The 1st Radical and Experiential Security Workshop (RESEC 2018)

Held in conjunction with The 13th ACM ASIA Conference on Information, Computer and Communications Security (ACM ASIACCS 2018).

The Focus:

The RESEC workshop focuses on practical security solutions and innovative work based on experiential studies, real datasets and deployed systems. In other words, the workshop will solicit papers that would typically fall through the cracks as too practice-focused for scientific conferences, and too theoretical for system administration forums.

RESEC invites the following types of studies from researchers, academics and practitioners:

Experiential: studies that share insightful or puzzling observations, lessons learned, challenges, deployment considerations, observed trends and phenomena, and even data collection studies that can facilitate research in cybersecurity.

Radical ideas: transformational, counter-intuitive and disruptive ideas that can re-shape the foundation of enterprise security, or provide a long-term vision and historical insights.

Commercially-attractive: studies and ideas that can provide or have already provided the seed for commercial, open-source products and services.

Negative results: studies that demonstrate and investigate the failure of methods and approaches, especially when seen through a practical lense, and the lessons learned from these failures.

The Context:

There are many groups and entities that work on security from different perspectives: (a) academic researchers, (b) security practitioners, (c) entrepreneurs, (d) industrial researchers of companies, and (e) venture capitals (VC).

There is tremendous novelty, innovation, and experience that often goes to waste because it does not cross the boundaries of these groups. Clearly, there is a booming of the cybersecurity industry, high entrepreneurial activity, a dire need of effective solutions, and a dearth of security specialists in the job market.

Topics of Interest:

RESEC invites submissions on all aspects of enterprise security including security risks, new security designs, in the context of enterprise environments. RESEC aims to bring together researchers in both industry and academia. RESEC particularly encourages collaborative research between research teams in industry and research groups in universities.

Topics include, but are not limited to:

IoT Security
Machine Learning in Security
Adversarial Machine Learning
Underground Economy Study
Foundations of Enterprise Security
Lessons learned from Failed Security Practices and Case Studies in Enterprises
Advanced persistent attacks (APT), Software Vulnerabilities, Design Flaws
Malware Analysis, Code Analysis, and Reverse Engineering
Mobile App Security and App Market Security
Web Security, DDOS, Botnet

The submissions will be peer-reviewed by at least three program committee members. In alignment, with the spirit of the workshop, an effort will be made to include at least one academic researcher and one industry practitioner for every paper. The workshop organizers will make acceptance decision based on the reviews provided by the program committee members. COI will be carefully handled during the reviewing process.

Organizing Committee:

Zhi Xu (Palo Alto Networks, USA)
Tao Xie (University of Illinois Urbana-Champaign, USA)
Xusheng Xiao (Case Western Reserve University, USA)
Zhiyun Qian (University of California, Riverside, USA)
Michalis Faloutsos (University of California, Riverside, USA)

TPC members:

Industry affiliated:

Tao Wei (Baidu Chief Security Scientist, Visiting Professor at Peking University)
Ling Huang (CEO/Founder, Fintec.ai, adjunct professor at Institute for Interdisciplinary Information Sciences in Tsinghua University)
Xiaoning Li (Chief security architect, alibaba cloud)
Bo Qu (Distinguished Researcher Engineer, Palo Alto Networks)
Jimmy Su (Senior Director, JD.COM)
Song Li (Founder and CTO, NewSky Security)
Hayawardh Vijayakumar (Researcher, Samsung Research America)
Victor Fang （Principal Data Scientist , FireEye)
Rui Wang (CTO, VeriClouds)
Tongbo Luo (Security Researcher, StackRox)
Tao Wan (Senior Security Researcher, Huawei Canada)
Kun Bai (Principle Research Scientist, Tencent)
Jun Wang (Sr Staff Security Researcher, Palo Alto Networks)

University affiliated:

Xinyu Xing (Pennsylvania State University)
Vyas Sekar (Carnegie Mellon University)
Sencun Zhu (Pennsylvania State University)
Yuan Tian (University of Virginia)
Haixin Duan (Tsinghua University)
Kai Chen (Chinese Academy of Science)
Zhi Wang (Florida State University)
Lorenzo Cavallaro (Royal Holloway, University of London)
Peng Liu (Pennsylvania State University)

High-Tech focused Venture Capitalists

Lin Xie (HEDA Ventures)
Jun Li (Wisemont Capital)

Submission

Submission Page

https://easychair.org/conferences/?conf=resec2018

Instructions for authors:

Technical papers submitted for RESEC are to be written in English.

Full Papers must be at most 6 pages excluding bibliography and appendices, and at most 8 pages in total.
Short Papers must be at most 3 pages excluding bibliography and appendices, and at most 4 pages in total.

Committee members are not obligated to read appendices, and a paper must be intelligible without the appendices. Submissions must follow the new ACM conference template (https://www.acm.org/publications/proceedings-template), which has been updated for 2017. Only pdf files will be accepted.

Submitted papers must not substantially overlap papers that have been published or are simultaneously submitted to a journal, conference or workshop. Simultaneous submission of the same work is prohibited. Authors of accepted papers must guarantee that their papers will be presented at the workshop. At least one author of the paper must be registered at the appropriate conference rate. At least one author of the paper must be registered at the appropriate conference rate. Accepted papers will be published in the ACM Digital Library.

Important Dates

Submissions Due: Jan 29 (Extended), 2018 (GMT)
Notification: Mar 28 (Extended), 2018
Camera-ready Due: April 4, 2018
Workshop: Jun 4, 2018

Program

09:00 - 09:10 Workshop Opening

09:10 - 10:00 Keynote 1

Speaker: Dr. Jae Woong Chung (CEO, Atto Research)
- Title: Being the Baby CEO
- Abstract: This talk is mainly about my personal struggles to switch from an allegedly proud engineer to a baby ceo who lacks at many things. More details will be updated.

10:00 - 10:20 Session 1： Threat

CBTracer: Continuously Building Datasets for Binary Vulnerability and Exploit Research, Yukun Liu (Tsinghua University), Jianwei Zhuge (Peking University), and Chao Zhang (Tsinghua University)

10:30 - 11:00 Coffee Break

11:00 - 11:30 Keynote 2

Speaker: Dr. PingRong Yu (Managing Partner, SV Tech Ventures)
- Title: On Starting Your Own Company
- Abstract: To start a successful company is hard, and it’s even harder when you do it the first time. As a venture capitalist and entrepreneur, I’ll share a few things I learned that might be helpful.

11:30 - 12:30 Session 2: Mobile Security

Active Authentication Experiments Using Actual Application Usage Log, Gwonsang Ryu (Kongju National University), Sohee Park (Kongju National University), Daeseon Choi (Kongju National University), Youngsam Kim (Electronics and Telecommunications Research Institute), Seung-Hyun Kim (Electronics and Telecommunications Research Institute), Soohyung Kim (Electronics and Telecommunications Research Institute), Dowan Kim (Kongju National University) and Daeyong Kwon (Kongju National University)
Identifying and Evading Android Sandbox through Usage-Profile based Fingerprints, Valerio Costamagna (Universita degli studi di Torino), Cong Zheng (Palo Alto Networks),and Heqing Huang (IBM TJ Watson Research Center)
Daemon-Guard: Towards Preventing Privilege Abuse Attacks in Android Native Daemons, Cong Zheng (Palo Alto Networks) and Heqing Huang (IBM TJ Watson Research Center)

12:30 - 14:00 Lunch

14:00 - 14:30 Keynote 3

Speaker: Jun Li (Founder and General Partner, Wisemont Capital)
- Title: A Security Startup’s Guide - from an investor’s perspective
- Abstract: This talk will focus on: where are the opportunities; What to consider：5 Common mistakes to avoid; How to convince an investor to give you money: 5 important things to remember; 2018 Buzz word

14:30 - 15:30 Session 3: Machine Learning in Security

Unsupervised Clustering for Identification of Malicious Domain Campaigns, Michael Weber (Palo Alto Networks), Jun Wang (Palo Alto Networks), and Yuchen Zhou (Palo Alto Networks)
Detecting Data Exploits Using Low-level Hardware Information: A Time Series Approach, Chen Liu (Clarkson University), Zhiliu Yang (Clarkson University), Zander Blasingame (Clarkson University), Gildo Torres (Clarkson University), James Bruska (Clarkson University) and Lok Yan (AIr Force Research Lab)
LSTM based Self-Defending AI ChatBot Providing Anti-Phishing, Sreewathsa Kovalluri (Amrita Vishwa Vidyapeetham), Aravind Ashok (Amrita Vishwa Vidyapeetham), Hareesh Singanamala (Amrita Vishwa Vidyapeetham), and Prabaharan Poornachandran (Amrita Vishwa Vidyapeetham)

15:30 - 16:00 Coffee Break

16:00 - 17:00 Session 4: Short Papers

Cracking IoT Device User Account via Brute-force Attack to SMS Authentication Code, Dong Wang (University of Science and Technology of China), Jiang Ming (UT Arlington), Ting Chen (University of Science and Technology of China), Xiaosong Zhang (University of Science and Technology of China), and Chao Wang (ADLab of Venustech)
Android Plugin Becomes a Catastrophe to Android Ecosystem, Cong Zheng (Palo Alto Networks), Tongbo Luo (Palo Alto Networks), Zhi Xu (Palo Alto Networks), Wenjun Hu (Palo Alto Networks), and Xin Ouyang (Palo Alto Networks)
Security Vulnerability and Patch Management in Electric Utilities: A Data-Driven Malware Analysis, Fengli Zhang (University of Arkansas, Fayetteville) and Qinghua Li (University of Arkansas, Fayetteville)
On the Feasibility of Automatic Malware Family Signature Generation, Xiao Zhang (Palo Alto Networks) and Zhi Xu (Palo Alto Networks)

17:00 - 17:30 Discussion Session

Hosts: TBD

Contact: resec.contact@gmail.com