Invited Talks

Invited Speaker: Kui Ren
Homepage: http://www.acsu.buffalo.edu/~kuiren/

Affiliation: Department of Computer Science and Engineering University at Buffalo, State University of New York

Talk title: All Your Location are Belong to Us: Breaking Mobile Social Networks for Automated User Location Tracking.

Abstract:

Location-based social networks (LBSNs) feature location-based friend discovery services attracting hundreds of millions of active users world-wide. While leading LBSN providers claim the well-protection of their users’ location privacy, in this talk we show for the first time through real world attacks that these claims do not hold after summarizing the existing practices from the industry. In our identified attacks, a malicious individual with the capability of no more than a regular LBSN user can easily break most LBSNs by manipulating location information fed to LBSN client apps and running them as location oracles. I will further talk about the development of an automated user location tracking system based on the proposed attack and its test on leading LBSNs including Wechat, Skout, and Momo. Real-world experiments on 30 volunteers and the defense approaches will also be discussed. These findings serve as a critical security reminder of the current LBSNs pertaining to a vast number of users.


 

Invited Speaker: Jean-Louis Lanet
Homepage: http://secinfo.msi.unilim.fr/lanet/

Talk title: Survey of recent software attacks and their mitigation against secure element.

Abstract:

Smart cards have been considered for a long time a secure container for storing secret data and executing programs that manipulate them without leaking any information. In the last decade a new form of attack that uses the hardware has been intensively studied. We suggested to pay attention also to cheaper attacks that use only software. We demonstrated through several proof of concepts that such an approach should be a threat under some hypotheses. We have been able to execute self-modifying code, return address programming and so on. Recently we demonstrated that the strong hypothesis can be relaxed thanks to combined attacks. Then all the already published attacks should have been a threat but the industry increased the counter measures to mitigate each of the published attack. In such a sensitive domain, we always submit the attacks to the industry partners before publishing any attack.

Quick Information

Registration is closed

FPS Program

Symposium date/place:
3rd-5th November 2014, Montréal, Canada

Submission deadline:
August 11th, 2014,

Acceptance Notification:
September 7th, 2014

Camera ready:
September 15th, 2014