Annual Computer Security Applications Conference 2015

Monday, 7 December 2015
7:30am-8:30am
(Sierra A)
8:30am-12:00pm
Club RoomHiroSalon 6ASalon 6BSalon 8

Two Day

Instructors: Kevin Nauer and SeanMichael Galvin, Sandia National Labs

Two Day

Rance J. DeLong, consultant, LAW General Chair
Gabriela Ciocarlie, SRI International, LAW Program Chair

Full Day

Carol Woody, Software Engineering Institute

Full Day

John Ortiz, Harris Corporation/UT San Antonio

Full Day

Paolina Centonze, Iona College

12:00pm-1:30pm
(Sierra A)
1:30pm-5:00pm
Club RoomHiroSalon 6ASalon 6BSalon 8

(continues from the morning)

(continues from the morning)

(continues from the morning)

(continues from the morning)

(continues from the morning)

Tuesday, 8 December 2015
7:30am-8:30am
(Sierra A)
8:30am-12:00pm
Club RoomHiroMandarinSalon 5Salon 6ASalon 6BSalon 8

(continues from the previous day)

(continues from the previous day)

Full Day

J. Todd McDonald, University of South Alabama, PPREW General Chair.

Mila Dalla Preda, University of Verona, Italy, PPREW Program Co-chair.

Natalia Stakhanova, University of New Brunswick, Canada, PPREW Program Co-chair.

Harvey Rubinovitz, The MITRE Corporation, ICSS General Co-chair.
Adam Hahn, Washington State University, ICSS General Co-chair.

Irfan Ahmed, The University of New Orleans, ICSS Program Chair.

Full Day

Giovanni Russello, University of Auckland

CANCELLED

Full Day

Daniel P. Faigin, CISSP, The Aerospace Corporation

12:00pm-1:30pm
(Sierra A)
1:30pm-5:00pm
Club RoomHiroMandarinSalon 5Salon 6ASalon 6BSalon 8

(continues from the morning)

(continues from the morning)

(continues from the morning)

(continues from the morning session)

Please note that the workshop resumes from lunch at 1:00PM

(continues from the morning)

(continues from the morning)

(continues from the morning)

6:00pm-8:00pm
(Sierra Courtyard)
Wednesday, 9 December 2015
7:30am-8:30am
(Sierra A)
8:30am-9:00am
(Sierra CD)Session Chair: Stephen Schwab

Stephen Schwab, Conference Chair

Dr. Micah Sherr, Program Chair and Dr. Wil Robertson, Program Co-Chair

Jeremy Epstein, ACSA and Evan Tamura, Hewlett Packard Enterprise

9:00am-10:00am
(Sierra CD)Session Chair: Stephen Schwab

CyberPhysical Meets CyberTrust

Dr. Jeannette Wing, Corporate Vice President, Microsoft Research

 

10:00am-10:30am
(Sierra Foyer)
10:30am-12:00pm
Club RoomSierra BSierra CSierra D

Invited Speaker: Pat Viscuso, NARA

ISOO_CUI_Overview.pdf 

Session Chair: Hassan TakabiEvaluating the Flexibility of the Java SandboxZack Coker, Carnegie Mellon University; Michael Maass, Carnegie Mellon University; Tianyuan Ding, Carnegie Mellon University; Claire Le Goues, Carnegie Mellon University; Joshua Sunshine, Carnegie Mellon UniversityEmerging Image Game CAPTCHAs for Resisting Automated and Human-Solver Relay AttacksSong Gao, University of Alabama at Birmingham; Manar Mohamed, University of Alabama at Birmingham; Nitesh Saxena, University of Alabama at Birmingham; Chengcui Zhang, University of Alabama at BirminghamOn the Security and Usability of Crypto PhonesMaliheh Shirvanian, University of Alabama at Birmingham; Nitesh Saxena, University of Alabama at Birmingham Session Chair: Adam AvivDecentralized Authorization and Privacy-Enhanced Routing for Information-Centric NetworksMariana Raykova, SRI; Hasnain Lakhani, SRI; Hasanat Kazmi, SRI; Ashish Gehani, SRIKnow Your Achilles' Heel: Automatic Detection of Network Critical ServicesAli Zand, UC Santa Barbara; Amir Houmansadr, University of Massachusetts Amherst; Giovanni Vigna, UC Santa Barbara; Richard Kemmerer, UC Santa Barbara; Christopher Kruegel, UC Santa BarbaraProactive Security Analysis of Changes in Virtualized InfrastructuresSören Bleikertz, IBM Research - Zurich; Thomas Groß, University of Newcastle upon Tyne; Sebastian Mödersheim, DTU Compute; Carsten Vogel, IBM Research - Zurich Session Chair: Jeremy Epstein

Panelists:

David Corman, Program Director, NSF

Lee Badger, Group Manager, NIST

Ryan Burchfield, Head of IoT Lab, NSA

Dan Massey, Program Manager, DHS

12:00pm-1:30pm
(Sierra A)
1:30pm-3:00pm
Club RoomSierra BSierra CSierra D

Invited Speaker: Ron Ross, NIST

SP800-171.pdf

Session Chair: Adam AvivVulnerability Assessment of OAuth Implementations in Android ApplicationsHui Wang, Shanghai Jiao Tong University; Yuanyuan Zhang, Shanghai Jiao Tong University; Juanru Li, Shanghai Jiao Tong University; Hui Liu, Shanghai Jiao Tong University; Wenbo Yang, Shanghai Jiao Tong University; Bodong Li, Shanghai Jiao Tong University; Dawu Gu, Shanghai Jiao Tong UniversityBareDroid: Large-Scale Analysis of Android Apps on Real DevicesSimone Mutti, Università degli Studi di Bergamo; Yanick Fratantonio, UC Santa Barbara; Antonio Bianchi, UC Santa Barbara; Luca Invernizzi, UC Santa Barbara; Jacopo Corbetta, UC Santa Barbara; Dhilung Kirat, IBM Research T.J. Watson; Christopher Kruegel, UC Santa Barbara; Giovanni Vigna, UC Santa BarbaraExperimental Study with Real-world Data for Android App Security Analysis using Machine LearningSankardas Roy, Bowling Green State University; Jordan DeLoach, Kansas State University; Yuping Li, University of South Florida; Doina Caragea, Kansas State University; Xinming Ou, University of South Florida; Nicolae Herndon, Kansas State University; Venkatesh Ranganath, Kansas State University; HongMin Li, Kansas State University; Nicolais Guevara, Kansas State University Session Chair: Graham Z. BakerControl Flow and Code Integrity for COTS BinariesMingwei Zhang, Stony Brook University; R. Sekar, Stony Brook UniversityA Principled Approach for ROP DefenseRui Qiao, Stony Brook University; Mingwei Zhang, Stony Brook University; R. Sekar, Stony Brook UniversityDefeating ROP Through Denial of Stack PivotAravind Prakash, Syracuse University; Heng Yin, Syracuse University Session Chair: Joe Jarzombek

Panelists:

Carol Woody, Technical Manager Cybersecurity Engineering, Software Engineering Institute

Ian Bryant, Technical Director, UK Trustworthy Software Initiative

Nadya Bartol, Vice President Industry Affairs and Cybersecurity Strategy, Utilities Telecom Council

 

3:00pm-3:30pm
(Sierra Foyer)
3:30pm-5:00pm
Club RoomSierra BSierra CSierra D

Moderators:

Pat Viscuso, NARA

Ron Ross, NIST

 

Session Chair: Gabriela CiocarlieIOT: Handling Reboots and Mobility in 802.15.4 SecurityKonrad-Felix Krentz, Hasso Plattner Institute; Christoph Meinel, Hasso Plattner InstituteIOT: Using Channel State Information for Tamper Detection in the Internet of ThingsIbrahim Bagci, Lancaster University; Utz Roedig, Lancaster University; Ivan Martinovic, University of Oxford; Matthias Schulz, Technische Universität Darmstadt; Matthias Hollick, Technische Universität DarmstadtIOT: Using Visual Challenges to Verify the Integrity of Security CamerasJunia Valente, The University of Texas at Dallas; Alvaro Cardenas, The University of Texas at Dallas Session Chair: Adam BatesJaTE: Transparent and Efficient JavaScript ConfinementTung Tran, Stony Brook University; Riccardo Pelizzi, Stony Brook University; R. Sekar, Stony Brook UniversityCross-site Framing AttacksNethanel Gelernter, Bar Ilan University; Yoel Grinstein, Bar Ilan University; Amir Herzberg, Bar Ilan UniversityCovert Botnet Command and Control Using TwitterNicholas Pantic, Cal Poly Pomona; Mohammad Iftekhar Husain, Cal Poly Pomona Session Chair: Shellee Scott

Dissecting Bitcoin Security, Cassio Goldschmidt, NCR

DDoS Attacks to DNS using infected IoT Devices, Ki-Taek.Lee, SK Broadband and Korea University

How to Rapidly Build Security Analysis: From Benches to Trenches, Michael Collins, Redjack

 

6:30pm-9:30pm
(Sierra A)
Thursday, 10 December 2015
7:30am-8:30am
(Sierra A)
8:30am-10:00am
(Sierra CD)Session Chair: Stephen Schwab

DARPA Cyber Grand Challenge: Building and Running Cyber Infrastructure for Fully Automated Computer-vs-Computer Capture the Flag Competitions

with a presentation by:

Benjamin Price and Michael Zhivich, Cyber Security and Information Sciences Division, MIT Lincoln Laboratory

Cyber Grand Challenge Infrastructure Team Members

 

10:00am-10:30am
(Sierra Foyer)
10:30am-12:00pm
Club RoomSierra BSierra CSierra D

Invited Speaker: Ron Ross, NIST

Session Chair: Chris WacekAuDroid: Preventing Attacks on Audio Channels in Mobile DevicesGiuseppe Petracca, Penn State University; Yuqiong Sun, Penn State University; Ahmad Atamli, University of Oxford; Trent Jaeger, Penn State UniversityOn the Robustness of Mobile Device FingerprintingThomas Hupperich, Horst Görtz Institute for IT-Security, Ruhr-University Bochum; Davide Maiorca, Department of Electrical and Electronic Engineering, University of Cagliari; Marc Kührer, Horst Görtz Institute for IT-Security, Ruhr-University Bochum; Giorgio Giacinto, Department of Electrical and Electronic Engineering, University of Cagliari; Thorsten Holz, Horst Görtz Institute for IT-Security, Ruhr-University BochumGrab 'n Run: Secure and Practical Dynamic Code Loading for Android ApplicationsLuca Falsina, Politecnico di Milano; Yanick Fratantonio, UC Santa Barbara; Stefano Zanero, Politecnico di Milano; Christopher Kruegel, UC Santa Barbara; Giovanni Vigna, UC Santa Barbara; Federico Maggi, Politecnico di Milano Session Chair: Dongyan XuProvenance based Integrity Protection for WindowsWai Kit Sze, Stony Brook University; R. Sekar, Stony Brook UniversityMOSE: Live Migration Based On-the-Fly Software EmulationJinpeng Wei, Florida International University; Lok Yan, AFRL/RI, Rome, NY; Muhammad Hakim, Florida International UniversityPrivacy-preserving Virtual MachineTianlin Li, State University of New York at Binghamton; Yaohui Hu, State University of New York at Binghamton; Ping Yang, State University of New York at Binghamton; Kartik Gopalan, State University of New York at Binghamton Session Chair: Mike Yoder

Panelists:

Eddie Garcia, Cloudera

Andy Purtell, Salesforce and Apache HBase, Apache Software Foundation

Bhavani Thuraisingham, UT Dallas

12:00pm-1:30pm
(Sierra A)
1:30pm-3:00pm
Club RoomSierra BSierra CSierra D
Session Chair: Saman ZonouzSoteria: Offline Software Protection within Low-cost Embedded DevicesJohannes Götzfried, FAU Erlangen-Nuremberg; Tilo Müller, FAU Erlangen-Nuremberg; Ruan de Clercq, KU Leuven; Pieter Maene, KU Leuven; Felix Freiling, FAU Erlangen-Nuremberg; Ingrid Verbauwhede, KU LeuvenPIE: Parser Identification in Embedded SystemsLucian Cojocar, Vrije Universiteit Amsterdam; Jonas Zaddach, EURECOM; Roel Verdult, Radboud Universiteit Nijmegen; Herbert Bos, Vrije Universiteit Amsterdam; Davide Balzarotti, EURECOM; Aurélien Francillon, EURECOMDefending Against Malicious USB Firmware with GoodUSBDave (Jing) Tian, University of Florida; Adam Bates, University of Florida; Kevin Butler, University of Florida Session Chair: William RobertsonProximity Verification for Contactless Access Control and Authentication SystemsAanjhan Ranganathan, ETH Zurich; Boris Danev, 3dB Access AG; Srdjan Capkun, ETH ZurichScalable and secure concurrent evaluation of history-based access control policiesMaarten Decat, iMinds-DistriNet, KU Leuven; Bert Lagaisse, iMinds-DistriNet, KU Leuven; Wouter Joosen, iMinds-DistriNet, KU LeuvenEntity-Based Access Control: supporting more expressive access control policiesJasper Bogaerts, iMinds-DistriNet, KU Leuven; Maarten Decat, iMinds-DistriNet, KU Leuven; Bert Lagaisse, iMinds-DistriNet, KU Leuven; Wouter Joosen, iMinds-DistriNet, KU Leuven Session Chair: David Balenson

(moderator presentation)

Panelists:

Terry Benzel, USC Information Sciences Institute (presentation)

Trent Jaeger, Pennsylvania State University (presentation)

Lee Rossey, SimSpace (presentation)

Jinpeng Wei, Florida International University (presentation)

3:00pm-3:30pm
(Sierra Foyer)

Chocoholic Extravaganza

"Las cosas claras y el chocolate espeso." (Ideas should be clear and
chocolate thick.) Spanish proverb

3:30pm-5:00pm
Club RoomSierra BSierra CSierra D
Session Chair: David Balenson

Moderator:

David Balenson, SRI International (Moderator Presentation)

Presenters:

Kevin Harnett, US DOT/Volpe Center

Graham Watson, US DOT/Volpe Center

Brendan Harris, US DOT/Volpe Center

(US DOT/Volpe Center Presentation)

Dan Massey, DHS S&T (Presentation)

Session Chair: Rida BazziIs Bigger Better? Comparing User Generated Passwords on 3x3 vs. 4x4 Grid Sizes for Android's Pattern UnlockAdam Aviv, United States Naval Academy; Devon Budzitowski, United States Naval Academy; Ravi Kuber, University of Maryland, Baltimore CountyErsatzPasswords: Ending Password Cracking and Detecting Password LeakageMohammed Almeshekah, King Saud University; Christopher Gutierrez, Purdue University; Mikhail Atallah, Purdue University; Eugene Spafford, Purdue UniversityPARS: A Uniform and Open-source Password Analysis and Research SystemShouling Ji, Georgia Institute of Technology; Shukun Yang, Georgia Institute of Technology; Ting Wang, Lehigh University; Changchang Liu, Princeton University; Wei-Han Lee, Princeton University; Raheem Beyah, Georgia Institute of Technology Session Chair: Stephen McCamantBinary Code Continent: Finer-Grained Control Flow Integrity for Stripped BinariesMinghua Wang, Trusted Computing and Information Assurance Laboratory, Institute of Software, Chinese Academy of Sciences, Department of EECS, Syracuse University; Heng Yin, Department of EECS, Syracuse University; Abhishek vasisht bhaskar, Department of EECS, Syracuse University; Purui Su, Trusted Computing and Information Assurance Laboratory, State Key Laboratory of Computer Science, Institute of Software, Chinese Academy of Sciences; Dengguo Feng, Trusted Computing and Information Assurance Laboratory, Institute of Software, Chinese Academy of SciencesShrinkWrap: VTable protection without loose endsIstvan Haller, Vrije Universiteit Amsterdam; Enes Göktaş, Vrije Universiteit Amsterdam; Elias Athanasopoulos, FORTH-ICS; Georgios Portokalidis, Stevens Institute of Technology; Herbert Bos, Vrije Universiteit AmsterdamDynaGuard: Armoring Canary-based Protections against Brute-force AttacksTheofilos Petsios, Columbia University; Vasileios P. Kemerlis, Brown University; Michalis Polychronakis, Stony Brook University; Angelos D. Keromytis, Columbia University Session Chair: Art Friedman

Republic Of Korea's Efforts for Enhanced Software Assurance, Lee Sang Geol, KISA (Korea Internet & Security Agency)

Secure Identity Management for Future Networks, Hassane Aissaoui-Mehrez, IMT-TELECOM-ParisTech

Lessons Learned from Applying Continuous Diagnostics and Mitigation Tools in an Information Technology R&D Laboratory, Joe Veoni, MITRE's Center for Advanced Aviation System Development

5:15pm-6:00pm
(Sierra C)Session Chair: Thomas Moyer
6:15pm-9:00pm
(Sierra A)Session Chair: Thomas Moyer
Friday, 11 December 2015
7:30am-8:30am
(Sierra A)
8:30am-10:00am
Club RoomSierra BSierra C

Invited Speaker: Daniel Faigin, Aerospace Corporation

Session Chair: Heng YinTowards Analyzing the Input Validation Vulnerabilities associated with Android System ServicesChen Cao, Institute of Information Engineering, CAS; Neng Gao, Institute of Information Engineering, CAS; Peng Liu, The Pennsylvania State University; Ji Xiang, Institute of Information Engineering, CASMorphDroid: Fine-grained Privacy VerificationPietro Ferrara, IBM T.J. Watson Research Center; Omer Tripp, IBM T.J. Watson Research Center; Marco Pistoia, IBM T.J. Watson Research CenterMobiPluto: File System Friendly Deniable Storage for Mobile DevicesBing Chang, Institute of Information Engineering, CAS; Zhan Wang, Institute of Information Engineering, CAS; Bo Chen, The Pennsylvania State University; Fengwei Zhang, Wayne State University Session Chair: Adam BatesAnalyzing and Modeling Longitudinal Security Data: Promise and PitfallsBenjamin Edwards, University of New Mexico; Steven Hofmeyr, Lawrence Berkeley National Laboratory; Stephanie Forrest, University of New Mexico / Santa Fe Institute; Michel van Eeten, Delft University of TechnologyAccurate, Low Cost and Instrumentation-Free Security Audit Logging for WindowsShiqing Ma, Purdue University; Kyuhyung Lee, University of Georgia; Chunghwan Kim, Purdue University; Junghwan Rhee, NEC Laboratories America; Xiangyu Zhang, Purdue University; Dongyan Xu, Purdue UniversitySeSQLite: Security Enhanced SQLiteSimone Mutti, Università degli Studi di Bergamo; Enrico Bacis, Università degli Studi di Bergamo; Stefano Paraboschi, Università degli Studi di Bergamo
10:00am-10:30am
(Sierra Foyer)
10:30am-12:00pm
Club RoomSierra BSierra CD
Session Chair: Stephen SchwabCombining Differential Privacy and Secure Multiparty ComputationMartin Pettai, Cybernetica AS; Peeter Laud, Cybernetica ASSecure and Efficient Key Derivation in Portfolio Authentication Schemes Using Blakley Secret SharingPeter Mayer, Technische Universität Darmstadt, Center for Advanced Security Research Darmstadt; Melanie Volkamer, Technische Universität Darmstadt, Center for Advanced Security Research Darmstadt Session Chair: Ariel FeldmanGetting to know your card: Reverse-Engineering the Smart-Card Application Protocol Data UnitAndriana Gkaniatsou, University of Edinburgh; Fiona McNeill, Heriot-Watt University; Alan Bundy, University of Edinburgh; Graham Steel , CryptosenseLogical Partitions on Many-Core PlatformsRamya Jayaram Masti, Institute of Information Security, ETH Zurich; Claudio Marforio, Institute of Information Security, ETH Zurich; Kari Kostiainen, Institute of Information Security, ETH Zurich; Claudio Soriente, Institute of Information Security, ETH Zurich; Srdjan Capkun, Institute of Information Security, ETH ZurichHardware-assisted memory tracing on new SoCs embedding FPGA fabricsLetitia W. Li, Institut Mines-Télécom / Télécom ParisTech / CNRS LTCI; Guillaume Duc, Institut Mines-Télécom / Télécom ParisTech / CNRS LTCI; Renaud Pacalet, Institut Mines-Télécom / Télécom ParisTech / CNRS LTCI
12:00pm-12:30pm
(Sierra CD)Session Chair: Robert H'obbes' Zakon

The Great Giveaway is back! So don't leave early!

12:45pm-5:00pm
(Sierra Foyer)

California Science Center (www.californiasciencecenter.com)

 

Powered by OpenConf®
Copyright©2002-2015 Zakon Group LLC