ACSAC2012 Program

Annual Computer Security Applications Conference (ACSAC) 2012
OpenConf Peer Review & Conference Management System

Monday, 3 December 2012
7:30-8:30
Breakfast (Cloister)
8:30-12:00
Windsor Sussex Knave Senate/Gallery Captain/Yeoman/Scribe
M1: Authentication & Authorization Standards for the Cloud

Half-Day

Hassan Takabi, University of Pittsburgh

 M3: Keeping Your Web Apps Secure: The OWASP Top 10 & Beyond

Half-Day

Robert H'obbes' Zakon, Zakon Group LLC

 M5: Contemporary Cryptography

CANCELLED

Dr. Rolf Oppliger, eSECURITY Technologies

 TF1: Tracer FIRE – Adversarial-based, Defensive Forensics Situational Awareness Exercise

Kevin Nauer, Benjamin Anderson, and Ted Reed, Sandia National Laboratories

 Layered Assurance Workshop (LAW)

Workshop Chair: Rance J. DeLong, Santa Clara University

Program Chair: Gabriela Ciocarlie, SRI International

Panel Chair: Peter G. Neumann, SRI International
12:00-13:30
Lunch (Cloister)
13:30-17:00
Windsor Sussex Knave Senate/Gallery Captain/Yeoman/Scribe
M2: Software Security Requirements Engineering

Half-Day

Nancy Mead, Software Engineering Institute

 M4: Security Metrics and Risk Analysis of Enterprise Networks: Techniques and Challenges

Half-Day

Anoop Singhal, NIST and Xinming (Simon) Ou, Kansas State University

 M5: Contemporary Cryptography

CANCELLED

 TF1: Tracer FIRE – Adversarial-based, Defensive Forensics Situational Awareness Exercise

(see above)

 Layered Assurance Workshop (LAW)

(see above)
Tuesday, 4 December 2012
7:30-8:30
Breakfast (Cloister)
8:30-12:00
Windsor Sussex Knave Senate/Gallery Cambridge Captain/Yeoman/Scribe
T6: Sophisticated Steganography

Full-Day

Mr. John A. Ortiz, Crucial Security Inc., Harris Corporation

 T7: Software Assurance Methods in Support of Cyber Security

Half-Day

Dr. Carol Woody, Software Engineering Institute

 T9: Windows Digital Forensics and Incident Response

Full-Day

Ms. Jamie Levy, Terremark Worldwide

 TF2: Tracer FIRE – Adversarial-based, Defensive Forensics Situational Awareness Exercise

Kevin Nauer, Benjamin Anderson, and Ted Reed, Sandia National Laboratories

 Cloud Computing Workshop (CCW) Harvey H. Rubinovitz Layered Assurance Workshop (LAW)

(see above)
12:00-13:30
Lunch (Cloister)
13:30-17:00
Windsor Sussex Knave Senate/Gallery Cambridge Captain/Yeoman/Scribe
T6: Sophisticated Steganography

(see above)

 T8: Systems Resilience and Metrics: A Cyber Security Perspective

Half-Day

Marco M. Carvalho, Richard Ford, and Liam M. Mayron, Harris Institute for Assured Information, Florida Institute of Technology

 T9: Windows Digital Forensics and Incident Response

(see above)

 TF2: Tracer FIRE – Adversarial-based, Defensive Forensics Situational Awareness Exercise

(see above)

 Cloud Computing Workshop (CCW)

(see above)

 Layered Assurance Workshop (LAW)

(see above)
18:00-20:00
Reception (Outback Restaurant Patio)
Wednesday, 5 December 2012
7:30-8:30
Breakfast (Hampton Court Assembly)
8:30-8:45
Welcome Session (Ireland B/C)
8:45-10:00
Distinguished Practitioner Keynote (Ireland B/C)

Ron Ross, Fellow, National Institute of Standards and Technology

Opening up a Second Front on Risk Management: Integrating Cyber Security Requirements into Main Stream Organizational Mission and Business Processes
10:00-10:30
Break (Hampton Court Assembly)
10:30-12:00
Ireland A Sapphire Diamond Emerald
Web SecurityMichael FranzJSand: Complete Client-Side Sandboxing of Third-Party JavaScript without Browser Modifications Pieter Agten; Steven Van Acker; Yoran Brondsema; Phu H. Phung; Lieven Desmet; Frank PiessensOne Year of SSL Internet Measurement Olivier Levillain; Arnaud Ébalard; Benjamin Morin; Hervé DebarDissecting Ghost Clicks: Ad Fraud Via Misdirected Human Clicks Sumayah A. Alrwais; Christopher W. Dunn; Minaxi Gupta; Alexandre Gerber; Oliver Spatscheck; Eric Osterweil Case Studies 1

Content Management Systems - the last frontier for Data Loss Prevention
Tamer Abuelsaad, IBM

Case Study of a Novel Application using the ISO/IEC Software Tagging Standard (ISO/IEC 19770-2) for Software Security
Dan Wolf/Ron Ball, Cyber Pack Ventures, Inc.

Security Paintings: Creating Useful Security Reports When You Don't Know What's Really Happening
Jonathan Grier, Vesaria

 Panel: The Future of Application Trustworthiness Peter Neumann

Nirav Dave, SRI International

Rance DeLong, Santa Clara University

Roger Schell, Aesec

Olin Sibert, Oxford Systems

 TR1: Cybersecurity in the Acquisition Process: The Transformed Lifecycle Risk Management Process

Ron Ross, NIST and Daniel Faigin, Aerospace
12:00-13:30
Lunch (England)
13:30-15:00
Ireland A Sapphire Diamond Emerald
Mobile SecurityChristoph SchubaPermission Evolution in the Android Ecosystem Xuetao Wei; Lorenzo Gomez; Iulian Neamtiu; Michalis FaloutsosPracticality of Accelerometer Side-Channel on Smartphones Adam J. Aviv; Benjamin Sapp; Matt Blaze; Jonathan M. SmithAnalysis of the Communication between Colluding Applications on Modern Smartphones Claudio Marforio; Hubert Ritzdorf; Aurélien Francillon; Srdjan Capkun Hardware SecurityMichael LocastoEnabling Trusted Scheduling in Embedded Systems Ramya Jayaram Masti; Claudio Marforio; Aanjhan Ranganathan; Aurélien Francillon; Srdjan CapkunTRESOR-HUNT: Attacking CPU-Bound Encryption Erik-Oliver Blass; William RobertsonWhen Hardware Meets Software: a Bulletproof Solution to Forensic Memory Acquisition Alessandro Reina; Aristide Fattori; Fabio Pagani; Lorenzo Cavallaro; Danilo Mauro Bruschi Panel: Growing the Skills Required for Trustworthy Software Ian Bryant

Ian Bryant, UK Trustworthy Software Initiative Joe Jarzombek, US Department of Homeland Security Dr Carol Woody, Software Engineering Institute

 TR1: Cybersecurity in the Acquisition Process: The Transformed Lifecycle Risk Management Process

(see above)
15:00-15:30
Break (Hampton Court Assembly)
15:30-16:30
Ireland A Sapphire Diamond Emerald
PasswordsPatrick TraynorTapas: Design, Implementation, and Usability Evaluation of a Password Manager Daniel McCarney; David Barrera; Jeremy Clark; Sonia Chiasson; Paul van OorschotOn Automated Image Choice for Secure and Usable Graphical Passwords Paul Dunphy; Patrick OlivierBuilding Better Passwords using Probabilistic Techniques Shiva Houshmand; Sudhir Aggarwal BotnetsWei WangCloud-based Push-Styled Mobile Botnets: A Case Study of Exploiting the Cloud to Device Messaging Service Shuang Zhao; Patrick P. C. Lee; John C. S. Lui; Xiaohong Guan; Xiaobo Ma; Jing TaoDISCLOSURE: Detecting Botnet Command and Control Servers Through Large-Scale NetFlow Analysis Leyla Bilge; Davide Balzarotti; William Robertson; Engin Kirda; Christopher Kruegel Panel: The NSPW Experience Cormac Herley

Selections of work from the 2012 New Security Paradigms Workshop

Holographic Vulnerability Studies: Vulnerabilities as Fractures in Interpretation as Information Flows Across Abstraction Boundaries

Beyond the Blacklist: Modeling Malware Spread and the Effect of Interventions

 TR1: Cybersecurity in the Acquisition Process: The Transformed Lifecycle Risk Management Process

(see above)
16:30-16:45
Short Break
16:45-17:45
Ireland B/C Emerald
Works-in-Progress Benjamin Kuperman TR1: Cybersecurity in the Acquisition Process: The Transformed Lifecycle Risk Management Process

(see above)
17:45-18:45
Classic Book Keynote (Ireland B/C)

Ross Anderson, Author and Professor, University of Cambridge, UK

Security Economics - A Personal Perspective

Security Economics - A Personal Perspective Ross Anderson
19:15-22:00
Conference Dinner (20Seven)
Thursday, 6 December 2012
7:30-8:30
Breakfast (Hampton Court Assembly)
8:30-8:45
Opening Remarks (Ireland B/C)
8:45-10:00
Invited Essayist Keynote (Ireland B/C)

Susan Alexander, Director, Safe and Secure Operations, IARPA

Trust Engineering — Rejecting the Tyranny of the Weakest Link

Trust Engineering - Rejecting the Tyranny of the Weakest Link Susan Alexander
10:00-10:30
Break (Hampton Court Assembly)
10:30-12:00
Ireland A Sapphire Diamond Emerald
AuthenticationEdward "Ed" Schneider SensorSift: Balancing Sensor Data Privacy and Utility in Automated Face Understanding Miro Enev; Jaeyeon Jung; Liefeng Bo; Xiaofeng Ren; Tadayoshi KohnoBiometric Authentication on a Mobile Device: A Study of User Effort, Error and Task Disruption Shari Trewin; Cal Swart; Larry Koved; Jacquelyn Martino; Kapil Singh; Shay Ben-DavidBetterAuth: Web Authentication Revisited Martin Johns; Sebastian Lekies; Bastian Braun; Benjamin Flesch Code Analysis TechniquesArt FriedmanUsing Memory Management to Detect and Extract Illegitimate Code for Malware Analysis Carsten Willems; Felix C. Freiling; Thorsten HolzDown to the Bare Metal: Using Processor Features for Binary Analysis Carsten Willems; Ralf Hund; Andreas Fobian; Dennis Felsch; Thorsten Holz; Amit VasudevanAugmenting Vulnerability Analysis of Binary Code Sean Heelan; Agustin Gianni Case Studies 2

Mobile Attacks Survey and Taxonomy
Wei Wang and Cristina Serban, AT&T

Forensically Important Artifacts Resulting from Usage of Cloud Client Services
Dr. Gaurav Gupta, Indraprastha Institute of Information Technology

Test and Evaluation of the PEASOUP security prototpe
Dr. David Melski, GrammaTech, Inc.

 TR2: Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53 Revision 4

Ron Ross, NIST
12:00-13:30
Lunch (England)
13:30-15:00
Ireland A Sapphire Diamond Emerald
Cloud SecurityThomas MoyerThinAV: Truly Lightweight Mobile Cloud-based Anti-malware Chris Jarabek; David Barrera; John AycockAbusing Cloud-based Browsers for Fun and Profit Vasant Tendulkar; Joe Pletcher; Ashwin Shashidharan; Ryan Snyder; Kevin Butler; William EnckIris: A Scalable Cloud File System with Efficient Integrity Checks Emil Stefanov; Marten van Dijk; Ari Juels; Alina Oprea Intrusion DetectionGabriela CiocarlieMalicious PDF Detection Using Metadata and Structural Features Charles Smutz; Angelos StavrouJarhead: Analysis and Detection of Malicious Java Applets Johannes Schlumberger; Christopher Kruegel; Giovanni VignaHi-Fi: Collecting High-Fidelity Whole-System Provenance Devin Pohly; Stephen McLaughlin; Patrick McDaniel; Kevin Butler Panel: Software Assurance Technology Gaps David Wheeler

David Wheeler, Institute for Defense Analyses

Kris Britton, NSA

Jeremy Epstein, National Science Foundation

Ian Bryant, UK Trustworthy Software Initiative

 TR3: Risk Assessment using NIST SP 800-30 and SP 800-39

Marshall Abrams, MITRE
15:00-15:30
Break (Hampton Court Assembly)
15:30-16:50
Ireland A Sapphire Diamond Emerald
PolicyHassan TakabiTransforming Commodity Security Policies to Enforce Clark-Wilson Integrity Divya Muthukumaran; Sandra Rueda; Nirupama Talele; Hayawardh Vijayakumar; Jason Teutsch; Trent JaegerCodeShield: Towards Personalized Application Whitelisting Christopher Gates; Ninghui Li; Jing Chen; Robert ProctorUsing Automated Model Analysis for Reasoning about Security of Web Protocols Apurva Kumar Protection MechanismsSecuring Untrusted Code via Compiler-Agnostic Binary Rewriting Richard Wartell; Vishwath Mohan; Kevin W. Hamlen; Zhiqiang LinCode Shredding: Byte-Granular Randomization of Program Layout for Detecting Code-Reuse Attacks Eitaro Shioji; Yuhei Kawakoya; Makoto Iwamura; Takeo HariuDistributed Application Tamper Detection Via Continuous Software Updates Christian Collberg; Sam Martin; Jonathan Myers; Jasvir Nagra Panel: Security and Privacy: Are they Two Sides of the Same Coin? Lillie Coney

Christopher Clifton, Perdue University

David Farber, U. of Pennsylvania

Sherry Burs-Howard, MITRE

 TR3: Risk Assessment using NIST SP 800-30 and SP 800-39

(see above)
16:50-17:00
Short Break
17:00-18:00
Industry Keynote (Ireland B/C)

Eran Feigenbaum, Director of Security, Google Enterprise

Is Cloud Computing the End of Security and Privacy As We Know It?
18:15-21:00
Reception and Poster Session (20Seven)
Friday, 7 December 2012
7:30-8:30
Breakfast (Outback Restaurant Patio)
8:30-10:00
Captain Yeoman Scribe
Malware Analysis and ClassificationBenjamin KupermanVAMO: Towards a Fully Automated Malware Clustering Validity Analysis Roberto Perdisci; ManChon UTowards Network Containment in Malware Analysis Systems Mariano Graziano; Corrado Leita; Davide BalzarottiLines of Malicious Code: Insights Into the Malicious Software Industry Martina Lindorfer; Alessandro Di Federico; Federico Maggi; Paolo Milani Comparetti; Stefano Zanero Software SecurityCristina SerbanGeneralized Vulnerability Extrapolation using Abstract Syntax Trees Fabian Yamaguchi; Markus Lottmann; Konrad RieckXIAO: Tuning Code Clones at Hands of Engineers in Practice Yingnong Dang; Dongmei Zhang; Song Ge; Chengyun Chu; Yingjun Qiu; Tao XieSelf-healing Multitier Architectures using Cascading Rescue Points Angeliki Zavou; Georgios Portokalidis; Angelos D. Keromytis TR4: Continuous Assessment
10:00-10:30
Break (Cloister/Lobby)
10:30-12:00
Captain Yeoman Scribe
Social Networking SecurityRaheem A. BeyahTwitter Games: How Successful Spammers Pick Targets Vasumathi Sridharan; Vaibhav Shankar; Minaxi GuptaAll Your Faces Are Belong to Us: Breaking Facebook's Social Authentication Jason Polakis; Marco Lancini; Georgios Kontaxis; Federico Maggi; Sotiris Ioannidis; Angelos D. Keromytis; Stefano ZaneroEnabling Private Conversations on Twitter Indrajeet Singh; Michael Butkiewicz; Harsha Madhyastha; Srikanth V. Krishnamurthy; Sateesh Addepalli Systems SecurityCharles PayneSeparation Virtual Machine Monitors John McDermott; Bruce Montrose; Myong Kang; Margery Li; James KirbyEfficient Protection of Kernel Data Structures via Object Partitioning Abhinav Srivastava; Jonathon GiffinTrueErase: Per-file Secure Deletion for the Storage Data Path Sarah Diesburg; Christopher Meyers; Mark Stanovich; Michael Mitchell; Justin Marshall; Julia Gould; An-I Andy Wang; Geoff Kuenning "On The Horizon" Panel

Michael McEvilley, MITRE Corp.

Ron Ross, NIST

Daniel Faigin, Aerospace Corp.
12:00-12:30
Closing and Awards (Cloister)

Giveaways too, so don't plan on leaving early!
12:30-17:15
Free TimeExplore Downtown Disney or just hang out by the pool
17:30-19:30
Social Event: Cirque du Soleil's "La Nouba"

Show seating is at 5:30pm. The Cirque du Soleil theatre is located on the far side of Downtown Disney - across the street from the hotel.

Pre-purchased tickets may be picked up at the ACSAC registration desk.

Powered by OpenConf ®
Copyright©2002-2014 Zakon Group LLC

AltStyle によって変換されたページ (->オリジナル) /