Accepted Papers
Tutorials
- Secure Coding Practices, Automated Assessment Tools and the SWAMP. Barton P. Miller and Elisa Heymann (University of Wisconsin-Madison)
- Secure Your Things: Secure Development of IoT Software with Frama-C. Allan Blanchard (Inria Lille – Nord Europe, France), Nikolai Kosmatov (CEA, Software Reliability and Security Lab, France), Frédéric Loulergue (School of Informatics Computing and Cyber Systems, Northern Arizona University)
- Continuous Verification of Critical Software. Mike Dodds, Stephen Magill, Aaron Tomb (Galois, Inc.)
- DeepState: Bringing Vulnerability Detection Tools into the Development Cycle. Peter Goodman, Gustavo Grieco (Trail of Bits, Inc.), Alex Groce (School of Informatics, Computing & Cyber Systems, Northern Arizona University)
- Parry and RIPOSTE: Honing Cybersecurity Skills with Challenge-Based Exercises. Jan Werner (University of North Carolina at Chapel Hill), Fabian Monrose (University of North Carolina at Chapel Hill)
- Principles and Practices of Secure Coding. Sazzadur Rahaman, Na Meng, Daphne Yao (Virginia Tech)
- Building Secure and Trustworthy Blockchain Applications. Chengjun Cai, Huayi Duan, and Cong Wang (City University of Hong Kong)
Papers
- Tyche: A Risk-Based Permission Model for Smart Homes. Amir Rahmati (Samsung Research America/Stony Brook University), Earlence Fernandes (University of Washington), Kevin Eykholt (University of Michigan), and Atul Prakash (University of Michigan)
- BP: Formal Proofs, the Fine Print and Side Effects. Toby Murray (University of Melbourne) and Paul van Oorschot (Carleton University)
- BP: Security Concerns and Best Practices for Automation of Software Deployment Processes – An Industrial Case Study. Vaishnavi Mohan (Deloitte Analytics Institute),
Lotfi ben Othmane (Iowa State University), and Andre Kres (IBM) - Checked C: Making C Safe by Extension. Archibald Samuel Elliott (University of Washington), Andrew Ruef (University of Maryland), Michael Hicks (University of Maryland), and David Tarditi (Microsoft Research)
- Transforming Code to Drop Dead Privileges. Xiaoyu Hu (BitFusion.io Inc.), Jie Zhou (University of Rochester), Spyridoula Gravani (University of Rochester), and John Criswell (University of Rochester)
- Detecting leaks of sensitive data due to stale reads. Will Snavely, William Klieber, Ryan Steele, David Svoboda, and Andrew Kotov (Software Engineering Institute – Carnegie Mellon University)
- BP: DECREE: A Platform and Benchmark Corpus for Repeatable and Reproducible Security Experiments. Lok Yan (Air Force Research Laboratory), Benjamin Price (MIT Lincoln Laboratory), Michael Zhivich (MIT Lincoln Laboratory), Brian Caswell (Lunge Technology), Christopher Eagle (Naval Postgraduate School), Michael Frantzen (Kudu Dynamics), Holt Sorenson (Google Inc.), Michael Thompson (Naval Postgraduate School), Timothy Vidas (Carnegie Mellon University), Jason Wright (Thought Networks), Vernon Rivet (MIT Lincoln Laboratory), Samuel Colt VanWinkle (MIT Lincoln Laboratory), and Clark Wood (MIT Lincoln Laboratory)
- There’s a Hole in the Bottom of the C: On the Effectiveness of Allocation Protection. Ronald Gil (MIT CSAIL), Hamed Okhravi (MIT Lincoln Laboratory), and Howard Shrobe (MIT CSAIL).
- Light-touch Interventions to Improve Software Development Security. Charles Weir (Lancaster University, UK), Lynne Blair (Lancaster University, UK), Ingolf Becker (University College London, UK), Angela Sasse (University College London, UK), and James Noble (Victoria University of Wellington, NZ)
- SGL: A domain-specific language for large-scale analysis of open-source code. Darius Foo, Ang Ming Yi, Jason Yeo, and Asankhaya Sharma (SourceClear, Inc.)
- A Lingua Franca for Security by Design. Alexander van den Berghe (imec-DistriNet, KU Leuven), Koen Yskout (imec-DistriNet, KU Leuven), Riccardo Scandariato (Software Engineering Division, University of Gothenburg), and Wouter Joosen (imec-DistriNet, KU Leuven).
- BP: Integrating Cyber Vulnerability Assessments Earlier into the Systems Development Lifecycle. Sonja Glumich, Juanita Riley, Paul Ratazzi, and Amanda Ozanam (Air Force Research Laboratory Information Directorate)
- Towards Understanding the Adoption of Anti-Spoofing Protocols in Email Systems. Hang Hu, Peng Peng, and Gang Wang (Virginia Tech)
- BP: Profiling Vulnerabilities on the Attack Surface. Christopher Theisen, Hyunwoo Sohn, Dawson Tripp, and Laurie Williams (North Carolina State University)
PSA Talks
- Scalable Static Analysis to Detect Security Vulnerabilities: Challenges and Solutions. Francois Gauthier, Nathan Keynes, Nicholas Allen, Diane Corney, and Padmanabhan Krishnan (Oracle Labs, Australia)
- Applied Threat Driven Security Verification. Danny Dhillon and Vishal Mishra (Dell)
- Rethinking Secure DevOps Threat Modeling: The Need for a Dual Velocity Approach. Altaz Valani (Security Compass)
- Automating Threat Intelligence for SDL. Raghudeep Kannavara (Intel Corp), Jacob Vangore (Olivet Nazarene University), Marcus Lindholm (Intel Corp), and Priti Shrivastav (Intel Corp).
- Reducing Attack Surface via Executable Transformation. Sukarno Mertoguno, Ryan Craven, Daniel Koller, and Matthew Mickelson (ONR)
- Designing Secure and Resilient Embedded Avionics Systems. Jason H. Li (Intelligent Automation Inc.), Douglas Schafer (Air Force Research Laboratories), David Whelihan (MIT Lincoln Laboratories), Stefano Lassini (GE Aviation Systems), Nicholas Evancich (Intelligent Automation Inc.), Kyung Joon Kwak (Intelligent Automation Inc.), Mike Vai (MIT Lincoln Laboratories), and Haley Whitman (MIT Lincoln Laboratories)
- Data Integrity: Recovering from Ransomware and Other Destructive Events. Timothy McBride (NIST), Anne Townsend (MITRE), Michael Ekstrom (MITRE), Lauren Lusty (MITRE), and Julian Sexton (MITRE)
- Securing Wireless Infusion Pumps. Andrea Arbelaez (NIST), Sue Wang (MITRE), Sallie Edwards (MITRE), Kevin Littlefield (MITRE), and Kangmin Zheng (MITRE)
- Best Practice for Developing Secure and Trusted Enterprise Storage & Computing Products. Xuan Tang (Dell)
- Experiment: Sizing Exposed Credentials in GitHub Public Repositories for CI/CD. Hasan Yasar (Software Engineering Institute, CMU)
Posters
Eric Kilmer, Lincoln Laboratory, Massachusetts Institute of Technology
Timothy Braje Lincoln, Laboratory, Massachusetts Institute of Technology
Dinara Doyle, Lincoln Laboratory, Massachusetts Institute of Technology
Tim Meunier, Lincoln Laboratory, Massachusetts Institute of Technology
Philip Zucker, Lincoln Laboratory, Massachusetts Institute of Technology
Jeffrey Huges, Lincoln Laboratory, Massachusetts Institute of Technology
Michael Depot, Lincoln Laboratory, Massachusetts Institute of Technology
Mark Mazumder, Lincoln Laboratory, Massachusetts Institute of Technology
George Baah, Lincoln Laboratory, Massachusetts Institute of Technology
Karishma Chadha, Lincoln Laboratory, Massachusetts Institute of Technology
Robert Cunningham, Lincoln Laboratory, Massachusetts Institute of Technology
Raghudeep Kannavara, Intel Corp
Jacob Vangore Olivet, Nazarene University
William Roberts Olivet, Nazarene University
Marcus Lindholm, Intel Corp
Priti Shrivastav, Intel Corp
Isaac Richter, University of Rochester
Yufei Du, University of Rochester
John Criswell, University of Rochester
Xiaoyu Hu, BitFusion.io Inc.
Jie Zhou, University of Rochester
Spyridoula Gravani, University of Rochester
John Criswell, University of Rochester
Andrew S. Gearhart, The Johns Hopkins University Applied Physics Laboratory
Timothy McBride, NIST
Anne Townsend, MITRE
Michael Ekstrom, MITRE
Lauren Lusty, MITRE
Julian Sexton, MITRE
Md Salman Ahmed, Virginia Polytechnic Institute and State University
Danfeng Yao, Virginia Polytechnic Institute and State University
Haipeng Cai, Washington State University
Ya Xiao, Department of Computer Science, Virginia Tech
Danfeng (Daphne) Yao, Department of Computer Science, Virginia Tech
Pubali Datta, University of Illinois at Urbana-Champaign
Tristan Morris, Samsung Research America
Hayawardh Vijayakumar, Samsung Research America
Michael Grace, Samsung Research America
Adam Bates, University of Illinois at Urbana-Champaign
Amir Rahmati, Samsung Research America, Stony Brook University
Darius Suciu, Stony Brook University
Stephen McLaughlin, Samsung Research America
Hayawardh Vijayakumar, Samsung Research America
Lee Harrison, Samsung Research America
Michael Grace, Samsung Research America
Amir Rahmati, Stony Brook University, Samsung Research America
- Practitioners Session – Small Businesses are Between a Cyber-Rock and a Cyber-Hard-Place
John R. Budenske, Andrew G. Budenske, Cyberific Secure Autonomous Systems Ltd.
Marco Carvalho, Florida Institute of Technology
Rosalie M. McQuaid, MITRE
Deborah J. Bodeau, MITRE
Richard D. Graubart, MITRE