22. ACSAC 2006: Miami Beach, Florida, USA

22nd Annual Computer Security Applications Conference (ACSAC 2006), 11-15 December 2006, Miami Beach, Florida, USA. IEEE Computer Society 2006, ISBN 0-7695-2716-7

Distinguished Practitioner

Dixie B. Baker:
Privacy and Security in Public Health: Maintaining the Delicate Balance between Personal Privacy and Population Safety. 3-22

Applied Distributed Collaboration

Jonathan M. McCune, Trent Jaeger, Stefan Berger, Ramón Cáceres, Reiner Sailer:
Shamon: A System for Distributed Mandatory Access Control. 23-32
George C. Oikonomou, Jelena Mirkovic, Peter L. Reiher, Max Robinson:
A Framework for a Collaborative DDoS Defense. 33-42
Shiping Chen, Dongyu Liu, Songqing Chen, Sushil Jajodia:
V-COPS: A Vulnerability-Based Cooperative Alert Distribution System. 43-56

Client Access in Untrusted Environments

Ravi Chandra Jammalamadaka, Timothy W. van der Horst, Sharad Mehrotra, Kent E. Seamons, Nalini Venkatasubramanian:
Delegate: A Proxy Based Architecture for Secure Website Access from an Untrusted Machine. 57-66
Dinei A. F. Florêncio, Cormac Herley:
KLASSP: Entering Passwords on a Spyware Infected Machine Using a Shared-Secret Proxy. 67-76
Collin Mulliner, Giovanni Vigna:
Vulnerability Analysis of MMS User Agents. 77-88

Network Intrusion Detection

Randy Smith, Cristian Estan, Somesh Jha:
Backtracking Algorithmic Complexity Attacks against a NIDS. 89-98
Hao Wang, Somesh Jha, Vinod Ganapathy:
NetSpy: Automatic Generation of Spyware Signatures for NIDS. 99-108
Jeffrey Horton, Reihaneh Safavi-Naini:
Detecting Policy Violations through Traffic Analysis. 109-120

Network Security

Kyle Ingols, Richard Lippmann, Keith Piwowarski:
Practical Attack Graph Generation for Network Defense. 121-130
Kun Sun, Pai Peng, Peng Ning, Cliff Wang:
Secure Distributed Cluster Formation in Wireless Sensor Networks. 131-140
Rupinder Gill, Jason Smith, Andrew Clark:
Specification-Based Intrusion Detection in WLANs. 141-152

Security in Systems

Boniface Hicks, Kiyan Ahmadizadeh, Patrick Drew McDaniel:
From Languages to Systems: Understanding Practical Application Development in Security-typed Languages. 153-164
Aggelos Kiayias, Michael Korman, David Walluck:
An Internet Voting System Supporting User Privacy. 165-174
Lillian Røstad, Ole Edsberg:
A Study of Access Control Requirements for Healthcare Systems Based on Audit Trails from Access Logs. 175-186

Invited Essayist

Brian Witten:
Engineering Sufficiently Secure Computing. 187-202

Applied Sandboxing

Philip W. L. Fong, Simon A. Orr:
A Module System for Isolating Untrusted Software Extensions. 203-212
Wei Li, Lap-Chung Lam, Tzi-cker Chiueh:
How to Automatically and Accurately Sandbox Microsoft IIS. 213-222
Tejas Khatiwala, Raj Swaminathan, V. N. Venkatakrishnan:
Data Sandboxing: A Technique for Enforcing Confidentiality Policies. 223-234

Malware

Wei Yu, Xun Wang, Prasad Calyam, Dong Xuan, Wei Zhao:
On Detecting Camouflaging Worm. 235-244
Guanhua Yan, Stephan Eidenbenz:
Bluetooth Worms: Models, Dynamics, and Defense Implications. 245-256
Francis Hsu, Hao Chen, Thomas Ristenpart, Jason Li, Zhendong Su:
Back to the Future: A Framework for Automatic Malware Removal and System Repair. 257-268

Applied Detection Technologies

Marco Cova, Viktoria Felmetsger, Greg Banks, Giovanni Vigna:
Static Detection of Vulnerabilities in x86 Executables. 269-278
Susanta Nanda, Wei Li, Lap-Chung Lam, Tzi-cker Chiueh:
Foreign Code Detection on the Windows/X86 Platform. 279-288
Paul Royal, Mitch Halpin, David Dagon, Robert Edmonds, Wenke Lee:
PolyUnpack: Automating the Hidden-Code Extraction of Unpack-Executing Malware. 289-300

Classic Papers

Jeremy Epstein:
Fifteen Years after TX: A Look Back at High Assurance Multi-Level Secure Windowing. 301-320
Peter G. Neumann:
Risks of Untrustworthiness. 321-328

Applied Randomization

Lixin Li, James E. Just, R. Sekar:
Address-Space Randomization for Windows Systems. 329-338
Chongkyung Kil, Jinsuk Jun, Christopher Bookholt, Jun Xu, Peng Ning:
Address Space Layout Permutation (ASLP): Towards Fine-Grained Randomization of Commodity Software. 339-348
Yoav Weiss, Elena Gabriela Barrantes:
Known/Chosen Key Attacks against Software Instruction Set Randomization. 349-360

Intrusion Detection

Frédéric Massicotte, François Gagnon, Yvan Labiche, Lionel C. Briand, Mathieu Couture:
Automatic Evaluation of Intrusion Detection Systems. 361-370
Nigel Jacob, Carla E. Brodley:
Offloading IDS Computation to the GPU. 371-380
Ying Pan, Xuhua Ding:
Anomaly Based Web Phishing Page Detection. 381-392

Messaging Security

David Whyte, Paul C. van Oorschot, Evangelos Kranakis:
Addressing SMTP-Based Mass-Mailing Activity within Enterprise Networks. 393-402
Rakeshbabu Bobba, Omid Fatemieh, Fariba Khan, Carl A. Gunter, Himanshu Khurana:
Using Attribute-Based Access Control to Enable Attribute-Based Messaging. 403-413
Jeff Yan, Pook Leong Cho:
Enhancing Collaborative Spam Detection with Bloom Filters. 414-428

Countermeasures

Yves Younan, Davide Pozza, Frank Piessens, Wouter Joosen:
Extended Protection against Stack Smashing Attacks without Performance Loss. 429-438
Ashish Gehani, Surendar Chandra:
PAST: Probabilistic Authentication of Sensor Timestamps. 439-448
Kun Bai, Peng Liu:
Towards Database Firewall: Mining the Damage Spreading Patterns. 449-462

Information Flow and Leakage

Lap-Chung Lam, Tzi-cker Chiueh:
A General Dynamic Information Flow Tracking Framework for Security Applications. 463-472
Zhenghong Wang, Ruby B. Lee:
Covert and Side Channels Due to Processor Architecture. 473-482
Guillaume Duc, Ronan Keryell:
CryptoPage: An Efficient Secure Architecture with Memory Encryption, Integrity and Information Leakage Protection. 483-492
Yinglian Xie, Michael K. Reiter, David R. O'Hallaron:
Protecting Privacy in Key-Value Search Systems. 493-504