31 October 2007
NEW: CoBaSSA 2007 workshop proceedings
|08:30||welcome & participant intro|
|08:45||Keynote: The Good, the Bad, and the Ugly From 10 Years of Vulnerability Prevention|
|09:45||Searching for Malware|
|10:25||Information Flow Control and Taint Analysis with Dependence Graphs|
|10:50||Software Security through Targeted Diversification|
|Nessim Kisserli, Jan Cappaert, Bart Preneel|
|11:15||Identifying Source Code Authorship|
|Robert Lange, Jonathan Max-Sohmer, Maxim Shevertalov, Jay Kothari, Spiros Mancoridis|
Our technological society has become more and more dependent on software that is used to automate everyday processes. This dependence increasingly exposes us to the security threats that originate from malicious software (malware) such as computer viruses and worms and software vulnerability exploits such as remote execution of code or denial of service attacks. Moreover, this exposure is not limited to computer systems but is spreading to common appliances such as mobile phones, PDAs and consumer electronics such as media centers, personal video recorders, etc. since a growing number of these products are made extensible and adaptable by means of embedded software.
The proliferation of malware and exploits requires that action is taken to tackle these issues and evaluate software security to prevent the damage and costs (e.g., data loss, productivity loss, recovery time) that result from security incidents. This calls for measures to assure that a software system has the desired security properties, i.e. that it is free of malware and vulnerabilities. In addition, there is a need for technology for software forensics, for example to detect code authorship or plagiarism.
The purpose of this workshop is to bring together practitioners, researchers, academics, and students to discuss the state-of-the-art of software security assessments based on reverse engineering of source or binary code (as opposed to software security assessments that look at the software process that was applied). This includes research on topics like source & binary code analysis techniques for the detection of software vulnerabilities (e.g. detect if code has potential buffer overflow problems) or analysis for the detection of malicious behavior (e.g. detect if code contains an exploit or has viral behavior).
The goal of the workshop is to share experiences, consolidate successful techniques, collect guidelines, and identify open issues for future work.
Topics of interest include, but are not limited to:
Participants are asked to submit a four page position paper (in IEEE proceeding style and PDF format) detailing their experiences or ideas on software security assessments. The organizers will accept position statements based on originality, relevance, and suitability for triggering discussion.
|Deadline for submission of position papers:||September 17, 2007|
|Notification of acceptance:||September 29, 2007|
|Final papers due:||October 10, 2007|
|Workshop date:||October 31, 2007|
Registration for the workshop is included in WCRE registration. It is also possible to register just for the workshop.
There is an early registration discount which ends October 3rd, 2007.
All CoBaSSA/WCRE registration is handled by the Reengineering Forum. For more information about prices and a registration form see http://reengineer.org/wcre2007/register.php.
The workshop will be lively and entertaining. It aims at discussion and interaction rather than presentations. However, all participants that submit a position paper will be given a chance to give a short presentation. These presentations will serve to introduce a case study, provoke discussion by presenting a controversial point of view, or introduce new points of view. In order to stimulate debate, each position paper will have a discussant assigned, who has the task to study the position paper in advance, and prepare one or two questions.
The workshop opens with an introduction session where participants can raise the questions they would like to get addressed in the workshop; in the concluding wrap up we'll evaluate how far we got in answering these questions.
The participants presentations take 25 minutes each, of which are at least 5 minutes reserved for questions and discussion. In order to stimulate an informed debate, we request all participants to read the position papers before the workshop, and possibly prepare one or two questions.
In the interest of promoting interactive discussion, the number of participants will be limited to 25.
All accepted position papers are published in the CoBaSSA 2007 workshop proceedings which are published as Delft University of Technology technical report TUD-SERG-2007-023.
The results of the workshop will be summarized in a workshop report that will be available from the workshop website after the workshop.
|Organizers:||Leon Moonen (Delft University of Technology, The Netherlands)|
|Spiros Mancoridis (Drexel University, USA)|
|Delft University of Technology|
|Software Engineering Research Group, Faculty EEMCS|
|P.O. Box 5031|
|2600 GA Delft, The Netherlands|