Accepted Papers
Accepted Research Papers
Note: Online proceedings are now available!
- A Qualitative Investigation of Insecure Code Propagation from Online Forums
Michelle Mazurek, Wei Bai, Omer Akgul (University of Maryland) - Compositional Testing of Network Protocols
Kenneth L. McMillan (Microsoft Research); Lenore D. Zuck (University of Illinois at Chicago) - CryptoAPI-Bench: A Comprehensive Benchmark on Java Cryptographic API Misuses
Sharmin Afrose, Sazzadur Rahaman, Danfeng (Daphne) Yao (Virginia Tech) - Detecting Callback Related Deep Vulnerabilities in Linux Device Drivers
Tuba Yavuz (University of Florida) - Downright: A Framework and Toolchain For Privilege Handling
Remo Schweizer, Stephan Neuhaus (Zurich University of Applied Sciences) - Exploitation Techniques and Defenses for Data-Oriented Attacks
Long Cheng (Clemson University); Hans Liljestrand (Aalto University, Finland); Md Salman Ahmed (Virginia Tech); Thomas Nyman (Aalto University, Finland); Danfeng (Daphne) Yao (Virginia Tech); Trent Jaeger (Pennsylvania State University); N. Asokan (Aalto University, Finland) - On the Universally Composable Security of OpenStack
Hoda Maleki (University of Connecticut); Kyle Hogan (MIT); Reza Rahaeimehr (University of Connecticut); Ran Canetti, Mayank Varia, Jason Hennessey (Boston University); Marten van Dijk (University of Connecticut); Haibin Zhang (UMBC) - Polymorphic Relaxed Noninterference
Raimil Cruz (University of Chile); Éric Tanter (University of Chile & Inria) - Role-Based Ecosystem for the Design, Development, and Deployment of Secure Multi-Party Data Analytics Applications
Andrei Lapets, Kinan Dak Albab, Rawane Issa, Lucy Qin, Mayank Varia, Azer Bestavros, Frederick Jansen (Boston University) - Self-Authenticating Traditional Domain Names
Paul Syverson, Matthew Traudt (U.S. Naval Research Laboratory) - Start your ENGINEs: Dynamically Loadable Contemporary Crypto
Nicola Tuveri, Billy Bob Brumley (Tampere University) - System-Level Framework for Logic Obfuscation with Quantified Metrics for Evaluation
Vivek Venugopalan, Gaurav Kolhe, Andrew Schmidt, Joshua Monson, Matthew French (USC-Information Sciences Institute); Yinghua Hu, Peter A Beerel, Pierluigi Nuzzo (University of Southern California)
Accepted Practitioner Papers
Note: Online proceedings are now available!
- Development Cycle Estimation Modeling
Samuel Denard, Susan Mengel, Atila Ertas, Stephen Ekwaro-Osire (Texas Tech University) - Effective Static Analysis Enforcement in Complex Cloud Native Dockerized Systems
Abhishek Pathak, Kaarthik Sivakumar, Jin Sheng, Anlu Yan, Mazhar Haque (Cisco Systems) - Multi-Cluster Visualization and Live Reporting of Static Analysis Security Testing (SAST) Warnings
Abhishek Pathak, Kaarthik Sivakumar, Mazhar Haque, Prasanna Ganesan (Cisco Systems) - OpenOSC: Open Source Object Size Checking Library With Built-in Metrics
Yongkui Han, Pankil Shah, Richard Livingston (Cisco Systems) - Using Rules Engine in the Automation of System Security Review
Abdulrahman Alnaim (Saudi Aramco) - With Great Abstraction Comes Great Responsibility: Sealing the Microservices Attack Surface
Chien An Chen (Palo Alto Networks)
Accepted Tool Demos
-
Detecting Security Vulnerabilities with SPARK
Benjamin Brosgol, Clair Dross, Yannick Moy (AdaCore) -
Indurative: Authenticated Semantics for Free
John-Paul Smith (Trail of Bits, Inc.) -
OpenOSC and Curioscan: an Object Size Checking Library and the Tool to Collect Its Built-in Metrics
Yongkui Han, Pankil Shah, Richard Livingston (Cisco Systems)
Accepted Posters
-
A Comprehensive Benchmark on Java Cryptographic API Misuses
Sharmin Afrose, Sazzadur Rahaman, Danfeng (Daphne) Yao (Virginia Tech) -
A Virtual FPGA Platform for High Assurance Design
Judea Nifong (Georgia Tech Research Instituted) -
Anomaly-based Intrusion Detection Systems with An Adaptive Threshold Method
Younghun Chae (Kent State University at Stark); Natallia Katenka, Lisa Cingiser DiPippo (University of Rhode Island) -
Automated conversion of legacy code to Checked C
Aravind Machiry (University of California, Santa Barbara); Hasan Touma, Ray Chen, Michael Hicks (University of Maryland, College Park) -
BranchCorr: Detecting Incompatible Branch Behavior by Enforcing Branch Correlation Integrity
Long Cheng, Ebuka Okpala, Song Liao (Clemson University); Danfeng (Daphne) Yao (Virginia Tech) -
Defensive Deception in a Hypergame
Gaurav Dixit, Jin-Hee Cho, Ing-Ray Chen (Virginia Tech); Mu Zhu, Munindar P. Singh (North Carolina State University); Charles Kamhoua (US Army Research Laboratory) -
Development Cycle Estimation Modeling
Samuel Denard, Susan Mengel, Atila Ertas, Stephen Ekwaro-Osire (Texas Tech University) -
Dynamic Keystroke for Authentication with Machine Learning Algorithms
Tawab Attaie, John Caldwell, Trenton Ward, Yusef Yassin (Prairie View A&M University), Kwesi Elliot, Jonathon Graham (Norfolk State University) -
Multi-variate Data Anomaly Detection in Wireless Sensor Networks
Braxton Dula, Prudence Phillips, Hassan Salmani (Howard University) -
Quantifying the Impact of Fine-grained Code Randomization on Attack Surface Reduction
Md Salman Ahmed, Ya Xiao, Danfeng Yao (Virginia Tech); Gang Tan (Penn State University); Kevin Snow (Zero Point Dynamics); Fabian Monrose (UNC at Chapel Hill) -
Runtime Enforcement of LTL Specifications
William Stuckey (Georgia Tech Research Institute); Matt Abate (Georgia Tech); Elizabeth Prucka (Georgia Tech Research Institute); Eric Feron, Sam Coogan (Georgia Tech); Lee Lerner (Georgia Tech Research Institute) -
Toward Building and Validating a Scale for Secure Software Development Self-Efficacy
Desiree Abrokwa, Daniel Votipka, Michelle Mazurek (University of Maryland) -
Trigger-Action Integrity in Cyber-Physical Systems
Douglas Everson, Long Cheng (Clemson University); Danfeng (Daphne) Yao (Virginia Tech)