Twenty-Third Annual Computer Security Applications Conference (ACSAC)

Practical Solutions To Real World Security Problems


December 10-14, 2007
Miami Beach Resort and Spa
Miami Beach, FL, USA

Presented by acsalogonew-lite.gif

Welcome from Conference Chair

Welcome to the 23rd Annual Computer Security Applications Conference!

We are happy to welcome you to the 23rd ACSAC! This year's conference has an outstanding line-up of speakers, presenters, panelists and instructors, all ready to share their expertise with you. We are also counting on you to share your experiences and enrich the conference discussions and debates.

The overall focus of the 2007 ACSAC is forward-looking, defining solutions to today's and tomorrow's major threats and security problems. We build on our scientific and practical legacy (represented by our Classic Paper presentation) and look toward the future - the tutorials, workshop, technical papers, works-in-progress session and case studies present leading-edge advances in our field. We also focus on applied rather than theoretical security, so ideas and solutions you will find here might be directly applicable to your work. Beside the conference, we hope you will enjoy our location in Miami Beach - the conference hotel is one of the real classics in this famous area.

My job as conference chair has allowed me to work with an extremely talented group of people committed to bringing you the best possible security conference. I sincerely thank them for all their hard work over the course of the year.

I would like to also thank you, the attendees, for choosing ACSAC as the venue to share your ideas and to learn. Never hesitate to send us your ideas and comments. This year we have an on-line survey at - we encourage you to fill it for a chance to win the survey prize.

Again, welcome to the conference - we hope you will enjoy its remarkable level of scholarship, and come back next year for the 24th ACSAC in Anaheim, California.

Cristina Serban, PhD, CISSP

2007 ACSAC Conference Chair

Welcome from Program Chair

Welcome to the 23rd Annual Computer Security Applications Conference.

This year's program includes 40 papers in the technical tracks. In response to the call for papers, 191 papers were submitted to the conference. These papers were evaluated on the basis of their significance, novelty, technical quality, and practical impact. As in previous years, reviewing was "double-blind": the identities of reviewers were not revealed to the authors of the papers and author identities were not revealed to the reviewers. The program committee meeting was held electronically, yielding intensive discussion over a period of two weeks. Of the papers submitted, 40 were selected for presentation at the conference, giving an acceptance rate lower than 22%. Besides the technical program composed of the papers collated in this proceedings, the conference includes invited talks, panels, case studies, panels, and work in progress presentations.

A conference like this just does not happen; it depends on the volunteer efforts of a host of individuals. There is a long list of people who volunteered their time and energy to put together the workshop and who deserve special thanks. Thanks to all the members of the program committee, and the external reviewers, for all their hard work in the paper evaluation. Due to the large number of submission program committee members were really required hard work in a short time frame, and we are very thankful to them for the committment they showed with their active participation in the electronic discussion. We are also very grateful to all those people whose work ensured a smooth organization process: Cristina Serban, for her support, advices and overall organization as General Chair, Carrie Gates, for taking care of publicity, Robert Zakon for maintaining the web pages and for support and help with the Openconf system, Rick Parker for constructing the printed program, and Richard Smith for collating the proceedings. Thank you also to all those people who served in different capacities for organizing the conference: Daniel Faigin for the tutorials, Tom Haigh for the invited talks, Paul Jardetzky for the panels, Steven Rome for the case studies, and John McDermott for the works in progress.

Last but certainly not least our thanks go to all the authors who submitted papers and all the attendees. We hope you find the program stimulating and a source of inspiration for your future research and practical development.

Pierangela Samarati and Charlie Payne (ACSAC'07 PC chairs)


ACSAC is pleased to present nine tutorials this year on Monday, December 10, 2007 and Tuesday, December 12, 2007:

See the descriptions that follow for more details about each tutorial, its instructor(s) and when it will be given. If you are a CISSP, note that attendance at these tutorials can help you meet your continuing education requirements.

Attendees enrolled in any of the following tutorials are provided lunch on the day of their tutorial.

Although everyone attending a tutorial will be provided a copy of the materials used by the instructor, only those who pre-register for the tutorial will be guaranteed the tutorial materials at the beginning of the tutorial instruction. See the registration form for more information. Please note the tutorial registration fees are for tutorials only; registration for the technical portion of the Conference is separate.

Tutorial M1

Web Services Security, Techniques and Challenges
Speakers: Dr. Anoop Singhal, NIST & Mr. Gunnar Peterson, Arctec Group
Time: Monday 12/10/2007 Full-Day Tutorial

The advance of Web services technologies promises to have far-reaching effects on the Internet and enterprise networks. Web services based on the eXtensible Markup Language (XML), Simple Object Access Protocol (SOAP), and related open standards, and deployed in Service Oriented Architectures (SOA) allow data and applications to interact without human intervention through dynamic and ad hoc connections. Web services technology can be implemented in a wide variety of architectures, can co-exist with other technologies and software design approaches, and can be adopted in an evolutionary manner without requiring major transformations to legacy applications and databases. The security challenges presented by the Web services approach are formidable and unavoidable. Many of the features that make Web services attractive, including greater accessibility of data, dynamic application-to-application connections, and relative autonomy (lack of human intervention) are at odds with traditional security models and controls. Difficult issues and unsolved problems exist, such as the following:

  1. Confidentiality and integrity of data transmitted via Web services protocols in service-to-service transactions, including data that transits intermediary (pass-through) services.
  2. Functional integrity of the Web services themselves, requiring both establishment in advance of the trustworthiness of services to be included in service orchestrations or choreographies, and the establishment of trust between services on a per transaction basis.
  3. Availability in the face of denial of service attacks that exploit vulnerabilities unique to Web service technologies, especially targeting core services, such as discovery service, on which other services rely.

Perimeter-based network security technologies (e.g., firewalls, intrusion detection) are inadequate to protect SOAs due to the following reasons:

The SOA processing model requires the ability to secure SOAP messages and XML documents as they are forwarded along potentially long and complex chains of consumer, provider, and intermediary services. The nature of Web services processing makes those services subject to unique attacks, as well as variations on familiar attacks targeting Web servers.

Ensuring the security of Web services involves implementation of new security models based on use of authentication, authorization, confidentiality, and integrity mechanisms. This tutorial will discuss how to implement those security mechanisms in Web services. It also discusses how to make Web services and portal applications robust against the attacks to which they are subject. The following is a summary of some of the topics that will be discussed

  1. WS-Security
  2. XML Security using XML Encryption and XML Signatures
  3. Threats facing Web Services
  4. Policy and Access control using WS-Policy, XACML and SAML
  5. Security Management using WS-Trust
  6. PKI for Web Services using XKMS
  7. Secure Implementation Tools and Techniques
  8. Recommendations for Web Services Security

Prerequisites: Participants should be familiar with concepts of network security and Web applications.

About the Instructors

Dr. Anoop Singhal is currently a Computer Scientist in the Computer Security Division at NIST. He has several years of Research experience at George Mason University, AT&T Labs and Bell Labs. As a Distinguished Member of Technical Staff at Bell Labs he has led several software projects in the area of Databases, Web Services and Network Management. He is a senior member of IEEE and he has published more than 20 papers in leading conferences and journals. He received his Ph.D. in Computer Science from Ohio State University, Columbus Ohio in 1985. He has given talks on Web Services Security in conferences such as ACSAC 2006 and RSA 2007.

Gunnar Peterson is a Managing Principal at Arctec Group. He is focused on distributed systems security for large mission critical financial, financial exchanges, healthcare, manufacturer, and insurance systems, as well as emerging start ups Mr. Peterson is an internationally recognized software security expert, frequently published, an Associate Editor for IEEE Security & Privacy Journal on Building Security In, an Associate Editor for Information Security Bulletin, a contributor to the SEI and DHS Build Security In portal on software security, and an in-demand speaker at security conferences.

Tutorial M2

Security Engineering
Speaker: Dr. Steven J. Greenwald, Independent Consultant
Time: Monday 12/10/2006 Full-Day Tutorial

Based on Ross Anderson’s carefully researched and eminently practical book Security Engineering: A Guide to Building Dependable Distributed Systems, this tutorial will cover how to make distributed systems more secure with the help of both technological mechanisms and management strategies. It will cover the entire field of computer security, although it is, of course, severely limited by the one-day format.

Real-world examples of how information systems have been defeated will be covered, as well as the uses of technology, policy, psychology, and legal issues.. Practical examples such as the security of ATM machines, multi-level security, information warfare, hardware security, e-commerce, intellectual property protection, biometrics, and tamper resistance will be covered. Each section will examine what goes wrong.

Prerequisites: None.

High Level Outline

  1. A Quick Overview of Security Engineering Basics (1 hour).
  2. Conventional Computer Security Issues (1 hour).
  3. Hardware Engineering Aspects of Information Security (1 hour).
  4. Attacks on Networks (1 hour).
  5. Electronic Commerce (1 hour).
  6. Policy, Management, and Assurance (1 hour)
  7. Conclusions and General Q&A (½ hour).

About the Instructor

Dr. Steven J. Greenwald is an Independent Consultant in the field of Information Systems Security specializing in distributed security, formal methods, security policy modeling, and related areas. He also works with organizational security policy consulting, evaluation, training, and auditing.

Dr. Greenwald is also a Research Fellow of Virginia’s Commonwealth Information Security Center (CISC) and an adjunct professor at James Madison University (an NSA Designated Center of Academic Excellence in Information Security Assurance) where he teaches several graduate courses for their M.S. degree in Computer Science concentrating in INFOSEC.

Dr. Greenwald served as the 2001 General Chair of the New Security Paradigms Workshop (NSPW), has been past Program Chair for NSPW, and also serves on the program committees of other conferences. He is a member of the Association for Computer Machinery and the IEEE Computer Society. More information about him, including his publications, can be found at his web site at

Tutorial M3

Broadcast Encryption and Traitor Tracing for Content Protection
Speaker: Dr. Hongxia Jin, IBM Almaden Research Center
Time: Monday Morning, 12/10/2007 Half-Day Tutorial

Today we live in a digital world. The advent of digital technologies has made the creation and manipulation of multimedia content simpler. It offers higher quality and a lot more convenience to consumers. For example, it allows one to make perfect copies. Furthermore, the rapid advance of network technologies, cheaper storage and larger bandwidth have enabled new business models on electronically distributing and delivering multimedia content. However, unauthorized music and movie copying are eating a big bite of the profit of the record industry and the movie studios. The success of these emerging business models hinges on the ability to only deliver the content to authorized customers. It is highly desirable to develop techniques to protect the copyrighted material and defend against piracy.

Broadcast encryption and traitor tracing are two technologies that have received extensive studies in cryptography literatures. Of course bringing them to practice is a different question. There are many issues that the theoretical community has overlooked in order to bring the solution to practice. Based on the author’s first hand experience on design, implementation and deployment of solutions for content protection, this introductory tutorial teaches security researchers and practitioners the basic key management and forensic techniques to protect copyright and defend against piracy in real world. The focus of this tutorial is on multimedia content. We cover from broadcast encryption, revocation, tracing traitors, emerging standards, state-of-the-art and state-of-the-practice key management and forensic approaches. The tutorial will cover the gap between state-of-art and practice and show our experience on how to bring a theoretical solution to practice.

The attendees will walk away with an understanding of the primary technologies that can be used for content protection, different types of potential pirate attacks and challenges associated with defending against each attack. Intermediate students will have the opportunity to get summary of existing key management and forensic techniques against different types of pirate attacks. Academic researchers will walk away with an understanding of challenges arising to bring a theoretical solution to practice as well as potential new research directions that have been largely overlooked from academia in this area. Industrial practitioners will walk away with an understanding of real world forensic systems, from design, legal issues, to adoption.

The tutorial handouts will include slides, an annotated bibliography consisting of leading references and landmark papers, and relevant URLs to standards.

Prerequisites: This tutorial is targeted at a beginner to intermediate audience; only basic background on cryptography is assumed.

High Level Outline

  1. Introduction
    History of content protection systems, DRM, CCS system, New industry standards: 4C and AACS, Key Management Approaches
  2. Broadcast Encryption
    Current State of the art; current state of practice, Matrix-based: CPRM, Tree-based: NNL, Potential attacks
  3. Forensic Technologies
    Tracing Traitors for pirate decoder attack, Traitor tracing for anonymous attack, Emerging models
  4. Future of Content Protection
    Research directions

About the Instructor

Dr. Hongxia Jin brings expertise in mainstream content protection technologies and first-hand design, implementation and deployment of key generation, management and forensic systems in real world.

Hongxia Jin obtained her Ph.D. degree in computer science from the Johns Hopkins University in 1999 and worked as a Research Staff Member for IBM research ever since.

She is currently at the IBM Almaden Research Center, where she is the leading researcher working on key management, broadcast encryption and traitor tracing technologies. The key management and forensic technologies she developed have been chosen as the core technologies by AACS, a new content protection industry standards for managing content stored on the next generation of pre-recorded and recorded optical media for consumer use with PCs and consumer electronic devices. She has filed a dozen patents in this area. She also published numerous papers and couple invited book chapters.

Tutorial M4

Web Injection Attacks
Speaker: Dr. V. N. Venkatakrishnan, University of Illinois at Chicago
Time: Monday Afternoon, 12/10/2007 Half-Day Tutorial

In September, MITRE Corp., a corporation that runs three federally funded research and development centers, reported that Cross-Site Scripting and SQL Injection Attacks (SQLIA) are the two most common forms of web injection attacks in 2006. MITRE Corp. came to this conclusion after studying a list of more than 20,000 common vulnerability and exposures (CVE) for the year.

This tutorial will focus on Web injection attacks and defense strategies. We will focus on Cross Site Scripting (XSS) attacks and SQL injection attacks, while briefly discussing other forms of injection attacks.

Our discussion of web injection attack defense will include both vulnerability identification approaches and m attack prevention approaches. The former category consists of techniques that identify vulnerable locations in a web application that may lead to injection attacks. We will discuss several techniques (such as static analysis) for identifying vulnerable locations in a web application. We will then discuss numerous attack prevention mechanisms around a deployed application (such as taint based defenses) to prevent injection attacks.

This tutorial will cover both the state-of-art in research in these topics, as well as cover common industrial practices to address injection attacks. The tutorial will be addressed at a level that will engage both researchers and practitioners in system security.

Prerequisites: Some basic introduction in computer security is required.

High Level Outline

  1. Introduction
  2. Vulnerability identification mechanisms
  3. Attack Detection Mechanisms
  4. More advanced attacks
  5. Q & A

About the Instructor

Dr. V. N. Venkatakrishnan is an Assistant Professor of Computer Science at the University of Illinois at Chicago. He is currently co-director of the Center for Research and Instruction in Technologies for Electronic Security at UIC. His main research area is in using programming language based techniques for systems security. Specific research topics include web security, mobile code security, techniques for enforcing confidentiality and integrity policies in applications. He received his Ph.D degrees from Stony Brook University in 2004. He has one numerous awards including the best paper award at ACSAC 2003.

Tutorial T5

Hands-on Web Application Security
Speaker: Dr. Holger Peine, Fraunhofer-Institut Experimentelles Software-Engineering (IESE)
Time: Tuesday 12/11/2007 Full-Day Tutorial

Security breaches are discovered on a day-to-day basis in well-known and less well-known software, often covered in the media, and software vendors need to apply patching measures again and again that are both personnel-intensive and hurting their reputation. Since 2006, typical web application vulnerabilities like cross-site scripting and SQL injection occupy the top ranks of the security bug charts. Many of these problems could be avoided if application developers were better informed regarding the possible vulnerabilities and respective prevention measures for applications.

The goals of this tutorial are to:

This class introduces the most important security vulnerabilities of web applications and gives concrete advice how to avoid them. Vulnerabilities in the configuration of web servers (e.g. Apache, IIS) are not covered, nor are platform-specific vulnerabilities (e.g. J2EE, .NET). The class is performed in the form of frequently alternating between presentation by the instructor and hands-on implementation by the participants who will perform attacks on a live web application with about 20 known vulnerabilities by means of their web browser and a simple web proxy tool. Topics to be covered (see outline below) include recent trends like web services, Ajax, and CSRF.

Prerequisites: Participants should have a basic understanding of web technology (HTML, HTTP; will be reviewed shortly). To participate actively in the hands-on exercises, participants should bring a computer with WLAN interface, install a web proxy (“WebScarab”) on their computer, and familiarize themselves with some of its basic functions (software and instruction leaflet will be provided in advance). Participants without their own computer can watch the instructor present the exercise’s solution at the end of each exercise, or work with their seat neighbor. Instructor will bring server computer and wireless access point.

The web proxy software is implemented in Java and runs on virtually any computer. Installation requires no decisions from the user and does not require administrative rights; an uninstaller is included. The software does not, to our best knowledge, change any settings of the computer. Note, however, that ACSAC disclaims any liability for software installed as part of this course.

High Level Outline

About the Instructor

Dr. Holger Peine works at the Fraunhofer-Institut Experimentelles Software-Engineering (IESE) in Kaiserslautern (Germany) in the security department, developing and evaluating security concepts and tools for software, systems, and processes. He leads a research task force on techniques and tools for measurably secure and safe software. Dr. Peine has taught this tutorial repeatedly, and has taught numerous classes to English-speaking audiences, including at ACSAC.

Tutorial T6


Tutorial T7

Security Code Review for Java & J2EE Based Applications
Speaker: Edward Tracy, Booz Allen Hamilton
Time: Tuesday Afternoon 12/11/2007 Half-Day Tutorial

As Java is one of the predominant technologies for web applications, web services, and traditional desktop applications, many enterprises rely on it for application development. Yet, as with any custom code, Java developers are likely to make security errors largely due to ignorance and development processes that have not historically focused on security. Java source code review provides assurance about the security posture of your mission-critical applications.

This tutorial will provide a brief business case for code review, a technical overview of performing the code review, and a presentation on tools that can be used to conduct the review. Target audience is a technical lead for a code review team. However, entry-level reviewers will benefit from the specific technology guidance. And, CSOs and other management will benefit from the market discussion, process guidance, and takeaways.

Participants will walk away with specific guidance and checklists that cover low-level usage of Java, high-level Java and J2EE security libraries and tools, and usage of the popular application frameworks, Jakarta Struts and Acegi.

Prerequisites: Familiarity with Java technologies, be able to read code, know common frameworks.

High Level Outline

  1. Business Case for Code Review & Market Discussion
  2. Code Review of the Low-level Java Language
  3. Code Review of Java / J2EE Security Packages
  4. Code Review of High-level Security Mechanisms
  5. Reviewing Struts and Acegi for Security
  6. Process Outline for an Internal Review & 3rd-Party Review
  7. Reporting Results, Risk, and Remediation
  8. Overview of Tools to Augment Code Review

About the Instructor

Edward Tracy is a CISSP whose career has focused on the problem of application security, primarily with web applications. Edward began his career with the National Security Agency. He went on to co-found Aspect Security, Inc., a consulting firm that focuses on application security. Edward is now at Booz Allen Hamilton, where he is continuing to provide software security services and teach software security.

Edward is actively involved in industry efforts related to software security, including the Open Web Application Security Project (OWASP) and is the lead Java editor for the GIAC Secure Software Programmer certification.

Tutorial T8

Botnets - Understanding and Defending
Speaker: Bruce Potter, Booz Allen Hamilton
Time: Tuesday Morning, 12/11/2007 Half-Day Tutorial

Described by some as the largest threat to the global Internet, Botnets are largely hidden from the average Internet user. Botnets have a long legacy, and initially were not used for malicious purposes. However, as bots have evolved, they have taken on sinister uses. Using thousands of compromised machines, botnets can be used for a variety of tasks including sending mountains of spam, launching crushing Denial of Service attacks, or harvesting massive amounts of personal information. One of the unfortunate aspects of Botnets is that many individuals are active participants in botnets and do not even know it. Bots have become very sophisticated at hiding themselves from anti-virus and security programs. Also, many bots have even become resilient to large scale network security systems and represent problems to not just home users but to large enterprises as well.

This tutorial will provide the attendee with a broad view of the current Botnet problem and ways to defend systems from bot infections. We will initially focus on the history of botnets in order to understand the lineage of the problem we’re dealing with today. Next, we will examine all ways in which this zombie networks are used including sending spam, harvesting personal data, and holding online organizations hostage. The tutorial will provide an analysis of the scope of the botnet problem and will examine some of the larger networks in existence today. Then, we will break down the internal structure of several common bots such as SDBot and GTBot in order to understand the inner workings of these programs. Finally, we will discuss both host-based and network-based defense techniques that will help keep your network bot free.

Prerequisites: Basic understanding of networking and operating systems.

High Level Outline

  1. History of Botnets
  2. Botnet Uses
  3. Scope of Current Botnet Problem
  4. Common Botnet structure
  5. Host-based Botnet Defenses
  6. Networked-based Botnet Defenses
  7. Future of Botnets

About the Instructor

Bruce Potter is the founder of the Shmoo Group of security professionals, a group dedicated to working with the community on security, privacy, and crypto issues. His areas of expertise include wireless security, software assurance, pirate songs, and restoring hopeless vehicles. Mr. Potter has co-authored several books including "802.11 Security" and "Mastering FreeBSD and OpenBSD Security" published by O'Reilly and "Mac OS X Security" by New Riders. Mr. Potter was trained in computer science at the University of Alaska, Fairbanks. Bruce Potter is a Senior Associate with Booz Allen Hamilton.

Tutorial T9

VoIP Security Analysis - Tools and Attacks
Speaker: Siddhartha Gavirneni, Inter-Tel, Inc.
Time: Tuesday Afternoon 12/11/2007 Half-Day Tutorial

With the convergence of voice and data, an organization’s telecom infrastructure and communications are at a higher risk than ever before. Before deploying VoIP, the organization needs to be aware of the security risks. As administrators, and security experts, how can we help protect an organization’s VoIP infrastructure? This tutorial will help you understand some basic threats to SIP based VoIP. We will look at some tools that would help you analyze a VoIP product, and help you take steps to secure your VoIP network and infrastructure.

Prerequisites: Participants should be familiar with Networking and have a basic knowledge of VoIP (preferably SIP).

High Level Outline

  1. Introduction
  2. Some threats to VoIP - Overview and Examples
  3. Brief overview of SIP
  4. Some VoIP attack scenarios
  5. System setup
  6. VoIP Security Tools
  7. Recommendations
  8. Q and A Session

About the Instructor

Siddhartha Gavirneni is a software applications/systems engineer at Inter-Tel, Inc. He graduated from the University of Kansas with a Master of Science degree in Computer Engineering, with a focus on networking and security. He has been working on SIP based products at Inter-Tel for more than three years. Inter-Tel, Incorporated is a leading provider of voice and converged communications for businesses.

He has extensive experience teaching Information Security to grad students at the University of Kansas, and training network administrators in SIP and Inter-Tel products. He is Security+ certified, and is currently leading the security initiative for Inter-Tel products.


Title: Software Assurance Workshop
Chair: Harvey Rubinovitz, The MITRE Corporation

Tuesday, 11 December 2007, 8:30 a.m. - 4:30 p.m.

The disruption and economical loss due to software flaws, vulnerabilities, and malicious code is escalating. These flaws are exploited by attackers to compromise the enterprise’s security. In many cases the same classes of flaws are exploitable in the same types of applications. For example, the Open Web Application Security Project (OWASP) has published the top ten security vulnerabilities in web applications.

Software assurance attempts to provide a metric to ensure that the software will consistently perform the same way it was intended, even when it comes under attack. These metrics/procedures can include tools used to build, assess, and test the software, and to fortify the environment where the software will be deployed.

A number of organizations are trying to address the software assurance issue. The National Institute of Standards and Technology (NIST) conducts workshops such as the “Static Analysis Summit II”, November, 2007. The MITRE Corporation has initiated a number of efforts including: Common Vulnerabilities and Exposure (CVE), Common Weakness Enumeration (CWE), and Common Malware Enumeration (CME).

This workshop focused on Software Assurance, from how software developers can be better educated to the tools that are being used and further developed to improve the state of the art in software development. The workshop also looked at the need to facilitate the research and development of the next generation of Software Assurance standards and tools to assist in the creation of better assurance and more secure software.

Presentations included:

Technical Program

Wednesday, December 12, 2007, 8:30-10:00

Opening Plenary

Introductory remarks:
Cristina Serban, AT&T, Conference Chair
Pierangela Samarati, UniversitÓ degli Studi di Milano, Program Chair
Introduction of the Distinguished Practitioner
Charlie Payne, Adventium Labs
Distinguished Practitioner:
So You Think You Can Dance?
   Dr. Richard Kemmerer, University of California, Santa Barbara
This paper discusses the importance of keeping practitioners in mind when determining what research to pursue and when making design and implementation decisions as part of a research program. I will discuss how my 30 plus years of security research have been driven by the desire to provide products, tools, and techniques that are useful by practitioners. I will also discuss my view of what new security challenges the future has in store for us.
About the Speaker:

Richard A. Kemmerer is the Computer Science Leadership Professor and a past Department Chair of the Department of Computer Science at the University of California, Santa Barbara. Dr. Kemmerer received the B.S. degree in Mathematics from the Pennsylvania State University in 1966, and the M.S. and Ph.D. degrees in Computer Science from the University of California, Los Angeles, in 1976 and 1979, respectively. His research interests include formal specification and verification of systems, computer system security and reliability, programming and specification language design, and software engineering. He is author of the book Formal Specification and Verification of an Operating System Security Kernel and a co-author of Computers at Risk: Safe Computing in the Information Age, For the Record: Protecting Electronic Health Information, and Realizing the Potential of C4I: Fundamental Challenges.

Dr. Kemmerer is a Fellow of the IEEE Computer Society, a Fellow of the Association for Computing Machinery, a member of the IFIP Working Group 11.3 on Database Security, and a member of the International Association for Cryptologic Research. He is a past Editor-in-Chief of IEEE Transactions on Software Engineering and has served on the editorial boards of the ACM Computing Surveys and IEEE Security and Privacy. He currently serves on the Board of Governors of the IEEE Computer Society and on Microsoft's Trustworthy Computing Academic Advisory Board.

Wednesday, December 12, 2007, 10:30-12:00

Track 1: Technical Papers

Session: Operating Systems Security and Trusted Computing
Chair: Christoph Schuba, Sun Microsystems, Inc.

Establishing and Sustaining System Integrity via Root of Trust Installation.
Luke St. Clair, Pennsylvania State University
Joshua Schiffman, Pennsylvania State University
Trent Jaeger, Pennsylvania State University
Patrick McDaniel, Pennsylvania State University

Tampering with Special Purpose Trusted Computing Devices: A Case Study in Optical Scan E-Voting.
Aggelos Kiayias, University of Connecticut
Laurent Michel, University of Connecticut
Alexander Russel, University of Connecticut
Narasimha Sashidar, University of Connecticut
Andrew See, University of Connecticut
Alexander Shvartsman, University of Connecticut
Seda Davtyan, University of Connecticut

Toward a Medium-Robustness Separation Kernel Protection Profile.
Rance DeLong, Santa Clara University
Thuy Nguyen, Naval Postgraduate School
Cynthia Irvine, Naval Postgraduate School
Timothy Levin, Naval Postgraduate School

Track 2: Technical Papers

Session: Malware and Intrusion Detection
Chair: Arthur Friedman, NSA

Improving Signature Testing Through Dynamic Data Flow Analysis.
Christopher Kruegel, Technical University Vienna
Davide Balzarotti, UC Santa Barbara
William Robertson, UC Santa Barbara
Giovanni Vigna, UC Santa Barbara

HoneyIM: Fast Detection and Suppression of Instant Messaging Malware in Enterprise-like Networks.
Mengjun Xie, College of William and Mary
Zhenyu Wu, College of William and Mary
Haining Wang, College of William and Mary

Feature Omission Vulnerabilities: Thwarting Signature Generation for Polymorphic Worms.
Matthew Van Gundy, University of California, Davis
Hao Chen, University of California, Davis
Zhendong Su, University of California, Davis
Giovanni Vigna, University of California, Santa Barbara

Track 3: Case Studies

Session: Case Studies

Protecting data privacy from the power of the database administrator.
Barbara Banks, SYBASE

Coalition Warrior Interoperability Demonstration (CWID) 2007: A Case Study in International Cross-Domain Network Communications secured by strategic deployment of one-way data transfer systems.
Jeffrey Menoher, Owl Computing Technologies, Inc.

A Case-Study of a Control System Cyber Security Event.
Marshall Abrams, The MITRE Corporation

Additional Information:

Wednesday, December 12, 2007, 13:30-15:00

Track 1: Technical Papers

Session: Database Security
Chair: Anoop Singhal, NIST

Toward Realistic and Artifact-Free Insider-Threat Data.
Kevin Killourhy, Carnegie Mellon University
Roy Maxion, Carnegie Mellon University

Database Isolation and Filtering against Data Corruption Attacks.
Meng Yu, Western Illinois University
Wanyu Zang, Western Illinois University
Peng Liu, The Pennsylvania State University, University Park

Sania: Syntactic and Semantic Analysis for Automated Testing Against SQL Injection.
Yuji Kosuga, Keio University
Kenji Kono, Keio University
Miyuki Hanaoka, Keio University
Miho Hishiyama, IX Knowledge Inc.
Yu Takahama, IX Knowledge Inc.

Track 2: Panel

Title: New Security Paradigms
Chair: Matt Bishop, UC Davis

This panel presents a selection of the best, most interesting, and most provocative work from the New Security Paradigms Workshop 2007. For fifteen years, the New Security Paradigms Workshop (NSPW) has provided a productive and highly interactive forum for innovative new approaches to computer security.

The panel presentations and discussions are intended to capture the lively interaction and debate that occurs between audience and panel members during an NSPW presentation. Each panelist will be given just five minutes of uninterrupted `formal' presentation time. The formal presentation of each panelist is deliberately short; it is intended to ensure that their paradigm thesis will be immediately accessible to the audience and thus encourage interaction from the audience.

Track 3: Case Studies

Session: Case Studies

FORENSICS Case Study: How Nation States Are Attacking the US Industrial Base.
Ron Ritchey, Booz Allen Hamilton

Emerging IT Trends and their Implications to the C&A Process.
Ed Rodriguez, Booz Allen Hamilton

Penetration Testing Lessons Learned.
Dave Aitel, Immunity

Wednesday, December 12, 2007, 15:30-17:00

Track 1: Technical Papers

Session: Applied Cryptography
Chair: Steven Greenwald , Independent Consultant

Closed-Circuit Unobservable Voice over IP.
Carlos Aguilar Melchor, XLIM, UniversitÚ de Limoges
Yves Deswarte, LAAS-CNRS, UniversitÚ de Toulouse
Julien Igutchi-Cartigny, XLIM, UniversitÚ de Limoges

SSARES: Secure Searchable Automated Remote Email Storage.
Adam J. Aviv, Columbia University
Michael E. Locasto, Columbia University
Shaya Potter, Columbia University
Angelos D. Keromytis, Columbia University

Track 2: Technical Papers

Session: Misuse Detection and Forensics
Chair: Carrie Gates , CA Labs

The Design and Development of an Undercover Multipurpose Anti-Spoofing Kit (UnMask).
Sudhir Aggarwal, Florida State University
Jasbinder Bali, Florida State University
Zhenhai Duan, Florida State University
Leo Kermes, Florida State University
Wayne Liu, Florida State University
Shahank Sahai, Florida State University
Zhenghui Zhu, Florida State University

Efficiency Issues of Rete-based Expert Systems for Misuse Detection.
Michael Meier, University of Dortmund
Ulrich Flegel, University of Dortmund
Sebastian Schmerl, Brandenburg University of Technology Cottbus

Tracking Darkports for Network Defense.
David Whyte, Carleton University
Paul van Oorschot, Carleton University
Evangelos Kranakis, Carleton University

Track 3: Case Studies

Session: Case Studies

DETER Testbed for Security Experimentation.
Ted Faber, USC

Anatomy of Denial of Service Attack and Defense in a Lab Environment.
Dongqing Yuan and Jinling Zhong, Fairmont State University

Secure Integration of Military and Civilian C2.
John A. Sturm, NuParadigm Government Systems

Thursday, December 13, 2007, 8:30-10:00

Invited Essayist and Classic Paper Plenary

Introduction of the Invited Essayist
Tom Haigh, Adventium Labs

Invited Essayist:
Personal privacy without computational obscurity: Rethinking privacy protection strategies for open information networks
   Daniel J. Weitzner CSAIL Decentralized Information Group Massachusetts Institute of Technology
Throughout the history of computer and network security research, privacy has been treated as synonymous with confidentiality, with the presumed high water mark of privacy being mathematically-provable anonymity. Despite the fact that technical innovation in cryptography and network security has enabled all manner of confidentiality control over the exposure of identity in information systems, the vast majority of Internet users remain deeply worried about their privacy rights and correctly believe that they are far more exposed today than they might have been a generation earlier. Have we just failed to deploy the proper security technology to protect privacy, are our laws inadequate to meet present day privacy threats, or is have business practices and social conventions simply rendered privacy dead? While there is some truth to each possibility, the central failure to achieve robust privacy in the information age can be traced to an a long-standing mis-assocation of privacy with confidentiality and access control. In order to revitalize privacy protection, we should shift our legal attention away from rules limiting disclosure of personal information toward policies governing how personal information can be used. And technical efforts currently focused on access control and anonymization should be redirected toward technical measures that make information usage more transparent and accountable to clearly stated policies that address proper and improper users of personal information.
About the Speaker:

Daniel Weitzner is Co-Director of the MIT CSAIL Decentralized Information Group, teaches Internet public policy in the Electrical Engineering and Computer Science Department, and is Policy Director of the World Wide Web Consortium's Technology and Society activities. At DIG he leads research on the development of new technology and public policy models for addressing legal challenges raised by the Web, including privacy, intellectual property, identity management and new regulatory models for the Web. At W3C he is responsible for Web standards needed to address public policy requirements, including the Platform for Privacy Preference (P3P) and XML Security technologies. He was the first to advocate user control technologies such as content filtering to protect children and avoid government censorship. These arguments played a critical role in the landmark Internet freedom of expression case in the United States Supreme Court, Reno v. ACLU (1997). In 1994, his advocacy work won legal protections for email and web logs in the US Electronic Communications Privacy Act.

Weitzner was co-founder and Deputy Director of the Center for Democracy and Technology, and Deputy Policy Director of the Electronic Frontier Foundation. He serves on the Boards of Directors of the Center for Democracy and Technology, the Software Freedom Law Center, and the Internet Education Foundation.

Weitzner has law degree from Buffalo Law School, and a B.A. in Philosophy from Swarthmore College. His writings have appeared in Science magazine, the Yale Law Review, Communications of the ACM, Computerworld, Wired Magazine, Social Research, Electronic Networking: Research, Applications & Policy, and The Whole Earth Review.

Introduction of the Classic Papers
Tom Haigh, Adventium Labs

Classic Paper:
Distributed Secure Systems: Then and Now
   Brian Randell, Computing Laboratory, University of Newcastle upon Tyne and John Rushby, Computer Science Laboratory, SRI International

The early 1980s saw the development of some rather sophisticated distributed systems. These were not merely networked file systems: rather, using remote procedure calls, hierarchical naming, and what would now be called middleware, they allowed a collection of systems to operate as a coherent whole. One such system in particular was developed at Newcastle which allowed pre-existing applications and (Unix) systems to be used, completely unchanged, as components of an apparently standard large (multi-processor) Unix xystem.

The Distributed Secure System (DSS) described in our 1983 paper proposed a new way to construct secure systems by exploiting the design freedom created by this form of distributed computing. The DSS separated the security concerns of policy enforcement from those due to resource sharing and used a variety of mechanisms (dedicated components, cryptography, periods processing, separation kernels) to manage resource sharing in ways that were simpler than before.

In this retrospective, we provide the full original text of our DSS paper, prefaced by an introductory discussion of the DSS in the context of its time, and followed by an account of the subsequent implementation and deployment of an industrial prototype of DSS, and a description of its modern interpretation in the form of the MILS architecture. We conclude by outlining current opportunities and challenges presented by this approach to security.

About the Speaker:

John Rushby received B.Sc. and Ph.D. degrees in computing science from the University of Newcastle upon Tyne in 1971 and 1977, respectively. He joined the Computer Science Laboratory of SRI International in 1983, and served as its director from 1986 to 1990; he currently manages its research program in formal methods and dependable systems, which develops the highly regarded and widely used PVS verification system, the SAL suite of model checkers, and the Yices SMT solver. Prior to joining SRI, he held academic positions at the Universities of Manchester and Newcastle upon Tyne in England. His research interests center on the use of formal methods for problems in the design and assurance of secure and dependable systems.

Dr. Rushby is a former associate editor for Communications of the ACM, IEEE Transactions on Software engineering, and Formal Aspects of Computing. He is the author of the (now rather outdated) chapter on formal methods for the FAA Certification Handbook, and a member of a National Research Council study that recently delivered its report "Software for Dependable Systems: Sufficient Evidence?". His publications are available online at

Thursday, December 13, 2007, 10:30-12:00

Track 1: Technical Papers

Session: Access Control
Chair: Lil lian Rostad , Norwegian U. of Science and Technology

Extensible Pre-Authentication in Kerberos.
Phillip Hellewell, Brigham Young University
Tim van der Horst, Brigham Young University
Kent Seamons, Brigham Young University

Quarantining Untrusted Entities: Dynamic Sandboxing using LEAP.
Manigandan Radhakrishnan, University of Illinois at Chicago
Jon Solworth, University of Illiinois at Chicago

Retrofitting the IBM POWER Hypervisor to Support Mandatory Access Control.
Enriquillo Valdez, IBM T. J. Watson Research Center
Reiner Sailer, IBM T. J. Watson Research Center
Ronald Perez, IBM T. J. Watson Research Center

Track 2: Technical Papers

Session: Wireless and Mobile Systems Security
Chair: Konstantin Beznosov , University of British Columbia

Extending the Java Virtual Machine to Enforce Fine-Grained Security Policies in Mobile Devices.
Boris Dragovic, CREATE-NET
Bruno Crispo, University of Trento

Countering False Accusations and Collusion in the Detection of In-Band Wormholes.
Daniel Sterne, SPARTA
Geoffrey Lawler, SPARTA
Richard Gopaul, U.S. Army Research Laboratory
Brian Rivera, U.S. Army Research Laboratory
Kelvin Marcus, U.S. Army Research Laboratory
Peter Kruus, The Johns Hopkins University Applied Physics Laboratory

Efficient Distributed Detection of Node Replication Attacks in Sensor Networks.
Bo Zhu, Concordia University
Gopal Addada, George Mason University
Sanjeev Setia, George Mason University
Sushil Jajodia, George Mason University
Sankardas Roy, George Mason University

Track 3: Case Studies

Session: DNI-DOD C&A Transformation Initiative-Part I
Building a Common Information Security Foundation
Presentations by Gary Stoneburner, JH/APL and Sharon Ehlers, ONDI/CIO

Thursday, December 13, 2007, 13:30-15:00

Track 1: Technical Papers

Session: Security Engineering
Chair: Reiner Sailer , IBM T.J. Watson Research Center

Exploring Security Usability Principles for Vulnerability Analysis and Risk Assessment.
Audun Josang, Queensland University of Technology
Bander AlFayyadh, Queensland University of Technology
Tyrone Grandison, IBM Almaden Research
Mohammed AlZomai, Queensland University of Technology
Judith McNamara, Queensland University of Technology

Breaking Visual CAPTCHAs with Na´ve Pattern Recognition Algorithms.
Jeff Yan, Newcastle University
Ahmad Salah El Ahmad, Newcastle University

Combining Static and Dynamic Analysis for Automatic Identification of Precise Access-Control Policies.
Paolina Centonze, IBM T. J. Watson Research Center
Robert J. Flynn, Polytechnic University
Marco Pistoia, IBM T. J. Watson Research Center

Track 2: Panel

Title: Electronic Voting Options
Chair: Jeremy Epstein, Cyber Defense Agency LLC

Electronic voting is a perennial hot topic. In this forum, speakers from several points of view will address key areas including:


Track 3: Case Studies

Session: DNI-DOD C&A Transformation Initiative-Part II
Transition Strategies and Implementation Issues
Presentation by Dennis Heretic, DOJ

Thursday, December 13, 2007, 15:30-17:00

Track 1: Technical Papers

Session: Security in P2P Systems
Chair: Joon S. Park , Syracuse University

Routing in the Dark: Pitch Black.
Nathan Evans, University of Denver
Chris GauthierDickey, University of Denver
Christian Grothoff, University of Denver

Centralized Security Labels in Decentralized P2P Networks.
Nathalie Tsybulnik, University of Texas at Dallas
Kevin W. Hamlen, University of Texas at Dallas
Bhavani Thuraisingham, University of Texas at Dallas

A Taxonomy of Botnet Structures.
David Dagon`, Georgia Institute of Technology
Guofei Gu, Georgia Institute of Technology
Christopher P. Lee, Georgia Institute of Technology
Wenke Lee, Georgia Institute of Technology

Track 2: Works in Progress

Title: Works in Progress (WiP) session:
Chair: John McDermott, NRL

The final Works in Progress Program and Presentations are available here.

Track 3: Case Studies

Session: Vulnerability Management and Secure System Configurations

Current Activities of the National Vulnerability Database and Information Security Automation Program.
Peter Mell, NIST
Dan Schmidt, NSA

Friday, December 14, 2007, 8:30-10:00

Track 1: Technical Papers

Session: Software and Application Security
Chair: Kent Seamons , Brigham Young University

Secure Input for Web Applications.
Martin Szydlowski, Vienna University of Technology
Christopher Kruegel, Vienna University of Technology
Engin Kirda, Vienna University of Technology

Secure and Flexible Monitoring of Virtual Machines.
Bryan Payne, Georgia Institute of Technology
Martim Carbone, Georgia Institute of Technology
Wenke Lee, Georgia Institute of Technology

Automated Format String Attack Prevention for Win32/X86 Binaries.
Wei Li, Stony Brook University
Tzi-cker Chiueh, Stony Brook University

Track 2: Technical Papers

Session: Malware
Chair: Michael Franz , University of California

MetaAware: Identifying Metamorphic Malware.
Qinghua Zhang, North Carolina State University
Douglas Reeves, North Carolina State University

Limits of Static Analysis for Malware Detection.
Andreas Moser, Vienna University of Technology
Christopher Kruegel, Vienna University of Technology
Engin Kirda, Vienna University of Technology

OmniUnpack: Fast, Generic, and Safe Unpacking of Malware.
Lorenzo Martignoni, UniversitÓ degli Studi di Milano
Mihai Christodorescu, IBM Research
Somesh Jha, University of Wisconsin, Madison

Track 3: Panel

Title: Virtualization Security
Chair: Christoph Schuba, Sun Microsystems, Inc.

On a virtualized platform, operating system instances are hosted within an execution environment that's controlled by a virtual machine monitor. Physical resources, such as memory, CPU, trusted platform modules, networking interfaces, etc. are no longer under the single control of an operating system, but are shared among the guest OS instances and primarily controlled by the virtual machine monitor.

While much work has been done in the past on topics such as separation kernels and secure hypervisor technologies, it is time to revisit the topic as a small number of OS virtualization technologies (Xen hypervisor, VMWare, Solaris containers) are becoming widely adopted in the industry.

This panel aims at understanding e.g., which security guarantees and features are provided by these popularity-gaining vm technologies. What is their current state of the art with respect to containment, secure migration, scalable administration, or hardware-rooted trust - and what can we expect in their roadmap.


Friday, December 14, 2007, 10:15-11:45

Track 1: Technical Papers

Session: Assurance
Chair: Ed Schneider, Institute for Defense Analyses

Channels: Runtime System Infrastructure for Security-typed Languages.
Boniface Hicks, Penn State
Tim Misiak, Penn State
Patrick McDaniel, Penn State

Automated Security Debugging Using Program Structural Constraints.
Chongkyung Kil, North Carolina State University
Emre Can Sezer, North Carolina State University
Peng Ning, North Carolina State University
Xiaolan Zhang, IBM

Fine-Grained Information Flow Analysis and Enforcement in a Java Virtual Machine.
Deepak Chandra, University of California, Irvine
Michael Franz, University of California, Irvine

Track 2: Technical Papers

Session: Software Security
Chair: Lujo Bauer, Carnegie Mellon University

Automated Vulnerability Analysis: Leveraging Control Flow for Evolutionary Input Crafting.
Sherri Sparks, University of Central Florida
Shawn Embleton, University of Central Florida
Ryan Cunningham, University of Central Florida
Cliff Zou, University of Central Florida

The Age of Data: pinpointing guilty bytes in polymorphic buffer overflows on heap or stack.
Asia Slowinska, Vrije Universiteit, Amsterdam
Herbert Bos, Vrije Universiteit, Amsterdam

Spector: Automatically Analyzing Shell Code.
Kevin Borders, University of Michigan
Atul Prakash, University of Michigan
Mark Zielinski, Arbor Networks

Track 3: Technical Papers

Session: Distributed Systems Security
Chair: Carol Taylor , University of Idaho

An Overview of the Annex System.
Duncan Grove, DSTO
Toby Murray, DSTO
Chris Owen, DSTO
Chris North, DSTO
Jeremy Jones, DSTO
M.R. Beaumont, DSTO
B.D. Hopkins, DSTO

Efficient Detection of Delay-Constrained Relay Nodes.
Baris Coskun, Polytechnic University
Nasir Memon, Polytechnic University

Bonsai: Balanced Lineage Authentication.
Ashish Gehani, SRI
Ulf Lindqvist, SRI

Conference Committee

Program Committee

ACSAC Steering Committee


About the Sponsor


ACSA had its genesis in the first Aerospace Computer Security Applications Conference in 1985. That conference was a success and evolved into the Annual Computer Security Applications Conference (ACSAC). ACSA was incorporated in 1987 as a non-profit association of computer security professionals who have a common goal of improving the understanding, theory, and practice of computer security. ACSA continues to be the primary sponsor of the annual conference.

In 1989, ACSA began the Distinguished Practitioner Series at the annual conference. Each year, an outstanding computer security professional is invited to present a lecture of current topical interest to the security community.

In 1991, ACSAC began the Best Paper by a Student Award, presented at the Annual conference. This award is intended to encourage active student participation in the conference. The award winning student author receives an honorarium and all conference expenses. Additionally, our Student Conferenceship program assists selected students in attending the Conference by paying for the conference fee and tutorial expenses. Applicants must be undergraduate or graduate students, nominated by a faculty member at an accredited university or school, and show the need for financial assistance to attend this conference.

An annual prize for the Outstanding Paper has been established for the Annual Computer Security Applications Conference. The winning author receives a plaque and an honorarium. The award is based on both the written and oral presentations.

ACSA initiated the Marshall D. Abrams Invited Essay in 2000 to stimulate development of provocative and stimulating reading material for students of Information Security, thereby forming a set of Invited Essays. Each year's Invited Essay addresses an important topic in Information Security not adequately covered by the existing literature.

This year�s ACSAC continues the Classic Papers feature begun in 2001. The classic papers are updates of some of the seminal works in the field of Information Security that reflect developments in the research community and industry since their original publication. ACSA continues to be committed to serving the security community by finding additional approaches for encouraging and facilitating dialogue and technical interchange. In the past, ACSA has sponsored small workshops to explore various topics in Computer Security (in 2000, the Workshop on Innovations in Strong Access Control; in 2001, the Workshop on Information Security System Rating and Ranking; in 2002, the Workshop on Application of Engineering Principles to System Security Design). In 2003, ACSA became the sponsor of the already established New Security Paradigms Workshop (NSPW). ACSA also maintains a Classic Papers Bookshelf that preserves seminal works in the field and a web site focusing on Strong Access Control/Multi-Level Security (

For more information on ACSA and its activities, please visit . ACSA is always interested in suggestions from interested professionals and computer security professional organizations on other ways to achieve its objectives of encouraging and facilitating dialogue and technical interchange.

To learn more about the conference, visit the ACSAC web page at

Exhibit coordinator


Registration Management