Check out the new USENIX Web site.
WOOT '10 Banner


All sessions will take place in Wilson C unless otherwise noted.

Session papers are available to workshop registrants immediately and to everyone beginning August 9, 2010.

Monday, August 9, 2010
9:00 a.m.–9:10 a.m.

Charlie Miller and Hovav Shacham, WOOT '10 Program Co-Chairs

9:10 a.m.–10:40 a.m.

Vulnerability Analysis

All You Ever Wanted to Know About Dynamic Taint Analysis and Forward Symbolic Execution (but Might Have Been Afraid to Ask) (Invited Talk)
Edward J. Schwartz, Thanassis Avgerinos, and David Brumley, Carnegie Mellon University

Zero-sized Heap Allocations Vulnerability Analysis
Julien Vanegue, Microsoft Security Engineering Center

Read the Abstract | Full paper

Beyond Heuristics: Learning to Classify Vulnerabilities and Predict Exploits (Invited Talk)
Mehran Bozorgi, Lawrence K. Saul, Stefan Savage, and Geoffrey M. Voelker, University of California, San Diego

10:40 a.m.–11:00 a.m.    Break
11:00 a.m.–12:30 p.m.

Cryptography, Etc.

Recovering Windows Secrets and EFS Certificates Offline
Elie Burzstein, Stanford University; Jean Michel Picod, EADS

Read the Abstract | Full paper

Crawling BitTorrent DHTs for Fun and Profit
Scott Wolchok and J. Alex Halderman, The University of Michigan

Read the Abstract | Full paper

Practical Padding Oracle Attacks
Juliano Rizzo, Netifera; Thai Duong, VNSECURITY

Read the Abstract | Full paper

12:30 p.m.–2:00 p.m.    Workshop Luncheon, Thurgood Marshall South West
2:00 p.m.–3:30 p.m.

The Web and Smartphones

Busting Frame Busting: A Study of Clickjacking Vulnerabilities on Popular Sites (Invited Talk)
Gustav Rydstedt, Elie Bursztein, and Dan Boneh, Stanford University; Collin Jackson, Carnegie Mellon University

Smudge Attacks on Smartphone Touch Screens
Adam J. Aviv, Katherine Gibson, Evan Mossop, Matt Blaze, and Jonathan M. Smith, University of Pennsylvania

Read the Abstract | Full paper

Framing Attacks on Smart Phones and Dumb Routers: Tap-jacking and Geo-localization Attacks
Gustav Rydstedt, Baptiste Gourdin, Elie Bursztein, and Dan Boneh, Stanford University

Read the Abstract | Full paper

3:30 p.m.–3:50 p.m.    Break
3:50 p.m.–5:20 p.m.

After You Get EIP

Interpreter Exploitation
Dionysus Blazakis, Independent Security Evaluators

Read the Abstract | Full paper

A Framework for Automated Architecture-Independent Gadget Search
Thomas Dullien and Tim Kornau, zynamics GmbH; Ralf-Philipp Weinmann, University of Luxembourg

Read the Abstract | Full paper

English Shellcode (Invited Talk)
Joshua Mason and Sam Small, Johns Hopkins University; Fabian Monrose, University of North Carolina at Chapel Hill; Greg MacManus, iSIGHT Partners

5:30 p.m.–7:00 p.m.    Reception: Sponsored by Deutsche Post, Hoover


Join Deutsche Post for a dinner reception on Monday evening. They will be announcing the launch of a new security initiative around the E-Postbrief, a secure communication solution, and invite the security community to participate. Food, wine, beer and soft drinks will be provided.

? Need help? Use our Contacts page.

Last changed: 13 August 2010 jp