IEEESecDev 2019 Sept. 25, 2019 to Sept. 27, 2019, McLean, USA

Event Page


Tell us about missing data
Title Speakers Summary Topic Types
Start Your ENGINEs: Dynamically Loadable Contemporary Crypto Nicola Brumley Software ever-increasingly relies on building blocksimplemented by security libraries, which provide access toevolving standards, protocols, ...
On the Universally Composable Security of OpenStack Ran Canetti , Marten van Dijk , Haibin Zhang , Jason Hennessey , Mayank Varia , Kyle Hogan , Hoda Maleki , Reza Rahaeimehr We initiate an effort to provide a rigorous, holisticand modular security analysis of OpenStack. OpenStack ...
A Qualitative Investigation of Insecure Code Propagation from Online Forums Michelle l. Mazurek , Wei Bai , Omer Akgul Research demonstrates that code snippets listed onprogramming-oriented online forums (e.g., Stack Overflow) –including snippets containing ...
CryptoAPI-Bench: A Comprehensive Benchmark on Java Cryptographic API Misuses Sharmin Afrose , Sazzadur Rahaman , Danfeng (daphne) Yao Several studies showed that misuses of cryptographic APIs are common in real-world code (e.g., Apacheprojects ...
Detecting Callback Related Deep Vulnerabilities in Linux Device Drivers Tuba Yavuz Extensibility is an important design goal for software frameworks that are expected to evolve in ...
Downright: A Framework and Toolchain for Privilege Handling Remo Neuhaus We propose Downright, a novel framework basedon Seccomp, Berkeley Packet Filter, and PTrace, that makesit ...
System-Level Framework for Logic Obfuscation with Quantified Metrics for Evaluation Vivek V. Menon , Gaurav Kolhe , Andrew Schmidt , Joshua Monson , Matthew French , Yinghua Hu , Peter A. Beerel , Pierluigi Nuzzo Logic obfuscation techniques are used to deter intellectual property piracy, reverse engineering, andcounterfeiting threats in ...
Polymorphic Relaxed Noninterference Raimil Tanter Information-flow security typing statically preservesconfidentiality by enforcing noninterference. To address the practical need of selective ...
Exploitation Techniques and Defenses for Data-Oriented Attacks Trent Jaeger , N. Asokan , Danfeng (daphne) Yao , Long Cheng , Hans Liljestrand , Md Salman Ahmed , Thomas Nyman Data-oriented attacks manipulate non-control datato alter a program’s benign behavior without violating its controlflow integrity. ...
Role-Based Ecosystem for the Design, Development, and Deployment of Secure Multi-Party Data Analytics Applications Mayank Varia , Lucy Qin , Andrei Lapets , Frederick Jansen , Kinan Dak Albab , Rawane Issa , Azer Bestavros Software applications that employ secure multi-party computation (MPC) can empower individuals and organizations tobenefit from ...
Effective Static Analysis Enforcement in Complex Cloud Native Dockerized Systems Abhishek Pathak , Kaarthik Sivakumar , Jin Sheng , Anlu Yan , Mazhar Haque This short paper discusses a case study of staticanalysis enforcement for one of the cloud ...
Using Rules Engine in the Automation of System Security Review Abdulrahman A. Alnaim N/A
OpenOSC: Open Source Object Size Checking Library With Built-in Metrics Van Nguyen , Yongkui Han , Pankil Shah , Ling Ma , Richard Livingston OpenOSC provides value to software developmentin detecting destination buffer overruns and source buffer overreads. OpenOSC ...
With Great Abstraction Comes Great Responsibility: Sealing the Microservices Attack Surface Chien-an Chen While the IT industry is embracing the cloud-nativetechnologies, migrating from monolithic architecture to serviceoriented architecture ...
Multi-Cluster Visualization and Live Reporting of Static Analysis Security Testing (SAST) Warnings Abhishek Pathak , Kaarthik Sivakumar , Mazhar Haque , Prasanna Ganesan This short paper discusses a case study of multicluster visualization of Static Analysis Security Testing ...
Development Cycle Estimation Modeling Samuel Denard , Susan Mengel , Atila Ertas , Stephen Ekwaro-osire Predicting project resource utilization is a riskybusiness. This paper presents results from adomain-independent product development ...
Self-Authenticating Traditional Domain Names Paul Traudt We introduce Self-Authenticating Traditional (SAT)domain names. SAT domains are traditional recognizable domains resolvable via the ...
Compositional Testing of Internet Protocols Kenneth Zuck We introduce a methodology of Network-centricCompositional Testing (NCT) to develop formal wire specificationsof Internet protocols ...