Loading [MathJax]/extensions/MathZoom.js
2023 IEEE Secure Development Conference (SecDev) - Conference Table of Contents | IEEE Xplore
IEEE Cybersecurity Development (SecDev)

2023 IEEE Secure Development Conference (SecDev)

DOI: 10.1109/SecDev56634.2023

18-20 Oct. 2023

Proceedings

The proceedings of this conference will be available for purchase through Curran Associates.

Secure Development Conference (SecDev), 2023 IEEE

Copyright Page

Publication Year: 2023,Page(s):4 - 4

Table of Contents

Publication Year: 2023,Page(s):5 - 8

Organizing Committee

Publication Year: 2023,Page(s):10 - 10

Program Committee

Publication Year: 2023,Page(s):11 - 12

Steering Committee

Publication Year: 2023,Page(s):13 - 13

Practitioner Session Committee

Publication Year: 2023,Page(s):14 - 14

Practitioner Session Committee

Keynotes

Publication Year: 2023,Page(s):15 - 18
Web applications offer a broad range of functionalities that are exploited by malware to serve as alternatives to traditional attacker-controlled servers. To effectively combat these Web App-Engaged (WAE) malware, prompt coordination between incident responders and web application providers is crucial. Any delay in this collaboration can allow WAE malware to flourish, posing serious security risks...Show More
Ransomware has become a normalized cost of doing business in recent years, resulting in unprecedented levels of impact. Organizations are being increasingly called upon to be able to detect, defend against and respond to an attack. This tutorial has been designed to equip both individual users and business owners with detailed knowledge of the current ransomware ecosystem, hands-on skills to ident...Show More
Implementing binary formats and communication protocols correctly is hard. Consequently, security vulnerabilities in such implementations are frequent and can have catastrophic consequences. In this tutorial, we present the RecordFlux toolset and language to practitioners faced with the implementation of critical protocol stacks. They will use the RecordFlux domain-specific language (DSL) to forma...Show More
While Terraform has gained popularity to implement the practice of infrastructure as code (IaC), there is a lack of characterization of static analysis for Terraform manifests. Such lack of characterization hinders practitioners to assess how to use static analysis for their Terraform development process, as it happened for Company A, an organization who uses Terraform to create automated software...Show More
Developing secure software is essential for protecting passwords and other sensitive data. Despite the abundance of cryptographic libraries available to developers, prior work has shown that developers often unknowingly misuse the provided Application Programming Interfaces (APIs), resulting in serious security vulnerabilities. Eclipse CogniCrypt is an IDE plugin that aims at helping developers us...Show More
New contributors are critical to open source projects. Without them, the project will eventually atrophy and become inactive, or its experienced contributors will bias the future directions the project takes. However, new contributors can also bring a greater risk of introducing vulnerable code. For projects that have a need for both secure implementations and a strong, diverse contributor communi...Show More
Fast Identity Online 2 (FIDO2), a modern authentication protocol, is gaining popularity as a default strong authentication mechanism. It has been recognized as a leading candidate to overcome limitations (e.g., it is phishing resistant) of existing authentication solutions. However, the task of deprecating weak methods such as password-based authentication is not trivial and requires a comprehensi...Show More
Modern code signing systems are foundational building blocks to securing our software supply chain. Therefore, ensuring the security of these code signing systems and Continuous Integration and Continuous Deployment (CI/CD) pipelines is paramount. This paper highlights the security risks with current code signing systems with a relevant case study of the Solarwinds attack and recommends best pract...Show More

11 things about Securing Microservice

Yuvaraj Madheswaran

Publication Year: 2023,Page(s):51 - 53
Microservices are a modern-era software development approach to creating REST APIs as a small independent process that is loosely coupled, performs business specific operation or capabilities, and is owned by a small team. Microservices are light weight components that are easy to develop, deploy and scale based on business requirements. Some of our customers use microservice with container-based ...Show More
Rust is a popular memory-safe systems programming language. In order to interact with hardware or call into non-Rust libraries, Rust provides unsafe language features that shift responsibility for ensuring memory safety to the developer. Failing to do so, may lead to memory-safety violations in unsafe code which can violate safety of the entire application. In this work we explore in-process isola...Show More
Despite extensive research on defenses, exploitations on stack memory errors remain a major concern. Previous work has focused primarily on protecting code pointers (e.g., return addresses), but stack data may be compromised due to spatial, type, and temporal memory errors. Recent work on the DATAGUARD system proposes an efficient defense for protecting a significant fraction of stack data from me...Show More
Existing source code debloaters fall short due to low scalability and high runtime overhead when applied in dynamic cloud settings, where instances are spun up on the fly. To address this challenge, we propose BLADE that leverages the common coding idioms and language restrictions to build simple yet effective heuristics for faster source-code debloating. For example, usually, coding constructs ar...Show More
DOCKER containers have been widely used by organizations because they are lightweight and single hardware can run multiple instances of a container. However, this ease of virtualization comes with weaker isolation as compared to virtual machines. A compromised container can allow the attacker to escape to the host and gain privileged access. Several approaches have been developed to reduce the att...Show More
This study presents an innovative aggregation scheme for model-agnostic, local, heterogeneous data models within the domain of Federated Learning. The proposed approach imposes minimal constraints on local models, only necessitating local model parameters and distances from local data centroids for a particular query. These requirements facilitate the design of privacy-preserving learning systems....Show More
IoT devices have become an increasingly accessible target for evasive attacks, such as botnets, due to insecure network services, deprecated software components, unencrypted data communication, and other vulnerabilities. To address these security concerns, our work makes several significant contributions toward curating datasets and designing and developing a robust and effective Host-Based Intrus...Show More

Proceedings

The proceedings of this conference will be available for purchase through Curran Associates.

Secure Development Conference (SecDev), 2023 IEEE