 |
||||||||||||||
|
Joint PPREW / SSP Workshop
Hilton Los Angeles/Universal City, Los Angeles, CA
December 8, 2015
Collocated with
ACSAC
2015
Keynote Speakers
At this year's workshop we are fortunate to hear from leading researchers working in the area of software analysis and protection in government, industry, and academia.
Stacy Prowell, Research Scientist, Oak Ridge National Laboratory (ORNL)
Talk: "Security, Verification, and the IoE"
Stacy Prowell is the Chief Cyber Security Research Scientist in the Computational Sciences and Engineering Division of Oak Ridge National Laboratory (ORNL), leads the Cyber Warfare Research Team, and holds a joint appointment as Associate Professor in the Department of Electrical Engineering and Computer Science at the University of Tennessee.
For over fifteen years Dr. Prowell has worked on making software systems more reliable, safe, and secure, and has developed novel ways of specifying, analyzing, and testing software applications and embedded devices. As an industry consultant Dr. Prowell has coached, consulted on, contributed to, and managed projects ranging from tiny embedded devices to large distributed industrial control systems, from simple software systems to sophisticated medical imaging. Dr. Prowell’s current research is computationally intensive cyber security, combining rigorous mathematical analysis with high-performance computing. Dr. Prowell holds a Ph.D. in computer science from the University of Tennessee.
Michael Wiener, Research Scientist, IRDETO
Talk: "Applying Software Protection to White-Box Cryptography"
The business world can be a brutal judge of security research ideas. The only thing that matters is the net financial savings of a security technique - does the security technology save more money than it costs? I have been doing research on protecting encryption software, always with an eye on whether it can satisfy business goals. The early days of research into protecting encryption keys in software used a technique called white-box cryptography. The first such methods consisted almost exclusively of look-up tables jammed full of as much math as possible.
But these methods have been thoroughly broken. We have been working on different approaches that eliminate tables and rely more heavily on software protection methods. Other topics addressed in this talk at a high level are software security measures and the relationship between white-box cryptography and homomorphic encryption.
Michael Wiener is a cryptologist who is best known for designing a DES-breaking machine and for attacking RSA with short private exponents. He also co-authored papers on parallel collision search which lead to the best attacks known on many hash functions, elliptic curves, and multiple encryption.
He served as Program Chair for Crypto '99 and SAC 2007, and has served on numerous program committees including the first ACM CCS in 1993. He was one of the first employees of Entrust where he specified Entrust's initial PKI architecture. He is now with Irdeto where he leads research and development of advanced white-box cryptography.
Yan Shoshitaishvili, Security Researcher, UCSB
Talk: "Binary Analysis in the Wild West"
Yan Shoshitaishvili is a doctoral student and security researcher with the Computer Security Group (Seclab) at the University of California Santa Barbara (UCSB) . He has been interested in hacking since the age of eight and is fascinated by understanding and commandeering the computation and actions carried out by binary code.
He is one of the hacking aces behind team Shellphish and his research interests include program analysis in general, the need for better tools, binary analysis frameworks, and recent work with the DARPA Cyber Grand Challenge. Yan has also developed and released computer security tools on the Internet.