Skip to main content
Annual Computer Security Applications Conference (ACSAC) 2017

Full Program

If you would like to create a personalized program, check the boxes next to the sessions you would like to attend, then click the Create My Program button at the bottom of the page. You may then save or print your personalized program through your browser.


Monday, 4 December 2017
7:30-8:30
(Salon V)
8:30-12:00
Salon ISalon VISalon IIISalon IISalon ICrystal

Two-Day Workshop

Morning session consists of M3: Holistic Layered Assurance tutorial

Gabriela Ciocarlie and Peter G. Neumman, SRI International, and Rance DeLong, Santa Clara University, Workshop Co-Chairs

 

 

Two-Day Worshop

J. Todd McDonald, University of South Alabama, General Chair

Full Day Tutorial

Dr. Paolina Centonze, Iona College

CANCELLED

Robert C. Seacord, NCC Group

Half Day Tutorial - Morning Only

Also offered as part of Layered Assurance Workshop (LAW)

Dr. Wolfgang Kampichler, FREQUENTIS AG

Two-Day Training Course

Instructors: Kevin Nauer, SeanMichael Galvin, and Kim Ta, Sandia National Laboratories

 

 

 

12:00-13:30
(Salon V)
13:30-17:00
Salon ISalon VISalon IIISalon IICrystal

(workshop continues)

(workshop continues)

(tutorial continues)

CANCELLED

(training continues)

Tuesday, 5 December 2017
7:30-8:30
(Salon V)
8:30-12:00
Salon ISalon VISalon VIISalon VIIISalon ISalon IIICrystal

(workshop continues)

Morning session consists of T4: Practical Formal Methods for the Analysis of Executable Code tutorial

(workshop continues)

One-Day Workshop

Harvey Rubinovitz, The MITRE Corporation, and Adam Hahn, Washington State University, General Co-Chairs

Irfan Ahmed, The University of New Orleans, Program Chair

One-Day Workshop

Zinaida Benenson. University of Erlangen-Nuremberg, and Daniela Oliveira, University of Florida, Programme Chairs

Giampaolo Bella, University of Catania, and Gabriele Lenzini, University of Luxembourg, Workshop Organizers

Half Day Tutorial - Morning Only

Also offered as part of Layered Assurance Workshop (LAW)

Sébastien Bardin, CEA LIST

Full Day Tutorial

Craig Smith, Rapid 7 and Open Garages, and Daniel Chin, Dept. of Transportation / Volpe Center

(training continues)

12:00-13:30
(Salon V)
13:30-17:00
Salon ISalon VISalon VIISalon VIIISalon IISalon IIICrystal

(workshop continues)

(workshop continues)

(workshop continues)

(workshop continues)

Half Day Tutorial - Afternoon

Atul Kumar, IBM Research

(tutorial continues)

(training continues)

18:00-20:00
(Salon VI-VIII)
Wednesday, 6 December 2017
7:30-8:30
(Salon VI-VIII)
8:30-9:00
(Salon IV-V)Session Chair: David Balenson

ACSAC Conference Welcome, David Balenson, Conference Chair

Distinguished Paper Awards, Dr. Davide Balzarotti, Program Chair and Dr. Juan Caballero, Program Co-Chair

SLIDES

SWSIS Scholarship Awards, Jeremy Epstein, ACSA

SLIDES

9:00-10:00
(Salon IV-V)Session Chair: David Balenson

Delivering Security Insights with Data Analytics and Visualization
Raffael Marty, VP Security Analytics, Sophos

10:00-10:30
(Grand Foyer)
10:30-12:00
Salon IIISalon IISalon I

Moderator: Dan Massey, University of Colorado Boulder

Panelists:
Glenn Atkinson, Geotab
Craig Smith, Rapid7 and Open Garages
Kevin Harnett, US DOT Volpe Center
Scott Tousley, DHS S&T Cyber Security Division

Session Chair: Daniela OliveiraN-auth: Mobile Authentication Done RightRoel Peeters, KU Leuven, COSIC; Jens Hermans, KU Leuven, COSIC; Pieter Maene, KU Leuven, COSIC; Kimmo Halunen, VTT; Katri Grenman, VTT; Juha Häikiö, VTTExploitation And Mitigation Of Authentication Schemes Based On Device-public InformationAntonio Bianchi, University of California, Santa Barbara; Eric Gustafson, University of California, Santa Barbara; Yanick Fratantonio, University of California, Santa Barbara; Christopher Kruegel, University of California, Santa Barbara; Giovanni Vigna, University of California, Santa BarbaraA Secure Mobile Authentication Alternative To BiometricsMozhgan Azimpourkivi, Florida International University; Umut Topkara, Bloomberg LP; Bogdan Carbunar, Florida International University Session Chair: Wil RobertsonMachine-learning-guided Typestate Analysis For Static Use-after-free DetectionHua Yan, University of New South Wales; Yulei Sui, University of New South Wales; Shiping Chen, Commonwealth Scientific and Industrial Research Organisation (CSIRO); Jingling Xue, University of New South WalesBreaking And Fixing Destructive Code Read DefensesJannik Pewny, HGI, Ruhr-University Bochum; Philipp Koppe, HGI, Ruhr-University Bochum; Lucas Davi, University Duisburg-Essen; Thorsten Holz, HGI, Ruhr-University BochumQuasar: Quantitative Attack Space Analysis And ReasoningRichard Skowyra, MIT Lincoln Laboratory; Steven Gomez, MIT Lincoln Laboratory; David Bigelow, MIT Lincoln Laboratory; James Landry, MIT Lincoln Laboratory; Hamed Okhravi, MIT Lincoln Laboratory
12:00-13:30
(Salon VI-VIII)
13:30-15:00
Salon IIISalon IISalon I
 
Moderator: Vincent Sritapan, DHS S&T Cyber Security Division
 
Panelists:
Robert Clemons, National Information Assurance Partnership (NIAP)
Angelos Stavrou, Kryptowire
 
Session Chair: Robert ZakonKakute: A Precise, Unified Information Flow Analysis System For Big-data SecurityJinayu Jiang, The University of Hong Kong; Shixiong Zhao, The University of Hong Kong; Danish Alsayed, The University of Hong Kong; Yuexuan Wang, The University of Hong Kong; Heming Cui, The University of Hong Kong; Feng Liang, The University of Hong Kong; zhaoquan gu, The University of Hong KongMarmite: Spreading Malicious File Reputation Through Download GraphsGianluca Stringhini, UCL; Yun Shen, SRL; yufei han, SRL; xiangliang zhang, KAUSTTtpdrill: Automatic And Accurate Extraction Of Threat Actions From Unstructured Text Of Cti SourcesGhaith Husari, UNCC; Ehab Al-Shaer, UNCC; Mohiuddin Ahmed, UNCC; Bei-Tseng Chu, UNCC; Xi Niu, UNCC Session Chair: Aravind PrakashSupplementing Modern Software Defenses With Stack-pointer SanityAnh Quach, Binghamton University; Matthew Cole, Binghamton University; Aravind Prakash, Binghamton UniversityProtecting Cots Binaries From Disclosure-guided Code Reuse AttacksMingwei Zhang, Intel Labs; Michalis Polychronakis, Stony Brook University; R. Sekar, Stony Brook UniversityPiston: Uncooperative Remote Runtime PatchingChristopher Salls, UC Santa Barbara; Yan Shoshitaishvili, UC Santa Barbara; Nick Stephens, UC Santa Barbara; Christopher Kruegel, UC Santa Barbara; Giovanni Vigna, UC Santa Barbara
15:00-15:30
(Grand Foyer)
15:30-17:00
Salon IIISalon IISalon I

Moderator: Tomas Vagoun, PhD, Cybersecurity and Privacy R&D Technical Coordinator, Federal Networking and IT R&D Program (NITRD)

Panelists:
Dr. Joshua Baron, Program Manager, DARPA
Jeremy Epstein, Deputy Division Director, NSF
Dr. Steven King, Deputy Director, Cyber Technology, Office of the Assistant Secretary of Defense
Scott Tousley, Deputy Director, Cyber Security Division, DHS S&T

 

Session Chair: Davide BalzarottiProxy Re-encryption Based On Homomorphic EncryptionReda Bellafqira, IMT Atlantique; Gouenou Coatrieux, IMT Atlantique; Dalel Bouslimi, IMT Atlantique; Gwénolé Quellec, Inserm; Michel Cozic, MedecomMeasuring Popularity Of Cryptographic Libraries In Internet-wide ScansMatus Nemec, Masaryk University, Ca' Foscari University of Venice; Dusan Klinec, Masaryk University, EnigmaBridge; Petr Svenda, Masaryk University; Peter Sekan, Masaryk University; Vashek Matyas, Masaryk UniversitySpinner: Semi-automatic Detection Of Pinning Without Hostname Verification (or Why 10m Bank Users Were Vulnerable)Chris McMahon Stone, University of Birmingham; Tom Chothia, University of Birmingham; Flavio Garcia, University of Birmingham Session Chair: Fengwei ZhangPredicting Cyber Threats With Virtual Security ProductsShang-Tse Chen, Georgia Tech; Yufei Han, Symantec Research Labs; Duen Horng Chau, Georgia Tech; Christopher Gates , Symantec Research Labs; Michael Hart , Symantec Research Labs; Kevin Roundy, Symantec Research LabsSmoke Detector: Cross-product Intrusion Detection With Weak IndicatorsKevin Roundy, Symantec Research Labs; Acar Tamersoy, Symantec Research Labs; Michael Hart, Symantec Research Labs; Daniel Kats, Symantec Research Labs; Robert Scott, Symantec; Michael Spertus, SymantecI Like It, But I Hate It: Employee Perceptions Towards An Institutional Transition To Byod Second-factor AuthenticationJake Weidman, The Pennsylvania State University; Jens Grossklags, Technical University of Munich
18:30-21:30
(Salon VI-VIII)
Thursday, 7 December 2017
7:30-8:30
(Salon VI-VIII)
9:00-10:00
(Salon IV-V)Session Chair: David Balenson

Dare to Share: Risks and Rewards of Artifact Sharing in Computer Science
Christian Collberg, Professor of Computer Science, University of Arizona

10:00-10:30
(Grand Foyer)
10:30-12:00
Salon IIISalon IISalon I

Moderator: Jeremy Epstein, National Science Foundation

Panelists:
Thomas Hicks, Vice-Chairman, US Election Assistance Commission
Robert Gatlin, Department of Homeland Security
 

Session Chair: Graham BakerVulcan: Efficient Component Authentication And Software Isolation For Automotive Control NetworksJo Van Bulck, imec-DistriNet, KU Leuven; Jan Tobias Muehlberg, imec-DistriNet, KU Leuven; Frank Piessens, imec-DistriNet, KU LeuvenAutomated Analysis Of Secure Internet Of Things ProtocolsJun Young Kim, The University of New South Wales and Data61 CSIRO; Ralph Holz, The University of Sydney; Wen Hu, The University of New South Wales and Data61 CSIRO; Sanjay Jha, The University of New South Wales and Data61 CSIROHolopair: Securing Shared Augmented Reality Using Microsoft HololensIvo Sluganovic, University of Oxford; Matej Serbec, University of Zagreb; Ante Derek, University of Zagreb; Ivan Martinovic, University of Oxford Session Chair: Matteo Dell'AmicoObjective Metrics And Gradient Descent Algorithms For Adversarial Examples In Machine LearningUyeong Jang, University of Wisconsin; Xi Wu, Google; Somesh Jha, University of WisconsinMitigating Evasion Attacks To Deep Neural Networks Via Region-based ClassificationXiaoyu Cao, Iowa state university; Neil Zhenqiang Gong, Iowa state universityMalware Detection In Adversarial Setting: Exploiting Feature Evolutions And Confusions In Android AppsWei Yang, University of Illinois Urbana-Champaign; Deguang Kong, Yahoo Research; Tao Xie, University of Illinois Urbana-Champaign; Carl Gunter, University of Illinois Urbana-Champaign; Hongxia Jing, Samsung Research America
12:00-13:30
(Salon VI-VIII)
13:30-15:00
Salon IIISalon IISalon I
Moderator: Jeremy Epstein, National Science Foundation
 
Panelists:
Amber McReynolds, Director of Elections for the City and County of Denver, Colorado
Dwight Shellman, Manager, County Regulation and Support, State of Colorado
Juan A. Figueroa, Office of Infrastructure Protection, Department of Homeland Security
Session Chair: Ou XinmingGrid Shock: Coordinated Load-change Attacks On Power GridsAdrian Dabrowski, SBA Research; Johanna Ullrich, SBA Research; Edgar Weippl, SBA ResearchEnforcing Cyber-physical Execution Semantics To Defend Against Data-oriented AttacksLong Cheng, Virginia Tech; Ke Tian, Virginia Tech; Danfeng (Daphne) Yao, Virginia TechTraks: A Universal Key Management Scheme For ErtmsRichard Thomas, University of Birmingham; Tom Chothia, University of Birmingham; Mihai Ordean, University of Birmingham; Joeri de Ruiter, Radboud University Session Chair: Kevin ButlerSupporting Transparent Snapshot For Bare-metal Malware Analysis On Mobile DevicesLe Guan, Penn State University; Shijie Jia, Institute of Information Engineering, Chinese Academy of Sciences; Bo Chen, Michigan Technological university; Fengwei Zhang, Wayne State University; Bo Luo, The University of Kansas; Jingqiang Lin, Institute of Information Engineering, Chinese Academy of Sciences; Peng Liu, Penn State University; Xinyu Xing, Penn State University; Luning Xia, Institute of Information Engineering, Chinese Academy of SciencesDroid-antirm: Taming Control Flow Anti-analysis To Support Automated Dynamic Analysis Of Android MalwareXiaolei Wang, College of Computer, National University of Defense Technology; Sencun Zhu, Department of Computer Science and Engineering & College of Information Sciences and Technology, The Pennsylvania State University; Dehua Zhou, Jinan University; Yuexiang Yang, College of Computer,National University of Defense TechnologySecuredroid: Enhancing Security Of Machine Learning-based Detection Against Adversarial Android Malware AttacksLingwei Chen, West Virginia University; Shifu Hou, West Virginia University; Yanfang Ye, West Virginia University
15:00-15:30
(Grand Foyer)
15:30-17:00
Salon IIISalon IISalon I

Moderator: Sven Dietrich, City University of New York

Panelists:
Jean Camp, Indiana University at Bloomington
Michael Collins, RedJack
David Dittrich, University of Washington
 

Session Chair: Michalis PolychronakisDecanter: Detection Of Anomalous Outbound Http Traffic By Passive Application FingerprintingRiccardo Bortolameotti, University of Twente; Thijs van Ede, University of Twente; Marco Caselli, Siemens; Rick Hofstede, RedSocks; Maarten H. Eveerts, TNO & University of Twente; Willem Jonker, University of Twente; Pieter Hartel, University of Twente; Andreas Peter, University of TwentePicky Attackers: Quantifying The Role Of System Properties On Intruder BehaviorTimothy Barron, Stony Brook University; Nick Nikiforakis, Stony Brook UniversityCo-processor-based Behavior Monitoring: Application To The Detection Of Attacks Against The System Management ModeRonny Chevalier, HP Labs; Maugan Villatel, HP Labs; David Plaquin, HP Labs; Guillaume Hiet, CentraleSupélec Session Chair: Stephen SchwabRevarm: A Platform-agnostic Arm Binary Rewriter For Security ApplicationsTaegyu Kim, Purdue University; Chung Hwan Kim, NEC Laboratories America; Hongjun Choi, Purdue University; Yonghwi Kwon, Purdue University; Brendan Saltaformaggio, Georgia Institute of Technology; Xiangyu Zhang, Purdue University; Dongyan Xu, Purdue UniversitySecure And Efficient Software-based Attestation For Industrial Control Devices With Arm ProcessorsBinbin Chen, Advanced Digital Sciences Center; Xinshu Dong, Advanced Digital Sciences Center; Guangdong Bai, Singapore Institute of Technology; Sumeet Jauhar, Advanced Digital Sciences Center; Yueqiang Cheng, APL SoftwareEcfi: Asynchronous Control Flow Integrity For Programmable Logic ControllersAli Abbasi, University of Twente; Thorsten Holz, Ruhr University Bochum; Emmanuele Zambon, SecurityMatters B.V; Sandro Etalle, Eindhoven University of Techology
17:15-18:15
(Salon II)Session Chair: Thomas Moyer

Co-Chairs:
Dr. Thomas Moyer, University of North Carolina at Charlotte
Dr. Paolina Centonze, Iona College

18:30-21:00
(Salon VI-VIII)Session Chair: Thomas Moyer

Co-Chairs:
Dr. Thomas Moyer, University of North Carolina at Charlotte
Dr. Paolina Centonze, Iona College

 

Friday, 8 December 2017
7:30-8:30
(Salon VI-VIII)
8:30-10:00
Salon IIISalon IISalon I
Session Chair: Randy Smith

A security researcher, a safety engineer, and a regulator walk into a bar: Lessons learned from 9 months of institutional anthropology at the FDA, Dr. Eugene Vasserman, Kansas State University

Semi-supervised Classification for Dynamic Android Malware Detection, Li Chen, Intel Labs

Impact of the Physical Web and BLE Beacons, Dr. Debasis Bhattacharya, University of Hawaii Maui College
 

Session Chair: Gianluca StringhiniLean On Me: Mining Internet Service Dependencies From Large-scale Dns DataMatteo Dell'Amico, Symantec Research Labs; Leyla Bilge, Symantec Research Labs; K. Ashwin Kumar, Symantec Research Labs; Petros Efstathopoulos, Symantec Research Labs; Pierre-Antoine Vervier, Symantec Research LabsA Security-mode For Carrier-grade Sdn ControllersChanghoon Yoon, KAIST; Seungwon Shin, KAIST; Phillip Porras, SRI International; Vinod Yegneswaran, SRI International; Heedo Kang, KAIST; Martin Fong, SRI International; Brian O'Connor, Open Networking Laboratory; Thomas Vachuska, Open Networking LaboratoryResect: Self-learning Traffic Filters For Ip Spoofing DefenseJelena Mirkovic, USC; Erik Kline, USC/ISI; Peter Reiher, UCLA Session Chair: Daniel ZappalaTowards Baselines For Shoulder Surfing On Mobile AuthenticationAdam Aviv, United States Naval Academy; John Davin, United States Naval Academy; Ravi Kuber, University of Maryland, Baltimore County; Flynn Wolf, University of Maryland, Baltimore CountyOn The Pitfalls Of End-to-end Encrypted Communications: A Study Of Remote Key-fingerprint VerificationMaliheh Shirvanian, University of Alabama at Birmingham; Nitesh Saxena, University of Alabama at Birmingham; Jesvin James George, University of Alabama at BirminghamHere Is Your Fingerprint! Actual Risk Versus User Perception Of Latent Fingerprints And Smudges Remaining On SmartphonesHoyeon Lee, Yonsei University; Seungyeon Kim, Yonsei University; Taekyoung Kwon, Yonsei University
10:00-10:30
(Grand Foyer)
10:30-12:00
Salon IIISalon IISalon I

Moderator: David Balenson, SRI International

Panelists:
Dr. Michael Clifford, Noblis NSP
Dr. Michael Collins, RedJack
Dr. Ulf Lindqvist, SRI International

 

Session Chair: Juan CaballeroProtecting Against Malicious Bits On The Wire: Automatically Generating A Usb Protocol Parser For A Production KernelPeter Johnson, Middlebury College; Sergey Bratus, Dartmouth College; Sean Smith, Dartmouth CollegeNioh : Hardening The Hypervisor By Filtering Illegal I/o Requests To Virtual DevicesJunya Ogasawara, Keio University; Kenji Kono, Keio UniversityAnalysis Of Seandroid Policies: Combining Mac And Dac In AndroidHaining Chen, Purdue University; Ninghui Li, Purdue University; William Enck, North Carolina State University; Yousra Aafer, Purdue University; Xiangyu Zhang, Purdue University Session Chair: Petros EfstathopoulosCommoner Privacy And A Study On Network TracesXiyue Deng, USC/ISI; Jelena Mirkovic, USC/ISIThe Devil’s In The Details: Placing Decoy Routers In The InternetDevashish Gosain, Indraprastha Institute of Information Technology Delhi; Anshika Aggarwal, Indraprastha Institute of Information Technology Delhi; Sambuddho Chakravarty, Indraprastha Institute of Information Technology Delhi; Hrishikesh Bhattacharya, Rochester Institute of TechnologyEx-ray: Detection Of History-leaking Browser ExtensionsMichael Weissbacher, Northeastern University; Enrico Mariconti, University College London; Guillermo Suarez De Tangil, University College London; Gianluca Stringhini, University College London; William Robertson, Northeastern University; Engin Kirda, Northeastern University
12:00-12:15
(Salon IV)

Don't leave early -- attend our closing plenary to learn about next year's conference and participate in our prize giveaway!


 

Powered by OpenConf®
Copyright ©2002-2017 Zakon Group LLC