Annual Computer Security Applications Conference 2011 Technical Track Papers

Full Program

Monday, 5 December 2011
7:30-8:30
Breakfast (Cloister)
8:30-12:00
WindsorSussexCaptain/YeomanSenate/Gallery
M1: Keeping Your Web Apps Secure: The OWASP Top 10 & BeyondRobert H'obbes' Zakon, Zakon Group LLC M3: Code Transformation Techniques for Software ProtectionChristian Collberg, University of Arizona
Jasvir Nagra, Google Inc.
Layered Assurance Workshop (LAW)Rance J. DeLong, LynuxWorks, Santa Clara University TF1: Tracer Fire: Hands on Computer Forensics in Depth - Part 1Sandia National Laboratory
12:00-13:30
Lunch (Cloister)
13:30-17:00
WindsorSussexCaptain/YeomanSenate/Gallery
M2: State of the Practice: Botnets and Related MalwareSven Dietrich
Stevens Inst. of Tech
M3: Code Transformation Techniques for Software ProtectionChristian Collberg, University of Arizona
Jasvir Nagra, Google Inc.
Layered Assurance Workshop (LAW)Rance J. DeLong, LynuxWorks, Santa Clara University TF1: Tracer Fire: Hands on Computer Forensics in Depth - Part 1Sandia National Laboratory
Tuesday, 6 December 2011
7:30-8:30
Breakfast (Cloister)
8:30-12:00
WindsorSussexCaptain/YeomanCambridgeSenate/Gallery
T5: Virtualization and Security Zed Abbadi, Public Company Accounting Oversight Board (PCAOB) T8: The Bro Network Intrusion Detection SystemSeth Hall & Robin Sommer
International Computer Science Institute
Layered Assurance Workshop (LAW)Rance J. DeLong, LynuxWorks, Santa Clara University GTIP: Workshop on Governance of Technology, Information, and PoliciesCandice Hoke TF2: Tracer Fire: Hands on Computer Forensics in Depth - Part 2Sandia National Laboratory
12:00-13:30
Lunch (Cloister)
13:30-17:00
WindsorSussexCaptain/YeomanCambridgeSenate/Gallery
T6: Security Risk Analysis of Enterprise Networks: Techniques and ChallengesAnoop Singhal NIST
Xinming (Simon) Ou Kansas State University
T8: The Bro Network Intrusion Detection SystemSeth Hall & Robin Sommer
International Computer Science Institute
Layered Assurance Workshop (LAW)Rance J. DeLong, LynuxWorks, Santa Clara University GTIP: Workshop on Governance of Technology, Information, and PoliciesCandice Hoke TF2: Tracer Fire: Hands on Computer Forensics in Depth - Part 2Sandia National Laboratory
18:00-20:00
Reception (OB Ver/Patio)
Wednesday, 7 December 2011
7:30-8:30
Breakfast (Hampton Court Assembly)
8:30-8:45
Welcome (Ireland B/C)
8:45-10:00
Distinguished Practitioner: Susan Landau (Ireland B/C)Privacy: Its All in the Use Case
10:00-10:30
Break (Hampton Court Assembly)
10:30-12:00
Ireland ASapphireDiamondEmerald
Malware 1Art FriedmanUnderstanding the Prevalence and Use of Alternative Plans in Malware with Network GamesYacin Nadji, Georgia Institute of Technology; Manos Antonakakis, Damballa, Inc.; Roberto Perdisci, University of Georgia; Wenke Lee, Georgia Institute of TechnologyForeCast - Skimming o ff the Malware CreamMatthias Neugschwandtner, Vienna University of Technology; Paolo Milani Comparetti, Vienna University of Technology; Gregoire Jacob, University of California, Santa Barbara; Christopher Kruegel, University of California, Santa BarbaraDetecting Malware’s Failover C&C Strategies with SQUEEZEMatthias Neugschwandtner, Vienna University of Technology; Paolo Milani Comparetti, Vienna University of Technology; Christian Platzer, Vienna University of Technology Case Studies 1Deborah CooperDetermining the fundamental basis of software vulnerabilities, Larry Wagoner, NSA

Security Architecture Required of Smart Phones, Eric Uner, PCTEL Secure

Building FIPS 140-2 Compliant Configuration for SAS 9.3 BI Web Applications, Heesun Park, SAS institute

Panel: The Menlo Report: Ethical Principles Guiding Information and Communication Technology ResearchDoug Maughan FISMA Training 1 — Security Controls: NIST SP 800-53, Revision 4Kelley Dempsey
12:00-13:30
Lunch (Great Hall Center)
13:30-15:00
Ireland ASapphireDiamondEmerald
Situational Awareness 1Michael FranzDistilling Critical Attack Graph Surface iteratively through Minimum-Cost SAT SolvingHeqing Huang, Kansas State University; Su Zhang, Kansas State University; Xinming Ou, Kansas State University; Atul Prakash, University of Michigan; Karem Sakallah, University of MichiganRIPE: Runtime Intrusion Prevention EvaluatorJohn Wilander, Dept. of Computer Science, Linköpings Universitet; Nick Nikiforakis, Katholieke Universiteit Leuven; Yves Younan, Katholieke Universiteit Leuven; Wouter Joosen, Katholieke Universiteit Leuven; Miriam Kamkar, Linköpings UniversitetHit 'em Where it Hurts: A Live Security Exercise on Cyber Situational AwarenessAdam Doupé, University of California Santa Barbara; Manuel Egele, Technical University Vienna; Benjamin Caillat, Ecole Superieure d'Informatique Electronique Automatique; Gianluca Stringhini, University of California Santa Barbara; Gorken Yakin, University of California Santa Barbara; Ali Zand, University of California Santa Barbara; Ludovico Cavedon, University of California Santa Barbara; Giovanni Vigna, University of California Santa Barbara Case Studies 2Steve RomeChallenges in Software Trustability, Ian Bryant, UK SSDRI

Employee Data Theft, Jonathan Grier, Vesaria

Current Status of the Xenon Secure Hypervisor, John McDermott, Naval Research Laboratory

Panel: The Search for Meaningful TrustworthinessPeter NeumannPanelists: Jeremy Grant (NIST), Matt Blaze (U. Pennsylvania), Susan Landau (Harvard), Cormac Herley (Microsoft Research) FISMA Training 2 — New Appendix in NIST SP 800-53 Revision 4: Privacy Controls Julie McEwen
15:00-15:30
Break (Hampton Court Assembly)
15:30-17:00
Ireland ASapphireDiamondEmerald
Applied CryptographySteve Greenwald“Mix-In-Place” Anonymous Networking Using Secure Function EvaluationNilesh Nipane, Georgia Institute of Technology; Italo Dacosta, Georgia Institute of Technology; Patrick Traynor, Georgia Institute of TechnologySecurity Through Amnesia: A Software-Based Solution to the Cold Boot Attack on Disk EncryptionPatrick Simmons, University of Illinois at Urbana-ChampaignPrivate Search in the Real WorldVasilis Pappas, Columbia University; Mariana Raykova, Columbia University; Binh Vo, Columbia University; Steven M. Bellovin, Columbia University; Tal Malkin, Columbia University Social Network SecurityKonstantin BeznosovThe Socialbot Network: When Bots Socialize for Fame and MoneyYazan Boshmaf, University of British Columbia; Ildar Muslukhov, University of British Columbia; Konstantin Beznosov, University of British Columbia; Matei Ripeanu, University of British ColumbiaDetecting and Resolving Privacy Conflicts for Collaborative Data Sharing in Online Social NetworksHongxin Hu, Arizona State University; Gail-Joon Ahn, Arizona State University; Jan Jorgensen, Arizona State UniversitySocial Snapshots: Digital Forensics for Online Social NetworksMarkus Huber, SBA Research; Martin Mulazzani, SBA Research; Gilbert Wondracek, Vienna University of Technology; Sebastian Schrittwieser, SBA Research; Edgar Weippl, SBA Research; Manuel Leithner, SBA Research Works-in-ProgressBenjamin Kuperman FISMA Training 3 — Conducting Risk Assessments: NIST SP 800-30, Revision 1Kelley Dempsey
17:00-18:00
Classic Paper: Paul Syverson (Ireland B/C)A Peel of Onion
19:00-22:00
Conference Dinner (20Seven)
Thursday, 8 December 2011
7:30-8:30
Breakfast (Hampton Court Assembly)
8:30-8:45
Opening Remarks (Ireland B/C)
8:45-10:00
Invited Essayist: Terry Benzel (Ireland B/C)The Science of Cyber Security Experimentation: The DETER Project
10:00-10:30
Break (Hampton Court Assembly)
10:30-12:00
Ireland ASapphireDiamondEmerald
Usable SecurityMichael LocastoFacing the Facts about Image Type in Recognition-Based Graphical PasswordsMax Hlywa, Carleton University; Andrew Patrick, Office of the Privacy Commissioner of Canada; Robert Biddle, Carleton UniversityPhorceField: A Phish-Proof Password CeremonyMichael Hart, SUNY Stony Brook; Claude Castille, SUNY Stony Brook; Manoj Harpalani, SUNY Stony Brook; Jonathan Toohill, SUNY Stony Brook; Rob Johnson, SUNY Stony BrookDynamic Sample Size Detection in Continuous Authentication using Sequential SamplingAhmed Awad E. Ahmed, University of Victoria; Issa Traore, University of Victoria Secure InfrastructurePatrick McDanielImproving Robustness of DNS to Software VulnerabilitiesAhmed Khurshid, University of Illinois at Urbana-Champaign; Firat Kiyak, University of Illinois at Urbana-Champaign; Matthew Caesar, University of Illinois at Urbana-ChampaignEnabling Secure VM-vTPM Migration in Private CloudsBoris Danev, ETH Zurich; Ramya Jayaram Masti, ETH Zurich; Ghassan O. Karame , ETH Zurich; Srdjan Capkun, ETH ZurichExposing Invisible Timing-based Traffic Watermarks with BACKLITXiapu Luo, The Hong Kong Polytechnic University; Peng Zhou, The Hong Kong Polytechnic University; Junjie Zhang, Georgia Institute of Technology; Roberto Perdisci, University of Georgia; Wenke Lee, Georgia Institute of Technology; Rocky K. C. Chang, The Hong Kong Polytechnic University Panel: Learning from Unanticipated Scientific Security Research Results Workshop HighlightsJeremy EpsteinPanelists: Matt Bishop (UC Davis), Eugene Spafford (Purdue), John McHugh (RedJack LLC and University of North Carolina), Sam Weber (NSF) FISMA Training 3 — Conducting Risk Assessments: NIST SP 800-30, Revision 1Kelley Dempsey
12:00-13:30
Lunch (Great Hall Center)
13:30-15:00
Ireland ASapphireDiamondEmerald
AnonymityPaul SyversonExploring the Potential Benefits of Expanded Rate Limiting in Tor: Slow and Steady Wins the Race With TortoiseW. Brad Moore, Georgetown University; Chris Wacek, Georgetown University; Micah Sherr, Georgetown University"Super Nodes" in Tor: Existence and Security ImplicationChenglong Li, Tsinghua National Lab for Information Science and Technology (TNList), Beijing; Yibo Xue, Research Institute of Information Technology (RIIT), Tsinghua University, Beijing; Yingfei Dong, Department of Electrical Engineering, University of Hawaii, Honolulu; Dongsheng Wang, Research Institute of Information Technology (RIIT), Tsinghua University, BeijingSmart Metering De-PseudonymizationMarek Jawurek, SAP Research; Martin Johns, SAP Research; Konrad Rieck, Technische Universität Berlin Web Security 1Gene SpaffordSEMAGE: A New Image-based Two-Factor CAPTCHAShardul Vikram, Texas A & M University; Yinan Fan, Texas A & M University; Guofei Gu, Texas A & M UniversityBLOCK: A Black-box Approach for Detection of State Violation Attacks Towards Web ApplicationsXiaowei Li, Vanderbilt University; Yuan Xue, Vanderbilt UniversityA Server- and Browser-Transparent CSRF Defense for Web 2.0 ApplicationsRiccardo Pelizzi, Stony Brook University; R Sekar, Stony Brook University Panel: The New Security Paradigms Workshop ExperienceCormac Herley and Carrie GatesMichael Locasto (U. Calgary)

FISMA Training 4 — Risk Management Framework: NIST SP 800-37Marshall Abrams/Kelley Dempsey
15:00-15:30
Break (Hampton Court Assembly)
15:30-17:00
Ireland ASapphireDiamondEmerald
Software SecurityEd SchneiderASIDE: IDE Support for Web Application SecurityJing Xie, University of North Carolina at Charlotte; Bill Chu, University of North Carolina at Charlotte; Heather Richter Lipford, University of North Carolina at Charlotte; John T. Melton, University of North Carolina at CharlotteTracking Payment Card Data Flow Using Virtual Machine State IntrospectionJennia Hizver, Stony Brook University; Tzi-cker Chiueh, Stony Brook University Web Security 2Cristina SerbanAn Empirical Study of Visual Security Cues to Prevent the SSLstripping AttackDongwan Shin, New Mexico Tech; Rodrigo Lopes, New Mexico TechAdSentry: Comprehensive and Flexible Confinement of JavaScript-based AdvertisementsXinshu Dong, Department of Computer Science, National University of Singapore; Minh Tran, Department of Computer Science, North Carolina State University; Zhenkai Liang, Department of Computer Science, National University of Singapore; Xuxian Jiang, Department of Computer Science, North Carolina State UniversityWebJail: Least-privilege Integration of Third-party Components in Web MashupsSteven Van Acker, IBBT-Distrinet, Katholieke Universiteit Leuven; Philippe De Ryck, IBBT-Distrinet, Katholieke Universiteit Leuven; Lieven Desmet, IBBT-Distrinet, Katholieke Universiteit Leuven; Frank Piessens, IBBT-Distrinet, Katholieke Universiteit Leuven; Wouter Joosen, IBBT-Distrinet, Katholieke Universiteit Leuven Panel: Software Assurance in the Globalised EraIan Bryant FISMA Training 4 — Risk Management Framework: NIST SP 800-37Marshal Abrams/Kelley Dempsey
17:00-18:00
Classic Paper: Matt Blaze (Ireland B/C)Key Escrow from a Safe Distance
18:00-21:00
Reception and Poster Session (Poolside/Lakeside Deck (Backup: Islander Atrium))
Friday, 9 December 2011
7:30-8:30
Breakfast (OB Rest/Ver/Patio)
8:30-10:00
CaptainYeomanScribe
Mobile SecurityMyong KangReliable Telemetry in White Spaces using Remote AttestationOmid Fatemieh, University of Illinois at Urbana Champaign; Michael LeMay, University of Illinois at Urbana Champaign; Carl A. Gunter, University of Illinois at Urbana ChampaignDon't Bump, Shake on It: The Exploitation of a Popular Accelerometer-Based Smart Phone Exchange and Its Secure ReplacementAhren Studer, Carnegie Mellon University; Timothy Passaro, Carnegie Mellon University; Lujo Bauer, Carnegie Mellon UniversityAttacks on WebView in the Android SystemTongbo Luo, Syracuse University; Hao Hao, Syracuse University; Wenliang Du, Syracuse University; Yifei Wang, Syracuse University; Heng Yin, Syracuse University Malware 2Christoph SchubaMitigating Code-Reuse Attacks with Control-Flow LockingTyler Bletsch, NetApp, Inc; Xuxian Jiang, North Carolina State University; Vince Freeh, North Carolina State UniversitydeRop: Removing Return-Oriented Programming from MalwareKangjie Lu, Peking University, Singapore Management University; Dabi Zou, Singapore Management University; Weiping Wen, Peking University; Debin Gao, Singapore Management UniversityStatic Detection of Malicious JavaScript-Bearing PDF DocumentsPavel Laskov, University of Tuebingen; Nedim Srndic, University of Tuebingen FISMA Training 5 — Managing Information Security: NIST SP 800-39Marshall Abrams
10:00-10:30
Break (Cloister/Lobby)
10:30-11:30
CaptainYeomanScribe
Situational Awareness 2Yingfei DongNexat: A History-Based Approach to Predict Attacker ActionsAmir Houmansadr, University of Illinois at Urbana-Champaign; Ali Zand, UCSB; Casey Cipriano, UCSB; Giovanni Vigna, UCSB; Christopher Kruegel, UCSBFrom Prey To Hunter: Transforming Legacy Embedded Devices Into Exploitation Sensor GridsAng Cui, Columbia University; Jatin Kataria, Columbia University; Salvatore J. Stolfo, Columbia University Malware 3Charles PayneBareBox: Efficient Malware Analysis on Bare-MetalDhilung Kirat, University of California, Santa Barbara; Giovanni Vigna, University of California, Santa Barbara; Christopher Kruegel, University of California, Santa BarbaraAutomated Remote Repair for Mobile MalwareYacin Nadji, Georgia Institute of Technology; Jonathan Giffin, Georgia Institute of Technology; Patrick Traynor, Georgia Institute of Technology FISMA Training 5 — Managing Information Security: NIST SP 800-39Marshall Abrams
11:30-12:00
Closing and Awards (Cloister)Giveaways too, so don't plan on leaving early!
12:30-18:00
Social Event (Sea World)Pre-purchased tickets are $59, more than 20% off SeaWorld prices, and includes transportation. Register early as there is limited transportation seating.

 

Powered by OpenConf®
Copyright ©2002-2011 Zakon Group LLC