in conjunction with the 18th ACM Conference on Computer and Communications Security (CCS)
October 17-21 2011, SWISSÔTEL Chicago, Chicago, IL

Mobile devices such as smartphones and Internet tablets have achieved computing and networking capabilities comparable to traditional personal computers. Their successful consumerization has also become source of pain for adopting users and organizations. For example, the wide-spread presence of information-stealing applications raises substantial security and privacy concerns. The operating systems supporting these new devices have both advantages and disadvantages with respect to offered security. On one hand, they use application sandboxing to contain exploits and limit privileges given to malware. On the other hand, they collect and organize many forms of security and privacy sensitive information simply as a matter of operation, and make that information easily accessible to downloaded third-party applications.

Recognizing smartphone security and privacy as the emerging area, this workshop intends to provide a venue for interested researchers and practitioners to get together and exchange ideas, thus to deepen our understanding to various security and privacy issues on smartphones, specifically the platforms such as iOS and Android. Topics of interests include (but are not limited to) the following subject categories:

  • Threat models and attack scenarios
  • Rogue mobile application detection and recovery
  • Security solutions for applications, marketplaces and users
  • Smartphone-centric regulatory compliance issues and mechanisms
  • Mobile application sandboxing and virtualization
  • Secure identity management
  • Hardware-engineered security solutions
  • Unlocking, jailbreaking and threat from rootkits
  • Leveraging Internet connectivity for Cloudsourcing security
  • Security enforcement via data service provider
  • Mutual threats between smartphones and social networks

We also would like to especially encourage novel paradigms and controversial ideas that are not on the above list. The workshop is to act as a venue for creative debate and interaction in security- and privacy-sensitive areas of computing and communication impacted by smartphones.

Important Dates

Manuscript submission: July 2, 2011 23:59 UTC-11, July 6, 2011 (extended!)
Acceptance notification: August 6, 2011
Final Manuscript due: August 21, 2011. (Note: this is required from Sheridan Printing!)
Workshop Date: October 17, 2011


Authors are invited to submit either Full Research Papers (of up to 12 pages) or Position Papers (of up to 6 pages). Full Research Papers that present relatively complete and mature research results on security and privacy in smartphones and mobile devices are solicited. Position Papers that define new problems in security and privacy related to smartphones and mobile devices or provide inspiring visions are also solicited. Full Research Papers and Position Papers will be reviewed separately.

Submissions must be in double-column ACM format with a font no smaller than 10 point. Only PDF files will be accepted. Submissions need to be numbered and should not substantially overlap with papers that have been published or that are simultaneously submitted to a journal or a conference with proceedings. All authors and their affiliations must be listed. Each accepted paper must be presented by one registered author. Submissions not meeting these guidelines risk rejection without consideration of their merits. Accepted papers will be published by the ACM Press and/or the ACM Digital Library.

The submission website is right here.

Technical Program

7:30 - 8:30 Breakfast
8:30 - 8:50 Opening Remarks: William Enck (North Carolina State University)
8:50 - 10:00 Keynote, Gustavo de los Reyes, Executive Director of Technology Security, AT&T
  Title: The Network as a Mobility Security Platform
The abstract and speaker's short bio is available here.
10:00 - 10:30 Morning Break
10:30 - 12:00 Technical Session I: Malware (15 minute back-to-back talks, 45 minutes discussion )
Session Chair: Patrick Traynor (Georgia Institute of Technology)
A Survey of Mobile Malware In The Wild
Adrienne Felt, Matthew Finifter, Erika Chin, Steve Hanna and David Wagner (University of California, Berkeley)
Crowdroid: Behavior-Based Malware Detection System for Android
Iker Burguera and Urko Zurutuza (Modragon University); Simin Nadjm-Tehrani (Linkoping University)
Short Paper: Location Based Power Analysis to Detect Malicious Code in Smartphones
Bryan Dixon, Yifei Jiang, Abhishek Jaiantilal and Shivakant Mishra (University of Colorado)
12:00 - 1:30 Lunch
1:30 - 3:30 Technical Session II: Isolating Applications (15 minute back-to-back talks, 45 minutes discussion)
Session Chair: Jean-Pierre Seifert (T-Labs/TU Berlin)
Short Paper: Delivering Secure Applications on Commercial Mobile Devices: The Case for Bare Metal Hypervisors
Kevin Gudeth, Matthew Pirretti, Katrin Hoeper and Ron Buskey (Motorola Solutions, Inc.)
L4Android: A Generic Operating System Framework for Secure Smartphones
Matthias Lange and Steffen Liebergeld (Technische Universitat and Deutsche Telekom Laboratories); Adam Lackorzynski and Alexander Warg (Technische Universitat Dresden); Michael Peter (Technische Universitat and Deutsche Telekom Laboratories)
Practical and Lightweight Domain Isolation on Android
Sven Bugiel and Lucas Davi (Technische Universitat Darmstadt); Alexandra Dmitrienko, Stephan Heuser, Ahmad-Reza Sadeghi and Bhargava Shastry (Fraunhofer SIT)
3:00 - 3:30 Afternoon Break
3:30 - 5:00 Technical Session III: Potpourri (15 minute talks with 15 minutes of discussion each)
Session Chair: Jaeyeon Jung (Microsoft Research)
Short Paper: A Look at SmartPhone Permission Models
Kathy Au, Billy Zhou, Zhen Huang, Phillipa Gill and David Lie (University of Toronto)
Short Paper: Can Your Phone Trust Your Friend Selection?
Sebastian Trapp, Matthias Waehlisch and Jochen Schiller (Freie Universitat Berlin)
Securing Electronic Medical Records Using Attribute-Based Encryption On Mobile Devices
Joseph A. Akinyele, Matthew W. Pagano, Matthew D. Green, Christoph U. Lehmann, Zachary N. J. Peterson and Aviel D. Rubin (Johns Hopkins University)
5:00 - 5:40 Panel: Security implications of Android: a "closed system, open software" Mobile Platform (abstract)
Panel Moderator: Hassen Saidi, SRI International
Panelists: Tim Wyatt (Lookout), Ahmad-Reza Sadeghi (TU Darmstadt), David Lie (University of Toronto), David Barrera (Carleton University), Nathaniel Husted (Indiana University), Jean-Pierre Seifer (Deutsche Telekom Laboratories)
5:40 - 5:45 Closing Remarks

Organizing Committees

Workshop Organizational Chair

Xuxian Jiang, North Carolina State University

Program Co-chairs

Amiya Bhattacharya, Arizona State University
Partha Dasgupta, Arizona State University
William Enck, North Carolina State University

Technical Program Committee

Landon Cox, Duke University
Songqing Chen, George Mason University
Prashant Dewan, Intel
Vinod Ganapathy, Rutgers University
Jon Giffin, Georgia Institute of Technology
Jaeyeon Jung, Microsoft Research
Zhenkai Liang, National University of Singapore
Giri Mandyam, Qualcomm
Patrick McDaniel, Pennsylvania State University
Sourav Pal, Microsoft
Paul Van Oorschot, Carleton University
Jean-Pierre Seifert, T-Labs/TU Berlin
Patrick Traynor, Georgia Institute of Technology
Matthew Wright, UT Arlington
Wei Wu, Research in Motion
Glenn Wurster, Research in Motion