Monday, 6 December 2010
7:30-8:30
Breakfast (Ballroom CD)
8:30-12:00
Ballroom A Little Colony Stone's Crossing Waterloo
12:00-13:30
Lunch (Ballroom CD)
13:30-17:00
Ballroom A Little Colony Stone's Crossing Waterloo
LAW: Layered Assurance Workshop (part 2/4) Chair: Rance J. DeLong, LynuxWorks, Santa Clara University
Tutorial M2 – State of the Practice: Intrusion Detection Dr. Michael Collins, RedJack, LLC
Dr. John McHugh, RedJack, LLC
Tutorial M3 (part 2/2) – Algorithms for Software Protection Dr. Christian Collberg, University of Arizona
Dr. Jasvir Nagra, Google Inc.
Tutorial M4 (part 2/2) – System Life Cycle Security Engineering Ms. Thuy D. Nguyen, Naval Postgraduate School
Dr. Cynthia E. Irvine, Naval Postgraduate School
Tuesday, 7 December 2010
7:30-8:30
Breakfast (Ballroom CD)
8:30-12:00
Ballroom A Stone's Crossing Little Colony Room 516 (5th Floor) Waterloo
LAW: Layered Assurance Workshop (part 3/4) Chair: Rance J. DeLong, LynuxWorks, Santa Clara University
GTIP: Workshop on Governance of Technology, Information, and Policies (part 1/2) Chair: Dr. Harvey Rubinovitz, MITRE Corporation
Tutorial T5 – Virtualization and Security Mr. Zed Abbadi, Public Company Accounting Oversight Board (PCAOB)
Tutorial T7 (part 1/2) – State of the Practice: Secure Coding Mr. Robert C. Seacord, CERT Software Engineering Institute
Tutorial T8 (part 1/2) – An Introduction to Usable Security Dr. Jeff Yan, Newcastle University, UK
Mary Ellen Zurko, IBM, USA
12:00-13:30
Lunch (Ballroom CD)
13:30-17:00
Ballroom A Stone's Crossing Little Colony Room 516 (5th Floor) Waterloo
LAW: Layered Assurance Workshop (part 4/4) Chair: Rance J. DeLong, LynuxWorks, Santa Clara University
GTIP: Workshop on Governance of Technology, Information, and Policies (part 2/2) Chair: Dr. Harvey Rubinovitz, MITRE Corporation
Tutorial T6 – Keeping Your Web Apps Secure: The OWASP Top 10 & Beyond Mr. Robert H'obbes' Zakon, Zakon Group LLC
Tutorial T7 (part 2/2) – State of the Practice: Secure Coding Mr. Robert C. Seacord, CERT Software Engineering Institute
Tutorial T8 (part 2/2) – An Introduction to Usable Security Dr. Jeff Yan, Newcastle University, UK
Mary Ellen Zurko, IBM, USA
18:00-20:00
Reception (Foyer)
Wednesday, 8 December 2010
7:30-8:30
Breakfast (Ballroom CD)
8:30-8:45
Welcome (Ballroom AB)Carrie Gates, Conference Chair
Michael Franz, Program Chair
10:30-12:00
Ballroom AB San Jacinto West San Jacinto East Waterloo
Social NetworksArthur R. FriedmanDetecting Spammers On Social Networks Gianluca
Stringhini, University of California, Santa Barbara; Christopher
Kruegel, University of California, Santa Barbara; Giovanni Vigna,
University of California, Santa BarbaraTowardworm Detection In Online Social Networks Wei Xu, Pennsylvania State University; Fangfang Zhang, Pennsylvania State University; Sencun Zhu, Pennsylvania State UniversityWho Is Tweeting On Twitter: Human, Bot, Or Cyborg? Zi
Chu, The College of William and Mary; Steven Gianvecchio, The College
of William and Mary; Haining Wang, The College of William and Mary;
Sushil Jajodia, George Mason University
Case Study 1 Managing Security Information and PCI compliance at The University of Dayton, Rick Wagner, Novell, Inc.
A Taxonomy of Vulnerability in the Supply Chain, Chris Romeo and Patrick Hunter, CISCO
The Security Threats To and From the Intelligent Electronics Devices, Baris Coskun, AT&T
Panel: Risks in the Clouds - Between Silver Linings and Oncoming Storms Moderator: Peter Neumann, SRI
Panelists:
• Earl Crane, Department of Homeland Security, USA
• Ahmad-Reza Sadeghi, Technical University Darmstadt and Fraunhofer Institute for Secure Information
Systems, Darmstadt
• Matt Blaze, Professor of Computer Science, University of Pennsylvania, USA
• Lee Tien, Electronic Frontier Foundation, USA
FISMA Training TR1 – Cyber Security Controls
12:00-13:30
Lunch (Ballroom CD)
13:30-15:00
Ballroom AB San Jacinto West San Jacinto East Waterloo
Software DefensesLillian RøstadCujo: Efficient Detection And Prevention Of Drive-by-download Attacks Konrad Rieck, Berlin Institute of Technology; Tammo Krueger, Fraunhofer Institute FIRST; Andreas Dewald, University of MannheimFast And Practical Instruction-set Randomization For Commodity Systems Georgios Portokalidis, Columbia University; Angelos D. Keromytis, Columbia UniversityG-free: Defeating Return-oriented Programming Through Gadget-less Binaries Kaan
Onarlioglu, Bilkent University; Leyla Bilge, Eurecom; Andrea Lanzi,
Eurecom; Davide Balzarotti, Eurecom; Engin Kirda, Eurecom
Case Study 2 Global
Automaker's North American Operations Deploys Managed Hardware
Encryption for Protecting Sensitive Data on Employee Laptops, Steven
Sprague, Wave Systems
ISO Cyber Security and ICT SCRM Standards, Nadya Bartol, Booz Allen Hamilton
EMC's Product Security Evolution, Dan Reddy, EMC
Panel: Security Economics Moderator: Daniel Arista, SRC, Inc.
Panelists:
Douglas Maughan, DHS
Tim Clancy, CIPHS
Marcus Sachs, Verizon
Sasha Romanosky, CMU
FISMA Training TR1 – Cyber Security Controls
15:30-17:00
San Jacinto West San Jacinto East Waterloo
AuthenticationKevin ButlerTowards Practical Anonymous Password Authentication Yanjiang
Yang, Institute for Infocomm Research; Jianying Zhou, Institute for
Infocomm Research; Jun Wen Wong, Institute for Infocomm Research; Feng
Bao, Institute for Infocomm ResearchSecuring Interactive Sessions Using Mobile Device Through Visual Channel And Visual Inspection Chengfang Fang, National University of Singapore; Ee-Chien Chang, National University of SingaporeUsability Effects Of Increasing Security In Click-based Graphical Passwords Elizabeth
Stobert, Carleton University; Alain Forget, Carleton University; Sonia
Chiasson, Carleton University; Paul van Oorschot, Carleton University;
Robert Biddle, Carleton University
Vulnerability Assessment of Embedded DevicesJeremy EpsteinSecurity Analysis Of A Fingerprint-protected Usb Drive Benjamin Rodes, James Madison University; Xunhua Wang, James Madison UniversityA Quantitative Analysis Of The Insecurity Of Embedded Network Devices: Results Of A Wide-area Scan Ang Cui, Columbia University; Salvatore J. Stolfo, Columbia UniversityMulti-vendor Penetration Testing In The Advanced Metering Infrastructure Stephen
McLaughlin, Pennsylvania State University; Dmitry Podkuiko,
Pennsylvania State University; Adam Delozier, Pennsylvania State
University; Sergei Miadzvezhanka, Pennsylvania State University; Patrick
McDaniel, Pennsylvania State University
FISMA Training TR2 – Near Real-Time Risk Management Process
17:45-18:00
A Tribute To Paul Karger (Ballroom AB)
19:00-22:00
Conference Dinner
Thursday, 9 December 2010
7:30-8:30
Breakfast (Ballroom CD)
8:30-8:45
Opening Remarks & Announcements (Ballroom AB)
10:30-12:00
Ballroom AB San Jacinto East Waterloo
BotnetsAngelos StavrouFriends Of An Enemy: Identifying Local Members Of Peer-to-peer Botnets Using Mutual Contacts Baris
Coskun, Polytechnic Institute of NYU; Sven Dietrich, Stevens Institute
of Technology; Nasir Memon, Polytechnic Institute of NYUThe Case For In-the-lab Botnet Experimentation: Creating And Taking Down A 3000-node Botnet Joan
Calvet, Ecole Polytechnique de Montreal; Carlton Davis, Ecole
Polytechnique de Montreal; Jose M. Fernandez, Ecole Polytechnique de
Montreal; Jean-Yves Marion, LORIA - Nancy University; Pier-Luc St-Onge,
Ecole Polytechnique de MontrealConficker And Beyond: A Large-scale Empirical Study Seungwon Shin, Texas A&M University; Guofei Gu, Texas A&M University
Panel: Federal Cyber Security Research Agenda Moderator: Tomas Vagoun, NITRD
Panelists:
Patricia Muoio, ODNI
Douglas Maughan, DHS S&T
Samuel Weber, NSF
FISMA Training TR2 – Near Real-Time Risk Management Process
12:00-13:30
Lunch (Ballroom CD)
13:30-15:00
Ballroom AB San Jacinto West San Jacinto East Waterloo
Email, E-Commerce, and Web 2.0Christoph SchubaSpam Mitigation Using Spatio-temporal Reputations From Blacklist History Andrew
West, University of Pennsylvania; Adam Aviv, University of
Pennsylvania; Jian Chang, University of Pennsylvania; Insup Lee,
University of PennsylvaniaBreaking E-banking Captchas Shujun
Li, University of Konstanz; Syed Amier Haider Shah, National University
of Science and Technology (NUST); Muhammad Asad Usman Khan, National
University of Science and Technology (NUST); Syed Ali Khayam, National
University of Science and Technology (NUST); Ahmad-Reza Sadeghi,
Ruhr-University of BochumFirm: Capability-based Inline Mediation Of Flash Behaviors Zhou Li, Indiana University at Bloomington; XiaoFeng Wang, Indiana University at Bloomington
Hardware-Assisted SecurityMichael E. LocastoT-dre: A Hardware Trusted Computing Base For Direct Recording Electronic Vote Machines Roberto
Gallo, University of Campinas; Henrique Kawakami, KRYPTUS Cryptographic
Engineering; Ricardo Dahab, University of Campinas; Guido Araújo,
University of Campinas; Rafael Azavedo, Tribunal Superior EleitoralHardware Assistance For Trustworthy Systems Through 3-d Integration Jonathan
Valamehr, UC Santa Barbara; Mohit Tiwari, UC Santa Barbara; Timothy
Sherwood, UC Santa Barbara; Arash Arfaee, UC San Diego; Ryan Kastner, UC
San DiegoSca-resistant Embedded Processors---the Next Generation Stefan
Tillich, University of Bristol, Computer Science Department, Merchant
Venturers Building, Woodland Road, BS8 1UB, Bristol; Mario Kirschbaum,
Graz University of Technology, Institute for Applied Information
Processing and Communications, Inffeldgasse 16a, A--8010 Graz; Alexander
Szekely, Graz University of Technology, Institute for Applied
Information Processing and Communications, Inffeldgasse 16a, A--8010
Graz
Case Study: Supply Chain Risk Management Moderator: Nadya Bartol, Booz Allen Hamilton
Panelists:
Don Davidson, DoD/Global Task Force
Marianne Swanson, NIST
Carol Woody, SEI CERT
Larry Wagoner, NSA
Dan Reddy, EMC/ SAFECode
FISMA Training TR3 – Integrated Enterprise-Wide Risk Management
15:30-17:00
Ballroom AB San Jacinto West San Jacinto East Waterloo
Security Protocols and Portable StorageBaris CoskunPorscha: Policy Oriented Secure Content Handling In Android Machigar
Ongtang, Pennsylvania State University; Kevin Butler, Pennsylvania
State University; Patrick McDaniel, Pennsylvania State UniversityKells: A Protection Framework For Portable Data Kevin
Butler, Pennsylvania State University; Stephen McLaughlin, Pennsylvania
State University; Patrick McDaniel, Pennsylvania State UniversityKeeping Data Secret Under Full Compromise Using Porter Devices Christina Pöpper, ETH Zurich; David Basin, ETH Zurich; Srdjan Capkun, ETH Zurich; Cas Cremers, ETH Zurich
Model Checking and Vulnerability AnalysisSven DietrichFamiliarity Breeds Contempt: The Honeymoon Effect And The Role Of Legacy Code In Zero-day Vulnerabilities Sandy
Clark, University of Pennsylvania; Stefan Frei, Secunia; Matt Blaze,
University of Pennsylvania; Jonathan Smith, University of PennsylvaniaQuantifying Information Leaks In Software Jonathan Heusser, Queen Mary University of London; Pasquale Malacaria, Queen Mary University of LondonAnalyzing And Improving Linux Kernel Memory Protection: A Model Checking Approach Siarhei
Liakh, North Carolina State University; Michael Grace, North Carolina
State University; Xuxian Jiang, North Carolina State University
Panel: The New Security Paradigms Experience Moderator: Richard Ford, Florida Institute of Technology
Panelists:
Michael Locasto, University of Calgary
Victor Raskin, Purdue
Julia M. Taylor, Purdue
FISMA Training TR3 – Integrated Enterprise-Wide Risk Management
Friday, 10 December 2010
7:30-8:30
Breakfast (Ballroom Foyer)
8:30-10:00
Ballroom A San Jacinto West San Jacinto East Waterloo
Intrusion Detection and Live ForensicsKenneth F. ShottingComprehensive Shellcode Detection Using Runtime Heuristics Michalis Polychronakis, Columbia University; Kostas Anagnostakis, Niometrics R&D; Evangelos Markatos, FORTH-ICSCross-layer Comprehensive Intrusion Harm Analysis For Production Workload Server Systems Shengzhi
Zhang, Pennsylvania State University, University Park; Xiaoqi Jia,
Graduate University of Chinese academy of sciences; Peng Liu,
Pennsylvania State University, University Park; Jiwu Jing, Graduate
University of Chinese academy of sciencesForenscope: A Framework For Live Forensics Ellick
Chan, University of Illinois; Shivaram Venkataraman, University of
Illinois; Francis David, Microsoft; Amey Chaugule, University of
Illinois
Distributed Systems and Operating SystemsMichael FranzA Multi-user Steganographic File System On Untrusted Shared Storage Jin
Han, Singapore Management University; Meng Pan, Singapore Management
University; Debin Gao, Singapore Management University; HweeHwa Pang,
Singapore Management UniversityHeap Taichi: Exploiting Memory Allocation Granularity In Heap-spraying Attacks Yu
Ding, Institute of Computer Science and Technology, Peking University;
Tao Wei, Institute of Computer Science and Technology, Peking
University; Tielei Wang, Institute of Computer Science and Technology,
Peking University; ZhenKai Liang, Department of Computer Science, School
of Computing, National University of Singapore; Wei Zou, Institute of
Computer Science and Technology, Peking UniversityScoba: Source Code Based Attestation On Custom Software Liang
Gu, Peking University; Yao Guo, Peking University; Anbang Ruan, Peking
University; Qingni Shen, Peking University; Hong Mei, Peking University
Case Study Panel: Software Security Automation and Measurement Moderator: Joe Jarzombek, National Cyber Security Division, DHS
Panelists:
Don Davidson, OASD-NII/DoD
Nadya Bartol, Booz Allen Hamilton
Robert Seacord, CERT Coordination Center, Carnegie Mellon University
Carol Woody, SEI, Carnegie Mellon University
FISMA Training TR4 – Risk Assessments for Information Technology Systems
10:30-12:00
Ballroom A San Jacinto West Waterloo
Mobile and WirelessChristina SerbanParanoid Android: Versatile Protection For Smartphones Georgios
Portokalidis, Columbia University; Philip Homburg, Vrije Universiteit
Amsterdam; Herbert Bos, Vrije Universiteit AmsterdamExploiting Smart-phone Usb Connectivity For Fun And Profit Zhaohui Wang, George Mason University; Angelos Stavrou, George Mason UniversityDefending Dsss-based Broadcast Communication Against Insider Jammers Via Delayed Seed-disclosure An
Liu, North Carolina State University; Peng Ning, North Carolina State
University; Huaiyu Dai, North Carolina State University; Yao Liu, North
Carolina State University; Cliff Wang, Army Research Office
Security Engineering and ManagementEdward A. SchneiderAlways Up-to-date -- Scalable Offline Patching Of Vm Images In A Compute Cloud Wu
Zhou, North Carolina State University; Peng Ning, North Carolina State
University; Xiaolan Zhang, IBM; Glenn Ammons, IBM; Ruowen Wang, North
Carolina State University; Vasanth Bala, IBMA Framework For Testing Hardware-software Security Architectures Jeffrey
S. Dwoskin, Princeton University; Mahadevan Gomathisankaran, University
of North Texas; Yu-Yuan Chen, Princeton University; Ruby B. Lee,
Princeton UniversityTwo Methodologies For Physical Penetration Testing Using Social Engineering Trajce
Dimkov, University of Twente; Andre van Cleeff, University of Twente;
Wolter Pieters, University of Twente; Pieter Hartel, University of
Twente
FISMA Training TR4 – Risk Assessments for Information Technology Systems
12:00-12:30
Closing Session & Announcement of Best Paper (Ballroom A)
13:00-15:00
Optional Lunch at Stubb's BBQReservations required.