2022 accepted
Accepted Papers
Accepted Tutorials
- Tutorial: LLVM for Security Practitioners.
John Criswell, Ethan Johnson, Colin Pronovost (University of Rochester) - Tutorial: Analyzing, Exploiting, and Patching Smart Contracts in Ethereum.
Jens-Rene Giesen (University of Duisburg-Essen); Sebastien Andreina (NEC Laboratories Europe); Michael Rodler (University of Duisburg-Essen); Ghassan Karame (Ruhr University of Bochum); Lucas Davi (University of Duisburg-Essen) - Tutorial: Threat Modeling of Cloud-based IT-solutions.
Lotfi ben Othmane (University of North Texas); Heinrich Gantenbein (Microsoft Industry Solutions); Hasan Yasar (Carnegie Mellon University); Simone Curzi (Microsoft Industry Solutions); Altaz Valani (Security Compass); Arun Prabhakar (Boston Consulting Group); Robert Cuddy (HCL Technologies)
Accepted Research Papers
- Uncovering Product Vulnerabilities with Threat Knowledge Graphs.
Zhenpeng Shi (Boston University); Nikolay Matyunin, Kálmán Graffi (Honda Research Institute Europe GmbH); David Starobinski (Boston University) - How Do Developers Follow Security-Relevant Best Practices When Using NPM Packages?
Md Mahir Asef Kabir (Virginia Tech); Ying Wang (Northeastern University (China)); Daphne Yao, Na Meng (Virginia Tech) - Towards cryptographically-authenticated in-memory data structures.
Setareh Ghorshi (University of Waterloo); Lachlan J. Gunn (Aalto University); Hans Liljestrand (University of Waterloo); N. Asokan (University of Waterloo and Aalto University) - How far are German companies in improving security through static program analysis tools?
Goran Piskachev, Stefan Dziwok, Thorsten Koch, Sven Merschjohan (Fraunhofer IEM); Eric Bodden (Paderborn University & Fraunhofer IEM) - What are the Practices for Secret Management in Software Artifacts?
Setu Kumar Basak, Lorenzo Neil, Bradley Reaves, Laurie Williams (North Carolina State University) - Evaluating Text Augmentation for Boosting the Automatic Mapping of Vulnerability Information to Adversary Techniques.
Emmanouil Gionanidis (DataWise Data Engineering LLC); Petros Karvelis (University of Ioannina); George Georgoulas, Konstantinos Stamos (DataWise Data Engineering LLC); Purvi Garg (Hive Pro Inc.) - Design and User Study of a Constraint-based Framework for Business Logic Flaw Discovery.
Carmen Cheh, Nicholas Tay, Binbin Chen (Singapore University of Technology and Design) - Salsa: SGX Attestation for Live Streaming Applications.
Tobias Cloosters, Sebastian Surminski, Gerrit Sangel, Lucas Davi (University of Duisburg-Essen) - Position Paper: Towards a Hybrid Approach to Protect Against Memory Safety Vulnerabilities.
Kaled Alshmrany, Ahmed Bhayat, Franz Brausse, Lucas Cordeiro, Konstantin Korovin (The University of Manchester); Tom Melham (University of Oxford); Mustafa A. Mustafa, Pierre Olivier, Giles Reger, Fedor Shmarov (The University of Manchester) - A Comparative Study of Log4Shell Test Tools.
Douglas Everson, Ashish Bastola, Rajat Mittal, Siddheshwar Munde, Long Cheng (Clemson University)
Accepted Practitioner Papers
- From Lemons to Peaches: Improving Security ROI through Security Chaos Engineering.
Kelly Shortridge (Fastly, Inc.) - Industrial Strength Static Detection for Cryptographic API Misuses.
Ya Xiao (Virginia Tech); Yang Zhao, Nicholas Allen, Nathan Keynes (Oracle Labs, Australia); Danfeng (Daphne) Yao (Virginia Tech); Cristina Cifuentes (Oracle Labs, Australia) - Framework to Assess Policy Driven Security Misconfiguration Risks in Cloud Native Application.
Kanchanjot Kaur Phokela, Kapil Singi, Kuntal Dey, Vikrant Kaulgud (Accenture Labs, India); Adam P. Burden (Accenture, Singapore) - Secure development workflows in CI/CD pipelines.
Pranshu Bajpai, Adam Lewis (Motorola Solutions Inc.) - A Hierarchical Database of One Million Websites.
Jack Harrison, Joe Harrison, Madison G. Boswell, Alan J. Michaels (Virginia Tech National Security Institute)