2022 schedule
Posted on: September 28th, 2022 by SecDev
Tuesday October 18
Tutorial Day
12:30 |
Registration Opens |
13:30-15:00 |
Tutorial Part 1 (Three parallel tracks)
- Tutorial: LLVM for Security Practitioners (Room: Salon 1)
John Criswell, Ethan Johnson, Colin Pronovost (University of Rochester)
- Tutorial: Analyzing, Exploiting, and Patching Smart Contracts in Ethereum (Room: Salon 2)
Jens-Rene Giesen (University of Duisburg-Essen); Sebastien Andreina (NEC Laboratories Europe); Michael Rodler (University of Duisburg-Essen); Ghassan Karame (Ruhr University of Bochum); Lucas Davi (University of Duisburg-Essen)
- Tutorial: Threat Modeling of Cloud-based IT-solutions (Room: Conference D)
Lotfi ben Othmane (University of North Texas); Heinrich Gantenbein (Microsoft Industry Solutions); Hasan Yasar (Carnegie Mellon University); Simone Curzi (Microsoft Industry Solutions); Altaz Valani (Security Compass); Arun Prabhakar (Boston Consulting Group); Robert Cuddy (HCL Technologies)
|
15:00-15:30 |
Break |
15:30-17:00 |
Tutorial Part 2 (Three parallel tracks)
- Tutorial: LLVM for Security Practitioners (Room: Salon 1)
John Criswell, Ethan Johnson, Colin Pronovost (University of Rochester)
- Tutorial: Analyzing, Exploiting, and Patching Smart Contracts in Ethereum (Room: Salon 2)
Jens-Rene Giesen (University of Duisburg-Essen); Sebastien Andreina (NEC Laboratories Europe); Michael Rodler (University of Duisburg-Essen); Ghassan Karame (Ruhr University of Bochum); Lucas Davi (University of Duisburg-Essen)
- Tutorial: Threat Modeling of Cloud-based IT-solutions (Room: Conference D)
Lotfi ben Othmane (University of North Texas); Heinrich Gantenbein (Microsoft Industry Solutions); Hasan Yasar (Carnegie Mellon University); Simone Curzi (Microsoft Industry Solutions); Altaz Valani (Security Compass); Arun Prabhakar (Boston Consulting Group); Robert Cuddy (HCL Technologies)
|
17:00-18:30 |
Welcome Reception (Room: Salon 1-3 Foyer) |
Wednesday October 19
07:30-08:15 |
Breakfast
|
08:30-08:45 |
Opening Remarks (Room: Salon 3)
|
08:45-09:45 |
Keynote I (Room: Salon 3)
|
09:45-10:15 |
Break |
10:15-11:30 |
Research Session I: Security Evaluation (Room: Salon 3)
Session Chair: Brendan Saltaformaggio
- How far are German companies in improving security through static program analysis tools?
Goran Piskachev, Stefan Dziwok, Thorsten Koch, Sven Merschjohan (Fraunhofer IEM); Eric Bodden (Paderborn University & Fraunhofer IEM)
- A Comparative Study of Log4Shell Test Tools.
Douglas Everson, Ashish Bastola, Rajat Mittal, Siddheshwar Munde, Long Cheng (Clemson University)
- Evaluating Text Augmentation for Boosting the Automatic Mapping of Vulnerability Information to Adversary Techniques.
Emmanouil Gionanidis (DataWise Data Engineering LLC); Petros Karvelis (University of Ioannina); George Georgoulas, Konstantinos Stamos (DataWise Data Engineering LLC); Purvi Garg (Hive Pro Inc.)
|
11:30-13:00 |
Lunch (GT Dining Room) |
13:00-14:30 |
Panel: Opportunities and Challenges for Getting Practically Relevant Security Research Funded & Published (Room: Salon 3)
Session Chair: Tuba Yavuz
Panelists: Timothy Fraser, Leigh Metcalf, Roberto Perdisci, Sukarno Mertoguno
|
14:30-14:45 |
Break |
14:45-16:00 |
Research Session II: Hardware Supported Security (Room: Salon 3)
Session Chair: Long Cheng
- Towards cryptographically-authenticated in-memory data structures.
Setareh Ghorshi (University of Waterloo); Lachlan J. Gunn (Aalto University); Hans Liljestrand (University of Waterloo); N. Asokan (University of Waterloo and Aalto University)
- Salsa: SGX Attestation for Live Streaming Applications.
Tobias Cloosters, Sebastian Surminski, Gerrit Sangel, Lucas Davi (University of Duisburg-Essen)
- Position Paper: Towards a Hybrid Approach to Protect Against Memory Safety Vulnerabilities.
Kaled Alshmrany, Ahmed Bhayat, Franz Brausse, Lucas Cordeiro, Konstantin Korovin (The University of Manchester); Tom Melham (University of Oxford); Mustafa A. Mustafa, Pierre Olivier, Giles Reger, Fedor Shmarov (The University of Manchester)
|
16:00-17:30 |
Poster Session (Room: Conference A) |
17:00-19:00 |
SecDev 2022 Reception (Room: Grand Ballroom Foyer) |
Thursday October 20
07:30-08:15 |
Breakfast
|
08:30-09:30 |
Keynote II (Room: Salon 3)
|
09:30-09:45 |
Break |
09:45-11:00 |
Practitioner Session (Room: Salon 3)
Session Chair: Timothy Fraser
- From Lemons to Peaches: Improving Security ROI through Security Chaos Engineering.
Kelly Shortridge (Fastly, Inc.)
- Industrial Strength Static Detection for Cryptographic API Misuses.
Ya Xiao (Virginia Tech); Yang Zhao, Nicholas Allen, Nathan Keynes (Oracle Labs, Australia); Danfeng (Daphne) Yao (Virginia Tech); Cristina Cifuentes (Oracle Labs, Australia)
- Framework to Assess Policy Driven Security Misconfiguration Risks in Cloud Native Application.
Kanchanjot Kaur Phokela, Kapil Singi, Kuntal Dey, Vikrant Kaulgud (Accenture Labs, India); Adam P. Burden (Accenture, Singapore)
- Secure development workflows in CI/CD pipelines.
Pranshu Bajpai, Adam Lewis (Motorola Solutions Inc.)
- A Hierarchical Database of One Million Websites.
Jack Harrison, Joe Harrison, Madison G. Boswell, Alan J. Michaels (Virginia Tech National Security Institute)
|
11:00-11:15 |
Break |
11:15-12:00 |
IEEE Cybersecurity Award for Practice (Room: Salon 3)
|
12:00-13:30 |
Lunch (GT Dining Room) |
13:30-15:10 |
Research Session III: Software Security (Room: Salon 3)
Session Chair: Lachlan Gunn
- What are the Practices for Secret Management in Software Artifacts?
Setu Kumar Basak, Lorenzo Neil, Bradley Reaves, Laurie Williams (North Carolina State University)
- How Do Developers Follow Security-Relevant Best Practices When Using NPM Packages?
Md Mahir Asef Kabir (Virginia Tech); Ying Wang (Northeastern University (China)); Daphne Yao, Na Meng (Virginia Tech)
- Uncovering Product Vulnerabilities with Threat Knowledge Graphs.
Zhenpeng Shi (Boston University); Nikolay Matyunin, Kálmán Graffi (Honda Research Institute Europe GmbH); David Starobinski (Boston University)
- Design and User Study of a Constraint-based Framework for Business Logic Flaw Discovery.
Carmen Cheh, Nicholas Tay, Binbin Chen (Singapore University of Technology and Design)
|
15:10-15:30 |
Break |
15:30-16:30 |
SecDev 2022 Business Meeting and Closing Remarks (Room: Salon 3) |
16:30-17:00 |
Organization Committee Private Meeting (for OC members only) (Room: Conference D) |