30. S&P 2009: Oakland, California, USA

Attacks and Defenses

• Flavio D. Garcia, Peter van Rossum, Roel Verdult, Ronny Wichers Schreur:
  Wirelessly Pickpocketing a Mifare Classic Card. 3-15
  
• Martin R. Albrecht, Kenneth G. Paterson, Gaven J. Watson:
  Plaintext Recovery Attacks against SSH. 16-26
  
• Xiang Cai, Yuwei Gui, Rob Johnson:
  Exploiting Unix File-System Races via Algorithmic Complexity Attacks. 27-41
  

Information Security

• Bart Coppens, Ingrid Verbauwhede, Koen De Bosschere, Bjorn De Sutter:
  Practical Mitigations for Timing-Based Side-Channel Attacks on Modern x86 Processors. 45-60
  
• Maxwell N. Krohn, Eran Tromer:
  Noninterference for a Practical DIFC-Based Operating System. 61-76
  

Malicious Code

• Bennet Yee, David Sehr, Gregory Dardyk, J. Bradley Chen, Robert Muth, Tavis Ormandy, Shiki Okasaka, Neha Narula, Nicholas Fullagar:
  Native Client: A Sandbox for Portable, Untrusted x86 Native Code. 79-93
  
• Monirul I. Sharif, Andrea Lanzi, Jonathon T. Giffin, Wenke Lee:
  Automatic Reverse Engineering of Malware Emulators. 94-109
  
• Paolo Milani Comparetti, Gilbert Wondracek, Christopher Krügel, Engin Kirda:
  Prospex: Protocol Specification Extraction. 110-125
  

Information Leaks

• Kevin Borders, Atul Prakash:
  Quantifying Information Leaks in Outbound Web Traffic. 129-140
  
• Michael Backes, Boris Köpf, Andrey Rybalchenko:
  Automatic Discovery and Quantification of Information Leaks. 141-153
  
• Bryan Parno, Jonathan M. McCune, Dan Wendlandt, David G. Andersen, Adrian Perrig:
  CLAMP: Practical Prevention of Large-Scale Data Leaks. 154-169
  

Privacy

• Arvind Narayanan, Vitaly Shmatikov:
  De-anonymizing Social Networks. 173-187
  
• Koen Simoens, Pim Tuyls, Bart Preneel:
  Privacy Weaknesses in Biometric Sketches. 188-203
  
• Michael T. Goodrich:
  The Mastermind Attack on Genomic Data. 204-218
  

Formal Foundations

• Anupam Datta, Jason Franklin, Deepak Garg, Dilsun Kirli Kaynar:
  A Logic of Secure Systems and its Application to Trusted Computing. 221-236
  
• Santiago Zanella Béguelin, Gilles Barthe, Benjamin Grégoire, Federico Olmedo:
  Formally Certifying the Security of Digital Signature Schemes. 237-250
  
• Ralf Küsters, Tomasz Truderung:
  An Epistemic Approach to Coercion-Resistance for Electronic Voting Protocols. 251-266
  

Network Security

• George Danezis, Ian Goldberg:
  Sphinx: A Compact and Provably Secure Mix Format. 269-282
  
• Haifeng Yu, Chenwei Shi, Michael Kaminsky, Phillip B. Gibbons, Feng Xiao:
  DSybil: Optimal Sybil-Resistance for Recommendation Systems. 283-298
  

Network Security

• William Clarkson, Tim Weyrich, Adam Finkelstein, Nadia Heninger, J. Alex Halderman, Edward W. Felten:
  Fingerprinting Blank Paper Using Commodity Scanners. 301-314
  
• Michael Backes, Tongbo Chen, Markus Dürmuth, Hendrik P. A. Lensch, Martin Welk:
  Tempest in a Teapot: Compromising Reflections Revisited. 315-327
  

Network Security

• Mike Ter Louw, V. N. Venkatakrishnan:
  Blueprint: Robust Prevention of Cross-site Scripting Attacks for Existing Browsers. 331-346
  
• Shuo Chen, Ziqing Mao, Yi-Min Wang, Ming Zhang:
  Pretty-Bad-Proxy: An Overlooked Adversary in Browsers' HTTPS Deployments. 347-359
  
• Adam Barth, Juan Caballero, Dawn Song:
  Secure Content Sniffing for Web Browsers, or How to Stop Papers from Reviewing Themselves. 360-371
  

Humans and Secrets

• Stuart E. Schechter, A. J. Bernheim Brush, Serge Egelman:
  It's No Secret. Measuring the Security and Reliability of Authentication via "Secret" Questions. 375-390
  
• Matt Weir, Sudhir Aggarwal, Breno de Medeiros, Bill Glodek:
  Password Cracking Using Probabilistic Context-Free Grammars. 391-405