IEEE Secure Development Conference

October 18 - 20, 2022
Georgia Tech Hotel and Conference Center
Atlanta, GA

Sponsored by the IEEE Computer Society Technical Committee on Security and Privacy

  Register

2022 accepted

Posted on: August 5th, 2022 by SecDev
Accepted Papers
Accepted Tutorials
  • Tutorial: LLVM for Security Practitioners.
    John Criswell, Ethan Johnson, Colin Pronovost (University of Rochester)
  • Tutorial: Analyzing, Exploiting, and Patching Smart Contracts in Ethereum.
    Jens-Rene Giesen (University of Duisburg-Essen); Sebastien Andreina (NEC Laboratories Europe); Michael Rodler (University of Duisburg-Essen); Ghassan Karame (Ruhr University of Bochum); Lucas Davi (University of Duisburg-Essen)
  • Tutorial: Threat Modeling of Cloud-based IT-solutions.
    Lotfi ben Othmane (University of North Texas); Heinrich Gantenbein (Microsoft Industry Solutions); Hasan Yasar (Carnegie Mellon University); Simone Curzi (Microsoft Industry Solutions); Altaz Valani (Security Compass); Arun Prabhakar (Boston Consulting Group); Robert Cuddy (HCL Technologies)
Accepted Research Papers
  • Uncovering Product Vulnerabilities with Threat Knowledge Graphs.
    Zhenpeng Shi (Boston University); Nikolay Matyunin, Kálmán Graffi (Honda Research Institute Europe GmbH); David Starobinski (Boston University)
  • How Do Developers Follow Security-Relevant Best Practices When Using NPM Packages?
    Md Mahir Asef Kabir (Virginia Tech); Ying Wang (Northeastern University (China)); Daphne Yao, Na Meng (Virginia Tech)
  • Towards cryptographically-authenticated in-memory data structures.
    Setareh Ghorshi (University of Waterloo); Lachlan J. Gunn (Aalto University); Hans Liljestrand (University of Waterloo); N. Asokan (University of Waterloo and Aalto University)
  • How far are German companies in improving security through static program analysis tools?
    Goran Piskachev, Stefan Dziwok, Thorsten Koch, Sven Merschjohan (Fraunhofer IEM); Eric Bodden (Paderborn University & Fraunhofer IEM)
  • What are the Practices for Secret Management in Software Artifacts?
    Setu Kumar Basak, Lorenzo Neil, Bradley Reaves, Laurie Williams (North Carolina State University)
  • Evaluating Text Augmentation for Boosting the Automatic Mapping of Vulnerability Information to Adversary Techniques.
    Emmanouil Gionanidis (DataWise Data Engineering LLC); Petros Karvelis (University of Ioannina); George Georgoulas, Konstantinos Stamos (DataWise Data Engineering LLC); Purvi Garg (Hive Pro Inc.)
  • Design and User Study of a Constraint-based Framework for Business Logic Flaw Discovery.
    Carmen Cheh, Nicholas Tay, Binbin Chen (Singapore University of Technology and Design)
  • Salsa: SGX Attestation for Live Streaming Applications.
    Tobias Cloosters, Sebastian Surminski, Gerrit Sangel, Lucas Davi (University of Duisburg-Essen)
  • Position Paper: Towards a Hybrid Approach to Protect Against Memory Safety Vulnerabilities.
    Kaled Alshmrany, Ahmed Bhayat, Franz Brausse, Lucas Cordeiro, Konstantin Korovin (The University of Manchester); Tom Melham (University of Oxford); Mustafa A. Mustafa, Pierre Olivier, Giles Reger, Fedor Shmarov (The University of Manchester)
  • A Comparative Study of Log4Shell Test Tools.
    Douglas Everson, Ashish Bastola, Rajat Mittal, Siddheshwar Munde, Long Cheng (Clemson University)
Accepted Practitioner Papers
  • From Lemons to Peaches: Improving Security ROI through Security Chaos Engineering.
    Kelly Shortridge (Fastly, Inc.)
  • Industrial Strength Static Detection for Cryptographic API Misuses.
    Ya Xiao (Virginia Tech); Yang Zhao, Nicholas Allen, Nathan Keynes (Oracle Labs, Australia); Danfeng (Daphne) Yao (Virginia Tech); Cristina Cifuentes (Oracle Labs, Australia)
  • Framework to Assess Policy Driven Security Misconfiguration Risks in Cloud Native Application.
    Kanchanjot Kaur Phokela, Kapil Singi, Kuntal Dey, Vikrant Kaulgud (Accenture Labs, India); Adam P. Burden (Accenture, Singapore)
  • Secure development workflows in CI/CD pipelines.
    Pranshu Bajpai, Adam Lewis (Motorola Solutions Inc.)
  • A Hierarchical Database of One Million Websites.
    Jack Harrison, Joe Harrison, Madison G. Boswell, Alan J. Michaels (Virginia Tech National Security Institute)