Annual Computer Security Applications Conference (ACSAC) 2012

Full Program

Monday, 3 December 2012
7:30-8:30
Breakfast (Cloister)
8:30-12:00
WindsorSussexKnaveSenate/GalleryCaptain/Yeoman/Scribe
M1: Authentication & Authorization Standards for the Cloud

Half-Day

Hassan Takabi, University of Pittsburgh

M3: Keeping Your Web Apps Secure: The OWASP Top 10 & Beyond

Half-Day

Robert H'obbes' Zakon, Zakon Group LLC

M5: Contemporary Cryptography

CANCELLED

Dr. Rolf Oppliger, eSECURITY Technologies

TF1: Tracer FIRE – Adversarial-based, Defensive Forensics Situational Awareness Exercise

Kevin Nauer, Benjamin Anderson, and Ted Reed, Sandia National Laboratories

Layered Assurance Workshop (LAW)

Workshop Chair: Rance J. DeLong, Santa Clara University

Program Chair: Gabriela Ciocarlie, SRI International

Panel Chair: Peter G. Neumann, SRI International

12:00-13:30
Lunch (Cloister)
13:30-17:00
WindsorSussexKnaveSenate/GalleryCaptain/Yeoman/Scribe
M2: Software Security Requirements Engineering

Half-Day

Nancy Mead, Software Engineering Institute

M4: Security Metrics and Risk Analysis of Enterprise Networks: Techniques and Challenges

Half-Day

Anoop Singhal, NIST and Xinming (Simon) Ou, Kansas State University

M5: Contemporary Cryptography

CANCELLED

TF1: Tracer FIRE – Adversarial-based, Defensive Forensics Situational Awareness Exercise

(see above)

Layered Assurance Workshop (LAW)

(see above)

Tuesday, 4 December 2012
7:30-8:30
Breakfast (Cloister)
8:30-12:00
WindsorSussexKnaveSenate/GalleryCambridgeCaptain/Yeoman/Scribe
T6: Sophisticated Steganography

Full-Day

Mr. John A. Ortiz, Crucial Security Inc., Harris Corporation

T7: Software Assurance Methods in Support of Cyber Security

Half-Day

Dr. Carol Woody, Software Engineering Institute

T9: Windows Digital Forensics and Incident Response

Full-Day

Ms. Jamie Levy, Terremark Worldwide

TF2: Tracer FIRE – Adversarial-based, Defensive Forensics Situational Awareness Exercise

Kevin Nauer, Benjamin Anderson, and Ted Reed, Sandia National Laboratories

Cloud Computing Workshop (CCW)Harvey H. Rubinovitz Layered Assurance Workshop (LAW)

(see above)

12:00-13:30
Lunch (Cloister)
13:30-17:00
WindsorSussexKnaveSenate/GalleryCambridgeCaptain/Yeoman/Scribe
T6: Sophisticated Steganography

(see above)

T8: Systems Resilience and Metrics: A Cyber Security Perspective

Half-Day

Marco M.  Carvalho, Richard Ford, and Liam M.  Mayron, Harris Institute for Assured Information, Florida Institute of Technology

T9: Windows Digital Forensics and Incident Response

(see above)

TF2: Tracer FIRE – Adversarial-based, Defensive Forensics Situational Awareness Exercise

(see above)

Cloud Computing Workshop (CCW)

(see above)

Layered Assurance Workshop (LAW)

(see above)

18:00-20:00
Reception (Outback Restaurant Patio)
Wednesday, 5 December 2012
7:30-8:30
Breakfast (Hampton Court Assembly)
8:30-8:45
Welcome Session (Ireland B/C)
8:45-10:00
Distinguished Practitioner Keynote (Ireland B/C)

Ron Ross, Fellow, National Institute of Standards and Technology

Opening up a Second Front on Risk Management: Integrating Cyber Security Requirements into Main Stream Organizational Mission and Business Processes

10:00-10:30
Break (Hampton Court Assembly)
10:30-12:00
Ireland ASapphireDiamondEmerald
Web SecurityMichael FranzJSand: Complete Client-Side Sandboxing of Third-Party JavaScript without Browser ModificationsPieter Agten; Steven Van Acker; Yoran Brondsema; Phu H. Phung; Lieven Desmet; Frank PiessensOne Year of SSL Internet MeasurementOlivier Levillain; Arnaud Ébalard; Benjamin Morin; Hervé DebarDissecting Ghost Clicks: Ad Fraud Via Misdirected Human ClicksSumayah A. Alrwais; Christopher W. Dunn; Minaxi Gupta; Alexandre Gerber; Oliver Spatscheck; Eric Osterweil Case Studies 1

Content Management Systems - the last frontier for Data Loss Prevention
Tamer Abuelsaad, IBM

Case Study of a Novel Application using the ISO/IEC Software Tagging Standard (ISO/IEC 19770-2) for Software Security
Dan Wolf/Ron Ball, Cyber Pack Ventures, Inc.

Security Paintings: Creating Useful Security Reports When You Don't Know What's Really Happening
Jonathan Grier, Vesaria

Panel: The Future of Application TrustworthinessPeter Neumann

Nirav Dave, SRI International

Rance DeLong, Santa Clara University

Roger Schell, Aesec

Olin Sibert, Oxford Systems

TR1: Cybersecurity in the Acquisition Process: The Transformed Lifecycle Risk Management Process

Ron Ross, NIST and Daniel Faigin, Aerospace

12:00-13:30
Lunch (England)
13:30-15:00
Ireland ASapphireDiamondEmerald
Mobile SecurityChristoph SchubaPermission Evolution in the Android EcosystemXuetao Wei; Lorenzo Gomez; Iulian Neamtiu; Michalis FaloutsosPracticality of Accelerometer Side-Channel on SmartphonesAdam J. Aviv; Benjamin Sapp; Matt Blaze; Jonathan M. SmithAnalysis of the Communication between Colluding Applications on Modern SmartphonesClaudio Marforio; Hubert Ritzdorf; Aurélien Francillon; Srdjan Capkun Hardware SecurityMichael LocastoEnabling Trusted Scheduling in Embedded SystemsRamya Jayaram Masti; Claudio Marforio; Aanjhan Ranganathan; Aurélien Francillon; Srdjan CapkunTRESOR-HUNT: Attacking CPU-Bound EncryptionErik-Oliver Blass; William RobertsonWhen Hardware Meets Software: a Bulletproof Solution to Forensic Memory AcquisitionAlessandro Reina; Aristide Fattori; Fabio Pagani; Lorenzo Cavallaro; Danilo Mauro Bruschi Panel: Growing the Skills Required for Trustworthy SoftwareIan Bryant

Ian Bryant, UK Trustworthy Software Initiative Joe Jarzombek, US Department of Homeland Security Dr Carol Woody, Software Engineering Institute

TR1: Cybersecurity in the Acquisition Process: The Transformed Lifecycle Risk Management Process

(see above)

15:00-15:30
Break (Hampton Court Assembly)
15:30-16:30
Ireland ASapphireDiamondEmerald
PasswordsPatrick TraynorTapas: Design, Implementation, and Usability Evaluation of a Password ManagerDaniel McCarney; David Barrera; Jeremy Clark; Sonia Chiasson; Paul van OorschotOn Automated Image Choice for Secure and Usable Graphical PasswordsPaul Dunphy; Patrick OlivierBuilding Better Passwords using Probabilistic TechniquesShiva Houshmand; Sudhir Aggarwal BotnetsWei WangCloud-based Push-Styled Mobile Botnets: A Case Study of Exploiting the Cloud to Device Messaging ServiceShuang Zhao; Patrick P. C. Lee; John C. S. Lui; Xiaohong Guan; Xiaobo Ma; Jing TaoDISCLOSURE: Detecting Botnet Command and Control Servers Through Large-Scale NetFlow AnalysisLeyla Bilge; Davide Balzarotti; William Robertson; Engin Kirda; Christopher Kruegel Panel: The NSPW ExperienceCormac Herley

Selections of work from the 2012 New Security Paradigms Workshop

Holographic Vulnerability Studies: Vulnerabilities as Fractures in Interpretation as Information Flows Across Abstraction Boundaries

Beyond the Blacklist: Modeling Malware Spread and the Effect of Interventions

TR1: Cybersecurity in the Acquisition Process: The Transformed Lifecycle Risk Management Process

(see above)

16:30-16:45
Short Break
16:45-17:45
Ireland B/CEmerald
Works-in-Progress Benjamin Kuperman TR1: Cybersecurity in the Acquisition Process: The Transformed Lifecycle Risk Management Process

(see above)

17:45-18:45
Classic Book Keynote (Ireland B/C)

Ross Anderson, Author and Professor, University of Cambridge, UK

Security Economics - A Personal Perspective

19:15-22:00
Conference Dinner (20Seven)
Thursday, 6 December 2012
7:30-8:30
Breakfast (Hampton Court Assembly)
8:30-8:45
Opening Remarks (Ireland B/C)
8:45-10:00
Invited Essayist Keynote (Ireland B/C)

Susan Alexander, Director, Safe and Secure Operations, IARPA

Trust Engineering — Rejecting the Tyranny of the Weakest Link

10:00-10:30
Break (Hampton Court Assembly)
10:30-12:00
Ireland ASapphireDiamondEmerald
AuthenticationEdward "Ed" Schneider SensorSift: Balancing Sensor Data Privacy and Utility in Automated Face UnderstandingMiro Enev; Jaeyeon Jung; Liefeng Bo; Xiaofeng Ren; Tadayoshi KohnoBiometric Authentication on a Mobile Device: A Study of User Effort, Error and Task DisruptionShari Trewin; Cal Swart; Larry Koved; Jacquelyn Martino; Kapil Singh; Shay Ben-DavidBetterAuth: Web Authentication RevisitedMartin Johns; Sebastian Lekies; Bastian Braun; Benjamin Flesch Code Analysis TechniquesArt FriedmanUsing Memory Management to Detect and Extract Illegitimate Code for Malware AnalysisCarsten Willems; Felix C. Freiling; Thorsten HolzDown to the Bare Metal: Using Processor Features for Binary AnalysisCarsten Willems; Ralf Hund; Andreas Fobian; Dennis Felsch; Thorsten Holz; Amit VasudevanAugmenting Vulnerability Analysis of Binary CodeSean Heelan; Agustin Gianni Case Studies 2

Mobile Attacks Survey and Taxonomy
Wei Wang and Cristina Serban, AT&T

Forensically Important Artifacts Resulting from Usage of Cloud Client Services
Dr. Gaurav Gupta, Indraprastha Institute of Information Technology

Test and Evaluation of the PEASOUP security prototpe
Dr. David Melski, GrammaTech, Inc.

TR2: Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53 Revision 4

Ron Ross, NIST

12:00-13:30
Lunch (England)
13:30-15:00
Ireland ASapphireDiamondEmerald
Cloud SecurityThomas MoyerThinAV: Truly Lightweight Mobile Cloud-based Anti-malwareChris Jarabek; David Barrera; John AycockAbusing Cloud-based Browsers for Fun and ProfitVasant Tendulkar; Joe Pletcher; Ashwin Shashidharan; Ryan Snyder; Kevin Butler; William EnckIris: A Scalable Cloud File System with Efficient Integrity ChecksEmil Stefanov; Marten van Dijk; Ari Juels; Alina Oprea Intrusion DetectionGabriela CiocarlieMalicious PDF Detection Using Metadata and Structural FeaturesCharles Smutz; Angelos StavrouJarhead: Analysis and Detection of Malicious Java AppletsJohannes Schlumberger; Christopher Kruegel; Giovanni VignaHi-Fi: Collecting High-Fidelity Whole-System ProvenanceDevin Pohly; Stephen McLaughlin; Patrick McDaniel; Kevin Butler Panel: Software Assurance Technology GapsDavid Wheeler

David Wheeler, Institute for Defense Analyses

Kris Britton, NSA

Jeremy Epstein, National Science Foundation

Ian Bryant, UK Trustworthy Software Initiative

TR3: Risk Assessment using NIST SP 800-30 and SP 800-39

Marshall Abrams, MITRE

15:00-15:30
Break (Hampton Court Assembly)
15:30-16:50
Ireland ASapphireDiamondEmerald
PolicyHassan TakabiTransforming Commodity Security Policies to Enforce Clark-Wilson IntegrityDivya Muthukumaran; Sandra Rueda; Nirupama Talele; Hayawardh Vijayakumar; Jason Teutsch; Trent JaegerCodeShield: Towards Personalized Application WhitelistingChristopher Gates; Ninghui Li; Jing Chen; Robert ProctorUsing Automated Model Analysis for Reasoning about Security of Web ProtocolsApurva Kumar Protection MechanismsSecuring Untrusted Code via Compiler-Agnostic Binary RewritingRichard Wartell; Vishwath Mohan; Kevin W. Hamlen; Zhiqiang LinCode Shredding: Byte-Granular Randomization of Program Layout for Detecting Code-Reuse AttacksEitaro Shioji; Yuhei Kawakoya; Makoto Iwamura; Takeo HariuDistributed Application Tamper Detection Via Continuous Software UpdatesChristian Collberg; Sam Martin; Jonathan Myers; Jasvir Nagra Panel: Security and Privacy: Are they Two Sides of the Same Coin? Lillie Coney

Christopher Clifton, Perdue University

David Farber, U. of Pennsylvania

Sherry Burs-Howard, MITRE

TR3: Risk Assessment using NIST SP 800-30 and SP 800-39

(see above)

16:50-17:00
Short Break
17:00-18:00
Industry Keynote (Ireland B/C)

Eran Feigenbaum, Director of Security, Google Enterprise

Is Cloud Computing the End of Security and Privacy As We Know It?

18:15-21:00
Reception and Poster Session (20Seven)
Friday, 7 December 2012
7:30-8:30
Breakfast (Outback Restaurant Patio)
8:30-10:00
CaptainYeomanScribe
Malware Analysis and ClassificationBenjamin KupermanVAMO: Towards a Fully Automated Malware Clustering Validity AnalysisRoberto Perdisci; ManChon UTowards Network Containment in Malware Analysis SystemsMariano Graziano; Corrado Leita; Davide BalzarottiLines of Malicious Code: Insights Into the Malicious Software IndustryMartina Lindorfer; Alessandro Di Federico; Federico Maggi; Paolo Milani Comparetti; Stefano Zanero Software SecurityCristina SerbanGeneralized Vulnerability Extrapolation using Abstract Syntax TreesFabian Yamaguchi; Markus Lottmann; Konrad RieckXIAO: Tuning Code Clones at Hands of Engineers in PracticeYingnong Dang; Dongmei Zhang; Song Ge; Chengyun Chu; Yingjun Qiu; Tao XieSelf-healing Multitier Architectures using Cascading Rescue PointsAngeliki Zavou; Georgios Portokalidis; Angelos D. Keromytis TR4: Continuous Assessment
10:00-10:30
Break (Cloister/Lobby)
10:30-12:00
CaptainYeomanScribe
Social Networking SecurityRaheem A. BeyahTwitter Games: How Successful Spammers Pick TargetsVasumathi Sridharan; Vaibhav Shankar; Minaxi GuptaAll Your Faces Are Belong to Us: Breaking Facebook's Social AuthenticationJason Polakis; Marco Lancini; Georgios Kontaxis; Federico Maggi; Sotiris Ioannidis; Angelos D. Keromytis; Stefano ZaneroEnabling Private Conversations on TwitterIndrajeet Singh; Michael Butkiewicz; Harsha Madhyastha; Srikanth V. Krishnamurthy; Sateesh Addepalli Systems SecurityCharles PayneSeparation Virtual Machine MonitorsJohn McDermott; Bruce Montrose; Myong Kang; Margery Li; James KirbyEfficient Protection of Kernel Data Structures via Object PartitioningAbhinav Srivastava; Jonathon GiffinTrueErase: Per-file Secure Deletion for the Storage Data PathSarah Diesburg; Christopher Meyers; Mark Stanovich; Michael Mitchell; Justin Marshall; Julia Gould; An-I Andy Wang; Geoff Kuenning "On The Horizon" Panel

Michael McEvilley, MITRE Corp.

Ron Ross, NIST

Daniel Faigin, Aerospace Corp.

12:00-12:30
Closing and Awards (Cloister)

Giveaways too, so don't plan on leaving early!

12:30-17:15
Free TimeExplore Downtown Disney or just hang out by the pool
17:30-19:30
Social Event: Cirque du Soleil's "La Nouba"

Show seating is at 5:30pm.  The Cirque du Soleil theatre is located on the far side of Downtown Disney - across the street from the hotel.

Pre-purchased tickets may be picked up at the ACSAC registration desk.

 

Powered by OpenConf®
Copyright ©2002-2012 Zakon Group LLC