WORKSHOP SESSIONS

Please Note: This workshop is by invitation and/or acceptance of paper submission.

Session papers are available to workshop registrants immediately and to everyone beginning July 28, 2008.

All sessions will take place in the Sacramento Room unless otherwise noted.

Welcome

Invited Talk

Speaker: Paul Vixie

Papers

Engineering Heap Overflow Exploits with JavaScript
Mark Daniel, Jake Honoroff, and Charlie Miller, Independent Security Evaluators

Paper in HTML | PDF

Experiences with Model Inference Assisted Fuzzing
Joachim Viide, Aki Helin, Marko Laakso, Pekka Pietikäinen, Mika Seppänen, Kimmo Halunen, Rauli Puuperä, and Juha Röning, University of Oulu, Finland

Paper in HTML | PDF

Insecure Context Switching: Inoculating Regular Expressions for Survivability
Will Drewry and Tavis Ormandy, Google, Inc.

Paper in HTML | PDF

Papers

There Is No Free Phish: An Analysis of "Free" and Live Phishing Kits
Marco Cova, Christopher Kruegel, and Giovanni Vigna, University of California, Santa Barbara

Paper in HTML | PDF

Towards Systematic Evaluation of the Evadability of Bot/Botnet Detection Methods
Elizabeth Stinson and John C. Mitchell, Stanford University

Paper in HTML | PDF

Papers

Reverse Engineering Python Applications
Aaron Portnoy and Ali-Rizvi Santiago, TippingPoint DVLabs

Paper in HTML | PDF

Exploitable Redirects on the Web: Identification, Prevalence, and Defense
Craig A. Shue, Andrew J. Kalafut, and Minaxi Gupta, Indiana University

Paper in HTML | PDF

Modeling the Trust Boundaries Created by Securable Objects
Matt Miller, Leviathan Security Group

Paper in HTML | PDF

Rump Session

5-minute talks

Closing Remarks

Program Chairs: Dan Boneh, Stanford University; Tal Garfinkel, VMware; Dug Song, Zattoo