September 24-26, 2017 At the Hyatt Regency, Cambridge, MA

IEEE Secure Development Conference



Posted on: June 30th, 2017 by Jessica Hedges
Sunday, September 24 2017


12:30pm – 7:00pm

Exhibits open

1:30pm – 5:00pm

Tutorial Session A

1:30pm – 3:00pm


3:00pm – 3:30pm

Tutorial Session B

3:30pm – 5:00pm


5:00pm – 7:00pm

Poster session

5:00pm – 7:00pm


Monday, September 25 2017


7:00am – 5:00pm


8:00am – 5:00pm


8:00am – 9:00am


9:00am – 9:15am

Keynote I

9:15am – 10:15am


10:15am – 10:40am

Session 1: Helping Developers

10:40am – 12:15pm

A Machine Learning Approach to SDL

10:45am – 11:15am

Raghudeep Kannavara, Gilad Gressel, Damilare Fagbemi, Richard Chow (Intel Corp)

Improving Attention to Security in Software Design with Analytics and Cognitive Techniques

11:15am – 11:45am

Jim Whitmore, Will Tobin (IBM)

Developers need support, too: A Survey of Security Advice for Software Developers

11:45m – 12:15pm

Yasemin Acar (Leibniz University Hannover); Christian Stransky, Dominik Wermke (CISPA, Saarland University); Charles Weir (Lancaster University); Michelle Mazurek (University of Maryland, College Park); Sascha Fahl (Leibniz University Hannover)


12:15pm – 1:15pm

Keynote II

1:15pm – 2:15pm


2:15pm – 2:40pm

Session 2: Preventing Vulnerabilities Systematically

2:40pm – 4:45pm

A Software Solution for Hardware Vulnerabilities

2:45pm – 3:15pm

Komail Dharsee, Ethan Johnson, John Criswell (University of Rochester)

ASLR: How Robust is the Randomness?

3:15pm – 3:45pm

Jonathan Ganz, Sean Peisert (University of California, Davis)

Layering Security at Global Control Points to Secure Unmodified Software

3:45pm – 4:15pm

Scott Ruoti (MIT Lincoln Laboratory); Kent Seamons, Danial Zappala (Brigham Young University)

Empirical Studies on the Security and Usability Impact of Immutability

4:15pm – 4:45pm

Sam Weber (New York University); Michael Coblenz, Brad Myers, Jonathan Aldrich, Joshua Sunshine (Carnegie Mellon University)

Day 1 Wrap-up

4:45pm – 5:00pm

Birds of a Feather Meetings

5:00pm – 5:30pm

Women in Cyber Security
Helping Organize SecDev 2018

Dinner on your own


Tuesday 26 September 2017


7:00am – 5:00pm


8:00am – 3:00pm


8:00am – 9:00am

IEEE Awards

9:00am – 9:30am

The IEEE Cybersecurity Award for Practice

The IEEE Cybersecurity Award for Innovation
General Chair Report and Awards (Committees)
PC Chair Report and Awards (Best Paper, Best Reviewer)

Keynote III

9:30am – 10:30am


10:30am – 10:55am

Session 3: Program Support to Improve Security

10:55am -12:00pm 

Securing Dataverse with an Adapted Command Design Pattern

11:00am – 11:30am

Gustavo Durand (Harvard University); Michael Bar-Sinai (Ben-Gurion University of the Negev); Mercè Crosas (Harvard University)

Toward Automatic Program Analysis of Cryptography Implementations for Security

11:30am – 12:00pm

Sazzadur Rahaman (Virginia Tech); Danfeng (Daphne) Yao (Virginia Tech)


12:00pm – 12:55pm

Session 3: Program Support to Improve Security, Part II

12:55pm – 2:00pm 

FaCT: a Flexible Constant-time Programming Language

1:00pm – 1:30pm

Fraser Brown (Stanford); Sunjay Cauligi, Yunlu Huang, Brian Johannesmeyer, Gary Soeller, Ranjit Jhala, Deian Stefan (UC San Diego)

Something Is Better Than Everything: A Distributed Approach to Audit log Anomaly Detection

1:30pm – 2:00pm

Isis Rose (ICASA/NMT); Nicholas Felts (unaffiliated); Alexander George, Emily Miller, Max Planck (ICASA/NMT)

Lightning Talks

2:00pm – 2:30pm

Creating Abuse Cases Based on Attack Patterns: A User Study

Imano Williams and Xiaohong Yuan (North Carolina A&T State University)

Evaluation of Software Vulnerabilities in Vehicle Electronic Control Units

Jesse Edwards, Ameer Kashani, Gopalakrishnan Iyer (DENSO International America Inc.)


2:30pm – 3:00pm

Panel: Building a Business Around Secure Development

3:00pm – 4:30pm

Dr. Nadia Carlsten, Reed Sturtevant, Chris Wysopal, Dr. Andreas Kuehlmann, and Stephen Boyer
Moderator: Robert Cunningham

In the wake of on-going cyber-attacks against users (WannaCry), companies (Dyn), and countries (Petya), secure development is becoming increasingly important. Although these attacks are all recent, members of this panel are pioneers who anticipated these attacks. In some cases they are seeking to bring new tools and technologies to defend against these attacks, and in others they have already brought some of the best available tools to market. This panel will explore the process of finding a great idea that will matter, getting some seed funding to build a product, getting help from an incubator, and bringing that product to market.

Dr. Nadia Carlsten is the program manager for the Transition to Practice (TTP) program in the Cyber Security Division (CSD) of the Homeland Security Advanced Research Projects Agency in the DHS S&T. The TTP program identifies promising federally funded cybersecurity research and accelerates transition from the laboratory to the marketplace through partnerships and commercialization. Prior to her position in CSD, Dr. Carlsten led projects to improve Intellectual Property (IP) management and enterprise innovation, drive research and industrial partnerships, and promote technology transfer and commercialization at Accenture and the U.S. Department of Energy. She also is the founder of Carlsten Innovation LLC, a consultancy that specializes in providing services and solutions for implementing Open Innovation, leveraging IP, and quantifying innovation. She completed the Management of Technology Program at the Haas School of Business and earned degrees in physics and chemistry from the University of Virginia and a doctorate in engineering from the University of California, Berkeley.

Reed Sturtevant is a General Partner at The Engine, a technology venture fund launched by MIT. Reed was a Managing Director at seed venture fund Project 11 and Techstars Boston. He attended MIT and has a background in software. He ran Microsoft Startup Labs in Cambridge and was VP of Technology at Idealab, Boston. Early in his career he created Freelance Graphics which was acquired by Lotus Development Corp. He has been a lecturer at MIT Sloan and is a frequent speaker in MIT entrepreneurship courses and programs.

Chris Wysopal is Co-Founder, Chief Technology Officer at Veracode, which he co-founded in 2006. He oversees technology strategy and information security. Prior to Veracode, Chris was vice president of research and development at security consultancy @stake, which was acquired by Symantec. In the 1990’s, Chris was one of the original vulnerability researchers at The L0pht, a hacker think tank, where he was one of the first to publicize the risks of insecure software. He has testified to the US Congress on the subjects of government security and how vulnerabilities are discovered in software. Chris received a BS in computer and systems engineering from Rensselaer Polytechnic Institute. He is the author of The Art of Software Security Testing.

Dr. Andreas Kuehlmann is Senior Vice President and general manager of the Software Integrity Group at Synopsys. In this role, Dr. Kuehlmann is responsible for leading the company’s software quality and security solutions business which is focused on products and services for ensuring the security and improving the quality of all software that is omnipresent in our lives. Prior to joining Synopsys in 2014 as part of the Coverity acquisition, Dr. Kuehlmann served as senior vice president of research and development at Coverity where he was responsible for global R&D activities. From 2003 to 2010, he served as Fellow and Director of Cadence Research Laboratories, where he led the company’s advanced research and development, including systems and software verification technologies. Prior to Cadence, he was part of the IBM T.J. Watson Research Center. His work on functional equivalence verification was key to the development of IBM’s high-end processors and was later broadly adopted by the industry.

Stephen Boyer serves as the CTO of BitSight Technologies, which he cofounded in 2011. BitSight provides evidence-based ratings of security effectiveness to help organizations manage their security risk. Previously, Stephen was President & Cofounder of Saperix. He also led R&D programs at MIT Lincoln Laboratory, and he designed, developed, and tested products at Caldera Systems. He holds a Bachelors in Computer Science from BYU and Master of Science in Engineering and Management from MIT.

The panel will be moderated by Dr. Robert Cunningham of MIT Lincoln Laboratory. Dr. Cunningham is the leader of the Secure Resilient Systems and Technology Group and is responsible for initiating and managing research and development programs in cyber resilience and computer security. He also chairs the IEEE Cybersecurity Initiative.

Send advance questions to the Panel through twitter by referencing #IEEESecDev.

Wrap up and see you at SecDev 2018!

4:30pm – 4:45pm