21. ACSAC 2005: Tucson, Arizona, USA

Cover

• Title Page.
  
• Copyright.
  

Introduction

• Message from Conference Chair.
  
• Conference Committee.
  
• Program Committee.
  
• Tutorial Committee.
  
• Reviewers.
  
• Speaker Biographies.
  

Distinguished Practitioner

• Brian D. Snow:
  We Need Assurance! 3-10
  

Track A: Software Security

• Benjamin Schwarz, Hao Chen, David Wagner, Jeremy Lin, Wei Tu, Geoff Morrison, Jacob West:
  Model Checking An Entire Linux Distribution for Security Violations. 13-22
  
• Jonathon T. Giffin, Mihai Christodorescu, Louis Kruger:
  Strengthening Software Self-Checksumming via Self-Modifying Code. 23-32
  
• David Wheeler:
  Countering Trusting Trust through Diverse Double-Compiling. 33-48
  

Track B: Network Intrusion Detection

• Stig Andersson, Andrew Clark, George M. Mohay, Bradley Schatz, Jacob Zimmermann:
  A Framework for Detecting Network-based Code Injection Attacks Targeting Windows and UNIX. 49-58
  
• Robin Sommer, Vern Paxson:
  Exploiting Independent State For Network Intrusion Detection. 59-71
  
• Paul Ammann, Joseph Pamula, Julie A. Street, Ronald W. Ritchey:
  A Host-Based Approach to Network Attack Chaining Analysis. 72-84
  

Track A: Security Designs

• Norman Feske, Christian Helmuth:
  A Nitpicker's guide to a minimal-complexity secure GUI. 85-94
  
• Yongzheng Wu, Roland H. C. Yap:
  A User-level Framework for Auditing and Monitoring. 95-105
  
• Wesam Lootah, William Enck, Patrick McDaniel:
  TARP: Ticket-based Address Resolution Protocol. 106-116
  

Track B: Protocol Analysis

• Jingmin Zhou, Adam J. Carlson, Matt Bishop:
  Verify Results of Network Intrusion Alerts Using Lightweight Protocol Analysis. 117-126
  
• Danilo Bruschi, Lorenzo Cavallaro, Andrea Lanzi, Mattia Monga:
  Replay Attack in TCG Specification and Solution. 127-137
  
• Jan Jürjens:
  Code Security Analysis of a Biometric Authentication System Using Automated Theorem Provers. 138-149
  

Track A: Vulnerability Assessment

• Fanglu Guo, Yang Yu, Tzi-cker Chiueh:
  Automated and Safe Vulnerability Assessment. 150-159
  
• Steven Noel, Sushil Jajodia:
  Understanding Complex Network Attack Graphs through Clustered Adjacency Matrices. 160-169
  
• Elisa Bertino, Ashish Kamra, Evimaria Terzi, Athena Vakali:
  Intrusion Detection in RBAC-administered Databases. 170-182
  

Track B: Hot Topics I

• How Does Information Assurance R&D Impact Information Assurance in Practice? Follow the money - Where does it Go - What is our ROI? 183
  

Invited Essayist

• Mary Ellen Zurko:
  User-Centered Security: Stepping Up to the Grand Challenge. 187-202
  

Track A: Automation

• Corrado Leita, Ken Mermoud, Marc Dacier:
  ScriptGen: an automated script generation tool for honeyd. 203-214
  
• Zhenkai Liang, R. Sekar:
  Automatic Generation of Buffer Overflow Attack Signatures: An Approach Based on Program Behavior Models. 215-224
  
• Hilmi Günes Kayacik, A. Nur Zincir-Heywood, Malcolm I. Heywood:
  Evolving Successful Stack Overflow Attacks for Vulnerability Testing. 225-234
  

Track B: Security Analysis

• Mourad Debbabi, Mohamed Saleh, Chamseddine Talhi, Sami Zhioua:
  Java for Mobile Devices: A Security Study. 235-244
  
• John Black, Martin Cochran, Martin Ryan Gardner:
  Lessons Learned: A Security Analysis of the Internet Chess Club. 245-253
  
• Wei Wang, Thomas E. Daniels:
  Building Evidence Graphs for Network Forensics Analysis. 254-266
  

Track A: Operating System Security Mechanisms

• Paul A. Karger:
  Multi-Level Security Requirements for Hypervisors. 267-275
  
• Reiner Sailer, Trent Jaeger, Enriquillo Valdez, Ramón Cáceres, Ronald Perez, Stefan Berger, John Linwood Griffin, Leendert van Doorn:
  Building a MAC-Based Security Architecture for the Xen Open-Source Hypervisor. 276-285
  
• Gaurav S. Kc, Angelos D. Keromytis:
  e-NeXSh: Achieving an Effectively Non-Executable Stack and Heap via System-Call Policing. 286-302
  

Track B: Data Integrity

• Vivek Haldar, Deepak Chandra, Michael Franz:
  Dynamic Taint Propagation for Java. 303-311
  
• Ramaswamy Chandramouli, Scott Rose:
  An Integrity Verification Scheme for DNS Zone file based on Security Impact Analysis. 312-321
  
• Fareed Zaffar, Gershon Kedem, Ashish Gehani:
  Paranoid: A Global Secure File Access Control System. 322-332
  

Track C: Hot Topics II

• Marla Collier:
  How to Develop a Career in Information Assurance and How to Advance in this Field. 333
  

Classic Papers

• David Elliott Bell:
  Looking Back at the Bell-La Padula Model. 337-351
  
• Myong H. Kang, Ira S. Moskowitz, Stanley Chincheck:
  The Pump: A Decade of Covert Fun. 352-360
  

Track A: Malware

• Weidong Cui, Randy H. Katz, Wai-tian Tan:
  Design and Implementation of an Extrusion-based Break-In Detector for Personal Computers. 361-370
  
• David Whyte, Paul C. van Oorschot, Evangelos Kranakis:
  Detecting Intra-enterprise Scanning Worms based on Address Resolution. 371-380
  
• Amit Vasudevan, Ramesh Yerraballi:
  Stealth Breakpoints. 381-392
  

Track B: Panel

• Simon N. Foley, Abe Singer, Michael E. Locasto, Stelios Sidiroglou, Angelos D. Keromytis, John McDermott, Julie Thorpe, Paul C. van Oorschot, Anil Somayaji, Richard Ford, Mark Bush, Alex Boulatov:
  Highlights from the 2005 New Security Paradigms Workshop. 393-396
  

Track A: Distributed System Security

• Jun Li, Xun Kang:
  mSSL: Extending SSL to Support Data Sharing Among Collaborative Clients. 397-408
  
• John P. Jones, Daniel F. Berger, Chinya V. Ravishankar:
  Layering Public Key Distribution Over Secure DNS using Authenticated Delegation. 409-418
  
• Sara Sinclair, Sean W. Smith:
  PorKI: Making User PKI Safe on Machines of Heterogeneous Trustworthiness. 419-430
  

Track B: Access Control

• Tine Verhanneman, Frank Piessens, Bart De Win, Wouter Joosen:
  Uniform Application-level Access Control Enforcement of Organizationwide Policies. 431-440
  
• Sandeep Kumar, Terence Sim, Rajkumar Janakiraman, Sheng Zhang:
  Using Continuous Biometric Verification to Protect Interactive Login Sessions. 441-450
  
• Rennie deGraaf, John Aycock, Michael J. Jacobson Jr.:
  Improved Port Knocking with Strong Authentication. 451-462
  

Track A: Passwords and Applied Crypto

• Xiaoyuan Suo, Ying Zhu, G. Scott Owen:
  Graphical Passwords: A Survey. 463-472
  
• Sundararaman Jeyaraman, Umut Topkara:
  Have the cake and eat it too - Infusing usability into text-password based authentication systems. 473-482
  
• Jason Waddle, David Wagner:
  Fault Attacks on Dual-Rail Encoded Systems. 483-494
  

Track B: Defense in Depth/Database Security

• Jennifer Chong, Partha Pratim Pal, Michael Atighetchi, Paul Rubel, Franklin Webber:
  Survivability Architecture of a Mission Critical System: The DPASA Example. 495-504
  
• Paul Rubel, Michael Ihde, Steven Harp, Charles Payne:
  Generating Policies for Defense in Depth. 505-514
  
• Meng Yu, Wanyu Zang, Peng Liu:
  Defensive Execution of Transactional Processes against Attacks. 515-526
  

Track C: Privacy

• Anas Abou El Kalam, Yves Deswarte:
  Privacy Requirements Implemented with a JavaCard. 527-536
  
• Dingbang Xu, Peng Ning:
  Privacy-Preserving Alert Correlation: A Concept Hierarchy Based Approach. 537-546
  
• Yiru Li, Anil Somayaji:
  Securing Email Archives through User Modeling. 547-556