21. ACSAC 2005: Tucson, Arizona, USA
21st Annual Computer Security Applications Conference (ACSAC 2005), 5-9 December 2005, Tucson, AZ, USA. IEEE Computer Society 2005 ISBN 0-7695-2461-3
Cover
- Title Page.
- Copyright.
Introduction
- Message from Conference Chair.
- Conference Committee.
- Program Committee.
- Tutorial Committee.
- Reviewers.
- Speaker Biographies.
Distinguished Practitioner
- Brian D. Snow: We Need Assurance! 3-10
Track A: Software Security
- Benjamin Schwarz, Hao Chen, David Wagner, Jeremy Lin, Wei Tu, Geoff Morrison, Jacob West: Model Checking An Entire Linux Distribution for Security Violations. 13-22
- Jonathon T. Giffin, Mihai Christodorescu, Louis Kruger: Strengthening Software Self-Checksumming via Self-Modifying Code. 23-32
- David Wheeler: Countering Trusting Trust through Diverse Double-Compiling. 33-48
Track B: Network Intrusion Detection
- Stig Andersson, Andrew Clark, George M. Mohay, Bradley Schatz, Jacob Zimmermann: A Framework for Detecting Network-based Code Injection Attacks Targeting Windows and UNIX. 49-58
- Paul Ammann, Joseph Pamula, Julie A. Street, Ronald W. Ritchey: A Host-Based Approach to Network Attack Chaining Analysis. 72-84
Track A: Security Designs
- Wesam Lootah, William Enck, Patrick McDaniel: TARP: Ticket-based Address Resolution Protocol. 106-116
Track B: Protocol Analysis
- Jingmin Zhou, Adam J. Carlson, Matt Bishop: Verify Results of Network Intrusion Alerts Using Lightweight Protocol Analysis. 117-126
- Danilo Bruschi, Lorenzo Cavallaro, Andrea Lanzi, Mattia Monga: Replay Attack in TCG Specification and Solution. 127-137
- Jan Jürjens: Code Security Analysis of a Biometric Authentication System Using Automated Theorem Provers. 138-149
Track A: Vulnerability Assessment
- Steven Noel, Sushil Jajodia: Understanding Complex Network Attack Graphs through Clustered Adjacency Matrices. 160-169
- Elisa Bertino, Ashish Kamra, Evimaria Terzi, Athena Vakali: Intrusion Detection in RBAC-administered Databases. 170-182
Track B: Hot Topics I
- How Does Information Assurance R&D Impact Information Assurance in Practice? Follow the money - Where does it Go - What is our ROI? 183
Invited Essayist
- Mary Ellen Zurko: User-Centered Security: Stepping Up to the Grand Challenge. 187-202
Track A: Automation
- Corrado Leita, Ken Mermoud, Marc Dacier: ScriptGen: an automated script generation tool for honeyd. 203-214
- Zhenkai Liang, R. Sekar: Automatic Generation of Buffer Overflow Attack Signatures: An Approach Based on Program Behavior Models. 215-224
- Hilmi Günes Kayacik, A. Nur Zincir-Heywood, Malcolm I. Heywood: Evolving Successful Stack Overflow Attacks for Vulnerability Testing. 225-234
Track B: Security Analysis
- Mourad Debbabi, Mohamed Saleh, Chamseddine Talhi, Sami Zhioua: Java for Mobile Devices: A Security Study. 235-244
- John Black, Martin Cochran, Martin Ryan Gardner: Lessons Learned: A Security Analysis of the Internet Chess Club. 245-253
Track A: Operating System Security Mechanisms
- Paul A. Karger: Multi-Level Security Requirements for Hypervisors. 267-275
- Reiner Sailer, Trent Jaeger, Enriquillo Valdez, Ramón Cáceres, Ronald Perez, Stefan Berger, John Linwood Griffin, Leendert van Doorn: Building a MAC-Based Security Architecture for the Xen Open-Source Hypervisor. 276-285
- Gaurav S. Kc, Angelos D. Keromytis: e-NeXSh: Achieving an Effectively Non-Executable Stack and Heap via System-Call Policing. 286-302
Track B: Data Integrity
- Ramaswamy Chandramouli, Scott Rose: An Integrity Verification Scheme for DNS Zone file based on Security Impact Analysis. 312-321
- Fareed Zaffar, Gershon Kedem, Ashish Gehani: Paranoid: A Global Secure File Access Control System. 322-332
Track C: Hot Topics II
- Marla Collier: How to Develop a Career in Information Assurance and How to Advance in this Field. 333
Classic Papers
- David Elliott Bell: Looking Back at the Bell-La Padula Model. 337-351
Track A: Malware
- Weidong Cui, Randy H. Katz, Wai-tian Tan: Design and Implementation of an Extrusion-based Break-In Detector for Personal Computers. 361-370
- David Whyte, Paul C. van Oorschot, Evangelos Kranakis: Detecting Intra-enterprise Scanning Worms based on Address Resolution. 371-380
Track B: Panel
- Simon N. Foley, Abe Singer, Michael E. Locasto, Stelios Sidiroglou, Angelos D. Keromytis, John P. McDermott, Julie Thorpe, Paul C. van Oorschot, Anil Somayaji, Richard Ford, Mark Bush, Alex Boulatov: Highlights from the 2005 New Security Paradigms Workshop. 393-396
Track A: Distributed System Security
- John P. Jones, Daniel F. Berger, Chinya V. Ravishankar: Layering Public Key Distribution Over Secure DNS using Authenticated Delegation. 409-418
- Sara Sinclair, Sean W. Smith: PorKI: Making User PKI Safe on Machines of Heterogeneous Trustworthiness. 419-430
Track B: Access Control
- Tine Verhanneman, Frank Piessens, Bart De Win, Wouter Joosen: Uniform Application-level Access Control Enforcement of Organizationwide Policies. 431-440
- Sandeep Kumar, Terence Sim, Rajkumar Janakiraman, Sheng Zhang: Using Continuous Biometric Verification to Protect Interactive Login Sessions. 441-450
- Rennie deGraaf, John Aycock, Michael J. Jacobson Jr.: Improved Port Knocking with Strong Authentication. 451-462
Track A: Passwords and Applied Crypto
- Sundararaman Jeyaraman, Umut Topkara: Have the cake and eat it too - Infusing usability into text-password based authentication systems. 473-482
Track B: Defense in Depth/Database Security
- Jennifer Chong, Partha Pratim Pal, Michael Atighetchi, Paul Rubel, Franklin Webber: Survivability Architecture of a Mission Critical System: The DPASA Example. 495-504
- Paul Rubel, Michael Ihde, Steven Harp, Charles Payne: Generating Policies for Defense in Depth. 505-514
- Meng Yu, Wanyu Zang, Peng Liu: Defensive Execution of Transactional Processes against Attacks. 515-526
Track C: Privacy
- Dingbang Xu, Peng Ning: Privacy-Preserving Alert Correlation: A Concept Hierarchy Based Approach. 537-546
data released under the ODC-BY 1.0 license. See also our legal information page
last updated on 2013-06-18T211851 by the dblp team