Workshop Programme

Following is the EuroSec 2014 programme. Follow @syssecproject or @EuroSecWorkshop on Twitter to stay up to date with the workshop news.

9:00-10:30Welcome and Keynote I
  Welcome and introduction
Davide Balzarotti, (Workshop Chair)
  Keynote: Smash & Stitch the Gadget: A Journey through Return-Oriented Programming Attack Space and Defenses Ahmad-Reza Sadeghi (Technische Universität Darmstadt)

Abstract:  Code reuse attacks such as return-oriented programming (ROP) offer a robust attack technique that is extensively used to exploit bugs in modern software programs (e.g., web browsers and PDF readers). ROP requires no code injection, and only induces malicious program actions by executing a chain of instruction sequences (gadgets) residing in shared libraries or the executable itself. In this talk, we give a brief overview of ROP attacks evolution and mitigation proposals in the last years. In particular, we elaborate on recently proposed (coarse-grained) control-flow integrity (CFI) solutions such as kBouncer, ROPecker, CFI for COTS binaries, ROPGuard, and Microsoft\222s Windows EMET tool. We discuss the (in)effectiveness of these techniques and how they can be undermined even under weak adversarial assumptions. Finally we discuss some open problems and new directions.

10:30-11:00Coffee Break
11:00-12:00Session 1 - System Security
  A Practical Approach for Generic Bootkit Detection and Prevention Bernhard Grill, Christian Platzer (Vienna University of Technology),
Jurgen Eckel (IKARUS Security Software GmbH) 
pdf slides
  Improving Mac OS X Security Through Gray Box Fuzzing Technique Stefano Bianchi Mazzone, Mattia Pagnozzi, Aristide Fattori, Andrea Lanzi, Danilo Bruschi (Universita` degli studi di Milano) pdf
12:00-12:30Session 2 - Network Security (Part A)
  On Measuring the Impact of DDoS Botnets Arne Welzel, Christian Rossow, Herbert Bos (VU University Amsterdam) pdf
14:00-15:00Keynote II
  Keynote:An introduction to honeyclient technologies Angelo Dell'Aera (Honeynet Project)

Abstract: The number of client-side attacks has grown significantly in the past few years shifting focus on poorly protected vulnerable clients. Just as the most known honeypot technologies enable research into server-side attacks, honeyclients allow the study of client-side attacks. A complement to honeypots, a honeyclient is a tool designed to mimic the behavior of a user-driven network client application, such as a web browser, and be exploited by an attacker's content. The talk will briefly introduce honeyclient technologies and describe the low-interaction honeyclient "Thug" and how to effectively use it in order to analyze malicious websites and detect potential exploit kits.

15:00-15:30Session 2 - Network Security (Part B)
  A Connection Pattern-based Approach to Detect Network Traffic Anomalies in Critical Infrastructures Bela Genge, Piroska Haller (Petru Maior University of Tg. Mures, Romania),
Dorin Adrian Rusu (VU University Amsterdam)
pdf slides
15:30-16:30Coffee Break + Joint Poster Session
16:30-17:30Session 3 - Mobile Security
  Rage Against the Virtual Machine: Hindering Dynamic Analysis of Android MalwareThanasis Petsas, Giannis Voyatzis, Elias Athanasopoulos, Sotiris Ioannidis (Foundation for Research and Technology-Hellas (FORTH), Greece),
Michalis Polychronakis (Columbia University, USA)
pdf slides
  The Best of Both Worlds. A Framework for the Synergistic Operation of Host and Cloud Anomaly-based IDS for Smartphones Dimitrios Damopoulos, Georgios Portokalidis (Stevens Institute of Technology),
Georgios Kambourakis (University of the Aegean
17:30-19:00Welcome Reception