Mobile devices such as smartphones and Internet tablets have achieved computing and networking capabilities comparable to traditional personal computers. Their successful consumerization has also become a source of pain for adopting users and organizations. For example, the widespread presence of information-stealing applications raises substantial security and privacy concerns. The operating systems supporting these new devices have both advantages and disadvantages with respect to security. On one hand, they use application sandboxing to contain exploits and limit privileges given to malware. On the other hand, they routinely collect and organize many forms of security- and privacy-sensitive information and make that information easily accessible to third-party applications.
Recognizing smartphone security and privacy as an emerging area, this workshop intends to provide a venue for interested researchers and practitioners to get together and exchange ideas. Topics of interest include (but are not limited to) the following subject categories:
- Device/hardware security
- OS/Middleware security
- Application security
- Authenticating users to devices and services
- Mobile Web Browsers
- Usability
- Privacy
- Rogue application detection and recovery
- Vulnerability detection and remediation
- Secure application development
- Cloud support for mobile security
- Mobile device management
- Dual persona management and isolation
We also encourage novel paradigms and controversial ideas that are not on the above list. The workshop is to act as a venue for creative debate and interaction in security- and privacy-sensitive areas of computing and communication impacted by smartphones. We will favor submissions that are radical, forward-looking, and open-ended, as opposed to mature work on the verge of conference publication. Submissions that discuss a real-world problem without a solution are encouraged.
Important Dates
|
|
13th of June, 2015, 05:00 UTC - Passed |
| Acceptance Notification: | 18th of July, 2015 |
| Final Manuscript due: | 28th of July, 2015 |
| Workshop Date: | 12th of October, 2015 |
Submissions
The submission deadline has now passed and no further submissions will be accepted.
Authors were invited to submit either
- Full research papers (up to 12 pages including references) that present relatively complete and mature research results on security and privacy in smartphones and mobile devices;
- Short Papers (up to 6 pages including references) that define new problems in security and privacy related to smartphones and mobile devices, or provide inspiring visions; or
- Discussion panel proposals (up to 6 pages including references) that include a proposed topic and list of panel members who are willing to attend and participate.
Submissions must be in double-column ACM format (available at the ACM Website) with a font no smaller than 9 point. Only PDF files will be accepted. Submissions need to have their pages numbered and should not substantially overlap with papers that have been published or that are simultaneously submitted to a journal or a conference with proceedings. All authors and their affiliations must be listed. Each accepted paper must be presented by one registered author. Submissions not meeting these guidelines risk rejection without consideration of their merits. Accepted papers will be published by the ACM Press and/or the ACM Digital Library.
The submission website is CCS-SPSM 2015 in Easychair.
For questions, email ccsspsm2015@easychair.org.
Organizing Committees
Program Co-chairs
- David Lie, University of Toronto
- Glenn Wurster, BlackBerry
Technical Program Committee
- David Barrera, ETH Zurich
- Alastair Beresford, University of Cambridge
- Eric Bodden, TU Darmstadt
- Hao Chen, UC Davis
- Mark Contois, Amazon/Lab126
- Eyal de Lara, University of Toronto
- Vijay Ganesh, University of Waterloo
- Guofei Gu, Texas A&M University
- Suman Jana, Stanford University
- Mohammad Mannan, Concordia University
- Franziska Roesner, U of Washington
- Fred Rush, Coherent Logix
- Stefan Saroiu, Microsoft Research
- Natalie Silvanovich, Google
- Paul Theriault, Mozilla
- Rob Wood, NCC Group
Steering Committee
- N. Asokan, Aalto University and University of Helsinki
- William Enck, North Carolina State University
- Xuxian Jiang, North Carolina State University
- Patrick Traynor, University of Florida
Registration
To register for the SPSM 2015 workshop, please visit the CCS2015 Registration website. Registering for the Monday workshops is sufficient to register for SPSM 2015.
Technical Program - Monday October 12th, 2015
The below schedule is based on the ACM CCS schedule. Each technical presentation is scheduled for 25 minutes plus 5 minutes for questions.
| 6:45 - 8:00 | Breakfast |
|---|---|
| 8:00 - 8:20 | Opening Remarks & Logistics |
| 8:20 - 9:00 | Break (Setup) |
| 9:00 - 9:10 | Welcome: David Lie (University of Toronto) and Glenn Wurster (BlackBerry) |
| 9:10 - 10:20 | Keynote: Alex Manea (BlackBerry) |
|
The Past, Present, and Future of Digital Privacy Abstract: Communication technologies have evolved immensely over the past 20 years, with the Internet removing physical borders and mobility keeping us always connected. But privacy technologies, standards and legislation have struggled to keep up. This talk will look at the evolution of online privacy through the lens of users, government and private industry. We will examine where we are today, how we got here, and most importantly how we move forward in a way that protects consumer privacy without stifling innovation. Last but not least, we will discuss the viability and importance of public/private partnerships in solving issues related to online privacy. Bio: Alex Manea is a Director of BlackBerry Security. He is a founding member of the group that has made BlackBerry synonymous with mobile security. Alex has looked after BlackBerry product security for over 9 years, including BlackBerry smartphones, BES and BBM. He is a Certified Software Security Lifecycle Professional and has an Honors degree in Systems Design Engineering from the University of Waterloo. |
|
| 10:20 - 11:00 | Break |
| 11:00 - 12:30 |
Technical Session: Application Isolation Session Chair: Alastair Beresford (University of Cambridge) |
|
Android Rooting: Methods, Detection, and Evasion San-Tsai Sun (University of British Columbia), Andrea Cuadros (University of British Columbia), Konstantin Beznosov (University of British Columbia) |
|
|
PrivacyGuard: A VPN-based Platform to Detect Information Leakage on Android Devices Yihang Song (University of Waterloo), Urs Hengartner (University of Waterloo) |
|
|
NJAS: sandboxing unmodified applications in non-rooted devices running stock Android Antonio Bianchi (University of California, Santa Barbara), Yanick Fratantonio (University of California, Santa Barbara), Christopher Kruegel (University of California, Santa Barbara), Giovanni Vigna (University of California, Santa Barbara) |
|
| 12:30 - 2:00 | Lunch |
| 2:00 - 3:30 |
Technical Session: Privacy Session Chair: TBD |
|
AutoPPG: Automated Generation of Privacy Policy for Android Applications Le Yu (The Hong Kong Polytechnic University), Tao Zhang (The Hong Kong Polytechnic University), Xiapu Luo (The Hong Kong Polytechnic University), Lei Xue (The Hong Kong Polytechnic University) |
|
|
Supporting Privacy-Conscious App Update Decisions with User Reviews Yuan Tian (Carnegie Mellon University), Bin Liu (Carnegie Mellon University), Weisi Dai (Google), Blase Ur (Carnegie Mellon University), Patrick Tague (Carnegie Mellon University), Lorrie Faith Cranor (Carnegie Mellon University) |
|
|
The Impact of Timing on the Salience of Smartphone App Privacy Notices Rebecca Balebako (Carnegie Mellon University), Florian Schaub (Carnegie Mellon University), Idris Adjerid (Notre Dame University), Alessandro Acquisti (Carnegie Mellon University), Lorrie Cranor (Carnegie Mellon University)
|
|
| 3:30 - 4:00 | Break |
| 4:00 - 5:30 |
Technical Session: Android Framework Session Chair: TBD |
|
(Short Paper) Context-Specific Access Control: Conforming Permissions With User Expectations Amir Rahmati (University of Michigan), Harsha V. Madhyastha (University of Michigan) |
|
|
(Short Paper) Understanding the Service Life Cycle of Android Apps: An Exploratory Study Kobra Khanmohammadi (Concordia University), Mohammad Reza Rejali (Concordia University), Abdelwahab Hamou-Lhadj (Concordia University) |
|
|
Security Metrics for the Android Ecosystem Daniel Thomas (University of Cambridge), Alastair Beresford (University of Cambridge), Andrew Rice (University of Cambridge) |