Computer Security – ESORICS 2009: 14th European Symposium on Research in Computer Security, Saint-Malo, France, September 21-23, 2009. Proceedings

Front Matter....Pages -
Learning More about the Underground Economy: A Case-Study of Keyloggers and Dropzones....Pages 1-18
User-Centric Handling of Identity Agent Compromise....Pages 19-36
The Coremelt Attack....Pages 37-52
Type-Based Analysis of PIN Processing APIs....Pages 53-68
Declassification with Explicit Reference Points....Pages 69-85
Tracking Information Flow in Dynamic Tree Structures....Pages 86-103
Lightweight Opportunistic Tunneling (LOT)....Pages 104-119
Hide and Seek in Time — Robust Covert Timing Channels....Pages 120-135
Authentic Time-Stamps for Archival Storage....Pages 136-151
Towards a Theory of Accountability and Audit....Pages 152-167
Reliable Evidence: Auditability by Typing....Pages 168-183
PCAL: Language Support for Proof-Carrying Authorization Systems....Pages 184-199
ReFormat: Automatic Reverse Engineering of Encrypted Messages....Pages 200-215
Protocol Normalization Using Attribute Grammars....Pages 216-231
Automatically Generating Models for Botnet Detection....Pages 232-249
Dynamic Enforcement of Abstract Separation of Duty Constraints....Pages 250-267
Usable Access Control in Collaborative Environments: Authorization Based on People-Tagging....Pages 268-284
Requirements and Protocols for Inference-Proof Interactions in Information Systems....Pages 285-302
A Privacy Preservation Model for Facebook-Style Social Network Systems....Pages 303-320
New Privacy Results on Synchronized RFID Authentication Protocols against Tag Tracing....Pages 321-336
Isolating JavaScript with Filters, Rewriting, and Wrappers....Pages 505-522
An Effective Method for Combating Malicious Scripts Clickbots....Pages 523-538
Client-Side Detection of XSS Worms by Monitoring Payload Propagation....Pages 539-554
Secure Pseudonymous Channels....Pages 337-354
Cumulative Attestation Kernels for Embedded Systems....Pages 655-670
Formal Indistinguishability Extended to the Random Oracle Model....Pages 555-570
Computationally Sound Analysis of a Probabilistic Contract Signing Protocol....Pages 571-586
Attribute-Sets: A Practically Motivated Enhancement to Attribute-Based Encryption....Pages 587-604
Enabling Public Verifiability and Data Dynamics for Storage Security in Cloud Computing....Pages 355-370
Content Delivery Networks: Protection or Threat?....Pages 371-389
Model-Checking DoS Amplification for VoIP Session Initiation....Pages 390-405
A Generic Security API for Symmetric Key Management on Cryptographic Devices....Pages 605-620
ID-Based Secure Distance Bounding and Localization....Pages 621-636
Secure Ownership and Ownership Transfer in RFID Systems....Pages 637-654
The Wisdom of Crowds: Attacks and Optimal Constructions....Pages 406-423
Secure Evaluation of Private Linear Branching Programs with Medical Applications....Pages 424-439
Keep a Few: Outsourcing Data While Maintaining Confidentiality....Pages 440-455
Data Structures with Unpredictable Timing....Pages 456-471
WORM-SEAL: Trustworthy Data Retention and Verification for Regulatory Compliance....Pages 472-488
Corruption-Localizing Hashing....Pages 489-504
Super-Efficient Aggregating History-Independent Persistent Authenticated Dictionaries....Pages 671-688
Set Covering Problems in Role-Based Access Control....Pages 689-704
Back Matter....Pages -