ebook img

Security and Trust Management: 12th International Workshop, STM 2016, Heraklion, Crete, Greece, September 26-27, 2016, Proceedings PDF

239 Pages·2016·11.827 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Security and Trust Management: 12th International Workshop, STM 2016, Heraklion, Crete, Greece, September 26-27, 2016, Proceedings

Gilles Barthe Evangelos Markatos Pierangela Samarati (Eds.) 1 7 Security 8 9 S C and Trust Management N L 12th International Workshop, STM 2016 Heraklion, Crete, Greece, September 26–27, 2016 Proceedings 123 Lecture Notes in Computer Science 9871 Commenced Publication in 1973 Founding and Former Series Editors: Gerhard Goos, Juris Hartmanis, and Jan van Leeuwen Editorial Board David Hutchison Lancaster University, Lancaster, UK Takeo Kanade Carnegie Mellon University, Pittsburgh, PA, USA Josef Kittler University of Surrey, Guildford, UK Jon M. Kleinberg Cornell University, Ithaca, NY, USA Friedemann Mattern ETH Zurich, Zurich, Switzerland John C. Mitchell Stanford University, Stanford, CA, USA Moni Naor Weizmann Institute of Science, Rehovot, Israel C. Pandu Rangan Indian Institute of Technology, Madras, India Bernhard Steffen TU Dortmund University, Dortmund, Germany Demetri Terzopoulos University of California, Los Angeles, CA, USA Doug Tygar University of California, Berkeley, CA, USA Gerhard Weikum Max Planck Institute for Informatics, Saarbrücken, Germany More information about this series at http://www.springer.com/series/7410 Gilles Barthe Evangelos Markatos (cid:129) Pierangela Samarati (Eds.) Security and Trust Management 12th International Workshop, STM 2016 – Heraklion, Crete, Greece, September 26 27, 2016 Proceedings 123 Editors Gilles Barthe Pierangela Samarati IMDEA Software Institute Dipartimento di Informatica PozuelodeAlarcón, Madrid Universitàdegli Studi diMilano Spain Crema Italy Evangelos Markatos Department ofComputer Science University of Crete Heraklion, Crete Greece ISSN 0302-9743 ISSN 1611-3349 (electronic) Lecture Notesin Computer Science ISBN 978-3-319-46597-5 ISBN978-3-319-46598-2 (eBook) DOI 10.1007/978-3-319-46598-2 LibraryofCongressControlNumber:2016951694 LNCSSublibrary:SL4–SecurityandCryptology ©SpringerInternationalPublishingAG2016 Thisworkissubjecttocopyright.AllrightsarereservedbythePublisher,whetherthewholeorpartofthe material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storageandretrieval,electronicadaptation,computersoftware,orbysimilarordissimilarmethodologynow knownorhereafterdeveloped. Theuseofgeneraldescriptivenames,registerednames,trademarks,servicemarks,etc.inthispublication doesnotimply,evenintheabsenceofaspecificstatement,thatsuchnamesareexemptfromtherelevant protectivelawsandregulationsandthereforefreeforgeneraluse. Thepublisher,theauthorsandtheeditorsaresafetoassumethattheadviceandinformationinthisbookare believedtobetrueandaccurateatthedateofpublication.Neitherthepublishernortheauthorsortheeditors give a warranty, express or implied, with respect to the material contained herein or for any errors or omissionsthatmayhavebeenmade. Printedonacid-freepaper ThisSpringerimprintispublishedbySpringerNature TheregisteredcompanyisSpringerInternationalPublishingAG Theregisteredcompanyaddressis:Gewerbestrasse11,6330Cham,Switzerland Preface Theseproceedingscontainthepapersselectedforpresentationatthe12thInternational Workshop on Security and Trust Management (STM 2016), held in Crete, Greece, duringSeptember26–27,2016,inconjunctionwiththe21thEuropeanSymposiumon Research in Computer Security (ESORICS 2016). Inresponsetothecallforpapers,34papersweresubmittedtotheworkshopfrom17 different countries. Each paper was reviewed by three members of the Program Committee, who considered its significance, novelty, technical quality, and practical impact in their evaluation. As in previous years, reviewing was double-blind. The Program Committee’s work was carried out electronically, yielding intensive discus- sions over a period of one week. Of the submitted papers, the Program Committee accepted 13full papers (resultingin anacceptance rate of 38 %) and two short papers for presentation at the workshop. Besides the technical program including the papers collated in these proceedings, the conference featured an invited talk by the winner of the ERCIM STM WG 2016 Award for the best PhD thesis on security and trust management and by Dr. Bogdan Warinschi. ThecreditforthesuccessofaneventlikeSTM2016belongstoanumberofpeople, who devoted their time and energy to put together the workshop and who deserve acknowledgment. First of all, we wish to thank all the members of the Program Committee and all the external reviewers, for all their hard work in evaluating the papers in a short time window, and for their active participation in the discussion and selection process. We would like to express our sincere gratitude to the ERCIM STM SteeringCommittee,anditschair,PierangelaSamarati,inparticular,fortheirguidance and support in the organization of the workshop. Thanks to Panagiotis Papadopoulos, for taking care of publicity. We would also like to thank Javier Lopez (ESORICS workshop chair), Sotiris Ioannidis (ESORICS workshop chair and ESORICS general chair), Ioannis Askoxylakis (ESORICS general chair), and Nikolaos Petroulakis, Andreas Miaoudakis, and Panos Chatziadam (ESORICS local organizers) for their support in the workshop organization and logistics. Lastbutcertainlynotleast,thankstoalltheauthorswhosubmittedpapersandtoall theworkshop’sattendees.WehopeyoufindtheproceedingsofSTM2016interesting and inspiring for your future research. September 2016 Gilles Barthe Evangelos Markatos Organization Program Committee Spiros Antonatos IBM Research, Dublin, Ireland Myrto Arapinis University of Birmingham, UK Elias Athanasopoulos Vrije Universiteit Amsterdam, The Netherlands Davide Balzarotti Eurecom, France Gilles Barthe IMDEA Software Institute, Spain Gustavo Betarte InCo, Universidad de la República, Uruguay Stefano Calzavara Università Ca’ Foscari Venezia, Italy Cas Cremers University of Oxford, UK Jorge Cuellar Siemens AG, Germany Hervé Debar Télécom SudParis, France Carmen Fernández-Gago University of Malaga, Spain Sara Foresti Università degli Studi di Milano, Italy Michael Huth Imperial College London, UK ChristianDamsgaardJensen Technical University of Denmark, Denmark Martin Johns SAP Research, Germany Dogan Kesdogan Universität Regensburg, Germany Marek Klonowski Wroclaw UT, Poland Daniel Le Métayer Inria, France Yang Liu Nanyang Technological University, Singapore Giovanni Livraga Università degli Studi di Milano, Italy Javier Lopez University of Malaga, Spain Evangelos Markatos ICS/FORTH, Greece Fabio Martinelli IIT-CNR, Italy Sjouke Mauw University of Luxembourg, Luxembourg Catherine Meadows NRL, USA Martín Ochoa Technische Universität München, Germany Evangelos Ouzounis ENISA, Greece Nineta Polemi University of Pireaus, Greece Erik Poll Radboud Universiteit Nijmegen, The Netherlands Michalis Polychronakis Stony Brook University, USA Silvio Ranise FBK-Irst, Italy Michael Rusinowitch LORIA, Inria Nancy, France Alejandro Russo Chalmers University of Technology, Sweden Pierangela Samarati Università degli Studi di Milano, Italy Steve Schneider University of Surrey, UK Rolando Trujillo University of Luxembourg, Luxembourg Edgar Weippl SBA Research, Austria VIII Organization Fabian Yamaguchi TU Braunschweig, Germany Stefano Zanero Politecnico di Milano, Italy Additional Reviewers Arp, Daniel Papadopoulos, Panagiotis Christou, George Polemi, Nineta De Capitani di Vimercati, Sabrina Ramírez-Cruz, Yunior Degkleri, Eirini Aikaterini Rocchetto, Marco Deyannis, Dimitris Roth, Christian Engelke, Toralf Sciarretta, Giada Ilia, Panagiotis Smith, Zach Imine, Abdessamad Traverso, Riccardo Issel, Katharina Troncoso, Carmela Jhawar, Ravi Yautsiukhin, Artsiom Kasse, Paraskevi Contents Towards a Personal Security Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Christof Rath, Thomas Niedermair, and Thomas Zefferer Retrofitting Mutual Authentication to GSM Using RAND Hijacking. . . . . . . 17 Mohammed Shafiul Alam Khan and Chris J. Mitchell DAPA: Degradation-Aware Privacy Analysis of Android Apps. . . . . . . . . . . 32 Gianluca Barbon, Agostino Cortesi, Pietro Ferrara, and Enrico Steffinlongo Access Control Enforcement for Selective Disclosure of Linked Data . . . . . . 47 Tarek Sayah, Emmanuel Coquery, Romuald Thion, and Mohand-Saïd Hacid Enforcement of U-XACML History-Based Usage Control Policy . . . . . . . . . 64 Fabio Martinelli, Ilaria Matteucci, Paolo Mori, and Andrea Saracino Access Control for Weakly Consistent Replicated Information Systems . . . . . 82 Mathias Weber, Annette Bieniusa, and Arnd Poetzsch-Heffter Privacy-Aware Trust Negotiation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98 Ruben Rios, Carmen Fernandez-Gago, and Javier Lopez Securely Derived Identity Credentials on Smart Phones via Self-enrolment. . . 106 Fabian van den Broek, Brinda Hampiholi, and Bart Jacobs Distributed Immutabilization of Secure Logs . . . . . . . . . . . . . . . . . . . . . . . 122 Jordi Cucurull and Jordi Puiggalí A Stochastic Framework for Quantitative Analysis of Attack-Defense Trees. . . 138 Ravi Jhawar, Karim Lounis, and Sjouke Mauw Information Security as Strategic (In)effectivity. . . . . . . . . . . . . . . . . . . . . . 154 Wojciech Jamroga and Masoud Tabatabaei Analysing the Efficacy of Security Policies in Cyber-Physical Socio-Technical Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170 Gabriele Lenzini, Sjouke Mauw, and Samir Ouchani Formal Analysis of Vulnerabilities of Web Applications Based on SQL Injection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179 Federico De Meo, Marco Rocchetto, and Luca Viganò X Contents MalloryWorker: Stealthy Computation and Covert Channels Using Web Workers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196 Michael Rushanan, David Russell, and Aviel D. Rubin PSHAPE: Automatically Combining Gadgets for Arbitrary Method Execution. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212 Andreas Follner, Alexandre Bartel, Hui Peng, Yu-Chen Chang, Kyriakos Ispoglou, Mathias Payer, and Eric Bodden Author Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.