DIMVA 2021 - 18th Conference on Detection of Intrusions and Malware & Vulnerability Assessment

The 18th Conference on Detection of Intrusions and Malware & Vulnerability Assessment

14-16 July 2021 - Online Streaming

Program

Wednesday, July 14

14:00-14:15 (CEST)

Opening Remarks / General Chair and Program Chairs

14:20-15:35

Session #1: Study to Uncover

Chair: Ulrich Flegel

14:20 | FP-Redemption: Studying Browser Fingerprinting Adoption for the Sake of Web Security

Antonin Durey (Univ. Lille / Inria); Pierre Laperdrix (CNRS, Univ Lille, Inria Lille); Walter Rudametkin (Univ. Lille / Inria); Romain Rouvoy (Univ. Lille / Inria / IUF)

14:45 | Digging Deeper: An Analysis of Domain Impersonation in the Lower DNS Hierarchy

Florian Quinkert, Dennis Tatang, Thorsten Holz (Ruhr-University Bochum)

15:10 | A First Large-scale Analysis on Usage of MTA-STS

Dennis Tatang, Robin Flume, Thorsten Holz (Ruhr-University Bochum)

15:35-15:45

(virtual) Coffee break

15:45-17:00

Session #2: Malware, malware, malware

Chair: Christian Rossow

15:45 | PetaDroid: Adaptive Android Malware Detection using Deep Learning

ElMouatez Billah Karbab, Mourad Debbabi (Concordia University)

16:10 | SCRUTINIZER: Detecting Code Reuse in Malware via Decompilation and Machine Learning

Omid Mirzaei (Northeastern University); Roman Vasilenko (VMware); Engin Kirda, Long Lu (Northeastern University); Amin Kharraz (Florida International University)

16:35 | Zero Footprint Opaque Predicates: Synthesizing Opaque Predicates From Naturally Occurring Invariants

Yu-Jye Tung, Ian G. Harris (University of California, Irvine)

Video (recording) of the 1st day of the conference

Link to the video

Access Password: 4z3^fB&e

Thursday, July 15

14:00-15:15

Session #3: Analyze the code like you own it

Chair: Sven Dietrich

14:00 | Refined Grey-Box Fuzzing with Sivo

Ivica Nikolic (National University of Singapore); Radu Mantu (University Politehnica of Bucharest); Shiqi Shen, Prateek Saxena (National University of Singapore)

14:25 | Third-Eye: Practical and Context-Aware Inference of Causal Relationship Violations in Commodity Kernels

Chuhong Yuan, Dong Du, Haibo Chen (Shanghai Jiao Tong University)

14:50 | Introspect Virtual Machines Like It Is the Linux Kernel!

Ahmed Abdrlraoof, Hans P. Reiser, Benjamin Taubmann (University of Passau)

15:15-15:30

(virtual) Coffee break

15:30-16:45

Session #4: Security Analysis

Chair: Federico Maggi

15:30 | Help, my Signal has bad Device! - Breaking the Signal Messenger's Post-Compromise Security through a Malicious Device

Jan Wichelmann, Sebastian Berndt, Claudius Pott, Thomas Eisenbarth (University of Lübeck)

15:55 | Centy: Scalable Server-side Web Integrity Verification System Based on Fuzzy Hashes

Lizzy Tengana, Jesús Solano, Alejandra Castelblanco (AppGate Inc.); Esteban Rivera, Christian Lopez (Appgate Inc.); Martin Ochoa (AppGate Inc.)

16:20 | You’ve Got (a Reset) Mail: A Security Analysis of Email-Based Password Reset Procedures

Tommaso Innocenti (Northeastern University); Seyed Ali Mirheidari (University of Trento); Amin Kharraz (Florida International University); Bruno Crispo (University of Trento); Engin Kirda (Northeastern University)

16:45-17:00

(virtual) Coffee break

17:00-18:00

Keynote: Designing technology in pandemic times

Carmela Troncoso, EPFL, Switzerland

Chair: Leyla Bilge

Video (recording) of the 2nd day of the conference

Link to the video

Access Password: 5+cH=kJ!

Friday, July 16

14:00-16:05

Session #5: Attacks are the “best”

Chair: Anita NIkolich

14:00 | Calibration Done Right: Noiseless Flush+Flush Attacks

Guillaume DIDIER (DGA / ENS / Univ Rennes); Clémentine Maurice (Univ. Lille, CNRS, Inria)

14:25 | The Full Gamut of an Attack: An Empirical Analysis of OAuth CSRF in the Wild

Michele Benolli, Seyed Ali Mirheidari, Elham Arshad, Bruno Crispo (University of Trento)

14:50 | SPECULARIZER: Uncovering Speculative Execution Attacks via Performance Tracing in Commodity Hardware

Wubing Wang, Guoxing Chen (The Ohio State University); Yueqiang Cheng (Baidu Security); Yinqian Zhang (Southern University of Science and Technology); Zhiqiang Lin (The Ohio State University)

15:15 | Aion Attacks: Exposing Software Timer Problem in Trusted Execution Environment

Wei Huang, Shengjie Xu, David Lie (University of Toronto); Yueqiang Cheng (NIO)

15:40 | Detecting and Measuring In-The-Wild DRDoS Attacks at IXPs

Karthika Subramani, Roberto Perdisci (University of Georgia); Maria Konte (Georgia Tech College of Computing)

16:05-16:10

(virtual) Coffee break

16:10-17:00

Session #6: “Just an IT Issue”?

Chair: Platon Kotzias

16:10 | Spotlight on Phishing: A Longitudinal Study on Phishing Awareness Trainings

Florian Quinkert (Ruhr-University Bochum); Martin Degeling (Ruhr-University Bochum; Horst Görtz Institute for IT Security); Thorsten Holz (Ruhr-University Bochum)

16:35 | Find My Sloths: Automated Comparative Analysis of How Real Enterprise Computers Keep Up with the Software Update Races

Omid Setayeshfar (University of Georgia); John Junghwan Rhee (University of Central Oklahoma); Chung Hwan Kim (University of Texas at Dallas); Kyu Hyung Lee (University of Georgia)

17:00-17:15

Closing Remarks

Video (recording) of the 3rd day of the conference

Link to the video

Access Password: e2t+4va^