Loading…
AppSec Europe 2014 has ended
Welcome to the full schedule of the OWASP AppSec Research EU 2014 conference days

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Keynote [clear filter]
Wednesday, June 25
 

09:15

Keynote - Fighting Next-Generation Adversaries with Shared Threat Intelligence

Adversaries today are technically advanced, structured around an underground governed by market forces, and using paradigm shifts in technology to compromise more victims. We examine techniques for identifying, anonymizing, and sharing threat intelligence and discuss use cases ranging from DDOS to malware where this approach can speed response times and prevent breaches.


Speakers
avatar for Jacob West

Jacob West

Jacob West is Chief Technology Officer for Enterprise Security Products (ESP) at HP. In his role, West influences the security roadmap for the ESP portfolio and leads HP Security Research (HPSR), which drives innovation with research publications, threat briefings, and actionable... Read More →


Wednesday June 25, 2014 09:15 - 10:00
LAB026

17:35

Keynote - CopperDroid: On the Reconstruction of Android Malware Behaviors
Today mobile devices and their application marketplaces drive the entire economy of the mobile landscape. For instance, Android platforms alone have produced staggering revenues exceeding 9 billion USD, which unfortunately attracts cybercriminals with malware now hitting the Android markets at an alarmingly rising pace.

To better understand this slew of threats, in this talk I present CopperDroid, an automatic VMI-based dynamic analysis system to reconstruct the behavior of Android malware.  Based on the key observation that all interesting behaviors are eventually expressed through system calls, CopperDroid presents a novel unified analysis able to capture both low-level OS-specific and high-level Android-specific behaviors. 

Extensive evaluation on more than 2,900 Android malware samples, show that CopperDroid faithfully describes OS- and Android-specific behaviors and, through the use of a simple yet effective app stimulation technique, successfully triggers and discloses additional behaviors on more than 60% (on average) of the analyzed malware samples, qualitatively improving code coverage of dynamic-based analyses.

Speakers
avatar for Lorenzo Cavallaro

Lorenzo Cavallaro

Senior Lecturer (~Associate Professor), Royal Holloway, University of London
Lorenzo Cavallaro is a Senior Lecturer of Information Security in theInformation Security Group at Royal Holloway University of London.His research interests focus on systems security, and malware analysisand detection. | | Lorenzo is Principal Investigator on the 4-year EPSRC-funded... Read More →


Wednesday June 25, 2014 17:35 - 18:20
LAB026
 
Thursday, June 26
 

09:15

Keynote - Anonymous Communications and Tor: History and Future Challenges

The history of anonymous communications on the Internet dates back to the early 80's but since then there have been dramatic changes in how anonymous communication systems have been built and how they have been used. In this talk I will describe some of these key changes, and what has motivated them. These include the web taking over from email as the major means of communications, and users of anonymous communication systems prioritising censorship-resistance over privacy. The growing popularity of anonymous communication systems has also led to commercial and political realities effecting how projects are run and software is designed. In particular, I will discuss how the Tor software has changed, and the Tor project evolved in this environment. I will conclude by summarising what might be the future for anonymous communication systems and how they may have to adapt themselves to changing circumstances.


Speakers
avatar for Steven Murdoch

Steven Murdoch

Royal Society University Research Fellow, University of Cambridge
Dr. Steven J. Murdoch is a Royal Society University Research Fellow in the Security Group of the University of Cambridge Computer Laboratory, working on developing metrics for security and privacy. His research interests include covert channels, banking security, anonymous communications... Read More →


Thursday June 26, 2014 09:15 - 10:00
LAB026

16:50

Keynote - Reflections on Scoping Trust
In the modern Web environment, far from heeding Ken Thompson's admonition that "you can't trust code that you did not totally create yourself," we're required to trust a whole host of things we didn't create ourselves, including code, devices, infrastructure, and institutions. Sometimes, quite visibly of late, we've seen that trust betrayed by failures in components we shouldn't have needed to trust so broadly in the first place. This talk will examine gaps in our current models of trust and security scope, and consider how, short of writing our own compiler-compilers and everything on top, we can create a more trustworthy Web.

Speakers
avatar for Wendy Seltzer

Wendy Seltzer

and Chilling Effects founder, W3C Policy Counsel
Wendy Seltzer is Policy Counsel and Technology & Society Domain Lead at the World Wide Web Consortium (W3C), where she leads work on privacy, security, and social web standards. As a visiting Fellow with Yale Law School's Information Society Project, she researches openness in intellectual... Read More →


Thursday June 26, 2014 16:50 - 17:40
LAB026