Advance Program
Sunday, 16 May 2010
4-7pm Registration and
Welcome Reception
Registration will be open next to the Boardroom
from 4-7pm Sunday. Symposium registration is sold out. No walk-in
registrations will be allowed except for the workshops only.
Monday, 17 May 2010
7:30am-5pm
Registration desk will be open 7:30am-5pm Monday.
7-8:30am Breakfast
Claremont Ballroom
8:30–8:45am Opening
Remarks [ PPTX] [ PDF]
Ulf Lindqvist, David Evans, Giovanni Vigna
8:45–10:00 Session
1: Malware Analysis
Chair: Jon Giffin,
Georgia Institute of Technology
Inspector Gadget: Automated Extraction of Proprietary Gadgets
from Malware Binaries [Slides: PDF]
Clemens Kolbitsch (Vienna University of Technology), Thorsten Holz
(Vienna University of Technology), Christopher Kruegel (University of California, Santa
Barbara), Engin Kirda (Institute Eurecom)
Synthesizing Near-Optimal Malware Specifications from
Suspicious Behaviors
Matt Fredrikson (University of Wisconsin), Mihai Christodorescu (IBM
Research), Somesh Jha (University of Wisconsin), Reiner Sailer (IBM
Research), Xifeng Yan (University of California, Santa Barbara)
Identifying Dormant Functionality in Malware
Programs
Paolo Milani Comparetti (Technical University Vienna), Guido Salvaneschi
(Politecnico di Milano), Clemens Kolbitsch (Technical University
Vienna), Engin Kirda (Institut Eurecom), Christopher Kruegel (University
of California, Santa Barbara), Stefano Zanero (Politecnico di Milano)
10:00–10:20 Break
10:20–noon
Session 2: Information Flow
Reconciling Belief and Vulnerability in Information
Flow
Sardaouna Hamadou (University of Southampton), Vladimiro
Sassone (University of Southampton), Catuscia Palamidessi
(École Polytechnique)
Towards Static Flow-Based Declassification for Legacy and Untrusted
Programs [Slides: PPTX, PDF]
Bruno P.S. Rocha (Eindhoven University of Technology), Sruthi Bandhakavi
(University of Illinois at Urbana Champaign), Jerry I. den Hartog
(Eindhoven University of Technology), William H. Winsborough (University
of Texas at San Antonio), Sandro Etalle (Eindhoven University of
Technology)
Non-Interference Through Secure Multi-Execution
[Slides: PDF]
Object Capabilities and Isolation of Untrusted Web
Applications [Slides: PDF]
Sergio Maffeis (Imperial College London), John C. Mitchell (Stanford
University), Ankur Taly (Stanford University)
noon–1:30 Lunch
1:30–2:45 Session
3: Root of Trust
TrustVisor: Efficient TCB Reduction and Attestation
[Slides: PPTX,
PDF]
Jonathan McCune (Carnegie Mellon University), Yanlin Li
(Carnegie Mellon University), Ning Qu (Nvidia),
Zongwei Zhou (Carnegie Mellon University), Anupam Datta (Carnegie Mellon University), Virgil Gligor (Carnegie Mellon University), Adrian Perrig (Carnegie Mellon University)
Overcoming an Untrusted Computing Base: Detecting and Removing
Malicious Hardware Automatically [Slides: PPT, PDF]
Matthew Hicks (University of Illinois), Murph Finnicum (University of
Illinois), Samuel T. King (University of Illinois), Milo M. K. Martin
(University of Pennsylvania), Jonathan M. Smith (University of
Pennsylvania)
Tamper Evident Microprocessors
Adam Waksman, Simha Sethumadhavan (Columbia University)
2:45–3:15 Break
3:15–4:55 Session
4: Information Abuse
Side-Channel Leaks in Web Applications: a Reality Today, a
Challenge Tomorrow [Slides: PPT, PDF]
Shuo Chen (Microsoft Research), Rui Wang (Indiana University
Bloomington), XiaoFeng Wang (Indiana University Bloomington), Kehuan
Zhang (Indiana University Bloomington)
Investigation of Triangular Spamming: a Stealthy and Efficient
Spamming Technique [Slides: PPTX]
Zhiyun Qian (University of Michigan), Z. Morley Mao (University of
Michigan), Yinglian Xie (Microsoft Research Silicon Valley), Fang Yu
(Microsoft Research Silicon Valley)
A Practical Attack to De-Anonymize Social Network
Users [Slides: PDF]
Gilbert Wondracek (Vienna University of Technology), Thorsten Holz (Vienna University of Technology), Engin Kirda (Institute Eurecom),
Christopher Kruegel (University of California, Santa Barbara)
SCiFI - A System for Secure Face
Identification
Margarita Osadchy, Benny Pinkas, Ayman Jarrous, Boaz Moskovich
(Univesity of Haifa)
Best Paper Award!
5:00pm
Buses start loading for special event
Buses will leave from the Claremont front entrance to the reception. [ Walking
directions (about 30 minutes)]
5:30pm
Reception at Pauley Ballroom
6:30pm
Special Gala Dinner Celebrating the 30th Anniversary of Security and
Privacy (at the Pauley Ballroom)
9:20pm
Buses start to leave from Pauley Ballroom back
to Claremont
Tuesday, 18 May 2010
7:30-9am Breakfast
Claremont Ballroom
9–10:15am Session 5: Network Security
Round-Efficient Broadcast Authentication Protocols for Fixed
Topology Classes [Slides: PPT, PDF]
Haowen Chan, Adrian Perrig (Carnegie Mellon University)
Revocation Systems with Very Small Private
Keys [Slides: PPT]
Allison Lewko (University of Texas at Austin),
Amit Sahai (University of California, Los Angeles), Brent Waters (University of Texas at Austin)
Authenticating Primary Users' Signals in Cognitive Radio
Networks via Integrated Cryptographic and Wireless Link Signatures
Yao Liu, Peng Ning, Huaiyu Dai (North Carolina State University)
10:45–noon Session
6: Systematization of Knowledge I
Outside the Closed World: On Using Machine Learning For Network
Intrusion Detection [Slides: PDF]
Robin Sommer (International Computer Science Institute / Lawrence
Berkeley National Laboratory), Vern Paxson (International Computer
Science Institute / University of California, Berkeley)
All You Ever Wanted to Know about Dynamic Taint Analysis and
Forward Symbolic Execution (but might have been afraid to ask) [Slides: PPTX, PDF]
Thanassis Avgerinos, Edward Schwartz, David Brumley (Carnegie Mellon
University)
State of the Art: Automated Black-Box
Web Application Vulnerability Testing
Jason Bau, Elie Bursztein, Divij Gupta, John
Mitchell (Stanford University)
noon–1:45pm
Lunch and Business Meeting [Slides: PPTX,
PDF]
1:45–3:00pm Session
7: Secure Systems
A Proof-Carrying File System
Deepak Garg, Frank Pfenning (Carnegie Mellon University)
Scalable Parametric Verification of Secure Systems:
How to Verify Reference Monitors without Worrying about Data Structure
Size
HyperSafe: A Lightweight Approach to Provide Lifetime Hypervisor
Control-Flow Integrity [Slides: PDF]
Zhi Wang, Xuxian Jiang (North Carolina State University)
3:00–3:20 Break
3:20–4:10 Session
8: Systematization of Knowledge II
Chair: Ed
Suh, Cornell University
How Good are Humans at Solving CAPTCHAs? A Large
Scale Evaluation
Elie Bursztein, Steven Bethard, John C. Mitchell, Dan Jurafsky
(Stanford University), Céline Fabry
Bootstrapping Trust in Commodity Computers
[Slides: PPTX, PDF]
Bryan Parno, Jonathan M. McCune, Adrian Perrig (Carnegie Mellon
University)
4:10–4:30 Break
4:30–5:30
5:45–7:30pm
Wednesday, 19 May 2010
7:30-9am Breakfast
Claremont Ballroom
9–10:15am Session
9: Analyzing Deployed Systems
Chip and PIN is Broken [Slides: PDF, Prezi]
Steven J. Murdoch, Saar Drimer, Ross Anderson, Mike Bond
(University of Cambridge)
Best Practical Paper Award!
Experimental Security Analysis of a Modern
Automobile
Karl Koscher, Alexei Czeskis, Franziska Roesner, Shwetak Patel,
Tadayoshi Kohno (University of Washington), Stephen Checkoway, Damon McCoy, Brian Kantor, Danny
Anderson, Hovav Shacham, Stefan Savage (University of California, San Diego)
On the Incoherencies in Web Browser Access Control
Policies
Kapil Singh (Georgia Institute of Technology), Alexander Moshchuk
(Microsoft Research), Helen J. Wang (Microsoft Research), Wenke Lee
(Georgia Institute of Technology)
10:45–noon Session
10: Language-Based Security
ConScript: Specifying and Enforcing
Fine-Grained Security Policies for JavaScript in the Browser
[Slides: PPT, PDF]
Leo Meyerovich (University of California, Berkeley), Benjamin Livshits
(Microsoft Research)
TaintScope: A Checksum-Aware Directed Fuzzing Tool for Automatic
Software Vulnerability Detection [Slides: PPTX, PDF]
Tielei Wang (Peking University), Tao Wei (Peking University), Guofei Gu
(Texas A & M University), Wei Zou (Peking University)
Best Student Paper Award!
A Symbolic Execution Framework for JavaScript
Prateek Saxena, Devdatta Akhawe, Steve Hanna, Stephen McCamant, Dawn
Song, Feng Mao (University of California, Berkeley)
noon–12:15 Closing
Ulf Lindqvist, David Evans, Giovanni Vigna
1:30-5:00pm US Cybersecurity R&D
Special co-located event open to all
attendees
Immediately following the symposium representatives from NSF, DHS, and
other agencies will present new US Federal cybersecurity R&D themes.
The themes will guide future Federal research activities and
solicitations and are components of the framework for cybersecurity R&D
called for in the President's Cyberspace Policy Review. This event,
which is held at the Claremont and is open to all symposium attendees,
will be the first in-depth review of these Federal cybersecurity R&D
objectives and will provide insights into the priorities that are
shaping the direction of Federal research activities. For more
information, visit http://www.nitrd.gov/.
Thursday, 20 May 2010
7:30-9am Breakfast
Claremont Ballroom (for workshop participants only)
All Day
See you in 2011!
|
|
|
|