IEEE Secure Development Conference

September 25 - 27, 2019
Hilton McLean Tysons Corner
McLean, VA

Sponsored by the IEEE Computer Society Technical Committee on Security and Privacy


Accepted Papers

Posted on: June 18th, 2019 by Yousef Iskander
Accepted Research Papers

Note: Online proceedings are now available!

  • A Qualitative Investigation of Insecure Code Propagation from Online Forums
    Michelle Mazurek, Wei Bai, Omer Akgul (University of Maryland)
  • Compositional Testing of Network Protocols
    Kenneth L. McMillan (Microsoft Research); Lenore D. Zuck (University of Illinois at Chicago)
  • CryptoAPI-Bench: A Comprehensive Benchmark on Java Cryptographic API Misuses
    Sharmin Afrose, Sazzadur Rahaman, Danfeng (Daphne) Yao (Virginia Tech)
  • Detecting Callback Related Deep Vulnerabilities in Linux Device Drivers
    Tuba Yavuz (University of Florida)
  • Downright: A Framework and Toolchain For Privilege Handling
    Remo Schweizer, Stephan Neuhaus (Zurich University of Applied Sciences)
  • Exploitation Techniques and Defenses for Data-Oriented Attacks
    Long Cheng (Clemson University); Hans Liljestrand (Aalto University, Finland); Md Salman Ahmed (Virginia Tech); Thomas Nyman (Aalto University, Finland); Danfeng (Daphne) Yao (Virginia Tech); Trent Jaeger (Pennsylvania State University); N. Asokan (Aalto University, Finland)
  • On the Universally Composable Security of OpenStack
    Hoda Maleki (University of Connecticut); Kyle Hogan (MIT); Reza Rahaeimehr (University of Connecticut); Ran Canetti, Mayank Varia, Jason Hennessey (Boston University); Marten van Dijk (University of Connecticut); Haibin Zhang (UMBC)
  • Polymorphic Relaxed Noninterference
    Raimil Cruz (University of Chile); √Čric Tanter (University of Chile & Inria)
  • Role-Based Ecosystem for the Design, Development, and Deployment of Secure Multi-Party Data Analytics Applications
    Andrei Lapets, Kinan Dak Albab, Rawane Issa, Lucy Qin, Mayank Varia, Azer Bestavros, Frederick Jansen (Boston University)
  • Self-Authenticating Traditional Domain Names
    Paul Syverson, Matthew Traudt (U.S. Naval Research Laboratory)
  • Start your ENGINEs: Dynamically Loadable Contemporary Crypto
    Nicola Tuveri, Billy Bob Brumley (Tampere University)
  • System-Level Framework for Logic Obfuscation with Quantified Metrics for Evaluation
    Vivek Venugopalan, Gaurav Kolhe, Andrew Schmidt, Joshua Monson, Matthew French (USC-Information Sciences Institute); Yinghua Hu, Peter A Beerel, Pierluigi Nuzzo (University of Southern California)
Accepted Practitioner Papers

Note: Online proceedings are now available!

  • Development Cycle Estimation Modeling
    Samuel Denard, Susan Mengel, Atila Ertas, Stephen Ekwaro-Osire (Texas Tech University)
  • Effective Static Analysis Enforcement in Complex Cloud Native Dockerized Systems
    Abhishek Pathak, Kaarthik Sivakumar, Jin Sheng, Anlu Yan, Mazhar Haque (Cisco Systems)
  • Multi-Cluster Visualization and Live Reporting of Static Analysis Security Testing (SAST) Warnings
    Abhishek Pathak, Kaarthik Sivakumar, Mazhar Haque, Prasanna Ganesan (Cisco Systems)
  • OpenOSC: Open Source Object Size Checking Library With Built-in Metrics
    Yongkui Han, Pankil Shah, Richard Livingston (Cisco Systems)
  • Using Rules Engine in the Automation of System Security Review
    Abdulrahman Alnaim (Saudi Aramco)
  • With Great Abstraction Comes Great Responsibility: Sealing the Microservices Attack Surface
    Chien An Chen (Palo Alto Networks)
Accepted Tool Demos
  • Detecting Security Vulnerabilities with SPARK
    Benjamin Brosgol, Clair Dross, Yannick Moy (AdaCore)
  • Indurative: Authenticated Semantics for Free
    John-Paul Smith (Trail of Bits, Inc.)
  • OpenOSC and Curioscan: an Object Size Checking Library and the Tool to Collect Its Built-in Metrics
    Yongkui Han, Pankil Shah, Richard Livingston (Cisco Systems)
Accepted Posters