Scheduled System Maintenance
On Saturday, December 10, single article sales and account management will be unavailable from 5:00 AM-7:30 PM ET.
We apologize for the inconvenience.
By Topic

2008 Annual Computer Security Applications Conference (ACSAC)

8-12 Dec. 2008

Filter Results

Displaying Results 1 - 25 of 59
  • [Front cover]

    Publication Year: 2008, Page(s): C1
    Request permission for commercial reuse | PDF file iconPDF (144 KB)
    Freely Available from IEEE
  • [Title page i]

    Publication Year: 2008, Page(s): i
    Request permission for commercial reuse | PDF file iconPDF (153 KB)
    Freely Available from IEEE
  • [Title page iii]

    Publication Year: 2008, Page(s): iii
    Request permission for commercial reuse | PDF file iconPDF (83 KB)
    Freely Available from IEEE
  • [Copyright notice]

    Publication Year: 2008, Page(s): iv
    Request permission for commercial reuse | PDF file iconPDF (46 KB)
    Freely Available from IEEE
  • Table of contents

    Publication Year: 2008, Page(s):v - viii
    Request permission for commercial reuse | PDF file iconPDF (255 KB)
    Freely Available from IEEE
  • Welcome from the Conference Chair

    Publication Year: 2008, Page(s): ix
    Request permission for commercial reuse | PDF file iconPDF (107 KB) | HTML iconHTML
    Freely Available from IEEE
  • Welcome from the Program Chairs

    Publication Year: 2008, Page(s): x
    Request permission for commercial reuse | PDF file iconPDF (106 KB) | HTML iconHTML
    Freely Available from IEEE
  • Conference Committee

    Publication Year: 2008, Page(s): xi
    Request permission for commercial reuse | PDF file iconPDF (107 KB)
    Freely Available from IEEE
  • Program Committee

    Publication Year: 2008, Page(s): xii
    Request permission for commercial reuse | PDF file iconPDF (116 KB)
    Freely Available from IEEE
  • Additional Reviewers and Tutorial Reviewers

    Publication Year: 2008, Page(s): xiii
    Request permission for commercial reuse | PDF file iconPDF (109 KB)
    Freely Available from IEEE
  • ACSAC Steering Committee

    Publication Year: 2008, Page(s): xiv
    Request permission for commercial reuse | PDF file iconPDF (106 KB)
    Freely Available from IEEE
  • Sponsor: Applied Computer Security Associates

    Publication Year: 2008
    Request permission for commercial reuse | PDF file iconPDF (109 KB) | HTML iconHTML
    Freely Available from IEEE
  • Structuring for Strategic Cyber Defense: A Cyber Manhattan Project Blueprint

    Publication Year: 2008, Page(s):3 - 10
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (258 KB) | HTML iconHTML

    In February 2002, more than 50 leaders in the information assurance field warned the President of the United States of a national strategic vulnerability in the countrypsilas information infrastructure that could cause mortal damage. Six years later, some motion in the direction of a government strategic investment is beginning to get under way. This essay will address the key capabilities needed ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Practical Applications of Bloom Filters to the NIST RDS and Hard Drive Triage

    Publication Year: 2008, Page(s):13 - 22
    Cited by:  Papers (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (424 KB) | HTML iconHTML

    Much effort has been expended in recent years to create large sets of hash codes from known files. Distributing these sets has become more difficult as these sets grow larger. Meanwhile the value of these sets for eliminating the need to analyze "known goods'' has decreased as hard drives have dramatically increased in storage capacity. This paper evaluates the use of bloom filters (BFs) to distri... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Systematic Signature Engineering by Re-use of Snort Signatures

    Publication Year: 2008, Page(s):23 - 32
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (467 KB) | HTML iconHTML

    Most intrusion detection systems deployed today apply the misuse detection approach. Misuse detection compares recorded audit data with predefined patterns denoted as signatures. A signature is usually empirically engineered based on experience and expert knowledge. This induces relatively long development times for novel signatures causing inappropriate long vulnerability windows. Methods for a s... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Analysing the Performance of Security Solutions to Reduce Vulnerability Exposure Window

    Publication Year: 2008, Page(s):33 - 42
    Cited by:  Papers (8)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (417 KB) | HTML iconHTML

    In this paper we present a novel approach of using mathematical models and stochastic simulations to guide and inform security investment and policy change decisions. In particular, we investigate vulnerability management policies, and explore how effective standard patch management and emergency escalation based policies are, and how they can be combined with earlier, pre-patch mitigation measure... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • New Side Channels Targeted at Passwords

    Publication Year: 2008, Page(s):45 - 54
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (328 KB) | HTML iconHTML

    Side channels are typically viewed as attacks that leak cryptographic keys during cryptographic algorithm processing, by observation of system side effects. In this paper, we present new side channels that leak password information during X Windows keyboard processing of password input. Keylogging is one approach for stealing passwords, but current keylogging techniques require special hardware or... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • PinUP: Pinning User Files to Known Applications

    Publication Year: 2008, Page(s):55 - 64
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (456 KB) | HTML iconHTML

    Users commonly download, patch, and use applications such as email clients, office applications, and media-players from the Internet. Such applications are run with the user's full permissions. Because system protections do not differentiate applications, any malcode present in the downloaded software can compromise or otherwise leak all user data. Interestingly, our investigations indicate that c... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Defending Against Attacks on Main Memory Persistence

    Publication Year: 2008, Page(s):65 - 74
    Cited by:  Papers (7)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (2198 KB) | HTML iconHTML

    Main memory contains transient information for all resident applications. However, if memory chip contents survives power-off, e.g., via freezing DRAM chips, sensitive data such as passwords and keys can be extracted. Main memory persistence will soon be the norm as recent advancements in MRAM and FeRAM position non-volatile memory technologies for widespread deployment in laptop, desktop, and emb... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Automatic Inference and Enforcement of Kernel Data Structure Invariants

    Publication Year: 2008, Page(s):77 - 86
    Cited by:  Papers (24)  |  Patents (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (354 KB) | HTML iconHTML

    Kernel-level rootkits affect system security by modifying key kernel data structures to achieve a variety of malicious goals. While early rootkits modified control data structures, such as the system call table and values of function pointers, recent work has demonstrated rootkits that maliciously modify non-control data. Prior techniques for rootkit detection fail to identify such rootkits either... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • VICI Virtual Machine Introspection for Cognitive Immunity

    Publication Year: 2008, Page(s):87 - 96
    Cited by:  Papers (4)  |  Patents (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (239 KB) | HTML iconHTML

    When systems are under constant attack, there is no time to restore those infected with malware to health manually--repair of infected systems must be fully automated and must occur within milliseconds. After detecting kernel-modifying rootkit infections using Virtual Machine Introspection, the VICI Agent applies a collection of novel repair techniques to automatically restore infected kernels to ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Soft-Timer Driven Transient Kernel Control Flow Attacks and Defense

    Publication Year: 2008, Page(s):97 - 107
    Cited by:  Papers (7)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (503 KB) | HTML iconHTML

    A new class of stealthy kernel-level malware, called transient kernel control flow attacks, uses dynamic soft timers to achieve significant work while avoiding any persistent changes to kernel code or data. We demonstrate that soft timers can be used to implement attacks such as a stealthy key logger and a CPU cycle stealer. To defend against these attacks, we propose an approach based on static a... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • On Purely Automated Attacks and Click-Based Graphical Passwords

    Publication Year: 2008, Page(s):111 - 120
    Cited by:  Papers (12)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (483 KB) | HTML iconHTML

    We present and evaluate various methods for purely automated attacks against click-based graphical passwords. Our purely automated methods combine click-order heuristics with focus-of-attention scan-paths generated from a computational model of visual attention. Our method results in a significantly better automated attack than previous work, guessing 8-15% of passwords for two representative imag... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • YAGP: Yet Another Graphical Password Strategy

    Publication Year: 2008, Page(s):121 - 129
    Cited by:  Papers (13)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (402 KB) | HTML iconHTML

    Alphanumeric passwords are widely used in computer and network authentication to protect users' privacy. However, it is well known that long, text-based passwords are hard for people to remember, while shorter ones are susceptible to attack. Graphical password is a promising solution to this problem. Draw-A-Secret (DAS) is a typical implementation based on the user drawing on a grid canvas. Curren... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Privacy-Aware Biometrics: Design and Implementation of a Multimodal Verification System

    Publication Year: 2008, Page(s):130 - 139
    Cited by:  Papers (10)  |  Patents (4)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (348 KB) | HTML iconHTML

    A serious concern in the design and use of biometric authentication systems is the privacy protection of the information derived from human biometric traits, especially since such traits cannot be replaced. Combining cryptography and biometrics, several recent works proposed to build the protection in the biometric templates themselves. While these solutions can increase the confidence in biometri... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.