2021 accepted
Accepted Papers
Tutorial Track A
- The Correctness-by-Construction Approach to Programming.
Ina Schaefer, Tobias Runge (TU Braunschweig); Loek Cleophas (Eindhoven University of Technology); Bruce W. Watson (Stellenbosch University) - Investigating Advanced Exploits for System Security Assurance.
Salman Ahmed (Virginia Tech); Long Cheng (Clemson University); Hans Liljestrand (University of Waterloo); N. Asokan (University of Waterloo and Aalto University); Danfeng (Daphne) Yao (Virginia Tech) - A Lightweight Web Application for Software Vulnerability Demonstration.
Onyeka Ezenwoye, Brandon Steed, David Lee (Augusta University); Yi Liu (UMass Darthmouth) - Hands-on Tutorial: How Exploitable is Insecure C Code?
David Svoboda (Software Engineering Institute)
Tutorial Track B
- LLVM for Security Practitioners.
John Criswell, Ethan Johnson, Colin Pronovost. (University of Rochester) - Using RLBox to sandbox unsafe C code.
Shravan Narayan, Craig Disselkoen, Deian Stefan (UC San Diego) - Making C Programs Safer with Checked C.
Jie Zhou (University of Rochester); Michael Hicks (Correct Computation, Inc.); Yudi Yang, John Criswell (University of Rochester)
Session I: Security/Threat Analysis
- Analyzing OpenAPI Specifications for Security Design Issues
Carmen Cheh, Binbin Chen (Singapore University of Technology and Design) - Compressing Network Attack Surfaces for Practical Security Analysis
Douglas Everson, Long Cheng (Clemson University) - Automated Threat Analysis and Management in a Continuous Integration Pipeline
Laurens Sion, Dimitri Van Landuyt, Koen Yskout, Stef Verreydt, Wouter Joosen (imec-DistriNet, KU Leuven)
Session II: Secure Development
- Towards Improving Container Security by Preventing Runtime Escapes
Michael Reeves (Sandia National Labs); Dave (Jing) Tian, Antonio Bianchi, Z. Berkay Celik (Purdue University) - Developers are Neither Enemies Nor Users: They are Collaborators
Partha Das Chowdhury, Joseph Hallett, Nikhil Patnaik, Mohammad Tahaei, Awais Rashid (University of Bristol) - Shhh!: 12 Practices for Secret Management in Infrastructure as Code
Akond Rahman, Farhat Lamia Barsha (Tennessee Tech University); Patrick Morrison (IBM)
Session III: Security-focused Designs
- Android Remote Unlocking Service using Synthetic Password: A Hardware Security-preserving Approach
Sungmin Lee, Yoonkyo Jung, Jaehyun Lee, Byoungyoung Lee, Ted “Taekyoung” Kwon (Seoul National University) - Enclave-Based Secure Programming with JE
Aditya Oak (TU Darmstadt); Amir M. Ahmadian, Musard Balliu (KTH Royal Institute of Technology); Guido Salvaneschi (University of St.Gallen) - Towards Zero Trust: An Experience Report
Jason Lowdermilk, Simha Sethumadhavan (Chip Scan, Inc)
Session IV: Formal Verification
- Layered Formal Verification of a TCP Stack
Guillaume Cluzel (AdaCore & ENS de Lyon); Kyriakos Georgiou (AdaCore & University of Bristol); Yannick Moy (AdaCore); Clément Zeller (Oryx Embedded) - Vivienne: Relational Verification of Cryptographic Implementations in WebAssembly
Rodothea Myrsini Tsoupidi, Musard Balliu, Benoit Baudry (KTH Royal Institute of Technology)