PROGRAM GUIDE

MIST 2014 6th International Workshop on Managing Insider Security Threats

November 21(Friday) - 22(Saturday), 2014 Konkuk University, Seoul, South Korea Table of Contents

Welcome Message from the MIST 2014 General Chairs 2 MIST 2014 Organization 3 Welcome Message from CSD 2014 Chairs 4 CSD 2014 Organization 5 Invited Talk 6 Program Overview 7 MIST 2014 Program 8 Workshop Venue 12

Co-Organized By Innovative Information Science & Technology Research Group Chosun University BK21+ SIFCT Big Data Research Institute of Konkuk University

In Cooperation With Green-IT Convergence Security Group of KIISC Korean Institute of Smart Media

- 1 - Welcome Message from MIST 2014 General Chairs

Welcome to the 6th International Workshop on Managing Insider Security Threats (MIST 2014), which is held on Novmeber 21(Friday) - 22(Saturday), 2014 at Konkuk University, Seoul, Republic of Korea.

Recently, there has been a considerable increase of information leaks caused by malicious but authorized insiders. Compared to the attacks by outsiders, such information leaks can result in more critical damages, thus becoming one of the most important security threats to governments, companies, institutes and so forth. Motivated by this, the MIST workshop has annually taken place since 2009 with the aim of showcasing the most recent challenges and advances in defending against insider security threats and information leakages as follows: Ÿ 1st MIST (in conjunction with IFIPTM 2009) June 16, 2009, Purdue University, West Lafayette, USA Ÿ 2nd MIST (in conjunction with IFIPTM 2010) June 15, 2010, Morioka, Iwate, Japan Ÿ 3rd MIST (in conjunction with InCos 2011) December 1-2, 2011, Fukuoka Institute of Technology, Fukuoka, Japan Ÿ 4th MIST November 8-9, 2012, Nishijin Plaza, Kyushu University, Fukuoka, Japan Ÿ 5th MIST October 24-25, 2013, Pukyong National University, Busan, Rep. of Korea

This year, MIST 2014 had received high quality submissions from all over the world. Among them, total 31 papers were accepted for presentation after a rigorous peer-review process where each submission is reviewed by at least two TPC members. Moreover, MIST 2014 is powered by the invited talk "Characterizing the Insider Problem" by Prof. Matt Bishop (UC Davis, USA) who is the leading researcher in this field as well as a special session on Cyber Security and Defense (CSD'14) organized by Green-IT Convergence Security Group of KIISC. We believe that MIST 2014 plays the meaningful role of a trigger for further related research and technology improvements in this important subject.

Finally, we would like to extend our sincere thanks not only to all authors for their countless contributions, but also to the technical program committee members for their hard and excellent work.

MIST 2014 General Chairs: Dr. Ilsun YOU and Dr. Young-guk HA

- 2 - MIST 2014 Organization

General Chairs Ilsun You (Korean Bible University, South Korea) Young-guk Ha (Konkuk University, South Korea)

Advisory Committee Kouichi Sakurai (Chair, Kyushu University, Japan) Pankoo Kim (Chair, Chosun University, South Korea) Kyung Hyun Rhee (Pukyung National University, South Korea) Kangbin Yim (Soonchunhyang University, South Korea)

Program Committee Members Benjamin Aziz (University of Portsmouth, UK) Pandu Rangan Chandrasekaran (IIT Madras, India) Xiaofeng Chen (Xidian University, China) Junho Choi (Chosun University, South Korea) William R. Claycomb (Carnegie Mellon University, USA) Ugo Fiore (Seconda Universita' di Napoli, Italy) Steven Furnell (Plymouth University, UK) Shuyuan Mary Ho (Florida State University, USA) Xinyi Huang (Fujian Normal University, China) Alex D. Kent (Los Alamos National Laboratory, USA) Igor Kotenko (SPIRAS, Russia) Philip Legg (Oxford University, UK) Fang-Yie Leu (Tunghai University, Taiwan) Kazuhiro Minami (Institute of Statistical Mathematics, Japan) Marek Ogiela (AGH University, Poland) Francesco Palmieri (Seconda Universita' di Napoli, Italy) Günther Pernul (University of Regensburg, Germany) Christian W. Probst (Technical University of Denmark, Denmark) Malek Ben Salem (Accenture Technology Labs, USA) Dongwan Shin (New Mexico Tech., USA) Juhyun​ Shin (Chosun University, South Korea) Sean W. Smith (Dartmouth College, USA) Shambhu Upadhyaya (SUNY Buffalo, USA) Danfeng (Daphne) Yao (Virginia Tech, USA)

- 3 - Welcome Message from CSD 2014 Chairs

On behalf of the Organizing Committee, we are honored and delighted to welcome you to the 1st Special Session on Cyber Security and Defense (CSD 2014), which is held in conjunction with the 6th International Workshop on Managing Insider Security Threats (MIST) at Konkuk University, Seoul, Korea, from November 21 to 22, 2014. This special session was organized by the Green-IT Convergence Security Group of the KIISC (Korea Institute of Information Security and Cryptology).

As the cyberspace has been an essential part of our daily lives, cyber security is no longer a term to ignore for all levels of society. The number of cyber attacks, however, has increased dramatically over the last years and even terrorist groups, stateless organizations, and rogue individuals can launch a cyber attack from anywhere, at any time even with a few strokes on a keyboard or touchscreen. We cannot hide the fact that every day we are being attacked by unknown adversaries, quite constantly. Therefore, an enormous effort into cyber security research is needed to protect our cyberspace from those threats.

The aim of CSD 2014 is to provide the most recent challenges and advances of technologies in cyber security and defense. In addition, this session intends to bring together the academic and industry working on different aspects, exchange ideas, and explore new research directions for addressing the challenges in cyber security and defense.

Finally, we hope that you will find MIST CSD 2014 to be a stimulating and scientifically enriching experience in Korea.

Hyobeom Ahn and Taekyoung Kwon

Special Session Chairs of MIST CSD 2014

- 4 - CSD 2014 Organization

Special Session Chairs Hyobeom Ahn (Kongju National University, South Korea) Taekyoung Kwon (Yeonsei University, South Korea)

Program Committee Members Jin Kwak (Soonchunhyang University, South Korea) Jongsung Kim (Kookmin University, South Korea) Changhoon Lee (SeoulTech, South Korea) Kyungho Lee (Korea University, South Korea) Taeshik Shon (Ajou University, South Korea) Kyungho Son (Korea Internet and Security Agency, South Korea) Jeong Hyun Yi (Soongsil University, South Korea) Eul Gyu Im (Hanyang University, South Korea) Mun-Kyu Lee (Inha University, South Korea) Huy-kang kim(Korea University, South Korea) Ji-Won Yoon (Korea University, South Korea) Nam-Jae Park (Jeju National University, South Korea)

- 5 - Invited Talk Characterizing the Insider Problem

－ Abstract: The insider problem is considered one of the most serious in computer security. But the precise definition of "insider" varies, sometimes wildly, among researchers. The result is that the problem, in its most broadest sense, is ill-defined. This talk attempts to bring rigor to the definition by examining several different aspects of the different definitions and situations broadly classified as "insiders". We examine various prevention, detection, and recovery mechanisms, placing them in the context of our analysis. We conclude by discussing the use of process modeling to identify potential insider threats.

－ Speaker: Dr. Matt Bishop (Professor, UC Davis, USA)

Matt Bishop received his Ph.D. in computer science from Purdue University, where he specialized in computer security, in 1984. He was a research scientist at the Research Institute of Advanced Computer Science and was on the faculty at Dartmouth College before joining the Department of Computer Science at the University of California at Davis. His main research area is the analysis of vulnerabilities in computer systems, including modeling them, building tools to detect vulnerabilities, and ameliorating or eliminating them. This includes detecting and handling all types of malicious logic. He is active in the areas of network security, the study of denial of service attacks and defenses, policy modeling, software assurance testing, and formal modeling of access controls. Currently, he is studying the nature of insider threats as technical problems and how to harden processes to inhibit such attacks. He also works in electronic and Internet voting, and was one of the two principle investigators of the California Top-to-Bottom Review, which performed a technical review of all electronic voting systems certified in the State of California. He is active in information assurance education. His textbook, Computer Security: Art and Science, was published in December 2002 by Addison-Wesley Professional. He also teaches software engineering, machine architecture, operating systems, programming, and (of course) computer security.

- 6 - Program Overview

November 21 (Friday) November 22 (Saturday)

Time Time Room 425 (4F) Room 425 (4F) Sanghuh Hall Sanghuh Hall

08:40 ~ 18:30 Registration 08:40 ~ 18:00 Registration

09:00 ~ 10:30 MIST1: 4 presentations 09:00 ~ 10:30 MIST4: 4 presentations

10:30 ~ 11:00 Coffee Break 10:30 ~ 11:00 Coffee Break

11:00 ~ 12:30 MIST2: 4 presentations 11:00 ~ 12:30 MIST5: 4 presentations

Lunch Lunch 12:30 ~ 14:00 - VIP Restaurant (B2), 12:30 ~ 14:00 - VIP Restaurant (B2), New Millennium Hall New Millennium Hall

14:00 ~ 15:00 MIST3: Invited Talk 14:00 ~ 15:30 MIST6: 4 presentations

15:00 ~ 15:30 Coffee Break 15:30 ~ 16:00 Coffee Break

15:30 ~ 16:45 CSD1: 3 presentations 16:00 ~ 18:00 MIST7: 5 presentations

16:45 ~ 17:15 Coffee Break

17:15 ~ 18:30 CSD2: 3 presentations

Banquet 19:00 ~ - VIP Restaurant (B2), New Millennium Hall

- 7 - MIST 2014 Program

November 21 Friday, 2014 Room 425 (4F), Sanghuh Hall

08:40-18:30 Registration Desk Open

09:00-10:30 MIST1 - Managing Insider Threats Session Chair: Dr. Ilsun You (Korean Bible Univ., South Korea)

－ Visual Analytics of E-mail Sociolinguistics for User Behavioural Analysis P.A. Legg, O. Buckley, M. Goldsmith and S. Creese University of Oxford, UK － Detection of Employees' Carelessness Leading to Insider Threats through Analyzing Email RDF Data S.-M. Kim, Y.-S. Son, and Y.-G. Ha Konkuk University, South Korea － Investigating the Threat of Insiders to File Sharing R. Alsowail University of Sussex, Falmer, Brighton, U.K. － Towards a User and Role-based Sequential Behavioural Analysis Tool for Insider Threat Detection I. Agrafiotis, P.A. Legg, M. Goldsmith, and S. Creese University of Oxford, UK

10:30-11:00 Coffee Break

11:00-12:30 MIST2 - Information Leakage Prevention Session Chair: Dr. Kangbin Yim (Soonchunhyang University, South Korea)

－ A Study of Compensation in Personal Identifiable Information Leakage T. Ishikawa and K. Sakurai1 1Kyushu University, Japan － A Design of Access Control Model for Information Leak Detection based on Inference in Smart Device J. Choi1, C. Choi1, H. M. Lynn1, B. Ko1, I. You2, and P. Kim1 1Chosun University, and 2Korean Bible University, South Korea － Power Analysis Attacks on the Right-to-Left Square-Always Exponentiation Algorithm J. Ha1, Y. Choi2, D. Choi2, and H. Lee3 1Hoseo University, 2ETRI, South Korea, and 3Dongseo University, South Korea － Integrated Data Model Development Framework for the Architecture Descriptions M. Sohn1, S. Kang1, and H. J. Lee2 1Sungkyunkwan University, and 2Yonsei Institute of Convergence Technology, South Korea

- 8 - 12:30-14:00 Lunch Break VIP Restaurant (B2), New Millennium Hall

14:00-15:00 MIST3 - Invited Talk Session Chair: Dr. Philip Legg (Oxford University, UK)

－ Characterizing the Insider Problem Dr. Matt Bishop (Professor, UC Davis, USA)

15:00~15:30 Coffee Break

15:30-16:45 CSD1 Session Chair: Prof. Hyobeom Ahn (Kongju National Univ., South Korea)

－ A Method for Hiding Link Layer Addresses Using Bloom Filter in Wireless Sensor Networks S. Park1, J. Bang2, M. Ahn3, W. Lee3, and T. Kwon2 1Sejong University, 2Yonsei University, 3Agency for Defense Development, South Korea － A Study on Scenario-based Personnel Risk Analysis I. Cho, J. Lee, and K. Lee Korea University, South Korea － Malware Similarity Analysis using API Sequence Alignments I. K. Cho1, T. Kim1, Y. J. Shim1, H. Park2, B. Choi2, and E. G. Im1 1Hanyang University, and 2Korea Internet & Security Agency, South Korea

16:45-17:15 Coffee Break

17:15-18:30 CSD2 Session Chair: Prof. Taekyoung Kwon (Yonsei Univ., South Korea)

－ Multiple Device Login Attacks and Countermeasures of Mobile VoIP Apps on Android S. W. Park and J. H. Yi Soongsil University, South Korea － Advanced Unknown Malicious Code Detection Model H. Kim, J. Lee, H. Yoon, and K. Lee Korea University, South Korea － Open Source Software Detection using Function-level Static Software Birthmark D. Kim1, S. Cho1, S. Han2, M. Park2, and I. You3 1Dankook University, 2Konkuk University, and 3Korean Bible University, South Korea

19:00- MIST 2014 Banquet VIP Restaurant (B2), New Millennium Hall

- 9 - November 22 Saturday, 2014 Room 425 (4F), Sanghuh Hall

08:40-18:00 Registration Desk Open

09:00-10:30 MIST4 - Network Security against Insider Threats Session Chair: Dr. Tianhan Gao (Northeastern University, China)

－ A Grid System Detecting Internal Malicious Behaviors at System Call Level F.-Y. Leu and Y.-T. Hsiao Tunghai University, Taiwan － A Grid-based Approach to Location-Dependent Key Management in Wireless Sensor Networks J. Choi1, J. Bang1, M. Ahn2, L. Kim2, and T. Kwon1 1Yonsei University, and 2Agency for Defense Development, South Korea － A Cooperative Trust Bit-Map Routing Protocol Using the GA Algorithm for Reducing the Damages from the InTs in WANETs H.-C. Chen1,2 and H.-K. Su3 1Asia University, 2China Medical University, 3National Formosa University, Taiwan － A Privacy Preserving V2I Service Access Management System for Vehicular Clouds Y. Park1, C. Sur2, and K.-H. Rhee1 1Pukyong National University, and 2Busan University of Foreign Studies, South Korea

10:30-11:00 Coffee Break

11:00-12:30 MIST5 - Related Technologies 1 Session Chair: Prof. Fang-Yie Leu (Thunghai University, Taiwan)

－ The Trusted Two-dimensional Code System Based on Certificate-based Signature scheme T. Gao, L. Feng, Y. Zhao, S. Qin, and Q. Wang, Northeastern University, China － An Efficient Handover Authentication Scheme Based on HMAC for Proxy Mobile IPv6 Network T. Gao1, L. Tan1, P. Qiao1, and K. Yim2 1Northeastern University, China 2Soonchunhyang University, South Korea － Query Recommending Scheme : Implementations and Evaluation H.-m. Lee, T. Lee, K. H. Rhee, and S. U. Shin Pukyong National University, South Korea － Secure Virtual Keypad for Smartphones against Shoulder Surfing Attacks D. Choi1, C. Baek1, J. Shen2, and I. Chung1 1Chosun University, South Korea, 2Nanjing University of I.S.T, China

- 10 - 12:30-14:00 Lunch Break VIP Restaurant (B2), New Millennium Hall

14:00-15:30 MIST6 - Cognitive Informatics for Security Session Chair: Prof. Marek R. Ogiela (AGH Univ. of Science and Technology, Poland)

－ Face Recognition Performance Comparison of Fake Faces with Real Faces in Relation to Lighting M.-Y. Cho and Y.-S. Jeong Electronics and Telecommunications Research Institute, South Korea － Protecting The Networks from Objectionable Contents C.-Y. Kim1, O.-J. Kwon1, S. Choi1, and Y.-H. Lee2 1Sejong University, and 2Far East University, South Korea － User Authorization Method based on Face Recognition for Auto Network Access in Home Network System H.-M. Moon, J. Shin, J. Shin, and S. B. Pan Chosun University, South Korea － Robust Method for Hiding Binary Image into JPEG HDR Base Layer Image against Common Image Processing M.-H. Lee1, O.-J. Kwon1, and Y.-H. Lee2 1Sejong University, and 2Far East University, South Korea

15:30-16:00 Coffee Break

16:00-18:00 MIST7 - Related Technologies 2 Session Chair: Dr. Kangbin Yim (Soonchunhyang Univ., Republic of Korea)

－ Security Threats in Electronic Currency Exchange Protocols M. R. Ogiela and P. Sułkowski AGH University of Science and Technology, Poland － Non-memorizing evolutionary authentication algorithm using the preference symbols for secondary authentication K. Rim Chosun University, Kwangju, Korea － Secure Distribution Protocol for Restoring Information with Different Accesing Grants L. Ogiela, M. R. Ogiela, and U. Ogiela AGH University of Science and Technology, Poland － Harvesting Entropy from On-board Sensors of Constrained Devices for Hardening Security of IoT Communication Mechanisms M. P. Pawlowski1, A. J. Jara1, and M. J. Ogorzalek2 1Institute of Information Systems University of Applied Sciences Western Switzerland (HES-SO), Switzerland 2Jagiellonian University Krakow, Poland － A Traffic Mitigation Method for DDoS Defense in Large Autonomous System H.-S. Kang and S.-R. Kim Konkuk University, South Korea

- 11 - ■ Workshop Venue – Konkuk University, Seoul, South Korea

Konkuk University's main campus is located in the south-eastern part of Seoul near the Han River. The university is easily accessible from downtown Seoul.

From Incheon International Airport

(1) Airport Limousine The best way to reach Konkuk University from Incheon International Airport is by airport limousine bus. Information regarding buses and limousines can be found at the passenger terminal. Look for Bus #6013. The first bus departs at 06:25 a.m. and the last bus at 22:55 p.m. You can buy a ticket at a booth right outside the airport arrival gate. It will cost you ￦10,000; you must pay in cash. The bus is available every 40 minutes. The ride is about 90 minutes long, depending on the traffic. Get off at the bus stop named "Konkuk University (Konkuk Dae Hak Gyo in Korean)." (See photo below.) You can easily see the campus from there.

(2) Taxis If you decide to take a regular taxi, it will cost you about \70,000 from the airport. Avoid a black taxi (deluxe taxi) as it costs more than a regular one. It may be a good idea to bring a copy of the Konkuk University Seoul campus map, show it to the driver and say, "Konkuk Dae Hak Gyo Ga-Ju She-Yo" in Korean. You are advised to pay close attention to the fare meter, though.

(3) Subway You can also reach Konkuk University by subway from the airport. There is a new subway line from Incheon International Airport to Seoul Station. For more information, please visit http://english.arex.or.kr/jsp/eng/index.jsp. From Seoul Station, you can come to Konkuk University Station. (Exit 2, Subway Line 2.)

- 12 - From Somewhere in Seoul

(1) Subway Please use Subway Line 2 (Green) and get off at Konkuk University Station (Kondae Ip Gu Yuck). Go out Exit 2, cross the first intersection straight until you see Konkuk University Hospital (Konkuk Dae Byungwon) on the left side. From there, you cannot miss the campus.

You can also use Subway Line 7 (Dark Green) and get off at Konkuk University Station (Kondae Ip Gu Yuck). Go out Exit 3 and follow the Konkuk University Hospital sign until you reach the escalators leading to the basement of the hospital. At the hospital, take the escalators leading to the 1st floor of the hospital. From there, you cannot miss the Konkuk campus.

While using Subway Line 7 (Dark Green), you can also get off at Children’s Grand Park Station (Uhrini Dae Gong Won Yuck). Go out Exit 3, walk straight until you see a Konkuk University sign. From there, you cannot miss the Konkuk Gate.

(2) Taxis Anywhere in Seoul, you can take a taxi to reach Konkuk. Show the driver the university campus map and say “Konkuk Dae Hak Gyo Ga-Ju She-Yo (Please go to Konkuk University.).” You can use regular taxis, deluxe taxis, call taxis or international taxis.

- 13 - (3) Buses Some buses stop near the Konkuk campus, and a rough list of their numbers is as follows. See if you can catch any of them in your neighborhood. Please note that their color varies. 2016 146 240 302 721 4212 2222 2224 3216 3217 3220 6013

Campus Map (URL: http://www.konkuk.ac.kr/eng/jsp/About/about_060200.jsp)

(1) Workshop Room: Room 425 (4F), Sanghuh Hall [no. 20 at the below map] (2) Lunch Restaurant (for two days) & Banquet Restaurant: VIP Restaurant (B2), New Millennium Hall [no. 24 at the below map]

* no. 20: Sanghuh Hall (workshop room) no. 24: New Millennium Hall (workshp) no. 7: Konkuk Hospital (near the Konkuk subway station - line 2 & 7) no. 46: Star City Mall no. 47: Airport Limousine Bus Stop (Arrival at Konkuk) no. 48: Airport Limousine Bus Stop (Departure for Incheon International Airport) no. 49: Lotte Department Store

For more details, please refer to http://www.konkuk.ac.kr/eng/jsp/About/about_060200.jsp

- 14 -