IEEE Cybersecurity Development Conference

September 30-October 2, 2018 | Cambridge, MA

Sponsored by the IEEE Computer Society Technical Committee on Security and Privacy

  Register

Accepted Papers

Posted on: May 17th, 2018 by Jessica Hedges
SecDev ’18 Accepted Papers

Accepted Papers Download

Tutorials

  1. Secure Coding Practices, Automated Assessment Tools and the SWAMP. Barton P. Miller and Elisa Heymann (University of Wisconsin-Madison)
  2. Secure Your Things: Secure Development of IoT Software with Frama-C. Allan Blanchard (Inria Lille – Nord Europe, France), Nikolai Kosmatov (CEA, Software Reliability and Security Lab, France), Frédéric Loulergue (School of Informatics Computing and Cyber Systems, Northern Arizona University)
  3. Continuous Verification of Critical Software. Mike Dodds, Stephen Magill, Aaron Tomb (Galois, Inc.)
  4. DeepState: Bringing Vulnerability Detection Tools into the Development Cycle. Peter Goodman, Gustavo Grieco (Trail of Bits, Inc.), Alex Groce (School of Informatics, Computing & Cyber Systems, Northern Arizona University)
  5. Parry and RIPOSTE: Honing Cybersecurity Skills with Challenge-Based Exercises. Jan Werner (University of North Carolina at Chapel Hill), Fabian Monrose (University of North Carolina at Chapel Hill)
  6. Principles and Practices of Secure Coding. Sazzadur Rahaman, Na Meng, Daphne Yao (Virginia Tech)
  7. Building Secure and Trustworthy Blockchain Applications. Chengjun Cai, Huayi Duan, and Cong Wang (City University of Hong Kong)

Papers

  1. Tyche: A Risk-Based Permission Model for Smart Homes. Amir Rahmati (Samsung Research America/Stony Brook University), Earlence Fernandes (University of Washington), Kevin Eykholt (University of Michigan), and Atul Prakash (University of Michigan)
  2. BP: Formal Proofs, the Fine Print and Side Effects. Toby Murray (University of Melbourne) and Paul van Oorschot (Carleton University)
  3. BP: Security Concerns and Best Practices for Automation of Software Deployment Processes – An Industrial Case Study. Vaishnavi Mohan (Deloitte Analytics Institute),
    Lotfi ben Othmane (Iowa State University), and Andre Kres (IBM)
  4. Checked C: Making C Safe by Extension. Archibald Samuel Elliott (University of Washington), Andrew Ruef (University of Maryland), Michael Hicks (University of Maryland), and David Tarditi (Microsoft Research)
  5. Transforming Code to Drop Dead Privileges. Xiaoyu Hu (BitFusion.io Inc.), Jie Zhou (University of Rochester), Spyridoula Gravani (University of Rochester), and John Criswell (University of Rochester)
  6. Detecting leaks of sensitive data due to stale reads. Will Snavely, William Klieber, Ryan Steele, David Svoboda, and Andrew Kotov (Software Engineering Institute – Carnegie Mellon University)
  7. BP: DECREE: A Platform and Benchmark Corpus for Repeatable and Reproducible Security Experiments. Lok Yan (Air Force Research Laboratory), Benjamin Price (MIT Lincoln Laboratory), Michael Zhivich (MIT Lincoln Laboratory), Brian Caswell (Lunge Technology), Christopher Eagle (Naval Postgraduate School), Michael Frantzen (Kudu Dynamics), Holt Sorenson (Google Inc.), Michael Thompson (Naval Postgraduate School), Timothy Vidas (Carnegie Mellon University), Jason Wright (Thought Networks), Vernon Rivet (MIT Lincoln Laboratory), Samuel Colt VanWinkle (MIT Lincoln Laboratory), and Clark Wood (MIT Lincoln Laboratory)
  8. There’s a Hole in the Bottom of the C: On the Effectiveness of Allocation Protection. Ronald Gil (MIT CSAIL), Hamed Okhravi (MIT Lincoln Laboratory), and Howard Shrobe (MIT CSAIL).
  9. Light-touch Interventions to Improve Software Development Security. Charles Weir (Lancaster University, UK), Lynne Blair (Lancaster University, UK), Ingolf Becker (University College London, UK), Angela Sasse (University College London, UK), and James Noble (Victoria University of Wellington, NZ)
  10. SGL: A domain-specific language for large-scale analysis of open-source code. Darius Foo, Ang Ming Yi, Jason Yeo, and Asankhaya Sharma (SourceClear, Inc.)
  11. A Lingua Franca for Security by Design. Alexander van den Berghe (imec-DistriNet, KU Leuven), Koen Yskout (imec-DistriNet, KU Leuven), Riccardo Scandariato (Software Engineering Division, University of Gothenburg), and Wouter Joosen (imec-DistriNet, KU Leuven).
  12. BP: Integrating Cyber Vulnerability Assessments Earlier into the Systems Development Lifecycle. Sonja Glumich, Juanita Riley, Paul Ratazzi, and Amanda Ozanam (Air Force Research Laboratory Information Directorate)
  13. Towards Understanding the Adoption of Anti-Spoofing Protocols in Email Systems. Hang Hu, Peng Peng, and Gang Wang (Virginia Tech)
  14. BP: Profiling Vulnerabilities on the Attack Surface. Christopher Theisen, Hyunwoo Sohn, Dawson Tripp, and Laurie Williams (North Carolina State University)

PSA Talks

  1. Scalable Static Analysis to Detect Security Vulnerabilities: Challenges and Solutions. Francois Gauthier, Nathan Keynes, Nicholas Allen, Diane Corney, and Padmanabhan Krishnan (Oracle Labs, Australia
  2. Applied Threat Driven Security Verification. Danny Dhillon and Vishal Mishra (Dell)
  3. Rethinking Secure DevOps Threat Modeling: The Need for a Dual Velocity Approach. Altaz Valani (Security Compass)
  4. Automating Threat Intelligence for SDL. Raghudeep Kannavara (Intel Corp), Jacob Vangore (Olivet Nazarene University), Marcus Lindholm (Intel Corp), and Priti Shrivastav (Intel Corp).
  5. Reducing Attack Surface via Executable Transformation. Sukarno Mertoguno, Ryan Craven, Daniel Koller, and Matthew Mickelson (ONR)
  6. Designing Secure and Resilient Embedded Avionics Systems. Jason H. Li (Intelligent Automation Inc.), Douglas Schafer (Air Force Research Laboratories), David Whelihan (MIT Lincoln Laboratories), Stefano Lassini (GE Aviation Systems), Nicholas Evancich (Intelligent Automation Inc.), Kyung Joon Kwak (Intelligent Automation Inc.), Mike Vai (MIT Lincoln Laboratories), and Haley Whitman (MIT Lincoln Laboratories)
  7. Data Integrity: Recovering from Ransomware and Other Destructive Events. Timothy McBride (NIST), Anne Townsend (MITRE), Michael Ekstrom (MITRE), Lauren Lusty (MITRE), and Julian Sexton (MITRE)
  8. Securing Wireless Infusion Pumps. Andrea Arbelaez (NIST), Sue Wang (MITRE), Sallie Edwards (MITRE), Kevin Littlefield (MITRE), and Kangmin Zheng (MITRE)
  9. Best Practice for Developing Secure and Trusted Enterprise Storage & Computing Products. Xuan Tang (Dell)
  10. Experiment: Sizing Exposed Credentials in GitHub Public Repositories for CI/CD. Hasan Yasar (Software Engineering Institute, CMU)

Posters

  1. A Test Infrastructure for Self-Adaptive Software Systems

              Eric Kilmer, Lincoln Laboratory, Massachusetts Institute of Technology
              Timothy Braje Lincoln, Laboratory, Massachusetts Institute of Technology
              Dinara Doyle, Lincoln Laboratory, Massachusetts Institute of Technology
              Tim Meunier, Lincoln Laboratory, Massachusetts Institute of Technology
              Philip Zucker, Lincoln Laboratory, Massachusetts Institute of Technology
              Jeffrey Huges, Lincoln Laboratory, Massachusetts Institute of Technology
              Michael Depot, Lincoln Laboratory, Massachusetts Institute of Technology
              Mark Mazumder, Lincoln Laboratory, Massachusetts Institute of Technology
              George Baah, Lincoln Laboratory, Massachusetts Institute of Technology
              Karishma Chadha, Lincoln Laboratory, Massachusetts Institute of Technology
              Robert Cunningham, Lincoln Laboratory, Massachusetts Institute of Technology

  1. Automating Threat Intelligence for SDL

              Raghudeep Kannavara, Intel Corp
              Jacob Vangore Olivet, Nazarene University
              William Roberts Olivet, Nazarene University
              Marcus Lindholm, Intel Corp
              Priti Shrivastav, Intel Corp

  1. Trapping Spectres in Speculation Domains

              Isaac Richter, University of Rochester
              Yufei Du, University of Rochester
              John Criswell, University of Rochester

  1. Transforming Code to Drop Dead Privileges

              Xiaoyu Hu, BitFusion.io Inc.
              Jie Zhou, University of Rochester
              Spyridoula Gravani, University of Rochester
              John Criswell, University of Rochester

  1. Diversity for Software Resilience

              Andrew S. Gearhart, The Johns Hopkins University Applied Physics Laboratory

  1. Data Integrity

              Timothy McBride, NIST
              Anne Townsend, MITRE
              Michael Ekstrom, MITRE
              Lauren Lusty, MITRE
              Julian Sexton, MITRE

  1. Extracting Anti-specifications from Vulnerabilities for Program Hardening

              Md Salman Ahmed, Virginia Polytechnic Institute and State University
              Danfeng Yao, Virginia Polytechnic Institute and State University
              Haipeng Cai, Washington State University

  1. Automatic Patch Generation for Security Functional Vulnerabilities with GAN

              Ya Xiao, Department of Computer Science, Virginia Tech
              Danfeng (Daphne) Yao, Department of Computer Science, Virginia Tech

  1. Toward Secure and Serverless Trigger-Action Platforms

              Pubali Datta, University of Illinois at Urbana-Champaign
              Tristan Morris, Samsung Research America
              Hayawardh Vijayakumar, Samsung Research America
              Michael Grace, Samsung Research America
              Adam Bates, University of Illinois at Urbana-Champaign
              Amir Rahmati, Samsung Research America, Stony Brook University

  1. Automatic Detection of Confused-Deputy Attacks on ARM TrustZone Environments

              Darius Suciu, Stony Brook University
              Stephen McLaughlin, Samsung Research America
              Hayawardh Vijayakumar, Samsung Research America
              Lee Harrison, Samsung Research America
              Michael Grace, Samsung Research America
              Amir Rahmati, Stony Brook University, Samsung Research America

  1. Practitioners Session – Small Businesses are Between a Cyber-Rock and a Cyber-Hard-Place

              John R. Budenske, Andrew G. Budenske, Cyberific Secure Autonomous Systems Ltd.
 

  1. Command, Control and Coordination of Moving Target Defenses

              Marco Carvalho, Florida Institute of Technology
 

  1. Moving Target Defenses and Cyber Resiliency

              Rosalie M. McQuaid, MITRE
              Deborah J. Bodeau, MITRE
              Richard D. Graubart, MITRE