[ACSAC 2013] Program

Monday, 9 December 2013

7:30-8:30

Breakfast (Lafitte AB)

8:30-12:00

Orleans A	Orleans B	Board Room	DH Holmes A	DH Holmes C
M1. Mobile Security: Securing Mobile Devices & ApplicationsFull-Day Mr. David Lindner, Aspect Security	M2. Integrating Security Engineering and Software EngineeringFull Day Dr. Antonio Maña Gomez, University of Malaga; Dr. Ronald S. Ross, NIST; Dr. Carsten Rudolph, Fraunhofer SIT; Mr. Jose F. Ruiz, Fraunhofer SIT	M3. Introduction to Reverse Engineering MalwareFull Day Dr. Golden G. Richard III, University of New Orleans	Tracer FIRETwo-Day Instructors: Kevin Nauer, Ben Anderson, Theodore Reed, Sandia National Labs	Layered Assurance Workshop (LAW)Two-Day General Chair: Rance DeLong, Consultant Program Chair: Gabriela Ciocarlie, SRI International Panels Chair: Peter G. Neumann, SRI International

12:00-13:30

Lunch (Lafitte AB)

13:30-17:00

Orleans A	Orleans B	Board Room	DH Holmes A	DH Holmes C
M1. Mobile Security: Securing Mobile Devices & Applications(continues from the morning)	M2. Integrating Security Engineering and Software Engineering(continues from the morning)	M3. Introduction to Reverse Engineering Malware(continues from the morning)	Tracer FIRE(continues from the morning)	Layered Assurance Workshop (LAW)(continues from the morning)

Tuesday, 10 December 2013

7:30-8:30

Breakfast (Lafitte AB)

8:30-12:00

Orleans B	Board Room	DH Holmes B	DH Holmes A	DH Holmes C	Orleans A
T4. Analysing Android Malware at RuntimeFull-Day Dr Giovanni Russello, University of Auckland	T5. Finding Data Leaks in Applications, Network Protocols, and Systems with Open Source Computer Forensics Tools CANCELLED Full-Day Dr. Simson Garfinkel, forensicswiki.org	T6. Authentication & Authorization Standards for the CloudHalf-Day Dr. Hassan Takabi, University of North Texas	Tracer FIRE(continues from Monday)	Layered Assurance Workshop (LAW)(continues from Monday)	Next Generation Malware Attacks and Defense Workshop (NGMAD)Full-Day Chair: Dr. Harvey H. Rubinovitz, MITRE Corporation

12:00-13:30

Lunch (Lafitte AB)

13:30-17:00

Orleans B	Board Room	DH Holmes B	DH Holmes A	DH Holmes C	Orleans A
T4. Analysing Android Malware at Runtime(continues from the morning)	T5. Finding Data Leaks in Applications, Network Protocols, and Systems with Open Source Computer Forensics Tools(continues from the morning)	T7. Cyber-Physical Systems SecurityHalf-Day Dr. Alvaro A. Cárdenas, University of Texas, Dallas	Tracer FIRE(continues from the morning)	Layered Assurance Workshop (LAW)(continues from the morning)	Next Generation Malware Attacks and Defense Workshop (NGMAD)(continues from the morning)

18:00-20:00

Reception (Atrium)

Wednesday, 11 December 2013

7:30-8:30

Breakfast (Lafitte AB)

8:30-8:45

Welcome (DH Holmes AB)

8:45-10:00

Distinguished Practitioner Keynote (DH Holmes AB)Systems Thinking for Safety and SecurityWilliam Young; Nancy Leveson

10:00-10:30

Break (Foyer)

10:30-12:00

DH Holmes B	Orleans B	Orleans A	DH Holmes C
Panel: Cybersecurity and Cyber-Physical Systems: A Government PerspectiveModerator: Hassan Takabi Panelists (listed alphabetically): Dr. David Corman, NSF Dr. Daniel Massey, DHS Kevin Stine, NIST	Mobile Networks and AppsAhmad-Reza SadeghiAFrame: Isolating Advertisements from Mobile Applications in AndroidXiao Zhang; Amit Ahlawat; Wenliang DuThe Man Who Was There: Validating Check-ins in Location-Based ServicesIasonas Polakis; Stamatis Volanis; Elias Athanasopoulos; Evangelos P. MarkatosDiscovery of Emergent Malicious Campaigns in Cellular NetworksNathaniel Boggs; Wei Wang; Suhas Mathur; Baris Coskun; Carol Pincock	Real World Security - Deployment and Beyond 1Art FriedmanInvited TalksDetecting and Reporting Counterfeit and Tainted ProductsJoe JarzombekEthnographic Fieldwork at a University IT Security OfficeXinming OuDesigning State-of-the-Art Business Partner ConnectionsMatthias Luft	Integrating Systems Engineering and Security Engineering: NIST SP 800-160Special Training Session Instructor: Michael McEvilley, MITRE Corporation

12:00-13:30

Lunch (Lafitte AB)

13:30-15:00

DH Holmes B	Orleans B	Orleans A
Panel: A High Assurance Reference Architecture for Industrial and Process Control SystemsModerators: Blaine Burnham Panelists: Dr. Blaine Burnham, USC; Dr. Ron Ross, NIST; Prof. Roger Schell, USC; Todd Bauer, Sandia; Timothy McMillan, Siemens	Privacy and Privacy Preserving TechnologiesSteven MyersMessage In A Bottle: Sailing Past CensorshipLuca Invernizzi; Christopher Kruegel; Giovanni Vignak-subscription: Privacy-Preserving Microblogging Browsing Through ObfuscationPanagiotis Papadopoulos; Antonis Papadogiannakis; Michalis Polychronakis; Apostolis Zarras; Thorsten Holz; Evangelos P. MarkatosMyCloud-Supporting User-Configured Privacy Protection in Cloud ComputingMin Li; Wanyu Zang; Kun Bai; Meng Yu; Peng Liu	MalwareGuofei GuExtraction of Statistically Significant Malware BehaviorsSirinda Palahan; Domagoj Babic; Swarat Chaudhuri; Daniel KiferDUET: Integration of Dynamic and Static Analyses for Malware Clustering with Cluster EnsemblesXin Hu; Kang G. ShinSigMal: A Static Signal Processing Based Malware TriageDhilung Kirat; Lakshman Nataraj; Giovanni Vigna; B.S Manjunath

15:00-15:30

Break (Foyer)

15:30-16:30

DH Holmes B	Orleans B	Orleans A	DH Holmes C
NIST EO Cyber Security Framework InitiativeKevin Stine, NIST (Project Lead)	Cyber-Physical Systems (CPS) SecurityGabriela CiocarlieCPS: An Efficiency-motivated Attack Against Autonomous Vehicular TransportationRyan M. Gerdes; Chris Winstead; Kevin HeaslipCPS:Stateful Policy Enforcement for Control System Device UsageStephen McLaughlin	Passwords and AuthenticationSarah DiesburgPitfalls in the Automated Strengthening of PasswordsDavid Schmidt; Trent JaegerRevisiting Graphical Passwords for Augmenting, not Replacing, Text PasswordsMurat Akpulat; Kemal Bicakci; Ugur Cil	Cyber ResiliencySpecial Training Session Instructors: Rich Graubart, Deb Bodeau, Rosalie McQuaid, MITRE Corporation

17:00-18:30

Classic Book Panel: 30 Years Later: The Legacy of the Trusted Computer Systems Evaluation Criteria (DH Holmes AB)Panel Chair: Daniel Faigin, Aerospace Corporation

Panelists:
Daniel Faigin, Aerospace Corporation;
Olin Sibert, Oxford Systems, Inc.;
Rick Smith, Cryposmith, LLC;

19:15-22:00

Conference Banquet with New OrLeans Brass Band (Throughout the Conference Center)

Thursday, 12 December 2013

7:30-8:30

Breakfast (Lafitte AB)

8:30-9:00

Welcome (DH Holmes AB)

9:00-10:00

Invited Essayist Keynote (DH Holmes AB)
A Building Code for Building Code: Putting What We Know Works to WorkCarl E. Landwehr

10:00-10:30

Break (Foyer)

10:30-12:00

DH Holmes B	Orleans B	Orleans A	DH Holmes C
Panel: Challenges in Securing Medical Cyber-Physical SystemsModerator: Dr. Krishna Venkatasubramanian, Worcester Polytechnic Institute Panelists: Eugene Vasserman, Kansas State University; Denis Foo Kune, University of Michigan; Pat Baird, Baxter; Srdjan Capkun, ETH Zurich	Applying/Applied CryptographyDavid BalensonPRIME: Private RSA Infrastructure for Memory-less EncryptionBehrad Garmany; Tilo MüllerDo I know You? - Efficient and Privacy-Preserving Common Friend-Finder Protocols and ApplicationsMarcin Nagy; Emiliano De Cristofaro; Alexandra Dmitrienko; N. Asokan; Ahmad-Reza SadeghiGPU and CPU Parallelization of Honest-but-Curious Secure Two-Party ComputationNathaniel Husted; Steve Myers; abhi shelat; Paul Grubbs	Real World Security - Deployment and Beyond 2Joe JarzombekInvited TalksDesign and Configuration of High Security IPv6 NetworksEnno ReyTeaching the Art of Red TeamingBrian Isle	Cyber ResiliencySpecial Training Session (continues from Wednesday afternoon)

12:00-13:30

Lunch (Lafitte AB)

13:30-15:00

DH Holmes B	Orleans B	Orleans A	DH Holmes C
Panel: Securing the Future Smart Grid: Where Do We Go Next?Moderator: Dr Paul Smith, Austrian Institute of Technology Panelists: Dr. Stephen McLaughlin, Pennsylvania State University; Dr. Robert W Griffin, RSA; Dr. Klaus Kursawe, ENCS	Network SecurityXinming OuNo Attack Necessary: The Surprising Dynamics of SSL Trust RelationshipsBernhard Amann; Robin Sommer; Matthias Vallentin; Seth HallSocket Overloading for Fun and Cache-PoisoningAmir Herzberg; Haya ShulmanBeehive: Large-Scale Log Analysis for Detecting Suspicious Activity in Enterprise NetworksTing-Fang Yen; Alina Oprea; Kaan Onarlioglu; Todd Leetham; William Robertson; Ari Juels; Engin Kirda	Systems SecurityThomas MoyerUncovering Access Control Weaknesses and Flaws with Security-Discordant Software ClonesFrançois Gauthier; Thierry Lavoie; Ettore MerloA Portable User-Level Approach for System-wide Integrity ProtectionWai Kit Sze; R. SekarSubverting System Authentication Using Context-Aware, Reactive Virtual Machine IntrospectionYangchun Fu; Zhiqiang Lin; Kevin W. Hamlen	Cyber ResiliencySpecial Training Session (continues from the morning)

15:00-15:30

Break (Foyer)

15:30-17:00

DH Holmes B	Orleans B	Orleans A	DH Holmes C
Forum: LASER WorkshopForum Moderator: Laura Tinnel, SRI International Forum Speakers: David Balenson, SRI International; Dr. Carl Landwehr, George Washington University; Nathaniel Husted (student)	Mobile Systems Security 1Adam AvivSeeing is Not Believing: Visual Verifications Through Liveness Analysis using Mobile DevicesMahmudur Rahman; Umut Topkara; Bogdan CarbunarCrossover: Secure and Usable User Interface for Mobile Devices with Multiple Isolated OS PersonalitiesMatthias Lange; Steffen LiebergeldPatchDroid: Scalable Third-Party Security Patches for Android DevicesCollin Mulliner; Jon Oberheide; William Robertson; Engin Kirda	Hardware and Virtualization SecurityStephen McLaughlinA Comprehensive Black-box Methodology for Testing the Forensic Characteristics of Solid-state DrivesGabriele Bonetti; Marco Viglione; Alessandro Frossi; Federico Maggi; Stefano ZaneroImplementation and Implications of a Stealth Hard-Drive BackdoorJonas Zaddach; Anil Kurmus; Davide Balzarotti; Erik-Oliver Blass; Aurélien Francillon; Travis Goodspeed; Moitrayee Gupta; Ioannis KoltsidasSPIDER: Stealthy Binary Program Instrumentation and Debugging Via Hardware VirtualizationZhui Deng; Xiangyu Zhang; Dongyan Xu	Cyber ResiliencySpecial Training Session (continues from previous session)

17:00-18:00

Works-in-Progress (DH Holmes AB)Moderator: Raheem Beyah

18:15-21:00

Poster Reception with light refreshments (Lafitte AB)Chair: Raheem Beyah

Friday, 13 December 2013

7:30-8:30

Breakfast (Foyer)

8:30-10:00

Orleans A	Orleans B	DH Holmes C
Towards the Application of Security Controls in a Systems Engineering EnvironmentInstructor: Michael McEvilley, MITRE Corporation	Mobile Systems Security 2Hassan TakabiDR BACA: Dynamic Role Based Access Control for AndroidFelix Rohrer; Yuting Zhang; Lou Chitkushev; Tanya ZlatevaControl-Flow Restrictor: Compiler-based CFI for iOSJannik Pewny; Thorsten HolzFireDroid: Hardening Security in Almost-Stock AndroidGiovanni Russello; Arturo Blas Jimenez; Habib Naderi; Wannes van der Mark	NIST Risk Management FrameworkSpecial Training Session Instructor: Dr. Ron Ross, NIST

10:00-10:30

Break (Foyer)

10:30-12:00

Orleans A	Orleans B	DH Holmes C
Panel: Future of ResilienceModerator: Tom Longstaff, NSA Panelists: Marco Carvalho, FIT; Gabriela Ciocarlie, SRI International; Harriet Goldman, MITRE Corporation; Dung Lam, ARL-UT	Web and Cloud SecurityAmir HoumansadrSilverLine: Preventing Data Leaks from Compromised Web ApplicationsYogesh Mundada; Anirudh Ramachandran; Nick FeamsterValidating Web Content with SenserJordan Wilberding; Andrew Yates; Micah Sherr; Wenchao ZhouAuto-FBI: A User-friendly Approach for Secure Access to Sensitive Content on the WebMohsen Zohrevandi; Rida A. Bazzi	NIST SP 800-53 Rev. 4Special Training Session Instructor: Dr. Ron Ross, NIST

12:00-12:30

Closing (Orleans AB)

14:00-17:00

Optional Social Event: World War II Museum Tour