To authors: A regular paper presentation would be 25 mins in total (including 5 mins Q&A).

March 25 - March 26 - March 27

March 25 (Room: Salon D)

The 2019-2020 ACM Athena Lecture

09:00AM - 10:00AM


Security and Privacy in the IoT

Elisa Bertino, Purdue University


The Internet of Things (IoT) paradigm refers to the network of physical objects or "things" embedded with electronics, software, sensors, and connectivity to enable objects to exchange data with servers, centralized systems, and/or other connected devices based on a variety of communication infrastructures. IoT makes it possible to sense and control objects creating opportunities for more direct integration between the physical world and computer-based systems. IoT will usher automation in a large number of application domains, ranging from manufacturing and energy management (e.g. SmartGrid), to healthcare management and urban life (e.g. SmartCity). However, because of its fine-grained, continuous and pervasive data acquisition and control capabilities, IoT raises concerns about security and privacy. Deploying existing security solutions to IoT is not straightforward because of device heterogeneity, highly dynamic and possibly unprotected environments, and large scale. In this talk, after outlining key challenges in IoT security and privacy, we present initial approaches to securing IoT data, including firewall techniques to prevent IoT devices to be compromised and used by botnets.

Short Bio

Elisa Bertino is professor of Computer Science at Purdue University. Prior to joining Purdue, she was a professor and department head at the Department of Computer Science and Communication of the University of Milan. She has been a visiting researcher at the IBM Research Laboratory (now Almaden) in San Jose, at the Microelectronics and Computer Technology Corporation, at Rutgers University, at Telcordia Technologies. Her main research interests include security, privacy, database systems, distributed systems, and sensor networks. Her recent research focuses on digital identity management, biometrics, IoT security, security of 4G and 5G cellular network protocols, and policy infrastructures for managing distributed systems. Prof. Bertino has published more than 700 papers in all major refereed journals, and in proceedings of international conferences and symposia. She has given keynotes, tutorials and invited presentations at conferences and other events. She is a Fellow member of ACM, IEEE, and AAAS. She received the 2002 IEEE Computer Society Technical Achievement Award for "For outstanding contributions to database systems and database security and advanced data management systems" and the 2005 IEEE Computer Society Tsutomu Kanai Award for “Pioneering and innovative research contributions to secure distributed systems”.

Keynote I

10:00AM - 11:00AM

Using AI to Detect Advanced Threats – Done Right
Engin Kirda (Northeastern University)

Break (30 Minutes)

11:00AM - 11:30AM

Session 1: Mobile Security

11:30AM - 1:10PM

Developing TrustZone User Interface for Mobile OS using Delegation Integration Model
Kailiang Ying (Syracuse University), Priyank Thavai (Syracuse University) and Wenliang Du (Syracuse University).
Understanding the Responsiveness of Mobile App Developers to Software Library Updates
Tatsuhiko Yasumatsu (Waseda University), Takuya Watanabe (NTT Secure Platform Laboratories / Waseda University), Fumihiro Kanei (NTT), Eitaro Shioji (NTT), Mitsuaki Akiyama (NTT), and Tatsuya Mori (Waseda University / RIKEN AIP).
ACMiner: Extraction and Analysis of Authorization Checks in Android’s Middleware
Sigmund Albert Gorski Iii (North Carolina State University), Benjamin Andow (North Carolina State University), Adwait Nadkarni (William and Mary Univ.), Sunil Manandhar (William and Mary Univ.), William Enck (North Carolina State University), Eric Bodden (Paderborn University) and Alexandre Bartel (University of Luxembourg).
REAPER: Real-time App Analysis for Augmenting the Android Permission System
Michalis Diamantaris (FORTH), Elias P. Papadopoulos (FORTH), Evangelos P. Markatos (FORTH), Sotiris Ioannidis (FORTH) and Jason Polakis (University of Illinois at Chicago).

Lunch (Salon EFG, 90 Minutes)

1:10PM - 2:10PM

Session 2: IoT/Smart Device Security

2:10PM - 3:50PM

Verifiable Round-Robin Scheme for Smart Homes
Nisha Panwar (University of California, Irvine), Shantanu Sharma (University of California, Irvine), Guoxi Wang (University of California, Irvine), Sharad Mehrotra (University of California, Irvine) and Nalini Venkatasubramanian (University of California, Irvine).
Dynamic Groups and Attribute-Based Access Control for Next-Generation Smart Car
Maanak Gupta (University of Texas at San Antonio), James Benson (University of Texas at San Antonio), Farhan Patwa (University of Texas at San Antonio) and Ravi Sandhu (University of Texas at San Antonio).
A Study of Data Store-based Home Automation
Kaushal Kafle (William & Mary University), Kevin Moran (William & Mary University), Sunil Manandhar (William & Mary University), Adwait Nadkarni (William & Mary University)and Denys Poshyvanyk (William & Mary University).
Detection of Threats to IoT Devices Using Scalable VPN-forwarded Honeypots
Amit Tambe (Singapore University of Technology and Design), Yan Lin Aung (Singapore University of Technology and Design), Ragav Sridharan (Singapore University of Technology and Design), Martin Ochoa (Universidad del Rosario), Nils Ole Tippenhauer (Center for It-Security, Privacy & Accountability (CISPA)), Asaf Shabtai (Ben Gurion University of the Negev), and Yuval Elovici (Singapore University of Technology and Design).

Break (15 Minutes)

3:50PM - 4:20PM

Session 3: Data Security and Privacy

4:20PM - 6:00PM

Deep Neural Networks Classification over Encrypted Data
Ehsan Hesamifard (University of North Texas), Hassan Takabi (University of North Texas) and Mehdi Ghasemi (University of Saskatchewan).
Attribute Compartmentation and Greedy UCC Discovery for High-Dimensional Data Anonymization
Nikolai Jannik Podlesny (Hasso-Plattner-Institute), Anne V.D.M. Kayem (Hasso-Plattner-Institute), and Christoph Meinel (Hasso-Plattner-Institute).
Curie: Policy-based Secure Data Exchange
Z. Berkay Celik (The Pennsylvania State University), Abbas Acar (Florida International University), Hidayet Aksu (Florida International University), Ryan Sheatsley (The Pennsylvania State University), A. Selcuk Uluagac (Florida International University), and Patrick McDaniel (The Pennsylvania State University).
Result-Based Detection of Insider Threats to Relational Databases
Asmaa Sallam (Purdue University), and Elisa Bertino (Purdue University).

Session 4: Reception and Posters (Room: Salon EFG)


March 26 (Room: Salon D)

Keynote II

09:00AM - 10:00AM

Using AI to Detect Attacks and Manage Access Control
Anupam Joshi (University of Maryland - Baltimore County)

Break (30 Minutes)

10:00AM - 10:30AM

Session 5: Access Control and Information Flow

10:30AM - 12:10PM

Specification and analysis of ABAC policies via the category-based metamodel
Maribel Fernandez (Kings College London), Ian Mackie (LIX) and Bhavani Thuraisingham (The University of Texas at Dallas).
Results in Workflow Resiliency: Complexity, New Formulation, and ASP Encoding
Philip W. L. Fong (University of Calgary).
Efficient and Precise Information Flow Control for Machine Code through Demand-Driven Secure Multi-Execution
Tobias Pfeffer (TU Berlin), Thomas Göthel (TU Berlin), and Sabine Glesner (TU Berlin).
PoLPer: Process-Aware Restriction of Over-Privileged Setuid Calls in Legacy Applications
Yuseok Jeon (Purdue University), Junghwan Rhee (NEC Laboratories America), Chung Hwan Kim (NEC Laboratories America), Zhichun Li (NEC Laboratories America), Mathias Payer (Purdue University), Byoungyoung Lee (Seoul National University) and Zhenyu Wu (NEC Laboratories America).

Lunch (Salon EFG, 90 Minutes)

12:10PM - 1:10PM

Panel: AI + Cyber Security + Big Data

1:10PM - 2:50PM

Latifur Khan, UT Dallas (Moderator)
Rakesh Verma, UH
Anoop Singhal, NIST
Cuneyt Akcora, UT Dallas
Hongxin Hu, Clemson University

Check out more information about the panelists here.

Break (30 Minutes)

2:50PM - 3:20PM

Session 6: Hardware Assisted Data Security

3:20PM - 5:00PM

Extracting Secrets from Encrypted Virtual Machines
Mathias Morbitzer (Fraunhofer), Manuel Huber (Fraunhofer), and Julian Horsch (Fraunhofer).
Careful-Packing: A Practical and Scalable Anti-Tampering Software Protection enforced by Trusted Computing
Flavio Toffalini (Singapore University of Technology and Design), Martín Ochoa (Universidad del Rosario), Jun Sun (Singapore University of Technology and Design), and Jianying Zhou (Singapore University of Technology and Design).
Behind Enemy Lines: Exploring Trusted Data Stream Processing on Untrusted Systems
Cory Thoma (University of Pittsburgh), Adam J. Lee (University of Pittsburgh), and Alexandros Labrinidis (University of Pittsburgh).
A Practical Intel SGX Setting for Linux Containers in the Cloud
Dave Tian (University of Florida), Joseph Choi (University of Florida), Grant Hernandez (University of Florida), Patrick Traynor (University of Florida), and Kevin Butler (University of Florida).

Banquet (Room: Salon EFG)


March 27 (Room: Salon D)

Session 7: Web Security and Privacy

8:30AM - 10:10AM

Limitless HTTP in an HTTPS World: Inferring the Semantics of the HTTPS Protocol without Decryption
Blake Anderson (Cisco), Andrew Chi (The University of North Carolina at Chapel Hill), Scott Dunlop (Cisco) and David McGrew (Cisco).
Client Diversity Factor in HTTPS Webpage Fingerprinting
Hasan Alan (The University of North Carolina at Chapel Hill) and Jasleen Kaur (The University of North Carolina at Chapel Hill).
Adversarial Author Attribution in Open-source Projects
Alina Matyukhina (University of New Brunswick), Natalia Stakhanova (University of New Brunswick), Mila Dalla Preda (University of Verona), and Celine Perley (University of New Brunswick).
Understanding and Predicting Private Interactions in Underground Forums
Zhibo Sun (Arizona State University), Carlos E. Rubio-Medrano (Arizona State University), Ziming Zhao (Arizona State University), Tiffany Bao (Arizona State University), Adam Doupé (Arizona State University), and Gail-Joon Ahn (Arizona State University).

Break (20 Minutes)

10:10AM - 10:30AM

Session 8: System Security and Authentication

10:30AM - 12:10PM

BootKeeper: Validating Software Integrity Properties on Boot Firmware Images
Ronny Chevalier (CentraleSupélec), Stefano Cristalli (University of Milan), Christophe Hauser (University of Southern California), Yan Shoshitaishvili (Arizona State University), Ruoyu Wang (University of California, Santa Barbara), Christopher Kruegel (University of California, Santa Barbara), Giovanni Vigna (University of California, Santa Barbara), Danilo Bruschi (University of Milan) and Andrea Lanzi (University of Milan).
MimosaFTL: Adding Secure and Practical Ransomware Defense Strategy to Flash Translation Layer
Peiying Wang (Institute of Information Engineering,Chinese Academy of Sciences), Shijie Jia (Institute of Information Engineering,Chinese Academy of Sciences), Bo Chen (Michigan Technological University), Luning Xia (Institute of Information Engineering,Chinese Academy of Sciences) and Peng Liu (The Pennsylvania State University).
BlAnC: Blockchain-based Anonymous and Decentralized Credit Networks
Gaurav Panwar (New Mexico State University), Satyajayant Misra (New Mexico State University), and Roopa Vishwanathan (New Mexico State University).
SKA-CaNPT: Secure Key Agreement using Cancelable and Noninvertible Biometrics based on Periodic Transformation
Laleh Eskandarian (Sabancı University), Dilara Akdoğan (Sabancı University), Duygu Karaoğlan Altop (Sabancı University), and Albert Levi (Sabancı University).

Take-out Lunch