Monday, Aug 24, 2015


09:30-11:00

ARES EU Symposium - AU2EU I
  • 1. AU2EU: Integrated eAuthentication and eAuthorization platform for Collaborative Services (presentation only)
    Milan Petkovic
    2. A secure integrated platform for rapidly formed multiorganisation collaboration
    John Zic, Nerolie Oakes, Dongxi Liu, Jane Li, Chen Wang, Shiping Chen
    3. Attribute Based Authentication and Authorization for Collaborative Services
    Stefan Thaler, Jerry den Hartog, Dhouha Ayed, Dieter Sommer, Michael Hitchens

ARES EU Symposium - FCCT I
  • 1. Welcome & Presentation of the CyberRoad project
    David Ariu
    2. Keynote
    Richard Nolan
    3. 0-Day Vulnerabilities and Cybercrime
    Jart Armin, Paolo Foti
    4. Integrating Human Behavior into the Development of Future Cyberterrorism Scenarios
    Max Kilger

Security Testing and Monitoring Solutions - STAM I
  1. Security Monitoring in the Cloud: an SLA-based approach
    Valentina Casola, Alessandra De Benedictis, Massimiliano Rak
  2. An Active Testing Tool for Security Testing of Distributed Systems
    Mohamed H. E AOUADI, Khalifa TOUMI, Ana Cavalli
  3. TEAR: a Multi-purpose Formal Language Specification for TEsting At Runtime
    Jorge López, Stephane Maag, Gerardo Morales

11:00-11:30

Coffee Break - CB

11:30-13:00

ARES EU Symposium - AU2EU II
  1. Virtual Machine Introspection_c_ Techniques and Applications
    Yacine Hebbal, Sylvie Laniepce, Jean-Marc Menaud
  2. The Measurement of Data Locations in the Cloud
    Ulrich Waldmann, Annika Selzer, Sebastian Luhn, Reiner Kraft, Bernd Jaeger
  3. Nomad: A Framework for Developing Mission-Critical Cloud-based Applications
    Mamadou Diallo, Michael August, Roger Hallman, Megan Kline, Henry Au, Vic Beach

  4. ARES EU Symposium - FCCT II
    • 1. Keynote
      CyberRoad-Boardmember
      2. 2020 Cybercrime Economic Costs: No measure No solution
      Giorgio Giacinto, Davide Ariu, Fabio Roli, Piotr Kijewski, Bryn Thompson, Jart Armin
      3. Comprehensive Approach to Increase Cyber Security and Resilience
      Michal Choras, Rafal Kozik, Maria Pilar Torres Bruna, Artsiom Yautsiukhin, Andrew Churchill, Iwona Maciejewska, Irene Eguinoa, Adel Jomni
      4. Yet Another Cybersecurity Roadmapping Methodology
      Davide Ariu, Luca Didaci, Giorgio Fumera, Enrico Frumento, Federica Freschi, Giorgio Giacinto, Fabio Roli

    Security in Virtualized and Cloud environments - STAM II
    • 1. Monitoring and Securing New Functions Deployed in a Virtualized Networking Environment
      Bertrand Mathieu, Guillaume Doyen, Wissam Mallouli, Thomas Silverston, Olivier Bettan, François-Xavier Aguessy, Thibault Cholez, Abdelkader Lahmadi, Patrick Truong, Edgardo Montes de Oca
      2. MUSA : MUlti-cloud Secure Applications – Objectives and challenges (presentation only)
      Erkuden Rios – TECNALIA
      3. CLARUS: A framework for user centred privacy and security in the cloud (presentation only)
      Frederic Brouille - AKKA

13:00-14:00

Lunch - L

14:00-14:20

Opening ARES 2015 - Welcome

14:20-15:50

Best Paper Session - ARES Full I
  1. A Novel Security-Enhanced Agile Software Development Process Applied in an Industrial Setting
    Dejan Baca, Martin Boldt, Bengt Carlsson, Andreas Jacobsson
  2. Optimizing IT Service Costs With Respect to the Availability Service Level Objective
    Sascha Bosse, Matthias Splieth, Klaus Turowski
  3. Structural Weaknesses in the Open Smart Grid Protocol
    Klaus Kursawe, Christiane Peters

15:50-16:20

Coffee Break - CB

16:20-17:50

Cyber Crime Techniques & Prevention I - IWCC I
  • 1.Intensifying state surveillance of electronic communications: a legal solution in addressing extremism or not?
    Murdoch Watney
    2. Malicious Insiders with Ties to the Internet Underground Community
    Jason Clark, Matt Collins and Jeremy Strozer
    3. An empirical study of click fraud in mobile advertising networks
    Geumhwan Cho, Junsung Cho, Youngbae Song and Hyoungshick Kim
    4. Network-based HTTPS Client Identification Using SSL/TLS Fingerprinting
    Martin Husák, Milan Cermák, Tomáš Jirsík and Pavel Celeda

Identity and Privacy - ARES Full II
  1. Advanced Identity and Access Policy Management using Contextual Data
    Matthias Hummer, Michael Kunz, Michael Netter, Ludwig Fuchs, Guenther Pernul
  2. Publicly Verifiable Private Aggregation of Time-Series Data
    Bence Gábor Bakondi, Andreas Peter, Maarten Everts, Pieter Hartel, Willem Jonker
  3. PALPAS - PAsswordLess PAssword Synchronization
    Moritz Horsch, Andreas Hülsing, Johannes Buchmann

Tuesday, Aug 25, 2015


09:30-11:00

Keynote Talk by Peter Eckersley, EFF Technology Projects Director - Keynote I
  • Abstract: EFF Technology Projects Director Peter Eckersley will discuss the obstacles that have prevented us from transitioning to a secure, encrypted Web that uses HTTPS by default. He will provide an overview of the Let’s Encrypt CA which EFF is building with Mozilla, Cisco, Akamai and IdentTrust, to offer free and automated deployment of certificates for HTTPS/TLS/SSL, and of other standards initiatives that will be necessary to make Web communications safe by default against surveillance, censorship, and tampering on the network.

11:00-11:30

Coffee Break - CB

11:30-13:00

Cyber Crime Techniques & Prevention II - IWCC II
  • 1. Deploying Honeypots and Honeynets: Issue of Privacy
    Pavol Sokol, Martin Husák and František Lipták
    2. Gradually Improving the Forensic Process
    Sebastian Neuner, Martin Mulazzani, Sebastian Schrittwieser and Edgar Weippl
    3. A Landmark Calibration Based IP Geolocation Approach
    Jingning Chen, Fenlin Liu, Xiangyang Luo, Fan Zhao and Zhu Guang
    4. Markov Process Based Retrieval for Encrypted JPEG Images
    Hang Cheng, Xinpeng Zhang, Jiang Yu and Fengyong Li

Networks and Protocols - ARES Full III
  1. Accountable Redactable Signatures
    Henrich C. Pöhls, Kai Samelin
  2. Empirical Evaluation of the A3 Environment: Evaluating Defenses Against Zero-Day Attacks
    Shane Clark, Aaron Paulos, Brett Benyo, Partha Pal, Rick Schantz
  3. The Role and Security of Firewalls in IaaS Cloud Computing
    Jordan Cropper, Johanna Ullrich, Peter Frühwirt, Edgar Weippl

Web & social media data analytics for privacy awareness and terrorist-related content identification - MFSec I
  1. A Framework for the Discovery, Analysis, and Retrieval of Multimedia Homemade Explosives Information on the Web
    Theodora Tsikrika, George Kalpakis, Stefanos Vrochidis, Ioannis Kompatsiaris, Iraklis Paraskakis, Isaak Kavasidis, Jonathan Middleton, Una Williamson
  2. PScore: a framework for enhancing privacy awareness in online social networks
    Georgios Petkos, Symeon Papadopoulos, Yiannis Kompatsiaris

13:00-14:00

Lunch - L

14:00-15:30

Forensic analysis of audiovisual data - MFSec II
  1. AnonCall_c_ Making Anonymous Cellular Phone Calls
    Eric Chan-Tin
  2. Image Watermaking With Biometric Data For Copyright Protection
    morgan Barbier, Jean-Marie Le Bars, Christophe Rosenberger
  3. Video spatio-temporal filtering based on cameras and target objects trajectories - Videosurveillance forensic framework
    Dana Codreanu, Andre Peninou, Florence Sedes
  4. Concept Detection on Multimedia Web Resources about Home Made Explosives
    George Kalpakis, Theodora Tsikrika, Foteini Markatopoulou, Nikiforos Pittaras, Stefanos Vrochidis, Vasileios Mezaris, Ioannis Patras, Ioannis Kompatsiaris

  5. Information Hiding I - IWCC III
    • 1. Countermeasures for Covert Channel-internal Control Protocols
      Jaspreet Kaur, Steffen Wendzel and Michael Meier
      2. Novel Method of Hiding Information in IP Telephony Using Pitch Approximation
      Artur Janicki
      3. StegBlocks: ensuring perfect undetectability of network steganography
      Wojciech Frqczek and Krzysztof Szczypiorski
      4. Using Facebook for Image Steganography
      Tejas Dakve, Jason Hiney, Krzysztof Szczypiorski and Kris Gaj

Software Security - ARES Full IV
  1. Fair fingerprinting protocol for attesting software misuses
    Raphael Machado, Davidson Boccardo, Vinícius de Sá, Jayme Szwarcfiter
  2. Uncovering Use-After-Free Conditions In Compiled Code
    David Dewey, Bradley Reaves, Patrick Traynor
  3. All-Solution Satisfiability Modulo Theories: applications, algorithms and benchmarks
    Quoc-Sang Phan, Pasquale Malacaria

15:30-16:00

Coffee Break - CB

16:00-17:30

Information Hiding II - IWCC IV
  • 1. Color Images Steganalysis Using Correlation Between RGB Channels
    Hasan Abdulrahman, Marc Chaumont, Philippe Montesinos and Baptiste Magnier
    2. Steganalysis of Low bit-rate Speech Based on Statistic Characteristics of Pulse Positions
    Hui Tian, Yanpeng Wu, Yongfeng Huang, Yonghong Chen, Tian Wang and Yiqiao Cai
    3. A JPEG-Compression Resistant Adaptive Steganography Based on Relative Relationship between DCT Coefficients
    Yi Zhang, Xiangyang Luo, Chunfang Yang and Fenlin Liu

International Workshop on Cloud Security and Forensics - WCSF
  1. Evaluation of a Sector-hash Based Rapid File Detection Method for Monitoring Infrastructure-as-a-Service Cloud Platforms
    Manabu Hirano, Hayate Takase, Koki Yoshida
  2. Enabling Constraints and Dynamic Preventive Access Control Policy Enforcement in the Cloud
    Somchart Fugkeaw, Hiroyuki Sato
  3. Advanced Attribute-based Key Management for Mobile Devices in Hybrid Clouds
    Jaemin Park, Eunchan Kim, Sungjin Park, Cheoloh Kang
  4. Overview of the Forensic Investigation of Cloud Services
    Jason Farina, Mark Scanlon, NhienAn LeKhac, Tahar Kechadi

Mobile Security & Cyber Physical Systems - ARES Full V
  1. A Lightweight Framework for Cold Boot Based Forensics on Mobile Devices
    Benjamin Taubmann, Manuel Huber, Sascha Wessel, Lukas Heim, Hans Peter Reiser, Georg Sigl
  2. Dynamic Self-Protection and Tamperproofing for Android Apps using Native Code
    Mykola Protsenko, Sebastien Kreuter, Tilo Müller
  3. Don't brick your car: Firmware confidentiality and rollback for vehicles
    Hafizah Mansor, Konstantinos Markantonakis, Raja Naeem Akram, Keith Mayes

Wednesday, Aug 26, 2015


10:00-10:15

Coffee Break - CB

10:15-11:45

Network and Probing - ARES Short I
  1. On the Isofunctionality of Network Access Control Lists
    Malek Belhaouane, Joaquin Garcia-Alfaro, Hervé Debar
  2. Trust me, I'm a Root CA! Analyzing SSL Root CAs in modern Browsers and Operating Systems
    Tariq Fadai, Sebastian Schrittwieser, Peter Kieseberg, Martin Mulazzani
  3. On Reconnaissance with IPv6: A Pattern-Based Scanning Approach
    Johanna Ullrich, Peter Kieseberg, Katharina Krombholz, Edgar Weippl
  4. A Time Series Approach for Inferring Orchestrated Probing Campaigns by Analyzing Darknet Traffic
    Elias Bou-Harb, Mourad Debbabi, Chadi Assi

Security Management - ARES Full VI
  1. Modeling Fraud Prevention of Online Services using Incident Response Trees and Value at Risk
    Dan Gorton
  2. The Effects of Cultural Dimensions on the Development of an ISMS Based on the ISO 27001
    Bahareh Shojaie, Hannes Federrath, Iman Saberi

11:45-12:00

Coffee Break - CB

13:00-14:00

Lunch - L

14:00-15:30

8th International Workshop on Digital Forensics - WSDF I
  1. Challenges of Data Provenance for Cloud Forensic Investigations
    Victoria Katilu, Virginia Franqueira, Olga Angelopoulou
  2. Watch what you wear: preliminary forensic analysis of smart watches
    Ibrahim Baggili, Kyle Anthony, Jeff Oduru, Frank Breitinger, Glenn McGee
  3. Cold Boot Attacks on DDR2 and DDR3 SDRAM
    Simon Lindenlauf, Hans Höfken, Marko Schuba
  4. Behavioural Evidence Analysis Applied to Digital Forensics: An Empirical Analysis of Child Pornography Cases using P2P Networks
    Noora Al Mutawa, Joanne Bryce, Virginia Franqueira, Andrew Marrington

Android Security - IWSMA I
  1. Composition-malware: building Android malware at run time
    Gerardo Canfora, Francesco Mercaldo, Corrado Aaron Visaggio, Giovanni Moriano
  2. Network Security Challenges in Android Applications
    Damjan Buhov, Markus Huber, Georg Merzdovnik, Edgar Weippl, Vesna Dimitrova
  3. Effectiveness of Opcode ngrams for Detection of Multi Family Android Malware
    Francesco Mercaldo, Corrado Aaron Visaggio, Eric Medvet, Andrea De Lorenzo, Gerardo Canfora

Hardware and Physical Layer Security - ARES Short II
  1. Hardware Security Evaluation Using Assurance Case Models
    Henrique Kawakami, Roberto Gallo, Ricardo Dahab, Erick Nascimento
  2. Error_s_Intrusion target identification on the physical layer over a BICM scheme
    Sihem Chaabouni, Amel Makhlouf
  3. Physically Secure Code and Data Storage in Autonomously Booting Systems
    Johannes Götzfried, Johannes Hampel, Tilo Müller
  4. Towards Abuse Detection and Prevention in IaaS Cloud Computing
    Jens Lindemann

  5. Keynote - ASSD I
    • Keynote by Achim Bruker, SAP SE
      Title: Agile Secure Software Development in a Large Software Development Organisation: Security Testing

      Abstract: Security testing is an important part of any (agile) secure software development lifecyle. Still, security testing is often understood as an activity done by security testers in the time between "end of development" and "offering the product to customers". Learning from traditional testing that the fixing of bugs is the more costly the later it is done in development, we believe that security testing should be integrated into the daily development activities. To achieve this, we developed a security testing strategy, as part of SAP's security development lifecycle which supports the specific needs of the various software development models at SAP. In this presentation, we will briefly presents SAP's approach to an agile secure software development process in general and, in particular, present SAP's Security Testing Strategy that enables developers to find security vulnerabilities early by applying a variety of different security testing methods and tools.

      Bio: Dr. Achim D. Brucker is a Research Expert (Architect), Security Testing Strategist, and Project Lead at SAP SE. He received his master's degree in computer science from University Freiburg, Germany and his Ph.D. from ETH Zurich, Switzerland. He is responsible for the Security Testing Strategy at SAP. His research interests include information security, software engineering, security engineering, and formal methods. In particular, he is interested in tools and methods for modeling, building and validating secure and reliable systems. He also participates in the OCL standardization process of the OMG.

14:30-15:30

Experiences in agile development of secure software - ASSD I
  • 1. Independent Security Testing on Agile Software Development: a Case Study in a Software Company
    Jesus Choliz, Julian Vilas, and Jose Moreira
    2. Incremental Development of RBAC-controlled E-marking System Using the B Method
    Nasser Al-Hadhrami, Benjamin Aziz, Shantanu Sardesai, and Lotfi ben Othmane
    3. Security testing as a Part of Agile Process: Fuzzing (presentation only)
    Juha Röning, Pekka Pietikäinen, Aki Helin, Atte Kettunen

15:30-16:00

Coffee Break - CB

16:00-17:30

8th International Workshop on Digital Forensics - WSDF II
  • Keynote tba

Assessment of research on agile development of secure software - ASSD II
  • 1. Literature Review of the Challenges of Developing Secure Software Using the Agile Approach
    Hela Oueslati, Mohammad Masudur Rahman, and Lotfi ben Othmane
    2. Method Selection and Tailoring for Agile Threat Assessment and Mediation
    Stephan Renatus, Clemens Teichmann, and Jörn Eichler
    3. The human factor: philosophy and engineering (presentation only)
    Albert Zenkoff

Networks Security - IWSMA II
  1. Risk Assessment of Public Safety and Security Mobile Service
    Matti Peltola, Pekka Kekolahti
  2. Trust Negotiation Based Approach to Enforce MANET Routing Security
    Aida Ben chehida Douss, samiha ayed, ryma abassi , Nora Cuppens, sihem Guemara EL Fatmi
  3. A Model for Specification and Validation of a Trust Management based Security Scheme in a MANET Environment
    Ryma Abassi, Sihem Guemara El Fatmi, Aida Ben Chehida Douss

Social Networks, Voting and Usable Security - ARES Short III
  1. A Model Implementing Certified Reputation and its Application to TripAdvisor
    Serena Nicolazzo, Gianluca Lax, Francesco Buccafurri, Antonino Nocera
  2. QR Code Security - How Secure and Usable Apps Can Protect Users Against Malicious QR Codes
    Katharina Krombholz, Peter Frühwirt, Thomas Rieder, Ioannis Kaspsalis, Johanna Ullrich, Edgar Weippl
  3. Efficiency Evaluation of Cryptographic Protocols for Boardroom Voting
    Oksana Kulyk, Stephan Neumann, Jurlind Budurushi, Melanie Volkamer
  4. Event Prediction with Community Leaders
    Jun Pang, Yang Zhang

Thursday, Aug 27, 2015


09:30-11:00

Monitoring and Identification - FARES I
  1. Towards the Forensic Identification and Investigation of Cloud Hosted Servers through Non-Invasive Wiretaps
    Hessel Shut, Mark Scanlon, Jason Farina, NhienAn LeKhac
  2. Privacy and Trust in Smart camera sensor networks
    Michael Loughlin, Asma Adnane
  3. Security Monitoring of HTTP Traffic Using Extended Flows
    Martin Husák, Petr Velan, Jan Vykopal

Security Design and Validation - SAW I
  1. How Much Cloud Can You Handle?
    Martin Jaatun, Inger Anne Tøndel
  2. Generation of local and expected behaviors of a smart card application to detect software anomaly
    Germain JOLLY, Baptiste HEMERY, Christophe ROSENBERGER
  3. Securing web applications with better "patches'': an architectural approach for systematic input validation with security patterns
    Jung-Woo Sohn, Jungwoo Ryoo
  4. Towards a CERT-Communication Model as Basis to Software Assurance
    Gerald Quirchmayr, Otto Hellwig

11:00-11:30

Coffee Break - CB

11:30-13:00

Cryptography and Resilience - FARES II
  1. Towards a process centered resilience framework
    Thomas Koslowski, Christian Brenig, Richard M. Zahoransky
  2. Complexity Estimates of a SHA-1 Near-Collision Attack for GPU and FPGA
    Stefan Gradinger, Bernhard Greslehner-Nimmervoll, Jürgen Fuß, Robert Kolmhofer
  3. Impacts of Tourist Accommodations as Temporal Shelter on Evacuee Overflow for the Reassignment of Shelters Jurisdiction
    Yu Ichifuji, Noriaki Koide, Noboru Sonehara

Software Testing and Assurance - SAW II
  1. Towards Black Box Testing of Android Apps
    Yury Zhauniarovich, Anton Philippov, Olga Gadyatskaya, Bruno Crispo, Fabio Massacci
  2. Personal Agent for Services in ITS
    Shinsaku Kiyomoto, Toru Nakamura, Haruo Takasaki, Tatsuhiko Hirabayashi
  3. A Performance Evaluation of Hash Functions for IP Reputation Lookup using Bloom Filters.
    Hugo Gonzalez, Natalia Stakhanova
  4. An Open Source Code Analyzer and Reviewer (OSCAR) Framework
    Simon Tjoa, Patrick Kochberger, Christoph Malin, Andreas Schmoll

13:00-14:00

Lunch - L

15:30-16:00

Coffee Break - CB