Workshop on Code Based Software Security Assessments (CoBaSSA 2005)

http://swerl.tudelft.nl/leon/cobassa2005/

Pittsburgh, Pennsylvania, USA, 7 November 2005

Workshop co-located with WCRE & WICSA 2005

This document is also available as PDF.

Background

Our technological society has become more and more dependent on software that is used to automate everyday processes. This dependence increasingly exposes us to the security threats that originate from malicious software (malware) such as computer viruses and worms and software vulnerability exploits such as remote execution of code or denial of service attacks. Moreover, this exposure is not limited to computer systems but is spreading to common appliances such as mobile phones, PDAs and consumer electronics such as media centers, personal video recorders, etc. since a growing number of these products are made extensible and adaptable by means of embedded software.

The proliferation of malware and exploits requires that action is taken to tackle these issues and evaluate software security to prevent the damage and costs (e.g., data loss, productivity loss, recovery time) that result from security incidents. This calls for measures to assure that a software system has the desired security properties, i.e. that it is free of malware and vulnerabilities.

Objectives

The purpose of this workshop is to bring together practitioners, researchers, academics, and students to discuss the state-of-the-art of software security assessments based on reverse engineering of source or binary code (as oppposed to software security assessments that look at the software proces that was applied). This includes research on topics like source & binary code analysis techniques for the detection of software vulnerabilities (e.g. detect if code has potential buffer overflow problems) or analysis for the detection of malicious behaviour (e.g. detect if code contains exploit/virus/worm).

The goal of the workshop is to share experience, consolidate successful techniques, collect guidelines, and identify open issues for future work.

Topics of interest

Topics of interest include, but are not limited to:
 -  Mitigating stack- or heap-based buffer overflow attacks  
 -  Re-modularizing legacy code for privilege separation  
 -  Race condition detection  
 -  Detecting vulnerabilities in trust management and  
    authentication  
 -  Code tamper-proofing and obfuscation  
 -  Binary code disassembly and anti-debugging  
 -  Copy protection schemes  
 -  Analysis of computer virus and worm code  
 -  Case studies analyzing system software vulnerability  
    (e.g., CORBA, EJB, DCOM, Windows, Linux)  
 -  Best practices practices for secure coding  
       

Submissions

Please note that the deadline for submissions has passed

Participants are asked to submit a four page position paper (in IEEE proceeding style) detailing their experiences or ideas on software security assessments. The organizers will accept position statements based on originality, relevance, and suitability for triggering discussion.

Please mail your submission in PDF format to Leon Moonen (Leon.Moonen@computer.org) by the deadline (see below).

Registration

Registration for the workshop is included in WCRE registration. It is also possible to register just for the workshop. Please note that WICSA registration does not include the CoBaSSA workshop.

The is an early registration discount which ends Friday, October 14, 2005.

All CoBaSSA/WCRE/WICSA registration is handled by the Reengineering Forum. For more information about prices and a registration form see http://reengineer.org/pittsburgh/register.php?w=CoBaSSA.

Schedule

During the workshop, we will have five 30 min presentations, each followed by 10 minutes for questions and discussion. In the afternoon, we will have a longer working/discussion session to establish a list of open issues in software security assesment research and practice. Participants are asked to prepare for the latter by thinking up their own top 3 of open issues before the workshop.

Papers are available in the online CoBaSSa 2005 proceedings.

8:30 Opening & participants introduce themselves
9:00 Presentation: Pattern Matching Security Properties of Code using Dependence Graphs by John Wilander & Pia Fåk.
9:30 Questions & Discussion
9:40 Presentation: Hardware-based Control Flow Monitoring to Prevent Malicious Control Flow Redirection by Nidhi Shah & Linda M. Wills
10:10 Questions & Discussion
10:20 Coffee break
10:40 Presentation: Towards Disk-Level Malware Detection by Nathanael Paul, Sudhanva Gurumurthi & David Evans
11:10 Questions & Discussion
11:20 Presentation: Adversarial Software Analysis: Challenges and Research by Andrew Walenstein & Arun Lakhotia
11:50 Questions & Discussion
12:00 Lunch
13:00 Invited Presentation: Best practices for secure coding by Robert C. Seacord. Additional material on managed strings.
13:30 Questions & Discussion
13:40 Working session ``Open issues in software security assesments''
15:10 Coffee break
15:30 Wrap up & conclusions: lessons learned, next steps.
16:00 (workshop ends)

Dissemination of results

All accepted position papers are published in the CoBaSSa 2005 proceedings available from the workshop's webpage and the participants are asked to read the papers prior to the workshop. Initial results from the workshop are available in a short presentation from the workshop website.

Workshop Format

The workshop will be lively and entertaining. It aims at discussion and interaction rather than presentations. However, all participants will be given a chance to give a short presentation. These presentations will serve to introduce a case study, provoke discussion by presenting a controversial point of view, or introduce new points of view. In order to stimulate debate, each position paper will have a discussant assigned, who has the task to study the position paper in advance, and prepare one or two questions.

The workshop opens with an introduction session where participants can raise the questions they would like to get addressed in the workshop; in the concluding wrap up we'll evaluate how far we got in answering these questions.

The number of participants is limited to 30.

Important Dates

Deadline for submission of position papers: October 9, 2005
Notification of acceptance: October 23, 2005
Final papers due: October 30, 2005
Workshop date: November 7, 2005

Organization

Organizers: Leon Moonen (Delft University of Technology & CWI, The Netherlands)
  Spiros Mancoridis (Drexel University, USA)

More Information

Leon Moonen
Delft University of Technology
Software Evolution Research Lab
Faculty EEMCS
P.O. Box 5031
2600 GA Delft
The Netherlands
Leon.Moonen@computer.org
http://swerl.tudelft.nl/leon/