GI Gesellschaft für Informatik e.V. Vrije Universiteit Amsterdam

Eighth Conference on
Detection of Intrusions and Malware & Vulnerability Assessment

DIMVA 2011

July 7-8th, 2011
Amsterdam, The Netherlands

Conference Program

 7th July (Thursday)
8:30 Registration
9:00 Welcome and Opening Remarks
9:00 Keynote
"Finding concurrency and memory errors in C++ programs", Manuel Costa, Microsoft Research Cambridge

Abstract: Concurrent programming errors arise when threads share data incorrectly. Programmers often avoid these errors by using synchronization to enforce a simple ownership policy: data is either owned exclusively by a thread that can read or write the data, or it is read owned by a set of threads that can read but not write the data. Unfortunately, incorrect synchronization often fails to enforce these policies and memory errors in languages like C and C++ can violate these policies even when synchronization is correct. In this talk, we present a dynamic analysis for checking ownership policies in concurrent C and C++ programs despite memory errors. The analysis can be used to find errors in commodity multi-threaded programs and to prevent attacks that exploit these errors. Our approach enjoys a pleasing modular soundness property: if a thread executes a sequence of statements on variables it owns, the statements are serializable within a valid execution, and thus their effects can be reasoned about in isolation from other threads in the program.
10:15 Coffee Break
10:45 Session: Network Security I
Session chair: Sven Dietrich
10:45 Protecting against DNS reflection attacks with Bloom filters
Sebastiano Di Paola, Dario Lombardo
11:15 Effective Network Vulnerability Assessment through Model Abstraction
Su Zhang, Xinming Ou, John Homer
11:45 Decoy Document Deployment for Effective Masquerade Attack Detection
Malek Ben Salem, Salvatore J. Stolfo
12:15 Lunch
13:15 Invited Talk
"The Quest for Trusted Computing: Promises, Expectations, Practice, and Challenges", Ahmad-Reza Sadeghi, Technische Universitat Darmstadt und Fraunhofer Institute SIT

Abstract: Trusted Computing (TC) aims at providing a framework to establish trust among the components of a heterogeneous computing environment, in particular to detect, mitigate or reduce the impact of malware. A recent industrial initiative towards the realization of TC functionality has been put forward by the Trusted Computing Group (TCG) that published a set of specifications for extending conventional computer architectures with a variety of security-related features and cryptographic mechanisms.
Currently, there is a vast amount of work that goes beyond the TCG approach by either extending it or providing improved alternative solutions. In particular the current trend towards Clouds and the debate on their security celebrates also the reincarnation of Trusted Computing. TC is an emerging enabling technology that can improve the security of computer systems and support policy enforcement beyond own trust boundaries allowing to realize new business models. In this talk, we consider the current state of Trusted Computing and discuss the major problems that impede its practical and widespread deployment in today's computing systems. We discuss what can be done with the Trusted Computing today and present emerging technologies that may soon be available to improve the security of mobile and embedded systems. We then conclude pointing out some of the major challenges for further research.
14:15 Session: Attacks
Session chair: Michael Meier
14:15 Reverse Social Engineering Attacks in Online Social Networks
Danesh Irani, Marco Balduzzi, Davide Balzarotti, Engin Kirda, Calton Pu
14:45 Timing attacks on VoIP PIN input (Short Paper)
Ge Zhang, Simone Fischer-Hübner
15:05 Coffee Break and Poster Session
16:45 Social Event
 8th July (Friday)
9:00 Invited Talk
"Using Traffic Direction Systems to simplify fraud... and complicate investigations!", Max Goncharov, Senior Threat Researcher at Trend Micro

Abstract: Directing traffic to cash in on referrals is a common and legitimate method of making money on the Internet. It should therefore not be surprising that the same is true in the illegitimate world of cybercrime. So-called traffic direction systems (TDSs) have reached a high level of sophistication. Specifically, TDSs present several challenges with regard to malware sample sourcing and malicious URL detection, as these are capable of detecting the use of security tools and often initiate avoidance tactics. In the presentation, we will show how such systems work, how they are utilized by cybercriminals, and what we can do about this.
10:00 Coffee Break
10:30 Session: Web Security
Session chair: Paolo Milani Comparetti
10:30 Biting the hand that serves you: A closer look at client-side Flash proxies for cross-domain requests
Martin Johns, Sebastian Lekies
11:00 Mitigating Cross-Site Form History Spamming Attacks with Domain-based Ranking
Chuan Yue
11:30 Escape from Monkey Island: Evading High-Interaction Honeyclients
Alexandros Kapravelos, Marco Cova, Christopher Kruegel, Giovanni Vigna
12:00 Lunch
13:00 Session: Network Security II
Session chair: Ulrich Flegel
13:00 An Assessment of Overt Malicious Activity Manifest in Residential Network
Gregor Maier, Anja Feldmann, Vern Paxson, Robin Sommer, Matthias Vallentin
13:30 What's Clicking What? Techniques and Innovations of Today's Clickbots
Brad Miller, Paul Pearce, Chris Grier, Christian Kreibich, Vern Paxson
14:00 MISHIMA: Multilateration of Internet hosts hidden using malicious fast-flux agents (Short Paper)
Greg Banks, Aristide Fattori, Richard Kemmerer, Christopher Kruegel, Giovanni Vigna
14:20 Coffee Break
14:50 Session: Host Security
Session chair: Lorenzo Cavallaro
14:50 Code Pointer Masking: Hardening Applications against Code Injection Attacks
Pieter Philippaerts, Yves Younan, Stijn Muylle, Frank Piessens, Sven Lachmund, Thomas Walter
15:20 Operating System Interface Obfuscation and the Revealing of Hidden Operations
Abhinav Srivastava, Andrea Lanzi, Jonathon Giffin, Davide Balzarotti
15:50 Concluding Remarks


The Springer proceedings are already available online.

Refer to the VU campus map to check the conference and workshop locations.

In technical cooperation with:


Technical Committee on Security and Privacy



Colocated events:
1st SysSec Workshop
dCTF 2011
Effectplus Trust and Security cluster Meeting

DIMVA 2010 Conference of SIG SIDAR
of the German Informatics Society (GI).
Proceedings available from Springer Verlag in the LNCS series Springer LNCS

Local organization by VU University Amsterdam.
For questions about the registration, website, and local organization, please send an email to
For questions about the conference program, please send an email to