The 3rd European Conference on Computer Network Defense took place in September 2007 at Aldemar Hotel, in Heraklion, Crete, Greece in cooperation with the European Network and Information Security Agency (ENISA). The theme of the conference was the protection of computer networks. The conference drew participants from academia and industry in Europe and beyond to discuss hot topics in applied network and systems security. The conference was a great success, with 6 refereed papers and 6 invited presentations on topics ranging from high assurance networks of virtual machines to signaling vulnerabilities in wiretapping systems. This book contains the refereed as well as refereed papers. We are greatful to the authors and presenters for their contributions, as well as the participants of EC2N’07 for making the conference a success. We are looking forward to a successful EC2ND event in 2008. K. G. Anagnostakis, S. Ioannidis, V. Siris Contents 1 Tales from the Crypt: Fingerprinting Attacks on Encrypted Channels by Way of Retainting ........................................1 Michael Valkering, Asia Slowinska, and Herbert Bos 1 Introduction ......................................................................................... 1 2 Architecture ......................................................................................... 3 2.1 Tracking Issues .............................................................................. 4 2.2 Retainting ...................................................................................... 6 2.2.1 Determining the Tag ............................................................. 6 2.2.2 Identifying the SSL Conversation ........................................ 8 2.3 Interposition Details...................................................................... 9 3 Signature Generation ........................................................................... 9 3.1 Pattern-Based Signatures ............................................................. 10 3.2 Signatures for Polymorphic Buffer Overflows ............................ 13 4 Filters ................................................................................................. 14 5 Results ............................................................................................... 15 6 Related Work ..................................................................................... 17 7 Conclusions ....................................................................................... 18 References ............................................................................................ 18 2 Towards High Assurance Networks of Virtual Machines...............21