|
|
|
In technical co-operation with
Technical Committee on Security and Privacy |
||
Seventh Conference on
|
||
|
Conference of SIG SIDAR
 of the German Informatics Society (GI). |
in conjunction with SPRING5 |
Sponsors: 
|
Gold Sponsor:
|
Media Partner:
|
| Submission guidelines | Call for Participation | Committees |
| Travel information | Conference program | Registration |
Conference Program
Thursday, July 8 |
|
| 9:00-9:15 | Opening remarks |
| 9:15-10:30 | Keynote |
|
Trends in Malevolence José Nazario, Senior Manager of Security Research, Arbor Networks |
|
| 10:30-11:00 | Coffee break |
| 11:00-12:30 | Session 1 — Host Security |
| Session chair: Christian Kreibich |
|
|
HookScout: Proactive Binary-Centric Hook Detection Heng Yin, Pongsin Poosankam, Steve Hanna and Dawn Song |
|
|
Conqueror: Tamper-proof Code Execution on Legacy Systems Lorenzo Martignoni, Roberto Paleari and Danilo Bruschi |
|
|
dAnubis - Dynamic Device Driver Analysis Based on Virtual Machine Introspection Matthias Neugschwandtner, Christian Platzer, Paolo Milani Comparetti and Ulrich Bayer |
|
| 12:30-13:30 | Lunch |
| 13:30-14:45 | Invited Talk |
|
Modern Spammer Infrastructure Carel van Straaten Spamhaus |
|
| 14:45-16:00 | Session 2 — Trends |
| Session chair: Sven Dietrich |
|
|
Evaluating Bluetooth as a Medium for Botnet Command and Control Kapil Singh, Samrit Sangal, Nehil Jain, Patrick Traynor and Wenke Lee |
|
|
Take a Deep Breath: a Stealthy, Resilient and Cost-Effective Botnet Using Skype Antonio Nappa, Aristide Fattori, Marco Balduzzi, Matteo Dell'Amico and Lorenzo Cavallaro |
|
|
Covertly Probing Underground Economy Marketplaces Hanno Fallmann, Gilbert Wondracek and Christian Platzer |
|
| 16:00-16:15 | Coffee break |
| 16:15-17:15 | Session 3 — Vulnerabilities |
| Session chair: Michael Meier |
|
|
Why Johnny Can't Pentest: An Analysis of Black-box Web Vulnerability Scanners Adam Doupe, Marco Cova and Giovanni Vigna |
|
|
Organizing Large Scale Hacking Competitions Nick Childers, Bryce Boe, Lorenzo Cavallaro, Ludovico Cavedon, Marco Cova, Manuel Egele and Giovanni Vigna |
|
| 17:15-18:15 | Meeting of GI SIG SIDAR (open for all interested attendees) |
| Invited Talk: Quo vadis,
Sicherheitsausbildung? (in German) |
|
| Martin Mink, TU Darmstadt |
|
Friday, July 9 |
|
| 9:00-10:15 | Invited Talk |
|
TRIAGE: the WOMBAT attack attribution approach Marc Dacier Symantec/Eurecom |
|
| 10:15-10:45 | Coffee break |
| 10:45-11:45 | Session 4 — Intrusion Detection |
| Session chair: Robin Sommer |
|
|
An Online Adaptive Approach to Alert Correlation Hanli Ren, Natalia Stakhanova and Ali Ghorbani |
|
|
KIDS - Keyed Intrusion Detection System Sasa Mrdovic |
|
| 11:45-12:30 | Rump Session |
| Session chair: Sven Dietrich |
|
| 12:30-13:30 | Lunch |
| 13:30-14:30 | Session 5 — Web Security |
| Session chair: Herbert Bos |
|
|
Modeling and Containment of Search Worms Targeting Web Applications Jingyu Hua and Kouichi Sakurai |
|
|
HProxy: Client-side detection of SSL stripping attacks Nick Nikiforakis, Yves Younan and Wouter Joosen |
|
| 14:30-14:45 | Concluding remarks |
Invited Talks |
|
|
Trends in Malevolence
José Nazario, Arbor Networks
This talk will explore the past, present, and
future of Internet security, specifically the
rise of the criminal online underworld. Our
current situation of botnets for financial gain,
rogue ISPs who support these attacks, spam,
malware explosions, and the like are due to the
past decade of tactical efforts. Understanding
these "megatrends" is key to anticipating what
will happen next and what kinds of
technical—and policy—preparations we
should make.
Dr. Jose Nazario is the senior manager of security research at Arbor Networks. In this capacity, he is responsible for analyzing burgeoning Internet security threats, reverse engineering malicious code, software development, developing security mechanisms that are then distributed to Arbor's Peakflow platforms via the Active Threat Feed (ATF) threat detection service. Dr. Nazario's research interests include large-scale Internet trends such as reachability and topology measurement, Internet-scale events such as DDoS attacks, botnets and worms, source code analysis tools, and data mining. He is the author of the books "Defense and Detection Strategies against Internet Worms" and "Secure Architectures with OpenBSD." He earned a Ph.D. in biochemistry from Case Western Reserve University in 2002. Prior to joining Arbor Networks, he was an independent security consultant. Dr. Nazario regularly speaks at conferences worldwide, with past presentations at CanSecWest, PacSec, Blackhat, and NANOG. He also maintains WormBlog.com, a site devoted to studying worm detection and defense research. |
|
|
Modern Spammer Infrastructure
Carel van Straaten, Spamhaus
Modern spammer operations are run on a highly
professional level. Knowing that their business
is constantly threatened on several levels, some
spammer operations go to extraordinary lengths
to ensure success. This starts with making sure
that enough machines get infected to act as
senders in a botnet. Fresh domains are bought
daily and spread over multiple registrars while
the DNS is hosted in separate networks. Reverse
web proxies make sure that the online store is
available and at the same time untouchable. A
high-risk payment service provider completes the
picture and makes sure the money ends up with
the online criminals.
In this talk we explore the measures taken by
spammers to run—and keep running—a
large modern spamming operation, including the
technology used, how it is set up and
maintained, what is done to ensure uptime and
robustness, and what weak points can be found
and maybe even exploited. We will look at some
of the trends we see in infrastructure use and
abuse, and investigates the questions of what
can the community do to fight the problem and on
what we should we focus today to solve the
problems of tomorrow.
Carel van Straaten is an investigator at The Spamhaus Project, where he finds out what makes the spammers' infrastructure tick—and makes sure it stops ticking. Spamhaus is an international non-profit organization based in the UK whose mission is to track the Internet's Spam Gangs, to provide dependable real-time anti-spam protection for Internet networks, and to work with law enforcement agencies to identify and pursue spammers worldwide. |
|
|
TRIAGE: the WOMBAT attack attribution approach
Marc Dacier, Collaborative Advanced Research, Symantec
In network traffic monitoring, and more
particularly in the realm of threat
intelligence, the problem of "attack
attribution" refers to the process of actively
attributing new attack events to (un)-known
phenomena, based on some evidence or traces left
on one or several monitoring
platforms. Real-world attack phenomena are often
largely distributed on the Internet, or can
sometimes evolve quite rapidly. This makes them
inherently complex and thus difficult to
analyze. In general, the person in charge must
consider many different attack features (or
criteria) in order to decide about the plausible
root cause of a given attack, or to attribute it
to some given phenomenon. In this talk, we
introduce a global analysis method, named
TRIAGE, that aims at addressing this problem in
a systematic way. TRIAGE has been developed in
the context of the European funded WOMBAT
project; In this talk, we will introduce the
concepts of attack attribution, its intrinsic
complexity, explain the TRIAGE method and will
demonstrate its usefulness thanks to recent
results obtained with practical, real life data
sets.
Dr. Marc Dacier is an internationally recognized expert in computer security. At Symantec, Dr. Dacier is responsible for the Collaborative Advanced Research department, whose members are located in Europe (France and Ireland) and in the United States (Washington, D.C. and Los Angeles). Before joining Symantec, Marc taught at Eurecom, one of Europe's most active academic research institutions in the field of computer security. Previously, he was the manager of the Global Security Analysis Lab at IBM Zurich Research Laboratory. Marc has served in more than 60 program committees of major security conferences and was on the editorial board of several technical journals. |
|
For questions about the registration, website, and local organization, please send an email to dimva2010@fkie.fraunhofer.de.
For questions about the conference program, please send an email to pc-chair@dimva.org.