The NDSS 2012 programme will open with registration and a welcome drink on the evening of Sunday 5 February, followed by paper presentations and invited talks from Monday through Wednesday, 6-8 February. The Symposium is scheduled to end at 17:00 on Wednesday.
Meals and refreshment breaks will be provided throughout NDSS 2012. An Opening Reception will be held on Monday evening, February 6.
07:30-08:30 - Continental Breakfast
08:30-09:00 - Introductory Remarks
General Chair: Tom Hutton, San Diego Supercomputer Center
Program Chair: Radu Sion, Stony Brook University
09:00-09:45 - Opening & Keynote
John N. Stewart, Vice President and Chief Security Officer, Cisco Systems, Inc.
10:00-11:00 - Session 1: Networking I
Chair: Lujo Bauer, Carnegie Mellon University
Plaintext-Recovery Attacks Against Datagram TLS
Distinguished Paper Award
Kenneth Paterson and Nadhem Alfardan
We describe an efficient and full plaintext recovery attack against the OpenSSL implementation of DTLS, and an efficient, partial plaintext recovery attack against the GnuTLS implementation of DTLS. We discuss the reasons why these implementations are insecure, drawing lessons for secure protocol design and implementation in general.
Steven Dibenedetto, Paolo Gasti, Gene Tsudik and Ersin Uzun
Named Data Networking (NDN) is an example of content-centric networking. While offering some privacy-friendly features, NDN also prompts certain privacy concerns. We examine NDN privacy characteristics and describe an initial approach to communication privacy: ANDaNA, an overlay that borrows some TOR concepts. We also discuss preliminary performance results.
Gabi Nakibly, Alex Kirshon, Dima Gonikman and Dan Boneh
We present new OSPF attacks that exploit design vulnerabilities in the protocol specification. These new attacks can affect the Link State Advertisements (LSA) of routers not controlled by the attacker while evading the OSPF "fight-back" mechanism. As a result, an attacker can persistently control the routing tables of routers it does not control, thereby enabling the attacker to eavesdrop and modify traffic.
11:10-12:10 - Session 2: Social Networks and User Behavior I
Chair: Yongdae Kim, University of Minnesota
Abdelberi Chaabane, Gergely Acs and Mohamed Ali Kaafar
We show how seemingly harmless interests, such as Music interests, can leak privacy sensitive information. We infer users' undisclosed attributes using other users' public attributes sharing similar interests. We validate our technique on more than 110K Profiles to show that it efficiently predicts attributes that are often hidden.
Prateek Mittal, Matthew Caesar and Nikita Borisov
We present X-Vine, a protection mechanism for P2P networks that operates entirely by communicating over social network links. X-Vine is resilient to Sybil attacks, while requiring only logarithmic state per node. X-Vine also preserves the privacy of user's social network contacts and provides a basis for pseudonymous communication.
Hongyu Gao, Yan Chen, Kathy Lee, Diana Palsetia and Alok Choudhary
This paper presents an online spam filtering system to inspect messages in online social networks. We propose to use text shingling and incremental clustering to reconstruct spam messages into campaigns in real-time for classification rather than examine them individually. Accordingly, the system adopts novel features that effectively characterize spam campaigns.
12:10-13:30 - Lunch
13:30-14:50 - Session 3: Mobile Networks
Chair: Ahmad-Reza Sadeghi, Technical University Darmstadt
Denis Foo Kune, John Koelndorfer, Nicholas Hopper and Yongdae Kim
University of Minnesota researchers have discovered cellular networks leaking the locations of their subscribers. Using a cheap feature phone and an open-source project, attackers listen to unencrypted broadcast messages from the towers to determine victims in the vicinity. The researchers introduce cheap and easily deployable defenses for the core network.
Track Me If You Can: On the Effectiveness of Context-based Identifier Changes in Deployed Mobile Networks
Laurent Bindschaedler, Murtuza Jadliwala, Igor Bilogrevic, Imad Aad, Philip Ginzboorg, Valtteri Niemi and Jean-Pierre Hubaux
Location privacy is a major concern for mobile users. This work provides the first experimental evidence about the effectiveness of context-based identifier-change mechanisms in protecting users' location privacy in currently deployed wireless systems. By means of simple probabilistic tracking algorithms in a real mobile network setting, we show that these techniques are largely ineffective in protecting location privacy of mobile users.
You Can Run, but You Can’t Hide: Exposing Network Location for Targeted DoS Attacks in Cellular Networks
Zhiyun Qian, Zhaoguang Wang, Qiang Xu, Z. Morley Mao, Ming Zhang and Yi-Min Wang
We study how to locate online mobile devices associated with a target network location without cooperation from these devices. Such hit-list can greatly benefit many existing targeted DoS attacks such as signaling attack. Our technique relies on developing and measuring network signatures consisting of both static and dynamic features of key network elements such as Radio Network Controllers (RNCs).
Nico Golde, Kévin Redon and Ravishankar Borgaonkar
The paper analyses the security of a commercially deployed femtocell solution. During this study several vulnerabilities have been identified, both in the configuration of the specific operator as well as the femtocell architecture. The authors continue to highlight the impact of these vulnerabilities in practice, affecting all aspects of subscriber security in 3G and operator infrastructure security.
15:05-16:25 - Session 4: Clouds/Crypto
Chair: Kristin Lautner, Microsoft Research
This paper presents a scheme supporting logarithmic-time search over encrypted data. The scheme is aimed at a cloud database environment where database owner outsources encrypted database to cloud server and later users can use search tokens and decryption keys delegated by the owner to search and decrypt matching records. Both cloud server and users learn limited information during the querying.
Yangyi Chen, Bo Peng, Xiaofeng Wang and Haixu Tang
Read mapping is a prerequisite for most human DNA analyses. This operation needs an enormous amount of computation resources and cannot be outsources to commercial clouds due to privacy concerns. In this paper, we present the first technique that makes it possible to practically map millions of sequences onto the whole genome over hybrid clouds, in a privacy-preserving manner.
Srinath Setty, Richard Mcpherson, Andrew Blumberg and Michael Walfish
It has long been known that, to achieve unconditionally verifiable outsourced computation, probabilistically checkable proofs (PCPs) and argument systems offered solutions in theory but were hopeless in practice. This paper describes a system that reduces the costs of this machinery by 20 orders of magnitude, resulting in a built system for outsourced computation that is in striking distance of practical.
Emil Stefanov, Elaine Shi and Dawn Song
We investigate techniques for making Oblivious RAM practical. We propose an O-RAM construction achieving an overhead of 20-35X, about 63 times faster than the best existing scheme. We employ a novel technique called partitioning, which allows us to break down the O-RAM problem into smaller instances. Our construction also achieves poly-logarithmic worst-case cost.
16:40-18:00 - Session 5: Posters
Chair: Radu Sion, Stony Brook University
Hubble: Transparent and Extensible Malware Analysis by Combining Hardware Virtualization and Software Emulation
Lok Yan, Manjukumar Jayachandra, Mu Zhang, Heng Yin - Syracuse University
Daniel Reynaud, Dawn Song, Tom Magrino, Edward Wu, Richard Shin - UC Berkeley
Cas Cremers, Kasper Bonne Rasmussen, Srdjan Capkun - ETH Zurich
Rob Jansen, Nicholas Hopper, Paul Syverson - Naval Research Laboratory and University of Minnesota
Maxfield Schuchard, Christopher Thompson, Nicholas Hopper, Yongdae Kim - University of Minnesota
Jeff Seibert, Sheila Becker, Cristina Nita-Rotaru, Radu State - Purdue University, University of Luxembourg
Joseph A. Akinyele, Matthew D. Green, Aviel D. Rubin - Johns Hopkins University
Yu-To Chen, Pierre Grinspan, Blake Livingston, Palash Nandy, Brian Palmer - YouTube LLC
18:30-20:00 - Opening Reception
07:30-08:15 - Continental Breakfast
08:15-09:35 - Session 6: Applied Crypto
Chair: Elaine Shi, UC Berkeley and Parc
Mohammad Islam, Mehmet Kuzu and Murat Kantarcioglu
In this paper, we present an attack model on searchable encryption protocols that exploits access pattern leakage to disclose significant amount of confidential information. Furthermore, we propose a simple noise addition based mitigation technique that can render such an inference attack significantly more difficult. Finally, we empirically justify our claim by presenting our experimental results on a real world dataset.
On Limitations of Designing Leakage-Resilient Password Systems: Attacks, Principals and Usability
Distinguished Paper Award
Qiang Yan, Jin Han, Yingjiu Li and Robert H. Deng
Designing leakage-resilient password systems (LRPSs) for unaided users (e.g. against shoulder-surfing or key logger) remains a challenge today despite two decades of intensive research. This paper demonstrates that most existing LRPSs suffer from two generic attacks. We introduce five design principles accordingly and propose a quantitative analysis framework on the usability costs of LRPSs.
Claude Castelluccia, Markus Duermuth and Daniele Perito
Measuring the strength of passwords is crucial to ensure the security of password-based authentication. However, current password strength meters have limited accuracy and are too simple to gauge the complexity of passwords. We present the concept of adaptivepassword strength meters that estimate passwordstrength using Markov-models.
Yan Huang, David Evans and Jonathan Katz
Private Set Intersection (PSI) has many applications for privacy-preserving computation and much research has been devoted to designing custom PSI protocols. We show that generic secure computation techniques built using Yao's garbled circuit method can often be competitive with custom protocols and can scale to million-element sets, while allowing much easier integration into applications.
9:45-11:35 - Session 7: Smartphones
Chair: Peng Ning, North Carolina State University
Sebastian Schrittwieser, Peter Frühwirt, Peter Kieseberg, Manuel Leithner, Martin Mulazzani, Markus Huber and Edgar Weippl
Recently, a new generation of Internet-based messaging applications for smartphones was introduced. While user numbers are estimated in the millions, little attention has so far been paid to the security of these applications. Our experimental results revealed major security flaws, allowing attackers to hijack accounts, spoof sender-IDs, or enumerate subscribers.
Lucas Davi, Alexandra Dmitrienko, Manuel Egele, Thomas Fischer, Thorsten Holz, Ralf Hund, Stefan Nürnberger and Ahmad-Reza Sadeghi
Control-flow attacks constitute severe threats to software programs on various computing platforms. While control-flow integrity (CFI), a general approach to prohibit these attacks, exist for Intel x86, there is no such a solution for smartphones. We present a novel framework, MoCFI (Mobile CFI) that enforces CFI on-the-fly at runtime on smartphones without requiring source code.
Sven Bugiel, Lucas Davi, Alexandra Dmitrienko, Thomas Fischer, Ahmad-Reza Sadeghi and Bhargava Shastry
Android is vulnerable to application-level privilege escalation attacks (confused deputy and colluding applications). We present the design and implementation of a security framework for Android towards mitigating these attacks through a system-centric and policy-driven approach with runtime monitoring of communication channels between applications at multiple layers (middleware IPC, file-system, and network).
Michael Grace, Yajin Zhou, Zhi Wang and Xuxian Jiang
In this research, we systematically analyze eight flagship Android smartphones from leading manufacturers and discover that the stock phone images do not properly enforce the Android permission model. Sensitive user data and dangerous features on the phones are unsafely exposed to other applications which do not have the proper permission, a security violation we term a capability leak.
Hey, You, Get Off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets
We developed a system called DroidRanger to detect known or unknown malicious Android applications. The evaluation with 204,040 applications collected from five different Android marketplaces in May-June 2011 reveals 211 malicious ones: 32 from the official Android Market and179 from alternative markets. DroidRanger also successfully uncoveredtwo zero-day malware families in the collection.
11:45-12:45 - Keynote: Sipping from a fire hose: the future of human information processing and security
David Brin, Scientist and New York Times Best Selling, award-winning science-fiction author
12:45-14:00 - Lunch
14:00-14:25 - Security experimentation opportunities on the GENI platform
Vicraj Thomas, BBN Technologies, Inc.
14:35-15:00 - Internet2's Researcher Support Service and R&E Network Research Liaison Program
Steve Wolff, Internet2
15:15-16:15 - Session 8: Social Networks and User Behavior II
Chair: Konstantin Beznosov, University of British Columbia
Kaan Onarlioglu, Utku Ozan Yilmaz, Engin Kirda and Davide Balzarotti
Internet attacks have a strong human aspect; however, the behavior of users when they face threats, and the way they evaluate the security implications of their actions remain largely unexplored. In this paper, we describe an experiment with 164 Internet users and discuss their behavior when confronted with prevalent attacks.
Yinzhi Cao, Vinod Yegneswaran, Phillip Porras and Yan Chen
Zhuhua Cai and Christopher Jermaine
We propose a new statistical model and associated learning algorithm for detecting Sybil attacks in online social networks, which groups the nodes in the network into closely linked communities positioned in a latent Euclidean space. Our model outperforms state of the art algorithms in simulated attacks on real network topologies.
16:30-17:30 - Session 9: Privacy and Anonymity
Chair: Paul Syverson, Naval Research Laboratory
Man Ho Au, Apu Kapadia and Willy Susilo
Anonymity can give users the license to misbehave. BLACR is the first scheme to generalize "reputation based anonymous blacklisting", where users can be blocked based on their overall behavior while maintaining their privacy. BLACR also uses an "express lane" technique to greatly speed up authentication and make such schemes practical.
Adam Bates, Kevin Butler, Micah Sherr, Clay Shields, Patrick Traynor and Dan Wallach
In many democratic countries, CALEA wiretaps are used by law enforcement agencies to perform investigations and gather evidence. This paper proposes a lightweight accountable wiretapping architecture for secure auditing of existing CALEA systems. Based on publicly available wiretap reporting statistics, we conservatively estimate that our architecture can support tamper-evident logging for the US' ongoing CALEA wiretaps using three commodity PCs.
Rob Jansen and Nicholas Hopper
We present the design and implementation of Shadow, an open-source software architecture for efficiently running accurate, large scale Tor experiments on a single machine. Using Shadow, we evaluate Tor's EWMA scheduling algorithm, and show that, contrary to previous results on small networks, performance can decrease significantly in realistic deployments.
19:00-21:00 - Buffet Dinner and Rump Session
Rump Session Chair: Peter Williams, Stony Brook University
07:30-08:30 - Continental Breakfast
08:30-09:50 - Session 10: Host Security
Chair: Xuxian Jiang, North Carolina State University
Zhiqiang Lin, Junghwan Rhee, Chao Wu, Xiangyu Zhang and Dongyan Xu
Memory pages belonging to a terminated process may remain in a system for non-trivial period of time. Discovering semantic information from those memory pages is useful in cyber-forensics. We present a technique called DIMSUM for recognizing data structure instances -- without memory mapping information. Via probabilistic inference, DIMSUM is able to identify semantic data of interest with quantifiable confidence.
Kun Sun, Jiang Wang, Fengwei Zhang and Angelos Stavrou
We introduce a novel BIOS-assisted mechanism for secure generation and management of trusted execution environments. Our approach is capable of completely segregating trusted and untrusted operations. The aim is to be user friendly and swiftly switch - it takes approximately 6 seconds - between execution environments running in a physical machine without requiring any specialized hardware, OS, or application modifications.
Karim Eldefrawy, Gene Tsudik, Aurélien Francillon and Daniele Perito
We construct a hardware security architecture (called SMART) for efficient and secure establishment of a dynamic root of trust in remote embedded devices. It is geared towards low-end MCUs and requires minimal hardware changes. Its feasibility and practicality are demonstrated on two common MCU platforms: AVR and MSP430.
Donghai Tian, Qiang Zeng, Dinghao Wu, Peng Liu and Changzhen Hu
This paper presents Kruiser, a concurrent kernel heap buffer overflow monitor. Leveraging the multi-core architectures, Kruiser migrates security enforcement from the kernel's normal execution to a concurrent monitor process, which is protected using contemporary virtualization features. To reduce the synchronization overhead between the monitor process and the running kernel, Kruiser adopts a novel semi-synchronized non-blocking monitoring algorithm.
10:00-10:45 - Keynote: Authentication at Scale
Eric Grosse, Vice President of Security Engineering, Google
11:00-12:20 - Session 11: Web
Chair: Nikita Borisov, University of Illinois at Urbana Champaign
Sangho Lee and Jong Kim
We introduce WarningBird, a real-time suspicious URL detection system for Twitter.To detect cloaked suspicious URLs, we investigate correlated redirect chains of URLs included in a number of tweets.Evaluation results show that our system can accurately and efficiently classify large tweet samples from the Twitter public timeline.
Hui Xue, Nathan Dautenhahn and Samuel King
Modern web browsers are complex. Individually, they are all prone to security vulnerabilities and crashes.However, major browsers are distinct implementations that rarely share the same vulnerability. In other words, a single attack rarely succeeds in exploiting all browsers.We propose Cocktail, a system using replicated execution of Firefox, Google Chrome,and Opera to defend against browser attacks and withstand browser crashes.
Ting-Fang Yen, Yinglian Xie, Fang Yu, Roger Peng Yu and Martin Abadi
This paper presents a large-scale study to quantify the amount of information revealed by common host identifiers, based on month-long datasets collected by Hotmail and Bing. It further demonstrates the privacy and security implications of host-tracking in the context of cookie churn analysis and host mobility study, where we uncover previously undetected cookie-forwarding attacks.
Lei Liu, Xinwen Zhang, Guanhua Yan and Songqing Chen
The Chrome browser employs least privileges and privilege separation principles to protect malicious websites from damaging the browser system via extensions. In this work we reveal that Chrome's extension security model is not a panacea for all possible attacks with browser extensions. We demonstrated attack scenarios from malicious browser extensions and proposed a few countermeasures accordingly.
12:20-13:40 - Lunch
13:40-15:00 - Session 12: Networking II
Chair: Yan Chen, Northwestern University
Jian Jiang, Jinjin Liang, Kang Li, Jun Li, Haixin Duan and Jianping Wu
It is a common belief that one can delete a bad domain from DNS registry to stop related malicious activities. Surprisingly, the deleted domain can still be kept alive worldwide due to an unnoticed vulnerability in DNS. This paper presents the phenomenon of ghost domain names and the mechanism behind.
Xin Zhang, Zongwei Zhou, Hsu-Chun Hsiao, Tiffany Hyun-Jin Kim, Adrian Perrig and Patrick Tague
Data-plane fault localization is a promising means to enhancing network availability. However, existing faultlocalization protocols cannot achieve a practical tradeoff between security and efficiency. In this paper, we propose an efficient fault localization protocol called ShortMAC, which leverages probabilistic packet authentication and achieves 100 - 10000 times lower detection delay and overhead than related work.
Bypassing Space Explosion in Regular Expression Matching for Network Intrusion Detection and Prevention Systems
Jignesh Patel, Alex Liu and Eric Torng
NDSes/NPSes use regular expressions, represented as automata, to detect security threats. Prior automata construction algorithms use a “Union then Minimize'' framework, which leads to extensive memory usage. In this paper, we propose a “Minimize then Union'' framework for constructing compact alternative automata focusing on the DDFA. In our experiments, our algorithm runs up to 302 times faster and uses 1390 times less memory than previous algorithms.
Emily Stark, Lin-Shung Huang, Dinesh Israni, Collin Jackson and Dan Boneh
By prefetching and prevalidating server certificates, web browsers can enable TLS handshakes with zero round trips that are up to four times faster than a normal handshake. This proposal improves web security by allowing more time for certificate validation and making it less costly for websites to enable TLS.
15:10-15:50 - Session 13: Distributed Systems
Chair: Adrian Perrig, Carnegie Mellon University
Hyojeong Lee, Jeff Seibert, Charles Killian and Cristina Nita-Rotaru
We propose Gatling, a framework that automatically finds performance attacks caused by insider attackers in large-scale message-passing distributed systems. In performance attacks, malicious nodes deviate from the protocol with the goal of degrading system performance. We applied Gatling to six systems and found a total of 41 attacks.
Michael Backes, Matteo Maffei and Kim Pecina
Designing distributed applications that preserve the privacy of users is a daunting task, which even security experts consider error-prone. We present a solution based on an intuitive, high-level specification language that hides cryptographic and networking details, and a compiler that automatically turns user-provided system specifications into secure executable code.
16:00-17:00 - Session 14: Software
Chair: Dongyan Xu, Purdue University
A General Approach for Efficiently Accelerating Software-based Dynamic Data Flow Tracking on Commodity Hardware
Kangkook Jee, Georgios Portokalidis, Vasileios P. Kemerlis, Soumyadeep Ghosh, David I. August and Angelos D. Keromytis
We present and evaluate a novel methodology for improving the performance overhead of dynamic data flow tracking (DDFT) frameworks, by combining static and dynamic analysis. Specifically, we separate the program logic from the corresponding tracking logic, and apply optimization techniques that eliminate redundant tracking and minimize interference with the target program. Our results indicate a DDFT speedup by as much as 2.23x.
David Dewey and Jon Giffin
The complexities of C++ create new memory safety vulnerabilities not present in simpler software. We present vtable escape bugs, a type confusion error present in real, deployed C++ software, and we show how automated binary code analyses can statically detect the security defects by reconstructing high-level classes and objects.
Mingwei Zhang, Aravind Prakash, Xiaolei Li, Zhenkai Liang and Heng Yin
Due to the complexity of the victim programs and sophistication of recent exploits, existing diagnosis techniques either miss important attack steps or report too much irrelevant information. As the key steps in memory-corruption exploits often involve pointer misuses, we proposed PointerScope to automatically infer types on binary execution, detect pointer misuses, and then highlight the key steps of the exploit.