ACSAC2015 Program

Monday, 7 December 2015

7:30am-8:30am

Breakfast (Sierra A)

8:30am-12:00pm

Club Room	Hiro	Salon 6A	Salon 6B	Salon 8
Tracer FIRE Two Day Instructors: Kevin Nauer and SeanMichael Galvin, Sandia National Labs	Layered Assurance Workshop (LAW) Two Day Rance J. DeLong, consultant, LAW General Chair Gabriela Ciocarlie, SRI International, LAW Program Chair	M1. Security Risk Management using the Security Engineering Risk Analysis (SERA) Method Full Day Carol Woody, Software Engineering Institute	M2. Introduction to Android Reversing Full Day John Ortiz, Harris Corporation/UT San Antonio	M3. Security and Privacy Analysis for Next Generation Malware Full Day Paolina Centonze, Iona College

12:00pm-1:30pm

Lunch (Sierra A)

1:30pm-5:00pm

Club Room	Hiro	Salon 6A	Salon 6B	Salon 8
Tracer FIRE (continues from the morning)	Layered Assurance Workshop (LAW) (continues from the morning)	M1. Security Risk Management using the Security Engineering Risk Analysis (SERA) Method (continues from the morning)	M2. Introduction to Android Reversing (continues from the morning)	M3. Security and Privacy Analysis for Next Generation Malware (continues from the morning)

Tuesday, 8 December 2015

7:30am-8:30am

Breakfast (Sierra A)

8:30am-12:00pm

Club Room	Hiro	Mandarin	Salon 5	Salon 6A	Salon 6B	Salon 8
Tracer FIRE (continues from the previous day)	Layered Assurance Workshop (LAW) (continues from the previous day)	Program Protection and Reverse Engineering Workshop (PPREW / SSP) Full Day J. Todd McDonald, University of South Alabama, PPREW General Chair. Mila Dalla Preda, University of Verona, Italy, PPREW Program Co-chair. Natalia Stakhanova, University of New Brunswick, Canada, PPREW Program Co-chair.	Industrial Control System Security Workshop (ICSS) Harvey Rubinovitz, The MITRE Corporation, ICSS General Co-chair. Adam Hahn, Washington State University, ICSS General Co-chair. Irfan Ahmed, The University of New Orleans, ICSS Program Chair.	T4. Understanding and Contrasting Android Malware at Runtime Full Day Giovanni Russello, University of Auckland	T5. Program Analysis for Privacy of Mobile Applications CANCELLED	T6. Integrating Cybersecurity into the System Lifecycle Using the Risk Management Framework (RMF) Full Day Daniel P. Faigin, CISSP, The Aerospace Corporation

12:00pm-1:30pm

Lunch (Sierra A)

1:30pm-5:00pm

Club Room	Hiro	Mandarin	Salon 5	Salon 6A	Salon 6B	Salon 8
Tracer FIRE (continues from the morning)	Layered Assurance Workshop (LAW) (continues from the morning)	Program Protection and Reverse Engineering Workshop (PPREW / SSP) (continues from the morning)	Industrial Control System Security Workshop (ICSS) (continues from the morning session) Please note that the workshop resumes from lunch at 1:00PM	T4. Understanding and Contrasting Android Malware at Runtime (continues from the morning)	T5. Program Analysis for Privacy of Mobile Applications (continues from the morning)	T6. Integrating Cybersecurity into the System Lifecycle Using the Risk Management Framework (RMF) (continues from the morning)

6:00pm-8:00pm

Reception (Sierra Courtyard)

Wednesday, 9 December 2015

7:30am-8:30am

Breakfast (Sierra A)

8:30am-9:00am

Welcome (Sierra CD)Session Chair: Stephen Schwab

Stephen Schwab, Conference Chair

Dr. Micah Sherr, Program Chair and Dr. Wil Robertson, Program Co-Chair

Jeremy Epstein, ACSA and Evan Tamura, Hewlett Packard Enterprise

9:00am-10:00am

Invited Essayist Keynote: CyberPhysical Meets CyberTrust (Sierra CD)Session Chair: Stephen Schwab

CyberPhysical Meets CyberTrust

Dr. Jeannette Wing, Corporate Vice President, Microsoft Research

10:00am-10:30am

Break (Sierra Foyer)

10:30am-12:00pm

Club Room	Sierra B	Sierra C	Sierra D
Radical Changes in Protecting Federal Information for All U.S. Contractors Invited Speaker: Pat Viscuso, NARA ISOO_CUI_Overview.pdf	Human FactorsSession Chair: Hassan TakabiEvaluating the Flexibility of the Java SandboxZack Coker, Carnegie Mellon University; Michael Maass, Carnegie Mellon University; Tianyuan Ding, Carnegie Mellon University; Claire Le Goues, Carnegie Mellon University; Joshua Sunshine, Carnegie Mellon UniversityEmerging Image Game CAPTCHAs for Resisting Automated and Human-Solver Relay AttacksSong Gao, University of Alabama at Birmingham; Manar Mohamed, University of Alabama at Birmingham; Nitesh Saxena, University of Alabama at Birmingham; Chengcui Zhang, University of Alabama at BirminghamOn the Security and Usability of Crypto PhonesMaliheh Shirvanian, University of Alabama at Birmingham; Nitesh Saxena, University of Alabama at Birmingham	Network SecuritySession Chair: Adam AvivDecentralized Authorization and Privacy-Enhanced Routing for Information-Centric NetworksMariana Raykova, SRI; Hasnain Lakhani, SRI; Hasanat Kazmi, SRI; Ashish Gehani, SRIKnow Your Achilles' Heel: Automatic Detection of Network Critical ServicesAli Zand, UC Santa Barbara; Amir Houmansadr, University of Massachusetts Amherst; Giovanni Vigna, UC Santa Barbara; Richard Kemmerer, UC Santa Barbara; Christopher Kruegel, UC Santa BarbaraProactive Security Analysis of Changes in Virtualized InfrastructuresSören Bleikertz, IBM Research - Zurich; Thomas Groß, University of Newcastle upon Tyne; Sebastian Mödersheim, DTU Compute; Carsten Vogel, IBM Research - Zurich	Panel: Security and Privacy in the Internet of Things (A Government Perspective)Session Chair: Jeremy Epstein Panelists: David Corman, Program Director, NSF Lee Badger, Group Manager, NIST Ryan Burchfield, Head of IoT Lab, NSA Dan Massey, Program Manager, DHS

12:00pm-1:30pm

Lunch (Sierra A)

1:30pm-3:00pm

Club Room	Sierra B	Sierra C	Sierra D
Radical Changes in Protecting Federal Information for All U.S. Contractors Invited Speaker: Ron Ross, NIST SP800-171.pdf	AppsSession Chair: Adam AvivVulnerability Assessment of OAuth Implementations in Android ApplicationsHui Wang, Shanghai Jiao Tong University; Yuanyuan Zhang, Shanghai Jiao Tong University; Juanru Li, Shanghai Jiao Tong University; Hui Liu, Shanghai Jiao Tong University; Wenbo Yang, Shanghai Jiao Tong University; Bodong Li, Shanghai Jiao Tong University; Dawu Gu, Shanghai Jiao Tong UniversityBareDroid: Large-Scale Analysis of Android Apps on Real DevicesSimone Mutti, Università degli Studi di Bergamo; Yanick Fratantonio, UC Santa Barbara; Antonio Bianchi, UC Santa Barbara; Luca Invernizzi, UC Santa Barbara; Jacopo Corbetta, UC Santa Barbara; Dhilung Kirat, IBM Research T.J. Watson; Christopher Kruegel, UC Santa Barbara; Giovanni Vigna, UC Santa BarbaraExperimental Study with Real-world Data for Android App Security Analysis using Machine LearningSankardas Roy, Bowling Green State University; Jordan DeLoach, Kansas State University; Yuping Li, University of South Florida; Doina Caragea, Kansas State University; Xinming Ou, University of South Florida; Nicolae Herndon, Kansas State University; Venkatesh Ranganath, Kansas State University; HongMin Li, Kansas State University; Nicolais Guevara, Kansas State University	Control Flow (Part 1)Session Chair: Graham Z. BakerControl Flow and Code Integrity for COTS BinariesMingwei Zhang, Stony Brook University; R. Sekar, Stony Brook UniversityA Principled Approach for ROP DefenseRui Qiao, Stony Brook University; Mingwei Zhang, Stony Brook University; R. Sekar, Stony Brook UniversityDefeating ROP Through Denial of Stack PivotAravind Prakash, Syracuse University; Heng Yin, Syracuse University	Panel: IOT: Engendering Trust Throughout the LifecycleSession Chair: Joe Jarzombek Panelists: Carol Woody, Technical Manager Cybersecurity Engineering, Software Engineering Institute Ian Bryant, Technical Director, UK Trustworthy Software Initiative Nadya Bartol, Vice President Industry Affairs and Cybersecurity Strategy, Utilities Telecom Council

3:00pm-3:30pm

Break (Sierra Foyer)

3:30pm-5:00pm

Club Room	Sierra B	Sierra C	Sierra D
Radical Changes in Protecting Federal Information for All U.S. Contractors Moderators: Pat Viscuso, NARA Ron Ross, NIST	Securing the Internet of ThingsSession Chair: Gabriela CiocarlieIOT: Handling Reboots and Mobility in 802.15.4 SecurityKonrad-Felix Krentz, Hasso Plattner Institute; Christoph Meinel, Hasso Plattner InstituteIOT: Using Channel State Information for Tamper Detection in the Internet of ThingsIbrahim Bagci, Lancaster University; Utz Roedig, Lancaster University; Ivan Martinovic, University of Oxford; Matthias Schulz, Technische Universität Darmstadt; Matthias Hollick, Technische Universität DarmstadtIOT: Using Visual Challenges to Verify the Integrity of Security CamerasJunia Valente, The University of Texas at Dallas; Alvaro Cardenas, The University of Texas at Dallas	Web SecuritySession Chair: Adam BatesJaTE: Transparent and Efficient JavaScript ConfinementTung Tran, Stony Brook University; Riccardo Pelizzi, Stony Brook University; R. Sekar, Stony Brook UniversityCross-site Framing AttacksNethanel Gelernter, Bar Ilan University; Yoel Grinstein, Bar Ilan University; Amir Herzberg, Bar Ilan UniversityCovert Botnet Command and Control Using TwitterNicholas Pantic, Cal Poly Pomona; Mohammad Iftekhar Husain, Cal Poly Pomona	Case Studies ISession Chair: Shellee Scott Dissecting Bitcoin Security, Cassio Goldschmidt, NCR DDoS Attacks to DNS using infected IoT Devices, Ki-Taek.Lee, SK Broadband and Korea University How to Rapidly Build Security Analysis: From Benches to Trenches, Michael Collins, Redjack

6:30pm-9:30pm

Conference Dinner with Nigerian Spam Scam Scam Show (Sierra A)

Thursday, 10 December 2015

7:30am-8:30am

Breakfast (Sierra A)

8:30am-10:00am

Distinguished Practitioners Keynote: Creating a League of Extra-Ordinary Machines (Sierra CD)Session Chair: Stephen Schwab

DARPA Cyber Grand Challenge: Building and Running Cyber Infrastructure for Fully Automated Computer-vs-Computer Capture the Flag Competitions

with a presentation by:

Benjamin Price and Michael Zhivich, Cyber Security and Information Sciences Division, MIT Lincoln Laboratory

Cyber Grand Challenge Infrastructure Team Members

10:00am-10:30am

Break (Sierra Foyer)

10:30am-12:00pm

Club Room	Sierra B	Sierra C	Sierra D
Forum: NIST SP 800-160 Draft Invited Speaker: Ron Ross, NIST	Mobile (Part 1)Session Chair: Chris WacekAuDroid: Preventing Attacks on Audio Channels in Mobile DevicesGiuseppe Petracca, Penn State University; Yuqiong Sun, Penn State University; Ahmad Atamli, University of Oxford; Trent Jaeger, Penn State UniversityOn the Robustness of Mobile Device FingerprintingThomas Hupperich, Horst Görtz Institute for IT-Security, Ruhr-University Bochum; Davide Maiorca, Department of Electrical and Electronic Engineering, University of Cagliari; Marc Kührer, Horst Görtz Institute for IT-Security, Ruhr-University Bochum; Giorgio Giacinto, Department of Electrical and Electronic Engineering, University of Cagliari; Thorsten Holz, Horst Görtz Institute for IT-Security, Ruhr-University BochumGrab 'n Run: Secure and Practical Dynamic Code Loading for Android ApplicationsLuca Falsina, Politecnico di Milano; Yanick Fratantonio, UC Santa Barbara; Stefano Zanero, Politecnico di Milano; Christopher Kruegel, UC Santa Barbara; Giovanni Vigna, UC Santa Barbara; Federico Maggi, Politecnico di Milano	Potpourri (Part 1)Session Chair: Dongyan XuProvenance based Integrity Protection for WindowsWai Kit Sze, Stony Brook University; R. Sekar, Stony Brook UniversityMOSE: Live Migration Based On-the-Fly Software EmulationJinpeng Wei, Florida International University; Lok Yan, AFRL/RI, Rome, NY; Muhammad Hakim, Florida International UniversityPrivacy-preserving Virtual MachineTianlin Li, State University of New York at Binghamton; Yaohui Hu, State University of New York at Binghamton; Ping Yang, State University of New York at Binghamton; Kartik Gopalan, State University of New York at Binghamton	Panel: Securing the Big Data of ThingsSession Chair: Mike Yoder Panelists: Eddie Garcia, Cloudera Andy Purtell, Salesforce and Apache HBase, Apache Software Foundation Bhavani Thuraisingham, UT Dallas

12:00pm-1:30pm

Lunch (Sierra A)

1:30pm-3:00pm

Club Room	Sierra B	Sierra C	Sierra D
TBA	Embedded Devices & Computer SubsystemsSession Chair: Saman ZonouzSoteria: Offline Software Protection within Low-cost Embedded DevicesJohannes Götzfried, FAU Erlangen-Nuremberg; Tilo Müller, FAU Erlangen-Nuremberg; Ruan de Clercq, KU Leuven; Pieter Maene, KU Leuven; Felix Freiling, FAU Erlangen-Nuremberg; Ingrid Verbauwhede, KU LeuvenPIE: Parser Identification in Embedded SystemsLucian Cojocar, Vrije Universiteit Amsterdam; Jonas Zaddach, EURECOM; Roel Verdult, Radboud Universiteit Nijmegen; Herbert Bos, Vrije Universiteit Amsterdam; Davide Balzarotti, EURECOM; Aurélien Francillon, EURECOMDefending Against Malicious USB Firmware with GoodUSBDave (Jing) Tian, University of Florida; Adam Bates, University of Florida; Kevin Butler, University of Florida	Access ControlSession Chair: William RobertsonProximity Verification for Contactless Access Control and Authentication SystemsAanjhan Ranganathan, ETH Zurich; Boris Danev, 3dB Access AG; Srdjan Capkun, ETH ZurichScalable and secure concurrent evaluation of history-based access control policiesMaarten Decat, iMinds-DistriNet, KU Leuven; Bert Lagaisse, iMinds-DistriNet, KU Leuven; Wouter Joosen, iMinds-DistriNet, KU LeuvenEntity-Based Access Control: supporting more expressive access control policiesJasper Bogaerts, iMinds-DistriNet, KU Leuven; Maarten Decat, iMinds-DistriNet, KU Leuven; Bert Lagaisse, iMinds-DistriNet, KU Leuven; Wouter Joosen, iMinds-DistriNet, KU Leuven	Panel: Cyber Experimentation of the Future (CEF): Catalyzing a New Generation of Experimental Cybersecurity ResearchSession Chair: David Balenson (moderator presentation) Panelists: Terry Benzel, USC Information Sciences Institute (presentation) Trent Jaeger, Pennsylvania State University (presentation) Lee Rossey, SimSpace (presentation) Jinpeng Wei, Florida International University (presentation)

3:00pm-3:30pm

Break (Sierra Foyer)

Chocoholic Extravaganza

"Las cosas claras y el chocolate espeso." (Ideas should be clear and
chocolate thick.) Spanish proverb

3:30pm-5:00pm

Club Room	Sierra B	Sierra C	Sierra D
DHS Programs: Cybersecurity for Government VehiclesSession Chair: David Balenson Moderator: David Balenson, SRI International (Moderator Presentation) Presenters: Kevin Harnett, US DOT/Volpe Center Graham Watson, US DOT/Volpe Center Brendan Harris, US DOT/Volpe Center (US DOT/Volpe Center Presentation) Dan Massey, DHS S&T (Presentation)	Pa$$w0rdzSession Chair: Rida BazziIs Bigger Better? Comparing User Generated Passwords on 3x3 vs. 4x4 Grid Sizes for Android's Pattern UnlockAdam Aviv, United States Naval Academy; Devon Budzitowski, United States Naval Academy; Ravi Kuber, University of Maryland, Baltimore CountyErsatzPasswords: Ending Password Cracking and Detecting Password LeakageMohammed Almeshekah, King Saud University; Christopher Gutierrez, Purdue University; Mikhail Atallah, Purdue University; Eugene Spafford, Purdue UniversityPARS: A Uniform and Open-source Password Analysis and Research SystemShouling Ji, Georgia Institute of Technology; Shukun Yang, Georgia Institute of Technology; Ting Wang, Lehigh University; Changchang Liu, Princeton University; Wei-Han Lee, Princeton University; Raheem Beyah, Georgia Institute of Technology	Control Flow (Part 2)Session Chair: Stephen McCamantBinary Code Continent: Finer-Grained Control Flow Integrity for Stripped BinariesMinghua Wang, Trusted Computing and Information Assurance Laboratory, Institute of Software, Chinese Academy of Sciences, Department of EECS, Syracuse University; Heng Yin, Department of EECS, Syracuse University; Abhishek vasisht bhaskar, Department of EECS, Syracuse University; Purui Su, Trusted Computing and Information Assurance Laboratory, State Key Laboratory of Computer Science, Institute of Software, Chinese Academy of Sciences; Dengguo Feng, Trusted Computing and Information Assurance Laboratory, Institute of Software, Chinese Academy of SciencesShrinkWrap: VTable protection without loose endsIstvan Haller, Vrije Universiteit Amsterdam; Enes Göktaş, Vrije Universiteit Amsterdam; Elias Athanasopoulos, FORTH-ICS; Georgios Portokalidis, Stevens Institute of Technology; Herbert Bos, Vrije Universiteit AmsterdamDynaGuard: Armoring Canary-based Protections against Brute-force AttacksTheofilos Petsios, Columbia University; Vasileios P. Kemerlis, Brown University; Michalis Polychronakis, Stony Brook University; Angelos D. Keromytis, Columbia University	Case Studies IISession Chair: Art Friedman Republic Of Korea's Efforts for Enhanced Software Assurance, Lee Sang Geol, KISA (Korea Internet & Security Agency) Secure Identity Management for Future Networks, Hassane Aissaoui-Mehrez, IMT-TELECOM-ParisTech Lessons Learned from Applying Continuous Diagnostics and Mitigation Tools in an Information Technology R&D Laboratory, Joe Veoni, MITRE's Center for Advanced Aviation System Development

5:15pm-6:00pm

Works-in-Progress (Sierra C)Session Chair: Thomas Moyer

6:15pm-9:00pm

Poster Reception with light refreshments (Sierra A)Session Chair: Thomas Moyer

Friday, 11 December 2015

7:30am-8:30am

Breakfast (Sierra A)

8:30am-10:00am

Club Room	Sierra B	Sierra C
The United States CC Scheme Update / September 2015 Invited Speaker: Daniel Faigin, Aerospace Corporation	Mobile (Part 2)Session Chair: Heng YinTowards Analyzing the Input Validation Vulnerabilities associated with Android System ServicesChen Cao, Institute of Information Engineering, CAS; Neng Gao, Institute of Information Engineering, CAS; Peng Liu, The Pennsylvania State University; Ji Xiang, Institute of Information Engineering, CASMorphDroid: Fine-grained Privacy VerificationPietro Ferrara, IBM T.J. Watson Research Center; Omer Tripp, IBM T.J. Watson Research Center; Marco Pistoia, IBM T.J. Watson Research CenterMobiPluto: File System Friendly Deniable Storage for Mobile DevicesBing Chang, Institute of Information Engineering, CAS; Zhan Wang, Institute of Information Engineering, CAS; Bo Chen, The Pennsylvania State University; Fengwei Zhang, Wayne State University	Potpourri (Part 2)Session Chair: Adam BatesAnalyzing and Modeling Longitudinal Security Data: Promise and PitfallsBenjamin Edwards, University of New Mexico; Steven Hofmeyr, Lawrence Berkeley National Laboratory; Stephanie Forrest, University of New Mexico / Santa Fe Institute; Michel van Eeten, Delft University of TechnologyAccurate, Low Cost and Instrumentation-Free Security Audit Logging for WindowsShiqing Ma, Purdue University; Kyuhyung Lee, University of Georgia; Chunghwan Kim, Purdue University; Junghwan Rhee, NEC Laboratories America; Xiangyu Zhang, Purdue University; Dongyan Xu, Purdue UniversitySeSQLite: Security Enhanced SQLiteSimone Mutti, Università degli Studi di Bergamo; Enrico Bacis, Università degli Studi di Bergamo; Stefano Paraboschi, Università degli Studi di Bergamo

10:00am-10:30am

Break (Sierra Foyer)

10:30am-12:00pm

Club Room	Sierra B	Sierra CD
Open	Applied CryptoSession Chair: Stephen SchwabCombining Differential Privacy and Secure Multiparty ComputationMartin Pettai, Cybernetica AS; Peeter Laud, Cybernetica ASSecure and Efficient Key Derivation in Portfolio Authentication Schemes Using Blakley Secret SharingPeter Mayer, Technische Universität Darmstadt, Center for Advanced Security Research Darmstadt; Melanie Volkamer, Technische Universität Darmstadt, Center for Advanced Security Research Darmstadt	Hardware & Reverse EngineeringSession Chair: Ariel FeldmanGetting to know your card: Reverse-Engineering the Smart-Card Application Protocol Data UnitAndriana Gkaniatsou, University of Edinburgh; Fiona McNeill, Heriot-Watt University; Alan Bundy, University of Edinburgh; Graham Steel , CryptosenseLogical Partitions on Many-Core PlatformsRamya Jayaram Masti, Institute of Information Security, ETH Zurich; Claudio Marforio, Institute of Information Security, ETH Zurich; Kari Kostiainen, Institute of Information Security, ETH Zurich; Claudio Soriente, Institute of Information Security, ETH Zurich; Srdjan Capkun, Institute of Information Security, ETH ZurichHardware-assisted memory tracing on new SoCs embedding FPGA fabricsLetitia W. Li, Institut Mines-Télécom / Télécom ParisTech / CNRS LTCI; Guillaume Duc, Institut Mines-Télécom / Télécom ParisTech / CNRS LTCI; Renaud Pacalet, Institut Mines-Télécom / Télécom ParisTech / CNRS LTCI

12:00pm-12:30pm

Closing (Sierra CD)Session Chair: Robert H'obbes' Zakon

The Great Giveaway is back! So don't leave early!

12:45pm-5:00pm

Optional Social Event (Sierra Foyer)

California Science Center (www.californiasciencecenter.com)