Mobile devices such as smartphones and Internet tablets have achieved computing and networking capabilities comparable to traditional personal computers. Their successful consumerization has also become a source of pain for adopting users and organizations. For example, the widespread presence of information-stealing applications raises substantial security and privacy concerns. The operating systems supporting these new devices have both advantages and disadvantages with respect to security. On one hand, they use application sandboxing to contain exploits and limit privileges given to malware. On the other hand, they routinely collect and organize many forms of security- and privacy-sensitive information and make that information easily accessible to third-party applications.
Recognizing smartphone security and privacy as an emerging area, this workshop intends to provide a venue for interested researchers and practitioners to get together and exchange ideas. The workshop will deepen our understanding of various security and privacy issues on smartphones. Topics of interest include (but are not limited to) the following subject categories:
- Device/hardware security
- OS/Middleware security
- Application security
- Authenticating users to devices and services
- Mobile Web Browsers
- Usability
- Privacy
- Rogue application detection and recovery
- Vulnerability detection and remediation
- Secure application development
- Cloud support for mobile security
We also would like to especially encourage novel paradigms and controversial ideas that are not on the above list. The workshop is to act as a venue for creative debate and interaction in security- and privacy-sensitive areas of computing and communication impacted by smartphones.
Important Dates
| Manuscript Submission (extended): | July 30, 2014 (11:59 PM Samoa Time UTC-11) |
| Acceptance Notification: | August 25, 2014 |
| Final Manuscript due: | September 7, 2014 |
| Workshop Date: | Friday, November 7, 2014 |
Submissions
Authors are invited to submit either Full Research Papers (of up to 12 pages) or Short Papers (of up to 6 pages). Full Research Papers that present relatively complete and mature research results on security and privacy in smartphones and mobile devices are solicited. Short Papers that define new problems in security and privacy related to smartphones and mobile devices or provide inspiring visions are also solicited.
Submissions must be in double-column ACM format (available at the ACM Website) with a font no smaller than 9 point. Only PDF files will be accepted. Submissions need to have their pages numbered and should not substantially overlap with papers that have been published or that are simultaneously submitted to a journal or a conference with proceedings. All authors and their affiliations must be listed. Each accepted paper must be presented by one registered author. Submissions not meeting these guidelines risk rejection without consideration of their merits. Accepted papers will be published by the ACM Press and/or the ACM Digital Library.
The submission website is here.
For questions, email spsm2014@easychair.org.
Organizing Commitees
Program Co-chairs
Kapil
Singh, IBM Research
Zhenkai Liang, National
University of Singapore
Technical Program Committee
Hao Chen, University of California, Davis
Mihai Christodorescu, Qualcomm Research Silicon Valley
Matt Fredrikson, University of Wisconsin
Debin Gao, Singapore Management University
Guofei Gu, Texas A&M University
Markus Jakobsson, Qualcomm Research Silicon Valley
Suman Jana, Stanford University
Jaeyeon Jung, Microsoft Research
Larry Koved, IBM Research
Long Lu, Stony Brook University
William Robertson, Northeastern University
Ahmad-Reza Sadeghi, TU Darmstadt and Intel Research Institute for Secure
Computing at TU Darmstadt
Tielei Wang, Georgia Institute of Technology
Tao Wei, FireEye
Heng Yin, Syracuse University
Steering Committee
N. Asokan, Aalto University and
University of Helsinki
William Enck, North Carolina State
University
Xuxian Jiang, North
Carolina State University
Patrick Traynor, University of
Florida
Registration
To register for the SPSM 2014 workshop, please click here (the link will redirect you to the ACM CCS registration website)
Technical Program
Note that the below schedule is tentative.
Friday, November 7, 2014
| 7:30 - 8:30 | Breakfast |
| 8:30 - 8:35 | Welcome: William Enck (North Carolina State University) |
| 8:35 - 9:45 | Keynote: Peng Ning, Vice President, Enterprise Security at Samsung Research America Session Chair: William Enck (North Carolina State University) |
| Title: Samsung KNOX and Enterprise Mobile Security
Abstract: The industry has been looking for a trustworthy mobile platform as smart phones and tablets are increasingly a part of people's daily life. I was fortunate to join the Samsung KNOX team and lead the R&D engineers to build the Samsung KNOX platform for mobile devices. As one of the most trusted mobile platforms today, Samsung KNOX has won a number of recognitions for its security features, such as US DoD STIG, Common Criteria MDFPP certification, and UK Government CESG EUD Guidance. In this talk, we will present some key KNOX features, such as SE Android, application container, and TIMA features such as trusted boot, remote attestation, key store, Client Certificate Manager (CCM), and real-time kernel protection. Bio: Dr. Peng Ning is Vice President, Enterprise Security at Samsung Research America, leading the Samsung KNOX R&D team in Santa Clara, CA. His team has successfully developed and/or commercialized multiple mobile security features for Android, including TrustZone-based Integrity Measurement Architecture (TIMA), which offers real-time kernel protection, trusted boot, remote attestation, TrustZone-based key store and client certificate management, as well as smart card support, SE for Android, application container, VPN framework, and universal MDM support, all available through Samsung KNOX. More information on Samsung KNOX can be found at http://www.samsungknox.com. Peng is currently on leave from North Carolina State University, where he is Professor in the Department of Computer Science in College of Engineering. |
|
| 09:45 - 10:30 | Technical Session I: Attacks I Session Chair: William Enck (North Carolina State University) |
| QR Inception: Barcode-in-Barcode Attacks Adrian Dabrowski (SBA Research), Katharina Krombholz (SBA Research), Johanna Ullrich (SBA Research) and Edgar Weippl (Austria Vienna University of Technology) |
|
| (Short paper) Denial-of-App Attack: Inhibiting the Installation of
Android Apps on Stock Phones Steven Arzt (EC SPRIDE), Stephan Huber (Fraunhofer SIT), Siegfried Rasthofer (TU Darmstadt) and Eric Bodden (Fraunhofer SIT and TU Darmstadt) |
|
| 10:30 - 11:00 | Coffee Break |
| 11:00 - 12:30 | Technical Session II: Analysis Session Chair: Elaine Shi (University of Maryland) |
| Analysis of secure key storage solutions on Android Tim Cooijmans (Simplendi), Joeri de Ruiter (Radboud University Nijmegen) and Erik Poll (Radboud Universiteit Nijmegen) |
|
| LazyTainter: Memory-Efficient Taint Tracking in Managed
Runtimes Zheng Wei (University of Toronto) and David Lie (University of Toronto) |
|
| A5: Automated Analysis of Adversarial Android Applications Timothy Vidas (Carnegie Mellon University), Jiaqi Tan (Carnegie Mellon University), Jay Nahata (Carnegie Mellon University), Chaur-Lih Tan (Carnegie Mellon University), Nicolas Christin (Carnegie Mellon University) and Patrick Tague (Carnegie Mellon University) |
|
| 12:30 - 14:00 | Lunch |
| 14:00 - 15:15 | Technical Session III: Attacks II Session Chair: Siegfried Rasthofer (TU Darmstadt) |
| PIN Skimming: Exploiting the Ambient-Light Sensor in Mobile
Devices Raphael Spreitzer (Austria Graz University of Technology) |
|
| Your Voice Assistant is Mine: How to Abuse Speakers to Steal
Information and Control Your Phone Wenrui Diao (The Chinese University of Hong Kong), Xiangyu Liu (The Chinese University of Hong Kong), Zhe Zhou (The Chinese University of Hong Kong) and Kehuan Zhang (The Chinese University of Hong Kong) |
|
| (Short Paper) Stalking Beijing from Timbuktu: A Generic
Measurement Approach for Exploiting Location-Based Social
Discovery Yuan Ding (New York University, Polytechnic School of Engineering), Sai Teja Peddinti (New York University, Polytechnic School of Engineering) and Keith Ross (New York University, Polytechnic School of Engineering) |
|
| 15:15 - 15:45 | Coffee Break |
| 15:45 - 17:00 | Technical Session IV: Defenses Session Chair: David Lie (University of Toronto) |
| Efficient Smart Phone Forensics Based on Relevance Feedback Saksham Varma (UMass Amherst), Robert J. Walls (UMass Amherst), Brian Lynn (UMass Amherst) and Brian N. Levine (UMass Amherst) |
|
| Cassandra: Towards a Certifying App Store for Android Steffen Lortz (TU Darmstadt), Heiko Mantel (TU Darmstadt), Artem Starostin (TU Darmstadt), Timo Bähr (TU Darmstadt), David Schneider (TU Darmstadt) and Alexandra Weber (TU Darmstadt) |
|
| (Short Paper) OASIS: Operational Access Sandboxes for Information
Security Mauro Conti (Università di Padova), Earlence Fernandes (University of Michigan), Justin Paupore (University of Michigan), Atul Prakash (University of Michigan) and Daniel Simionato (Università di Padova) |
|
| 17:00 - 17:05 | Closing Remarks: William Enck (North Carolina State University) |