| 7:30-8:30 | | Breakfast (Hampton Court Assembly) |
|
| 8:30-8:45 | |
| 8:45-10:00 | |
| 10:00-10:30 | | Break (Hampton Court Assembly) |
|
| 10:30-12:00 | | Ireland A | Sapphire | Diamond | Emerald | | Malware 1Art FriedmanUnderstanding the Prevalence and Use of Alternative Plans in Malware with Network GamesYacin Nadji, Georgia Institute of Technology; Manos Antonakakis, Damballa, Inc.; Roberto Perdisci, University of Georgia; Wenke Lee, Georgia Institute of TechnologyForeCast - Skimming o�ff the Malware CreamMatthias Neugschwandtner, Vienna University of Technology; Paolo Milani Comparetti, Vienna University of Technology; Gregoire Jacob, University of California, Santa Barbara; Christopher Kruegel, University of California, Santa BarbaraDetecting Malware’s Failover C&C Strategies with SQUEEZEMatthias Neugschwandtner, Vienna University of Technology; Paolo Milani Comparetti, Vienna University of Technology; Christian Platzer, Vienna University of Technology |
Case Studies 1Deborah CooperDetermining the fundamental basis of software vulnerabilities, Larry Wagoner, NSA
Security Architecture Required of Smart Phones, Eric Uner, PCTEL Secure
Building FIPS 140-2 Compliant Configuration for SAS 9.3 BI Web Applications, Heesun Park, SAS institute |
Panel: The Menlo Report: Ethical Principles Guiding Information and Communication Technology ResearchDoug Maughan |
FISMA Training 1 — Security Controls: NIST SP 800-53, Revision 4Kelley Dempsey |
|
| 12:00-13:30 | | Lunch (Great Hall Center) |
|
| 13:30-15:00 | | Ireland A | Sapphire | Diamond | Emerald | | Situational Awareness 1Michael FranzDistilling Critical Attack Graph Surface iteratively through Minimum-Cost SAT SolvingHeqing Huang, Kansas State University; Su Zhang, Kansas State University; Xinming Ou, Kansas State University; Atul Prakash, University of Michigan; Karem Sakallah, University of MichiganRIPE: Runtime Intrusion Prevention EvaluatorJohn Wilander, Dept. of Computer Science, Linköpings Universitet; Nick Nikiforakis, Katholieke Universiteit Leuven; Yves Younan, Katholieke Universiteit Leuven; Wouter Joosen, Katholieke Universiteit Leuven; Miriam Kamkar, Linköpings UniversitetHit 'em Where it Hurts: A Live Security Exercise on Cyber Situational AwarenessAdam Doupé, University of California Santa Barbara; Manuel Egele, Technical University Vienna; Benjamin Caillat, Ecole Superieure d'Informatique Electronique Automatique; Gianluca Stringhini, University of California Santa Barbara; Gorken Yakin, University of California Santa Barbara; Ali Zand, University of California Santa Barbara; Ludovico Cavedon, University of California Santa Barbara; Giovanni Vigna, University of California Santa Barbara |
Case Studies 2Steve RomeChallenges in Software Trustability, Ian Bryant, UK SSDRI
Employee Data Theft, Jonathan Grier, Vesaria
Current Status of the Xenon Secure Hypervisor, John McDermott, Naval Research Laboratory
|
Panel: The Search for Meaningful TrustworthinessPeter NeumannPanelists: Jeremy Grant (NIST), Matt Blaze (U. Pennsylvania), Susan Landau (Harvard), Cormac Herley (Microsoft Research) |
FISMA Training 2 — New Appendix in NIST SP 800-53 Revision 4: Privacy Controls Julie McEwen |
|
| 15:00-15:30 | | Break (Hampton Court Assembly) |
|
| 15:30-17:00 | | Ireland A | Sapphire | Diamond | Emerald | | Applied CryptographySteve Greenwald“Mix-In-Place” Anonymous Networking Using Secure Function EvaluationNilesh Nipane, Georgia Institute of Technology; Italo Dacosta, Georgia Institute of Technology; Patrick Traynor, Georgia Institute of TechnologySecurity Through Amnesia: A Software-Based Solution to the Cold Boot Attack on Disk EncryptionPatrick Simmons, University of Illinois at Urbana-ChampaignPrivate Search in the Real WorldVasilis Pappas, Columbia University; Mariana Raykova, Columbia University; Binh Vo, Columbia University; Steven M. Bellovin, Columbia University; Tal Malkin, Columbia University |
Social Network SecurityKonstantin BeznosovThe Socialbot Network: When Bots Socialize for Fame and MoneyYazan Boshmaf, University of British Columbia; Ildar Muslukhov, University of British Columbia; Konstantin Beznosov, University of British Columbia; Matei Ripeanu, University of British ColumbiaDetecting and Resolving Privacy Conflicts for Collaborative Data Sharing in Online Social NetworksHongxin Hu, Arizona State University; Gail-Joon Ahn, Arizona State University; Jan Jorgensen, Arizona State UniversitySocial Snapshots: Digital Forensics for Online Social NetworksMarkus Huber, SBA Research; Martin Mulazzani, SBA Research; Gilbert Wondracek, Vienna University of Technology; Sebastian Schrittwieser, SBA Research; Edgar Weippl, SBA Research; Manuel Leithner, SBA Research |
Works-in-ProgressBenjamin Kuperman |
FISMA Training 3 — Conducting Risk Assessments: NIST SP 800-30, Revision 1Kelley Dempsey |
|
| 17:00-18:00 | |
| 19:00-22:00 | | Conference Dinner (20Seven) |
|
| 7:30-8:30 | | Breakfast (Hampton Court Assembly) |
|
| 8:30-8:45 | | Opening Remarks (Ireland B/C) |
|
| 8:45-10:00 | |
| 10:00-10:30 | | Break (Hampton Court Assembly) |
|
| 10:30-12:00 | | Ireland A | Sapphire | Diamond | Emerald | | Usable SecurityMichael LocastoFacing the Facts about Image Type in Recognition-Based Graphical PasswordsMax Hlywa, Carleton University; Andrew Patrick, Office of the Privacy Commissioner of Canada; Robert Biddle, Carleton UniversityPhorceField: A Phish-Proof Password CeremonyMichael Hart, SUNY Stony Brook; Claude Castille, SUNY Stony Brook; Manoj Harpalani, SUNY Stony Brook; Jonathan Toohill, SUNY Stony Brook; Rob Johnson, SUNY Stony BrookDynamic Sample Size Detection in Continuous Authentication using Sequential SamplingAhmed Awad E. Ahmed, University of Victoria; Issa Traore, University of Victoria |
Secure InfrastructurePatrick McDanielImproving Robustness of DNS to Software VulnerabilitiesAhmed Khurshid, University of Illinois at Urbana-Champaign; Firat Kiyak, University of Illinois at Urbana-Champaign; Matthew Caesar, University of Illinois at Urbana-ChampaignEnabling Secure VM-vTPM Migration in Private CloudsBoris Danev, ETH Zurich; Ramya Jayaram Masti, ETH Zurich; Ghassan O. Karame , ETH Zurich; Srdjan Capkun, ETH ZurichExposing Invisible Timing-based Traffic Watermarks with BACKLITXiapu Luo, The Hong Kong Polytechnic University; Peng Zhou, The Hong Kong Polytechnic University; Junjie Zhang, Georgia Institute of Technology; Roberto Perdisci, University of Georgia; Wenke Lee, Georgia Institute of Technology; Rocky K. C. Chang, The Hong Kong Polytechnic University |
Panel: Learning from Unanticipated Scientific Security Research Results Workshop HighlightsJeremy EpsteinPanelists: Matt Bishop (UC Davis), Eugene Spafford (Purdue), John McHugh (RedJack LLC and University of North Carolina), Sam Weber (NSF) |
FISMA Training 3 — Conducting Risk Assessments: NIST SP 800-30, Revision 1Kelley Dempsey |
|
| 12:00-13:30 | | Lunch (Great Hall Center) |
|
| 13:30-15:00 | | Ireland A | Sapphire | Diamond | Emerald | | AnonymityPaul SyversonExploring the Potential Benefits of Expanded Rate Limiting in Tor: Slow and Steady Wins the Race With TortoiseW. Brad Moore, Georgetown University; Chris Wacek, Georgetown University; Micah Sherr, Georgetown University"Super Nodes" in Tor: Existence and Security ImplicationChenglong Li, Tsinghua National Lab for Information Science and Technology (TNList), Beijing; Yibo Xue, Research Institute of Information Technology (RIIT), Tsinghua University, Beijing; Yingfei Dong, Department of Electrical Engineering, University of Hawaii, Honolulu; Dongsheng Wang, Research Institute of Information Technology (RIIT), Tsinghua University, BeijingSmart Metering De-PseudonymizationMarek Jawurek, SAP Research; Martin Johns, SAP Research; Konrad Rieck, Technische Universität Berlin |
Web Security 1Gene SpaffordSEMAGE: A New Image-based Two-Factor CAPTCHAShardul Vikram, Texas A & M University; Yinan Fan, Texas A & M University; Guofei Gu, Texas A & M UniversityBLOCK: A Black-box Approach for Detection of State Violation Attacks Towards Web ApplicationsXiaowei Li, Vanderbilt University; Yuan Xue, Vanderbilt UniversityA Server- and Browser-Transparent CSRF Defense for Web 2.0 ApplicationsRiccardo Pelizzi, Stony Brook University; R Sekar, Stony Brook University |
Panel: The New Security Paradigms Workshop ExperienceCormac Herley and Carrie GatesMichael Locasto (U. Calgary)
|
FISMA Training 4 — Risk Management Framework: NIST SP 800-37Marshall Abrams/Kelley Dempsey |
|
| 15:00-15:30 | | Break (Hampton Court Assembly) |
|
| 15:30-17:00 | | Ireland A | Sapphire | Diamond | Emerald | | Software SecurityEd SchneiderASIDE: IDE Support for Web Application SecurityJing Xie, University of North Carolina at Charlotte; Bill Chu, University of North Carolina at Charlotte; Heather Richter Lipford, University of North Carolina at Charlotte; John T. Melton, University of North Carolina at CharlotteTracking Payment Card Data Flow Using Virtual Machine State IntrospectionJennia Hizver, Stony Brook University; Tzi-cker Chiueh, Stony Brook University |
Web Security 2Cristina SerbanAn Empirical Study of Visual Security Cues to Prevent the SSLstripping AttackDongwan Shin, New Mexico Tech; Rodrigo Lopes, New Mexico TechAdSentry: Comprehensive and Flexible Confinement of JavaScript-based AdvertisementsXinshu Dong, Department of Computer Science, National University of Singapore; Minh Tran, Department of Computer Science, North Carolina State University; Zhenkai Liang, Department of Computer Science, National University of Singapore; Xuxian Jiang, Department of Computer Science, North Carolina State UniversityWebJail: Least-privilege Integration of Third-party Components in Web MashupsSteven Van Acker, IBBT-Distrinet, Katholieke Universiteit Leuven; Philippe De Ryck, IBBT-Distrinet, Katholieke Universiteit Leuven; Lieven Desmet, IBBT-Distrinet, Katholieke Universiteit Leuven; Frank Piessens, IBBT-Distrinet, Katholieke Universiteit Leuven; Wouter Joosen, IBBT-Distrinet, Katholieke Universiteit Leuven |
Panel: Software Assurance in the Globalised EraIan Bryant |
FISMA Training 4 — Risk Management Framework: NIST SP 800-37Marshal Abrams/Kelley Dempsey |
|
| 17:00-18:00 | |
| 18:00-21:00 | |
| 7:30-8:30 | | Breakfast (OB Rest/Ver/Patio) |
|
| 8:30-10:00 | | Captain | Yeoman | Scribe | | Mobile SecurityMyong KangReliable Telemetry in White Spaces using Remote AttestationOmid Fatemieh, University of Illinois at Urbana Champaign; Michael LeMay, University of Illinois at Urbana Champaign; Carl A. Gunter, University of Illinois at Urbana ChampaignDon't Bump, Shake on It: The Exploitation of a Popular Accelerometer-Based Smart Phone Exchange and Its Secure ReplacementAhren Studer, Carnegie Mellon University; Timothy Passaro, Carnegie Mellon University; Lujo Bauer, Carnegie Mellon UniversityAttacks on WebView in the Android SystemTongbo Luo, Syracuse University; Hao Hao, Syracuse University; Wenliang Du, Syracuse University; Yifei Wang, Syracuse University; Heng Yin, Syracuse University |
Malware 2Christoph SchubaMitigating Code-Reuse Attacks with Control-Flow LockingTyler Bletsch, NetApp, Inc; Xuxian Jiang, North Carolina State University; Vince Freeh, North Carolina State UniversitydeRop: Removing Return-Oriented Programming from MalwareKangjie Lu, Peking University, Singapore Management University; Dabi Zou, Singapore Management University; Weiping Wen, Peking University; Debin Gao, Singapore Management UniversityStatic Detection of Malicious JavaScript-Bearing PDF DocumentsPavel Laskov, University of Tuebingen; Nedim Srndic, University of Tuebingen |
FISMA Training 5 — Managing Information Security: NIST SP 800-39Marshall Abrams |
|
| 10:00-10:30 | |
| 10:30-11:30 | | Captain | Yeoman | Scribe | | Situational Awareness 2Yingfei DongNexat: A History-Based Approach to Predict Attacker ActionsAmir Houmansadr, University of Illinois at Urbana-Champaign; Ali Zand, UCSB; Casey Cipriano, UCSB; Giovanni Vigna, UCSB; Christopher Kruegel, UCSBFrom Prey To Hunter: Transforming Legacy Embedded Devices Into Exploitation Sensor GridsAng Cui, Columbia University; Jatin Kataria, Columbia University; Salvatore J. Stolfo, Columbia University |
Malware 3Charles PayneBareBox: Efficient Malware Analysis on Bare-MetalDhilung Kirat, University of California, Santa Barbara; Giovanni Vigna, University of California, Santa Barbara; Christopher Kruegel, University of California, Santa BarbaraAutomated Remote Repair for Mobile MalwareYacin Nadji, Georgia Institute of Technology; Jonathan Giffin, Georgia Institute of Technology; Patrick Traynor, Georgia Institute of Technology |
FISMA Training 5 — Managing Information Security: NIST SP 800-39Marshall Abrams |
|
| 11:30-12:00 | | Closing and Awards (Cloister)Giveaways too, so don't plan on leaving early! |
|
| 12:30-18:00 | Social Event (Sea World)Pre-purchased tickets are $59, more than 20% off SeaWorld prices, and includes transportation. Register early as there is limited transportation seating.
|
|