8:30 – 9:00

Welcome

9:00 – 9:30

SpecROP: Speculative Exploitation of ROP Chains

9:30 – 10:00

Never Trust Your Victim: Weaponizing Vulnerabilities in Security Scanners

10:00 – 10:30

Camera Fingerprinting Authentication Revisited

11:00 – 11:30

Binary-level Directed Fuzzing for Use-After-Free Vulnerabilities

11:30 – 12:00

WearFlow: Expanding Information Flow Analysis To Companion Apps in Wear OS

12:00 – 12:30

MEUZZ: Smart Seed Scheduling for Hybrid Fuzzing

13:30 – 14:00

Tracing and Analyzing Web Access Paths Based on User-Side Data Collection: How Do Users Reach Malicious URLs?

14:00 – 14:30

What’s in an Exploit? An Empirical Analysis of Reflected Server XSS Exploitation Techniques

14:30 – 15:00

Mininode: Reducing the Attack Surface of Node.js Applications

15:00 – 15:30

Evaluating Changes to Fake Account Verification Systems

16:00 – 17:00

Malware & PUP: Keep them separate, if you can
Juan Caballero

9:00 – 9:30

SourceFinder: Finding Malware Source-Code from Publicly Available Repositories in GitHub

9:30 – 10:00

HyperLeech: Stealthy System Virtualization with Minimal Target Impact through DMA-Based Hypervisor Injection

10:00 – 10:30

Effective Detection of Credential Thefts from Windows Memory: Learning Access Behaviours to Local Security Authority Subsystem Service

11:00 – 11:30

EnclavePDP: A General Framework to Verify Data Integrity in Cloud Using Intel SGX

11:30 – 12:00

Robust P2P Primitives Using SGX Enclaves

12:00 – 12:30

aBBRate: Automating BBR Attack Exploration Using a Model-Based Approach

14:00 – 14:30

Cyber Threat Intelligence Modeling Based on Heterogeneous Graph Convolutional Network

14:30 – 15:00

Detecting Lateral Movement in Enterprise Computer Networks with Unsupervised Graph AI

15:00 – 15:30

An Object Detection based Solver for Google’s Image reCAPTCHA v2

16:00 – 16:30

Evasion Attacks against Banking Fraud Detection Systems

16:30 – 17:00

The Limitations of Federated Learning in Sybil Settings

17:00 – 17:30

GhostImage: Remote Perception Attacks against Camera-based Image Classification Systems

9:00 – 9:30

PLC-Sleuth: Detecting and Localizing PLC Intrusions Using Control Invariants

9:30 – 10:00

Software-based Realtime Recovery from Sensor Attacks on Robotic Vehicles

10:00 – 10:30

SIEVE: Secure In-Vehicle Automatic Speech Recognition Systems

11:00 – 11:30

μSBS: Static Binary Sanitization of Bare-metal Embedded Devices for Fault Observability

11:30 – 12:00

BlueShield: Detecting Spoofing Attacks in Bluetooth Low Energy Networks

12:00 – 12:30

Dark Firmware: A Systematic Approach to Exploring Application Security Risks in the Presence of Untrusted Firmware

13:30 – 14:00

A Framework for Software Diversification with ISA Heterogeneity

14:00 – 14:30

Confine: Automated System Call Policy Generation for Container Attack Surface Reduction

14:30 – 15:00

sysfilter: Automated System Call Filtering for Commodity Software

15:00 – 15:30

Closing remarks