Panel Moderator: Robert H’obbes’ Zakon, Zakon Group LLC
Panelists: Dave Bryson, The MITRE Corporation
Anil John, Department of Homeland Security Science & Technology Directorate
Javier Malavé, Puerto Rico Science, Technology and Research Trust
Session Chair: Zhiqiang Lin, Ohio State UniversityShredder: Breaking Exploits through API SpecializationShachee Mishra, Stony Brook University; Michalis Polychronakis, Stony Brook UniversityTIFF: Using Input Type Inference To Improve FuzzingVivek Jain, International Institute of Information Technology; Sanjay Rawat, Vrije Universiteit, Amsterdam; Cristiano Giuffrida, Vrije Universiteit, Amsterdam; Herbert Bos, Vrije Universiteit, AmsterdamOn the Effectiveness of Type-based Control Flow IntegrityReza Mirzazade Farkhani, Northeastern University; Saman Jafari, Northeastern University; Sajjad Arshad, Northeastern University; William Robertson, Northeastern University; Engin Kirda, Northeastern University; Hamed Okhravi, MIT Lincoln LaboratoryPractical Integrity Protection with Oblivious HashingMohsen Ahmadvand, Technical University of Munich; Anahit Hayrapetyan, Technical University of Munich; Sebastian Banescu, Technical University of Munich; Alexander Pretschner, Technical University of Munich
Moderator: Harvey Rubinovotz, The MITRE Corporation, Workshops Chair
Session Chair: Kevin Roundy, Symantec Research LabsAccurate Malware Detection by Extreme AbstractionFady Copty, IBM Research - Haifa; Matan Danos, IBM Research - Haifa; Orit Edelstein, IBM Research - Haifa; Cindy Eisner, IBM Research - Haifa; Dov Murik, IBM Research - Haifa; Benjamin Zeltser, IBM Research - HaifaUsing Loops For Malware Classification Resilient to Feature-unaware PerturbationsAravind Machiry, UC Santa Barbara; Nilo Redini, UC Santa Barbara; Eric Gustafson, UC Santa Barbara; Yanick Fratantonio, EURECOM; Yung Ryn Choe, Sandia National Laboratories; Christopher Kruegel, UC Santa Barbara; Giovanni Vigna, UC Santa BarbaraMADE: Malicious Activity Detection in EnterprisesAlina Oprea, Northeastern University; Zhou Li, RSA; Robin Norris, EMC CIRC; Kevin Bowers, RSALOBO - Evaluation of Generalization Deficiencies in Twitter Bot ClassifiersJuan Echeverria, University College London; Nicolas Kourtellis, Telefonica I+D; Ilias Leontiadis, Telefonica I+D; Emiliano De Cristofaro, University College London; Gianluca Stringhini, University College London; Shi Zhou, University College London
Moderator: Tomas Vagoun, Federal Networking and IT R&D Program (NITRD)
Jeremy Epstein, National Science Foundation
Tristan Nguyen, Air Force Office of Scientific Research
Sharothi Pikar, Office of the Under Secretary of Defense (Research & Engineering)
Session Chair: Michalis Polychronakis, Stony Brook UniversityAn Extensive Evaluation of the Internet's Open ProxiesAkshaya Mani, Georgetown University; Tavish Vaidya, Georgetown University; David Dworken, Northeastern University; Micah Sherr, Georgetown UniversitySENSS Against Volumetric DDoS AttacksSivaramakrishnan Ramanathan, USC/ISI; Jelena Mirkovic, USC/ISI; Minlan Yu, Harvard; Ying Zhang, FacebookWi Not Calling: Practical Privacy and Availability Attacks in Wi-Fi CallingJaejong Baek, Arizona State Umiversity; Sukwha Kyung, Arizona State University; Haehyun Cho, Arizona State University; Ziming Zhao, Arizona State University; Yan Shoshitaishvili, Arizona State University; Adam Doupé, Arizona State University; Gail-Joon Ahn, Arizona State University and SAMSUNG ResearchTracking Users across the Web via TLS Session ResumptionErik Sy, University of Hamburg; Christian Burkert, University of Hamburg; Hannes Federrath, University of Hamburg; Mathias Fischer, University of Hamburg
18:30-21:00
(Ocean Garden)
Dinner will include a trio performing local music. After dinner, Folkloric Show Guamanique will perform traditional Puerto Rican dances - a show not to be missed!
Dinner will be held outside in the Ocean Garden. In case of inclement weather we will move to the Grand Ballroom.
Thursday, 6 December 2018
7:30-8:30
(Brisas Del Mar)
9:00-10:00
(Royal Ballroom)Session Chair: David Balenson
AI in Cybersecurity: Applications, Open Problems, and Future Directions
Alina Oprea, Professor of Computer Science, Northeastern University
Panel Moderator: Jeremy Epstein, National Science Foundation
Panelists:
Donna Price, Georgians for Verified Voting
Honorable Tom Hicks, Chairman US Election Assistance Commission
Roberto E. Benítez, Puerto Rico State Elections Commission SLIDES
Session Chair: Adam Doupé, Arizona State UniversityTowards Automated Generation of Exploitation Primitives for Web BrowsersBehrad Garmany, Ruhr-Universität Bochum; Martin Stoffel, Ruhr-Universität Bochum; Robert Gawlik, Ruhr-Universität Bochum; Philipp Koppe, Ruhr-Universität Bochum; Tim Blazytko, Ruhr-Universität Bochum; Thorsten Holz, Ruhr-Universität BochumRAPID: Resource and API-Based Detection Against In-Browser MinersJuan David Parra Rodriguez, University of Passau; Joachim Posegga, University of PassauRaising the Bar: Evaluating Origin-wide Security ManifestsSteven Van Acker, Chalmers University of Technology; Daniel Hausknecht, Chalmers University of Technology; Andrei Sabelfeld, Chalmers University of TechnologyA Multi-tab Website Fingerprinting AttackYixiao Xu, Tsinghua University; Tao Wang, Hong Kong University of Science and Technology; Qi Li, Tsinghua University; Qingyuan Gong, Fudan University; Yang Chen, Fudan University; Yong Jiang, Tsinghua University
Creating Failure Scenarios for Natural Gas Critical Infrastructure, Michael Locasto, SRI International
Password Sequence (PSQ) - A Novel Approach for Implementing Long Passwords, Joseph D Scrandis, Towson University
Encrypting Configuration Sections in ASP.NET 4.5 Using DPAPI: A Real Life Experience, Sercan Alabay, Uludag University, Turkey TEXT
Session Chair: Stephen Schwab, USC Information Sciences InstituteHiding in the Shadows: Empowering ARM for Stealthy Virtual Machine IntrospectionSergej Proskurin, Technical University of Munich; Tamas Lengyel, The Honeynet Project; Marius Momeu, Technical University of Munich; Claudia Eckert, Technical University of Munich; Apostolis Zarras, Maastricht UniversityA Measurement Study on Linux Container Security: Attacks and CountermeasuresXin Lin, School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China and Institute of Information Engineering, CAS, Beijing, China and Data Assurance and Communication Security Research Center, CAS, Beijing, China; Lingguang Lei, Institute of Information Engineering, CAS, Beijing, China and Data Assurance and Communication Security Research Center, CAS, Beijing, China; Yuewu Wang, Institute of Information Engineering, CAS, Beijing, China and Data Assurance and Communication Security Research Center, CAS, Beijing, China; Jiwu Jing, Institute of Information Engineering, CAS, Beijing, China and Data Assurance and Communication Security Research Center, CAS, Beijing, China; Kun Sun, George Mason University, Fairfax, USA; Quan Zhou, Institute of Information Engineering, CAS, Beijing, China and Data Assurance and Communication Security Research Center, CAS, Beijing, ChinaSecure Out-of-band Remote Management of Virtual Machines with Transparent PassthroughShota Futagami, Kyushu Institute of Technology; Tomoya Unoki, Kyushu Institute of Technology; Kenichi Kourai, Kyushu Institute of TechnologyPrime+Count: Novel Cross-world Covert Channels on ARM TrustZoneHaehyun Cho, Arizona State University; Penghui Zhang, Arizona State University; Donguk Kim, SAMSUNG Research; Jinbum Park, SAMSUNG Research; Choonghoon Lee, SAMSUNG Research; Ziming Zhao, Arizona State University; Adam Doupé, Arizona State University; Gail-Joon Ahn, Arizona State University and SAMSUNG Research
Moderator: Tomas Vagoun, Federal Networking and IT R&D Program (NITRD)
Maya Bernstein, US Department of Health & Human Services
Raymond Brown, NSA
Rene Peralta, NIST
Session Chair: Michael Locasto, SRI InternationalType-after-Type: Practical and Complete Type-Safe Memory ReuseErik van der Kouwe, Leiden University; Taddeus Kroes, Vrije Universiteit Amsterdam; Chris Ouwehand, Vrije Universiteit Amsterdam; Herbert Bos, Vrije Universiteit Amsterdam; Cristiano Giuffrida, Vrije Universiteit AmsterdamMapping to Bits: Efficiently Detecting Type Confusion ErrorsChengbin Pang, Nanjing University; Yunlan Du, Nanjing University; Bing Mao, Nanjing University; Shanqing Guo, Shandong UniversityA Heuristic Framework to Detect Concurrency VulnerabilitiesChangming Liu, Huazhong University of Science and Technology; Deqing Zou, Huazhong University of Science and Technology; Peng Luo, Huazhong University of Science and Technology; Bin Zhu, Microsoft Research Asia; Hai Jin, Huazhong University of Science and TechnologyICSD: An Automatic System for Insecure Code Snippet Detection in Stack Overflow over Heterogeneous Information NetworkYanfang Ye, West Virginia University; Shifu Hou, West Virginia University; Lingwei Chen, West Virginia University; Xin Li, West Virginia University; Shouhuai Xu, University of Texas at San Antonio; Liang Zhao, George Mason University; Jiabin Wang, Tencent Security Lab; Qi Xiong, Tencent Security Lab
Session Chair: Sebastien Bardin, CEAFinding The Greedy, Prodigal, and Suicidal Contracts at ScaleIvica Nikolic, School of Computing, NUS; Aashish Kolluri, School of Computing, NUS; Ilya Sergey, University College London; Prateek Saxena, School of Computing, NUS; Aquinas Hobor, Yale-NUS College and School of Computing, NUSOsiris: Hunting for Integer Bugs in Ethereum Smart ContractsChristof Ferreira Torres, SnT/University of Luxembourg; Julian Schütte, Fraunhofer AISEC; Radu State, SnT/University of LuxembourgSmarTor: Smarter Tor with Smart ContractsAndre Greubel, University of Wuerzburg; Alexandra Dmitrienko, University of Wuerzburg; Samuel Kounev, University of WuerzburgObscuro: A Bitcoin Mixer using Trusted Execution EnvironmentsMuoi Tran, National University of Singapore; Loi Luu, Kyber Network; Min Suk Kang, National University of Singapore; Iddo Bentov, Cornell University; Prateek Saxena, National University of Singapore
10:00-10:30
(Foyer)
10:30-11:15
Royal Ballroom
Miramar I
Session Chair: Alexandros Kapravelos, North Carolina State UniversityThere’s a Hole in that Bucket! A Large-scale Analysis of Misconfigured S3 BucketsAndrea Continella, Politecnico di Milano; Mario Polino, Politecnico di Milano; Marcello Pogliani, Politecnico di Milano; Stefano Zanero, Politecnico di MilanoDeDoS: Defusing DoS with Dispersion Oriented SoftwareHenri Maxime Demoulin, University of Pennsylvania; Tavish Vaidya, Georgetown University; Isaac Pedisich, University of Pennsylvania; Bob DiMaiolo, University of Pennsylvania; Jingyu Qian, Georgetown University; Chirag Shah, University of Pennsylvania; Yuankai Zhang, Georgetown University; Ang Chen, Rice University; Andreas Haeberlen, University of Pennsylvania; Boon Thau Loo, University of Pennsylvania; Linh Thi Xuan Phan, University of Pennsylvania; Micah Sherr, Georgetown University; Clay Shields, Georgetown University; Wenchao Zhou, Georgetown University