Annual Computer Security Applications Conference 2010

Full Program

Monday, 6 December 2010
7:30-8:30
Breakfast (Ballroom CD)
8:30-12:00
Ballroom ALittle ColonyStone's CrossingWaterloo
LAW: Layered Assurance Workshop (part 1/4)Chair: Rance J. DeLong, LynuxWorks, Santa Clara University Tutorial M1 – Educating Computer Security Professionals with the CyberCIEGE Video GameMr. Michael Thompson, Naval Postgraduate School Tutorial M3 (part 1/2) – Algorithms for Software ProtectionDr. Christian Collberg, University of Arizona
Dr. Jasvir Nagra, Google Inc.
Tutorial M4 (part 1/2) – System Life Cycle Security EngineeringMs. Thuy D. Nguyen, Naval Postgraduate School
Dr. Cynthia E. Irvine, Naval Postgraduate School
12:00-13:30
Lunch (Ballroom CD)
13:30-17:00
Ballroom ALittle ColonyStone's CrossingWaterloo
LAW: Layered Assurance Workshop (part 2/4)Chair: Rance J. DeLong, LynuxWorks, Santa Clara University Tutorial M2 – State of the Practice: Intrusion DetectionDr. Michael Collins, RedJack, LLC
Dr. John McHugh, RedJack, LLC
Tutorial M3 (part 2/2) – Algorithms for Software ProtectionDr. Christian Collberg, University of Arizona
Dr. Jasvir Nagra, Google Inc.
Tutorial M4 (part 2/2) – System Life Cycle Security EngineeringMs. Thuy D. Nguyen, Naval Postgraduate School
Dr. Cynthia E. Irvine, Naval Postgraduate School
Tuesday, 7 December 2010
7:30-8:30
Breakfast (Ballroom CD)
8:30-12:00
Ballroom AStone's CrossingLittle ColonyRoom 516 (5th Floor)Waterloo
LAW: Layered Assurance Workshop (part 3/4)Chair: Rance J. DeLong, LynuxWorks, Santa Clara University GTIP: Workshop on Governance of Technology, Information, and Policies (part 1/2)Chair: Dr. Harvey Rubinovitz, MITRE Corporation Tutorial T5 – Virtualization and SecurityMr. Zed Abbadi, Public Company Accounting Oversight Board (PCAOB) Tutorial T7 (part 1/2) – State of the Practice: Secure CodingMr. Robert C. Seacord, CERT Software Engineering Institute Tutorial T8 (part 1/2) – An Introduction to Usable SecurityDr. Jeff Yan, Newcastle University, UK
Mary Ellen Zurko, IBM, USA
12:00-13:30
Lunch (Ballroom CD)
13:30-17:00
Ballroom AStone's CrossingLittle ColonyRoom 516 (5th Floor)Waterloo
LAW: Layered Assurance Workshop (part 4/4)Chair: Rance J. DeLong, LynuxWorks, Santa Clara University GTIP: Workshop on Governance of Technology, Information, and Policies (part 2/2)Chair: Dr. Harvey Rubinovitz, MITRE Corporation Tutorial T6 – Keeping Your Web Apps Secure: The OWASP Top 10 & BeyondMr. Robert H'obbes' Zakon, Zakon Group LLC Tutorial T7 (part 2/2) – State of the Practice: Secure CodingMr. Robert C. Seacord, CERT Software Engineering Institute Tutorial T8 (part 2/2) – An Introduction to Usable SecurityDr. Jeff Yan, Newcastle University, UK
Mary Ellen Zurko, IBM, USA
18:00-20:00
Reception (Foyer)
Wednesday, 8 December 2010
7:30-8:30
Breakfast (Ballroom CD)
8:30-8:45
Welcome (Ballroom AB)Carrie Gates, Conference Chair
Michael Franz, Program Chair
8:45-10:00
Distinguished Practitioner (Ballroom AB)Douglas Maughan, DHS Science & Technology Directorate
10:00-10:30
Break
10:30-12:00
Ballroom ABSan Jacinto WestSan Jacinto EastWaterloo
Social NetworksArthur R. FriedmanDetecting Spammers On Social NetworksGianluca Stringhini, University of California, Santa Barbara; Christopher Kruegel, University of California, Santa Barbara; Giovanni Vigna, University of California, Santa BarbaraTowardworm Detection In Online Social NetworksWei Xu, Pennsylvania State University; Fangfang Zhang, Pennsylvania State University; Sencun Zhu, Pennsylvania State UniversityWho Is Tweeting On Twitter: Human, Bot, Or Cyborg?Zi Chu, The College of William and Mary; Steven Gianvecchio, The College of William and Mary; Haining Wang, The College of William and Mary; Sushil Jajodia, George Mason University Case Study 1Managing Security Information and PCI compliance at The University of Dayton, Rick Wagner, Novell, Inc.

A Taxonomy of Vulnerability in the Supply Chain, Chris Romeo and Patrick Hunter, CISCO

The Security Threats To and From the Intelligent Electronics Devices, Baris Coskun, AT&T
Panel: Risks in the Clouds - Between Silver Linings and Oncoming StormsModerator: Peter Neumann, SRI

Panelists:
• Earl Crane, Department of Homeland Security, USA
• Ahmad-Reza Sadeghi, Technical University Darmstadt and Fraunhofer Institute for Secure Information Systems, Darmstadt
• Matt Blaze, Professor of Computer Science, University of Pennsylvania, USA
• Lee Tien, Electronic Frontier Foundation, USA

FISMA Training TR1 – Cyber Security Controls
12:00-13:30
Lunch (Ballroom CD)
13:30-15:00
Ballroom ABSan Jacinto WestSan Jacinto EastWaterloo
Software DefensesLillian RøstadCujo: Efficient Detection And Prevention Of Drive-by-download AttacksKonrad Rieck, Berlin Institute of Technology; Tammo Krueger, Fraunhofer Institute FIRST; Andreas Dewald, University of MannheimFast And Practical Instruction-set Randomization For Commodity SystemsGeorgios Portokalidis, Columbia University; Angelos D. Keromytis, Columbia UniversityG-free: Defeating Return-oriented Programming Through Gadget-less BinariesKaan Onarlioglu, Bilkent University; Leyla Bilge, Eurecom; Andrea Lanzi, Eurecom; Davide Balzarotti, Eurecom; Engin Kirda, Eurecom Case Study 2Global Automaker's North American Operations Deploys Managed Hardware Encryption for Protecting Sensitive Data on Employee Laptops, Steven Sprague, Wave Systems

ISO Cyber Security and ICT SCRM Standards, Nadya Bartol, Booz Allen Hamilton

EMC's Product Security Evolution, Dan Reddy, EMC
Panel: Security EconomicsModerator: Daniel Arista, SRC, Inc.

Panelists:
Douglas Maughan, DHS
Tim Clancy, CIPHS
Marcus Sachs, Verizon
Sasha Romanosky, CMU
FISMA Training TR1 – Cyber Security Controls
15:00-15:30
Break
15:30-17:00
San Jacinto WestSan Jacinto EastWaterloo
AuthenticationKevin ButlerTowards Practical Anonymous Password AuthenticationYanjiang Yang, Institute for Infocomm Research; Jianying Zhou, Institute for Infocomm Research; Jun Wen Wong, Institute for Infocomm Research; Feng Bao, Institute for Infocomm ResearchSecuring Interactive Sessions Using Mobile Device Through Visual Channel And Visual InspectionChengfang Fang, National University of Singapore; Ee-Chien Chang, National University of SingaporeUsability Effects Of Increasing Security In Click-based Graphical PasswordsElizabeth Stobert, Carleton University; Alain Forget, Carleton University; Sonia Chiasson, Carleton University; Paul van Oorschot, Carleton University; Robert Biddle, Carleton University Vulnerability Assessment of Embedded DevicesJeremy EpsteinSecurity Analysis Of A Fingerprint-protected Usb DriveBenjamin Rodes, James Madison University; Xunhua Wang, James Madison UniversityA Quantitative Analysis Of The Insecurity Of Embedded Network Devices: Results Of A Wide-area ScanAng Cui, Columbia University; Salvatore J. Stolfo, Columbia UniversityMulti-vendor Penetration Testing In The Advanced Metering InfrastructureStephen McLaughlin, Pennsylvania State University; Dmitry Podkuiko, Pennsylvania State University; Adam Delozier, Pennsylvania State University; Sergei Miadzvezhanka, Pennsylvania State University; Patrick McDaniel, Pennsylvania State University FISMA Training TR2 – Near Real-Time Risk Management Process
17:00-17:45
Classic Papers: Giovanni Vigna (Ballroom AB)
17:45-18:00
A Tribute To Paul Karger (Ballroom AB)
19:00-22:00
Conference Dinner
Thursday, 9 December 2010
7:30-8:30
Breakfast (Ballroom CD)
8:30-8:45
Opening Remarks & Announcements (Ballroom AB)
8:45-10:00
Invited Essayist: Tom Longstaff (Ballroom AB)
10:00-10:30
Break
10:30-12:00
Ballroom ABSan Jacinto EastWaterloo
BotnetsAngelos StavrouFriends Of An Enemy: Identifying Local Members Of Peer-to-peer Botnets Using Mutual ContactsBaris Coskun, Polytechnic Institute of NYU; Sven Dietrich, Stevens Institute of Technology; Nasir Memon, Polytechnic Institute of NYUThe Case For In-the-lab Botnet Experimentation: Creating And Taking Down A 3000-node BotnetJoan Calvet, Ecole Polytechnique de Montreal; Carlton Davis, Ecole Polytechnique de Montreal; Jose M. Fernandez, Ecole Polytechnique de Montreal; Jean-Yves Marion, LORIA - Nancy University; Pier-Luc St-Onge, Ecole Polytechnique de MontrealConficker And Beyond: A Large-scale Empirical StudySeungwon Shin, Texas A&M University; Guofei Gu, Texas A&M University Panel: Federal Cyber Security Research AgendaModerator: Tomas Vagoun, NITRD

Panelists:
Patricia Muoio, ODNI
Douglas Maughan, DHS S&T
Samuel Weber, NSF
FISMA Training TR2 – Near Real-Time Risk Management Process
12:00-13:30
Lunch (Ballroom CD)
13:30-15:00
Ballroom ABSan Jacinto WestSan Jacinto EastWaterloo
Email, E-Commerce, and Web 2.0Christoph SchubaSpam Mitigation Using Spatio-temporal Reputations From Blacklist HistoryAndrew West, University of Pennsylvania; Adam Aviv, University of Pennsylvania; Jian Chang, University of Pennsylvania; Insup Lee, University of PennsylvaniaBreaking E-banking CaptchasShujun Li, University of Konstanz; Syed Amier Haider Shah, National University of Science and Technology (NUST); Muhammad Asad Usman Khan, National University of Science and Technology (NUST); Syed Ali Khayam, National University of Science and Technology (NUST); Ahmad-Reza Sadeghi, Ruhr-University of BochumFirm: Capability-based Inline Mediation Of Flash BehaviorsZhou Li, Indiana University at Bloomington; XiaoFeng Wang, Indiana University at Bloomington Hardware-Assisted SecurityMichael E. LocastoT-dre: A Hardware Trusted Computing Base For Direct Recording Electronic Vote MachinesRoberto Gallo, University of Campinas; Henrique Kawakami, KRYPTUS Cryptographic Engineering; Ricardo Dahab, University of Campinas; Guido Araújo, University of Campinas; Rafael Azavedo, Tribunal Superior EleitoralHardware Assistance For Trustworthy Systems Through 3-d IntegrationJonathan Valamehr, UC Santa Barbara; Mohit Tiwari, UC Santa Barbara; Timothy Sherwood, UC Santa Barbara; Arash Arfaee, UC San Diego; Ryan Kastner, UC San DiegoSca-resistant Embedded Processors---the Next GenerationStefan Tillich, University of Bristol, Computer Science Department, Merchant Venturers Building, Woodland Road, BS8 1UB, Bristol; Mario Kirschbaum, Graz University of Technology, Institute for Applied Information Processing and Communications, Inffeldgasse 16a, A--8010 Graz; Alexander Szekely, Graz University of Technology, Institute for Applied Information Processing and Communications, Inffeldgasse 16a, A--8010 Graz Case Study: Supply Chain Risk ManagementModerator: Nadya Bartol, Booz Allen Hamilton

Panelists:
Don Davidson, DoD/Global Task Force
Marianne Swanson, NIST
Carol Woody, SEI CERT
Larry Wagoner, NSA
Dan Reddy, EMC/ SAFECode
FISMA Training TR3 – Integrated Enterprise-Wide Risk Management
15:00-15:30
Break
15:30-17:00
Ballroom ABSan Jacinto WestSan Jacinto EastWaterloo
Security Protocols and Portable StorageBaris CoskunPorscha: Policy Oriented Secure Content Handling In AndroidMachigar Ongtang, Pennsylvania State University; Kevin Butler, Pennsylvania State University; Patrick McDaniel, Pennsylvania State UniversityKells: A Protection Framework For Portable DataKevin Butler, Pennsylvania State University; Stephen McLaughlin, Pennsylvania State University; Patrick McDaniel, Pennsylvania State UniversityKeeping Data Secret Under Full Compromise Using Porter DevicesChristina Pöpper, ETH Zurich; David Basin, ETH Zurich; Srdjan Capkun, ETH Zurich; Cas Cremers, ETH Zurich Model Checking and Vulnerability AnalysisSven DietrichFamiliarity Breeds Contempt: The Honeymoon Effect And The Role Of Legacy Code In Zero-day VulnerabilitiesSandy Clark, University of Pennsylvania; Stefan Frei, Secunia; Matt Blaze, University of Pennsylvania; Jonathan Smith, University of PennsylvaniaQuantifying Information Leaks In SoftwareJonathan Heusser, Queen Mary University of London; Pasquale Malacaria, Queen Mary University of LondonAnalyzing And Improving Linux Kernel Memory Protection: A Model Checking ApproachSiarhei Liakh, North Carolina State University; Michael Grace, North Carolina State University; Xuxian Jiang, North Carolina State University Panel: The New Security Paradigms ExperienceModerator: Richard Ford, Florida Institute of Technology

Panelists:
Michael Locasto, University of Calgary
Victor Raskin, Purdue
Julia M. Taylor, Purdue
FISMA Training TR3 – Integrated Enterprise-Wide Risk Management
17:00-17:45
Classic Paper: Bill Cheswick (Ballroom AB)
18:00-21:00
Posters / Reception / Career Night / Work in Progress (Ballroom Foyer)Works in Progress Info
Posters Info
Friday, 10 December 2010
7:30-8:30
Breakfast (Ballroom Foyer)
8:30-10:00
Ballroom ASan Jacinto WestSan Jacinto EastWaterloo
Intrusion Detection and Live ForensicsKenneth F. ShottingComprehensive Shellcode Detection Using Runtime HeuristicsMichalis Polychronakis, Columbia University; Kostas Anagnostakis, Niometrics R&D; Evangelos Markatos, FORTH-ICSCross-layer Comprehensive Intrusion Harm Analysis For Production Workload Server SystemsShengzhi Zhang, Pennsylvania State University, University Park; Xiaoqi Jia, Graduate University of Chinese academy of sciences; Peng Liu, Pennsylvania State University, University Park; Jiwu Jing, Graduate University of Chinese academy of sciencesForenscope: A Framework For Live ForensicsEllick Chan, University of Illinois; Shivaram Venkataraman, University of Illinois; Francis David, Microsoft; Amey Chaugule, University of Illinois Distributed Systems and Operating SystemsMichael FranzA Multi-user Steganographic File System On Untrusted Shared StorageJin Han, Singapore Management University; Meng Pan, Singapore Management University; Debin Gao, Singapore Management University; HweeHwa Pang, Singapore Management UniversityHeap Taichi: Exploiting Memory Allocation Granularity In Heap-spraying AttacksYu Ding, Institute of Computer Science and Technology, Peking University; Tao Wei, Institute of Computer Science and Technology, Peking University; Tielei Wang, Institute of Computer Science and Technology, Peking University; ZhenKai Liang, Department of Computer Science, School of Computing, National University of Singapore; Wei Zou, Institute of Computer Science and Technology, Peking UniversityScoba: Source Code Based Attestation On Custom SoftwareLiang Gu, Peking University; Yao Guo, Peking University; Anbang Ruan, Peking University; Qingni Shen, Peking University; Hong Mei, Peking University Case Study Panel: Software Security Automation and MeasurementModerator: Joe Jarzombek, National Cyber Security Division, DHS

Panelists:
Don Davidson, OASD-NII/DoD
Nadya Bartol, Booz Allen Hamilton
Robert Seacord, CERT Coordination Center, Carnegie Mellon University
Carol Woody, SEI, Carnegie Mellon University
FISMA Training TR4 – Risk Assessments for Information Technology Systems
10:00-10:30
Break
10:30-12:00
Ballroom ASan Jacinto WestWaterloo
Mobile and WirelessChristina SerbanParanoid Android: Versatile Protection For SmartphonesGeorgios Portokalidis, Columbia University; Philip Homburg, Vrije Universiteit Amsterdam; Herbert Bos, Vrije Universiteit AmsterdamExploiting Smart-phone Usb Connectivity For Fun And ProfitZhaohui Wang, George Mason University; Angelos Stavrou, George Mason UniversityDefending Dsss-based Broadcast Communication Against Insider Jammers Via Delayed Seed-disclosureAn Liu, North Carolina State University; Peng Ning, North Carolina State University; Huaiyu Dai, North Carolina State University; Yao Liu, North Carolina State University; Cliff Wang, Army Research Office Security Engineering and ManagementEdward A. SchneiderAlways Up-to-date -- Scalable Offline Patching Of Vm Images In A Compute CloudWu Zhou, North Carolina State University; Peng Ning, North Carolina State University; Xiaolan Zhang, IBM; Glenn Ammons, IBM; Ruowen Wang, North Carolina State University; Vasanth Bala, IBMA Framework For Testing Hardware-software Security ArchitecturesJeffrey S. Dwoskin, Princeton University; Mahadevan Gomathisankaran, University of North Texas; Yu-Yuan Chen, Princeton University; Ruby B. Lee, Princeton UniversityTwo Methodologies For Physical Penetration Testing Using Social EngineeringTrajce Dimkov, University of Twente; Andre van Cleeff, University of Twente; Wolter Pieters, University of Twente; Pieter Hartel, University of Twente FISMA Training TR4 – Risk Assessments for Information Technology Systems
12:00-12:30
Closing Session & Announcement of Best Paper (Ballroom A)
13:00-15:00
Optional Lunch at Stubb's BBQReservations required.

 

Powered by OpenConf®
Copyright ©2002-2010 Zakon Group LLC