attack on Android (and Some Countermeasures).

Alessandro Armando, Alessio Merlo, Mauro Migliardi, Luca Verderame


An Approach to Detecting Inter-Session Data Flow Induced by Object Pooling.

Bernhard J. Berger, Karsten Sohr


Embedded Eavesdropping on Java Card.

Guillaume Barbu, Christophe Giraud, Vincent Guerin


Security Architectures

Authenticated Key Exchange (AKE) in Delay Tolerant Networks.

Sofia-Anna Menesidou, Vasilios Katos


OFELIA - A Secure Mobile Attribute Aggregation Infrastructure for User-Centric Identity Management.

Alexandre B. Augusto, Manuel Eduardo Correia


Smart OpenID: A Smart Card Based OpenID Protocol.

Andreas Leicher, Andreas U. Schmidt, Yogendra Shah


Peer to Peer Botnet Detection Based on Flow Intervals.

David Zhao, Issa Traoré, Ali A. Ghorbani, Bassam Sayed, Sherif Saad, Wei Lu


System Security

Towards a Universal Data Provenance Framework Using Dynamic Instrumentation.

Eleni Gessiou, Vasilis Pappas, Elias Athanasopoulos, Angelos D. Keromytis, Sotiris Ioannidis


Improving Flask Implementation Using Hardware Assisted In-VM Isolation.

Baozeng Ding, Fufeng Yao, Yanjun Wu, Yeping He


HyperForce: Hypervisor-enForced Execution of Security-Critical Code.

Francesco Gadaleta, Nick Nikiforakis, Jan Tobias Mühlberg, Wouter Joosen


RandHyp: Preventing Attacks via Xen Hypercall Interface.

Feifei Wang, Ping Chen, Bing Mao, Li Xie


Access Control

Role Mining under Role-Usage Cardinality Constraint.

John C. John, Shamik Sural, Vijayalakshmi Atluri, Jaideep Vaidya


HIDE_DHCP: Covert Communications through Network Configuration Messages.

Ruben Rios, Jose Antonio Onieva, Javier Lopez


Handling Stateful Firewall Anomalies.

Frédéric Cuppens, Nora Cuppens-Boulahia, Joaquín García-Alfaro, Tarik Moataz, Xavier Rimasson


A Framework for Threat Assessment in Access Control Systems.

Hemanth Khambhammettu, Sofiene Boulares, Kamel Adi, Luigi Logrippo


Database Security

Support for Write Privileges on Outsourced Data.

Sabrina De Capitani di Vimercati, Sara Foresti, Sushil Jajodia, Stefano Paraboschi, Pierangela Samarati


Malicious Users' Transactions: Tackling Insider Threat.

Weihan Li, Brajendra Panda, Qussai Yaseen


Privacy Attitudes and Properties

Privacy-Preserving Television Audience Measurement Using Smart TVs.

George Drosatos, Aimilia Tasidou, Pavlos S. Efraimidis


Tracking Users on the Internet with Behavioral Patterns: Evaluation of Its Practical Feasibility.

Christian Banse, Dominik Herrmann, Hannes Federrath


Smartphone Forensics: A Proactive Investigation Scheme for Evidence Acquisition.

Alexios Mylonas, Vasilis Meletiadis, Bill Tsoumas, Lilian Mitrou, Dimitris Gritzalis


Social Networks and Social Engineering

Modeling Social Engineering Botnet Dynamics across Multiple Social Networks.

Shuhao Li, Xiao-chun Yun, Zhiyu Hao, Yongzheng Zhang 0002, Xiang Cui, Yipeng Wang


Layered Analysis of Security Ceremonies.

Giampaolo Bella, Lizzie Coles-Kemp


Applied Cryptography, Anonymity and Trust

A Small Depth-16 Circuit for the AES S-Box.

Joan Boyar, René Peralta


Formal Verification of the mERA-Based eServices with Trusted Third Party Protocol.

Maria Christofi, Aline Gouget


Usable Security

My Authentication Album: Adaptive Images-Based Login Mechanism.

Amir Herzberg, Ronen Margulies


Balancing Security and Usability of Local Security Mechanisms for Mobile Devices.

Shuzhe Yang, Gökhan Bal


Analyzing Value Conflicts for a Work-Friendly ISS Policy Implementation.

Ella Kolkowska, Bart De Decker


When Convenience Trumps Security: Defining Objectives for Security and Usability of Systems.

Gurpreet Dhillon, Tiago Oliveira, Santa R. Susarapu, Mário M. Caldeira


Security and Trust Models

Security-by-Contract for the OSGi Platform.

Olga Gadyatskaya, Fabio Massacci, Anton Philippov


Cyber Weather Forecasting: Forecasting Unknown Internet Worms Using Randomness Analysis.

Hyundo Park, Sung-Oh David Jung, Heejo Lee, Hoh Peter In


Incentive Compatible Moving Target Defense against VM-Colocation Attacks in Clouds.

Yulong Zhang, Min Li, Kun Bai, Meng Yu, Wanyu Zang


Give Rookies A Chance: A Trust-Based Institutional Online Supplier Recommendation Framework.

Han Jiao, Jixue Liu, Jiuyong Li, Chengfei Liu


Security Economics

A Game-Theoretic Formulation of Security Investment Decisions under Ex-ante Regulation.

Giuseppe D'Acquisto, Marta Flamini, Maurizio Naldi


Optimizing Network Patching Policy Decisions.

Yolanta Beres, Jonathan Griffin


A Risk Assessment Method for Smartphones.

Marianthi Theoharidou, Alexios Mylonas, Dimitris Gritzalis


Empirical Benefits of Training to Phishing Susceptibility.

Ronald Dodge, Kathryn Coronges, Ericka Rovira


Authentication and Delegation

Multi-modal Behavioural Biometric Authentication for Mobile Devices.

Hataichanok Saevanee, Nathan L. Clarke, Steven M. Furnell


Analysis and Modeling of False Synchronizations in 3G-WLAN Integrated Networks.

Christoforos Ntantogian, Christos Xenakis, Ioannis Stavrakakis


Password Protected Smart Card and Memory Stick Authentication against Off-Line Dictionary Attacks.

Yongge Wang


Distributed Path Authentication for Dynamic RFID-Enabled Supply Chains.

Shaoying Cai, Yingjiu Li, Yunlei Zhao


Enhanced Dictionary Based Rainbow Table.

Vrizlynn L. L. Thing, Hwei-Ming Ying


Short Papers

Authorization Policies for Materialized Views.

Sarah Nait Bahloul, Emmanuel Coquery, Mohand-Said Hacid


Enhancing the Security of On-line Transactions with CAPTCHA Keyboard.

Yongdong Wu, Zhigang Zhao


Fighting Pollution Attack in Peer-to-Peer Streaming Networks: A Trust Management Approach.

Xin Kang, Yongdong Wu


A Framework for Anonymizing GSM Calls over a Smartphone VoIP Network.

Ioannis Psaroudakis, Vasilios Katos, Pavlos S. Efraimidis


A Browser-Based Distributed System for the Detection of HTTPS Stripping Attacks against Web Pages.

Marco Prandini, Marco Ramilli


Privacy-Preserving Mechanisms for Organizing Tasks in a Pervasive eHealth System.

Milica Milutinovic, Vincent Naessens, Bart De Decker


Web Services Security Assessment: An Authentication-Focused Approach.

Yannis Soupionis, Miltiadis Kandias


Open Issues and Proposals in the IT Security Management of Commercial Ports: The S-PORT National Case.

Nineta Polemi, Theodoros Ntouskas


A Response Strategy Model for Intrusion Response Systems.

Nor Badrul Anuar, Maria Papadaki, Steven Furnell, Nathan L. Clarke


Intrusion Tolerance of Stealth DoS Attacks to Web Services.

Massimo Ficco, Massimiliano Rak


Towards Use-Based Usage Control.

Christos Grompanopoulos, Ioannis Mavridis