Keynotes

file

Visible to the public Is Hardware Root of Trust hard to do, and Trustworthy?

Submitted by akarns on Thu, 03/05/2020 - 4:47pm
As the appetite for exploiting security flaws intensifies, so does the broad spectrum of vulnerabilities. It’s important to consider each type of vulnerability and how these could impact physical or logical systems.
file

Visible to the public Evaluating Fuzz Testing (and other technologies)

Submitted by Anonymous on Thu, 03/05/2020 - 4:39pm
Fuzz testing has enjoyed great success at discovering security critical bugs in real software. Researchers have devoted significant effort to devising new fuzzing techniques, strategies, and algorithms. Such new ideas are primarily evaluated experimentally so an important question is: What experimental setup is needed to produce trustworthy results? In mid 2018 we surveyed the research literature and assessed the experimental evaluations carried out by 32 fuzzing papers.
file

Visible to the public Trust Engineering via Cryptographic Protocols

Submitted by akarns on Thu, 03/05/2020 - 4:31pm

file

Visible to the public Access Control Verification for Everyone

Submitted by Anonymous on Thu, 03/05/2020 - 4:23pm
Amazon Web Services (AWS) recently launched IAM Access Analyzer, an automated reasoning service for auditing permissions to cloud resources. While all customers want increased security, few have the specialized skills required to formally specify and verify security properties. Customers who go down this road have to formally specify their intended security properties, check them against their policies, and then debug when properties fail to hold.