SEC 2008: Milano, Italy

Privacy Protection

• Karsten Nohl, David Evans:
  Hiding in Groups: On the Expressiveness of Privacy Distributions. 1-15
  
• Florian Kerschbaum:
  Practical Privacy-Preserving Benchmarking. 17-31
  
• Alessandro Piva, Claudio Orlandi, M. Caini, Tiziano Bianchi, Mauro Barni:
  Enhancing Privacy in Remote Data Classification. 33-46
  

Web Applications Security and Malware

• Yongdong Wu, Haixia Yao, Feng Bao:
  Minimizing SSO Effort in Verifying SSL Anti-phishing Indicators. 47-61
  
• Yngve Espelid, Lars-Helge Netland, André N. Klingsheim, Kjell Jørgen Hole:
  Robbing Banks with Their Own Software-an Exploit Against Norwegian Online Banks. 63-77
  
• Michele Colajanni, Daniele Gozzi, Mirco Marchetti:
  Collaborative architecture for malware detection and analysis. 79-93
  

Sensor and Wireless Security

• Joonsang Baek, Han Chiang Tan, Jianying Zhou, Jun Wen Wong:
  Realizing Stateful Public Key Encryption in Wireless Sensor Network. 95-107
  
• Maurizio Adriano Strangio:
  Establishing secure links in low-rate wireless personal area networks. 109-123
  
• Jianying Zhou, Tanmoy Kanti Das, Javier Lopez:
  An Asynchronous Node Replication Attack in Wireless Sensor Networks. 125-139
  

Security Policies

• Frédéric Dadeau, Marie-Laure Potet, Régis Tissot:
  A B Formal Framework for Security Developments in the Domain of Smart Card Applications. 141-155
  
• Thomas Scheffler, Stefan Geiß, Bettina Schnor:
  An Implementation of a Privacy Enforcement Scheme based on the Java Security Framework using XACML Policies. 157-171
  
• Nora Cuppens-Boulahia, Frédéric Cuppens, Diala Abi Haidar, Hervé Debar:
  Negotiation of Prohibition: An Approach Based on Policy Rewriting. 173-187
  

Access Control in Distributed Systems

• Wei Li, Lingyu Wang, Bo Zhu, Lei Zhang:
  An Integrity Lock Architecture for Supporting Distributed Authorizations in Database Federations. 189-203
  
• Jason Crampton, Hoon Wei Lim:
  Role Signatures for Access Control in Open Distributed Systems. 205-220
  
• Nicoletta Dessì, Maria Grazia Fugini, R. A. Balachandar:
  Policies and Security Aspects For Distributed Scientific Laboratories. 221-235
  

Intrusion Detection

• Inez Raguenet, Carlos Maziero:
  A Fuzzy Model for the Composition of Intrusion Detectors. 237-251
  
• Gina C. Tjhai, Maria Papadaki, Steven Furnell, Nathan L. Clarke:
  Investigating the problem of IDS false alarms: An experimental study using Snort. 253-267
  
• Kapil Kumar Gupta, Baikunth Nath, Kotagiri Ramamohanarao:
  User Session Modeling for Effective Application Intrusion Detection. 269-284
  

Anomaly Detection

• Carlo Bellettini, Julian L. Rrushi:
  A Product Machine Model for Anomaly Detection of Interposition Attacks on Cyber-Physical Systems. 285-300
  
• Frédéric Majorczyk, Eric Totel, Ludovic Mé, Ayda Saïdane:
  Anomaly Detection with Diagnosis in Diversified Systems using Information Flow Graphs. 301-315
  
• Jacques Saraydaryan, Luc Paffumi, Véronique Legrand, Stéphane Ubéda:
  Behavioral Intrusion Detection Indicators. 317-331
  

Role Mining and Content Protection

• Alessandro Colantonio, Roberto Di Pietro, Alberto Ocello:
  Leveraging Lattices to Improve Role Mining. 333-347
  
• Aris Gkoulalas-Divanis, Vassilios S. Verykios:
  A Parallelization Framework for Exact Knowledge Hiding in Transactional Databases. 349-363
  
• Hongxia Jin, Jeffery Lotspiech, Nimrod Megiddo:
  Efficient Coalition Detection in Traitor Tracing. 365-380
  

VOIP and Network Security

• Stelios Dritsas, Yannis Soupionis, Marianthi Theoharidou, Yannis Mallios, Dimitris Gritzalis:
  SPIT Identification Criteria Implementation: Effectiveness and Lessons Learned. 381-395
  
• Dongwon Seo, Heejo Lee, Ejovi Nuwere:
  Detecting More SIP Attacks on VoIP Services by Combining Rule Matching and State Transition Models. 397-411
  
• Kien C. Nguyen, Tansu Alpcan, Tamer Basar:
  A Decentralized Bayesian Attack Detection Algorithm for Network Security. 413-428
  

Network Devices Security and Cyber Warfare

• J. Pan, J. I. den Hartog, Erik P. de Vink:
  An Operation-Based Metric for CPA Resistance. 429-443
  
• Patrick P. Tsang, Sean W. Smith:
  YASIR: A Low-Latency, High-Integrity Security Retrofit for Legacy SCADA Systems. 445-459
  
• Samuel N. Hamilton, Wendy L. Hamilton:
  Adversary Modeling and Simulation in Cyber Warfare. 461-475
  

Security Compliance

• Thomas Neubauer, Andreas Ekelhart, Stefan Fenz:
  Interactive Selection of ISO 27001 Controls under Multiple Objectives. 477-492
  
• Dennis Longley, Mark Branagan, William J. Caelli, Lam-for Kwok:
  Feasibility of Automated Information Security Compliance Auditing. 493-508
  
• Muntaha Alawneh, Imad M. Abbadi:
  Software Licence Protection and Management for Organisations. 509-523
  

Risk and Security Analysis

• Maxwell G. Dondo:
  A Vulnerability Prioritization System Using A Fuzzy Risk Analysis Approach. 525-540
  
• Daniel Le Métayer, Claire Loiseaux:
  ASTRA : A Security Analysis Method Based on Asset Tracking. 541-555
  
• Qutaibah Althebyan, Brajendra Panda:
  A Knowledge-Based Bayesian Model for Analyzing a System after an Insider Attack. 557-571
  

Identity and Trust Management

• Gail-Joon Ahn, Moonam Ko, Mohamed Shehab:
  Portable User-Centric Identity Management. 573-587
  
• Kristof Verslype, Bart De Decker:
  Ubiquitous Privacy-Preserving Identity Managment. 589-603
  
• Indrajit Ray, Sudip Chakraborty:
  Facilitating Privacy Related Decisions in Different Privacy Contexts on the Internet by Evaluating Trust in Recipients of Private Data. 605-620
  

Virtualization and Digital Forensics

• Brian Hay, Ronald Dodge, Kara L. Nance:
  Using Virtualization to Create and Deploy Computer Security Lab Exercises. 621-635
  
• Slim Rekhis, Jihène Krichène, Noureddine Boudriga:
  DigForNet: Digital Forensic in Networking. 637-651
  
• Roberto Battistoni, Alessandro Di Biagio, Roberto Di Pietro, Matteo Formica, Luigi V. Mancini:
  A Live Digital Forensic system for Windows networks. 653-667
  

Short Papers

• Jeheon Han, Jonghoon Kwon, Heejo Lee:
  HoneyID : Unveiling Hidden Spywares by Generating Bogus Events. 669-673
  
• Nouha Oualha, Melek Önen, Yves Roudier:
  A Security Protocol for Self-Organizing Data Storage. 675-679
  
• Cormac Herley, Dinei A. F. Florêncio:
  Protecting Financial Institutions from Brute-Force Attacks. 681-685
  
• Shaun Posthumus, Rossouw von Solms:
  Agency Theory: Can it be Used to Strengthen IT Governance?. 687-691
  
• Alexandros Tsakountakis, Georgios Kambourakis, Stefanos Gritzalis:
  A new Accounting Mechanism for Modern and Future AAA Services. 693-697
  
• Yasuhiro Fujihara, Yuko Murayama, Kentarou Yamaguchi:
  A user survey on the sense of security, Anshin. 699-703
  
• Po-Yuan Teng, Shih-I Huang, Adrian Perrig:
  Multi-Layer Encryption for Multi-Level Access Control in Wireless Sensor Networks. 705-709
  
• Giorgio Davanzo, Eric Medvet, Alberto Bartoli:
  A Comparative Study of Anomaly Detection Techniques in Web Site Defacement Detection. 711-716
  
• Manuel Sánchez, Óscar Cánovas Reverte, Gabriel López, Antonio F. Gómez-Skarmeta:
  Managing the lifecycle of XACML delegation policies in federated environments. 717-721
  
• George O. M. Yee, Larry Korba, Ronggong Song:
  Assessing the Likelihood of Privacy Policy Compliance. 723-727
  
• Salem Benferhat, Karim Tabia:
  Classification features for detecting Server-side and Client-side Web attacks. 729-733