Foreword from the General Chairs It was a great pleasure for us to be associated with the 9th International Con- ference on InformationSystems Security (ICISS) during December 16–20,2013, held at the Indian Statistical Institute Kolkata, as General Chairs. After the excellent organization of the eighth edition of the conference last year at IIT Guwahati, we believe this event also took place without glitch. During the last 8 years,ICISS has securedits place asone ofthe mostimportant venuesfor the researchers in information systems security primarily because of the dedication and quality-consciousness of its Program Committee. The ProgramCommittee has all along maintained a strict review policy and the averageacceptance ratio has been around 25%. In each edition of the conference, excellent tutorials are also presented, which are very popular among students and researchers. This year,the ProgramCommittee ledby AdityaBagchiandIndrakshiRay, and assisted by the other reviewers, did an excellent job by completing the re- view process within the deadline. This was done in spite of prolonged debate and discussion regarding the acceptance of papers and shepherding by the vol- unteers. We record our appreciation to the Program Chairs, members of the Program Committee, and other reviewers for their excellent service to this re- search community and for drawing up an excellent Technical Program. We are indebtedto ChristopherW. Clifton, FlorianKerschbaum,andSharadMehrotra for accepting our invitation to deliver keynote talks. Tutorial Chair R. Tamal GoswamiworkedhardinorganizingthetutorialatBirlaInstituteofTechnology, Mesra, Kolkata campus. The Organizing Committee led by Pinakpani Pal and Finance Chair Sub- hasis Dasgupta worked tirelessly to ensure that other aspects of the event were also commensurate with the technical quality. The efforts made by Publicity Chairs Raman Adaikkalavan and Anirban Sengupta, in promoting the confer- ence to the international community of researchers, are commendable. We take this opportunity to thank our sponsors for their contributions. December 2013 Bimal K. Roy Chandan Mazumdar Preface This volume contains the papers selected for presentation at the 9th Interna- tional Conference on Information Systems Security (ICISS 2013) held during December 16–20, 2013, at the Indian Statistical Institute, Kolkata, India. In 2005, ICISS started primarily as an initiative to promote information security- related research in India. However, from the very beginning, ICISS managed to draw the attention of the researchcommunity across the globe and has become a true internationalevent. Selecting from 82 submissions of15 countries around the world, 20 full papers and six short papers were accepted for presentation. All the papers were rigorously reviewed by at least three members of the Pro- gramCommittee. We are extremely grateful to all the members of the Program Committee and the other external reviewers for offering their time and profes- sional expertise. We are also grateful to Prof. Christopher Clifton, Dr. Florian Kerschbaum,andProf.SharadMehrotrafordeliveringthe keynotelectures.We were fortunate to have these three leading experts as invited speakers. Special thanksareduetoProf.BimalK.RoyandProf.ChandanMazumdarforserving asgeneralchairs.We areindebted to Prof.Sushil Jajodia,the brainbehind this conference and the Steering Committee chair for his continuous guidance and help. We hope this collection of papers will be both stimulating and rewarding for the researchcommunity. December 2013 Aditya Bagchi Indrakshi Ray Table of Contents Challenges and Opportunities for Security with Differential Privacy .... 1 Chris Clifton and Balamurugan Anandan An Encrypted In-Memory Column-Store: The Onion Selection Problem ........................................................ 14 Florian Kerschbaum, Martin H¨arterich, Mathias Kohler, Isabelle Hang, Andreas Schaad, Axel Schro¨pfer, and Walter Tighzert Risk Aware Approach to Data Confidentiality in Cloud Computing..... 27 Kerim Yasin Oktay, Vaibhav Khadilkar, Murat Kantarcioglu, and Sharad Mehrotra Jamming Resistant Schemes for Wireless Communication: A Combinatorial Approach........................................ 43 Samiran Bag, Sushmita Ruj, and Bimal Roy Improved Biometric-Based Three-factor Remote User Authentication Scheme with Key Agreement Using Smart Card...................... 63 Ankita Chaturvedi, Dheerendra Mishra, and Sourav Mukhopadhyay Signcryption from Randomness Recoverable PKE Revisited ........... 78 Angsuman Das and Avishek Adhikari Auctions with Rational Adversary ................................. 91 Sourya Joyee De and Asim K. Pal A Framework for Formal Reasoning about Privacy Properties Based on Trust Relationships in Complex Electronic Services................ 106 Koen Decroix, Jorn Lapon, Bart De Decker, and Vincent Naessens Correctness Verification in Outsourced Databases: More Reliable Fake Tuples Approach................................................. 121 Ganugula Umadevi and Ashutosh Saxena Policy Mining: A Bottom-Up Approach towarda Model Based Firewall Management .................................................... 133 Safa`a Hachana, Fr´ed´eric Cuppens, Nora Cuppens-Boulahia, Vijay Atluri, and Stephane Morucci Secure States versus Secure Executions - From Access Control to Flow Control......................................................... 148 Mathieu Jaume, Radoniaina Andriatsimandefitra, Val´erie Viet Triem Tong, and Ludovic M´e Pal A Framework for Formal Reasoning about Privacy Properties Based on Trust Relationships in Complex Electronic Services................ 106 Koen Decroix, Jorn Lapon, Bart De Decker, and Vincent Naessens Correctness Verification in Outsourced Databases: More Reliable Fake Tuples Approach................................................. 121 Ganugula Umadevi and Ashutosh Saxena Policy Mining: A Bottom-Up Approach towarda Model Based Firewall Management .................................................... 133 Safa`a Hachana, Fr´ed´eric Cuppens, Nora Cuppens-Boulahia, Vijay Atluri, and Stephane Morucci Secure States versus Secure Executions - From Access Control to Flow Control......................................................... 148 Mathieu Jaume, Radoniaina Andriatsimandefitra, Val´erie Viet Triem Tong, and Ludovic M´e