Program

Monday, September 26, 2016

8.45 - 9.00 Welcome and opening
9.00 - 10.30 Session 1: Invited talk (Chair: Gilles Barthe)

Bogdan Warinschi, University of Bristol
Foundations of Hardware-based Attested Computation and Applications of SGX
10.30 - 11.00 Coffee Break
11.00 - 12.30 Session 2: Embedded Systems (Chair: Panos Papadopoulos)

Towards a Personal Security Device
Christof Rath, Thomas Niedermair and Thomas Zefferer

Retrofitting mutual authentication to GSM using RAND hijacking
Mohammed Shafiul Alam Khan and Chris J Mitchell

DAPA: Degradation-Aware Privacy Analysis of Android Apps
Gianluca Barbon, Enrico Steffinlongo, Agostino Cortesi and Pietro Ferrara
12.30 - 14.00 Lunch Break
14.00 - 15.30 Session 3: Access Control (Chair: Bogdan Warinschi)

Access Control Enforcement for Selective Disclosure of Linked Data
Tarek Sayah, Emmanuel Coquery, Romuald Thion and Mohand-Said Hacid

History-based Usage Control Policy Enforcement
Fabio Martinelli, Ilaria Matteucci, Paolo Mori and Andrea Saracino

Access Control for Weakly Consistent Replicated Information Systems
Mathias Weber, Annette Bieniusa and Arnd Poetzsch-Heffter
15.30 - 16.00 Coffee Break
16.00 - 17.00 Session 4: PhD award talk
Alexandra Dmitrienko, ETH
Advances in Smartphone Security: Attacks, Defenses and Applications

Tuesday, September 27, 2016

9.00 - 10.30 Session 5: Privacy (Chair: Alexandra Dmitrienko)

Privacy-Aware Trust Negotiation
Ruben Rios, Carmen Fernandez-Gago and Javier Lopez

Securely derived identity credentials on smart phones via self-enrolment
Brinda Hampiholi, Fabian Van Den Broek and Bart Jacobs

Distributed immutabilization of secure logs
Jordi Cucurull and Jordi Puiggali
10.30 - 11.00 Coffee Break
11.00 - 12.30 Session 6: Analysis (Chair: Agostino Cortesi)

A Stochastic Framework for Quantitative Analysis of Attack-Defense Trees
Ravi Jhawar, Karim Lounis and Sjouke Mauw

Information Security as Strategic (In)effectivity
Wojtek Jamroga and Masoud Tabatabaei

Analysing the Efficacy of Security Policies in Cyber-Physical Socio-Technical Systems
Samir Ouchani, Gabriele Lenzini and Sjouke Mauw
12.30 - 14.00 Lunch Break
14.00 - 15.30 Session 7: Web and System Security (Chair: Evangelos Markatos)

Formal Analysis of Vulnerabilities of Web Applications Based on SQL Injection
Federico De Meo, Marco Rocchetto and Luca ViganĂ²

MalloryWorker: Stealthy Computation and Covert Channels using Web Workers
Michael Rushanan, David Russell and Aviel Rubin

PSHAPE: Automatically Combining Gadgets for Arbitrary Method Execution
Andreas Follner, Alexandre Bartel, Hui Peng, Yu-Chen Chang, Kyriakos Ispoglou, Mathias Payer and Eric Bodden