Visible to the public International Conferences: EuroSec 15, Bordeaux, France

SoS Newsletter- Advanced Book Block

SoS Logo

International Conferences: EuroSec 15, Bordeaux, France


The 2015 EuroSys conference was held April 17-24 at Bordeaux, France.  This conference series brings together professionals from academia and industry and has a strong focus on systems research and development: operating systems, data base systems, real-time systems and middleware for networked, distributed, parallel, or embedded computing systems. EuroSys is a forum for discussing systems software research and development and related to hardware and applications.  The conference web page is available at: 


Thanasis Petsas, Giorgos Tsirantonakis, Elias Athanasopoulos, Sotiris Ioannidis; “Two-Factor Authentication: Is The World Ready?: Quantifying 2FA Adoption;” EuroSec '15 Proceedings of the Eighth European Workshop on System Security, April 2015, Article No. 4. Doi: 10.1145/2751323.2751327
Abstract: As text-based passwords continue to be the dominant form for user identification today, services try to protect their customers by offering enhanced, and more secure, technologies for authentication. One of the most promising is two-factor authentication (2FA). 2FA raises the bar for the attacker significantly, however, it is still questionable if the technology can be realistically adopted by the majority of Internet users. In this paper, we attempt a first study for quantifying the adoption of 2FA in probably the largest existing provider, namely Google. For achieving this, we leverage the password-reminder process in a novel way for discovering if 2FA is enabled for a particular account, without annoying or affecting the account's owner. Our technique has many challenges to overcome, since it requires issuing massively thousands of password reminders. In order to remain below the radar, and therefore avoid solving CAPTCHAs or having our hosts blocked, we leverage distributed systems, such as TOR and PlanetLab. After examining over 100,000 Google accounts, we conclude that 2FA has not yet been adopted by more than 6.4% of the users. Last but not least, as a side-effect of our technique, we are also able to exfiltrate private information, which can be potentially used for malicious purposes. Thus, in this paper we additionally present important findings for raising concerns about privacy risks in designing password reminders.
Keywords: adoption, authentication, password reminder, privacy leak, two-factor (ID#: 15-5570)


Davide Frey, Rachid Guerraoui, Anne-Marie Kermarrec, Antoine Rault; “Collaborative Filtering Under A Sybil Attack: Analysis Of A Privacy Threat;” EuroSec '15 Proceedings of the Eighth European Workshop on System Security, April 2015, Article No. 5. doi: 10.1145/2751323.2751328
Abstract: Recommenders have become a fundamental tool to navigate the huge amount of information available on the web. However, their ubiquitous presence comes with the risk of exposing sensitive user information. This paper explores this problem in the context of user-based collaborative filtering. We consider an active attacker equipped with externally available knowledge about the interests of users. The attacker creates fake identities based on this external knowledge and exploits the recommendations it receives to identify the items appreciated by a user. Our experiment on a real data trace shows that while the attack is effective, the inherent similarity between real users may be enough to protect at least part of their interests.
Keywords: collaborative filtering, privacy, recommender, sybil attack (ID#: 15-5571)


Hugo Gonzalez, Andi A. Kadir, Natalia Stakhanova, Abdullah J. Alzahrani, Ali A. Ghorbani; “Exploring Reverse Engineering Symptoms in Android Apps;”  EuroSec '15 Proceedings of the Eighth European Workshop on System Security, April 2015, Article No.7. Doi: 10.1145/2751323.2751330
Abstract: The appearance of the Android platform and its popularity has resulted in a sharp rise in the number of reported vulnerabilities and consequently in the number of mobile threats. Leveraging openness of Android app markets and the lack of security testing, malware authors commonly plagiarize Android applications (e.g., through code reuse and repackaging) boosting the amount of malware on the markets and consequently the infection rate. In this study, we present AndroidSOO, a lightweight approach for the detection of repackaging symptoms on Android apps. In this work, we introduce and explore novel and easily extractable attribute called String Offset Order. Extractable from string identifiers list in the .dex file, the method is able to pinpoint symptoms of reverse engineered Android apps without the need for complex further analysis. We performed extensive evaluation of String Order metric to assess its capabilities on datasets made available by three recent studies: Android Malware Genome Project, DroidAnalytics and Drebin. We also performed a large-scale study of over 5,000 Android applications extracted from Google Play market and over 80 000 samples from Virus Total service.
Keywords: Android, malware, privacy (ID#: 15-5572)


Jonathan Voris, Jill Jermyn, Nathaniel Boggs, Salvatore Stolfo; “Fox in the Trap: Thwarting Masqueraders via Automated Decoy Document Deployment;” EuroSec '15 Proceedings of the Eighth European Workshop on System Security, April 2015, Article No.3. Doi: 10.1145/2751323.2751326
Abstract: Organizations face a persistent challenge detecting malicious insiders as well as outside attackers who compromise legitimate credentials and then masquerade as insiders. No matter how good an organization's perimeter defenses are, eventually they will be compromised or betrayed from the inside. Monitored decoy documents (honey files with enticing names and content) are a promising approach to aid in the detection of malicious masqueraders and insiders. In this paper, we present a new technique for decoy document distribution that can be used to improve the scalability of insider detection. We develop a placement application that automates the deployment of decoy documents and we report on two user studies to evaluate its effectiveness. The first study indicates that our automated decoy distribution tool is capable of strategically placing decoy files in a way that offers comparable security to optimal manual deployment. In the second user study, we measure the frequency that normal users access decoy documents on their own systems and show that decoy files do not significantly interfere with normal user tasks.
Keywords: decoy, honey files, insider threat, masquerade detection (ID#: 15-5573)


Stephanos Matsumoto, Pawel Szalachowski, Adrian Perrig; “Deployment Challenges In Log-Based PKI Enhancements;” EuroSec '15 Proceedings of the Eighth European Workshop on System Security, April 2015, Article No.1. Doi: 10.1145/2751323.2751324
Abstract: Log-based PKI enhancements propose to improve the current TLS PKI by creating public logs to monitor CA operations, thus providing transparency and accountability. In this paper we take the first steps in studying the deployment process of log-based PKI enhancements in two ways. First, we model the influences that parties in the PKI have to incentivize one another to deploy a PKI enhancement, and determine that potential PKI enhancements should focus their initial efforts on convincing browser vendors to deploy. Second, as a promising vendor-based solution we propose deployment status filters, which use a Bloom filter to monitor deployment status and efficiently defend against downgrade attacks from the enhanced protocol to the current TLS PKI. Our results provide promising deployment strategies for log-based PKI enhancements and raise additional questions for further fruitful research.
Keywords: Bloom filters, deployment, public-key infrastructures (ID#: 15-5574)


Jan Spooren, Davy Preuveneers, Wouter Joosen; “Mobile Device Fingerprinting Considered Harmful For Risk-Based Authentication;” EuroSec '15 Proceedings of the Eighth European Workshop on System Security, April 2015, Article No.6. Doi: 10.1145/2751323.2751329
Abstract: In this paper, we present a critical assessment of the use of device fingerprinting for risk-based authentication in a state-of-practice identity and access management system. Risk-based authentication automatically elevates the level of authentication whenever a particular risk threshold is exceeded. Contemporary identity and access management systems frequently leverage browser-based device fingerprints to recognize trusted devices of a certain individual. We analyzed the variability and the predictability of mobile device fingerprints. Our research shows that particularly for mobile devices the fingerprints carry a lot of similarity, even across models and brands, making them less reliable for risk assessment and step-up authentication.
Keywords: authentication, device fingerprinting, fraud detection, risk (ID#: 15-5575)


Valentin Tudor, Magnus Almgren, Marina Papatriantafilou; “A Study on Data De-Pseudonymization in the Smart Grid;”  EuroSec '15 Proceedings of the Eighth European Workshop on System Security, April 2015, Article No.2. Doi: 10.1145/2751323.2751325
Abstract: In the transition to the smart grid, the electricity networks are becoming more data intensive with more data producing devices deployed, increasing both the opportunities and challenges in how the collected data are used. For example, in the Advanced Metering Infrastructure (AMI) the devices and their corresponding data give more information about the operational parameters of the environment but also details about the habits of the people living in the houses monitored by smart meters. Different anonymization techniques have been proposed to minimize privacy concerns, among them the use of pseudonyms. In this work we return to the question of the effectiveness of pseudonyms, by investigating how a previously reported methodology for de-pseudonymization performs given a more realistic and larger dataset than was previously used. We also propose and compare the results with our own simpler de-pseudonymization methodology.  Our results indicate, not surprisingly, that large realistic datasets are very important to properly understand how an experimental method performs. Results based on small datasets run the risk of not being generalizable. In particular, we show that the number of re-identified households by breaking pseudonyms is dependent on the size of the dataset and the period where the pseudonyms are constant and not changed. In the setting of the smart grid, results will even vary based on the season when the dataset was captured. Knowing that relative simple changes in the data collection procedure may significantly increase the resistance to de-anonymization attacks will help future AMI deployments.
Keywords: AMI data de-pseudonymization, AMI privacy, smart grid data (ID#: 15-5576)


Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.