 |
 |
 About |
 |
| Advance Program |
|
| Invited Speakers |
|
| Call
for Papers |
|
| Important
Dates |
|
| Accepted Papers |
|
| Program
Committee |
|
| Officers |
 |
| Conference Location |
|
| Registration |
|
| Hotel
Reservation |
|
 |
| Since
1995 |
|
Keynote Speakers
Ahmad-Reza Sadeghi is a full professor of Computer Science at Technische Universität Darmstadt, Germany. He is the head of the System Security Lab at the Center for Advanced Security Research Darmstadt (CASED) and Scientific Director of Fraunhofer Institute for Secure Information Technology (SIT). Since January 2012 he is also the Director of the Intel Collaborative Research Institute for Secure Computing (ICRI-SC) at TU-Darmstadt. He holds a Ph.D. in Computer Science from the University of Saarland in Saarbrücken, Germany. Prior to academia, he worked in Research and Development of Telecommunications enterprises, amongst others Ericsson Telecommunications. He has been continuously contributing to the IT-Security research community and serving as general or program chair as well as program committee member of many scientific and industrial conferences and workshops in the field of information security and privacy. He is on the Editorial Board of the ACM Transactions on Information and System Security.
Prof. Sadeghi has been awarded with the renowned German prize "Karl Heinz Beckurts" for his research on Trusted and Trustworthy Computing technology and its transfer to industrial practice. The award honors excellent scientific achievements with high impact on industrial innovations in Germany. Further, his group received the second prize of the German IT Security Competition Award 2010.
Title: Mobile Security and Privacy: The Quest for the Mighty Access Control
Mobile smart devices are changing our lives and are the emerging dominant computing platform for end-users. Mobile applications (apps) provide flexible access to critical services such as online banking, health records, enterprise applications, or social networks. They offer high computing, storage and sensing capabilities and new interfaces such as near field communication technology (NFC) that enable many new useful applications.
Although mobile operating systems have been designed with security in mind from their infancy, they still fail to resist sophisticated attacks as shown recently. We observe diverse attack vectors: application-level privilege escalation, sensory malware, runtime attacks hijacking the execution flow of apps as well as compromising the operating system.
In the recent years, researchers have presented many proposals to enhance the security and privacy of smart mobile devices at different abstraction layers with the strong focus on the Android operating system for obvious reasons (open-source and popularity). We observe that almost all proposals for security extensions to Android constitute mandatory access control (MAC) mechanisms that are tailored to the specific semantics of the addressed problem, for instance, establishing fine-grained access control to the user's private data or protecting the platform integrity.
We elaborate on solutions (including our work) that aim at mitigating attacks at application-level including control-flow integrity (CFI) against runtime attacks on mobile devices, and discuss their trade-offs. We then present a generic security architecture for the Android OS with MAC on both the kernel- and middleware layers. The goal is to build a flexible and effective ecosystem that allows for instantiating different security and privacy solutions, e.g., context-based access control. We then discuss further research challenges in particular the trade-off between access control mechanisms, the achieved level of protection and usability in practice.
Florian Kerschbaum is a chief expert in the security research department of SAP in Karlsruhe, Germany. In the academic year 2011/12 he was on leave as the deputy professor (Lehrstuhlvertreter) for the chair of privacy and data security at Dresden University of Technology. His research interests center around security and privacy algorithms and protocols for the next-generation, cross-organizational business applications. He holds a Ph.D. in computer science from the Karlsruhe Institute of Technology, a master's degree from Purdue University, and a bachelor's degree from Berufsakademie Mannheim.
Title: Searching over Encrypted Data in Cloud Systems
Security is still a major inhibitor of cloud computing. When companies are testing cloud applications, e.g. for storage or databases, they use generated data for fear of data loss. Modern encrypted databases where the cryptographic key remains at the client provide a solution to this problem. Recent results in cryptography, such order-preserving encryption, and database systems enable the practical use of these systems. We report on our pre-development efforts of implementing such an encrypted database in an in-memory, column store database. We highlight some unsolved research challenges, such as access control, infrequent queries and security vs. performance query optimization. We give an overview of the architecture and performance benchmarks on our prototype which are very encouraging for practical adoption.
Copyright (c) ACM SACMAT All rights reserved.