Program
Tuesday July 4
| 09:00 - 17:00 | ESSOS 2017 |
Wednesday July 5
| 09:00 - 15:00 | ESSOS 2017 |
| 15:00 - 15:30 | DIMVA Registration |
| 15:30 - 17:00 | Joint DIMVA/ESSOS 2017 Panel |
| Exploit Mitigations - Completeness and Effectiveness versus Performance Chair: Mathias Payer (Purdue University) Panelists: Thomas Dullien (Google), Cristiano Giuffrida (VU Amsterdam), Michalis Polychronakis (Stony Brook University) |
|
| 17:00 - 22:00 | Joint DIMVA/ESSOS 2017 Poster Session and Reception |
Thursday July 6
| 08:00 - 09:00 | Registration |
| 09:00 - 09:15 | DIMVA Welcome |
| 09:15 - 10:30 | Keynote: Thomas Dullien (Google Inc.) |
|
What happens when somebody writes an exploit? In spite of being central to everything that is going on in IT security, the concept of "exploit" is surprisingly poorly formalized and understood only on an intuitive level by security practitioners. This lack of clear definition has all sorts of negative side-effects: From ineffictive teaching to muddled thinking about mitigations. In this talk, I will make an attempt to more clearly define what it is that attackers do when they write an exploit - and then talk about what this means for mitigations and secure coding. |
|
| 10:30 - 11:00 | Coffee break |
| 11:00 - 12:30 | Session 1: Enclaves, Isolation, Dominance (Chair: Juan Caballero) |
| Malware Guard Extension: Using SGX to Conceal Cache Attacks Michael Schwarz, Samuel Weiser, Daniel Gruss, Clémentine Maurice, Stefan Mangard (Graz University of Technology) |
|
| On the Trade-Offs in Oblivious Execution Techniques Shruti Tople, Prateek Saxena (National University of Singapore) |
|
| MemPatrol: Reliable Sideline Integrity Monitoring for High-performance Systems Myoung Jin Nam (Secure Software Development Research Centre, Korea University, Seoul, S. Korea); Wonhong Nam (Dept. of Internet & Multimedia Eng., KonKuk University, Seoul, S. Korea); Jin-Young Choi (Secure Software Development Research Centre, Korea University, Seoul, S. Korea); Periklis Akritidis (Niometrics, Singapore) |
|
| 12:30 - 14:00 | Lunch break |
| 14:00 - 15:30 | Session 2: Under the Microscope (Chair: Federico Maggi) |
| Measuring and Defeating Anti-Instrumentation-Equipped Malware Mario Polino, Andrea Continella, Sebastiano Mariani, Stefano D'Alessio, Lorenzo Fontana, Fabio Gritti, Stefano Zanero (Politecnico di Milano) |
|
| DynODet: Detecting Dynamic Obfuscation in Malware Danny Kim (University of Maryland); Julien Roy (SecondWrite LLC); Amir Majlesi-Kupaei (University of Maryland); Kapil Anand, Khaled ElWazeer (SecondWrite LLC); Daniel Buetner (Laboratory of Telecommunication Sciences); Rajeev Barua (University of Maryland) |
|
| Finding the Needle: A Study of the PE32 Rich Header and Respective Malware Triage George D. Webster, Bojan Kolosnjaji, Christian von Pentz, Julian Kirsch (Technical University of Munich); Zachary D. Hanif (unaffiliated); Apostolis Zarras, Claudia Eckert (Technical University of Munich) |
|
| 15:30 - 16:00 | Coffee break |
| 16:00 - 17:30 | Session 3: Lights, Motors, Action! (Chair: Michael Meier) |
| Last Line of Defense: A Novel IDS Approach Against Advanced Threats in Industrial Control Systems Mark Luchs, Christian Doerr (Delft University of Technology) |
|
| LED-it-GO: Leaking (a lot of) Data from Air-Gapped Computers via the (small) Hard Drive LED Mordechai Guri, Boriz Zadov, Yuval Elovici (Ben-Gurion University of the Negev) |
|
| A Stealth, Selective, Link-layer Denial-of-Service Attack Against Automotive Networks Andrea Palanca (Politecnico di Milano (Italy)); Eric Evenchick (Linklayer Labs); Federico Maggi (Trend Micro, Inc.); Stefano Zanero (Politecnico di Milano (Italy)) |
|
| 18:00 | Bus Transfer to Conference Dinner |
| 19:00 - 23:00 | Conference Dinner at Rolandseck Castle (aka Rolandsbogen) |
Friday July 7
| 09:00 - 09:15 | PoliCTF Kickstart |
| 09:15 - 10:30 | Keynote by Christopher Kruegel (University of California, Santa Barbara) |
|
Finding Vulnerabilities in Embedded Software Embedded devices have become ubiquitous, and they are used in a range of privacy-sensitive and security-critical applications. Most of these devices run proprietary software (firmware), and little documentation is available about the software's inner workings. Firmware, like any piece of software, is susceptible to a wide range of errors. These include memory corruption bugs, command injection vulnerabilities, and application logic flaws. Embedded device vendors typically do not provide source code for their proprietary firmware. Hence, all analysis has to be performed directly on binary code. This is challenging because binary code lacks the high-level, semantically rich information about data structures and control constructs that are present in a program's source code. To address the analysis challenges, we have developed angr. angr is an open-source binary analysis platform that implements many static analysis techniques and supports symbolic execution of binaries. In this talk, we will discuss some of the inner workings and design choices in angr. A common limitation of many contemporary techniques to detect vulnerabilities in binary code is that they only find shallow bugs and struggle to exercise deeper code paths. To drive the analysis deeper into a program, we introduce novel techniques to improve the scalability of our system. These techniques frequently rely on interesting compositions of different analysis approaches, in a way that leverages the advantages of each individual approach while compensating for their respective limitations. We will also cover a novel detection model that allows us to identify authentication bypass vulnerabilities (or, less formally, backdoors), an important class of logic flaws. To automatically find backdoors, we introduce the concept of input determinism, which captures an attacker's ability to determine the input necessary to execute privileged operations of the device. Finally, we will shed some light on angr as an integral component in the automated vulnerability finding, exploitation, and patching engine that participates in DARPA's Cyber Grand Challenge (CGC), the first competition where autonomous programs participate in a capture-the-flag competition. |
|
| 10:30 - 11:00 | Coffee break |
| 11:00 - 12:30 | Session 4: Fighting the Fight (Chair: Konrad Rieck) |
| Quincy: Detecting Host-Based Code Injection Attacks in Memory Dumps Thomas Barabosch, Niklas Bergmann, Adrian Dombeck, Elmar Padilla (Fraunhofer FKIE) |
|
| SPEAKER: Split-Phase Execution of Application Containers Lingguang Lei (Institute of Information Engineering, Chinese Academy of Sciences; George Mason University); Jianhua Sun (College of William and Mary); Kun Sun (George Mason University); Chris Shenefiel (Cisco Systems, Inc.); Rui Ma, Yuewu Wang (Institute of Information Engineering, Chinese Academy of Sciences); Qi Li (Tsinghua University) |
|
| Deep Ground Truth Analysis of Current Android Malware Fengguo Wei, Yuping Li (University of South Florida); Sankardas Roy (Bowling Green State University); Xinming Ou (University of South Florida); Wu Zhou (Didi Labs) |
|
| 12:30 - 14:00 | Lunch break |
| 14:00 - 15:30 | Session 5: Dive into Code (Chair: Elias Athanasopoulos) |
| HumIDIFy: A Tool for Hidden Functionality Detection in Firmware Sam Thomas, Flavio D. Garcia, Tom Chothia (University of Birmingham) |
|
| BinShape: Scalable and Robust Binary Library Function Identification Using Diverse Features Paria Shirani, Lingyu Wang, Mourad Debbabi (Concordia University) |
|
| SCVD: A New Semantics-Based Approach for Cloned Vulnerable Code Detection Deqing Zou, Hanchao Qi (Huazhong University of Science and Technology); Zhen Li (Huazhong University of Science and Technology; Hebei University); Song Wu, Hai Jin, Sujuan Wang, Yuyi Zhong (Huazhong University of Science and Technology) |
|
| 15:30 - 16:00 | Coffee break |
| 16:00 - 17:30 | Session 6: Web of Threats (Chair: Sven Dietrich) |
| On the privacy impacts of leaked password databases Olivier Heen, Christoph Neumann (Technicolor) |
|
| Unsupervised Detection of APT C&C Channels using Web Request Graphs Pavlos Lamprakis, Ruggiero Dargenio, David Gugelmann (ETH Zurich); Vincent Lenders (Armasuisse); Markus Happe, Laurent Vanbever (ETH Zurich) |
|
| Measuring Network Reputation In The Ad-Bidding Process Yizheng Chen, Yacin Nadji, Rosa Romero-Gomez, Manos Antonakakis, David Dagon (Georgia Institute of Technology) |
|
