IEEE Secure Development Conference

October 18 - 20, 2023
Georgia Tech Hotel and Conference Center
Atlanta, GA

Sponsored by the IEEE Computer Society Technical Committee on Security and Privacy

  Registration

2023 schedule

Posted on: September 27th, 2023 by SecDev
Wednesday October 18
Tutorial Day
09:00-10:30 Invited Tutorial

  • Counteracting Web Application Abuse in Malware (Conference Room A, 2nd Floor)
    Mingxuan Yao (Georgia Institute of Technology); Jonathan Fuller (United States Military Academy); Ranjita Pai Sridhar, Saumya Agarwal, Amit K. Sikder, Brendan Saltaformaggio (Georgia Institute of Technology);
10:30-11:00 Coffee Break
11:00-12:30
  • Crypto-Ransomware: Analysis, Defense, and Criminal Negotiation (Conference Room A, 2nd Floor)
    Wenjia Song and Arianna Schuler Scott (Virginia Tech)
12:30-14:00 Lunch
14:00-15:30
  • The End of Binary Protocol Parser Vulnerabilities (Part 1) (Conference Room A, 2nd Floor)
    Alexander Senier (AdaCore)
15:30-16:00 Coffee Break
16:00-17:30
  • The End of Binary Protocol Parser Vulnerabilities (Part 2) (Conference Room A, 2nd Floor)
    Alexander Senier (AdaCore)

 

Thursday October 19

09:00-09:30 Opening (Conference Room A, 2nd Floor)
09:30-10:30 Keynote I (Conference Room A, 2nd Floor)
Session Chair: Na Meng

10:30-11:00 Coffee Break
11:00-12:30 Paper Session: Aiding Secure Development (Conference Room A, 2nd Floor)
Session Chair: Charles Weir

  • Characterizing Static Analysis Alerts for Terraform Manifests: An Experience Report
    Hanyang Hu, Yani Bu, Kristen Wong, Gaurav Sood, Karen Smiley (company A); Akond Rahman (Auburn University)
  • Securing Your Crypto-API Usage Through Tool Support – A Usability Study
    Stefan Krüger; Michael Reif, Anna-Katharina Wickert (Technischen Universität Darmstadt); Sarah Nadi, Karim Ali (University of Alberta); Eric Bodden (University of Paderborn); Mira Mezini (Technischen Universität Darmstadt); Yasemin Acar (University of Paderborn); Sascha Fahl (CISPA Helmholtz-Center for Information Security)
  • Grading on a Curve: How Rust can Facilitate New Contributors while Decreasing Vulnerabilities
    Justin Tracey, Ian Goldberg (University of Waterloo)
  • Challenges with Passwordless FIDO2 in an Enterprise Setting: A Usability Study
    Michal Kepkowski (Macquarie University); Maciej Machulak; Ian Wood (Macquarie University); Dali Kaafar (Macquarie University)
  • Misplaced Trust: The Security Flaw in Modern Code Signing Process
    Pranshu Bajpai (Motorola Solutions); Raghudeep Kannavara (Meta Platforms Inc)
  • 11 things about Securing Microservices
    Yuvaraj Madheswaran (GM Financial)
12:30-14:00 Lunch (Conference Dining Room, 1st Floor)
14:00-15:30 Panel: Enabling real-world impact of security research via industry-academia collaboration (Conference Room A, 2nd Floor)
Session Chair: Raghudeep Kannavara
Panelists: Edward J Schwartz, Robert Denz, Jason Fung, Laurie Williams
15:30-16:00 Coffee Break
16:00-17:00 Paper Session: Defenses (Conference Room A, 2nd Floor)
Session Chair: Long Cheng

  • Friend or Foe Inside? Exploring In-Process Isolation to Maintain Memory Safety for Unsafe Rust
    Merve Gulmez (KU Leuven); Thomas Nyman, Christoph Baumann (Ericsson); Jan Tobias Muehlberg (ULB)
  • Assessing the Impact of Efficiently Protecting Ten Million Stack Objects from Memory Errors Comprehensively
    Kaiming Huang, Jack Sampson, Trent Jaeger (The Pennsylvania State University)
  • Blade: Scalable Source Code Debloating Framework
    Muaz Ali (University of Arizona); Rumaisa Habib (Lahore University of Management Sciences); Ashish Gehani (SRI International); Sazzadur Rahaman (University of Arizona); Zartash Uzmi (Lahore University of Management Sciences)
  • BloatProfiler: Evaluating Container Debloaters
    Muhammad Hassan, Talha Tahir, Muhammad Farrukh, Abdullah Naveed, Anas Naeem (Lahore University of Management Sciences); Fahad Shaon (Data Security Technologies, LLC); Fareed Zaffar (Lahore University of Management Sciences); Ashish Gehani (SRI); Sazzadur Rahaman (University of Arizona)
17:00-19:00 Poster Session & Reception (In front of Conference Room A, 2nd Floor)

 

Friday October 20

08:45-09:45 Keynote II (Conference Room A, 2nd Floor)
Session Chair: Robert Denz

09:45-10:30 IEEE Cybersecurity Award for Practice (Conference Room A, 2nd Floor)
Session Chair: Na Meng
10:30-11:00 Coffee Break
11:00-12:30 Paper Session: Attack and Vulnerability Detection (Conference Room A, 2nd Floor)
Session Chair: Shangqing Zhao

  • Model-Agnostic Federated Learning for Privacy-Preserving Systems
    Hussain Almohri (Kuwait University); Layne T. Watson (Virginia Tech)
  • Fortifying IoT Devices: AI-Driven Intrusion Detection via Memory-Encoded Audio Signals
    Ramyapandian Vijayakanthan (Towson University); Karley M Waguespack (Louisiana State University); Irfan Ahmed (Virginia Commonwealth University); Aisha Ali-Gombe (Louisiana State University)
  • Parser Weakness Enumeration
    Denley Lam, Letitia Li, Anthony Gabrielson (BAE Systems)
  • Curbing the Vulnerable Parser: Graded Modal Guardrails for Secure Input Handling
    Eric Bond, Matthew Heimerdinger (Two Six Technologies)
  • An In-Depth Analysis of Android’s Java Class Library: its Evolution and Security Impact
    Timothée Riom, Alexandre Bartel (Umeå University)
  • A randomization-based, zero-trust cyberattack detection method for hierarchical systems
    Sinnott Murphy, Richard Macwan, Vivek Kumar Singh, Chin-Yao Chang (National Renewable Energy Laboratory)
12:30-14:00 Lunch (Conference Dining Room, 1st Floor)
14:00-15:30 Paper Session: Security Analysis and Design (Conference Room A, 2nd Floor)
Session Chair: Akond Rahman

  • A Lot Less Likely Than I Thought: Introducing Evidence-Based Security Risk Assessment for Healthcare Software
    Charles Weir, Anna Dyson, Daniel Prince (Lancaster University)
  • Triaging Android Systems Using Bayesian Attack Graphs
    Yu-Tsung Lee, Rahul George (Penn State University); Haining Chen (Google); Kevin Chan (Army Research Lab); Tina Eliassi-Rad (Northeastern University); Trent Jaeger (Penn State University)
  • PRICAR: Privacy Framework for Vehicular Data Sharing with Third Parties
    Mert D. Pesé (Clemson University); Jay W. Schauer, Murali Mohan, Cassandra Joseph, Kang G. Shin (University of Michigan); John Moore (Ford Motor Company)
  • Security and Privacy Threat Analysis for Solid
    Omid Mirzamohammadi (imec-COSIC, KU Leuven); Kristof Jannes, Laurens Sion, Dimitri Van Landuyt (imec-DistriNet, KU Leuven); Aysajan Abidin, Dave Singelee (imec-COSIC, KU Leuven)
  • Bridging the Bubbles: Connecting Academia and Industry in Cybersecurity Research
    Rasha Kashef, Monika Freunek (Toronto Metropolitan University); Jeff Schwartzentruber (eSentire Inc.); Reza Samavi, Burcu Bulgurcu (Toronto Metropolitan University); AJ Khan (Vehiqilla Inc.); Marcus Santos (Toronto Metropolitan University)
  • Adaptive Security: Certificate and Key Rotation for Firmware Integrity
    Sunil Joshi, Kenneth Crowther, Jarvis Robinson (Xylem Inc.)
15:30-16:00 Coffee Break
16:00-16:30 SecDev 2023 Business Meeting and Closing Remarks (Conference Room A, 2nd Floor)
16:30-17:00 Organization Committee Private Meeting (for OC members only) (Conference Room C, 2nd Floor)