AppSec Europe 2014 has ended
Welcome to the full schedule of the OWASP AppSec Research EU 2014 conference days
Keynote [clear filter]
Wednesday, June 25

09:15 BST

Keynote - Fighting Next-Generation Adversaries with Shared Threat Intelligence

Adversaries today are technically advanced, structured around an underground governed by market forces, and using paradigm shifts in technology to compromise more victims. We examine techniques for identifying, anonymizing, and sharing threat intelligence and discuss use cases ranging from DDOS to malware where this approach can speed response times and prevent breaches.

avatar for Jacob West

Jacob West

Jacob West is Chief Technology Officer for Enterprise Security Products (ESP) at HP. In his role, West influences the security roadmap for the ESP portfolio and leads HP Security Research (HPSR), which drives innovation with research publications, threat briefings, and actionable... Read More →

Wednesday June 25, 2014 09:15 - 10:00 BST

17:35 BST

Keynote - CopperDroid: On the Reconstruction of Android Malware Behaviors
Today mobile devices and their application marketplaces drive the entire economy of the mobile landscape. For instance, Android platforms alone have produced staggering revenues exceeding 9 billion USD, which unfortunately attracts cybercriminals with malware now hitting the Android markets at an alarmingly rising pace.

To better understand this slew of threats, in this talk I present CopperDroid, an automatic VMI-based dynamic analysis system to reconstruct the behavior of Android malware.  Based on the key observation that all interesting behaviors are eventually expressed through system calls, CopperDroid presents a novel unified analysis able to capture both low-level OS-specific and high-level Android-specific behaviors. 

Extensive evaluation on more than 2,900 Android malware samples, show that CopperDroid faithfully describes OS- and Android-specific behaviors and, through the use of a simple yet effective app stimulation technique, successfully triggers and discloses additional behaviors on more than 60% (on average) of the analyzed malware samples, qualitatively improving code coverage of dynamic-based analyses.

avatar for Lorenzo Cavallaro

Lorenzo Cavallaro

Senior Lecturer (~Associate Professor), Royal Holloway, University of London
Lorenzo Cavallaro is a Senior Lecturer of Information Security in theInformation Security Group at Royal Holloway University of London.His research interests focus on systems security, and malware analysisand detection.Lorenzo is Principal Investigator on the 4-year EPSRC-funded BACCHUSgrant... Read More →

Wednesday June 25, 2014 17:35 - 18:20 BST
Thursday, June 26

09:15 BST

Keynote - Anonymous Communications and Tor: History and Future Challenges

The history of anonymous communications on the Internet dates back to the early 80's but since then there have been dramatic changes in how anonymous communication systems have been built and how they have been used. In this talk I will describe some of these key changes, and what has motivated them. These include the web taking over from email as the major means of communications, and users of anonymous communication systems prioritising censorship-resistance over privacy. The growing popularity of anonymous communication systems has also led to commercial and political realities effecting how projects are run and software is designed. In particular, I will discuss how the Tor software has changed, and the Tor project evolved in this environment. I will conclude by summarising what might be the future for anonymous communication systems and how they may have to adapt themselves to changing circumstances.

avatar for Steven Murdoch

Steven Murdoch

Royal Society University Research Fellow, University of Cambridge
Dr. Steven J. Murdoch is a Royal Society University Research Fellow in the Security Group of the University of Cambridge Computer Laboratory, working on developing metrics for security and privacy. His research interests include covert channels, banking security, anonymous communications... Read More →

Thursday June 26, 2014 09:15 - 10:00 BST

16:50 BST

Keynote - Reflections on Scoping Trust
In the modern Web environment, far from heeding Ken Thompson's admonition that "you can't trust code that you did not totally create yourself," we're required to trust a whole host of things we didn't create ourselves, including code, devices, infrastructure, and institutions. Sometimes, quite visibly of late, we've seen that trust betrayed by failures in components we shouldn't have needed to trust so broadly in the first place. This talk will examine gaps in our current models of trust and security scope, and consider how, short of writing our own compiler-compilers and everything on top, we can create a more trustworthy Web.


Wendy Seltzer

Counsel and Strategy Lead, W3C
Wendy Seltzer is Policy Counsel and Technology & Society Domain Lead at the World Wide Web Consortium (W3C), where she leads work on privacy, security, and social web standards. As a visiting Fellow with Yale Law School's Information Society Project, she researches openness in intellectual... Read More →

Thursday June 26, 2014 16:50 - 17:40 BST
Filter sessions
Apply filters to sessions.