IEEE Cybersecurity Development Conference

September 30-October 2, 2018 | Cambridge, MA

Sponsored by the IEEE Computer Society Technical Committee on Security and Privacy

  Register

Agenda

Posted on: May 17th, 2018 by Jessica Hedges
Sunday, September 30, 2018

Registration

12:30pm – 7:00pm

Exhibits open

1:30pm – 5:00pm

Tutorial Session A

1:30pm – 3:00pm

Building Secure Consortium Blockchains for Decentralized Applications. Cong Wang, Chengjun Cai (City University of Hong Kong)

Secure Coding Practices, Automated Assessment Tools and the SWAMP. (Part I) Barton P. Miller and Elisa Heymann (University of Wisconsin-Madison)

Secure Your Things: Secure Development of IoT Software with Frama-C. (Part I) Allan Blanchard (Inria Lille – Nord Europe, France), Nikolai Kosmatov (CEA, Software Reliability and Security Lab, France), Frédéric Loulergue (School of Informatics Computing and Cyber Systems, Northern Arizona University)

Continuous Verification of Critical Software. (Part I) Mike Dodds, Stephen Magill, Aaron Tomb (Galois, Inc.)

DeepState: Bringing Vulnerability Detection Tools into the Development Cycle. (Part I) Peter Goodman, Gustavo Grieco (Trail of Bits, Inc.), Alex Groce (School of Informatics, Computing & Cyber Systems, Northern Arizona University)

Parry and RIPOSTE: Honing Cybersecurity Skills with Challenge-Based Exercises. (Part I) Jan Werner (University of North Carolina at Chapel Hill), Fabian Monrose (University of North Carolina at Chapel Hill)

BREAK

3:00pm – 3:30pm

Tutorial Session B

3:30pm – 5:00pm

Principles and Practices of Secure Coding. Sazzadur Rahaman, Na Meng, Daphne Yao (Virginia Tech)

Secure Coding Practices, Automated Assessment Tools and the SWAMP. (Part II) Barton P. Miller and Elisa Heymann (University of Wisconsin-Madison)

Secure Your Things: Secure Development of IoT Software with Frama-C. (Part II) Allan Blanchard (Inria Lille – Nord Europe, France), Nikolai Kosmatov (CEA, Software Reliability and Security Lab, France), Frédéric Loulergue (School of Informatics Computing and Cyber Systems, Northern Arizona University)

Continuous Verification of Critical Software. (Part II) Mike Dodds, Stephen Magill, Aaron Tomb (Galois, Inc.)

DeepState: Bringing Vulnerability Detection Tools into the Development Cycle. (Part II) Peter Goodman, Gustavo Grieco (Trail of Bits, Inc.), Alex Groce (School of Informatics, Computing & Cyber Systems, Northern Arizona University)

Parry and RIPOSTE: Honing Cybersecurity Skills with Challenge-Based Exercises. (Part II) Jan Werner (University of North Carolina at Chapel Hill), Fabian Monrose (University of North Carolina at Chapel Hill)

Reception

5:00pm – 7:00pm

Poster session

5:00pm – 7:00pm

Coming Soon

 

Monday, October 1, 2018

Registration

7:00am – 5:00pm

Exhibits

8:00am – 5:00pm

Breakfast

8:00am – 9:00am

Welcome

9:00am – 9:15am

Keynote: Building and Deploying Secure Systems in Practice: Lessons, Challenges and Future Directions

9:15am – 10:15am

Professor Dawn Song (University of California, Berkeley)

In this talk, I will share the lessons learned during the process of designing and developing technologies for building secure systems and deploying them in practice. I will first give a few examples of our work that has been deployed in practice. Our work (in collaboration with Google) on Context-sensitive Auto-Sanitization of Web Applications helps eliminate XSS vulnerabilities from web applications and has been used to secure many high-profile applications such as GMail and Google Docs. Our work in mobile security has led to a successful startup (Ensighta Security, later acquired by FireEye, Inc). Its mobile security product and features have been deployed worldwide to protect major enterprises and institutions and have detected numerous real-world mobile malware. Our work on new technology for secure browsing has become the core product of Menlo Security that my team has co-founded, winning numerous awards including Information Week’s 10 Innovative Network Security Startups and Forbes’ Hottest Cybersecurity startup.

Our recent work on new techniques to enable practical, privacy-preserving data analytics and machine learning has been deployed at Uber. This is one of the first real-world deployments for general privacy-preserving data analytics with differential privacy. Our most recent work on scalable and confidentiality-preserving smart contracts has led to a new venture, Oasis Labs, aiming to build the next-generation blockchain to enable fundamentally new applications on blockchain that couldn’t be built before.

From the experiences gained from these examples, I will summarize the lessons learned and discuss the challenges and future directions in building and deploying secure systems.

BREAK

10:15am – 10:40am

Session 1

10:40am – 12:15pm

Coming Soon

Lunch

12:15pm – 1:15pm

Keynote II

1:15pm – 2:15pm

TBA

BREAK

2:15pm – 2:40pm

Session 2

2:40pm – 4:45pm

TBA

Day 1 Wrap-up

4:45pm – 5:00pm

Birds of a Feather Sessions

5:15pm – 6:00pm

Women in Cybersecurity –led by Leslie Weigner Alger

Leslie Weiner Alger Is the founder of Creative Edge Leadership, an executive coaching and leadership development firm with a focus on transforming technical managers and experts into outstanding leaders. As an executive coach Leslie has extensive experience working with leaders in fields such as engineering, information technology, science, and finance; helping them to make their leadership skills as outstanding as their technical skills. Leslie draws upon her extensive leadership experience to infuse her coaching and workshops with real-world examples and strategies. With an academic background in Electrical Engineering from MIT, Leslie has 20 years experience leading large groups of engineers, IT professionals and financial analysts in a fast paced R&D environment at MIT Lincoln Laboratory (MIT LL). She also has over 15 years experience leading diverse teams in an international nonprofit organization.

Moving Target: Where to Next? – led by Hamed Okhravi, MITLL; Marco Carvalho, FIT; Andrew Gearhart, JHU APL; Rosalie McQuaid, MITRE

The static nature of current computing systems has made them easy to attack and hard to defend. Adversaries have an asymmetric advantage in that they have the time to study a system, identify its vulnerabilities, and choose the time and place of attack to gain the maximum benefit. The idea of moving-target defense (MTD) is to impose the same asymmetric disadvantage on attackers by making systems dynamic and therefore harder to explore and predict. MTD techniques refer to those that enhance the resilience of a system through diversification, randomization, and dynamism. There has been a large body of literature in the area of MTD. This Birds of a Feather session focuses on the outlook of the field, the research questions that need to be answered, and the way forward in research and practices of MTD.

Helping Organize SecDev 2019 -led by Lee Lerner

Dinner on your own

 

Tuesday October 2, 2018

Registration

7:00am – 5:00pm

Exhibits

8:00am – 3:00pm

Breakfast

8:00am – 9:00am

IEEE Awards

9:00am – 9:30am

The IEEE Cybersecurity Award for Practice
The IEEE Cybersecurity Award for Innovation
General Chair Report and Awards (Committees)
PC Chair Report and Awards (Best Paper, Best Reviewer)

Keynote: Provably Eliminating Exploitable Bugs

9:30am – 10:30am

Kathleen Fisher (Tufts University, Former Program Manager of DARPA’s HACMS Program)

For decades, formal methods have offered the promise of software that doesn’t have exploitable bugs. Until recently, however, it hasn’t been possible to verify software of sufficient complexity to be useful. Recently, that situation has changed. SeL4 is an open-source operating system microkernel efficient enough to be used in a wide range of practical applications. It has been proven to be fully functionally correct, ensuring the absence of buffer overflows, null pointer exceptions, use-after-free errors, etc., and to enforce integrity and confidentiality properties. The CompCert Verifying C Compiler maps source C programs to provably equivalent assembly language, ensuring the absence of exploitable bugs in the compiler. A number of factors have enabled this revolution in the formal methods community, including increased processor speed, better infrastructure like the Isabelle/HOL and Coq theorem provers, specialized logics for reasoning about low-level code, increasing levels of automation afforded by tactic languages and SAT/SMT solvers, and the decision to move away from trying to verify existing artifacts and instead focus on co-developing the code and the correctness proof.

In this talk I will explore the promise and limitations of current formal methods techniques for producing useful software that provably does not contain exploitable bugs. I will discuss these issues in the context of DARPA’s HACMS program, which had as its goal the creation of high-assurance software for vehicles, including quad-copters, helicopters, and automobiles.

BREAK

10:30am – 10:55am

Session 3

10:55am -12:00pm

TBA

Lunch

12:00pm – 12:55pm

Session 4

12:55pm – 2:00pm

TBA

Practitioners’ Session I

2:00pm – 2:50pm

Coming Soon

Break

2:50pm – 3:15pm

Practitioners’ Session II

3:15pm – 4:45pm

Coming Soon

Wrap up and see you at SecDev 2018!

4:45pm – 5:00pm