The Security Track at the ACM Symposium on Applied Computing
Statistics and General Information about SAC 2004
Statistics and General Information about the Security Track @ SAC 2004.

The Track's turnout exceeded our positive expectations. The number of submissions increased of 43% with respect to last year's, reaching 40. Originating from over 20 different countries, all submissions turned out to be high-quality. They were included in the blind review process that involved 31 reviewers (composed of PC members and their delegates) from 25 institutions. The reviewers did an outstanding job and the whole process generated more than 130 reviews - each paper was reviewed by at least 3 reviewers. Based on the reviewers' reports, the general ACM SAC guidelines for acceptance and rejection of submissions, and the unavoidable time and space constraints associated with any conference, it was possible to select only 12 of these submissions for publication, an acceptance rate of 30%. In the process, a number of good and interesting papers inevitably had to be rejected.

The 2004 Security Track is divided into 3 sessions chaired by Giampaolo Bella, Peter Ryan, and Guenter Karjoth. The papers were roughly grouped based upon their subject.

Session 1 - Policies and Protocols - is chaired by Bella.
Backes et al. introduce a practical algorithm for comparing privacy policies, such as those originating through refinements. Bistarelli et al. use soft constraint programming to detect whether there exist circuitous or cascading routes increasing the risk of violation of  multilevel security. Nenadic et al. design a novel protocol for certified e-mail delivery with strong fairness. Egidi and Porcelli advance a protocol for anonymous e-email delivery while making reference to the legal directives of the European Community.

Session 2 - Intrusion Detection and Management - is chaired by Ryan.
Wang uses a theoretic approach to solve the applied problem of tracing intruders through intermediate stepping stones. Savaresi and Zanero detect intruders by a two-tier architecture that allows the application of data mining techniques on raw network data. Ben Amor et al. provide experimental evidence that naive Bayes networks are a helpful tool for intrusion detection despite their simplicity. Belsis and Gritzalis advance a system that can handle information coming from detected security incidents.

Session 3 - Smart Cards, Watermarking and DoS - is chaired by Karjoth.
Waldmann et al. propose a cryptographic checksum to protect the biometric information sent to a card for on-card matching. Barbuti and Cataudella present an algorithm that can verify a subset of Java bytecode in low-memory environments, such as Java Cards. Sahoo and Collberg implement and analyse an existing software watermarking algorithm, addressing in particular the issues that arise when targeting Java bytecode. Siaterlis and Maglaris describe a prototype of a DoS detection engine based on a data fusion paradigm and theory of evidence.