logo

Organizing Committee

Weverton Cordeiro
UFRGS, Brazil

Jérôme François
Inria Nancy Grand Est, France

Emmanouil Vasilomanolakis
TU Darmstadt, Germany

Hsu-Chun Hsiao
National Taiwan University, Taiwan


Steering Committee

Carol Fung
Virginia Commonwealth University, USA

Mohamed Faten Zhani
École de Technologie Supérieure, Canada


Program Committee

Chen-Mou Cheng, National Taiwan University, Taiwan

Thibault Cholez, Université de Lorraine / Inria, France

Weverton Cordeiro, UFRGS, Brazil

Rafael Esteves, Federal Institute of Rio Grande do Sul, Brazil

Carol Fung, VCU, USA

Luciano Gaspary, UFRGS, Brazil

Christian Hammerschmidt, University of Luxembourg, Luxembourg

Jassim Happa, University of Oxford, UK

Tiffany Hyun-Jin Kim, HRL Laboratories, USA

Shankar Karuppayah, Universiti Sains Malaysia, Malaysia

Chi-Yu Li, National Chiao Tung University, Taiwan

Qi Li, Tsinghua Univerisity, China

Giovane Moura, SIDN Labs, The Netherlands

Jéferson Nobre, UNISINOS, Brazil

Minho Park, Soongsil University, Korea

Ramin Sadre, Université Catholique de Louvain, Belgium

Jair Santanna, University of Twente, The Netherlands

Ricardo Schmidt, University of Passo Fundo, Brazil

Pawel Szalachowski, Singapore University of Technology and Design, Singapore

Emmanouil Vasilomanolakis, Technische Universität Darmstadt, Germany

Cynthia Wagner, Restena Foundation, Luxembourg

Qian Wang, Wuhan University, China

Mohamed Faten Zhani, École de Technologie Supérieure, Canada


Past Editions

DISSECT 2017 @ Lisbon, Portugal

DISSECT 2016 @ Istanbul, Turkey

DISSECT 2015 @ Ottawa, Canada

 

IEEE/IFIP DISSECT 2017

3RD IEEE/IFIP Workshop on Security for Emerging Distributed Network Technologies (DISSECT)

Secure and Integrated Management in the Cloud and 5G Era

Co-located with IEEE/IFIP IM 2017
Lisbon, Portugal

 

Keynote II (back to main page)


Shih-Kun Huang
Professor @ National Chiao Tung University, Taiwan

Exploit Generation: Bug as a Backdoor (BaaB)

April 23rd, 1:30pm - 2:30pm

 

Abstract: Software crash is inevitable and the most common type of software failures. This type of failures is characterized in software testing, reliability, and quality assurance, but not in the cyber security. We have studied the software crash behaviors by constructing symbolic failure models, and automatically produce software attacks through the manipulation of the symbolic model. This work has revealed a severe cyber security threats against software quality. That is, software crash failures introduced by bugs are able to be automatically exploited. If bugs are exploited and attacked, arbitrary code can be executed and a backdoor channel will be built. That is the concept and talk title of Bugs as a Backdoor.

If a backdoor channel is built by embedding bugs in the system, former research on Trojan horse identification will be reduced to the finding of software bugs, still an intractable problem in software engineering, and programming languages.

In this talk, we will introduce the development of exploitable crash detection and the process of automatic exploits (attack input) generation. The generation process has been improved and 7,000 times faster than our initial attempt. If attacks are generated by tools from software crashes, Bugs as a Backdoor is feasible without writing an explicit Trojan horse in the system. A programmer or the software vendor can leave bugs in the system, as unintended features and deniable trapdoors.


Biography: Shih-Kun Huang received his B.S. (1989), M.S. (1991) and Ph.D. (1996) in Computer Science and Information Engineering from the National Chiao Tung University, and was an assistant research fellow at the Institute of Information Science, Academia Sinica between 1996 and 2004. Currently he is the deputy director of Information Technology Service Center, and a professor of Department of Computer Science, National Chiao Tung University. Dr. Huang's research integrates software engineering, and programming languages to study cyber security and software attacks. He is the Principal Investigator of the MOST project on Exploitable Software Crash (CRAX and CRAXweb).


 

Date and Location

Taipei, Taiwan, April 23rd, 2018

Held in conjunction with IEEE/IFIP Network Operations and Management Symposium (NOMS)

Venue

To be held at the NTUH International Convention Center. Located in the most elite Zhong Zheng District where professionals and intellectuals gather, NTUH (National Taiwan University Hospital) International Convention Center is a precious stone that shines on the historical campus of NTUH amid all other government buildings in its surroundings. Further information on workshop venue, accommodation, travel, and more is available on the NOMS 2018 website http://noms2018.ieee-noms.org/

Important Dates

5th Jan 2018 26th Jan 2017 Paper submission Deadline (EXTENDED)

28th Feb 2018 Acceptance Notification

9th Mar 2018 Camera-Ready Version Due

23 April 2018 Workshop Day

Paper Submission

Paper submissions must present original, unpublished research or experiences. Papers under review elsewhere must not be submitted to the workshop.

All contributions must be submitted in PDF format via JEMS https://submissoes.sbc.org.br/noms2018_dissect.

The submission and acceptance of contributions will be subject to a rigorous peer review process to ensure originality, timeliness, relevance, and readability.

Paper Format

All papers must be limited to 6 pages in an IEEE 2-column style and will be subject to a peer-review process.

The accepted papers will be submitted for publication in the IEEE Xplore Digital Library. Papers will be withdrawn from IEEE Xplore in case the authors do not present their paper at the workshop.

Distinguished papers will be invited to extend an extended version for a Special Issue of the Int'l Journal on Network Management (IJNM) on Security for Emerging Open Networking Technologies.

Poster Info

Papers accepted as posters must be limited to 4 pages in an IEEE 2-column style. The accepted posters will also be submitted for publication in the IEEE Xplore Digital Library. Posters will be withdrawn from IEEE Xplore in case the authors do not present them at the workshop.