Information Security Theory and Practice

This volume constitutes the refereed proceedings of the 9th IFIP WG 11.2 International Conference(formerly Workshop) on Information Security Theory and Practices, WISTP 2015, held in Heraklion, Crete, Greece, in August 2015. The 14 revised full papers and 4 short papers presented together were carefully reviewed and selected from 52 submissions. WISTP 2015 sought original submissions from academia and industry presenting novel research on all theoretical and practical aspects of security and privacy, as well as experimental studies of elded systems, the application of security technology, the implementation of systems, and lessons learned. We encouraged submissions from other communities such as law, business, and policy that present these communities' perspectives on technological issues.

Inhalt

Security and Privacy Services.- On Secrecy Amplification Protocols.- Privacy-respecting Auctions as Incentive Mechanisms in Mobile Crowd Sensing.- Electrical Heart Signals can be Monitored from the Moon: Security Implications for IPI-based Protocols.- Private Minutia-based Fingerprint Matching.- Secure Resource Sharing and Access Control.- Secure Resource Sharing for Embedded Protected Module Architectures.- Secure Obfuscation of Authoring Style.- DET-ABE: a Java API for data confidentiality and fine-grained access control from Attribute Based Encryption.- WSACd - A Usable Access Control Framework for Smart Home Devices.-Secure Devices and Execution Environment.- Automatic Top-down Role Engineering Framework Using Natural Language Processing Techniques.- Practical and Privacy-Preserving TEE Migration.- Randomizing the Montgomery Powering Ladder.- Challenges of Security and Reliability.- How Current Android Malware Seeks to Evade Automated Code Analysis.- On linkability and malleability in self-blindable credentials.- Device Synchronisation: A Practical Limitation on Reader Assisted Jamming Methods for RFID Confidentiality.- Short Papers.- Normalizing Security Events with a Hierarchical Knowledge Base.- Attack Tree Generation by Policy Invalidation.- Lightweight Password Hashing Scheme for Embedded Systems.- Secure and Authenticated Access to LLN Resources Through Policy Constraints.