CCSW 2010: The ACM Cloud Computing Security Workshop
in conjunction with the 17th ACM Conference on Computer and Communications Security (CCS)
8 October 2010, Hyatt Regency Chicago, Chicago, IL


Conference Program (preliminary) - all sessions held in room Acapulco


07:30 - 08:20


08:20 - 08:25

Chair's Welcome and Opening Remarks

08:25 - 09:10

Session: New Paradigms (Chair: Cliff Wang, USARO)

SHORT PAPER: "Authentication in the Clouds: A Framework and its Application to Mobile Users", Richard Chow (PARC), Markus Jakobsson (FatSkunk), Ryusuke Masuoka (Fujitsu Labs of America), Jesus Molina (Fujitsu Labs of America), Yuan Niu (UC Davis), Elaine Shi (PARC), Zhexuan Song (Fujitsu Labs of America)

SHORT PAPER: "Content Oriented Virtual Domains For Secure Information Sharing Across Organizations", Takayuki Sasaki (NEC Corporation), Masayuki Nakae (NEC Corporation), Ryuichi Ogawa (NEC Corporation)

SHORT PAPER: "Towards a Discipline of Mission-Aware Cloud Computing", Ravi Sandhu (University of Texas at San Antonio), Raj Boppana (University of Texas at San Antonio), Ram Krishnan (University of Texas at San Antonio), Jeff Reich (University of Texas at San Antonio), Todd Wolff (University of Texas at San Antonio), Josh Zachary (University of Texas at San Antonio)

09:10 - 09:15

Short Break

09:15 - 10:00

Invited Talk: Leendert van Doorn, AMD


Title: TBD

Abstract: TBD

10:00 - 10:30

Coffee Break (Comiskey)

10:30 - 11:25

Session: Verification and Integrity (Chair: Peng Ning, NC State)

"Venus: Verification for Untrusted Cloud Storage", Alexander Shraer (Department of Electrical Engineering, Technion), Christian Cachin (IBM Research - Zurich), Asaf Cidon (Department of Electrical Engineering, Technion), Idit Keidar (Department of Electrical Engineering, Technion), Yan Michalevsky (Department of Electrical Engineering, Technion), Dani Shaket (Department of Electrical Engineering, Technion)

"Remote Data Checking for Network Coding-based Distributed Storage Systems", Bo Chen (New Jersey Institute of Technology), Reza Curtmola (New Jersey Institute of Technology), Giuseppe Ateniese (Johns Hopkins University), Randal Burns (Johns Hopkins University)

SHORT PAPER: "Seeding Clouds with Trust Anchors", Joshua Schiffman (Pennsylvania State University), Thomas Moyer (Pennsylvania State University), Hayawardh Vijayakumar (Pennsylvania State University), Trent Jaeger (Pennsylvania State University), Patrick McDaniel (Pennsylvania State University)

11:25 - 11:30

Short Break

11:30 - 12:15

Invited Talk: Eric Grosse, Google Security Engineering Director


Title: Security at Scale

Abstract: Three big security problems I observe are: authentication, malware, and web vulnerabilities. Here's how Google Security Team organizes to battle those.

12:15 - 13:25

Lunch and Mingle (Comiskey)

13:25 - 14:10

Session: Privacy (Chair: Elaine Shi, Palo Alto Research Lab)

SHORT PAPER: "Privacy Preserving EHR System using Attribute-based Infrastructure", Shivaramakrishnan Narayan (University of Calgary), Martin Gagne (University of Calgary), Reihaneh Safavi-Naini (University of Calgary)

SHORT PAPER: "Privacy Preserving Mapping Schemes Supporting Comparison", Qiang Tang (University of Twente)

SHORT PAPER: "HengHa: Data Harvesting Detection on Hidden Databases", Shiyuan Wang (UC Santa Barbara), Divyakant Agrawal (UC Santa Barbara), Amr El Abbadi (UC Santa Barbara)

14:10 - 14:15

Short Break

14:15 - 15:00

Invited Talk: Michael Waidner, IBM CTO for Security, Distinguished Engineer


Title: IBM perspective on Cloud Computing and the Security Implications

Abstract: The presentation will provide a brief introduction into Cloud computing, highlighting different cloud patterns and the role of security in Cloud Computing. The speaker will then share a forward thinking view of security application to clouds, focusing on a Workload driven approach to cloud implementation. The presentation will close with real examples of Cloud infrastructure security models applied to common cloud architectures, as well as a brief introduction to tools IBM offers to help Securely implement cloud computing.

15:00 - 15:05

Short Break

15:05 - 15:45

Session: Vulnerabilities (1) (Chair: Cristina Nita-Rotaru, Purdue University)

"A new form of DOS attack in a cloud and its prevention mechanism", Huan Liu (Accenture Technology Labs)

"Towards Incident Handling in the Cloud: Challenges and Approaches", Bernd Grobauer (Siemens CERT), Thomas Schreck (Siemens CERT)

15:45 - 16:10

Coffee Break (Comiskey)

16:10 - 17:00

Session: Vulnerabilities (2) (Chair: Mihai Christodorescu, IBM Research)

"First Principles Vulnerability Assessment",   James A. Kupsch (University of Wisconsin), Barton P. Miller (University of Wisconsin), Elisa Heymann (Universitat Autonoma de Barcelona), Eduardo Cesar (Universitat Autonoma de Barcelona)

"Security Audits of Multi-tier Virtual Infrastructures in Public Infrastructure Clouds", Soren Bleikertz (IBM Research Zurich), Matthias Schunter (IBM Research Zurich), Christian W. Probst (Technical University of Denmark), Dimitrios Pendarakis (IBM T.J. Watson Research Center), Konrad Eriksson (InfraSight Labs)

SHORT PAPER: Determining Timing Channels in Compute Clouds", Amittai Aviram (Yale University), Sen Hu (Yale University), Bryan Ford (Yale University), Ramakrishna Gummadi (University of Massachusetts Amherst)