Technical Program – Wednesday

8:30 Invited Essayist Mary Ellen Zurko, IBM Corporation, USA
User Centered Security: Stepping Up to the Grand Challenge
10:00 BREAK
10:30 Automation
Chair: Patrick McDaniel, Penn State University, USA

  • ScriptGen: an automated script generation tool for honeyd§, Corrado Leita, Ken Mermoud, and Marc Dacier, Eurecom Institute, France
  • Automatic Generation of Buffer Overflow Attack Signatures: An Approach Based on Program Behavior Models§, Zhenkai Liang and R. Sekar, Stony Brook University, USA
  • Evolving Successful Stack Overflow Attacks for Vulnerability Testing§, Gunes Kayacik, Malcolm Heywood, and Nur Zincir-Heywood, Dalhousie University, Canada
  • Security Analysis
    Chair: Jarrellann Filsinger, National Archives, USA

  • Java for Mobile Devices: A Security Study§, Mourad Debbabi, Mohamed Saleh, Chamseddine Talhi, and Sami Zhioua, Concordia University, Canada
  • Lessons Learned: A Security Analysis of the Internet Chess Club§, John Black, Martin Cochran, and Ryan Gardner, University of Colorado at Boulder, USA
  • Building Evidence Graphs for Network Forensics Analysis§, Wei Wang and Thomas E. Daniels, Iowa State University, USA
  • Internet Security Visualization
    Chair: Marshall Abrams The MITRE Corporation, USA

  • Internet Security Visualization Case Study: Instrumenting a Network for NetFlow Security Visualization Tools [ paper ], Bill Yurcik, National Center for Supercomuting Applications, Univ. of Illinois, USA
  • Visualizing Connection Traffic, Carrie Gates, CERT, USA
  • Creating Dynamic Baselines Visually, Paul Sop, Intellitactics, CANADA
  • 12:00 LUNCH
    Chair: Paul Jardetzky, USA

    The Technology Blitz Session is a forum for participants that wish to disseminate practical research or operational results in an abbreviated format. This session is particularly well suited toward authors that do not have time to construct a full academic paper, yet still may provide useful insight into solutions for computer or networked computer security.

    3:00 BREAK
    3:30 OS Security Mechanisms
    Chair: Ed Schneider, Institute for Defense Analyses, USA

  • Multi-Level Security Requirements for Hypervisors§, Paul Karger, IBM T.J. Watson Research Center, USA
  • Building a MAC-based Security Architecture for the Xen Opensource Hypervisor§, Reiner Sailer, Trent Jaeger, Enriquillo Valdez, Ramon Caceres, Ronald Perez, Stefan Berger, John Griffin, and Leendert van Doorn, IBM T.J. Watson Research Center, USA
  • e-NeXSh: Achieving an Effectively Non-Executable Stack and Heap via System-Call Policing§, Gaurav Kc and Angelos Keromytis, Columbia University, USA
  • Data Integrity
    Chair: Randy Simpson, Institute for Defense Analyses, USA

  • Dynamic Taint Propagation for Java§, Vivek Haldar, Deepak Chandra, and Michael Franz, University of California, Irvine, USA
  • An Integrity Verification Scheme for DNS Zone file based on Security Impact Analysis§, Ramaswamy Chandramouli and Scott Rose, National Institute of Standards and Technology, USA
  • Paranoid: A Global Secure File Access Control System§, Fareed Zaffar and Gershon Kedem, Duke University, USA and Ashish Gehani, University of Notre Dame, USA
  • HOT TOPICS - Thinking of a Career in Information Assurance and How to Advance in the Field
    Chair: Marla Collier, Internet Resources, USA

    Tom Fuhrman, Booz Allen Hamilton, USA
    Wes Higaki, Symantec, USA
    J. F. Mergen, Verizon, USA
    Brian Snow, National Security Agency, USA

    As industry begins to invest more in Information Assurance (IA), there are numerous aspects of a career in IA worth exploring: Are certifications a smart career move? What is industry looking for today and in the future? If I want to do R&D, what do I need to know and what are the pluses/minuses of going corporate, academic or federal/state? Okay, I got hired in IA --- what next?

    5:00 BREAK
    Chair: Mary Ellen Zurko, IBM Corporation, USA

    The Works In Progress (WIP) Session is intended as a forum to introduce new ideas, report on ongoing work that may or may not be complete, and to state positions on controversial issues or open problems. Additional submissions may be given to the Program Chair, Christoph Schuba, or the WIP Chair. Submitted topics will be announced at the Opening Plenary session and posted near the Conference Registration Desk

    § This symbol indicates papers that were anonymously peer reviewed by four or more reviewers before acceptance.

    [ Monday Tutorials ] [ Tuesday ] [ Thursday ] [ Friday Tutorials ]