Tuesday 04/07
8:00-9:00
Registration
9:00-9:15
Opening
9:15-10:30
Neither Sound Nor Complete:
Hunting for Vulnerabilities with Machine Learning
Keynote by Konrad Rieck |
11:00-12:30
Session Defenses
Chair: Cristiano Giuffrida
SEQUOIA: scalable policy-based access control for search operations in data-driven applications.
J. Bogaerts, B. Lagaisse, W. Joosen
A voucher-based security middleware for secure Business Process Outsourcing.
E. Heydari Beni, B. Lagaisse, R. Zhang, D. De Cock, F. Beato, W. Joosen
LASARUS: Lightweight Attack Surface Reduction for Legacy Industrial Control System
A. Le, U. Roedig, A. Rashid |
|
Wednesday 05/07
8:00-9:15
Registration
9:15-10:30
Imagine a World Without Software Bugs
(Hint: It Ain't that Pretty)
Keynote by Cristiano Giuffrida |
11:00-12:30
Session Binary hardening
Chair: Stefan Brunthaler
Defeating Zombie Gadgets by Re-randomizing Code Upon Disclosure
M. Morton, H. Koo, F. Li, K. Snow, M. Polychronakis, F. Monrose
KASLR is Dead: Long Live KASLR
D. Gruss, M. Lipp, M. Schwarz, R. Fellner, C. Maurice, S. Mangard
JTR: A binary solution for switch-case recovery
L. Cojocar, T. Kroes, H. Bos |
|
13:30-15:00
Session Empirical
Chair: Robert Lagerström
Exploring the relationship between architecture coupling and software vulnerabilities
R. Lagerström, C. Baldwin, A. MacCormack, D. Sturtevant, L. Dolan
Natural Language Insights from Code Reviews that Missed a Vulnerability: A Large Scale Study of Chromium
N. Munaiah, B. Meyers, C. Alm, A. Meneely, P. Murukannaiah, E. Prud'hommeaux, J. Wolff, Y. Yu
Idea paper: Optimized Automatic Sanitizer Placement
G. Welearegai, C. Hammer |
15:30-17:30
Session Privacy
Chair: Christian Hammer
FPRandom: Randomizing core browser objects to break advanced device fingerprinting techniques
P. Laperdrix, B. Baudry, V. Mishra
Control What You Include! Server-Side Protection against Third Party Web Tracking
D. Some, T. Rezk, N. Bielova
Idea paper: Caution Before Exploitation: The Use of Cyber-security Domain Knowledge to Educate Software Engineers Against Software Vulnerabilities
T. Nafees, N. Coull, I. Ferguson, A. Sampson
18:00-19:00
Walk to Subway to Social Event (Godesburg)
19:00-22:00
Social Dinner at Godesburg
|
|
13:30-15:00
Session Attacks & other wild ideas
Chair: Konrad Rieck
A Formal Approach to Exploiting Multi-Stage Attacks based on File-System Vulnerabilities of Web Applications
F. Demeo, L. Vigano
A Systematic Study of Cache Side Channels across AES Implementations
H. Mantel, A. Weber, B. Köpf
Idea paper: A Unifying Theory for Evaluation Systems
G. Bella, R. Giustolisi |
15:30-17:00
Panel Exploit Mitigations: Completeness and Effectiveness versus Performance
Chair: Mathias Payer
Panelists:
Thomas Dullien - Michalis Polychronakis - Cristiano Giuffrida
17:00-20:00
Joint Poster Session with DIMVA |
|