Categories
Building Trust Improving Technical Security Strengthening the Internet

NDSS 2020: The Best in Security Research – For the Good of the Internet

On 23 February, the 27th consecutive Network and Distributed System Security Symposium (NDSS) kicks off in San Diego, CA. NDSS is a premier academic research conference addressing a wide range of topics on network and system security. It’s an incubator for new, innovative ideas and research on the security and privacy of the Internet.

NDSS 2020 (23-26 February) will be one of the biggest NDSS symposium yet, featuring 88 peer-reviewed academic papers, 34 posters, 5 workshops, and 2 keynotes on vital and timely topics. Here are some of the highlights.

Workshops

This year’s program officially starts with five workshops on Sunday, 23 February. NDSS workshops are organized around a single topic and provide an opportunity for greater dialogue between researchers and practitioners in the area.

The QUIC Privacy and Security (QUIPS) Workshop focuses on QUIC security and privacy analysis efforts. The IETF QUIC protocol is a modern UDP-based, stream-multiplexing, encrypted transport protocol. Inspired by prior art, QUIC’s packet and header encryption removes cleartext information from the network while simultaneously mitigating ossification of version-specific protocol behavior. The goal of the QUIPS workshop is to bring formal analysis results to the IETF working group and developer communities in order to build confidence in and improve QUIC before its widespread deployment.

The Workshop on Measurements, Attacks and Defenses for the Web (MADWeb) returns this year after making its debut in 2019. The web connects billions of devices, running numerous types of clients, and serves billions of users every day. To cope with such a widespread adoption, the web constantly changes. This is evident by some browsers that have a release cycle of just six weeks. These rapid changes are not always studied from a security perspective, resulting in new attack vectors that were never observed before. MADWeb is looking to connect researchers working at the intersection of browser evolution and web security. The goal is to bring together a community to discuss the rapid changes to browsers from a security perspective, the security implications of current web technologies, and how we can make browsers in the future more secure without hindering the evolution of the web.

The Learning from Authoritative Security Experiment Results (LASER) Workshop focuses on learning from and improving cybersecurity experimental results. The workshop strives to provide a highly interactive, collegial environment for discussing and learning from experimental methodologies, execution, and results. Ultimately, the workshop seeks to foster a dramatic change in the experimental paradigm for cybersecurity research, improving the overall quality and reporting of practiced science. As such, it will be structured as a true “workshop” in the sense that it will focus on discussions and interactions around the topic of experimental methodologies, execution, and results with the goal of encouraging improvements in experimental science in cybersecurity research. Authors will lead the group in a discussion of the experimental aspects of their respective efforts.

The Binary Analysis Research (BAR) Workshop returns for its third year at NDSS. Binary analysis refers to the process where humans and automated systems examine underlying code in software to discover, exploit, and defend against vulnerabilities. With the enormous and ever-increasing amount of software in the world today, formalized and automated methods of analysis are vital to improving security. This workshop will emphasize the importance of releasing and sharing artifacts that can be used to reproduce results in papers and can be used as a basis for further research and development.

The Workshop on Decentralized IoT Systems and Security (DISS) is also in its third year. The seemingly endless potential of the Internet of Things (IoT) is somewhat tempered by the ongoing concern over the ever-increasing risk that these devices pose to the Internet. The ultimate success of IoT depends on solving the underlying security and privacy challenges. Following the spirit of NDSS, the goal of this workshop is to bring together researchers and practitioners to analyze and discuss decentralized security in the IoT.

Keynotes

There will be two keynotes this year: Paul Forney, Chief Security Architect at Schneider Electric, on Monday, and Dr. Sharon Goldberg, Associate Professor in the Computer Science Department at Boston University and CEO/Co-Founder of Arwen, on Tuesday.

Paul Forney will discuss “Overcoming the ‘Evil Twins’ Attack: Lessons Learned from the Industrial Battlefield.” He asks the important question: “What could happen during a simultaneous attack of the industrial safety controllers (SIS) and Industrial Control Systems (ICS) of a critical infrastructure system?” Paul will discuss the technical lessons that can be learned from this sort of attack and how to best architect, protect, and contextualize a better future.

Dr. Sharon Goldberg will present “A Few Adventures in Technology Transfer.” This talk will discuss her adventures in technology transfer and in particular address two key metrics – ease of integration and precise specification.

NDSS 2020 Papers

The star and indeed the core of NDSS 2020 is the final set of peer-reviewed academic papers to be presented and published. This year there are 88 peer-reviewed papers organized into 19 sessions, representing less than 20% of the original submissions. This year there were over 500 submissions during both a summer and a fall submission period. A program committee of 97 experts assisted by 133 external reviewers worked to select and shepherd the accepted papers to this result. Topics cover a wide range including authentication, cryptography, censorship, network security, privacy, IoT, and mobile and web security. Papers, slides, and videos of all the talks will eventually be available on the NDSS 2020 programme page. The detailed agenda is already there!

Finally, NDSS 2020 also includes an energetic Poster Session and Reception featuring 34 posters of recently published or newly-emerging research. Attendees can vote for their favorites with special prizes being awarded in different categories.

All of this fabulous content takes a huge effort by a large group of people. Special note should be given to the Program Committee along with the Organizing Committee. This is teamwork and collaboration in action!

NDSS is where the next generation of security research starts, and for more than 20 years, the Internet Society has been a proud partner in hosting this event. Nearly 450 security experts will gather this coming week in San Diego to collaborate and engage in research discussion to help advance network and system security – all for the benefit of better security and a strong Internet.

Follow along via our social media channels – Twitter, Facebook, and LinkedIn, or search/post using #NDSS20.

See you in San Diego!

Categories
Building Trust Improving Technical Security Technology

NDSS 2019 Honors Timeless Papers

The papers and presentations are done, the awards and appreciation certificates have been handed out, and the boxes are packed and labeled for shipping. NDSS 2019 has come to a successful close. It was a record setting event with over 550 registrations, 89 papers, 36 posters, and four workshops. It was inspiring to see such energetic and passionate security research professionals gathered together in one place discussing their work. All of the highlights can be found at the NDSS 2019 website, including the Distinguished Paper and Distinguished Poster Awards for this year and the full program. It is worthwhile, however, to highlight a new award series initiated this year.

NDSS Test of Time Awards

This year, to kick off the second 25 years of NDSS, an NDSS Test of Time annual award was created. This award is for papers that were published more than ten years ago and have had a significant impact on both academia and industry in the years since. There were three awardees in the inaugural class.

The first Test of Time award is from 1996: SKEME: A Versatile Secure Key Exchange Mechanism for Internet by Hugo Krawczyk. SKEME was an integral component of early versions of the Internet Key Exchange (IKE) protocol used with Internet Protocol Security (IPsec) and is the basis for many of the cryptographic design choices in the current IKEv2 Internet Standard. IPsec and IKE are the de facto Internet standards for protection of Internet Protocol (IP) communications, including Virtual Private Networks (VPNs), and are widely deployed in numerous commercial products.

The second award is Client Puzzles: A Cryptographic Countermeasure Against Connection Depletion Attacks by Ari Juels and John Brainard, published at NDSS 1999. The paper introduced the use of “client puzzles” to protect against connection depletion attacks (a form of denial of service) in connection-oriented protocols, such as TCP Syn flooding. The paper led to a number of other efforts to develop different forms of client puzzles and to apply them to various other protocols and systems.

The final NDSS Test of Time award is A Virtual Machine Introspection Based Architecture for Intrusion Detection by Tal Garfinkel and Mendel Rosenblum, published in 2003. This paper introduced the use of VMI for cybersecurity and opened the floodgates on a tremendous amount of research and derivative tools that took VM technology beyond simple resource multiplexing and leveraged it for intrusion detection, intrusion prevention, forensics, isolation, and other cybersecurity protections. The paper is the most highly cited NDSS paper (1751 citations) from the period 1995-2009.

Categories
Building Trust Improving Technical Security Technology

NDSS 2019 Highlights the Best in Security Research

Tomorrow, the 26th consecutive Network and Distributed System Security Symposium (NDSS) is set to kick off in San Diego, CA. NDSS is a premier academic research conference addressing a wide range of topics associated with improving network and system security. A key focus of the Internet Society has long been improving trust in the global open Internet and all of its connected devices and systems. In today’s world, we need new and innovative ideas and research on the security and privacy of our connected devices and the Internet that connects them together.

NDSS 2019 (24-27 February) will be the biggest NDSS symposium yet, featuring 89 peer-reviewed papers, 35 posters, 4 workshops, and a keynote. Record registration numbers are a key indicator that NDSS 2019 is featuring vital and timely topics. Below are some of the highlights expected in the coming week.

Workshops

This year’s program officially starts with four workshops on Sunday, 24 February. NDSS workshops are organized around a single topic and provide an opportunity for greater dialogue amongst researchers and practitioners in the area. Each of this year’s workshops have dynamic agendas.

The Workshop on Binary Analysis Research (BAR) is returning for its second year at NDSS after a very successful inaugural year in 2018. Binary analysis refers to the process where humans and automated systems examine underlying code in software to discover, exploit, and defend against vulnerabilities. With the enormous and ever-increasing amount of software in the word today, formalized and automated methods of analysis are vital to improving security. This workshop will include a keynote, a number of peer-reviewed papers, an invited speaker, and a panel discussion. It will also emphasize the importance of releasing and sharing artifacts that can be used to reproduce results in papers and can be used as a basis for further research and development.

The Workshop on Decentralized IoT Systems and Security (DISS) is in its second year, following a very successful inaugural year in 2018. The seemingly endless potential of the Internet of Things (IoT) is somewhat tempered by the concern over the ever-increasing risk that these devices pose to the Internet. The ultimate success of IoT depends on solving the underlying security and privacy challenges. Following the spirit of NDSS, the goal of this workshop is to bring together researchers and practitioners to analyze and discuss decentralized security in the IoT. DISS features a keynote, several papers, and a panel discussion.

The new workshop this year is the Workshop on Measurements, Attacks and Defenses for the Web (MADWeb). The web connects billions of devices, running numerous types of clients, and serves billions of users every day. To cope with such a widespread adoption, the web constantly changes. This is evident by some browsers that have a release cycle of just six weeks. These rapid changes are not always studied from a security perspective, resulting in new attack vectors that were never observed before. The MADWeb is looking to connect researchers working at the intersection of browser evolution and web security. The goal is to create a new venue for discussing the rapid changes to browsers from a security perspective, the security implications of current web technologies, and how we can make browsers in the future more secure without hindering the evolution of the web.

Finally, the Workshop on Usable Security (USEC 2019) is one of the original NDSS workshops and is occurring at NDSS for the sixth consecutive year. You can see the results from the previous five years of USEC at NDSS plus three sister events held in Europe (EuroUSEC) here. This workshop has long focused on considering technical as well as human aspects of security. Enabling people to manage privacy and security necessitates giving due consideration to the users and the larger operating context within which technology is embedded. This year, and possibly for future USEC workshops, exceptional USEC papers will be invited to publish extended versions in a special issue of the Journal of Cybersecurity.

Keynote

Moving beyond the workshops, NDSS will also feature Dr. Deborah Frincke. Dr. Frincke leads the Research Directorate of the National Security Agency (NSA). She will speak on the modern challenges for cyber defense, asking the attendees how we meet the challenge of cyber defense as technological advancement creates a world where an adversary has more opportunity to break into our framework of order.

NDSS 2019 Papers

The main content of NDSS 2018 is of course the set of papers to be presented and published. This year there are 89 peer-reviewed papers organized into 19 sessions, representing around 20% of the original submissions. Topics are wide ranging and include authentication, cryptography, censorship, privacy, blockchain, IoT, and mobile and web security. Papers, slides, and videos of all the talks will eventually be available on the NDSS 2019 programme page.

The final program component of NDSS 2019 is the Monday night Poster Session and Reception. This session will feature 35 posters of recently published or newly emerging research. Attendees will have a chance to vote for their favorite posters with special prizes being awarded in different categories.

The Internet Society is proud to have been associated with NDSS for over 20 years. We are excited to see the results of this year’s event! As of this writing, we are smashing all our recent records including number of accepted papers, number of accepted posters, and total attendees. Congratulations to all the workshop speakers, NDSS authors and speakers, and poster presenters for contributing to what will surely be an exciting week of research discussion and collaboration leading to significant advancements in network and system security.

Follow along via our social media channels – TwitterFacebook, and LinkedIn, or search/post using #NDSS19. See you in San Diego!

Image courtesy of Wes Hardaker

Categories
Events Improving Technical Security Open Internet Standards Technology

NDSS 2018: Automating the Process of Vulnerability Discovery

NDSS 2018 is in full swing in San Diego this week and a couple of papers that really grabbed my attention were both in the same session on Network Security and Cellular Networks yesterday.

Samuel Jero, a PhD student at Purdue University and past IRTF Applied Networking Research Prize Winner, presented a fascinating paper on “Automated Attack Discovery in TCP Congestion Control Using a Model-guided Approach”. Of the many protocols and algorithms that are in daily use on the Internet, some are more fundamental and important than others and it doesn’t get much more fundamental and important than TCP congestion control.

TCP congestion control is what makes it possible for millions of autonomous devices and networks to seamlessly, and more-or-less fairly, share available bandwidth. Without it the network would literally collapse.

Attacks against congestion control to manipulate senders’ or receivers’ understanding of the state of the network have been known for some time. Jero and his co-authors Endadul Hoque, David Choffnes, Alan Mislove and Cristina Nita-Rotaru developed an approach using model-based testing to address the scalability challenges of previous work to automate the discovery of manipulation attacks against congestion control algorithms.

By building abstract models of several congestion control algorithms from IETF RFCs, the team were able to generate abstract attack strategies. These abstract strategies could then be mapped to concrete attack strategies including details of how attack packets should be created and timing information for injecting malicious traffic to effect an attack. Both off-path and on-path attackers were considered.

Armed with a set of concrete attack strategies, the team built a platform on which to test them against different congestion control implementations running on a variety of OS environments. Evaluating five TCP implementations from four Linux distributions and Windows 8 they found 11 classes of attacks, eight of which were previously unknown.

This work illustrates the vulnerability of transport protocols that carry their signalling in the clear, as TCP does. It is relatively trivial for an attacker to confuse congestion control state machines about the state of the network which leads to the large and diverse set of attack methods discovered. The new and rapidly developing QUIC protocol is perhaps one of the key next steps in defending the Internet against these kinds of manipulations: QUIC encrypts signalling by design.

In his paper, “LTEInspector: A Systematic Approach for Adversarial Testing of 4G LTE”, Syed Hussain (with co-authors Omar Chowdhury, Shagufta Mehnaz and Elisa Bertino) also employs a model-based testing approach to uncover 10 new attacks against the three fundamental protocol operations of the 4G LTE protocol (attach, detach and paging).

To ensure that the theoretical attacks were actually practical against real deployed 4G LTE networks, the team validated eight attacks using a real-world testbed. The most interesting attack discovered in this way is referred to as the ‘authentication relay attack,’ which enables an adversary to poison the core network’s knowledge of the location of a victim device, without possessing any legitimate credentials. This attack could provide a means to create a false alibi or plant fake evidence during a criminal investigation for example.

Both of these papers illustrate the power of applying model-based testing approaches to deployed systems to effectively automate the process of vulnerability discovery. As the dependence of modern society on Internet and cellular technologies continues to grow, this kind of work is crucial to help us move beyond the ‘whack-a-mole’ response to security vulnerabilities we’re familiar with.

These two papers are great examples of the strength of the work presented at NDSS and the importance of the research undertaken by this community for the security of our networked, distributed future. Both papers are already on the NDSS website, and slides and videos from these and all other presentations will be posted shortly after NDSS.

Categories
Building Trust Events Improving Technical Security Internet of Things (IoT) Technology

Report: Distributed IoT Security and Standards Workshop at NDSS 2018

Network and Distributed Systems Security (NDSS) Symposium is in full swing for its 25th anniversary year. As usual the NDSS program includes a really impressive array of great content on a wide range of topics. Prior to the main event there were four one-day workshops on themes related to the topic of NDSS: Binary Analysis Research, DNS Privacy, Usable Security, and the workshop I’d like to delve into here, Distributed IoT Security and Standards (DISS).

The DISS workshop received 29 submissions and accepted 12 papers. In an interesting twist on the usual scientific workshop format, the presented papers were all still in draft form and will now be revised based on the Q&A and offline discussions that took place as a result of the workshop. Revised papers will be published by the Internet Society in due course.

Introducing proceedings, co-chair Dirk Kutscher explained that it has become evident that the success of the Internet of Things (IoT) depends on sound and usable security and privacy. Device constraints, intermittent network connectivity, the scale of deployments, economic issues all combine to create an interesting and challenging environment for the research community to address.

A decentralised approach to IoT security is being pursued by multiple projects and several were presented during the workshop. Simultaneously, many IoT standards are under development in IETF, W3C, and elsewhere. It is therefore very timely to bring researchers together on the topic of DISS. The scope for the workshop was threefold:

  1. Enabling secure interoperability across IoT ecosystems;
  2. Security and privacy in ongoing IoT standardisation work, and;
  3. Other topics related to decentralised security and standardization in IoT

Ian Molloy gave a very interesting presentation on his work (with co-authors David Barrera and Heqing Huang) to monitor the connectivity profiles of different IoT devices and enforce network security policy to minimise the risks posed by insecure IoT devices to both the device owners and the wider Internet. The approach was described as ‘parental controls’ for IoT and brought to mind the work underway in the IETF on Manufacturer Usage Descriptions (MUD). An interesting difference between the two approaches is that Molloy’s explicitly does not require the user to trust the manufacturer to define a policy and provide a product that understands or respects the concerns of the end-user. There may be a place for a more distributed and crowdsourced approach.

Two papers addressed security reviews of existing standards. Michael McCool presented work (with co-author Elena Reshetova) to evaluate the security of the W3C Web of Things standard. Carsten Bormann presented an analysis of various developing standards for authorization solutions for the IoT. Both talks made clear that while standardisation for various pieces of a secure IoT ecosystem is underway, there is more work to be done to minimise the potential for implementation mistakes and the unintended consequences of exposing IoT device metadata.

Tomer Golomb presented a very interesting approach to anomaly detection including a great video demonstration of a wall of Raspberry Pis sharing state regarding normal operating conditions and then alarming when simulated exploits were run against known vulnerabilities.

The workshop also received an explicitly non-technical paper that considered the economic aspects of standardising security for the IoT. The authors tried to understand why IoT device manufacturers continue to ignore the findings of security research. They observed that consumers can’t determine the level of security provided by IoT products and are unwilling to pay for something they cannot assess. They identified a number of recommendations for ‘market-driven’ standardisation organisations:

  1. Define precise security model
  2. Stop consumer/business differentiation
  3. Add membership level for academic institutes
  4. Conduct security testing without conflict of interest
  5. Define and Enforce Update Policy

Lively discussion following this talk emphasised the importance of academic involvement, an open standards process with a multistakeholder ethos, and incorporating the development of reference implementations as part of the standards development life cycle. The need for regulation to help overcome the information asymmetry problem between industry and the consumers of IoT devices was also a hot topic of discussion.

Other topics discussed during the workshop included securing payments for outsourced computations, building a secure and open federation layer for IoT silos, authentication and key exchange protocols for IoT, practical implementation aspects and attestation.

To read more about NDSS, see our introductory blog post, our overview of the full NDSS 2018 program, and remember you can follow along via our social media channels – Twitter, Facebook, YouTube, and LinkedIn – or search/post using #NDSS18.

Categories
Building Trust Events Improving Technical Security Open Internet Standards Technology

Starting Today: NDSS Highlights the Best in Internet Security Research

You’ve undoubtedly heard about all sorts of Internet security vulnerabilities and incidents causing harm around the world, but the flip side of all that doom and gloom is all the promising efforts underway to create a more secure, private, and trusted Internet. Starting today and going through Wednesday (18-21 February), the Network and Distributed Systems Security (NDSS) Symposium takes place to present groundbreaking research in the world of Internet security.

This year marks the 25th anniversary of NDSS, and the Internet Society is proud to have been associated with it for over 20 years now. A key focus of the Internet Society has long been improving trust in the global open Internet. In order to promote this trust, we need new and innovative ideas and research on the security and privacy of our connected devices and the Internet that brings them together. NDSS is a top tier forum for highlighting this research.

NDSS 2018 is four full days featuring:

In addition to being excited by the potential of all the excellent security and privacy research to be presented at NDSS, the Internet Society is also pleased to support NDSS with continuing commitments to promoting open access to all information, encouraging cooperation and collaboration, and developing the next generation of leaders in the security space.

Quality academic research that is open and easily accessible to anyone is one of our best long-term investments in a truly open and trustable Internet. All of the information from NDSS including abstracts, papers, slides, videos, and posters will be available on the NDSS website. Papers and abstracts for the main programme are already on the NDSS website, and posters, slides, and videos from all the presentations will be posted shortly after NDSS. Individual workshops will have proceedings produced and put online in the weeks following NDSS.

NDSS brings together security researchers, standards developers, vendors, and the operational community into a cooperative and collaborative environment for the exchange of ideas. People are what ultimately hold the Internet together. The Internet’s development has been based on voluntary cooperation and collaboration, and these tenets remain essential factors for the Internet’s prosperity and potential. Because of this, the Internet Society has a long commitment to a Collaborative Security approach and views NDSS as an excellent example of this collaboration. We are especially pleased to see examples like the DNSPRIV and DISS workshops having active participation from the Internet Engineering Task Force (IETF) community, resulting in close coordination between emerging research and resulting standards. Enhanced collaboration makes both communities stronger.

Finally, for those of us who have been working in this space for more than a few years, we recognize the importance of developing the next generation of leaders. We need the best and the brightest engaged in solving the challenging security and privacy issues facing the Internet. Academic research by its very nature is developing the next generation of thought leaders in this space. To further support the exposure of students, NDSS, with the help of NSF, Cisco, and the Internet Society, is proud to have awarded 20 grants for students to attend NDSS in person.

For all of the above reasons and more, the Internet Society is pleased to support NDSS. We look forward to the results of this year’s event! And we want to wish a happy 25th anniversary to all those in the NDSS community!

There is still time if you want to join us in person in San Diego (by registering onsite). Otherwise you can follow along via our social media channels – Twitter, Facebook, YouTube, and LinkedIn, or search/post using #NDSS18.

Categories
Building Trust Events Improving Technical Security Open Internet Standards Technology

Celebrating the 25th Anniversary of NDSS

This year we are celebrating the 25th anniversary of the Network and Distributed System Security Symposium (NDSS). NDSS is a premier academic research conference addressing a wide range of topics associated with improving trust in the Internet and its connected devices. A key focus of the Internet Society has long been improving trust in the global open Internet. In order to promote this trust, we need new and innovative ideas and research on the security and privacy of our connected devices and the Internet that connects them together.

NDSS 2018 is about to get underway in San Diego, CA (18-21 February). It will be the biggest NDSS symposium yet, featuring 71 peer-reviewed papers, 20 posters, 4 workshops, 2 keynotes, and a co-located research group meeting. Record registration numbers are a key indicator that NDSS 2018 is featuring vital and timely topics. Below are some of the highlights expected in the coming week.

Workshops

This year’s program officially starts with four workshops on Sunday, 18 February. NDSS workshops are organized around a single topic and provide an opportunity for greater dialogue amongst researchers and practitioners in the area. Each of this year’s workshop have dynamic agendas.

The Workshop on Binary Analysis Research (BAR) is a new workshop topic for NDSS this year. Binary analysis refers to the process where humans and automated systems examine underlying code in software to discover, exploit, and defend against vulnerabilities. With the enormous and ever-increasing amount of software in the word today, formalized and automated methods of analysis are vital to improving security. This workshop will include a number of peer-reviewed papers and a panel discussion.

The Workshop on Decentralized IoT Security and Standards (DISS) is also new to NDSS this year. We are surrounded every day with the excitement and seemingly endless potential of the Internet of Things (IoT). The success of IoT depends significantly on solving the underlying security and privacy challenges. Following the spirit of NDSS, the goal of this workshop is to bring together researchers and practitioners to analyze and discuss decentralized security in the IoT, especially in the light of ongoing standardisation work and wider systems interoperability.

The Workshop on DNS Privacy (DNSPRIV) is in its second year at NDSS and will focus on increasing usability and decreasing traceability in the Domain Name System (DNS) infrastructure. DNS Privacy has been a growing concern of the IETF and others in the Internet engineering community for the last few years. Almost every activity on the Internet starts with a DNS query (and often several). The goal of this workshop is to bring together privacy and Internet researchers with a diversity of backgrounds and views, to identify promising long-term mitigations of the broad space of DNS privacy risks. This workshop, along with the DISS workshop, both have active participation from the Internet Engineering Task Force (IETF) community resulting in collaboration between academics and the engineers developing the standards.

Finally, the Workshop on Usable Security (USEC 2018) is one of the original NDSS workshops and is occurring at NDSS for the fifth consecutive year. It has long been established that ensuring effective security and privacy in real-world technology requires considering technical as well as human aspects. USEC 2018 fosters a multi-disciplinary approach to all aspects of human factors including adoption and usability in the context of security and privacy. Also notable about the USEC 2018 workshop is that it encourages papers that replicate previous results for validation purposes or document failed experiments to highlight the lessons learned. Finally, in another first for NDSS, USEC 2018 and DNSPRIV will have one joint session to discuss usability in the context of DNS.

Keynotes

Moving beyond the workshops, NDSS will also feature two excellent keynotes this year. On Monday morning, Ari Juels of Cornell University will kick off NDSS 2018 with a talk entitled “Beyond Smarts: Toward Correct, Private, Data-Rich Smart Contracts”. In this keynote, Ari will explore smart contracts, blockchains, secure off-chain data feeds or oracles, and much more. Check back after NDSS for a video recording of what will undoubtedly be an educational keynote.

On Wednesday morning, Parisa Tabriz of Google, Inc. will talk about “The Long Winding Road from Idea to Impact in Web Security”. In this keynote, she will share stories of multi-year initiatives that have made Chrome and the open web platform safer. She will talk about securing Flash content, the push to drive HTTPS adoption, and a 5+ year refactoring project to help mitigate speculative cpu vulnerabilities. She will focus on some of the practical constraints and lessons learned for others to consider when trying to improve security of large, complex, real-world systems.

NDSS Programme

The main content of NDSS 2018 is of course the set of papers to be presented and published. This year there are 71 peer-reviewed papers organized into 17 sessions, representing around 20% of the original submissions. Topics are wide-ranging and include authentication, cryptography, privacy, android, blockchain, cloud, and web security. This year, the Internet Society has reinforced its commitment to open access of information by updating the publishing policy for NDSS. Copyright of all papers remains with the authors. Papers, slides, and videos of all the talks will eventually be available on the NDSS 2018 programme page.

The final program component of NDSS 2018 is the Monday night Poster Session and Reception. This session will feature 20 posters of recently published or newly emerging research. Attendees will have a chance to vote for their favorite posters with special prizes being awarded in different categories.

Finally, on the Saturday before NDSS there will be an interim meeting of a proposed Internet Research Task Force (IRTF) research group on Decentralized Internet Infrastructure. The organizers of this meeting opted to use the fact that many of them will be in town for NDSS to co-locate their meeting as well. This group is in the formative stages so now is an excellent time to engage. The agenda looks interesting so if you are in San Diego early, drop on by the Rousseau room.

To wrap up this rather long blog post, I would like to say that the Internet Society is proud to have been associated with NDSS for over 20 years, and we are excited to see the results of this year’s event! Happy 25th to all those in the NDSS community!

You can still register onsite if you’d like to join us in person in San Diego, or you can follow along via our social media channels – Twitter, Facebook, and LinkedIn, or search/post using #NDSS18. Now, I’m off to catch my flight. See you in San Diego!

Categories
Building Trust Events Improving Technical Security Technology

Workshop on Binary Analysis Research (BAR) 2018 at NDSS on 18 February

Binary analysis refers to the process where human analysts and/or automated systems scrutinize the underlying code in software to discover, exploit, and defend against malice and vulnerabilities, oftentimes without access to source code. Through protecting legacy software deployed in all types of devices and platforms in the modern world, binary analysis techniques are becoming more and more critical in making our everyday life and our society more secure.

A Workshop on Binary Analysis Research (BAR) will be co-located with the Network and Distributed System Security Symposium (NDSS), and held in San Diego, CA, USA, on February 18, 2018.

The Workshop aims to provide an interaction point for researchers doing work in binary program analysis, with half of the workshop dedicated to traditional paper sessions and the other half to a roundtable discussion among researchers, implementers, and end-users of binary analysis techniques. BAR has attracted attention of many researchers, especially tool and framework authors, who actively work to create cutting-edge techniques and build powerful tools. Here we are happy to announce that eight high-quality academic papers have been accepted to appear in the paper sessions of the workshop, with presenters from both academia and industry. Researchers and authors of several famous binary analysis tools and frameworks, including BAP, Binary Ninja, BitBlaze-Fuzzball, BinCAT, CodeSurfer, Manticore, McSema, Panda, and S2E, will participate in the roundtable discussion.

With the analysis of binary programs once again becoming relevant due to the proliferation of interconnected embedded devices, the subfield of binary analysis has recently undergone a renaissance. Over the past few years, well over a dozen binary analysis frameworks were produced and released by well over a dozen research groups and private enterprise, putting the world in a situation where there are more binary analysis frameworks than there are web browsers. The situation has not been ignored by funding agencies, with massive grants, featuring binary analysis, being funded around the world. To drive the point home, in 2016, DARPA Cyber Grand Challenge turned automatic binary analysis, exploitation, and defense into something resembling a spectator sport.

It is worth noting that this binary analysis gold rush has taken place in a mostly uncoordinated manner, with some researchers meeting up on an ad-hoc basis at conferences and other research groups working in obscurity and isolation. As a result, while commonly adapted solutions to some problems have emerged, there is very little actual sharing and solution reuse among tools. This has resulted in missing tool functionality and needlessly duplicated effort, and has hampered the adoption of fundamental scientific advances in the field.

At the Workshop on the 18th, we are expecting great presentations, heated discussions, and exchange of brilliant ideas. If you are interested in reverse engineering and binary analysis, please consider registering for the workshop and paying us a visit!