24. ACSAC 2008: Anaheim, California, USA

Invited Talk

• O. Sami Saydjari:
  Structuring for Strategic Cyber Defense: A Cyber Manhattan Project Blueprint. 3-10
  

Forensics and Security Management

• Paul F. Farrell Jr., Simson L. Garfinkel, Douglas White:
  Practical Applications of Bloom Filters to the NIST RDS and Hard Drive Triage. 13-22
  
• Sebastian Schmerl, Hartmut König, Ulrich Flegel, Michael Meier, René Rietz:
  Systematic Signature Engineering by Re-use of Snort Signatures. 23-32
  
• Yolanta Beres, Jonathan Griffin, Simon Shiu, Max Heitman, David Markle, Peter Ventura:
  Analysing the Performance of Security Solutions to Reduce Vulnerability Exposure Window. 33-42
  

Operating Systems and Memory Security

• Albert Tannous, Jonathan T. Trostle, Mohamed Hassan, Stephen E. McLaughlin, Trent Jaeger:
  New Side Channels Targeted at Passwords. 45-54
  
• William Enck, Patrick Drew McDaniel, Trent Jaeger:
  PinUP: Pinning User Files to Known Applications. 55-64
  
• William Enck, Kevin R. B. Butler, Thomas Richardson, Patrick Drew McDaniel, Adam Smith:
  Defending Against Attacks on Main Memory Persistence. 65-74
  

Kernel-Level Defensive Techniques

• Arati Baliga, Vinod Ganapathy, Liviu Iftode:
  Automatic Inference and Enforcement of Kernel Data Structure Invariants. 77-86
  
• Timothy Fraser, Matthew R. Evenson, William A. Arbaugh:
  VICI Virtual Machine Introspection for Cognitive Immunity. 87-96
  
• Jinpeng Wei, Bryan D. Payne, Jonathon Giffin, Calton Pu:
  Soft-Timer Driven Transient Kernel Control Flow Attacks and Defense. 97-107
  

Graphical Passwords and Biometrics

• Amirali Salehi-Abari, Julie Thorpe, Paul C. van Oorschot:
  On Purely Automated Attacks and Click-Based Graphical Passwords. 111-120
  
• Haichang Gao, Xuewu Guo, Xiaoping Chen, Liming Wang, Xiyang Liu:
  YAGP: Yet Another Graphical Password Strategy. 121-129
  
• Stelvio Cimato, Marco Gamassi, Vincenzo Piuri, Roberto Sassi, Fabio Scotti:
  Privacy-Aware Biometrics: Design and Implementation of a Multimodal Verification System. 130-139
  
• Xunhua Wang, Philip D. Huff, Brett C. Tjaden:
  Improving the Efficiency of Capture-Resistant Biometric Authentication Based on Set Intersection. 140-149
  

Access Control

• Mathias Kohler, Andreas Schaad:
  ProActive Access Control for Business Process-Driven Environments. 153-162
  
• Evan Martin, JeeHyun Hwang, Tao Xie, Vincent C. Hu:
  Assessing Quality of Policy Properties in Verification of Access Control Policies. 163-172
  
• Ragib Hasan, Marianne Winslett, Richard M. Conlan, Brian Slesinsky, Nandakumar Ramani:
  Please Permit Me: Stateless Delegated Authorization in Mashups. 173-182
  
• Günter Karjoth, Andreas Schade, Els Van Herreweghen:
  Implementing ACL-Based Policies in XACML. 183-192
  

Network Security

• Susanta Nanda, Tzi-cker Chiueh:
  Execution Trace-Driven Automated Attack Signature Generation. 195-204
  
• Mansour Alsaleh, David Barrera, Paul C. van Oorschot:
  Improving Security Visualization with Exposure Map Filtering. 205-214
  
• Yinqian Zhang, Xun Fan, Yijun Wang, Zhi Xue:
  Attack Grammar: A New Approach to Modeling and Analyzing Network Attack Sequences. 215-224
  
• Rattikorn Hewett, Phongphun Kijsanayothin:
  Host-Centric Model Checking for Network Vulnerability Analysis. 225-234
  

Role-Based Access Control

• Qi Guo, Jaideep Vaidya, Vijayalakshmi Atluri:
  The Role Hierarchy Mining Problem: Discovery of Optimal Role Hierarchies. 237-246
  
• Dana Zhang, Kotagiri Ramamohanarao, Tim Ebringer, Trevor Yann:
  Permission Set Mining: Discovering Practical and Useful Roles. 247-256
  
• Karsten Sohr, Tanveer Mustafa, Xinyu Bao, Gail-Joon Ahn:
  Enforcing Role-Based Access Control Policies in Web Services with UML and OCL. 257-266
  

Intrusion Detection

• Robert J. Cole, Peng Liu:
  Addressing Low Base Rates in Intrusion Detection via Uncertainty-Bounding Multi-Step Analysis. 269-278
  
• Frédéric Massicotte, Yvan Labiche, Lionel C. Briand:
  Toward Automatic Generation of Intrusion Detection Verification Rules. 279-288
  
• Xinran Wang, Yoon-chan Jhi, Sencun Zhu, Peng Liu:
  STILL: Exploit Code Detection via Static Taint and Initialization Analyses. 289-298
  

Malware and Data Protection

• Roberto Perdisci, Andrea Lanzi, Wenke Lee:
  McBoost: Boosting Scalability in Malware Collection and Analysis Using Statistical Classification of Executables. 301-310
  
• Amit Vasudevan:
  MalTRAK: Tracking and Eliminating Unknown Malware. 311-321
  
• Roberto Capizzi, Antonio Longo, V. N. Venkatakrishnan, A. Prasad Sistla:
  Preventing Information Leaks through Shadow Executions. 322-331
  

Web-Based Applications Security

• Martin Johns, Björn Engelmann, Joachim Posegga:
  XSSDS: Server-Side Detection of Cross-Site Scripting Attacks. 335-344
  
• Chuan Yue, Haining Wang:
  Anti-Phishing in Offense and Defense. 345-354
  
• Saman Zarandioon, Danfeng Yao, Vinod Ganapathy:
  OMOS: A Framework for Secure Communication in Mashup Applications. 355-364
  

Anomaly and Misuse Detection

• Vanessa Frías-Martínez, Salvatore J. Stolfo, Angelos D. Keromytis:
  Behavior-Profile Clustering for False Alert Reduction in Anomaly Detection Sensors. 367-376
  
• Terrence O'Connor, Douglas S. Reeves:
  Bluetooth Network-Based Misuse Detection. 377-391
  
• Peng Li, Hyundo Park, Debin Gao, Jianming Fu:
  Bridging the Gap between Data-Flow and Control-Flow Analysis for Anomaly Detection. 392-401
  

Classic Papers

• Barbara Fraser, Steve Crocker:
  Epilogue for RFC 1281, Guidelines for the Secure Operation of the Internet. 405-417
  
• Stephanie Forrest, Steven A. Hofmeyr, Anil Somayaji:
  The Evolution of System-Call Monitoring. 418-430
  

Authentication

• Xiaole Bai, Wenjun Gu, Sriram Chellappan, Xun Wang, Dong Xuan, Bin Ma:
  PAS: Predicate-Based Authentication Services Against Powerful Passive Adversaries. 433-442
  
• Timothy W. van der Horst, Kent E. Seamons:
  pwdArmor: Protecting Conventional Password-Based Authentications. 443-452
  
• Erdem Aktas, Kanad Ghose:
  DARE: A Framework for Dynamic Authentication of Remote Executions. 453-462
  

Applied Cryptography

• Sean O'Melia, Adam J. Elbirt:
  Instruction Set Extensions for Enhancing the Performance of Symmetric-Key Cryptography. 465-474
  
• Ahren Studer, Christina Johns, Jaanus Kase, Kyle O'Meara, Lorrie Faith Cranor:
  A Survey to Guide Group Key Protocol Development. 475-484
  
• Antonio Grillo, Alessandro Lentini, Gianluigi Me, Giuseppe F. Italiano:
  Transaction Oriented Text Messaging with Trusted-SMS. 485-494