Mobile devices such as smartphones and Internet tablets have achieved computing and networking capabilities comparable to traditional personal computers. Their successful consumerization has also become a source of pain for adopting users and organizations. For example, the widespread presence of information-stealing applications raises substantial security and privacy concerns. The operating systems supporting these new devices have both advantages and disadvantages with respect to security. On one hand, they use application sandboxing to contain exploits and limit privileges given to malware. On the other hand, they routinely collect and organize many forms of security- and privacy-sensitive information and make that information easily accessible to third-party applications.

Recognizing smartphone security and privacy as an emerging area, this workshop intends to provide a venue for interested researchers and practitioners to get together and exchange ideas. The workshop will deepen our understanding of various security and privacy issues on smartphones. Topics of interest include (but are not limited to) the following subject categories:

We also would like to especially encourage novel paradigms and controversial ideas that are not on the above list. The workshop is to act as a venue for creative debate and interaction in security- and privacy-sensitive areas of computing and communication impacted by smartphones.

Important Dates

Manuscript Submission (extended): July 30, 2014 (11:59 PM Samoa Time UTC-11)
Acceptance Notification: August 25, 2014
Final Manuscript due: September 7, 2014
Workshop Date: Friday, November 7, 2014


Authors are invited to submit either Full Research Papers (of up to 12 pages) or Short Papers (of up to 6 pages). Full Research Papers that present relatively complete and mature research results on security and privacy in smartphones and mobile devices are solicited. Short Papers that define new problems in security and privacy related to smartphones and mobile devices or provide inspiring visions are also solicited.

Submissions must be in double-column ACM format (available at the ACM Website) with a font no smaller than 9 point. Only PDF files will be accepted. Submissions need to have their pages numbered and should not substantially overlap with papers that have been published or that are simultaneously submitted to a journal or a conference with proceedings. All authors and their affiliations must be listed. Each accepted paper must be presented by one registered author. Submissions not meeting these guidelines risk rejection without consideration of their merits. Accepted papers will be published by the ACM Press and/or the ACM Digital Library.

The submission website is here.

For questions, email

Organizing Commitees

Program Co-chairs

Kapil Singh, IBM Research
Zhenkai Liang, National University of Singapore

Technical Program Committee

Hao Chen, University of California, Davis
Mihai Christodorescu, Qualcomm Research Silicon Valley
Matt Fredrikson, University of Wisconsin
Debin Gao, Singapore Management University
Guofei Gu, Texas A&M University
Markus Jakobsson, Qualcomm Research Silicon Valley
Suman Jana, Stanford University
Jaeyeon Jung, Microsoft Research
Larry Koved, IBM Research
Long Lu, Stony Brook University
William Robertson, Northeastern University
Ahmad-Reza Sadeghi, TU Darmstadt and Intel Research Institute for Secure Computing at TU Darmstadt
Tielei Wang, Georgia Institute of Technology
Tao Wei, FireEye
Heng Yin, Syracuse University

Steering Committee

N. Asokan, Aalto University and University of Helsinki
William Enck, North Carolina State University
Xuxian Jiang, North Carolina State University
Patrick Traynor, University of Florida


To register for the SPSM 2014 workshop, please click here (the link will redirect you to the ACM CCS registration website)

Technical Program

Note that the below schedule is tentative.

Friday, November 7, 2014

7:30 - 8:30 Breakfast
8:30 - 8:35 Welcome: William Enck (North Carolina State University)
8:35 - 9:45 Keynote: Peng Ning, Vice President, Enterprise Security at Samsung Research America Session Chair: William Enck (North Carolina State University)
Title: Samsung KNOX and Enterprise Mobile Security

Abstract: The industry has been looking for a trustworthy mobile platform as smart phones and tablets are increasingly a part of people's daily life. I was fortunate to join the Samsung KNOX team and lead the R&D engineers to build the Samsung KNOX platform for mobile devices. As one of the most trusted mobile platforms today, Samsung KNOX has won a number of recognitions for its security features, such as US DoD STIG, Common Criteria MDFPP certification, and UK Government CESG EUD Guidance. In this talk, we will present some key KNOX features, such as SE Android, application container, and TIMA features such as trusted boot, remote attestation, key store, Client Certificate Manager (CCM), and real-time kernel protection.

Bio: Dr. Peng Ning is Vice President, Enterprise Security at Samsung Research America, leading the Samsung KNOX R&D team in Santa Clara, CA. His team has successfully developed and/or commercialized multiple mobile security features for Android, including TrustZone-based Integrity Measurement Architecture (TIMA), which offers real-time kernel protection, trusted boot, remote attestation, TrustZone-based key store and client certificate management, as well as smart card support, SE for Android, application container, VPN framework, and universal MDM support, all available through Samsung KNOX. More information on Samsung KNOX can be found at Peng is currently on leave from North Carolina State University, where he is Professor in the Department of Computer Science in College of Engineering.

09:45 - 10:30 Technical Session I: Attacks I
Session Chair: William Enck (North Carolina State University)
QR Inception: Barcode-in-Barcode Attacks
Adrian Dabrowski (SBA Research), Katharina Krombholz (SBA Research), Johanna Ullrich (SBA Research) and Edgar Weippl (Austria Vienna University of Technology)
(Short paper) Denial-of-App Attack: Inhibiting the Installation of Android Apps on Stock Phones
Steven Arzt (EC SPRIDE), Stephan Huber (Fraunhofer SIT), Siegfried Rasthofer (TU Darmstadt) and Eric Bodden (Fraunhofer SIT and TU Darmstadt)
10:30 - 11:00 Coffee Break
11:00 - 12:30 Technical Session II: Analysis
Session Chair: Elaine Shi (University of Maryland)
Analysis of secure key storage solutions on Android
Tim Cooijmans (Simplendi), Joeri de Ruiter (Radboud University Nijmegen) and Erik Poll (Radboud Universiteit Nijmegen)
LazyTainter: Memory-Efficient Taint Tracking in Managed Runtimes
Zheng Wei (University of Toronto) and David Lie (University of Toronto)
A5: Automated Analysis of Adversarial Android Applications
Timothy Vidas (Carnegie Mellon University), Jiaqi Tan (Carnegie Mellon University), Jay Nahata (Carnegie Mellon University), Chaur-Lih Tan (Carnegie Mellon University), Nicolas Christin (Carnegie Mellon University) and Patrick Tague (Carnegie Mellon University)
12:30 - 14:00 Lunch
14:00 - 15:15 Technical Session III: Attacks II
Session Chair: Siegfried Rasthofer (TU Darmstadt)
PIN Skimming: Exploiting the Ambient-Light Sensor in Mobile Devices
Raphael Spreitzer (Austria Graz University of Technology)
Your Voice Assistant is Mine: How to Abuse Speakers to Steal Information and Control Your Phone
Wenrui Diao (The Chinese University of Hong Kong), Xiangyu Liu (The Chinese University of Hong Kong), Zhe Zhou (The Chinese University of Hong Kong) and Kehuan Zhang (The Chinese University of Hong Kong)
(Short Paper) Stalking Beijing from Timbuktu: A Generic Measurement Approach for Exploiting Location-Based Social Discovery
Yuan Ding (New York University, Polytechnic School of Engineering), Sai Teja Peddinti (New York University, Polytechnic School of Engineering) and Keith Ross (New York University, Polytechnic School of Engineering)
15:15 - 15:45 Coffee Break
15:45 - 17:00 Technical Session IV: Defenses
Session Chair: David Lie (University of Toronto)
Efficient Smart Phone Forensics Based on Relevance Feedback
Saksham Varma (UMass Amherst), Robert J. Walls (UMass Amherst), Brian Lynn (UMass Amherst) and Brian N. Levine (UMass Amherst)
Cassandra: Towards a Certifying App Store for Android
Steffen Lortz (TU Darmstadt), Heiko Mantel (TU Darmstadt), Artem Starostin (TU Darmstadt), Timo Bähr (TU Darmstadt), David Schneider (TU Darmstadt) and Alexandra Weber (TU Darmstadt)
(Short Paper) OASIS: Operational Access Sandboxes for Information Security
Mauro Conti (Università di Padova), Earlence Fernandes (University of Michigan), Justin Paupore (University of Michigan), Atul Prakash (University of Michigan) and Daniel Simionato (Università di Padova)
17:00 - 17:05 Closing Remarks: William Enck (North Carolina State University)