ICT Systems Security and Privacy Protection 35th IFIP TC 11 International Conference, SEC 2020, Maribor, Slovenia, September 21–23, 2020, Proceedings

This book constitutes the refereed proceedings of the 35th IFIP TC 11 International Conference on Information Security and Privacy Protection, SEC 2020, held in Maribor, Slovenia, in September 2020. The conference was held virtually due to the COVID-19 pandemic.

The 29 full papers presented were carefully reviewed and selected from 149 submissions. The papers present novel research on theoretical and practical aspects of security and privacy protection in ICT systems. They are organized in topical sections on channel attacks; connection security; human aspects of security and privacy; detecting malware and software weaknesses; system security; network security and privacy; access control and authentication; crypto currencies; privacy and security management; and machine learning and security.

Channel Attacks.- Leaky Controller: Cross-VM Memory Controller Covert Channel on Multi-Core Systems.- Evaluation of Statistical Tests for Detecting Storage-Based Covert Channels.- IE-Cache: Counteracting Eviction-Based Cache Side-Channel Attacks through Indirect Eviction.- Connection Security.- Refined detection of SSH brute-force attackers using machine learning.- MultiTLS: Secure communication channel with cipher suite diversity.- Improving Big Data Clustering for Jamming Detection in Smart Mobility.- Human Aspects of Security and Privacy.- Assisting users to create stronger passwords using Context Based Micro Training.- Facilitating Privacy Attitudes & Behaviors with Affective Visual Design.- Privacy CURE: Consent Comprehension Made Easy.- Detecting Malware and Software Weaknesses.- JavaScript malware detection using locality sensitive hashing.- RouAlign: Cross-Version Function Alignment and Routine Recovery with Graphlet Edge Embedding.- Code betweenthe Lines: Semantic Analysis of Android Applications.- System Security.- IMShell-Dec:Pay More Attention to External Links in PowerShell.- Secure Attestation of Virtualized Environments.- Network Security and Privacy.- Security and Performance Implications of BGP Rerouting-resistant Guard Selection Algorithms for Tor.- Actively Probing Routes for Tor AS-level Adversaries with RIPE Atlas.- zeek-osquery: Host-Network Correlations for Advanced Monitoring and Intrusion Detection.- Access Control and Authentication.- Revisiting Security Vulnerabilities in Commercial Password Managers.- Evaluation of Risk-based Re-Authentication Methods.- Fuzzy Vault for Behavioral Authentication System.- Crypto Currencies.- Improvements of the Balance Discovery Attack on Lightning Network Payment Channels.- CCBRSN: A System with High Embedding Capacity for Covert Communication in Bitcoin.- Privacy-friendly Monero transaction signing on a hardware wallet.- Privacy and Security Management.- A Matter of Life and Death: Analyzing the Security of Healthcare Networks.- Establishing a Strong Baseline for Privacy Policy Classification.- Cross-Platform File System Activity Monitoring and Forensics – A Semantic Approach.- Machine Learning and Security.- Correlations-Preserving Fingerprinting Technique for Categorical Data in Relational Databases.- FDFtNet: Facing Off Fake Images using Fake Detection Fine-tuning Network.- Escaping Backdoor Attack Detection of Deep Learning.