Meeting Point and Bus Departure to Welcome Events

Welcome events: Wine Tasting and Seaside Dinner

Join us for a visit to Agia Triada of Tsagarolon for wine tasting, followed by a seaside dinner at Loukoulos restaurant in Marathi. This is a great opportunity to get to know the other conference attendees and to recover from any travel fatigue. Please join us at this meeting point.

As the events will be held outside the city of Chania, please arrive at the meeting point no later than 12:50, as buses will depart promptly at 13:00 and it will not be possible to join later.

Wine Tasting in Agia Triada of Tsagarolon

Enjoy a wine tasting experience at the historic Agia Triada of Tsagarolon Monastery, featuring locally produced wines from its vineyards in the Akrotiri region of Chania.

We will depart from Agia Triada at 16:00 and travel by bus to Marathi. Once we reach Marathi (30 minutes drive) you can indulge in a relaxing seaside experience.

Dinner at Loukoulos Restaurant in Marathi

Loukoulos is a seaside restaurant in Marathi, Chania, offering fresh Cretan cuisine in a relaxed beachfront setting.

Bus Return to Chania

Registration

Chair's welcome to DIMVA'26

Session 1: IoT & Embedded Security

Turbulence: Ransomware Proof of Concept for Resource-Constrained IoT Devices by Calvin Brierley (University of Kent); Yuxiang Huang (University of Bristol); Yichao Wang (University of Kent); James Pope, George Oikonomou (University of Bristol); Budi Arief (University of Kent)

HESTIA: Automated Application Code Identification in RTOS Firmware by Constantin Brinza (University of Twente); Peng Liu (University of Birmingham); Jorik van Nielen (University of Twente); Daan Prinsze (TU Delft); Marius Muench (University of Birmingham); Andrea Continella (University of Twente)

EventHorizon: Measuring Attacker Engagement in Multiprotocol IoT Tarpits by Anastasia Safargalieva, Dario Maddaloni, Emmanouil Vasilomanolakis (Technical University of Denmark)

Coffee break

Session 2: Platform Security & Hardware Vulnerabilities

From Signup to Takedown: An Analysis of Malicious File Distribution in Free Hosting Providers by Giada Stivala (CISPA Helmholtz Center for Information Security); Mika Meyer (Saarland University); Giancarlo Pellegrino (CISPA Helmholtz Center for Information Security)

ETW through VMI: Hypervisor-Level Collection of Windows ETW Telemetry by Alexander Schmitz, Anas Karazon, Artur Leinweber, Marvin Gudel, Raphael Springer, Sofie Telöken (Institute for Internet Security, Westphalian University of Applied Sciences, Gelsenkirchen, Germany); Lukas Beierlieb (Cyberus Technology GmbH, Dresden, Germany); Christian Dietrich (Institute for Internet Security, Westphalian University of Applied Sciences, Gelsenkirchen, Germany)

FROST: Fingerprinting Remotely using OPFS-based SSD Timing by Hannes Weissteiner, Tobias Weiser, Roland Czerny, Sudheendra Raghav Neela, Fabian Rauscher (Graz University of Technology); Jonas Juffinger (Liebherr); Daniel Gruss (Graz University of Technology)

Improving Counting Thread Consistency via Differential Measurement and Abating Frequency Variance on Modern Xeon Processors by Wei He, Wei Song, Da Xie, Hao Ma (Institute of Information Engineering, CAS); Yusi Feng (Southern University of Science and Technology); Wenhao Wang (Institute of Information Engineering, CAS)

Lunch

Session 3: Vulnerability Detection & Fuzzing

ANVIL: Anomaly-based Vulnerability Identification without Labelled Training Data by Weizhou Wang, Eric Liu, Xiangyu Guo, Xiao Hu, Ilya Grishchenko, David Lie (University of Toronto)

BACFuzz: Exposing the Silence on Broken Access Control Vulnerabilities in Web Applications by I Putu Arya Dharmaadi (University of Groningen); Mohannad Alhanahnah (Hamad Bin Khalifa University); Van-Thuan Pham (University of Melbourne); Fadi Mohsen, Fatih Turkmen (University of Groningen)

SscRex: Practical Symbolic Execution of Solana Smart Contracts by Tobias Cloosters, Pascal Winkler, Jens-Rene Giesen (University of Duisburg-Essen); Ghassan Karame (Ruhr University Bochum); Lucas Davi (University of Duisburg-Essen)

Session 4: Systems Security & Microarchitectural Attacks

MirrorShield: Cross-Architecture Linux Malware Analysis via Lightweight Emulation and LLM by Zihan Zhang, Wenqi Lin, Lingna Sun, Hongyi Wang, Jingyi Wang, Yanshu Mei, Fengwei Zhang (Southern University of Science and Technology)

Fast and Secure LLC Caches via Spatial Windows by Roland Czerny, Simon Lammer, Lukas Giner (Graz University of Technology); Anirban Chakraborty (Max Planck Institute for Security and Privacy); Daniel Gruss (Graz University of Technology)

Fun with flags: How Compilers Break and Fix Constant-Time Code by Antoine Geimer, Clémentine Maurice (Univ. Lille, CNRS, Inria)

Coffee break

Coffee break and poster setting up.

Session 5: AI for Security & Robustness

Whispers in the Machine: Confidentiality in Agentic Systems by Jonathan Evertz, Merlin Chlosta, Lea Schönherr, Thorsten Eisenhofer (CISPA Helmholtz Center for Information Security)

Multi-Taxonomy Vulnerability Classification with Hierarchically Finetuned Language Models by Franco Terranova, Sana Rekbi, Abdelkader Lahmadi, Isabelle Chrisment (Université de Lorraine, CNRS, Inria, LORIA)

VulnRep: Reproducer-Verified LLM-Based Vulnerability Discovery by Mischa Meier (University of Bonn,Fraunhofer FKIE); Annika Kuntze, Veit Eysholdt, Christoph Geron, Maxim Shevchishin, Niklas Steffen, Maximilian Leiwig, Julian Steffen, Felix Boes (University of Bonn); Matthew Smith (University of Bonn,Fraunhofer FKIE); Sergej Dechand (Max Planck Institute for Security and Privacy)

Adversarial Robustness of AI-Generated Image Detectors in the Real World by Sina Mavali (CISPA Helmholtz Center for Information Security); Jonas Ricker (Ruhr University Bochum); David Pape (CISPA Helmholtz Center for Information Security); Asja Fischer (Ruhr University Bochum); Lea Schönherr (CISPA Helmholtz Center for Information Security)

Poster Session

A Dynamic Analysis framework for Android Malware Detection by Junping Zhu, Weijian Zhao (Northeastern University); Aaron Hunter (British Columbia Institute of Technology, Vancouver, Canada); Maryam Tanha (Northeastern University)

The Simpler, the Stealthier: a Framework for Evaluating Adversarial Domain Generation Algorithm Models by Tomás Pelayo-Benedet (Universidad de Zaragoza), Ricardo J. Rodríguez (Universidad de Zaragoza)

Automated Multi-Ecosystem Collection and Preservation of Malicious Open Source Packages by Marc Ohm (University of Bonn & Fraunhofer FKIE); Timo Pohl (University of Bonn)

To Play or Not to Play: Insights and Lessons Learned from 20 Years of CTFs with ENOFLAG by Joerg Schneider, Sebastian Neef, Sebastian Koch (Technische Universitaet Berlin)

What HTTP Basic Authentication Reveals: Measuring Identifiable Internet-Exposed Devices by Ruri Otsuka (Mitsubish Electric, Yokohama National University); Ryu Kuki, Yin Minn Pa Pa, Katsunari Yoshioka (Yokohama National University)"

Securing the Control & Data Flows of LLM Agents via Dual-LLM & Taint-Tracking by Ioannis Tzachristas (Huawei Heisenberg Research Center, Munich, Germany / Technical University of Munich, Germany); Aifen Sui (Huawei Heisenberg Research Center, Munich, Germany)

Test-Driven Detection Engineering by Lukas Schmidt (FH Münster University of Applied Sciences, Atruvia AG); Tilman Frosch, Luca Ebach, Anton Wendel (Atruvia AG); Sebastian Schinzel (FH Münster University of Applied Sciences)

The Lazarus Effect: Lifecycle Dynamics of Malicious Infrastructure by Eva Papadogiannaki (Dienekes); Sotiris Ioannidis (Technical University of Crete); Kostas Solomos (Brandeis University)

Rethinking Security in LLM Code Generation through Real-World Risk Scenarios by Lixun Ma (Zhejiang University); Ruolong Ma (China Academy of Information and Communications Technology); Bei Wang (MetaX Integrated Circuit Co., Ltd.); Feng Wei (China Academy of Information and Communications Technology); Zhenguang Liu (Zhejiang University); Lorenzo Cavallaro (University College London); Wentao Chen (China Academy of Information and Communications Technology)

Mind the Gap - Characterizing the Temporal Blind Spot Between GSB and DNS Resolution by Tomer Gal (Ariel University); Fujiao Ji, Doowon Kim (University of Tennessee, Knoxville); Harel Israel Berger (Ariel University)

Dinner @ Canale

Canale is a stylish seaside restaurant in Chania’s Old Town, offering Cretan cuisine and fresh seafood.

Keynote: IoT Threat Assessment with the AttackDefense Framework

Abstract: The talk focuses on threat assessment for the Internet of Things (IoT). It presents pervasive security vulnerabilities in IoT protocols, including impersonation and machine-in-the-middle attacks on Fast IDentity Online v2 (FIDO2) and the Open Charge Point Protocol (OCPP). It then introduces a new and practical solution for IoT threat assessment based on threat modeling, a somewhat lost art in academia that we should revive! The talk explains how to threat-model IoT devices and their life cycles using the AttackDefense Framework (ADF). Through a real-world cryptowallet case study that we run with a team of hardware, software, and protocol security experts, we demonstrate the effectiveness of ADF in threat modeling heterogeneous attacks and defenses on the full IoT stack. We also discuss current limitations, which should provide a basis for exciting discussion on how to improve IoT threat modeling and the ADF framework! The audience will learn about the state of the art in IoT threat assessment and modeling, as well as related future trends.

Bio: Daniele Antonioli is an Assistant Professor (Class 1) at EURECOM with the software and system security (S3) group. He is doing research and teaching in system security and privacy, with an emphasis on protocols such as Bluetooth, FIDO2, and OCPP, embedded systems, such as vehicles, mobile devices, and IoT devices, and cyber-physical systems such as industrial control systems. Daniele holds a French HDR (Habilitation à diriger des Recherches) from the École polytechnique in Paris and a PhD funded by a PFG fellowship from SUTD in Singapore.

Coffee break

Session 6: Software & Platform Security

Glasswall: Enforcing User-Defined Data Usage Policies in Functions as a Service by Silvan Niederer, Ali Hajiabadi, Kaveh Razavi (ETH Zurich)

Silent Consent, Persistent Risk: Android Permission Groups and Custom Permissions by Olawale Amos Akanji, Manuel Egele, Gianluca Stringhini (Boston University)

Dead Weight: Analyzing Code Bloat and Its Security Implications in WebAssembly Binaries by Pratik M. Kamble, Aravind Prakash (Binghamton University)

New Platform, Old Issues: How Web-based TV Broadcasts threaten Users' Security by Carlotta Tagliaro, Andrej Danis (TU Wien); Kevin Borgolte (Ruhr University Bochum); Martina Lindorfer (TU Wien)

Lunch

Session 7: Timing Attacks and System-Level Defenses

Systematic Timing Leakage Analysis of NIST PQDSS Candidates: Lessons Learned by Koffi Adjonyo (Technology Innovation Institute); Sébastien Bardin (CEA List & Université Paris Saclay); Emanuele Bellini (Technology Innovation Institute); Mahmudul Faisal Al Ameen (CEA List & Université Paris Saclay); Gilbert Ndollane Dione, Robert Merget (Technology Innovation Institute); Yanis Sellami, Frédéric Recoules (CEA List & Université Paris Saclay)

Santa: Language-Agnostic Automated System Call Policy Learning for Cloud Microservices by Meghna Pancholi, Andreas Kellas, Kostis Kaffes (Columbia University); Steven M. Bellovin (Columbia University/Georgetown Law); Simha Sethumadhavan (Columbia University/Chip Scan); Vasileios P. Kemerlis (Brown University)

Client-Side Mitigation of Remote Latency Side-Channel Attacks by Stefan Gast, Simone Franza (Graz University of Technology); Martin Heckel (Hof University of Applied Sciences, Institute of Information Systems (iisys)); Jonas Juffinger (Liebherr); Daniel Gruss (Graz University of Technology); Johanna Ullrich (IT:U Interdisciplinary Transformation University Austria)

Session 8: Malware Analysis & Detection

MoZombie: A Case Study of the Self-Sustaining Mozi Botnet Architecture by Murtuza Mohammed, Georgios Smaragdakis, Harm Griffioen (TU Delft)

Instruction-to-Program Cross-Layer Graph Neural Network for Robust Windows Malware Detection by Haodong Chen, Lirong Fu (Hangzhou Dianzi University); Yuchen Zhang (New York University); Lin An, Gangyong Jia (Hangzhou Dianzi University)

FlowScanner: Malware Detection via Kernel-supported Basic-Block Tracing by Pasquale Caporaso (Università degli studi di Roma "Tor Vergata"); Ludovico Zarrelli (Università degli studi di Roma "Tor Vergata" / DGS S.p.a, Rome, Italy); Giuseppe Bianchi, Francesco Quaglia (University of Rome Tor Vergata)

Coffee break

Session 9: Network & Communication Security

Protocol-Aware Detection of TEID Brute-Force Attacks in 5G Networks by Muhammad Raza, Helena Rifà-Pous (Universitat Oberta de Catalunya); Carles Garrigues Olivella (Universitat Autònoma de Barcelona)

Unseen Traffic: IPv6 Blindspots in Sandboxes by Stefan Grosser, Edlira Dushku (Aalborg University)

Traces in WAN Traffic: Inferring Alarm States and User Activity from Encrypted Smart Home Traffic by Paul Mairinger, Joachim Fabini, Tanja Zseby (TU Wien)

Session 10: Security Operations & Incident Response

Can SOC Operators Explain their Decisions while Triaging Alarms? A Real-World Study by Jessica Moosmann, Irdin Pekaric, Giovanni Apruzzese (University of Liechtenstein)

Towards Model-Driven Incident Response Playbooks for Kubernetes by Merlin Kling, Yannik Franke (SVA System Vertrieb Alexander GmbH, Wiesbaden, Germany); Jannis Hamborg (Darmstadt University of Applied Sciences); Franca Speth (SVA System Vertrieb Alexander GmbH, Wiesbaden, Germany); Christoph Krauß (Darmstadt University of Applied Sciences)

A Provenance Graph Anomaly Detection Framework Based on Bidirectional Graph Attention Networks by Jibin Luo, Jie Li, Yangjie Cao, Ziyang He (School of Cyber Science and Engineering, Zhengzhou University, Zhengzhou, China)

Closing notes and good bye