ACM SecDev 2026
Sun 5 - Mon 6 July 2026 Montreal, Canada
co-located with FSE 2026
You're viewing the program in a time zone which is different from your device's time zone change time zone

Sun 5 Jul

Displayed time zone: Eastern Time (US & Canada) change

09:00 - 10:30
Opening and KeynoteResearch Papers at MB 3.435

Sunday, July 5th, 2026

Opening — 09:00–09:30

Room MB 3.435

Keynote by Dr. Rod Chapman — 09:30–10:30

Keynote Title Formal is Fast - Cryptographic code in the age of AI
Session Chair Raghudeep Kannavara
Room MB 3.435

Abstract

This talk will go over our approach to the development and verification of post-quantum cryptographic code at AWS. It will cover our approach to assembly-language verification, and how we are verifying C code within AWS LibCrypto. Proof also enables “fearless optimization” of crypto code, where proofs of correctness and/or equivalence preserve functional behaviour while allowing and inspiring non-trivial performance improvements. We’ll go on to talk about how AI agents are transforming our productivity and developer engagement without compromising our stratospheric quality bar. Our approach combines automated reasoning guardrails that constrain AI behaviour to known-good outcomes with aggressive use of agents to find proofs and optimizations of our most critical code.

Speaker Bio

Dr. Rod Chapman is a senior principal applied scientist within the Cryptography group of Amazon Web Services. He specializes in the design, development and verification of cryptographic software, and has particular experience with programming language design and automated reasoning technologies. He also coaches development teams and leadership in high-assurance software development disciplines, technologies, and processes. He is a Fellow of the IET and an honorary visiting professor at the University of York.

Coffee Break — 10:30–11:00


11:00 - 12:30
Paper Session: Program Analysis, Design, and EvaluationResearch Papers at MB 3.435

Paper Session: Program Analysis, Design, and Evaluation — 11:00–12:30

Session Chair Gabriel Negreira Barbosa
Room MB 3.435
# Paper
1 Reality Check: Independent Evaluation of Modern Grey-Box Fuzzing Techniques
Pavel Frolikov
2 Syntax Is Easy, Semantics Is Hard: Evaluating LLMs for LTL Translation
Priscilla Kyei Danso, Mohammad Saqib Hasan, Niranjan Balasubramanian, and Omar Chowdhury
3 CFIghter: Automated Control-Flow Integrity Enablement and Evaluation for Legacy C/C++ Systems
Sabine Houy, Bruno Kreyssig, and Alexandre Bartel
4 SoK: A Modularized Framework for Symbolic Execution and Application for Usable Tool Design
James Mattei, Andrew Lin, Jasper Geer, Jie Hu, Moritz Schloegel, Tiffany Bao, and Daniel Votipka

Lunch — 12:30–14:00

Room TBD

14:00 - 15:30
PanelResearch Papers at MB 3.435

Panel: Trust, Autonomy, and Supply Chain Risk in Agentic Software Development — 14:00–15:00

Session Chair TBD
Room MB 3.435

Panelists

# Panelist
1 Dr. Rod Chapman, Senior Principal Applied Scientist, Amazon Web Services
2 Dr. Roland Yap Hock Chuan, Associate Professor, Computer Science, School of Computing, National University of Singapore
3 Dr. Amin Milani Fard, Associate Professor, Computer Science, College of Engineering & Computing Sciences, New York Institute of Technology – Vancouver Campus
4 Dr. Venkat Sai Suman Lamba Karanam, Assistant Professor, Computer Science, College of Arts and Sciences, Bowling Green State University
5 Marcelo Garcia, Cyber Security Policy and Strategy Specialist, Brazil Federal Fluminense University

Poster Session and Coffee Break — 15:00–16:00

# Poster Title Presenters
1 Read the Room: LLM-Based Filesystem Intelligence for Targeted Compliance Scanning Adhithya Rajasekaran
2 Auditing MCP Servers for Over-Privileged Tool Capabilities Charoes Huang, Xin Huang, Amin Milani Fard
3 Nyx: A Distributed Performance Benchmark Framework for PSI Wout Ceulemans, Pieter Philippaerts, Dimitri Van Landuyt, Wouter Joosen
4 Are AI-assisted Development Tools Immune to Prompt Injection? Charoes Huang, Xin Huang, Amin Milani Fard
5 From Vulnerability to Resilience: Enhancing SDN-Based False Data Detection for In-Vehicle Networks Against DeepFool Long Dang, Thushari Hapuarachchi, Kaiqi Xiong, Yi Li
6 Evaluating Retrieval-Augmented Generation for Explainable Malware Analysis Jayson Ng, Amin Milani Fard
7 Automating Software Supply Chain Security: AI-Powered Threat Detection in DevSecOps Marlon Brenes Rojas, Sara Khanchi
8 Secure Local CI/CD Pipelines: Reducing Security Risk from Premature Code Integration Vinodkumar Kakarla, Sara Khanchi


16:00 - 18:00
Paper Session: Software Security and Vulnerability AnalysisResearch Papers at MB 3.435

Paper Session: Software Security and Vulnerability Analysis — 16:00–18:00

Session Chair Dr. Dimitri Van Landuyt
Room MB 3.435
# Paper
1 Origin Story: A Comprehensive Lifecycle Analysis of Same-Origin Policy Bugs
Jakub Szymsza, Gertjan Franken, Vik Vanderlinden, Tom Van Goethem, Mathy Vanhoef, and Lieven Desmet
2 ASN1spect: Uncovering ASN.1 Compiler-Generated Vulnerabilities in Critical Infrastructure
Seaver Thorn, Nathaniel Bennett, Kevin Butler, Patrick Traynor, and William Enck
3 On the Variability of Source Code in Maven Package Rebuilds
Jens Dietrich and Behnaz Hassanshahi
4 RepliGuard: Policy-Driven Replica Management Framework for Protecting against Acoustic Attacks
Jennifer Sheldon, Yungwoo Ko, Sri Hrushikesh Varma Bhupathiraju, Sara Osmanovic, Weidong Zhu, Md Jahidul Islam, and Sara Rampazzi
5 At the Precipice of Integrity Protection using Pointer Authentication
Viorel Preoteasa, Carlos Chinea Pérez, Hans Liljestrand, and Jan-Erik Ekberg
6 Cloud Safety: A Hardware Perspective
Raghudeep Kannavara, Matthew Dickinson, and Monty Wiseman

Mon 6 Jul

Displayed time zone: Eastern Time (US & Canada) change

09:00 - 10:30
Opening and KeynoteResearch Papers at MB 3.435

Monday, July 6th, 2026

Keynote by Dr. Sergey L. Bratus — 09:30–10:30

Keynote Title Mapping and Bridging the Software Understanding Gap
Session Chair Raghudeep Kannavara
Room MB 3.435

Abstract

The gap between our capabilities to build software and to understand what we’ve built, reason about it, and anticipate its emergent behaviors, is tremendous. The joint “Closing the Software Understanding Gap” memorandum by US Government agencies recognized addressing this gap as a national priority. I will argue that the keys to bridging this gap lie in rethinking ostensibly mere-engineering tasks as truly first-class computer science challenges; changing the formats in which code and data are delivered based on this new understanding; and applying strong predictive theories of software’s emergent behaviors (typically witnessed via ‘hacking’ or exploitation) to all stages of software construction, delivery, and operation.

Speaker Bio

Dr. Sergey L. Bratus is the Dartmouth College Distinguished Professor in Cyber Security, Technology, and Society and an Associate Professor of Computer Science. In 2018–2024 he served as a Program Manager at DARPA’s Information Innovation Office (I2O), where he created multiple fundamental research programs in cybersecurity, resilience, and sustainment of critical software.

Coffee Break — 10:30–11:00


11:00 - 12:30
Paper Session: Security Analysis and DesignResearch Papers at MB 3.435

Paper Session: AI and Security — 11:00–12:30

Session Chair Dr. Venkat Sai Suman Lamba Karanam
Room MB 3.435
# Paper
1 OpenClaw RedTeam Recon: A Local OSS-LLM-Powered Autonomous Reconnaissance Agent
Marcelo Garcia and Robson de Oliveira Albuquerque
2 SafeAIMerge: A Tool for Integrating DAST and LLM-Generated Security Feedback into GitHub Actions Workflows
Arpit Thool, Justin Smith, and Chris Brown
3 A CNN-LSTM Security Model for SCADA Network
Olga Dye and Brian Dye
4 SoK: A Comprehensive Analysis of the Current Status of Neural Tangent Generalization Attacks with Research Directions
Thushari Hapuarachchi and Kaiqi Xiong

Lunch — 12:30–14:00

Room TBD

14:00 - 15:30
Award Session and Paper Session: Security Analysis and DesignResearch Papers at MB 3.435

Award Session — 14:00–14:10

Room MB 3.435

Distinguished Reviewer & Paper Awards

Chair Dr. Dimitri Van Landuyt

Paper Session: Security Analysis and Design — 14:10–15:30

Session Chair Dr. Gertjan Franken
Room MB 3.435
# Paper
1 SGX-MB: A Secure Framework for Middleboxes Leveraging Intel SGX
Mahmoud Hofny, Lianying Zhao, and Amr Youssef
2 A Technology-Readiness Evaluation of Private Set Intersection
Wout Ceulemans, Pieter Philippaerts, Dimitri Van Landuyt, and Wouter Joosen
3 Augment Mutual TLS Authentication with HW Rooted Identity: Simplified Device Lifecycle and Interoperability
Dhananjay Phadke and Xiling Sun
4 Adversarially Mixed Secret Key Generation for Side-Channel Defense for the Cloud
Venkat Sai Suman Lamba Karanam, Zahmeeth Sayed Sakkaff, and Pasindu Balasooriya

Coffee Break — 15:30–16:00


16:00 - 18:00