Message from the PC chairs

We would like to welcome you to this virtual edition of DIMVA 2020.

This year, DIMVA received 45 valid submissions from academic and industrial organizations from more than 60 different institutions across 21 countries. Each submission was carefully reviewed by three Program Committee members or external experts. The final selection of papers was decided by Program Committee members during online discussions, in lieu of our traditional physical PC meeting. Discussions were however lively on hotcrp, with 258 comments. The Program Committee selected 13 full papers for presentation at the conference and publication in the proceedings, resulting in an acceptance rate of 28.9%.

We would like to express our appreciation to the Program Committee members and external reviewers for the time spent reviewing papers, participating in the online discussion, and shepherding some of the papers to ensure the highest quality possible. This was clearly a difficult time for everybody, but the Program Committee did a great job. We also deeply thank the members of the Organizing Committee and the Steering Committee for their hard work and responsiveness during this crisis. We are wholeheartedly thankful to our sponsors ERNW, Siemens, and Springer for generously supporting DIMVA 2020.

We are looking forward to seeing all of you in person again, hopefully at DIMVA 2021!

Clémentine Maurice and Leyla Bilge,
DIMVA 2020 Program co-chairs

Program

Next to each paper it is its presentation video.

Vulnerability discovery and analysis

1. Automated CPE labeling of CVE summaries with Machine Learning (video)
Emil Wåreus and Martin Hell
2. Backstabber's Knife Collection: A Review of Open Source Software Supply Chain Attacks (video)
Marc Ohm, Henrik Plate, Arnold Sykosch, and Michael Meier
3. Putting Attacks in Context: A Building Automation Testbed for Impact Assessment from the Victim’s Perspective (video)
Herson Esquivel-Vargas, Marco Caselli, Geert Jan Laanstra, and Andreas Peter

Attacks

1. Fast and Furious: Outrunning Windows Kernel Notification Routines from User-Mode (video)
Pierre Ciholas, Jose Miguel Such, Angelos K. Marnerides, Benjamin Green, Jiajie Zhang, and Utz Roedig
2. HAEPG: An Automatic Multi-hop Exploitation Generation Framework (video)
Zixuan Zhao, Yan Wang, and Xiaorui Gong
3. Understanding Android VoIP Security: A System-level Vulnerability Assessment (video)
En He, Daoyuan Wu, and Robert H. Deng

Web security

1. Web Runner 2049: Evaluating Third-Party Anti-bot Services (video)
Babak Amin Azad, Oleksii Starov, Pierre Laperdrix, and Nick Nikiforakis
2. Short Paper - Taming The Shape Shifter: Detecting Anti-fingerprinting Browsers (video)
Babak Amin Azad, Oleksii Starov, Pierre Laperdrix, and Nick Nikiforakis
3. It Never Rains but It Pours: Analyzing and Detecting Fake Removal Information Advertisement Sites (video)
Takashi Koide, Daiki Chiba, Mitsuaki Akiyama, Katsunari Yoshioka, and Tsutomu Matsumoto
4. On the Security of Application Installers & Online Software Repositories (video)
Marcus Botacin, Giovanni Bertão, Paulo de Geus, André Grégio, Christopher Kruegel, and Giovanni Vigna

Detection and containment

1. Distributed Heterogeneous N-Variant Execution (video)
Alexios Voulimeneas, Dokyung Song, Fabian Parzefall, Yeoul Na, Per Larsen, Michael Franz, and Stijn Volckaert
2. Sec2graph: Network Attack Detection based on Novelty Detection on Graph Structured Data (video)
Laetitia Leichtnam, Eric Totel, Nicolas Prigent, and Ludovic Mé
3. Efficient Context-Sensitive CFI Enforcement through a Hardware Monitor (video)
Sadullah Canakci, Leila Delshadtehrani, Boyou Zhou, Ajay Joshi, and Manuel Egele