Program
All sessions are at the Tang Center on the MIT campus in Cambridge, Massachusetts. Breakfast and lunch are provided, as well as a Boston Duck Boat Tour and dinner at the Top of the Hub. Wireless internet connections will be available.
Monday, 15 September 2008
| 1:00 – 7:00 PM | RAID Registration | |
| 1:00 – 5:30 PM | Poster Setup | |
| 5:30 – 8:00 PM | Joint Catered Poster Session with VizSEC |
Tuesday, 16 September 2008
| 8:00 – 9:00 AM | Breakfast (Ting Foyer in Tang Conference Center) and Registration |
|
| 9:00 – 9:15 AM | Welcome – Robert Cunningham, RAID 2008 General Chair Conference Opening – Richard Lippmann, RAID 2008 Program Chair Welcome Presentation (pdf) |
|
| Session 1 9:15 – 10:00 AM |
Rootkit Prevention Chair: Thorsten Holz |
|
| Best Paper | Guest-Transparent Prevention of Kernel Rootkits with VMM-based Memory Shadowing
Ryan Riley (Purdue University, US); Xuxian Jiang (North Carolina State University, US); Dongyan Xu (Purdue University, US) Presentation (pdf) |
|
| Countering Persistent Kernel Rootkits Through Systematic Hook Discovery Zhi Wang (George Mason University, US); Xuxian Jiang (North Carolina State University, US); Weidong Cui (Microsoft Research, US); Xinyuan Wang (George Mason University, US) Presentation (pdf) |
||
| 10:00 – 10:30 AM | Break |
|
| Panel 1 10:30 – 12:00 Noon |
Government Security R&D Investments: Successes, Failures and the Future Moderator: Robert Cunningham, MIT Lincoln Laboratory |
|
| Panel Members: Jacques Bus, Head of Unit: Security - ICT Programme European Commission; Carl Landwehr, Program Manager, IARPA; Karl Levitt, Cyber Trust Program Director, National Science Foundation; Doug Maughan, Program Manager of Cyber Security R&D, Department of Homeland Security Presentation (ppt) |
||
| 12:00 – 1:30 PM | Lunch (MIT Faculty Club) |
|
| Session 2 1:30 – 3:00 PM |
Malware Detection and Prevention Chair: Engin Kirda |
|
| Tamper-Resistant, Application-Aware Blocking of Malicious Network Flows Abhinav Srivastava (Georgia Institute of Technology, US); Jonathon Giffin (Georgia Institute of Technology, US) Presentation (pdf) |
||
| A First Step Toward Live Botmaster Traceback Daniel Ramsbrock (George Mason University, US); Xinyuan Wang (George Mason University, US); Xuxian Jiang (North Carolina State University, US) Presentation (pdf) |
||
| A Layered Architecture for Detecting Malicious Behaviors Lorenzo Martignoni (University of Milan, IT); Elizabeth Stinson (Stanford University, US); Matt Fredrikson (University of Wisconsin, Madison, US); Somesh Jha (University of Wisconsin, US); John Mitchell (Stanford University, US) Presentation (pdf) |
||
| A Study of the Packer Problem and Its Solutions
Fanglu Guo (Symantec Research Labs, US); Peter Ferrie (Symantec Research Labs, US); Tzi-Cker Chiueh (Symantec Research Labs, US) Presentation (pdf) |
||
| 3:00 – 3:30 PM | Break |
|
| Session 3 3:30 – 5:00 PM |
High Performance Intrusion Detection and Evasion Chair: Fanglu Guo |
|
| Gnort: High Performance Network Intrusion Detection Using Graphics Processors Giorgos Vasiliadis (Institute of Computer Science, Foundation for Research and Technology – Hellas, GR); Spiros Antonatos (Institute of Computer Science, Foundation For Research and Technology Hellas, GR); Michalis Polychronakis (ICS-FORTH, GR); Evangelos Markatos (ICS-FORTH, GR); Sotiris Ioannidis (University of Crete, GR) Presentation (ppt) |
||
| Predicting the Resource Consumption of Network Intrusion Detection Systems Holger Dreger (Siemens AG, DE); Anja Feldmann (Deutsche Telekom Laboratories, DE); Vern Paxson (ICSI, US); Robin Sommer (ICSI and LBNL, US) Presentation (pdf) |
||
| High-speed Matching of Vulnerability Signatures Nabil Schear (University of Illinois at Urbana-Champaign, US); David Albrecht (University of Illinois at Urbana-Champaign, US); Nikita Borisov (University of Illinois at Urbana Champaign, US) Presentation (pdf) |
||
| Swarm Attacks against Network-level Emulation/Analysis Simon Pak Ho Chung (University of Texas at Austin, US); Aloysius Mok (University of Texas at Austin, US) Paper (pdf) |
||
| 5:15 PM | Climb Aboard Duck Boats for Tour and Dinner at the Top of the Hub. Attendees return to their hotels via the "T", cab, or walking. | |
| up |
Wednesday, 17 September
| 8:00 – 9:00 AM | Breakfast (Ting Foyer in Tang Conference Center) and Registration |
|
| 9:00 – 9:15 AM | Announcements
|
|
| Session 4 9:15 – 10:00 AM |
Web Application Testing and Evasion Chair: Jon Giffin |
|
| Leveraging User Interactions for In-Depth Testing of Web Applications Sean McAllister (Technical University Vienna, AT); Engin Kirda (Institute Eurecom, FR); Christopher Kruegel (University of California, Santa Barbara, US) Presentation (pdf) |
||
| Model-Based Covert Timing Channels: Automated Modeling and Evasion Steven Gianvecchio (The College of William & Mary, US); Haining Wang (College of William and Mary, US); Duminda Wijesekera (George Mason University, US); Sushil Jajodia (George Mason University, US) Presentation (pdf) |
||
| 10:00 – 10:30 AM | Break |
|
| Panel 2 10:30 – 12:00 Noon |
Life after Antivirus – What Does the Future Hold? Moderator: Richard Lippmann, MIT Lincoln Laboratory |
|
| Panel Members: Martin Fréchette, Symantec Senior Principal Engineer leads the next generation of whitelist-based security products; John Viega, Founder and CEO of Stonewall Software, past Chief Security Architect at McAfee; Kathy Wang, MITRE Lead Scientist and Information Security Engineer on Honeyclient project, Paul Royal, Damballa Director of Research for botnet detection and remediation. Presentation (ppt) |
||
| 12:00 – 1:30 PM | Lunch (MIT Faculty Club) |
|
| Session 5 1:30 – 3:00 PM |
Alert Correlation and Worm Detection Chair: Benjamin Morin |
|
| Optimal Cost, Collaborative and Distributed Response to Zero-Day Worms – A Control Theoretic Approach Senthil Cheetancheri (University of California, Davis, US); John Agosta (Intel Research, US); Karl Levitt (UC Davis, US); S. Felix Wu (University of California at Davis, US); Jeff Rowe (UC Davis, US) Presentation (pdf) |
||
| On the Limits of Payload-oblivious Network Attack Detection Michael Collins (CERT, US); Mike Reiter (University of North Carolina at Chapel Hill, US) Presentation (pdf) |
||
| Determining placement of intrusion detectors for a distributed application through Bayesian network modeling Gaspar Modelo-Howard (Purdue University, US); Saurabh Bagchi (Purdue University, US); Guy Lebanon (Purdue University, US) Presentation (pdf) |
||
| A Multi-Sensor Model to Improve Automated Attack Detection Magnus Almgren (Chalmers University of Technology, SE); Ulf Lindqvist (SRI International, US); Erland Jonsson (Chalmers University of Technology, SE) Presentation (pdf) |
||
| 3:00 – 3:30 PM | Break |
|
| Session 6 3:30 – 5:00 PM |
Anomaly Detection and Network Traffic Analysis Chair: Robin Sommer |
|
| Monitoring SIP traffic using Support Vector Machines Mohamed Nassar (INRIA Lorraine, FR); Radu State (INRIA - LORIA, FR); Olivier Festor (INRIA-LORIA, FR) Presentation (pdf) |
||
| The Effect of Clock Resolution on Keystroke Dynamics Kevin Killourhy (Carnegie Mellon University, US); Roy A. Maxion (Carnegie Mellon University, US) Presentation (pdf) |
||
| A Comparative Evaluation of Anomaly Detectors under Portscan Attacks Ayesha Binte Ashfaq; Maria Joseph; Asma Mumtaz; Muhammad Qasim Ali; Ali Sajjad; Syed Ali Khayam (National University of Sciences & Technology, PK) Presentation (pdf) |
||
| Advanced Network Fingerprinting Humberto Abdelnur (INRIA Nancy - Grand Est, FR); Radu State (INRIA - LORIA, FR); Olivier Festor (INRIA Nancy - Grand Est, FR) Presentation (pdf) |
||
| The RAID organizing committee would like to thank our sponsors: The I3P, IBM, MIT Lincoln Laboratory and Symantec. |
||
| up |