|
WORKSHOP PROGRAM
All sessions will take place in Wilson C unless otherwise noted.
Session papers are available to workshop registrants immediately and to everyone beginning August 9, 2010.
|
|
Monday, August 9, 2010
|
| 9:00 a.m.–9:10 a.m. |
|
Welcome
Charlie Miller and Hovav Shacham, WOOT '10 Program Co-Chairs
|
| 9:10 a.m.–10:40 a.m. |
|
Vulnerability Analysis
All You Ever Wanted to Know About Dynamic Taint Analysis and Forward Symbolic Execution (but Might Have Been Afraid to Ask) (Invited Talk)
Edward J. Schwartz, Thanassis Avgerinos, and David Brumley, Carnegie Mellon University
Zero-sized Heap Allocations Vulnerability Analysis
Julien Vanegue, Microsoft Security Engineering Center
Read the Abstract | Full paper
Beyond Heuristics: Learning to Classify Vulnerabilities and Predict Exploits (Invited Talk)
Mehran Bozorgi, Lawrence K. Saul, Stefan Savage, and Geoffrey M. Voelker, University of California, San Diego
|
| 10:40 a.m.–11:00 a.m. Break
|
|
| 11:00 a.m.–12:30 p.m. |
|
Cryptography, Etc.
Recovering Windows Secrets and EFS Certificates Offline
Elie Burzstein, Stanford University; Jean Michel Picod, EADS
Read the Abstract | Full paper
Crawling BitTorrent DHTs for Fun and Profit
Scott Wolchok and J. Alex Halderman, The University of Michigan
Read the Abstract | Full paper
Practical Padding Oracle Attacks
Juliano Rizzo, Netifera; Thai Duong, VNSECURITY
Read the Abstract | Full paper
|
| 12:30 p.m.–2:00 p.m. Workshop Luncheon, Thurgood Marshall South West |
|
| 2:00 p.m.–3:30 p.m. |
|
The Web and Smartphones
Busting Frame Busting: A Study of Clickjacking Vulnerabilities on Popular Sites (Invited Talk)
Gustav Rydstedt, Elie Bursztein, and Dan Boneh, Stanford University; Collin Jackson, Carnegie Mellon University
Smudge Attacks on Smartphone Touch Screens
Adam J. Aviv, Katherine Gibson, Evan Mossop, Matt Blaze, and Jonathan M. Smith, University of Pennsylvania
Read the Abstract | Full paper
Framing Attacks on Smart Phones and Dumb Routers: Tap-jacking and Geo-localization Attacks
Gustav Rydstedt, Baptiste Gourdin, Elie Bursztein, and Dan Boneh, Stanford University
Read the Abstract | Full paper
|
| 3:30 p.m.–3:50 p.m. Break |
|
| 3:50 p.m.–5:20 p.m. |
|
After You Get EIP
Interpreter Exploitation
Dionysus Blazakis, Independent Security Evaluators
Read the Abstract | Full paper
A Framework for Automated Architecture-Independent Gadget Search
Thomas Dullien and Tim Kornau, zynamics GmbH; Ralf-Philipp Weinmann, University of Luxembourg
Read the Abstract | Full paper
English Shellcode (Invited Talk)
Joshua Mason and Sam Small, Johns Hopkins University; Fabian Monrose, University of North Carolina at Chapel Hill; Greg MacManus, iSIGHT Partners
|
| 5:30 p.m.–7:00 p.m. Reception: Sponsored by Deutsche Post, Hoover |
|
Reception
Join Deutsche Post for a dinner reception on Monday evening. They will be announcing the launch of a new security initiative around the E-Postbrief, a secure communication solution, and invite the security community to participate. Food, wine, beer and soft drinks will be provided.
|
|
|
Need help?
Use our Contacts page.
