IEEESecDev 2019 Sept. 25, 2019 to Sept. 27, 2019, McLean, USA
Tell us about missing data
Tell us about missing data
Title | Speakers | Summary | Topic Types |
---|---|---|---|
Start Your ENGINEs: Dynamically Loadable Contemporary Crypto | Nicola Brumley | Software ever-increasingly relies on building blocksimplemented by security libraries, which provide access toevolving standards, protocols, ... | |
On the Universally Composable Security of OpenStack | Ran Canetti , Marten van Dijk , Haibin Zhang , Jason Hennessey , Mayank Varia , Kyle Hogan , Hoda Maleki , Reza Rahaeimehr | We initiate an effort to provide a rigorous, holisticand modular security analysis of OpenStack. OpenStack ... | |
A Qualitative Investigation of Insecure Code Propagation from Online Forums | Michelle l. Mazurek , Wei Bai , Omer Akgul | Research demonstrates that code snippets listed onprogramming-oriented online forums (e.g., Stack Overflow) –including snippets containing ... | |
CryptoAPI-Bench: A Comprehensive Benchmark on Java Cryptographic API Misuses | Sharmin Afrose , Sazzadur Rahaman , Danfeng (daphne) Yao | Several studies showed that misuses of cryptographic APIs are common in real-world code (e.g., Apacheprojects ... | |
Detecting Callback Related Deep Vulnerabilities in Linux Device Drivers | Tuba Yavuz | Extensibility is an important design goal for software frameworks that are expected to evolve in ... | |
Downright: A Framework and Toolchain for Privilege Handling | Remo Neuhaus | We propose Downright, a novel framework basedon Seccomp, Berkeley Packet Filter, and PTrace, that makesit ... | |
System-Level Framework for Logic Obfuscation with Quantified Metrics for Evaluation | Vivek V. Menon , Gaurav Kolhe , Andrew Schmidt , Joshua Monson , Matthew French , Yinghua Hu , Peter A. Beerel , Pierluigi Nuzzo | Logic obfuscation techniques are used to deter intellectual property piracy, reverse engineering, andcounterfeiting threats in ... | |
Polymorphic Relaxed Noninterference | Raimil Tanter | Information-flow security typing statically preservesconfidentiality by enforcing noninterference. To address the practical need of selective ... | |
Exploitation Techniques and Defenses for Data-Oriented Attacks | Trent Jaeger , N. Asokan , Danfeng (daphne) Yao , Long Cheng , Hans Liljestrand , Md Salman Ahmed , Thomas Nyman | Data-oriented attacks manipulate non-control datato alter a program’s benign behavior without violating its controlflow integrity. ... | |
Role-Based Ecosystem for the Design, Development, and Deployment of Secure Multi-Party Data Analytics Applications | Mayank Varia , Lucy Qin , Andrei Lapets , Frederick Jansen , Kinan Dak Albab , Rawane Issa , Azer Bestavros | Software applications that employ secure multi-party computation (MPC) can empower individuals and organizations tobenefit from ... | |
Effective Static Analysis Enforcement in Complex Cloud Native Dockerized Systems | Abhishek Pathak , Kaarthik Sivakumar , Jin Sheng , Anlu Yan , Mazhar Haque | This short paper discusses a case study of staticanalysis enforcement for one of the cloud ... | |
Using Rules Engine in the Automation of System Security Review | Abdulrahman A. Alnaim | N/A | |
OpenOSC: Open Source Object Size Checking Library With Built-in Metrics | Van Nguyen , Yongkui Han , Pankil Shah , Ling Ma , Richard Livingston | OpenOSC provides value to software developmentin detecting destination buffer overruns and source buffer overreads. OpenOSC ... | |
With Great Abstraction Comes Great Responsibility: Sealing the Microservices Attack Surface | Chien-an Chen | While the IT industry is embracing the cloud-nativetechnologies, migrating from monolithic architecture to serviceoriented architecture ... | |
Multi-Cluster Visualization and Live Reporting of Static Analysis Security Testing (SAST) Warnings | Abhishek Pathak , Kaarthik Sivakumar , Mazhar Haque , Prasanna Ganesan | This short paper discusses a case study of multicluster visualization of Static Analysis Security Testing ... | |
Development Cycle Estimation Modeling | Samuel Denard , Susan Mengel , Atila Ertas , Stephen Ekwaro-osire | Predicting project resource utilization is a riskybusiness. This paper presents results from adomain-independent product development ... | |
Self-Authenticating Traditional Domain Names | Paul Traudt | We introduce Self-Authenticating Traditional (SAT)domain names. SAT domains are traditional recognizable domains resolvable via the ... | |
Compositional Testing of Internet Protocols | Kenneth Zuck | We introduce a methodology of Network-centricCompositional Testing (NCT) to develop formal wire specificationsof Internet protocols ... |