Wednesday, July 6th 2016

Thursday, July 7th 2016

Session 1: Attacks

Chair: Michael Meier

• "Subverting Operating System Properties through Evolutionary DKOM Attacks". Mariano Graziano, Lorenzo Flore, Andrea Lanzi and Davide Balzarotti.
• "Extended abstract: Deepfuzz: Triggering Vulnerabilities Deeply Hidden in Binaries". Konstantin Böttinger and Claudia Eckert.

Coffee break

Session 2: Defenses

Chair: Andrea Lanzi

• "AutoRand: Automatic Keyword Randomization to Prevent Injection Attacks". Jeff Perkins, Jordan Eikenberry, Alessandro Coglio, Daniel Willenson, Stelios Sidirouglou-Douskos and Martin Rinard.
• "AVRAND: A Software-Based Defense Against Code Reuse Attacks for AVR Embedded Devices." Sergio Pastrana, Juan E. Tapiador, Guillermo Suarez-De-Tangil and Pedro Peris-Lopez.
• "Towards Vulnerability Discovery Using Extended Compile-time Analysis". Bhargava Shastry, Fabian Yamaguchi, Konrad Rieck and Jean-Pierre Seifert.

Session 3: Malware detection

Chair: Ulrich Flegel

• "Comprehensive Analysis and Detection of Flash-based Malware". Christian Wressnegger, Fabian Yamaguchi, Daniel Arp and Konrad Rieck.
• "Reviewer Integration and Performance Measurement for Malware Detection". Brad Miller, Alex Kantchelian, Michael Carl Tschantz, Sadia Afroz, Rekha Bachwani, Riyaz Faizullabhoy, Ling Huang, Vaishaal Shankar, Tony Wu, George Yiu, Anthony D. Joseph and J.D. Tygar.
• "On the Lack of Consensus in Anti-Virus Decisions". Médéric Hurier, Kevin Allix, Tegawendé Bissyandé, Jacques Klein and Yives Le Traon

Session 4: Evasion

Chair: Ricardo J. Rodriguez

• "Probfuscation: An Obfuscation Approach using Probabilistic Control Flows". Andre Pawlowski, Moritz Contag and Thorsten Holz.
• "RAMBO: Run-time packer Analysis with Multiple Branch Observation". Xabier Ugarte-Pedrero, Davide Balzarotti, Igor Santos and Pablo Garcia Bringas.
• "Detecting Hardware-Assisted Virtualized Systems". Michael Brengel, Michael Backes and Christian Rossow.

• Activity 1: Surf
• Activity 2: Visiting the Bay of San Sebastian in Catamaran

Friday, July 8th 2016

Session 5: Web Security

Chair: Marco Balduzzi

• "Financial Lower Bounds of Online Advertising Abuse". Yizheng Chen, Panagiotis Kintis, Manos Antonakakis, Yacin Nadji, David Dagon, Wenke Lee and Michael Farrell.
• "Google Dorks: Analysis, Creation, and new Defenses". Flavio Toffalini, Maurizio Abba, Damiano Carra and Davide Balzarotti.

Coffee break

Session 6: Data Leaks

Chair: Sven Dietrich

• "Flush+Flush: A Fast and Stealthy Cache Attack". Daniel Gruss, Clementine Maurice, Klaus Wagner and Stefan Mangard.
• "Rowhammer.js: A Remote Software-Induced Fault Attack in Javascript". Daniel Gruss, Clémentine Maurice and Stefan Mangard.
• "Detile: Fine-Grained Information Leak Detection in Script Engines". Robert Gawlik, Philipp Koppe, Benjamin Kollenda, Andre Pawlowski, Behrad Garmany and Thorsten Holz.
• "Extended Abstract: Understanding the Privacy Implications of ECS". Panagiotis Kintis, Yacin Nadji, David Dagon, Michael Farrell and Manos Antonakakis.

Session 7: Authentication

Chair: Magnus Almgren

• "Analysing the Security of Google’s implementation of OpenID Connect". Wanpeng Li and Chris Mitchell.
• "Leveraging Sensor Fingerprinting for Mobile Device Authentication". Thomas Hupperich, Henry Hosseini and Thorsten Holz.

Session 8: Malware Classification

Chair: Pavel Laskov

• "MtNet: A Multi-Task Neural Network for Dynamic Malware Classification". Wenyi Huang and Jack W. Stokes.
• "Adaptive Semantics-Aware Malware Classification". Bojan Kolosnjaji, Apostolis Zarras, Tamas Lengyel, George Webster and Claudia Eckert.