Tutorial Track A
- The Correctness-by-Construction Approach to Programming.
Ina Schaefer, Tobias Runge (TU Braunschweig); Loek Cleophas (Eindhoven University of Technology); Bruce W. Watson (Stellenbosch University)
- Investigating Advanced Exploits for System Security Assurance.
Salman Ahmed (Virginia Tech); Long Cheng (Clemson University); Hans Liljestrand (University of Waterloo); N. Asokan (University of Waterloo and Aalto University); Danfeng (Daphne) Yao (Virginia Tech)
- A Lightweight Web Application for Software Vulnerability Demonstration.
Onyeka Ezenwoye, Brandon Steed, David Lee (Augusta University); Yi Liu (UMass Darthmouth)
- Hands-on Tutorial: How Exploitable is Insecure C Code?
David Svoboda (Software Engineering Institute)
Tutorial Track B
- LLVM for Security Practitioners.
John Criswell, Ethan Johnson, Colin Pronovost. (University of Rochester)
- Using RLBox to sandbox unsafe C code.
Shravan Narayan, Craig Disselkoen, Deian Stefan (UC San Diego)
- Making C Programs Safer with Checked C.
Jie Zhou (University of Rochester); Michael Hicks (Correct Computation, Inc.); Yudi Yang, John Criswell (University of Rochester)
Session I: Security/Threat Analysis
- Analyzing OpenAPI Specifications for Security Design Issues
Carmen Cheh, Binbin Chen (Singapore University of Technology and Design)
- Compressing Network Attack Surfaces for Practical Security Analysis
Douglas Everson, Long Cheng (Clemson University)
- Automated Threat Analysis and Management in a Continuous Integration Pipeline
Laurens Sion, Dimitri Van Landuyt, Koen Yskout, Stef Verreydt, Wouter Joosen (imec-DistriNet, KU Leuven)
Session II: Secure Development
- Towards Improving Container Security by Preventing Runtime Escapes
Michael Reeves (Sandia National Labs); Dave (Jing) Tian, Antonio Bianchi, Z. Berkay Celik (Purdue University)
- Developers are Neither Enemies Nor Users: They are Collaborators
Partha Das Chowdhury, Joseph Hallett, Nikhil Patnaik, Mohammad Tahaei, Awais Rashid (University of Bristol)
- Shhh!: 12 Practices for Secret Management in Infrastructure as Code
Akond Rahman, Farhat Lamia Barsha (Tennessee Tech University); Patrick Morrison (IBM)
Session III: Security-focused Designs
- Android Remote Unlocking Service using Synthetic Password: A Hardware Security-preserving Approach
Sungmin Lee, Yoonkyo Jung, Jaehyun Lee, Byoungyoung Lee, Ted “Taekyoung” Kwon (Seoul National University)
- Enclave-Based Secure Programming with JE
Aditya Oak (TU Darmstadt); Amir M. Ahmadian, Musard Balliu (KTH Royal Institute of Technology); Guido Salvaneschi (University of St.Gallen)
- Towards Zero Trust: An Experience Report
Jason Lowdermilk, Simha Sethumadhavan (Chip Scan, Inc)
Session IV: Formal Verification
- Layered Formal Verification of a TCP Stack
Guillaume Cluzel (AdaCore & ENS de Lyon); Kyriakos Georgiou (AdaCore & University of Bristol); Yannick Moy (AdaCore); Clément Zeller (Oryx Embedded)
- Vivienne: Relational Verification of Cryptographic Implementations in WebAssembly
Rodothea Myrsini Tsoupidi, Musard Balliu, Benoit Baudry (KTH Royal Institute of Technology)