TECHNICAL SESSIONS

Technical Sessions: Wednesday, August 2 | Thursday, August 3 | Friday, August 4

Wednesday, August 2
9:00 a.m.–10:30 a.m. Wednesday
Opening Remarks, Awards, and Keynote
British

MP3 IconListen to the opening remarks in MP3 format

Keynote Address
The Current State of the War on Terrorism and What It Means for Homeland Security and Technology
Richard A. Clarke, Chairman, Good Harbor Consulting LLC

MP3 IconListen in MP3 format: Keynote | Q & A

Richard A. Clarke is an internationally recognized expert on security, including homeland security, national security, cyber security, and counterterrorism. He is currently Chairman of Good Harbor Consulting and an on-air consultant for ABC News. Clarke served the last three Presidents as a senior White House Advisor. Over the course of an unprecedented 11 consecutive years of White House service, he held the titles of Special Assistant to the President for Global Affairs, National Coordinator for Security and Counterterrorism, and Special Advisor to the President for Cyber Security. His published works include the New York Times #1 bestseller Against All Enemies and Scorpion's Gate, a novel.

10:30 a.m.–11:00 a.m.   Break
11:00 a.m.–12:30 p.m. Wednesday
REFEREED PAPERS
British

Authentication
Session Chair: Tara Whalen, Dalhousie University

A Usability Study and Critique of Two Password Managers
Sonia Chiasson, P.C. van Oorschot, and Robert Biddle, Carleton University

On the Release of CRLs in Public Key Infrastructure
Chengyu Ma, Beijing University; Nan Hu and Yingjiu Li, Singapore Management University

Biometric Authentication Revisited: Understanding the Impact of Wolves in Sheep's Clothing
Lucas Ballard and Fabian Monrose, Johns Hopkins University; Daniel Lopresti, Lehigh University

INVITED TALKS
Vancouver Island

Selling Security to Software Developers: Lessons Learned While Building a Commercial Static Analysis Tool
Brian Chess, Fortify Software

MP3 IconListen in MP3 format

Over the past ten years, static analysis has undergone a rebirth in both the academic and the commercial world. At the same time, security has become a critical topic for software makers. At the confluence of these trends is a new crop of static analysis tools that identify software security bugs in source code.

This talk covers what I have learned during the process of creating and selling a commercial static analysis product. Some of the lessons about static analysis are intuitive (better analysis results lead to better sales), while some are not (when a customer says "false positive" what they mean is "result I do not like"). In addition to relating my experience with static analysis, I will take a look at the differences between software security as addressed in the academic community and as practiced by software developers in the "real world."

Brian Chess is Chief Scientist at Fortify Software. His work focuses on practical methods for creating secure systems. Brian draws on his previous research in integrated circuit test and verification to find new ways to uncover security issues before they become security disasters.

Brian received his Ph.D. in computer engineering from the University of California at Santa Cruz, where he studied the application of static analysis to the problem of finding security-relevant defects in source code. Prior to joining Fortify, Brian spent a decade in Silicon Valley working at both big and small companies and thinking about both software and hardware problems. Small companies and software problems came out on top.

12:30 p.m.–2:00 p.m.   Lunch (on your own)
2:00 p.m.-3:30 p.m. Wednesday
INVITED TALKS
Vancouver Island

Security Vulnerabilities, Exploits, and Attack Patterns: 15 Years of Art, Pseudo-Science, Fun, and Profit
Ivan Arce, Core Security Technologies

MP3 IconListen in MP3 format: Part 1 | Part 2 | Q & A

View the presentation slides

The emergence and widespread adoption of home computers in the '80s helped raise a generation of young technologists that thrived on the search for security bugs, development of exploit code, and devising convoluted attack patterns. Self-perceived as a group of modern libertarians, techno-artists, half-baked scientists, information age vandals, and savvy businessmen, this generation has often led the development of technologies and techniques that give shape to the modern information security industry. Viruses, software cracks, shellcodes, exploits, mass-rooters, worms, rootkits, and their corresponding defensive counterparts are artifacts of an attacking mindset in search of punishment (x)or legitimacy.

This talk will plunge into the depths of landmark attack technologies developed during the past 15 years and analyze them in the context of current and future information security trends.

Bring extra batteries for the rant-o-meter.

Ivan Arce is co-founder and CTO of Core Security Technologies where he sets the technical direction for the company and is responsible for overseeing the research, development, quality assurance, and deployment of all Core products. At Core, Ivan performed and led teams that perform network penetration testing, source code and binary software security analysis, vulnerability research, and development of offensive and defensive security software.

Prior to founding Core, he served as VP of Research and Development at a computer telephony integration company in Argentina where he was responsible for the development, testing, and deployment of mission-critical computer telephony applications. Previously, Arce spent 8 years as an information security consultant and software developer for banks, government agencies, and financial and telecommunications corporations.

3:30 p.m.–4:00 p.m.   Break
4:00 p.m.–5:30 p.m. Wednesday
REFEREED PAPERS
British

Attacks
Session Chair: Niels Provos, Google

How to Build a Low-Cost, Extended-Range RFID Skimmer
Ilan Kirschenbaum and Avishai Wool, Tel Aviv University

Awarded Best Student Paper!
Keyboards and Covert Channels
Gaurav Shah, Andres Molina, and Matt Blaze, University of Pennsylvania

Lessons from the Sony CD DRM Episode
J. Alex Halderman and Edward W. Felten, Princeton University

PANEL
Vancouver Island

Usable Security: Quo Vadis?
Panelists: Dirk Balfanz, PARC; Konstantin Beznosov, University of British Columbia; Paul Van Oorschot, Carleton University; Tara Whalen, Dalhousie University; Ka-Ping Yee, University of California, Berkeley

MP3 IconListen in MP3 format

View the presentation slides

There are a growing number of researchers working in the intersection of human computer interaction and security. Their goal is to make security mechanisms easier to use, and as a result improve both the security of the systems we use, and our experience when using these systems. The panelists include researchers who have worked in this field for the past several years, who will discuss their views on where this field is headed, and what's right and wrong about current research in usable security.

Technical Sessions: Wednesday, August 2 | Thursday, August 3 | Friday, August 4
Thursday, August 3
9:00 a.m.–10:30 a.m. Thursday
REFEREED PAPERS
Vancouver Island

Software
Session Chair: Anil Somayaji, Carleton University

Milk or Wine: Does Software Security Improve with Age?
Andy Ozment and Stuart E. Schechter, MIT Lincoln Laboratory

N-Variant Systems: A Secretless Framework for Security through Diversity
Benjamin Cox, David Evans, Adrian Filipi, Jonathan Rowanhill, Wei Hu, Jack Davidson, John Knight, Anh Nguyen-Tuong, and Jason Hiser, University of Virginia

Taint-Enhanced Policy Enforcement: A Practical Approach to Defeat a Wide Range of Attacks
Wei Xu, Sandeep Bhatkar, and R. Sekar, Stony Brook University

INVITED TALKS
British

Signaling Vulnerabilities in Law Enforcement Wiretapping Systems
Matt Blaze, University of Pennsylvania

MP3 IconListen in MP3 format: Talk | Q & A

The politics of wiretapping is a hot topic (again) lately. But how do the police actually tap telephones, anyway? How might tapping technology fail? Telephone wiretap and dialed number recording systems are used by law enforcement and national security agencies to collect critical investigative intelligence and legal evidence. This talk will examine the technology of (legal) wiretapping and show how many of these systems are vulnerable to simple, unilateral countermeasures that allow wiretap targets to prevent their call audio from being recorded and/or cause false or inaccurate dialed digits and call activity to be logged. The countermeasures exploit the unprotected in-band signals passed between the telephone network and the collection system and are effective against many of the wiretapping technologies currently used by US law enforcement, including at least some "CALEA" systems. We'll explore possible workarounds, as well as the broader implications of the security vulnerabilities in evidence collection systems.

This talk describes joint work with Micah Sherr, Eric Cronin, and Sandy Clark. A recent paper can be found (with audio) here.

10:30 a.m.–11:00 a.m.   Break
11:00 a.m.–12:30 p.m. Thursday
REFEREED PAPERS
British

Network Security
Session Chair: Trent Jaeger, Pennsylvania State University

SANE: A Protection Architecture for Enterprise Networks
Martin Casado and Tal Garfinkel, Stanford University; Aditya Akella, Carnegie Mellon University; Michael J. Freedman, Dan Boneh, and Nick McKeown, Stanford University

PHAS: A Prefix Hijack Alert System
Mohit Lad, University of California, Los Angeles; Dan Massey, Colorado State University; Dan Pei, AT&T Labs—Research; Yiguo Wu, University of California, Los Angeles; Beichuan Zhang, University of Arizona; Lixia Zhang, University of California, Los Angeles

Passive Data Link Layer 802.11 Wireless Device Driver Fingerprinting
Jason Franklin, Carnegie Mellon University; Damon McCoy, University of Colorado, Boulder; Parisa Tabriz, University of Illinois, Urbana-Champaign; Vicentiu Neagoe, University of California, Davis; Jamie Van Randwyk, Sandia National Laboratories; Douglas Sicker, University of Colorado, Boulder; Scott Shenker, University of California, Berkeley

INVITED TALKS
Vancouver Island

Turing Around the Security Problem
Crispin Cowan, Director of Software Engineering, Novell

MP3 IconListen in MP3 format

View the presentation slides

Computers have advanced so much in the 75 years of computing history that one might wonder why we still cannot make a secure computer system. Sure, it is hard, but lots of things are hard, and other computing problems fall before the onslaught of determined research. So why can't we make computers secure? This talk will examine the theoretical underpinnings of computer security, going all the way back to the original work by Alan Turing in 1932, to discover that reliably building secure software systems is actually provably impossible. We will also explore the socio-economic factors that make even building kind-of-secure systems unlikely.

Thus we are stuck with the problem of defending a perpetually vulnerable software base. We then explore the field of intrusion prevention; the art of defending systems despite latent vulnerabilities. Intrusion prevention also has a theoretical history, this time going back to Boyd, a fighter jet pilot from the 1950s. We will explain how Boyd's theories of engagement apply to modern intrusion prevention, and use this perspective to survey the range of ways that vulnerable systems can be defended, bringing us back to the modern context as we go "Turing" around the security problem.

Crispin Cowan was the CTO and founder of Immunix, Inc., recently acquired by Novell. Dr. Cowan now works as an architect for Novell with respect to security for the Linux platform and applications that Novell offers for Linux, and with particular attention to the AppArmor product that came with the Immunix acquisition. Dr. Cowan developed several host security technologies under DARPA funding, including prominent technologies like the StackGuard compiler defense against buffer overflows, and the LSM (Linux Security Modules) interface in Linux 2.6. Dr. Cowan also co-invented the "time-to-patch" method of assessing when it is safe to apply a security patch. Prior to founding Immunix, he was a professor with the Oregon Graduate Institute, Department of Computer Science and Engineering. He holds a Ph.D. from the University of Western Ontario and a Masters of Mathematics from the University of Waterloo.

12:30 p.m.–2:00 p.m.   Lunch (on your own)
2:00 p.m.–3:30 p.m. Thursday
PANEL
British

Major Security Blunders of the Past 30 Years
Panelists include: Matt Blaze, University of Pennsylvania; Virgil Gligor, University of Maryland; Peter Neumann, SRI International Computer Science Laboratory

MP3 IconListen in MP3 format

In this panel we discuss the major security blunders of the past 30 years in various computer systems and networks, as well as in security research. We examine the impact of these blunders and the lessons learned from them. A substantial amount of time will be devoted to examples of blunders provided by the audience. The panel members will include individuals who have been active in security research and development for the past three decades.

INVITED TALKS
Vancouver Island

Aspect-Oriented Programming: Radical Research in Modularity
Gregor Kiczales, Professor, Department of Computer Science, University of British Columbia

MP3 IconListen in MP3 format

View the presentation slides

Aspect-oriented programming (AOP) is based on a radical exploration of modularity in software development. By presenting new mechanisms that enable better modularization in a number of systems, AOP is driving us to ask fundamental questions about what modularity should mean in our field.

In the past, we have tended to think of modularity in terms of hierarchies of crisply defined blocks, where each block or module defines its interface with the surrounding modules. This idea seems attractive but experience tells us that it is hard to actually get the modularity of the software we build just right. Some issues are hard to code (or design) in a single module, others just don't seem to want to stay where you put them.

Work in AOP and other areas suggests a different conception of modularity, based on crosscutting structures and a more fluid notion of module boundaries.

The talk will present existing AOP techniques and the problems they solve, as well as open practical and research problems ranging from mechanisms to applications, theoretical formulations, and conceptual foundations.

Gregor Kiczales is Professor of Computer Science at the University of British Columbia. His work is directed at enabling programmers to write programs that, as much as possible, look like their design. He has pursued this goal in a number of projects, including CLOS and its metaobject protocol, open implementations of system software and middleware, and aspect-oriented programming. He led the Xerox PARC projects that developed aspect-oriented programming and AspectJ. He is author, with Danny Bobrow and Jim des Rivieres of "The Art of the Metaobject Protocol."

3:30 p.m.–4:00 p.m.   Break
4:00 p.m.–5:30 p.m. Thursday
REFEREED PAPERS
British

Static Analysis for Security
Session Chair: David Wagner, University of California, Berkeley

Static Detection of Security Vulnerabilities in Scripting Languages
Yichen Xie and Alex Aiken, Stanford University

Rule-Based Static Analysis of Network Protocol Implementations
Octavian Udrea, Cristian Lumezanu, and Jeffrey S. Foster, University of Maryland

Awarded Best Paper!
Evaluating SFI for a CISC Architecture
Stephen McCamant, Massachusetts Institute of Technology; Greg Morrisett, Harvard University

INVITED TALKS
Vancouver Island

Surviving Moore's Law: Security, AI, and Last Mover Advantage
Paul Kocher, Cryptography Research

MP3 IconListen in MP3 format

Most computer security research focuses on the pursuit of a "binary" ideal of security, such as proofs of correctness or cryptographic strength. Meanwhile, security for actual systems and networks increasingly relies on patches, rather than demonstrably strong designs. The cause: advances in complexity are causing greater harm to computer security than benefits.

Coping with this problem requires strategies designed specifically for the needs of complex systems. This talk will explore approaches that have worked and others that have failed spectacularly, while considering the long-term prospects for security.

Paul Kocher is President and Chief Scientist of Cryptography Research, where he leads a research team that specializes in applying results from cryptography and computer science to solve real-world security problems. His work includes co-authoring SSL v3.0, designing the DES Key Search machine Deep Crack, discovering Differential Power Analysis, and leading numerous security engineering projects.

6:00 p.m.–7:30 p.m. Thursday

Poster Session and Reception
Pacific Ballroom
Session Chair: Radu Sion, Stony Brook University

Would you like to share a provocative opinion, interesting preliminary work, or a cool idea that will spark discussion? The poster session is the perfect venue to introduce such new or ongoing work and receive valuable community feedback. We are particularly interested in presentations of student work. To submit a poster, please send a one-page proposal, in PDF or PostScript, to sec06posters@usenix.org by June 15, 2006. We will send back decisions by July 15, 2006.

Technical Sessions: Wednesday, August 2 | Thursday, August 3 | Friday, August 4
Friday, August 4
8:30 a.m.–10:30 a.m. 9:00 a.m.–10:30 a.m.
REFEREED PAPERS
British

Intrusion Detection
Session Chair: R. Sekar, Stony Brook University

SigFree: A Signature-free Buffer Overflow Attack Blocker
Xinran Wang, Chi-Chun Pan, Peng Liu, and Sencun Zhu, The Pennsylvania State University

Polymorphic Blending Attacks
Prahlad Fogla, Monirul Sharif, Roberto Perdisci, Oleg Kolesnikov, and Wenke Lee, Georgia Institute of Technology

Dynamic Application-Layer Protocol Analysis for Network Intrusion Detection
Holger Dreger, Anja Feldmann, and Michael Mai, TU München; Vern Paxson, ICSI/LBNL; Robin Sommer, ICSI

Behavior-based Spyware Detection
Engin Kirda and Christopher Kruegel, Technical University Vienna; Greg Banks, Giovanni Vigna, and Richard A. Kemmerer, University of California, Santa Barbara

INVITED TALKS
Vancouver Island

DRM Wars: The Next Generation
Ed Felten, Princeton University

MP3 IconListen in MP3 format

Technologists, lawyers, and politicians have been fighting for years over digital rights/restrictions management (DRM) technology. This talk will survey the current state of the DRM wars and predict where they will go. How will the industry's techno-legal strategies evolve? What is the political climate for extension or reform of the DMCA and other laws and regulations? What will be the fallout from the Sony rootkit incident? Which advocacy groups are effective change agents and which are not? How will future DRM wars affect researchers, entrepreneurs, open source developers, and tinkerers? How can technologists affect the DRM wars? The talk will address these and other questions.

Edward W. Felten is a Professor of Computer Science and Public Affairs at Princeton University, and is the founding director of Princeton's Center for Information Technology Policy. His research interests include computer security and privacy, especially relating to media and consumer products, and technology law and policy. He writes a blog on these topics at freedom-to-tinker.com.

10:30 a.m.–11:00 a.m.   Break
11:00 a.m.–12:30 p.m. Friday
REFEREED PAPERS
British

System Assurance
Session Chair: Vassilis Prevelakis, Drexel University

An Architecture for Specification-Based Detection of Semantic Integrity Violations in Kernel Dynamic Data
Nick L. Petroni, Jr., and Timothy Fraser, University of Maryland; AAron Walters, Purdue University; William A. Arbaugh, University of Maryland

vTPM: Virtualizing the Trusted Platform Module
Stefan Berger, Ramón Cáceres, Kenneth A. Goldman, Ronald Perez, Reiner Sailer, and Leendert van Doorn, IBM T.J. Watson Research Center

Designing Voting Machines for Verification
Naveen Sastry, University of California, Berkeley; Tadayoshi Kohno, University of California, San Diego; David Wagner, University of California, Berkeley

INVITED TALKS
Vancouver Island

Academic Department or Corporate Lab, Which Fits?
Bill Aiello, Professor and Chair, Department of Computer Science, University of British Columbia

MP3 IconListen in MP3 format

View the presentation slides

After 15 years in two of the Bell Labs' progeny, the last 5 as a division manager for cryptography and network security at AT&T Labs, a little over a year ago I became the head of the computer science department at the University of British Columbia. This was not exactly a controlled experiment since it involved moving from the U.S. to Canada, from the East Coast to the West Coast and switching from corporate research to academia. But I'll share my thoughts on what I've seen as the similarities and differences between life in a university versus life in a corporate research lab on issues such as incentives, funding, intellectual freedom, decision-making structures, intellectual property, performance review, and graduate student project supervision.

This will be a non-technical session for graduate students on the job market, for more senior researchers contemplating a move from corporate research to academia or vice versa—and for anyone else who wants to join in the discussion. I expect lots of folks in the audience to add, rebut, amplify, you name it. And we'll leave time to discuss changes in both corporate and government support for long-term research and the implications for life in corporate labs and universities in the future. In the end, most computer science and security researchers could be happy in either a university department or a corporate research lab but for some the fit is distinctly better in one versus the other. Hopefully, from the ensuing discussion, we can all help junior researchers come away with a better understanding of the pros and cons, the ups and downs, unique to each type of job.

12:30 p.m.–2:00 p.m.   Lunch (on your own)
2:00 p.m.–3:30 p.m. Friday

Work-in-Progress Reports (WiPs)
British
Session Chair: Doug Szajda, University of Richmond

MP3 IconListen in MP3 format

The last session of the Symposium will consist of Work-in-Progress reports (WiPs). This session offers short presentations on work in progress, new results, or timely topics. The accepted abstracts and session schedule is available here. The time available will be distributed among the presenters, with each speaker allocated between 5 and 10 minutes. The time limit will be strictly enforced.

?Need help? Use our Contacts page.

Last changed: 19 Oct. 2007 ac