IEEE Secure Development Conference

October 18 - 20, 2021
Virtual Conference

Sponsored by the IEEE Computer Society Technical Committee on Security and Privacy


2021 accepted

Posted on: September 8th, 2021 by SecDev
Accepted Papers
Tutorial Track A
  • The Correctness-by-Construction Approach to Programming.
    Ina Schaefer, Tobias Runge (TU Braunschweig); Loek Cleophas (Eindhoven University of Technology); Bruce W. Watson (Stellenbosch University)
  • Investigating Advanced Exploits for System Security Assurance.
    Salman Ahmed (Virginia Tech); Long Cheng (Clemson University); Hans Liljestrand (University of Waterloo); N. Asokan (University of Waterloo and Aalto University); Danfeng (Daphne) Yao (Virginia Tech)
  • A Lightweight Web Application for Software Vulnerability Demonstration.
    Onyeka Ezenwoye, Brandon Steed, David Lee (Augusta University); Yi Liu (UMass Darthmouth)
  • Hands-on Tutorial: How Exploitable is Insecure C Code?
    David Svoboda (Software Engineering Institute)
Tutorial Track B
  • LLVM for Security Practitioners.
    John Criswell, Ethan Johnson, Colin Pronovost. (University of Rochester)
  • Using RLBox to sandbox unsafe C code.
    Shravan Narayan, Craig Disselkoen, Deian Stefan (UC San Diego)
  • Making C Programs Safer with Checked C.
    Jie Zhou (University of Rochester); Michael Hicks (Correct Computation, Inc.); Yudi Yang, John Criswell (University of Rochester)
Session I: Security/Threat Analysis
  • Analyzing OpenAPI Specifications for Security Design Issues
    Carmen Cheh, Binbin Chen (Singapore University of Technology and Design)
  • Compressing Network Attack Surfaces for Practical Security Analysis
    Douglas Everson, Long Cheng (Clemson University)
  • Automated Threat Analysis and Management in a Continuous Integration Pipeline
    Laurens Sion, Dimitri Van Landuyt, Koen Yskout, Stef Verreydt, Wouter Joosen (imec-DistriNet, KU Leuven)
Session II: Secure Development
  • Towards Improving Container Security by Preventing Runtime Escapes
    Michael Reeves (Sandia National Labs); Dave (Jing) Tian, Antonio Bianchi, Z. Berkay Celik (Purdue University)
  • Developers are Neither Enemies Nor Users: They are Collaborators
    Partha Das Chowdhury, Joseph Hallett, Nikhil Patnaik, Mohammad Tahaei, Awais Rashid (University of Bristol)
  • Shhh!: 12 Practices for Secret Management in Infrastructure as Code
    Akond Rahman, Farhat Lamia Barsha (Tennessee Tech University); Patrick Morrison (IBM)
Session III: Security-focused Designs
  • Android Remote Unlocking Service using Synthetic Password: A Hardware Security-preserving Approach
    Sungmin Lee, Yoonkyo Jung, Jaehyun Lee, Byoungyoung Lee, Ted “Taekyoung” Kwon (Seoul National University)
  • Enclave-Based Secure Programming with JE
    Aditya Oak (TU Darmstadt); Amir M. Ahmadian, Musard Balliu (KTH Royal Institute of Technology); Guido Salvaneschi (University of St.Gallen)
  • Towards Zero Trust: An Experience Report
    Jason Lowdermilk, Simha Sethumadhavan (Chip Scan, Inc)
Session IV: Formal Verification
  • Layered Formal Verification of a TCP Stack
    Guillaume Cluzel (AdaCore & ENS de Lyon); Kyriakos Georgiou (AdaCore & University of Bristol); Yannick Moy (AdaCore); Clément Zeller (Oryx Embedded)
  • Vivienne: Relational Verification of Cryptographic Implementations in WebAssembly
    Rodothea Myrsini Tsoupidi, Musard Balliu, Benoit Baudry (KTH Royal Institute of Technology)