APSEC 2016 Programme Outline

Tuesday Wednesday Thursday Friday
Tutorials &
Keynote: Manu Sridharan

Keynote: Cristina Cifuentes

Keynote: Paul Ash
Break Break Break Break
T & W Poster Session Paper Session Paper Session
Lunch Lunch Lunch Lunch
T & W Paper Session Paper Session Paper Session
Break Break Break Closing
T & W Paper Session Paper Session Break

Programme (PDF)

List of accepted papers.

Keynote Speakers

Cristina Cifuentes
Research Director, Oracle Labs Australia

Oracle Parfait: The Flavour of Real-World Vulnerability Detection

The Parfait static code analyser was conceived at Sun Labs, now Oracle Labs, in 2008. At the time, the project focused on the detection of bugs in C/C++ code. Over the next five years, Parfait matured to include detection of vulnerabilities (not just bugs) in C/C++ and Java while meeting the performance and precision standards expected of a commercial tool. Today, Parfait is utilized by thousands of developers at Oracle worldwide.

In this presentation, the audience will be invited to sample the flavour of Parfait: we will explore the real-world challenges faced in the creation of a robust vulnerability detection tool; investigate in detail two examples of access control vulnerabilities that severely affected the Java platform in 2012/2013; and reflect on my personal takeaways on leading projects in industrial research laboratories.

Manu Sridharan
Samsung Research America

Program Analysis for Real-World JavaScript

By many measures, JavaScript is now the world's most popular programming language: beyond web applications, it is increasingly used to program servers, mobile apps, and even Internet of Things devices. JavaScript's meteoric rise in popularity has created a critical need for more effective developer tools. Unfortunately, due to JavaScript's dynamic nature and the complexity of the browser environment, many standard program analyses that work well for other languages are nearly useless when applied to real-world JavaScript code.

In this talk, I will discuss two recent projects focused on advancing program analysis for JavaScript. First, I will present dynamic determinacy analysis, a technique that dramatically improves the scalability and precision of JavaScript static analysis. Determinacy analysis collects sound, over-approximate information from dynamic runs to aid in static analysis of complex reflective code.

Second, I will present EventRacer, the first tool for discovering and debugging non-determinism errors in event-driven programs. EventRacer adapts the notion of a happens-before relation to give a clean definition of data races for event-driven programs. It also incorporates multiple novel techniques to achieve scalability and usability for real-world applications. EventRacer enabled discovery of many errors in deployed Fortune 100 web sites, and its techniques have since been applied in a variety of other emerging domains.

Paul Ash
Director, National Cyber Policy Office
Department of Prime Minister and Cabinet
New Zealand Government

New Zealand in an interconnected world: delivering a secure, resilient and prosperous online environment

New Zealand issued its second national Cyber Security Strategy in December 2015. The Strategy has as its vision achieving a secure, resilient and prosperous online New Zealand. It sets out goals under four headings - Cyber Resilience, Cyber Capability, Addressing Cybercrime, and International Cooperation - and establishes actions to achieve these. The Strategy also puts forward four principles for assessing existing actions and developing new ones, and establishes an annual review process. This presentation will describe the approach in the Strategy, and the thinking that went into it. It will outline a New Zealand perspective on how a relatively small state can work toward cyber security and resilience, while enabling economic growth. And it will set New Zealand's strategy in an international context, outlining some of the examples New Zealand drew upon in developing the Strategy, and what it might in turn be able to contribute to the evolution of international thinking on cybersecurity.

The Keynotes are sponsored by:
logo of AUT Software Engineering Research Laboratory (SERL)

and the Department of Computer Science, University of Auckland
University of Auckland logo