Annual Computer Security Applications Conference (ACSAC) 2008

Full Program

Monday, 8 December 2008
8:30-17:00
M1. TutorialIntrusion Detection and Assessment through Mining and Learning Data Characteristics of Cyber Attacks and Normal Use Activities, Dr. Nong Ye, Arizona State University M2. TutorialWebAppSec.php: Developing Secure Web Applications, Mr. Robert H'obbes' Zakon, Zakon Group LLC M3. TutorialCryptographic Techniques for Digital Rights Management, Dr. Hongxia Jin, IBM Almaden Research Center
Tuesday, 9 December 2008
8:30-17:00
T4. Tutorial - CANCELLEDAcquisition and Analysis of Large Scale Network Data V.4, Dr. John McHugh, Dalhousie University T5. TutorialWeb Services Security, Techniques and Challenges, Dr. Anoop Singhal, NIST, and Mr. Gunnar Peterson, Arctec Group
8:30-16:30
WorkshopVirtualization Security
8:30-12:00
T6. TutorialWeb Injection Attacks, Dr. V. N. Venkatakrishnan, University of Illinois at Chicago
13:30-17:00
T7. TutorialMulti-perspective Application Security Risk Analysis: A Toolbox Approach, Mr. Sean Barnum (coordinator), Cigital, Inc.; Mr. Jacob West, Fortify Software; Mr. Ray Lininer, IBM/Rational/Watchfire; Mr. Anthony Vicinelly or Mr. Josh Shaul, Application Security, Inc.; Maj. Michael Kleffman, USAF
18:00-20:00
Welcome Reception
Wednesday, 10 December 2008
8:30-8:45
Opening RemarksCristina Serban, Conference Chair
Pierangela Samarati, Program Chair
8:45-10:00
Invited EssayistSteve RomeStructuring for Strategic Cyber Defense: A Cyber Manhattan Project Blueprint, O. Sami Saydjari, CEO, Cyber Defense Agency LLC
10:00-10:30
Break
10:30-12:00
Track A. Refereed Papers [Forensics and Security Management]Christoph SchubaPractical Applications of Bloom filters to the NIST RDS, hard drive triage, and data mining.Paul Farrell, Simson GarfinkelSystematic Signature Engineering by Re-use of Snort SignaturesSebastian Schmerl, Hartmut Koenig, Ulrich Flegel, Michael Meier, René RietzAnalyzing the performance of security operations to reduce vulnerability exposure windowsYolanta Beres, Jonathan Griffin, Simon Shiu, Max Heitman, David Markle Track B. Refereed Papers [Operating Systems and Memory Security]Ed SchneiderNew Side Channels Targeted at PasswordsAlbert Tannous, Jonathan Trostle, Mohamed Hassan, Stephen McLaughlin, Trent JaegerPinUP: Pinning User Files to Known ApplicationsWilliam Enck, Patrick McDaniel, Trent JaegerDefending Against Attacks on Main Memory PersistenceWilliam Enck, Kevin Butler, Thomas Richardson, Patrick McDaniel, Adam Smith Track C. Case StudiesDNI/DOD/IC C&A Transformation Initiative, Marianne Bailey, Director, Cross Domain Management Office; Roger Caslow, ODNI; Ron Ross, NIST; Eustice King, OSDC3I
12:00-13:15
Lunch
13:15-14:45
Track A. Refereed Papers [Kernel-level Defensive Techniques]Reiner SailerAutomatic Inference and Enforcement of Kernel Data Structure InvariantsArati Baliga, Vinod Ganapathy, Liviu IftodeVICI--Virtual Machine Introspection for Cognitive ImmunityTimothy Fraser, Matthew Evenson, William ArbaughSoft-Timer Driven Transient Kernel Control Flow Attacks and DefenseJinpeng Wei, Bryan Payne, Jon Giffin, Calton Pu Track B. PanelSpam, Phishing - A Global Perspective, Marc Dacier (Chair), Director Symantec Research Labs Europe; Domenico Dati, Tiscali; Engin Kirda, Eurecom Institute; Gerhard Paass, Frauenhofer Institute; David Ulevitch, CEO of OpenDNS and founder of Phishtank Track C. Case StudiesFirst Public Discussion of Unified Certification and Accreditation Process for the U.S. Government, Ron Ross (Chair), NIST
14:45-15:15
Break
15:15-17:15
Track A. Refereed Papers [Graphical Passwords and Biometrics]David WhyteOn Purely Automated Attacks and Click-Based Graphical PasswordsAmirali Salehi-Abari, Julie Thorpe, Paul Van OorschotYAGP: Yet Another Graphical Password StrategyHaichang Gao, Xuewu Guo, Xiaoping Chen, Liming Wang, Xiyang LiuPrivacy-aware Biometrics: Design and Implementation of a Multimodal Verification SystemStelvio Cimato, Marco Gamassi, Vincenzo Piuri, Roberto Sassi, Fabio ScottiImproving the Efficiency of Capture-resistant Biometric Authentication based on Set IntersectionXunhua Wang, Philip Huff, Brett Tjaden Track B. Refereed Papers [Access Control]Kent SeamonsProActive Access Control for Business Process-driven EnvironmentsMathias Kohler, Andreas SchaadAssessing Quality of Policy Properties in Verification of Access Control PoliciesEvan Martin, JeeHyun Hwang, Tao Xie, Vincent HuPlease Permit Me: Stateless Delegated Authorization in MashupsRagib Hasan, Richard Conlan, Brian Slesinsky, Nandu Ramani, Marianne WinslettImplementing ACL-based Policies in XACMLGuenter Karjoth, Andreas Schade, Els Van Herreweghen Track C. Refereed Papers [Network Security]V.N. VenkatakrishnanExecution Trace-Driven Automated Attack Signature GenerationSusanta Nanda, Tzi-cker ChiuehImproving Security Visualization with Exposure Map FilteringDavid Barrera, Mansour Alsaleh, Paul van OorschotAttack Grammar: A New Approach to Modeling and Analyzing Network Attack SequencesYinqian Zhang, Xun Fan, Yijun Wang, Zhi XueHost-Centric Model Checking for Network Vulnerability AnalysisRattikorn Hewett, Phongphun Kijsanayothin
18:00-20:00
Dinner
Thursday, 11 December 2008
8:30-8:45
Opening Remarks
8:45-10:00
Distinguished PractitionerChristoph SchubaInsecurity in a Web-Services World, Whitfield Diffie, Sun Microsystems, Inc.
10:00-10:30
Break
10:30-12:00
Track A. Refereed Papers [Role-based Access Control]Lillian RøstadThe Role Hierarchy Mining Problem: Discovery of Optimal Role HierarchiesQi Guo, Jaideep Vaidya, Vijayalakshmi AtluriPermission Set Mining: Discovering Practical and Useful RolesDana Zhang, Kotagiri Ramamohanarao, Tim Ebringer, Trevor YannTowards Enforcing Role-Based Access Control Policies in Web Services with UML and OCLSohr Karsten, Mustafa Tanveer, Ahn Gail-Joon, Xinyu Bao Track B. Refereed Papers [Intrusion Detection]Arthur R. FriedmanAddressing Low Base Rates in Intrusion Detection via Uncertainty-Bounding Multi-Step AnalysisRobert Cole, Peng LiuToward Automatic Generation of Intrusion Detection System Verification RulesFrédéric Massicotte, Yvan Labiche, Lionel BriandSTILL: Exploit Code Detection via Static Taint and InitializationXinran Wang, Yoon-Chan Jhi, Sencun Zhu, Peng Liu Track C. Case Studies
  • Security Content Automation, John Banghart, Booz Allen Hamilton
  • FISMA compliance for Federal agencies and commercial entities within a single, holistic, IA management framework, Richard Wilsher, Zygma, LLC
  • Cryptographic Modernization for SPACE, Joe Bull, Booz Allen Hamilton
12:00-13:15
Lunch
13:15-14:45
Track A. Refereed Papers [Malware and Data Protection]Anas Abou El KalamMcBoost: Boosting Scalability in Malware Collection and Analysis Using Statistical Classification of ExecutablesRoberto Perdisci, Andrea Lanzi, Wenke LeeMalTRAK: Tracking and Eliminating Unknown MalwareAmit VasudevanPreventing information leaks through shadow executionCapizzi Roberto, Antonio Longo, V.N. Venkatakrishnan, A. Prasad Sistla Track B. PanelSecurity and Privacy in an Expanding Cyber World, Dr. Frank L. Greitzer (Co-chair), Pacific Northwest National Laboratory, and Dr. Barbara Endicott-Popovsky (Co-chair), University of Washington (UW) Center for Information Assurance and Cybersecurity; Dr. Deborah A. Frincke, Pacific Northwest National Laboratory; John R. Christiansen, Christiansen IT Law; Dr. Robert M. Mason, UW iSchool; David Aucsmith, Microsoft Track C. Case StudiesOverview of Federal Government Software Assurance Initiatives, Joe Jarzombek, Director for Software Assurance, National Cyber Security Division, Department of Homeland Security; Major Michael Klefman, Chief Technology Officer, Application Software Assurance, USAF 754 ELSG/DOC; Sean Barum, Principal Consultant, Cigital; Dan Wolf, Director, Software Assurance Consortium
14:45-15:15
Break
15:15-16:45
Track A. Refereed Papers [Web-based Applications Security]Robert H'obbes' ZakonXSSDS: Server-side detection of cross-site scripting attacksMartin Johns, Engelmann Bjoern, Joachim PoseggaAnti-Phishing in Offense and DefenseChuan Yue, Haining WangDesign and Implementation of an Open Framework for Secure Communication in Mashup Saman Zarandioon, Danfeng Yao, Vinod Ganapathy Track B. Refereed Papers [Anomaly and Misuse Detection]Carrie GatesBehavior-Profile Clustering For False Alert Reduction in Anomaly Detection SensorsVanessa Frias-Martinez, Salvatore J. Stolfo, Angelos D. KeromytisNetwork-Based Bluetooth Misuse Detection Terrence OConnor, Douglas ReevesBridging the Gap between Data-flow and Control-flow Analysis for Anomaly DetectionPeng Li, Hyundo Park, Debin Gao, Jianming Fu Track C. Case Studies
  • Lessons Learned in Security Measurement, Nadya Bartol, Brian Bates, Booz Allen Hamilton
  • Ritz Camera Center Achieves Picture-Perfect Security, Tom Murphy, Chief Strategist, Bit9
  • Malicious Control System Cyber Security Attack Case Study -- Maroochy Water Services, Australia, Marshall Abrams, MITRE
16:45-17:15
Break
17:15-18:30
Special Feature PanelLessons Learned In Election Technology From The 2008 Elections, Jeremy Epstein (Chair), Cigital; Dr. Barbara Simons, past ACM President; Dr. David Wagner, UC Berkeley; Dr. Alec Yasinsac, Univ. of South Alabama Works in Progress
Friday, 12 December 2008
8:30-10:00
Classic PapersJeremy EpsteinSeventeen Years -- Network Security is even worse than a plague of locusts, Barbara Y. Fraser, Director of Corporate Consulting Engineering, Cisco Systems, and Stephen D. Crocker, CEO, Shinkuro, Inc.
System Call Monitoring Revisited, Stephanie Forrest, University of New Mexico, Steven Hofmeyr, and Anil Somayaji
10:00-10:30
Break
10:30-12:00
Track A. Refereed Papers [Authentication]Jay KahnPAS: Predicate-based Authentication Services Against Powerful Passive AdversariesXiaole Bai, Wenjun Gu, Xun Wang , Sriram Chellappan, Dong XuanpwdArmor: Protecting Conventional Password-based AuthenticationsTimothy van der Horst, Kent SeamonsDARE: A FRAMEWORK FOR DYNAMIC AUTHENTICATION OF REMOTE EXECUTIONSErdem Aktas, Kanad Ghose Track B. Refereed Papers [Applied Cryptography]Hongxia JinInstruction Set Extensions for Enhancing the Performance of Symmetric-Key CryptographySean O'Melia, Adam ElbirtA Survey to Guide Group Key Protocol DevelopmentAhren Studer, Christina Johns, Jaanus Kase, Kyle O'Meara, Lorrie CranorTransaction oriented text messaging with Trusted-SMSAntonio Grillo, Alessandro Lentini, Gianluigi Me, Giuseppe F. Italiano Track C. Case Studies
  • Assuring Information in the Longer Term, Ian Bryant, UK Government
  • Secured Database, Secured Revenue: How Going Above Traditional Security Raised Attraction World's Customer Base, Paul Davie, Secerno
  • Data Leak Prevention: Don't Miss the Big Picture, Victor Lee, Trend Micro
12:00-16:00
Optional Social Event (includes lunch)

 

Powered by OpenConf
Copyright ©2002-2008 Zakon Group LLC