Pittsburgh, Pennsylvania, USA, 7 November
Workshop co-located with WCRE & WICSA 2005
This document is also available as PDF.
Our technological society has become more and more dependent on software that is used to automate everyday processes. This dependence increasingly exposes us to the security threats that originate from malicious software (malware) such as computer viruses and worms and software vulnerability exploits such as remote execution of code or denial of service attacks. Moreover, this exposure is not limited to computer systems but is spreading to common appliances such as mobile phones, PDAs and consumer electronics such as media centers, personal video recorders, etc. since a growing number of these products are made extensible and adaptable by means of embedded software.
The proliferation of malware and exploits requires that action is taken to tackle these issues and evaluate software security to prevent the damage and costs (e.g., data loss, productivity loss, recovery time) that result from security incidents. This calls for measures to assure that a software system has the desired security properties, i.e. that it is free of malware and vulnerabilities.
The purpose of this workshop is to bring together practitioners, researchers, academics, and students to discuss the state-of-the-art of software security assessments based on reverse engineering of source or binary code (as oppposed to software security assessments that look at the software proces that was applied). This includes research on topics like source & binary code analysis techniques for the detection of software vulnerabilities (e.g. detect if code has potential buffer overflow problems) or analysis for the detection of malicious behaviour (e.g. detect if code contains exploit/virus/worm).
The goal of the workshop is to share experience, consolidate successful techniques, collect guidelines, and identify open issues for future work.
Topics of interest include, but are not limited to:
|-||Mitigating stack- or heap-based buffer overflow attacks|
|-||Re-modularizing legacy code for privilege separation|
|-||Race condition detection|
|-||Detecting vulnerabilities in trust management and|
|-||Code tamper-proofing and obfuscation|
|-||Binary code disassembly and anti-debugging|
|-||Copy protection schemes|
|-||Analysis of computer virus and worm code|
|-||Case studies analyzing system software vulnerability|
|(e.g., CORBA, EJB, DCOM, Windows, Linux)|
|-||Best practices practices for secure coding|
Please note that the deadline for submissions has passed
Participants are asked to submit a four page position paper (in IEEE proceeding style) detailing their experiences or ideas on software security assessments. The organizers will accept position statements based on originality, relevance, and suitability for triggering discussion.
Please mail your submission in PDF format to Leon Moonen (Leon.Moonen@computer.org) by the deadline (see below).
Registration for the workshop is included in WCRE registration. It is also possible to register just for the workshop. Please note that WICSA registration does not include the CoBaSSA workshop.
The is an early registration discount which ends Friday, October 14, 2005.
All CoBaSSA/WCRE/WICSA registration is handled by the Reengineering Forum. For more information about prices and a registration form see http://reengineer.org/pittsburgh/register.php?w=CoBaSSA.
During the workshop, we will have five 30 min presentations, each followed by 10 minutes for questions and discussion. In the afternoon, we will have a longer working/discussion session to establish a list of open issues in software security assesment research and practice. Participants are asked to prepare for the latter by thinking up their own top 3 of open issues before the workshop.
Papers are available in the online CoBaSSa 2005 proceedings.
|8:30||Opening & participants introduce themselves|
|9:00||Presentation: Pattern Matching Security Properties of Code using Dependence Graphs by John Wilander & Pia Fåk.|
|9:30||Questions & Discussion|
|9:40||Presentation: Hardware-based Control Flow Monitoring to Prevent Malicious Control Flow Redirection by Nidhi Shah & Linda M. Wills|
|10:10||Questions & Discussion|
|10:40||Presentation: Towards Disk-Level Malware Detection by Nathanael Paul, Sudhanva Gurumurthi & David Evans|
|11:10||Questions & Discussion|
|11:20||Presentation: Adversarial Software Analysis: Challenges and Research by Andrew Walenstein & Arun Lakhotia|
|11:50||Questions & Discussion|
|13:00||Invited Presentation: Best practices for secure coding by Robert C. Seacord. Additional material on managed strings.|
|13:30||Questions & Discussion|
|13:40||Working session ``Open issues in software security assesments''|
|15:30||Wrap up & conclusions: lessons learned, next steps.|
All accepted position papers are published in the CoBaSSa 2005 proceedings available from the workshop's webpage and the participants are asked to read the papers prior to the workshop. Initial results from the workshop are available in a short presentation from the workshop website.
The workshop will be lively and entertaining. It aims at discussion and interaction rather than presentations. However, all participants will be given a chance to give a short presentation. These presentations will serve to introduce a case study, provoke discussion by presenting a controversial point of view, or introduce new points of view. In order to stimulate debate, each position paper will have a discussant assigned, who has the task to study the position paper in advance, and prepare one or two questions.
The workshop opens with an introduction session where participants can raise the questions they would like to get addressed in the workshop; in the concluding wrap up we'll evaluate how far we got in answering these questions.
The number of participants is limited to 30.
|Deadline for submission of position papers:||October 9, 2005|
|Notification of acceptance:||October 23, 2005|
|Final papers due:||October 30, 2005|
|Workshop date:||November 7, 2005|
|Organizers:||Leon Moonen (Delft University of Technology & CWI, The Netherlands)|
|Spiros Mancoridis (Drexel University, USA)|
Delft University of Technology
Software Evolution Research Lab
P.O. Box 5031
2600 GA Delft