Annual Computer Security Applications Conference 2009

Full Program

Monday, 7 December 2009
7:30-8:30
Continental Breakfast (Foyer C)
8:30-12:00
HonoluluKahukuOahu
Technology Tutorial M1 (morning)Digital Forensics 1: Technology, Policy, and Countermeasures
Instructor: Dr. Simson L. Garfinkel, Naval Postgraduate School
Technology Tutorial M2 (morning)Code Transformation Techniques for Software Protection
Instructors: Dr. Christian Collberg, University of Arizona; Dr. Jasvir Nagra, Google, Inc.
Technology Tutorial M3 (morning)The Bro Network Intrusion Detection System
Instructors: Dr. Vern Paxson & Dr. Robin Sommer, International Computer Science Institute
12:00-13:30
Lunch (Kohala/Kona)
13:30-17:00
HonoluluKahukuOahu
Technology Tutorial M1 (afternoon)Digital Forensics 1: Technology, Policy, and Countermeasures
Instructor: Dr. Simson L. Garfinkel, Naval Postgraduate School
Technology Tutorial M2 (afternoon)Code Transformation Techniques for Software Protection
Instructors: Dr. Christian Collberg, University of Arizona; Dr. Jasvir Nagra, Google, Inc.
Technology Tutorial M3 (afternoon)The Bro Network Intrusion Detection System
Instructors: Dr. Vern Paxson & Dr. Robin Sommer, International Computer Science Institute
Tuesday, 8 December 2009
7:30-8:30
Continental Breakfast (Foyer C)
8:00-16:30
Workshop (Waialua)Cloud Security
Chair: Dr. Harvey Rubinovitz, MITRE Corporation
8:30-12:00
HonoluluKahukuOahu
Technology Tutorial T4 (morning)Digital Forensics 2: Disk Forensics and Lab
Instructor: Dr. Simson L. Garfinkel, Naval Postgraduate School

CANCELLED

Technology Tutorial T5 (morning)WebAppSec.php: Developing Secure Web Applications
Instructor: Mr. Robert Zakon, Zakon Group LLC
Technology Tutorial T6State of the Practice: Botnets and Related Malware
Instructor: Dr. Sven Dietrich, Stevens Institute of Technology
12:00-13:30
Lunch (Lanai)
13:30-17:00
HonoluluKahukuOahu
Technology Tutorial T4 (afternoon)Digital Forensics 2: Disk Forensics and Lab
Instructor: Dr. Simson L. Garfinkel, Naval Postgraduate School

CANCELLED

Technology Tutorial T5 (afternoon)WebAppSec.php: Developing Secure Web Applications
Instructor: Mr. Robert Zakon, Zakon Group LLC
Technology Tutorial T7Virtualization and Security
Instructor: Mr. Zed Abbadi, Public Company Accounting Oversight Board
18:00-20:00
Welcome Reception (Diamond Head Lawn)
Wednesday, 9 December 2009
7:30-8:30
Continental Breakfast (Foyer C)
8:30-8:45
Welcome (Molokai)Dr. Carrie Gates, Conference Chair
Charles Payne, Program Chair
8:45-10:00
Distinguished Practitioner (Molokai)Users do the darndest things: True stories from the CyLab Usable Privacy and Security Laboratory
Lorrie Faith Cranor, Carnegie Mellon University
10:00-10:30
Break (Foyer C)
10:30-12:00
HonoluluKahukuOahuWaialua
Discovering PolicyKonstantin BeznosovA Network Access Control Mechanism Based on Behavior ProfilesVanessa Frias-Martinez, Joseph Sherrick, Salvatore Stolfo, Angelos KeromytisRoleVAT: Visual Assessment of Practical Need for Role Based Access ControlDana Zhang, Kotagiri Ramamohanarao, Steven Versteeg, Rui ZhangHow to securely break into RBAC: the BTG-RBAC modelAna Ferreira, David Chadwick, Pedro Farinha, Gansen Zhao, Rui Chilro Government Research Needs: Who Funds What?Chair: Deborah Frincke, PNNL
Panelists: Doug Maughan, DHS; Dee Andrews, AFRL; Tomas Vagoun, NITRD; Becky Base, InQTel
Software Security Professional Credentials: Considerations for Secure Software Lifecycle Training and CertificationChair: Stan Wisseman, Booz Allen Hamilton
Panelists: Cassio Goldschmidt, Symantec Corporation; Dan Wolf, Director, Software Assurance Consortium; Patricia A. Myers, (ISC)2; Jeff Frisk, GIAC Certification Program
Overview Risk Management Organizational Perspective, Part 1Instructor: Patricia Toth, NIST

A FISMA Training Feature

12:00-13:30
Lunch (Lanai)Risk Futures: Who (or What) May Be Eating Your Lunch?
Peter Neumann, SRI International
13:30-15:00
HonoluluKahukuOahuWaialua
Hardware/Software SecurityPaul JardetzkyEvaluation of a DPA-Resistant Prototype ChipMario Kirschbaum, Thomas PoppFPValidator: Validating Type Equivalence of Function Pointers On The FlyHua Wang, Yao Guo, Xiangqun ChenSurgically returning to randomized lib(c)Giampaolo Fresi Roglia, Lorenzo Martignoni, Roberto Paleari, Danilo Bruschi Preparing for 2020: What Should We Be Doing Now?Chair: Deborah Frincke, PNNL
Panelists: Matt Bishop, Univ. of California, Davis; Peter Neumann, SRI International; Becky Bace, InQTel; Tomas Vagoun, NITRD
Security in Cloud ComputingChair: Stan Wisseman, Booz Allen Hamilton
Panelists: Peter Mell, NIST; Jeff Miller, Coca Cola; Chris Moses, Amazon
Overview Risk Management Organizational Perspective, Part 2Instructor: Patricia Toth, NIST

A FISMA Training Feature

15:00-15:30
Break (Foyer C)
15:30-16:30
HonoluluKahukuOahuWaialua
Cloud SecurityChristoph SchubaSecureMR: A Service Integrity Assurance Framework for MapReduceWei Wei, Juan Du, Ting Yu, Xiaohui GuJustifying Integrity Using a Virtual Machine VerifierJoshua Schiffman, Thomas Moyer, Christopher Shal, Trent Jaeger, Patrick McDaniel IntegrityTara WhalenScalable Web Content AttestationThomas Moyer, Kevin Butler, Joshua Schiffman, Patrick McDaniel, Trent JaegerA Study of User-Friendly Hash Comparison SchemesHsu-Chun Hsiao, Yue-Hsun Lin, Ahren Studer, Cassandra Studer, King-Hang Wang Net SecurityRandall SmithModeling Modern Network Attacks and Countermeasures Using Attack GraphsKyle Ingols, Matthew Chu, Richard Lippmann, Seth Webster, Stephen BoyerEvaluating network security with two-layer attack graphsAnming Xie, Zhuhua Cai, Cong Tang, Jianbin Hu, Zhong Chen IP RightsJan FilsingerUnifying Broadcast Encryption and Traitor Tracing for Content ProtectionHongxia Jin, Jeffery LotspiechDetecting Software Theft via System Call Based Birthmarksxinran wang, yoon-chan jhi, sencun zhu, peng liu
16:30-16:45
Break (Foyer C)
16:45-17:30
Classic Paper I (Molokai)Reflections on UNIX Vulnerabilities
Matt Bishop, University of California at Davis
18:00-20:00
Conference Dinner Luau (Diamond Head Lawn)
Thursday, 10 December 2009
7:30-8:30
Continental Breakfast (Foyer C)
8:30-8:45
Opening Remarks (Molokai)Dr. Carrie Gates, Conference Chair
8:45-9:00
Welcome from the Mayor (Molokai)The Honorable Mufi Hannemann, Mayor of Honolulu
9:00-10:00
Invited Essayist (Molokai)The Good, The Bad, And The Ugly: Stepping on the Security Scale
Mary Ann Davidson, Oracle
10:00-10:30
Break (Foyer C)
10:30-12:00
HonoluluKahukuOahuWaialua
Authentication and AuditPatrick TraynorA New Approach for Anonymous Password AuthenticationYanjiang Yang, Jianying Zhou, Jian Weng, Feng BaoOn the Security of PAS (Predicate-based Authentication Service)Shujun Li, Hassan Jameel, Josef Pieprzyk, Ahmad-Reza Sadeghi, Roland Schmitz, Huaxiong WangBAF: An Efficient Publicly Verifiable Secure Audit Logging Scheme for Distributed SystemsAttila Altay Yavuz, Peng Ning The New Security Paradigm ExperienceChair: Anil Somayaji, Carleton University
Panelists:
Hilary Hosmer, Data Security,
"The NSPW Psychological Contract";
Maritza Johnson, Columbia University
"Laissez-faire file sharing";
Cormac Herley, Microsoft Research
"So Long, And No Thanks for the Externalities: The Rational Rejection of Security Advice by Users"
Privilege Management in Operational Information SharingChair: Art Friedman, DoD
Panelists: Bob Greenberg, DNI; Cheryl Traverse, Xceedium; Ryan Fox, Booz Allen Hamilton; Jeremy Wyant, General Dynamics
Cyber Security Controls: NIST SP 800-53 rev 3 and CNSS 1253Instructor: Ron Ross, NIST

A FISMA Training Feature

12:00-13:30
Lunch (Lanai)
13:30-15:00
HonoluluKahukuOahuWaialua
Malware, Botnets and OS Security (Part 1)Peng NingFIRE: FInding Rogue nEtworksBrett Stone-Gross, Andy Moser, Christopher Kruegel, Engin Kirda, Kevin AlmerothActive Botnet Probing to Identify Obscure Command and Control ChannelsGuofei Gu, Vinod Yegneswaran, Phillip Porras, Jennifer Stoll, Wenke LeeTrustGraph: Trusted Graphics Subsystem for High Assurance SystemsHamed Okhravi, David M. Nicol DoS DefenseWesley HigakiRAD: Reflector Attack Defense Using Message Authentication CodesErik Kline, Matt Beaumont-Gay, Jelena Mirkovic, Peter ReiherA Guided Tour Puzzle for Denial of Service PreventionMehmud Abliz, Taieb ZnatiOnline Signature Generation for Windows SystemsLixin Li, James Just, R. Sekar Case StudiesCapt. Traci SamientoLessons Learned from the First High Assurance (EAL 6+) Common Criteria Software Certification
David Kleidermacher, CTO, INTEGRITY Global Security LLC

Lessons Learned from the development of the First Nuclear Power Plant Cyber Security Program: Moving beyond risk
Eric Lee, US NRC

Challenges in Sharing Security Information
Ian Bryant, Information Assurance Advisor, MS3i Project

Near Real-Time Risk Management Process: NIST SP 800-37Instructor: Ron Ross, NIST

A FISMA Training Feature

15:00-15:30
Break (Foyer C)
15:30-17:00
HonoluluKahukuOahuWaialua
Malware, Botnets and OS Security (Part 2)Ken ShottingProtecting Commodity OS Kernels from Vulnerable Device DriversShakeel Butt, Vinod Ganapathy, Michael Swift, Chih-Cheng ChangDetecting Malicious Flux Service Networks through Passive Analysis of Recursive DNS TracesRoberto Perdisci, Igino Corona, David Dagon, Wenke LeeIdentification of Bot Commands By Run-time Execution MonitoringYoung Hee Park, Douglas Reeves Security Evaluations: Who Watches the Watchers?Moderator: Jeremy Epstein, SRI International
Panelists: Paul Karger, IBM; Chris Salter, National Security Agency; Helmut Kurth, atsec; Wes Higaki, CCVF
Mobile SecurityRobert ZakonTransparent Encryption for External Storage Media with Key Management Adapted to Mobile UseAlf Zugenmaier, Sven Lachmund, Dileesh JostinSemantically Rich Application-Centric Security in AndroidMachigar Ongtang, Stephen McLaughlin, William Enck, Patrick McDanielLeveraging Cellular Infrastructure to Improve Fraud PreventionFrank Park, Chinmay Gangakhedkar, Patrick Traynor Multimedia and Web SecurityUlf LindqvistAnalyzing and Detecting Malicious Flash AdvertisementsSean Ford, Marco Cova, Chris Kruegel, Giovanni VignaSymmetric Cryptography in JavascriptEmily Stark, Michael Hamburg, Dan BonehAnalyzing Information Flow in JavaScript-based Browser ExtensionsMohan Dhawan, Vinod Ganapathy
17:00-17:15
Break (Foyer C)
17:15-18:00
Classic Paper II (Molokai)Java Security: A Ten Year Retrospective
Li Gong, Mozilla
18:00-19:15
MolokaiFoyer C
Works In Progress Posters/Reception
Friday, 11 December 2009
7:30-8:30
Continental Breakfast (Foyer C)
8:30-10:00
HonoluluKahukuOahuWaialua
Trust ManagementPeng LiuSecure Web 2.0 Content Sharing Beyond Walled GardensSan-Tsai Sun, Kirstie Hawkey, Konstantin BeznosovEnabling Secure Secret Sharing in Distributed Online Social NetworksLe-Hung Vu, Sonja Buchegger, Anwitaman Datta, Karl AbererDeploying and Monitoring DNS Security (DNSSEC)Eric Osterweil, Dan Massey, Lixia Zhang Virtualization SecurityEdward SchneiderMAVMM: A Lightweight and Purpose-Built VMM for Malware AnalysisAnh Nguyen, Nabil Schear, HeeDong Jung, Apeksha Godiyal, Samuel T. King, Hai NguyenProtecting Kernel Code and Data with a Virtualization-Aware Collaborative Operating SystemDaniela Oliveira, S. Felix WuHIMA: A Hypervisor-Based Integrity Measurement AgentAhmed Azab, Peng Ning, Emre Sezer, Xiaolan Zhang Risk Management MethodologiesChair: Ron Ross, NIST
Panelists: Randy Cieslak, PACOM CIO; Mark Loepker, CNSS
Cyber Security for Industrial Control Systems: NIST SP 800-53Instructor: Marshall Abrams, MITRE Corporation

A FISMA Training Feature

10:00-10:30
Break (Foyer C)
10:30-12:00
HonoluluKahukuOahuWaialua
Intrusion Detection, Recovery and AnalysisAnil SomayajiOnline Sketching of Network Flows for Real-Time Stepping-Stone DetectionBaris Coskun, Nasir MemonSHELF: Preserving Business Continuity and Availability in an Intrusion Recovery SystemXi Xiong, Peng Liu, Xiaoqi JiaAn Empirical Approach to Modeling Uncertainty in Intrusion AnalysisXinming Ou, S. Raj Rajagopalan, Sakthiyuvaraja Sakthivelmurugan Privacy and Software AssuranceArt FriedmanThe Design of a Trustworthy Voting SystemNathanael Paul, Andrew TanenbaumPrivacy through Noise: A Design Space for Private IdentificationKarsten Nohl, David EvansA Survey of Vendor Software Assurance PracticesJeremy Epstein Case StudiesBen CookSecure Desktops in Commercial and Government Architectures
Paul McNabb, Argus Systems Group

Vulnerability Management at the Database Level
Eric Gonzales, APPSEC

Information Communications Technology (ICT) Supply Chain Risk Management: A Systems Thinking Approach
Ivan George Taylor, NSA

Cyber Security for Industrial Control Systems: NIST SP 800-53Instructor: Marshall Abrams, MITRE Corporation

A FISMA Training Feature

12:00-17:00
Social EventOptional event; separate registration required.

 

Powered by OpenConf®
Copyright ©2002-2009 Zakon Group LLC