This book constitutes the refereed proceedings of the 30th IFIP TC 11 International Information Security and Privacy Conference, SEC 2015, held in Hamburg, Germany, in May 2015. The 42 revised full papers presented were carefully reviewed and selected from 212 submissions. The papers are organized in topical sections on privacy, web security, access control, trust and identity management, network security, security management and human aspects of security, software security, applied cryptography, mobile and cloud services security, and cyber-physical systems and critical infrastructures security.
Inhoudsopgave
O-PSI: Delegated Private Set Intersection on Outsourced Datasets.- Flexible and Robust Privacy-Preserving Implicit Authentication.- Towards Relations Between the Hitting-Set Attack and the Statistical Disclosure Attack.- POSN: A Personal Online Social Network.- Verifying Observational Determinism.- Cache Timing Attacks Revisited: Efficient and Repeatable Browser History, OS and Network Sniffing.- Enforcing Usage Constraints on Credentials for Web Applications.- A Survey of Alerting Websites: Risks and Solutions.- A Generalization of ISO/IEC 24761 to Enhance Remote Authentication with Trusted Product at Claimant.- Enhancing Passwords Security Using Deceptive Covert Communication.- Information Sharing and User Privacy in the Third-party Identity Management Landscape.- An Iterative Algorithm for Reputation Aggregation in Multi-dimensional and Multinomial Rating Systems.- A Comparison of PHY-Based Fingerprinting Methods Used to Enhance Network Access Control.- Model-Driven Integration and Analysis of Access-Control Policies in Multi-layer Information Systems.- Authenticated File Broadcast Protocol.- Automated Classification of C&C Connections Through Malware URL Clustering.- B.Hive: A Zero Configuration Forms Honeypot for Productive Web Applications.- Security Management and Human Aspects of Security Investigation of Employee Security Behaviour: A Grounded Theory Approach.- Practice-Based Discourse Analysis of Info Sec Policies.- Understanding Collaborative Challenges in IT Security Preparedness Exercises.- Social Groupings and Information Security Obedience Within Organizations.- Attack Trees with Sequential Conjunction.- Enhancing the Security of Image CAPTCHAs Through Noise Addition.- SHRIFT System-Wide Hyb Rid Information Flow Tracking.- ISboxing: An Instruction Substitution Based Data Sandboxing for x86 Untrusted Libraries.- Exploit Generation for Information Flow Leaks in Object-Oriented Programs.- Memoized Semantics-Based Binary Diffing with Application to Malware Lineage Inference.- Mitigating Code-Reuse Attacks on CISC Architectures in a Hardware Approach.- Integrity for Approximate Joins on Untrusted Computational Servers.- Fast Revocation of Attribute-Based Credentials for Both Users and Verifiers.- Chaotic Chebyshev Polynomials Based Remote User Authentication Scheme in Client-Server Environment.- A Secure Exam Protocol Without Trusted Parties.- Apk Combiner: Combining Multiple Android Apps to Support Inter-App Analysis.- Assessment of the Susceptibility to Data Manipulation of Android Games with In-app Purchases.- An Empirical Study on Android for Saving Non-shared Data on Public Storage.- The Dual-Execution-Environment Approach: Analysis and Comparative Evaluation.- On the Privacy, Security and Safety of Blood Pressure and Diabetes Apps.- A Cloud-Based e Health Architecture for Privacy Preserving Data Integration.- Cyber-physical Systems and Critical Infrastructures Security Application of a Game Theoretic Approach in Smart Sensor Data Trustworthiness Problems.- Securing BACnet’s Pitfalls.- On the Secure Distribution of Vendor-Specific Keys in Deployment Scenarios.