IEEE Secure Development Conference
& IEEE Digital Privacy Workshop

October 7 - 9, 2024
Carnegie Mellon University Software Engineering Institute
Pittsburgh, PA

Sponsored by the IEEE Computer Society Technical Committee on Security and Privacy

  Registration

2024 schedule

Posted on: September 5th, 2024 by SecDev
Monday, October 7
Tutorial Day
13:00-16:30 Open Source Software (OSS) Transparency (Room: SEI Training Room 1202)
C. Woody, S. Hissam
IEEE Digital Privacy Workshop
08:45-17:00 IEEE Digital Privacy Workshop

 

Tuesday, October 8
09:00-09:30 Opening (Room: Jordan Auditorium)
09:30-10:30 Keynote I (Room: Jordan Auditorium)
Session Chair: Eric Bodden

10:30-11:00 Coffee Break
11:00-12:20 Paper Session: Attack and Vulnerability Detection (Room: Jordan Auditorium)
Session Chair: Johannes Kinder

  • Understanding the Challenges in Detecting Vulnerabilities of Rust Applications
    D. Stephens, K. Aldoshan, M. Khandaker
  • Moving from the Developer Machine to IoT Devices: An Empirical Study
    M. Alam, J. Wei, M. Sajid, Q. Wang, C. Fu
  • Toward Partial Proofs of Vulnerabilities
    J. Brossard
  • Reverse Engineering Branch Prediction Capabilities in Modern Micro-Architectures
    R. Branco, B. Lee
12:20-13:30 Lunch (Location: TBD)
13:30-14:50 Panel: Secure Software Development Practices for Generative AI and Dual-Use Foundation Models (Room: Jordan Auditorium)
Session Chair: Thomas Bailey
Panelists: Christian Kästner, William Mitchell, Nathan VanHoudnos
14:50-15:20 Coffee Break
15:20-17:00 Paper Session: Aiding Secure Development (Room: Jordan Auditorium)
Session Chair: Mohammad Reza Faghani

  • BliMe Linter
    H. ElAtali, X. Duan, H. Liljestrand, M. Xu, N. Asokan
  • Community Security Champions: Studying the Most Influential Users on Security Stack-Exchange (Distinguished Paper Award)
    P. Das Chowdhury, M. Tahaei, M. Edwards, C. Peersman, L. Nautiyal, K. Ramokapane, A. Rashid
  • From automation to CI/CD: a comparative evaluation of threat modeling tools
    D. Van Landuyt, L. Sion, W. Philips, W. Joosen
  • Octal: Efficient Automatic Data-Oblivious Program Transformations to Eliminate Side-Channel Leakage
    B. Tiruye, L. Biernacki, T. Adem, P. Mola, T. Austin
  • A NAND Use Case for Cybersecurity Experiments
    T. Fraser, X. Liu, Q. Shi, X. Zhang, M. Wutka, D. Balasubramanian, H. Chen, Z. Shao
18:00-20:00 Poster Session & Reception
Location: Courtyard Pittsburgh University Center at 100 Lytton Avenue, Pittsburgh

 

Wednesday, October 9
09:00-10:00 Keynote II (Room: Jordan Auditorium)
Session Chair: Leigh Metcalf

10:00-10:30 Award Session (Room: Jordan Auditorium)
Session Chair: Sean Peisert

  • Distinguished Paper Awards
  • Distinguished Reviewer Awards
  • IEEE Cybersecurity Award for Practice
10:30-11:00 Coffee Break
11:00-12:40 Paper Session: Security and AI (Room: Jordan Auditorium)
Session Chair: Venkata Nedunoori

  • Designing Secure AI-based Systems: a Multi-Vocal Literature Review
    S. Schneider, A. Saha, E. Mezzi, K. Tuma, R. Scandariato
  • Evasion Attacks on Object Detection Models using Attack Transferability
    A. Rajkumar, P. Kulkarni, Y. Govindarajulu, M. Parmar
  • iConPAL: LLM-guided Policy Authoring Assistant for Configuring IoT Defenses
    M. Alam, S. Zhang, E. Rodriguez, A. Nafis, E. Hoque
  • Repairing Infrastructure-as-Code using Large Language Models
    E. Low, C. Cheh, B. Chen
  • GENIE: Guarding the npm Ecosystem with Semantic Malware Detection
    M. Gobbi, J. Kinder
12:40-13:50 Lunch (Location: TBD)
13:50-15:30 Paper Session: Security Analysis and Design (Room: Jordan Auditorium)
Session Chair: Kawkab Alkhater

  • DeTRAP: RISC-V Return Address Protection With Debug Triggers
    I. Richter, J. Zhou, J. Criswell
  • Verifiable Multi-Agent Multi-Task Assignment
    T. Lavaur, D. Nedelmann, C. Chauffaut, J. Lacan, C. Chanel
  • User Privacy in the Digital Playground: An In-Depth Investigation of Facebook Instant Games (Distinguished Paper Award)
    S. Bello, B. Bappah, N. Tanet, A. Betzwieser, A. Ali-Gombe
  • Sharing without Showing: Secure Cloud Analytics with Trusted Execution Environments
    M. Birgersson, C. Artho, M. Balliu
  • Lessons learned and challenges of deploying control flow integrity in complex software: the case of OpenJDK’s Java Virtual Machine
    S. Houy, A. Bartel
15:30-16:00 Coffee Break
16:00-16:30 SecDev 2024 Business Meeting and Closing Remarks (Room: Jordan Auditorium)
16:30-17:00 Organization Committee Private Meeting (for OC members only) (Room: TBD)