Frédéric Cuppens Joaquin Garcia-Alfaro Nur Zincir Heywood Philip W.L. Fong (Eds.) 0 Foundations and 3 9 8 S Practice of Security C N L 7th International Symposium, FPS 2014 Montreal, QC, Canada, November 3–5, 2014 Revised Selected Papers 123 Lecture Notes in Computer Science 8930 Commenced Publication in 1973 Founding and Former Series Editors: Gerhard Goos, Juris Hartmanis, and Jan van Leeuwen Editorial Board David Hutchison Lancaster University, Lancaster, UK Takeo Kanade Carnegie Mellon University, Pittsburgh, PA, USA Josef Kittler University of Surrey, Guildford, UK Jon M. Kleinberg Cornell University, Ithaca, NY, USA Friedemann Mattern ETH Zurich, Zürich, Switzerland John C. Mitchell Stanford University, Stanford, CA, USA Moni Naor Weizmann Institute of Science, Rehovot, Israel C. Pandu Rangan Indian Institute of Technology, Madras, India Bernhard Steffen TU Dortmund University, Dortmund, Germany Demetri Terzopoulos University of California, Los Angeles, CA, USA Doug Tygar University of California, Berkeley, CA, USA Gerhard Weikum Max Planck Institute for Informatics, Saarbrücken, Germany More information about this series at http://www.springer.com/series/7410 é é Fr d ric Cuppens Joaquin Garcia-Alfaro (cid:129) Nur Zincir Heywood Philip W.L. Fong (Eds.) (cid:129) Foundations and Practice of Security 7th International Symposium, FPS 2014 – Montreal, QC, Canada, November 3 5, 2014 Revised Selected Papers 123 Editors Frédéric Cuppens NurZincir Heywood TELECOM Bretagne Dalhousie University Cesson Sévigné Halifax,NS France Canada JoaquinGarcia-Alfaro Philip W.L.Fong TELECOM SudParis Universityof Calgary Evry Calgary France Canada ISSN 0302-9743 ISSN 1611-3349 (electronic) Lecture Notesin ComputerScience ISBN 978-3-319-17039-8 ISBN 978-3-319-17040-4 (eBook) DOI 10.1007/978-3-319-17040-4 LibraryofCongressControlNumber:2015935046 LNCSSublibrary:SL4–SecurityandCryptology SpringerChamHeidelbergNewYorkDordrechtLondon ©SpringerInternationalPublishingSwitzerland2015 Thisworkissubjecttocopyright.AllrightsarereservedbythePublisher,whetherthewholeorpartofthe material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storageandretrieval,electronicadaptation,computersoftware,orbysimilarordissimilarmethodologynow knownorhereafterdeveloped. Theuseofgeneraldescriptivenames,registerednames,trademarks,servicemarks,etc.inthispublication doesnotimply,evenintheabsenceofaspecificstatement,thatsuchnamesareexemptfromtherelevant protectivelawsandregulationsandthereforefreeforgeneraluse. Thepublisher,theauthorsandtheeditorsaresafetoassumethattheadviceandinformationinthisbookare believedtobetrueandaccurateatthedateofpublication.Neitherthepublishernortheauthorsortheeditors give a warranty, express or implied, with respect to the material contained herein or for any errors or omissionsthatmayhavebeenmade. Printedonacid-freepaper SpringerInternationalPublishingAGSwitzerlandispartofSpringerScience+BusinessMedia (www.springer.com) Preface The7thInternationalSymposiumonFoundationsandPracticeofSecurity(FPS2014) was hosted by Concordia University, Montreal, Quebec, Canada, during November 3–5,2014.FPS2014received48submissions,fromcountriesallovertheworld.Each paper was reviewed by at least three committee members. The Program Committee selected 18 regular papers, 2 position papers and 5 short papers for presentation. The programwascompletedwithtwoexcellentinvitedtalksgivenbyKuiRen(University of Buffalo) and Jean-Louis Lanet (University of Limoges and Inria Rennes). Many people contributedtothesuccessofFPS 2014.First, we wouldlike tothank all the authors who submitted their research results. The selection was a challenging task and we sincerely thank all the Program Committee members, as well as the external reviewers, who volunteered to read and discuss the papers. We greatly thank theGeneralChair,MouradDebbabi(ConcordiaUniversity)andtheOrganizationChair Lingyu Wang (Concordia University) for their great efforts to organize and perfectly control the logistics during the Symposium. Finally, we also want to express our gratitudetothetwoPublicationChairs,JoaquinGarcia-Alfaro(TélécomSudParis)and Nur Zincir Heywood (Dalhousie University), and the webmaster Said Oulmakhzoune (Télécom Bretagne), for the huge work they provide for programming, editing the proceedings, and managing the website. As security becomes an essential property in the Information and Communication Technologies, there is a growing need to develop efficient methods to analyze and designsystems providing ahigh level of security and privacy. We hope the articles in this proceedings volume will be valuable for your professional activities in this area. December 2014 Frédéric Cuppens Philip W.L. Fong Organization General Chair Mourad Debbabi Concordia University, Canada Program Chairs Frédéric Cuppens Télécom Bretagne, France Philip W.L. Fong University of Calgary, Canada Organization Chair Lingyu Wang Concordia University, Canada Publication Chairs Joaquin Garcia-Alfaro Télécom SudParis, France Nur Zincir Heywood Dalhousie University, Canada Webmaster Said Oulmakhzoune Télécom Bretagne, France Program Committee Diala Abi Haidar Dar Al-Hekma College, Saudi Arabia Carlisle Adams University of Ottawa, Canada Esma Aïmeur Université de Montréal, Canada Gildas Avoine INSA, Rennes, France Guillaume Bonfante Université de Lorraine, LORIA, France Jordi Castellà-Roca Rovira i Virgili University, Spain Ana Cavalli Télécom SudParis, France Frédéric Cuppens Télécom Bretagne, France Nora Cuppens-Boulahia Télécom Bretagne, France Mila Dalla Preda University of Bologna, Italy Jean-Luc Danger Télécom ParisTech, France Mourad Debbabi Concordia University, Canada Nicola Dragoni Technical University of Denmark, Denmark Philip W.L. Fong University of Calgary, Canada Sara Foresti Università degli Studi di Milano, Italy Eric Freyssinet Université Paris 6, France VIII Organization Sebastien Gambs Université de Rennes 1, France Joaquin Garcia-Alfaro Télécom SudParis, France Ali Ghorbani University of New Brunswick, Canada Roberto Giacobazzi University of Verona, Italy Sylvain Guilley Télécom ParisTech, France Abdelwahab Hamou-Lhadj Concordia University, Canada Jordi Herrera Universitat Autònoma de Barcelona, Spain Bruce Kapron University of Victoria, Canada Hyoungshick Kim SungKyunKwan University, South Korea Evangelos Kranakis Carleton University, Canada Pascal Lafourcade Université de Clermont 1, France Yassine Lakhnech Joseph Fourier University, France Georgios Lioudakis National Technical University of Athens, Greece Luigi Logrippo Université du Québec en Outaouais, Canada Stefan Mangard Infineon Technologies AG, Germany Jean-Yves Marion École Nationale Supérieure des Mines de Nancy, France Joan Melia-Segui Universitat Pomepu Fabra, Spain Ali Miri Ryerson University, Canada Guillermo Navarro-Arribas Universitat Autónoma de Barcelona, Spain Jordi Nin Universitat Politècnica de Catalunya, Spain Andreas Pashalidis Katholieke Universiteit Leuven, Belgium Emmanuel Prouff Agence Nationale de la Sécurité des Systèmes d’Information, France Silvio Ranise FBK-Irst, Italy Jean-Marc Robert Écoledetechnologiesupérieure,Montreal,Canada Alessandro Sorniotti SAP Research, France Anna Squicciarini Pennsylvania State University, USA Chamseddine Talhi Écoledetechnologiesupérieure,Montreal,Canada Nadia Tawbi Université Laval, Canada Alexandre Viejo Rovira i Virgili University, Spain Lena Wiese Georg-August-Universität Göttingen, Germany Nicola Zannone Eindhoven University of Technology, The Netherlands Mohammad Zulkernine Queen’s University, Canada Organization IX Additional Reviewers Shivam Bhasin Florian Praden Sofiene Boulares Sujoy Ray Jordi Casas-Roma Diego Rivera Elisa Costante Thomas Roche Jannik Dreier Giada Sciarretta Raul Armando Fuentes Samaniego Mouna Selmi Samuel Paul Kaluvuri Hari Siswantoro Thomas Korak Bernard Stepien Amrit Kumar Fatih Turkmen Vinh Hoa La Mario Werner Aouadi Mohamed Thomas Zefferer Huu Nghia Nguyen Contents Attacks and Vulnerabilities On Acoustic Covert Channels Between Air-Gapped Systems . . . . . . . . . . . . 3 Brent Carrara and Carlisle Adams Location-Dependent EM Leakage of the ATxmega Microcontroller. . . . . . . . 17 Thomas Korak Privacy Privacy-Preserving Public Auditing in Cloud Computing with Data Deduplication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35 Naelah Alkhojandi and Ali Miri A Maximum Variance Approach for Graph Anonymization . . . . . . . . . . . . . 49 Hiep H. Nguyen, Abdessamad Imine, and Michaël Rusinowitch Privacy by Design: On the Conformance Between Protocols and Architectures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65 Vinh-Thong Ta and Thibaud Antignac Software Security and Malware Analysis Moving Target Defense Against Cross-Site Scripting Attacks (Position Paper). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85 Joe Portner, Joel Kerr, and Bill Chu Combining High-Level and Low-Level Approaches to Evaluate Software Implementations Robustness Against Multiple Fault Injection Attacks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92 Lionel Rivière, Marie-Laure Potet, Thanh-Ha Le, Julien Bringer, Hervé Chabanne, and Maxime Puys Malware Message Classification by Dynamic Analysis . . . . . . . . . . . . . . . . 112 Guillaume Bonfante, Jean-Yves Marion, and Thanh Dinh Ta Network Security and Protocols A Game Approach for an Efficient Intrusion Detection System in Mobile Ad Hoc Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131 Myria Bouhaddi, Mohammed Saïd Radjef, and Kamel Adi