Keynotes

file

Visible to the public (VIDEO) Evaluating Fuzz Testing.mp4.zip

file

Visible to the public (VIDEO) Access Control Verification for Everyone.mp4.zip

file

Visible to the public Is Hardware Root of Trust hard to do, and Trustworthy?

As the appetite for exploiting security flaws intensifies, so does the broad spectrum of vulnerabilities. It's important to consider each type of vulnerability and how these could impact physical or logical systems. This presentation will detail four areas of vulnerabilities and appropriate hardware and software methods with which to combat incursions and data larceny.

file

Visible to the public Evaluating Fuzz Testing (and other technologies)

Fuzz testing has enjoyed great success at discovering security critical bugs in real software. Researchers have devoted significant effort to devising new fuzzing techniques, strategies, and algorithms. Such new ideas are primarily evaluated experimentally so an important question is: What experimental setup is needed to produce trustworthy results? In mid 2018 we surveyed the research literature and assessed the experimental evaluations carried out by 32 fuzzing papers. We found problems in every evaluation we considered.

file

Visible to the public Trust Engineering with Cryptographic Protocols

Dr. Joshua Guttman is a Senior Principal Scientist at the MITRE Corporation, and Research Professor at Worcester Polytechnic Institute. He has focused on security foundations and applications, including cryptographic protocol analysis and design, network security, operating systems security, and information flow. Dr. Guttman has written extensively, with about 75 academic publications, and regularly serves on program committees.

file

Visible to the public Access Control Verification for Everyone

Amazon Web Services (AWS) recently launched IAM Access Analyzer, an automated reasoning service for auditing permissions to cloud resources. While all customers want increased security, few have the specialized skills required to formally specify and verify security properties. Customers who go down this road have to formally specify their intended security properties, check them against their policies, and then debug when properties fail to hold.