Malware Memory Forensics Workshop (MMF)
Register today! You do not need to submit a paper to attend.
The Malware Memory Forensics Workshop will be held in New Orleans, Louisiana, Tuesday, December 9, 2014, in conjunction with the Annual Computer Security Applications Conference (ACSAC). ACSAC will be held at the Hyatt French Quarter, a New Orleans hotel located in the historic French Quarter.
Over the past few years, memory forensics has emerged and proven to be a critical area for computer security and forensics. It is used to extract artifacts from the physical memory of a computer system and then analyze them to identify any traces of an attack or malicious activity. Such activity might include execution of a malicious process, unauthorized modification of pointers and data structures, malicious patching of benign code, etc. Memory forensics can play a critical role in the detection and analysis of sophisticated and stealthy malware, including zero-day attacks. However, automatically extracting and analyzing artifacts is a big challenge in memory forensics. The goal of this workshop is to explore new techniques that can facilitate the automatic detection and analysis of in-memory malware through memory forensic analysis. Papers of interest including (but not limited to) the following subject categories are solicited:
- Statistical and data mining techniques for malware analysis and detection
- Memory forensics for cyber physical systems such as control systems, SCADA, and smart grids
- Static and dynamic analysis for malware
- Cloud and virtual machine introspection
- Extraction and analysis of application and operating systems structures
- Memory forensics for mobile devices including smart phones
- Tool testing and development
- Digital evidence storage, preservation, and the law
- Anti-Forensics
Accepted Presentations:
- Pitfalls of Virtual Machine Introspection on Modern Hardware [paper], Tamas Lengyel, University of Connecticut
- Reliable In-Memory Code Identification Using Relocatable Pointers, Irfan Ahmed, University of New Orleans
- A Systematic Study on Memory Forensics with Respect to Correctness, Robustness, and Coverage, Heng Yin, Syracuse University
- Code Validation for Modern OS Kernels [paper], Thomas Kittel, Technische Universität München
- An Introduction to Virtual Machine Introspection Using LibVMI, Bryan Payne, Nebula, Inc. Director of Security Research at Nebula
- Automating Introspection and Forensics Tools Development via Binary Code Reuse, Zhiqiang Lin, University of Texas at Dallas
- Toward Reproducibility in Malware Forensics, Brendan Dolan-Gavitt, Columbia University
Important Dates
| Manuscript Submission: | October 3 September 24, 2014 |
| Acceptance Notification: | October 15, 2014 |
| Final Manuscript due: | November 1, 2014 |
| Workshop Date: | December 9, 2014 |
Organizing Committees
General Co-Chairs
Harvey Rubinovitz, The MITRE Corporation
Golden G. Richard III, The Univ. of New Orleans
Program Co-chairs
Vassil Roussev, The Univ. of New Orleans
Irfan Ahmed, The Univ. of New Orleans
Program Committee Members include:
Jesse Kornblum (Facebook)
Michael Cohen (Google)
Zhiqiang Lin (University of Texas at Dallas)
Bradley Schatz (Schatz Forensic)
Bryan D. Payne (Nebula)
Ryan Riley (Qatar University)
Andrew Case (Volatility Foundation)
Lodovico Marziale (504ENSICS Labs)
Brendan Dolan-Gavitt (Georgia Inst. of Technology)
The workshop papers will be published on the ACSAC website.
If you are interested in attending please check off the appropriate box on the conference registration form and add in the Malware Memory Forensics (MMF) Workshop fee. Lunch will be included as part of the workshop fee.