< NordSec 2016
NordSec 2016
Oulu, Nov. 2nd - 4th 2016

NordSec 2016

The 21st Nordic Conference on Secure IT Systems will be held at the University of Oulu, in Oulu, Finland, between November 2nd and 4th, 2016.

NordSec addresses a broad range of topics within IT security with the aims of bringing together computer security researchers and encouraging interaction between academia and industry. It is co-located with the Tenth International Crisis Management Workshop (CriM'16) and Oulu Winter School.

NordSec 2016 proceedings are published and have been made available by Springer in their LNCS . Further, Nordsec is part of the Finnish Publication forum. We invite participants to present their ideas in poster sessions during lunches and coffee breaks.


The organizers would like to thank our sponsors for their support:


Wednesday, November 2nd

08:30- Registration opens
11:00-12:45 Lunch at Restaurant Kastari
12:45-13:00 NordSec 2016 welcome remarks
13:00-14:00 Invited Speaker: Intel's Software Guard Extensions technology demystified: cryptographic properties, trust assumptions, and memory encryption. Shay Gueron / University of Haifa, Israel, and Intel Corporation (Intel Development Center, Haifa, Israel).
14:00-14:30 Software Security I: A Survey on Internal Interfaces Used by Exploits and Implications on Interface Diversification. Sampsa Rauti, Samuel Lauren, Joni Uitto, Shohreh Hosseinzadeh, Jukka Ruohonen, Sami Hyrynsalmi, Ville Leppänen.
14:30-15:00 Software Security I: A Tale of the OpenSSL State Machine: a Large-scale Black-box Analysis. Joeri de Ruiter.
15:00-15:30 Break
15:30-16:00 System Security I: Event-Triggered Watermarking Control to handle Cyber-Physical Integrity Attacks. Jose Rubio-Hernan, Luca De Cicco, Joaquin Garcia-Alfaro.
16:00-16:30 System Security I: Detecting Process-Aware Attacks in Sequential Control Systems. Oualid Koucham, Stéphane Mocanu, Guillaume Hiet, Jean-Marc Thiriet, Frédéric Majorczyk.
16:30-17:00 System Security I: Understanding how Components of Organisations contribute to Attacks. Min Gu, Zaruhi Aslanyan, Christian W. Probst.

Thursday, November 3rd

09:00-10:00 Invited Speaker: Breaking Band: Reverse engineering and exploiting Samsung's baseband. Daniel Komaromy (Comsecuris).
10:00-10:30 Software Security II: Empirical Analysis on the Use of Dynamic Code Updates in Android and its Security Implications. Maqsood Ahmad, Bruno Crispo, Teklay Gebremichael.
10:30-11:00 Software Security II: Evaluation of Resource-based App Repackaging Detection in Android. Olga Gadyatskaya, Andra-Lidia Lezza, Yury Zhauniarovich.
11:00-11:30 Break
11:30-12:00 Cryptography: Speeding up R-LWE post-quantum key exchange. Shay Gueron, Fabian Schlieker.
12:00-12:30 Cryptography: Efficient Sparse Merkle Trees. Rasmus Dahlberg, Tobias Pulls, Roel Peeters.
12:30-13:00 Cryptography: Secure Multiparty Sorting Protocols with Covert Privacy. Peeter Laud, Martin Pettai.
13:00-14:30 Lunch at Restaurant Kastari
14:30-15:00 System Security II: Towards an Automated and Dynamic Risk Management Response System. Gustavo Gonzalez-Granadillo, Ender Alvarez, Alexander Motzek, Matteo Merialdo, Joaquin Garcia- Alfaro, Hervé Debar.
15:00-15:30 System Security II: A Stochastic Framework for Prediction of Malware Spreading in Heterogeneous Networks. Sandra König, Stefan Schauer, Stefan Rass.
15:30-16:00 Break
16:00-16:30 Network Security: Creating and Detecting IPv6 Transition Mechanism-Based Information Exfiltration Covert Channels. Bernhards Blumbergs, Mauno Pihelgas, Markus Kont, Olaf Maennel, Risto Vaarandi.
16:30-17:00 Network Security: ML: DDoS Damage Control with MPLS. Pierre-Edouard Fabre, Hervé Debar, Jouni Viinikka, Gregory Blanc.
19:00- Conference dinner at Ravintola Virta in Hotel Lasaretti (Kasarmintie 13b, FIN-90130 Oulu)

Friday, November 4th

09:30-10:30 Invited Speaker: Trusted Execution and IoT. Jan-Erik Ekberg (Trustonic).
10:30-11:00 Authentication: Passphone: Outsourcing Phone-based Web Authentication while Protecting User Privacy. Martin Potthast, Christian Forler, Eik List, Stefan Lucks.
11:00-11:30 Authentication: Secure, Usable and Privacy-Friendly User Authentication from Keystroke Dynamics. Kimmo Halunen, Visa Vallivaara.
11:30-11:35 Closing
11:35-13:00 Lunch at Restaurant Kastari

Important dates

Call for Papers

NordSec 2016 Call for Papers

The 21st Nordic Conference on Secure IT Systems[1] will be held in Oulu,
Finland, November 2-4, 2016. NordSec[2] addresses a broad range of topics
within  IT security with the aim of bringing together computer security
researchers and  encouraging interaction between academia and industry. We
invite participants to present their ideas in poster sessions during lunches
and coffee breaks.  NordSec 2016 is co-located with the 10th International
Crisis Management Workshop (CriM'16)[5] and Oulu Winter School.

## Scope

NordSec 2016 (http://nordsec.oulu.fi/) welcomes contributions within, but not limited to, the following areas:

* Access control and security models
* Applied cryptography
* Cloud security
* Commercial security policies and enforcement
* Cyber crime, warfare, and forensics
* Economic, legal, and social aspects of security
* Enterprise security
* Hardware and smart card security
* Mobile and embedded security
* Internet of Things and M2M security
* Internet, communication, and network security
* Intrusion detection
* Language-based techniques for security
* New ideas and paradigms in security
* Operating system security
* Privacy and anonymity
* Security education and training
* Security evaluation and measurement
* Security management and audit
* Security protocols
* Security usability
* Social engineering and phishing
* Software security and malware
* Trust and identity management
* Trusted computing
* Vulnerability testing

## Submitting

Contributions should reflect original research, developments, studies and
experience. Submitted papers should not exceed 16 pages (including
references and appendices) in Springer LNCS format. Submitted papers must
not substantially overlap with papers that have been published or that are
simultaneously submitted to a journal or a conference with proceedings.

All submitted papers will be judged based on their quality and relevance
through double-blind reviewing, where the identities of the authors are
withheld from the reviewers. As an author, you are required to make a good-
faith effort to preserve the anonymity of your submission, while at the same
time allowing the reader to fully grasp the context of related past work,
including your own. Minimally, please take the following steps when preparing
your submission:

* Remove the names and affiliations of authors from the title page.
* Remove acknowledgment of identifying names and funding sources.
* Use care in referring to related work, particularly your own. Do not omit
  references to provide anonymity, as this leaves the reviewer unable to grasp
  the context. Instead, reference your past work in the third person, just as
  you would any other piece of related work by another author.
* Papers must not exceed 16 pages.
* Submit the paper at

## Important dates

* 23 June 2016: Abstract submission deadline
* 01 July 2016: Paper submission deadline
* 08 July 2016: Paper submission deadline (EXTENDED)
* 15 August 2016: Notification
* 29 August 2016: Camera-ready paper deadline
* 10 October 2016: Early registration deadline
* 02-04 November 2016: NordSec 2016

## Organization

* General Chair: Juha Röning, University of Oulu (Finland)
* Program Chair: Billy Brumley, Tampere University of Technology (Finland)
* Conference Operations: Christian Wieser, University of Oulu (Finland)

Please send e-mail to nordsec2016 AT easychair DOT org if you have any questions.

### Program Committee

* Magnus Almgren, Chalmers University of Technology (Sweden)
* David Bernhard, University of Bristol (UK)
* Kimmo Halunen, VTT Technical Research Centre of Finland (Finland)
* Mads Dam, KTH Royal Institute of Technology (Sweden)
* Nicola Dragoni, Technical University of Denmark (Denmark), Örebro University (Sweden)
* Danilo Gligoroski, Norwegian University of Science and Technology (Norway)
* Eric Xu Guo, Qualcomm (USA)
* Xueyang Wang, Intel (USA)
* Chris Hankin, Imperial College London (UK)
* Rene Rydhof Hansen, Aalborg University (Denmark)
* Daniel Hedin, Mälardalen University (Sweden), Chalmers University of Technology (Sweden)
* Marko Helenius, Tampere University of Technology (Finland)
* Kimmo Järvinen, Aalto University (Finland)
* Frank Kargl, Ulm University (Germany)
* Svein Johan Knapskog, Norwegian University of Science and Technology (Norway), Knapskog Consulting (Norway)
* Hanno Langweg, Norwegian University of Science and Technology (Norway), HTWG Konstanz (Germany)
* Peeter Laud, Cybernetica AS (Estonia)
* Samuel Marchal, Aalto University (Finland)
* Fabio Martinelli, IIT-CNR (Italy)
* Chris Mitchell, Royal Holloway, University of London (UK)
* Hanne Riis Nielson, Technical University of Denmark (Denmark)
* Valtteri Niemi, University of Helsinki (Finland)
* Andrew Paverd, Aalto University (Finland)
* Kai Rannenberg, Goethe University Frankfurt (Germany)
* Heiko Roßnagel, Fraunhofer IAO (Germany)
* Ben Smeets, Lund University (Sweden)
* Seppo Virtanen, University of Turku (Finland)

## Links

[1]: http://nordsec.oulu.fi/
[2]: http://www.cse.chalmers.se/research/group/security/nordsec/contents.html
[3]: http://dblp.uni-trier.de/db/conf/nordsec/index.html
[4]: https://easychair.org/conferences/?conf=nordsec2016
[5]: https://www.ee.oulu.fi/research/ouspg/CrIM16



Has closed.

Conference Venue

The conference will take place at the Oulu universities Ympäristötietotalo, room IT115. Signs will guide you to the conference room.

Travel arrangements


Oulu can be reached easily via long distance bus connections (Onnibus, Matkahuolto), train or plane (Finnair, Norwegian).

Within Oulu:


Oulu has many accomodation options, ranging from cottages to luxuary hotels.


Juha Röning

Juha Röning


Billy Brumley

Billy Brumley


Christian Wieser

Christian Wieser

Confenrence Ops