Opening Remarks, Awards, and Keynote Address

Program Chair: Fabian Monrose, University of North Carolina, Chapel Hill

Keynote Address
Android: Securing a Mobile Platform from the Ground Up

Rich Cannings, Android Security Leader, Google, and David Bort, Software Engineer, Android Open Source Project, Google

Android is an open source mobile platform designed to support easy and open development of mobile applications. Our challenge was to design a platform that balanced our goal of open development and user choice with the unique challenges of securing a consumer-focused mobile system.

Keeping both historic and modern threats in mind, we used various approaches to protect the user and the carrier: cryptography, exploit mitigation features, system updates, UI design, and reuse of UNIX security features in a novel way.

To illustrate the security features of Android, we will describe real examples of security vulnerabilities we have encountered since launch.

REFEREED PAPERS

Attacks on Privacy

Session Chair: Steven M. Bellovin, Columbia University

Proceedings of all papers in this session

Compromising Electromagnetic Emanations of Wired and Wireless Keyboards
Martin Vuagnoux and Sylvain Pasini, LASEC/EPFL

Paper in PDF

Peeping Tom in the Neighborhood: Keystroke Eavesdropping on Multi-User Systems
Kehuan Zhang and XiaoFeng Wang, Indiana University, Bloomington

Paper in PDF

A Practical Congestion Attack on Tor Using Long Paths
Nathan S. Evans, University of Denver; Roger Dingledine, The Tor Project; Christian Grothoff, University of Denver

Paper in PDF

INVITED TALKS

The Building Security in Maturity Model (BSIMM)
Gary McGraw, CTO, Cigital, Inc., and Brian Chess, Chief Scientist, Fortify Software

As a discipline, software security has made great progress over the last decade. There are now at least 36 large-scale software security initiatives underway in enterprises including global financial services firms, independent software vendors, defense organizations, and other verticals. In 2008 the speakers, with Sammy Migues, interviewed executives running nine initiatives, using the twelve practices of the Software Security Framework as our guide. Those companies among the nine who graciously agreed to be identified include Adobe, The Depository Trust and Clearing Corporation (DTCC), EMC, Google, Microsoft, QUALCOMM, and Wells Fargo.

The resulting data, drawn from real programs at different levels of maturity, was used to guide the construction of the Building Security in Maturity Model.

This talk will describe the maturity model, drawing examples from many real software security programs. A maturity model is appropriate because improving software security almost always means changing the way an organization works: people, process, and automation are all required. Although not all organizations need to achieve the same security goals, all successful large-scale software security initiatives share ideas and approaches.

Whether you rely on the Cigital Touchpoints, Microsoft's SDL, or OWASP CLASP, there is much to learn from practical experience. BSIMM will help you determine where you stand and what kind of software security plan will work best for you.

REFEREED PAPERS

Memory Safety

Session Chair: Tal Garfinkel, VMware and Stanford University

Proceedings of all papers in this session

Baggy Bounds Checking: An Efficient and Backwards-Compatible Defense against Out-of-Bounds Errors
Periklis Akritidis, Computer Laboratory, University of Cambridge; Manuel Costa and Miguel Castro, Microsoft Research, Cambridge; Steven Hand, Computer Laboratory, University of Cambridge

Paper in PDF

Dynamic Test Generation to Find Integer Bugs in x86 Binary Linux Programs
David Molnar, Xue Cong Li, and David A. Wagner, University of California, Berkeley

Paper in PDF

Memory Safety for Low-Level Software/Hardware Interactions
John Criswell, University of Illinois; Nicolas Geoffray, Université Pierre et Marie Curie, INRIA/Regal; Vikram Adve, University of Illinois

Paper in PDF

INVITED TALKS

Toward a New Legal Framework for Cybersecurity
Deirdre K. Mulligan, School of Information, University of California, Berkeley

What role should the law play in the creation of more secure or trustworthy networks? Fred Schneider of Cornell University and I argue that it does little to structure incentives or direct activity to drive cybersecurity. As Washington reconsiders the government's role in network security, we set forth a new legal framework for cybersecurity.

We argue for a theoretical reorientation, and we reject the standard siren call for the production of "secure" systems and networks, even though this still dominates policy circles and drives legal approaches. It will be better to focus on managing the inevitable insecurity that comes from the constant vulnerabilities and adversaries we face. The rich mix of legal authorities and institutions that comprise the public health infrastructure makes a useful departure point for considering the range of legal mechanisms and institutions that could aid in cybersecurity. Leveraging the law in a sophisticated and comprehensive manner to address market failures stemming from information gaps, externalities, and cognitive biases is essential to achieving and maintaining a level of security appropriate to the activities occurring on the Internet today and in the future.

We believe the law has been undertheorized and underutilized for network security and trustworthiness. Absent a concerted effort to consider the possible contributions of the law toward managing insecurity on networks, the Internet will grow increasingly less secure and there will be immense and, ultimately, regrettable pressure to build networks that provide greater security in a narrow sense (secrecy, confidentiality, integrity, and availability) at substantial cost to other shared values such as openness, transparency, and privacy.

REFEREED PAPERS

Network Security

Session Chair: Wietse Venema, IBM Research

Proceedings of all papers in this session

Detecting Spammers with SNARE: Spatio-temporal Network-level Automatic Reputation Engine
Shuang Hao, Nadeem Ahmed Syed, Nick Feamster, and Alexander G. Gray, Georgia Tech; Sven Krasser, McAfee, Inc.

Paper in PDF

Improving Tor using a TCP-over-DTLS Tunnel
Joel Reardon, Google Switzerland GmbH; Ian Goldberg, University of Waterloo

Paper in PDF

Locating Prefix Hijackers using LOCK
Tongqing Qiu, Georgia Tech; Lusheng Ji, Dan Pei, and Jia Wang, AT&T Labs—Research; Jun (Jim) Xu, Georgia Tech; Hitesh Ballani, Cornell University

Paper in PDF

INVITED TALKS

Modern Exploitation and Memory Protection Bypasses
Alexander Sotirov, Independent Security Researcher

The difficulty of exploiting memory corruption vulnerabilities has increased significantly with the introduction of the exploitation mitigation features in modern operating systems. Stack cookies, non-executable memory, and address space layout randomization successfully prevent most attempts at direct control-flow modification in vulnerable applications. As a result, software exploitation is much more difficult than it has been at any point in the past.

This talk will present the challenges facing exploit developers today and the latest techniques for defeating the memory protection features in modern operating systems. It will describe the current state of the art in exploitation and outline the most promising directions for future exploitation research.

Symposium Reception

REFEREED PAPERS

JavaScript Security

Session Chair: Lucas Ballard, Google Inc.

Proceedings of all papers in this session

GATEKEEPER: Mostly Static Enforcement of Security and Reliability Policies for JavaScript Code
Salvatore Guarnieri, University of Washington; Benjamin Livshits, Microsoft Research

Paper in PDF

NOZZLE: A Defense Against Heap-spraying Code Injection Attacks
Paruj Ratanaworabhan, Cornell University; Benjamin Livshits and Benjamin Zorn, Microsoft Research

Paper in PDF

Cross-Origin JavaScript Capability Leaks: Detection, Exploitation, and Defense
Adam Barth, Joel Weinberger, and Dawn Song, University of California, Berkeley

Paper in PDF

INVITED TALKS

How the Pursuit of Truth Led Me to Selling Viagra
Vern Paxson, EECS, University of California, Berkeley, and Senior Scientist, International Computer Science Institute

For an empiricist, at the heart of the pursuit of truth lies measurement. This talk will frame perspectives I have developed in applying measurement to Internet security research for the past fifteen years. Along with lessons learned regarding how security realities can diverge from ivory-tower assumptions, I'll discuss the enormous changes in the landscape over that time and explain how those changes led to colleagues and me trying our hand at selling Viagra—all for the cause of science.

REFEREED PAPERS

Radio

Session Chair: Xiaolan (Catherine) Zhang, IBM Research

Proceedings of all papers in this session

Physical-layer Identification of RFID Devices
Boris Danev, ETH Zürich, Switzerland; Thomas S. Heydt-Benjamin, IBM Zürich Research Laboratory, Switzerland; Srdjan Čapkun, ETH Zürich, Switzerland

Paper in PDF

CCCP: Secure Remote Storage for Computational RFIDs
Mastooreh Salajegheh, Shane Clark, Benjamin Ransford, and Kevin Fu, University of Massachusetts Amherst; Ari Juels, RSA Laboratories, The Security Division of EMC

Paper in PDF

Jamming-resistant Broadcast Communication without Shared Keys
Christina Pöpper, Mario Strasser, and Srdjan Čapkun, ETH Zurich, Switzerland

Paper in PDF

INVITED TALKS

Designing Trustworthy User Agents for a Hostile Web
Eric Lawrence, Senior Program Manager, Internet Explorer Security Team, Microsoft

In a world where organized criminals and myriad misfits work tirelessly to exploit users via an alphabet soup of Web-delivered attacks, browser developers must make the right tradeoffs to deliver usable security. In this talk, I'll describe the attacks we see in the wild today, outline developing threats, and share my thoughts on future browser security investments. With examples from development of the world's most popular browser, I'll explore the challenges in bringing security innovation out of the lab and into real-world products, debunk some security myths, and describe how secure design principles are our only hope as the Web platform gets ever more powerful.

REFEREED PAPERS

Securing Web Apps

Session Chair: David Wagner, University of California, Berkeley

Proceedings of all papers in this session

xBook: Redesigning Privacy Control in Social Networking Platforms
Kapil Singh, Georgia Institute of Technology; Sumeer Bhola, Google; Wenke Lee, Georgia Institute of Technology

Paper in PDF

Nemesis: Preventing Authentication & Access Control Vulnerabilities in Web Applications
Michael Dalton and Christos Kozyrakis, Stanford University; Nickolai Zeldovich, CSAIL, MIT

Paper in PDF

Static Enforcement of Web Application Integrity Through Strong Typing
William Robertson and Giovanni Vigna, University of California, Santa Barbara

Paper in PDF

INVITED TALKS

Compression, Correction, Confidentiality, and Comprehension: A Modern Look at Commercial Telegraph Codes
Steven M. Bellovin, Professor of Computer Science, Columbia University

Telegraph codes are a more or less forgotten part of technological history. In their day, though, they were ubiquitous and sophisticated. They also laid the groundwork for many of today's communications technologies, including encryption, compression, and error correction. Beyond that, reading them provides a snapshot into the culture of their time. We look back, describing them in modern terms and noting some of the tradeoffs considered.

REFEREED PAPERS

Applied Crypto

Session Chair: Ian Goldberg, University of Waterloo

Vanish: Increasing Data Privacy with Self-Destructing Data
Roxana Geambasu, Tadayoshi Kohno, Amit A. Levy, and Henry M. Levy, University of Washington

This paper will be made available on August 12.

Efficient Data Structures For Tamper-Evident Logging
Scott A. Crosby and Dan S. Wallach, Rice University

Paper in PDF

VPriv: Protecting Privacy in Location-Based Vehicular Services
Raluca Ada Popa and Hari Balakrishnan, Massachusetts Institute of Technology; Andrew J. Blumberg, Stanford University

Paper in PDF

INVITED TALKS

Top Ten Web Hacking Techniques of 2008: "What's possible, not probable"
Jeremiah Grossman, Founder and CTO, WhiteHat Security

The polls are closed, votes are in, and we have the winners making up the Top Ten Web Hacking Techniques of 2008! The competition was fierce, with the newest and most innovative Web hacking techniques rising to the test. This session will review the top ten hacks from 2008: what they indicate about the security of the Web, what they mean for businesses, and what might be used against us soon down the road.

Poster Session & Happy Hour

Poster Session Chair: Carrie Gates, CA Labs

Don't miss the cool new ideas and the latest preliminary research on display at the Poster Session. Take part in discussions with your colleagues over complimentary drinks and snacks. Check out the list of accepted posters.

REFEREED PAPERS

Malware Detection and Protection

Session Chair: Niels Provos, Google Inc.

Proceedings of all papers in this session

Effective and Efficient Malware Detection at the End Host
Clemens Kolbitsch and Paolo Milani Comparetti, Secure Systems Lab, TU Vienna; Christopher Kruegel, University of California, Santa Barbara; Engin Kirda, Institute Eurecom, Sophia Antipolis; Xiaoyong Zhou and XiaoFeng Wang, Indiana University at Bloomington

Paper in PDF

Protecting Confidential Data on Personal Computers with Storage Capsules
Kevin Borders, Eric Vander Weele, Billy Lau, and Atul Prakash, University of Michigan

Paper in PDF

Return-Oriented Rootkits: Bypassing Kernel Code Integrity Protection Mechanisms
Ralf Hund, Thorsten Holz, and Felix C. Freiling, Laboratory for Dependable Distributed Systems, University of Mannheim, Germany

Paper in PDF

INVITED TALKS

Hash Functions and Their Many Uses in Cryptography
Shai Halevi, IBM Research

Hash functions have many uses in cryptography, from encryption through authentication and signatures to key exchange. In this talk I'll cover an assortment of aspects of hash functions.

In many applications, "what we really want" is a truly random function (a.k.a. a random oracle), but we settle for a hash function instead. I will explain the difference between the two and show some consequences of this difference.

Different applications require different security properties from the underlying hash functions. I will survey a few of these properties, make the case that applications should be designed to rely on security properties as weak as possible, and illustrate it with example applications to message authentication and digital signatures.

Most hash functions are constructed from lower-level primitives called compression functions. I will briefly describe this type of design and point out some advantages and drawbacks.

Finally, I will illustrate the design of a modern hash function using Fugue, which is a candidate for the NIST SHA3 competition. More than most hash functions, Fugue was designed to be amenable to rigorous security analysis.

REFEREED PAPERS

Browser Security

Session Chair: Patrick Traynor, Georgia Institute of Technology

Proceedings of all papers in this session

Crying Wolf: An Empirical Study of SSL Warning Effectiveness
Joshua Sunshine, Serge Egelman, Hazim Almuhimedi, Neha Atri, and Lorrie Faith Cranor, Carnegie Mellon University

Paper in PDF

The Multi-Principal OS Construction of the Gazelle Web Browser
Helen J. Wang, Microsoft Research; Chris Grier, University of Illinois at Urbana-Champaign; Alex Moshchuk, University of Washington; Samuel T. King, University of Illinois at Urbana-Champaign; Piali Choudhury and Herman Venter, Microsoft Research

Paper in PDF

INVITED TALKS

DNS Security: Lessons Learned and The Road Ahead
David Dagon, Georgia Institute of Technology

Work-in-Progress Reports (WiPs)

WiPs Session Chair: Sven Dietrich, Stevens Institute of Technology

The Work-in-Progress reports (WiPs) session offers short presentations about research in progress, new results, or timely topics. Speakers should submit a one- or two-paragraph abstract to sec09wips@usenix.org by 6:00 p.m. PDT on Tuesday, August 11, 2009. Make sure to include your name, your affiliation, and the title of your talk. The schedule of presentations and accepted abstracts will be posted on the Symposium Web site. The time available will be distributed among the presenters, with each speaker allocated between 5 and 10 minutes. The time limit will be strictly enforced.