| 7:00-8:00 | |
| 8:00-8:30 | | Welcome (DH Holmes AB(C)) Charles Payne, Conference Chair
Jeremy Epstein, ACSA
Dr. Kevin Butler, Program Chair
|
|
| 8:30-10:00 | | Distinguished Practitioner Keynote Panel (DH Holmes AB(C)) The Multicians
Multics: Before, During, After
With presentations by:
-
W. Olin Sibert: Introduction
-
Professor Roger R. Schell: Before Multics
-
Tom Van Vleck: Multics Development
-
Steven B. Lipner: Influence after Multics
|
|
| 10:00-10:30 | |
| 10:30-12:00 | | Orleans A | Orleans B | DH Holmes A | DH Holmes C | Panel: Cybersecurity and Cyber-Physical Systems: A Government PerspectiveModerator: John Launchbury, DARPA
Panelists:
David Corman, NSF CISE
Dan Massey, DHS S&T
Vicky Pillitteri, NIST
Suzanne Schwartz, FDA |
Secure Builds and ConfigurationJustin CapposHot-Hardening: Getting More Out of Your Security SettingsSebastian Biedermann, Security Engineering Group, TU Darmstadt; Stefan Katzenbeisser, Security Engineering Group, TU Darmstadt; Jakub Szefer, Computer Architecture and Security Laboratory, Yale UniversityChallenges and Implications of Verifiable Builds for Security-Critical Open-Source SoftwareXavier de Carné de Carnavalet, Concordia University; Mohammad Mannan, Concordia UniversityCloud Radar: Near Real-Time Detection of Security Failures in Dynamic Virtualized InfrastructuresSören Bleikertz, IBM Research - Zurich; Thomas Groß, University of Newcastle upon Tyne; Carsten Vogel, IBM Research - Zurich |
Mobile Systems Security ILong LuScippa: System-Centric IPC Provenance on AndroidMichael Backes, Saarland University and MPI-SWS; Sven Bugiel, Saarland University, CISPA; Sebastian Gerling, Saarland University, CISPAAndroid Security Framework: Extensible Multi-Layered Access Control on AndroidMichael Backes, Saarland University and MPI-SWS; Sven Bugiel, Saarland University, CISPA; Sebastian Gerling, Saarland University, CISPA; Philipp von Styp-Rekowsky, Saarland University, CISPATowards a Salable Resource-driven Approach for Detecting Repackaged Android ApplicationsYuru Shao, The Hong Kong Polytechnic University; Xiapu Luo, The Hong Kong Polytechnic University; Chenxiong Qian, The Hong Kong Polytechnic University; Pengfei Zhu, The Hong Kong Polytechnic University; Lei Zhang, The Hong Kong Polytechnic University |
DHS's Continuous Diagnostics and Mitigation Program (CDM)Moderator: George Moore, DHS (invited) |
|
| 12:00-13:30 | |
| 13:30-15:00 | | Orleans A | Orleans B | DH Holmes A | DH Holmes C | Panel: CPS: Cybersecurity, Resilience, Safety, and Fault ToleranceModerator: Patricia Muoio, Director of Research and Development, G2 Inc.
Panelists:
William Sanders, UIUC;
Lillian Ratliff, UC Berkeley;
Apurva Mohan, Honeywell |
Social Computing and NetworksDaniela OliveiraTROGUARD: Context-Aware Protection Against Web-Based Socially Engineered TrojansRui Han, University of Miami; Saman Zonouz, Rutgers University; Mihai Christodorescu, Qualcomm ResearchSpam ain't as Diverse as It Seems: Throttling OSN Spam with Templates UnderneathHongyu Gao, Northwestern University; Yi Yang, Northwestern University; Kai Bu, Zhejiang University; Yan Chen, Northwestern University; Doug Downey, Northwestern University; Kathy Lee, Northwestern University; Alok Choudhary, Northwestern UniversityA Taste of Tweet: Reverse Engineering Twitter SpammersChao Yang, Texas A&M University; Jialong Zhang, Texas A&M University; Guofei Gu, Texas A&M University |
Systems SecurityWilliam EnckNew Models of Cache Architectures Characterizing Information Leakage from Cache Side ChannelsTianwei Zhang, Princeton University; Ruby Lee, Princeton UniversityICE: A Passive, High-Speed, State-Continuity Scheme for Intel SGXRaoul Strackx, KU Leuven; Bart Jacobs, KU Leuven; Frank Piessens, KU LeuvenInterrupt-oriented Bugdoor Programming: A minimalist approach to bugdooring embedded systems firmwareSam Tan, Dartmouth; Sergey Bratus, Dartmouth; Travis Goodspeed, Straw Hat |
NIST Cyber Security FrameworkSpeaker: Victoria Pillitteri, NIST |
|
| 15:00-15:30 | |
| 15:30-16:00 | | Celebrating 30 Years (DH Holmes AB(C))Charles Payne, Conference Chair |
|
| 16:00-17:00 | | Invited Essayist Keynote (DH Holmes AB(C)) Aviel D. Rubin, Johns Hopkins University
Taking Two-Factor to the Next Level: Protecting Online Poker, Banking, Healthcare and Other Applications
|
|
| 18:30-21:30 | |
| 7:30-8:30 | |
| 8:30-10:00 | | Orleans A | Orleans B | DH Holmes A | DH Holmes C | | Case Studies ILarry Wagoner Firewalling: Passwords, Financial Transactions and Human Privileges from CPU Resident Malware, Jim McAlear (Canadian Department of National Defence)
Smart Card support Embedded Within OpenSSL to Secure Virtual Machines, Hassane Aissaoui-Mehrez (Télécom ParisTech)
Red October: Implementing the two-man rule for keeping secrets, Nick Sullivan (CloudFlare)
|
Cyber Physical Systems IAdam HahnCPS: Through the Eye of the PLC: Semantic Security Monitoring for Industrial ProcessesDina Hadziosmanovic, Delft University of Technology; Robin Sommer, International Computer Science Institute; Emmanuele Zambon, University of Twente; Pieter Hartel, University of TwenteCPS: Market Analysis of Attacks Against Demand Response in the Smart GridCarlos Barreto, University of Texas at Dallas; Alvaro Cardenas, University of Texas at Dallas; Nicanor Quijano, Universidad de los Andes; Eduardo Mojica-Nava, Universidad NacionalCPS: Flying blind - Challenges and Uncertainties for Timing Attacks on Process Control SystemsMarina Krotofil, Hamburg University of Technology; Alvaro Cardenas, University of Texas at Dallas; Bradley Manning, Hamburg University of Technology; Jason Larsen, IOActive, Inc. |
Secure Distributed SystemsCharles WrightUncovering Network Tarpits with DegreaserLance Alt, Naval Postgraduate School; Robert Beverly, Naval Postgraduate School; Alberto Dainotti, CAIDANetwork Dialog Minimization and Network Dialog Diffing: Two Novel Primitives for Network Security ApplicationsM. Zubair Rafique, iMinds-DistriNet, KU Leuven; Juan Caballero, IMDEA Software Institute; Christophe Huygens, iMinds-DistriNet, KU Leuven; Wouter Joosen, iMinds-DistriNet, KU LeuvenLightweight Authentication of Freshness in Outsourced Key-Value StoresYuzhe Tang, Georgia Tech; Ting Wang, IBM Research, Yorktown Heights; Ling Liu, Georgia Tech; Xin Hu, IBM Research, Yorktown Heights; Jiyong Jang, IBM Research, Yorktown Heights |
Forum: Systems Security Engineering: An Integrated Approach to Building Trustworthy Resilient Systems, Part 1 Moderators: Ron Ross, NIST; Michael McEvilley, MITRE Corporation
|
|
| 10:00-10:30 | |
| 10:30-12:00 | | Orleans A | Orleans B | DH Holmes A | DH Holmes C | Panel: The Attacker Among Us: Insider Threats Within the Energy SectorModerator: Dr. William (Bill) Claycomb, CERT Insider Threat Center- Carnegie Mellon University
Panelists (listed alphabetically):
Dr. Nader Mehravari, Cyber Security Solutions, Software Engineering Institute
Dr. Shawn Taylor, Sandia National Laboratories
Mr. Randy Trzeciak, CERT Insider Threat Center - Carnegie Mellon University
|
Securing Memory and StorageCristina SerbanSEER: Practical Memory Virus Scanning as a ServiceJason Gionta, North Carolina State University; Ahmed Azab, Samsung Electronics Co., Ltd.; William Enck, North Carolina State University; Peng Ning, North Carolina State University; Xiaolan Zhang, Google Inc.MACE: High-Coverage and Robust Memory Analysis For Commodity Operating SystemsQian Feng, Syracuse University; Aravind Prakash, Syracuse University; Heng Yin, Syracuse University; Zhiqiang Lin, University of Texas at DallasAssisted Deletion of Related ContentHubert Ritzdorf, ETH Zurich; Nikolaos Karapanos, ETH Zurich; Srdjan Capkun, ETH Zurich |
Mobile Systems Security IIZhiqiang LinMorpheus: Automatically Generating Heuristics to Detect Android EmulatorsYiming Jing, Arizona State University; Ziming Zhao, Arizona State University; Gail-Joon Ahn, Arizona State University; Hongxin Hu, Clemson UniversityDesign and Implementation of an Android Host-based Intrusion Prevention SystemMingshen Sun, The Chinese University of Hong Kong; Min Zheng, The Chinese University of Hong Kong; John C.S. Lui, The Chinese University of Hong Kong; Xuxian Jiang, North Carolina State UniversityMoRePriv: Mobile Os Support For Application Personalization And PrivacyDrew Davidson, University of Wisconsin; Matt Fredrikson, University of Wisconsin; Benjamin Livshits, Microsoft Research |
Forum: Systems Security Engineering: An Integrated Approach to Building Trustworthy Resilient Systems, Part 2Moderators: Ron Ross (NIST) and Michael McEvilley (MITRE)
(continues from the previous session) |
|
| 12:00-13:30 | |
| 13:30-15:00 | | Orleans A | Orleans B | DH Holmes A | DH Holmes C | | Panel: Moving Target Defenses: Johnny Can't Secure, So He Moves Moderator: Dr. Hamed Okhravi, MIT Lincoln Laboratory
Panelists:
Dr. Samuel Weber, Senior Researcher, Software Engineering Institute, Carnegie Mellon University
Prof. Ehab Al-Shaer, Professor and Director of Cyber Defense and Network Assurability Center (CyberDNA), University of North Carolina Charlotte
Dr. Todd R. Andel, Associate Professor, School of Computing, University of South Alabama
|
Secure CommunicationsHassan TakabiIMSI-Catch Me If You Can: IMSI-Catcher-CatchersAdrian Dabrowski, SBA Research; Nicola Pianta, Università di Cagliari; Thomas Klepp, TU Wien, Austria; Martin Mulazzani, SBA Research; Edgar Weippl, SBA ResearchAdvanced WiFi Attacks Using Commodity HardwareMathy Vanhoef, KU Leuven; Frank Piessens, KU LeuvenWhitewash: Outsourcing Garbled Circuit Generation for Mobile DevicesHenry Carter, Georgia Institute of Technology; Charles Lever, Georgia Institute of Technology; Patrick Traynor, University of Florida |
Usable SecurityRida BazziIt's the Psychology Stupid: How Heuristics Explain Software Vulnerabilities and How Priming Can Illuminate Developer's Blind SpotsMarissa Rosenthal, Bowdoin College; Nicole Morin, Bowdoin College; Kuo-Chuan Yeh, Pennsylvania State University; Justin Cappos, NYU Poly; Yanyan Zhuang, University of British Columbia; Daniela Oliveira, University of FloridaUnderstanding Visual Perceptions of Usability and Security of Androids' Graphical Password PatternAdam Aviv, United States Naval Academy; Dan Fichter, Swarthmore CollegeUsing Automatic Speech Recognition for Attacking Acoustic CAPTCHAs: The Trade-off between Usability and SecurityHendrik Meutzner, Horst Görtz Institute for IT-Security (HGI), Ruhr-University Bochum; Viet Hung Nguyen, Horst Görtz Institute for IT-Security (HGI), Ruhr-University Bochum; Thorsten Holz, Horst Görtz Institute for IT-Security (HGI), Ruhr-University Bochum; Dorothea Kolossa, Horst Görtz Institute for IT-Security (HGI), Ruhr-University Bochum |
DHS Programs: Cybersecurity for Government VehiclesPresenters: David Balenson, SRI International; Dan Massey, DHS S&T; Kevin Harnett, US DOT/Volpe Center; Ulf Lindqvist, SRI International |
|
| 15:00-15:30 | | Break (Foyer) Chocoholic Extravaganza
"Las cosas claras y el chocolate espeso." (Ideas should be clear and
chocolate thick.) Spanish proverb
|
|
| 15:30-17:00 | | Orleans A | Orleans B | DH Holmes A | DH Holmes C | | NIST's Cyber-Physical Systems Public Working Group (CPS PWG) Cybersecurity and Privacy SubgroupSpeakers: Victoria Pillitteri, NIST |
PrivacyFranziska RoesnerExploring and Mitigating Privacy Threats of HTML5 Geolocation APIHyungsub Kim, POSTECH; Sangho Lee, POSTECH; Jong Kim, POSTECHDifferentially Private Data Aggregation with Optimal UtilityFabienne Eigner, Saarland University, CISPA; Aniket Kate, MMCI, Saarland University; Matteo Maffei, Saarland University, CISPA; Francesca Pampaloni, IMT Lucca; Ivan Pryvalov, MMCI, Saarland UniversityOn the Privacy Provisions of Bloom Filters in Lightweight Bitcoin clientsArthur Gervais, ETH Zürich; Ghassan Karame, NEC Laboratories Europe; Damian Gruber, ETH Zürich; Srdjan Capkun, ETH Zürich |
Network Infrastructure SecurityPatrick TraynorOSPF Vulnerability to Persistent Poisoning Attacks: A Systematic AnalysisGabi Nakibly, Technion; Adi Sosnovich, Technion; Eitan Menahem, Ben Gurion University; Ariel Waizel, Ben Gurion University; Yuval Elovici, Ben Gurion UniversityLess is More: Cipher-Suite Negotiation for DNSSECAmir Herzberg, Bar-Ilan University; Haya Shulman, Technische Universität Darmstadt; Bruno Crispo, University of TrentoDNS Authentication as-a-Service Against Amplification AttacksAmir Herzberg, Bar-Ilan University; Haya Shulman, Technische Universität Darmstadt |
Readout from the 4th Annual Secure and Resilient Architectures Invitational WorkshopPresenters: Rich Graubart, Deb Bodeau, Rosalie McQuaid, MITRE Corporation |
|
| 17:15-18:00 | |
| 18:15-21:00 | |
| 7:30-8:30 | |
| 8:30-10:00 | | Orleans A | Orleans B | DH Holmes A | DH Holmes C | Panel: SCADA System Security: Challenges and Future DirectionsModerator: Irfan Ahmed, University of New Orleans
Panelists:
Chris Sistrunk, Mandiant;
Tommy Morris, Mississippi State University;
Eric J. Byres, Tofino Security;
Zach Tudor, SRI International |
Access Control and MalwareJohn McDermottRelation Extraction for Inferring Access Control Rules from Natural Language ArtifactsJohn Slankas, North Carolina State University; Xusheng Xiao, North Carolina State University; Laurie Williams, North Carolina State University; Tao Xie, University of Illinois, Urbana-ChampaignCentrality Metrics of Importance in Access Behaviors and Malware DetectionsWeixuan Mao, MOE KLINNS Lab, Xi’an Jiaotong University; Zhongmin Cai, MOE KLINNS Lab, Xi’an Jiaotong University; Xiaohong Guan, MOE KLINNS Lab, Xi’an Jiaotong University; Don Towsley, School of Computer Science, University of MassachusettsScalability, Fidelity and Stealth in the DRAKVUF Dynamic Malware Analysis SystemTamas Lengyel, University of Connecticut; Steve Maresca, Zentific, LLC; Bryan Payne, Nebula, Inc.; George Webster, TUM; Sebastian Vogl, TUM; Aggelos Kiayias, University of Athens |
Software SecurityThomas MoyerTowards Automated Integrity Protection of C++ Virtual Function Tables in Binary ProgramsRobert Gawlik, Ruhr-University Bochum; Thorsten Holz, Ruhr-University BochumLeveraging Semantic Signatures for Bug Search in Binary ProgramsJannik Pewny, Ruhr-University Bochum; Felix Schuster, Ruhr-University Bochum; Christian Rossow, Ruhr-University Bochum; Lukas Bernhard, Ruhr-University Bochum; Thorsten Holz, Ruhr-University BochumIntFlow: Improving the Accuracy of Arithmetic Error Detection Using Information Flow TrackingMarios Pomonis, Columbia University; Theofilos Petsios, Columbia University; Kangkook Jee, Columbia University; Michalis Polychronakis, Columbia University; Angelos D. Keromytis, Columbia University |
Cyber Resiliency Table-Top Exercise, Part 1 Leaders: Rich Graubart, Deb Bodeau, Rosalie McQuaid, MITRE Corporation
|
|
| 10:00-10:30 | |
| 10:30-12:00 | | Orleans A | Orleans B | DH Holmes A | DH Holmes C | | Case Studies IIPaul Black
Aviation Cyber Security R&D: What might be done?, Scott W. Tousley (DHS)
A Process of Security Assurance Properties Unification
for Application Logic, Faisal Nabi (Islami Roohani Mission University)
|
Cyber Physical Systems IIGabriela CiocarlieCPS: Beyond Usability: Applying VSD-Based Methodologies to Investigate Domain Characteristics for Security for Implantable Cardiac DevicesTamara Denning, University of Utah; Batya Friedman, University of Washington; Brian Gill, Seattle Pacific University; Daniel B. Kramer, Beth Israel Deaconess Medical Center; Matthew R. Reynolds, Harvard Clinical Research Institute; Tadayoshi Kohno, University of WashingtonCPS: A Security Evaluation of AIS, Automated Identification SystemMarco Balduzzi, Trend Micro Research; Alessandro Pasta, Independent Researcher; Kyle Wilhoit, Trend Micro Research |
Web SecurityAdam AvivNodeSentry: Least-Privilege Library Integration for Server-Side JavaScriptWillem De Groef, iMinds-DistriNet, KU Leuven; Fabio Massacci, University of Trento; Frank Piessens, iMinds-DistriNet, KU LeuvenTrueClick: Automatically Distinguishing Trick Banners from Genuine Download LinksSevtap Duman, Northeastern University; Kaan Onarlioglu, Northeastern University; Ali Osman Ulusoy, Brown University; William Robertson, Northeastern University; Engin Kirda, Northeastern UniversityJShield: Towards Real-time and Vulnerability-based Detection of Polluted Drive-by Download AttacksYinzhi Cao, Columbia University; Xiang Pan, Northwestern University; Yan Chen, Northwestern University; Jianwei Zhuge, Tsinghua University |
Cyber Resiliency Table-Top Exercise, Part 2 Leaders: Rich Graubart, Deb Bodeau, Rosalie McQuaid, MITRE Corporation (continues from the previous session)
|
|
| 12:00-12:30 | | Closing (Lafitte AB)The Great Giveaway is back! So don't leave early! Click the link for details. |
|
| 13:00-16:00 | |