Computer Security -- ESORICS 2013

[M2G]

This book constitutes the refereed proceedings of the 18th European Symposium

on Computer Security, ESORICS 2013, held in Egham, UK, in September 2013.

The 43 papers included in the book were carefully reviewed and selected from

242 papers. The aim of ESORICS is to further the progress of research in

computer security by establishing a European forum for bringing together

researchers in this area, by promoting the exchange of ideas with system

developers and by encouraging links with researchers in related areas.

The papers cover all topics related to security, privacy and trust in computer

systems and networks.

Adica cartea de aici:

Computer Security -- ESORICS 2013 - 18th European Symposium on Research in Computer Security,

Download aici:

kscse13

Warning: Foarte tehnic

[Nytro]

Table of Contents
Cryptography and Computation
Practical Covertly Secure MPC for Dishonest Majority –
Or: Breaking the SPDZ Limits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Ivan Damg?ard, Marcel Keller, Enrique Larraia, Valerio Pastro,
Peter Scholl, and Nigel P. Smart
Practical and Employable Protocols for UC-Secure Circuit Evaluation
over Zn . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Jan Camenisch, Robert R. Enderlein, and Victor Shoup
Privacy-Preserving Accountable Computation . . . . . . . . . . . . . . . . . . . . . . . 38
Michael Backes, Dario Fiore, and Esfandiar Mohammadi
Measurement and Evaluation
Verifying Web Browser Extensions’ Compliance with Private-Browsing
Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Benjamin S. Lerner, Liam Elberty, Neal Poole, and
Shriram Krishnamurthi
A Quantitative Evaluation of Privilege Separation in Web Browser
Designs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
Xinshu Dong, Hong Hu, Prateek Saxena, and Zhenkai Liang
Estimating Asset Sensitivity by Profiling Users . . . . . . . . . . . . . . . . . . . . . . 94
Youngja Park, Christopher Gates, and Stephen C. Gates
Applications of Cryptography
Practical Secure Logging: Seekable Sequential Key Generators . . . . . . . . . 111
Giorgia Azzurra Marson and Bertram Poettering
Request-Based Comparable Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
Jun Furukawa
Ensuring File Authenticity in Private DFA Evaluation on Encrypted
Files in the Cloud . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
Lei Wei and Michael K. Reiter
XIV Table of Contents
Code Analysis
HI-CFG: Construction by Binary Analysis and Application to Attack
Polymorphism . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164
Dan Caselden, Alex Bazhanyuk, Mathias Payer,
Stephen McCamant, and Dawn Song
AnDarwin: Scalable Detection of Semantically Similar Android
Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182
Jonathan Crussell, Clint Gibler, and Hao Chen
BISTRO: Binary Component Extraction and Embedding for Software
Security Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200
Zhui Deng, Xiangyu Zhang, and Dongyan Xu
Network Security
Vulnerable Delegation of DNS Resolution . . . . . . . . . . . . . . . . . . . . . . . . . . . 219
Amir Herzberg and Haya Shulman
Formal Approach for Route Agility against Persistent Attackers . . . . . . . . 237
Jafar Haadi Jafarian, Ehab Al-Shaer, and Qi Duan
Plug-and-Play IP Security: Anonymity Infrastructure instead of PKI . . . 255
Yossi Gilad and Amir Herzberg
Formal Models and Methods
Managing the Weakest Link: A Game-Theoretic Approach for the
Mitigation of Insider Threats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273
Aron Laszka, Benjamin Johnson, Pascal Sch¨ottle,
Jens Grossklags, and Rainer B¨ohme
Automated Security Proofs for Almost-Universal Hash for MAC
Verification. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291
Martin Gagn´e, Pascal Lafourcade, and Yassine Lakhnech
Bounded Memory Protocols and Progressing Collaborative Systems . . . . 309
Max Kanovich, Tajana Ban Kirigin, Vivek Nigam, and
Andre Scedrov
Universally Composable Key-Management . . . . . . . . . . . . . . . . . . . . . . . . . . 327
Steve Kremer, Robert K¨unnemann, and Graham Steel
Table of Contents XV
Protocol Analysis
A Cryptographic Analysis of OPACITY (Extended Abstract) . . . . . . . . . . 345
¨ Ozg¨ur Dagdelen, Marc Fischlin, Tommaso Gagliardoni,
Giorgia Azzurra Marson, Arno Mittelbach, and Cristina Onete
Symbolic Probabilistic Analysis of Off-Line Guessing . . . . . . . . . . . . . . . . . 363
Bruno Conchinha, David Basin, and Carlos Caleiro
ASICS: Authenticated Key Exchange Security Incorporating
Certification Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 381
Colin Boyd, Cas Cremers, Mich`ele Feltz, Kenneth G. Paterson,
Bertram Poettering, and Douglas Stebila
Privacy Enhancing Models and Technologies
Efficient Privacy-Enhanced Familiarity-Based Recommender System . . . . 400
Arjan Jeckmans, Andreas Peter, and Pieter Hartel
Privacy-Preserving User Data Oriented Services for Groups with
Dynamic Participation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 418
Dmitry Kononchuk, Zekeriya Erkin, Jan C.A. van der Lubbe, and
Reginald L. Lagendijk
Privacy-Preserving Matching of Community-Contributed Content . . . . . . 443
Mishari Almishari, Paolo Gasti, Gene Tsudik, and Ekin Oguz
E-voting and Privacy
Ballot Secrecy and Ballot Independence Coincide . . . . . . . . . . . . . . . . . . . . 463
Ben Smyth and David Bernhard
Election Verifiability or Ballot Privacy: Do We Need to Choose? . . . . . . . 481
´ Edouard Cuvelier, Olivier Pereira, and Thomas Peters
Enforcing Privacy in the Presence of Others: Notions, Formalisations
and Relations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 499
Naipeng Dong, Hugo Jonker, and Jun Pang
Malware Detection
Mining Malware Specifications through Static Reachability Analysis . . . . 517
Hugo Daniel Macedo and Tayssir Touili
Patrol: Revealing Zero-Day Attack Paths through Network-Wide
System Object Dependencies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 536
Jun Dai, Xiaoyan Sun, and Peng Liu
XVI Table of Contents
Measuring and Detecting Malware Downloads in Live Network
Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 556
Phani Vadrevu, Babak Rahbarinia, Roberto Perdisci, Kang Li, and
Manos Antonakakis
Access Control
Automated Certification of Authorisation Policy Resistance . . . . . . . . . . . 574
Andreas Griesmayer and Charles Morisset
Fine-Grained Access Control System Based on Outsourced
Attribute-Based Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 592
Jin Li, Xiaofeng Chen, Jingwei Li, Chunfu Jia, Jianfeng Ma, and
Wenjing Lou
Purpose Restrictions on Information Use . . . . . . . . . . . . . . . . . . . . . . . . . . . . 610
Michael Carl Tschantz, Anupam Datta, and Jeannette M. Wing
Distributed Shuffling for Preserving Access Confidentiality . . . . . . . . . . . . 628
Sabrina De Capitani di Vimercati, Sara Foresti, Stefano Paraboschi,
Gerardo Pelosi, and Pierangela Samarati
Attacks
Range Extension Attacks on Contactless Smart Cards . . . . . . . . . . . . . . . . 646
Yossef Oren, Dvir Schirman, and Avishai Wool
CellFlood: Attacking Tor Onion Routers on the Cheap . . . . . . . . . . . . . . . . 664
Marco Valerio Barbera, Vasileios P. Kemerlis, Vasilis Pappas, and
Angelos D. Keromytis
Nowhere to Hide: Navigating around Privacy in Online Social
Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 682
Mathias Humbert, Th´eophile Studer, Matthias Grossglauser, and
Jean-Pierre Hubaux
Current Events: Identifying Webpages by Tapping the Electrical
Outlet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 700
Shane S. Clark, Hossen Mustafa, Benjamin Ransford, Jacob Sorber,
Kevin Fu, and Wenyuan Xu
Language-Based Protection
Eliminating Cache-Based Timing Attacks with Instruction-Based
Scheduling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 718
Deian Stefan, Pablo Buiras, Edward Z. Yang, Amit Levy,
David Terei, Alejandro Russo, and David Mazi`eres
Table of Contents XVII
Data-Confined HTML5 Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 736
Devdatta Akhawe, Frank Li, Warren He, Prateek Saxena, and
Dawn Song
KQguard: Binary-Centric Defense against Kernel Queue Injection
Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 755
Jinpeng Wei, Feng Zhu, and Calton Pu
Run-Time Enforcement of Information-Flow Properties on Android
(Extended Abstract) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 775
Limin Jia, Jassim Aljuraidan, Elli Fragkaki, Lujo Bauer,
Michael Stroucken, Kazuhide Fukushima, Shinsaku Kiyomoto, and
Yutaka Miyake
Author Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 793

Da, not bad