09:00-09:30

Founding Digital Currency on Secure Computation
Karim Eldefrawy and Joshua Lampkins

Code Reuse Attacks in PHP: Automated POP Chain Generation
Johannes Dahse, Nikolai Krein and Thorsten Holz

Rosemary: A Robust, Secure, and High-performance Network Operating System
Seungwon Shin, Yongjoo Song, Taekyung Lee, Sangho Lee, Jaewoong Chung, Phillip Porras, Vinod Yegneswaran, Jisung Noh and Brent Byunghoon Kang

Deanonymisation of clients in Bitcoin P2P network
Alex Biryukov, Dmitry Khovratovich and Ivan Pustogarov

Information Leaks Without Memory Disclosures: Remote Side Channel Attacks on Diversified Code
Jeff Seibert, Hamed Okhravi and Eric Söderström

Hypervision Across Worlds: Real-time Kernel Protection from the ARM TrustZone Secure World
Ahmed Azab, Peng Ning, Jitesh Shah, Quan Chen, Rohan Bhutkar, Guruprasad Ganesh, Jia Ma and Wenbo Shen

How to Use BItcoin to Incentivize Correct Computations
Ranjit Kumaresan and Iddo Bentov

Code Injection Attacks on HTML5-based Mobile Apps: Characterization, Detection and Mitigation
Xing Jin, Xunchao Hu, Kailiang Ying, Wenliang Du, Heng Yin and Gautam Nagesh Peri

A11y Attacks: Exploiting Accessibility in Operating Systems
Yeongjin Jang, Chengyu Song, Simon Chung, Tielei Wang and Wenke Lee

Private-by-Design Advertising Meets the Real World
Alexey Reznichenko and Paul Francis

DeTrust: Defeating Hardware Trust Verification with Stealthy Implicitly-Triggered Hardware Trojans
Jie Zhang, Feng Yuan and Qiang Xu

SCORAM: Oblivious RAM for Secure Computation
Xiao Wang, Yan Huang, T-H. Hubert Chan, Abhi Shelat and Elaine Shi

Your Online Interests – Pwned! A Pollution Attack Against Targeted Advertising
Wei Meng, Xinyu Xing, Anmol Sheth, Udi Weinsberg and Wenke Lee

ATRA: Address Translation Redirection Attack against Hardware-based External Monitors
Daehee Jang, Hojoon Lee, Minsu Kim, Daehyeok Kim, Daegyeong Kim and Brent Byunghoon Kang

Toward Robust Hidden Volumes using Write-Only Oblivious RAM
Erik-Oliver Blass, Travis Mayberry, Guevara Noubir and Kaan Onarlioglu

Characterizing Large-Scale Click Fraud in ZeroAccess
Paul Pearce, Vacha Dave, Chris Grier, Kirill Levchenko, Saikat Guha, Damon McCoy, Vern Paxson, Stefan Savage and Geoffrey Voelker

AutoProbe: Towards Automatic Active Malicious Server Probing Using Dynamic Binary Analysis
Zhaoyan Xu, Antonio Nappa, Robert Baykov, Guangliang Yang, Juan Caballero and Guofei Gu

Oblivious Data Structure
Xiao Wang, Kartik Nayak, Chang Liu, T-H. Hubert Chan, Elaine Shi, Emil Stefanov and Yan Huang

A Systematic Approach to Developing and Evaluating Website Fingerprinting Defenses
Xiang Cai, Rishab Nithyanand, Tao Wang, Rob Johnson and Ian Goldberg

Optimal Average-Complexity Ideal-Security Order-Preserving Encryption
Florian Kerschbaum and Axel Schroepfer

Routing Bottlenecks in the Internet – Causes, Exploits, and Countermeasures
Min Suk Kang and Virgil D. Gligor

TUTORIAL 1
Lecturer: Christian Cachin(IBM Research-Zurich)
Title: Integrity, Consistency, and Verification of Remote Computation

Location Privacy Protection for Smartphone Users
Kassem Fawaz and Kang Shin

A New Additive Homomorphic Encryption based on the co-ACD Problem
Jung Hee Cheon, Hyung Tae Lee and Jae Hong Seo

VoIP Fraud: Identifying a Wolf in Sheep's Clothing
Hemant Sengar

A Critical Evaluation of Website Fingerprinting Attacks
Marc Juarez, Sadia Afroz, Gunes Acar, Claudia Diaz and Rachel Greenstadt

Verifying Curve25519 Software
Yu-Fang Chen, Chang-Hong Hsu, Hsin-Hung Lin, Peter Schwabe, Ming-Hsien Tsai, Bow-Yaw Wang, Bo-Yin Yang and Shang-Yi Yang

Mechanized Network Origin and Path Authenticity Proofs
Fuyuan Zhang, Limin Jia, Cristina Basescu, Tiffany Hyun-Jin Kim, Soo Bum Lee, Yih-Chun Hu and Adrian Perrig

Optimal Geo-Indistinguishable Mechanisms for Location Privacy
Nicolás E. Bordenabe, Konstantinos Chatzikokolakis and Catuscia Palamidessi

Searchable Encryption with Secure and Efficient Updates
Florian Hahn and Florian Kerschbaum

Security Vulnerability in Processor-Interconnect Router Design
Wonjun Song, John Kim, Jae Lee and Dennis Abts

Multi-ciphersuite security of the Secure Shell (SSH) protocol
Florian Bergsma, Benjamin Dowling, Florian Kohlar, Jörg Schwenk and Douglas Stebila

Watching the Watchers: Automatically Inferring TV Content From Outdoor Light Effusions
Yi Xu, Jan-Michael Frahm and Fabian Monrose

Dialing Back Abuse on Phone Verified Accounts
Kurt Thomas, Dmytro Iatskiv, Elie Bursztein, Tadek Pietraszek, Chris Grier and Damon McCoy

ARPKI: Attack Resilient Public-Key Infrastructure
David Basin, Cas Cremers, Tiffany Hyun-Jin Kim, Adrian Perrig, Ralf Sasse and Pawel Szalachowski

Acoustic Fingerprinting Revisited: Generate Stable Device ID Stealthy with Inaudible Sound
Zhe Zhou, Wenrui Diao, Xiangyu Liu and Kehuan Zhang

Uncovering Large Groups of Active Malicious Accounts in Online Social Networks
Qiang Cao, Xiaowei Yang, Jieqi Yu and Christopher Palow

Securing SSL Certificate Verification through Dynamic Linking
Adam Bates, Joe Pletcher, Tyler Nichols, Braden Hollembaekc, Dave Tian and Kevin Butler

Do You Hear What I Hear? Fingerprinting Smart Devices Through Embedded Acoustic Components
Anupam Das, Nikita Borisov and Matthew Caesar

Consequences of Connectivity: Characterizing Account Hijacking on Twitter
Kurt Thomas, Frank Li, Chris Grier and Vern Paxson

PoliCert: Secure and Flexible TLS Certificate Management
Pawel Szalachowski, Stephanos Matsumoto and Adrian Perrig

Context-free Attacks Using Keyboard Acoustic Emanations
Tong Zhu, Qiang Ma, Shanfeng Zhang and Yunhao Liu

Face in the Distorting Mirror: Revisiting Photo-based Social Authentication
Iasonas Polakis, Panagiotis Ilia, Federico Maggi, Marco Lancini, Georgios Kontaxis, Stefano Zanero, Sotiris Ioannidis and Angelos Keromytis

(Nothing else) MATor(s): Monitoring the Anonymity of Tor's Path Selection
Michael Backes, Aniket Kate, Sebastian Meiser and Esfandiar Mohammadi

Breaking Integrated Circuit Device Security through Test Mode Silicon Reverse Engineering
Markus Kammerstetter, Markus Muellner, Daniel Burian, Christian Platzer and Wolfgang Kastner

Reuse It Or Lose It: More Efficient Secure Computation Through Reuse of Encrypted Values
Benjamin Mood, Debayan Gupta, Kevin Butler and Joan Feigenbaum

Deniable Liaisons
Abhinav Narain, Nick Feamster and Alex Snoeren

ARMlock: Hardware-based Fault Isolation for ARM
Yajin Zhou, Xiaoguang Wang, Yue Chen and Zhi Wang

UC security is practical: Efficient UC protocols with a Global Random Oracle
Ran Canetti, Abhishek Jain and Alessandra Scafuro

Community-Enhanced De-anonymization of Online Social Networks
Shirin Nilizadeh, Apu Kapadia and Yong-Yeol Ahn

The Last Mile: An Empirical Study of Some Timing Channels on seL4
David Cock, Qian Ge, Toby Murray and Gernot Heiser

A Computationally Complete Symbolic Attacker for Equivalence Properties
Gergei Bana and Hubert Comon-Lundh

Detection of On-Road Vehicles Emanating GPS Interference
Gorkem Kar, Hossen Mustafa, Yan Wang, Yingying Chen, Wenyuan Xu, Marco Gruteser and Tam Vu

Optimizing Obfuscation: Avoiding Barrington's Theorem
Prabhanjan Ananth, Divya Gupta, Yuval Ishai and Amit Sahai

The web never forgets: Persistent tracking mechanisms in the wild
Gunes Acar, Christian Eubank, Steven Englehardt, Marc Juarez, Arvind Narayanan and Claudia Diaz

On The Security of Mobile Cockpit Information Systems
Devin Lundberg, Brown Farinholt, Edward Sullivan, Ryan Mast, Stephen Checkoway, Stefan Savage, Alex Snoeren and Kirill Levchenko

Fully Secure and Fast Signing from Obfuscation
Kim Ramchen and Brent Waters

MACE: Detecting Privilege Escalation Vulnerabilities in Web Applications
Maliheh Monshizadeh, Prasad Naldurg and V. N. Venkatakrishnan

11:45-
12:45

Security Analysis of the Estonian Internet Voting System
Drew Springall, Travis Finkenauer, Zakir Durumeric, Jason Kitcat, Harri Hursti, Margaret MacAlpine and J. Alex Halderman

Increasing Security Sensitivity With Social Proof: A Large-Scale Experimental Confirmation
Sauvik Das, Adam Kramer, Laura Dabbish and Jason Hong

Vulnerability and Protection of Channel State Information in Multiuser MIMO Networks
Yu-Chih Tung, Sihui Han, Dongyao Chen and Kang G. Shin

TUTORIAL 2
Lecturer: William Enck(North Carolina State Univ.)
Tao Xie(Univ. of Illinois, Urbana-Champaign)
Title: Text Analytics for Security

Harvesting high value foreign currency transactions from EMV contactless credit cards without the PIN
Martin Emms, Budi Arief, Leo Freitas, Joseph Hannon and Aad van Moorsel

Are You Ready to Lock? Understanding User Motivations for Smartphone Locking Behaviors
Serge Egelman, Sakshi Jain, Rebecca Pottenger, Kerwell Liao, Sunny Consolvo and David Wagner

Blind Transmitter Authentication for Spectrum Security and Enforcement
Vireshwar Kumar, Jung-Min Park and Kaigui Bian

Real Threats to Your Data Bills: Security Loopholes and Defenses in Mobile Data Charging
Chunyi Peng, Chi-Yu Li, Hongyi Wang, Guan-Hua Tu and Songwu Lu

ALETHEIA: Improving the Usability of Static Security Analysis
Omer Tripp, Salvatore Guarnieri, Marco Pistoia and Aleksandr Aravkin

RevCast: Fast, Private Certificate Revocation over FM Radio
Aaron Schulman, Dave Levin and Neil Spring

Taking Authenticated Range Queries to Arbitrary Dimensions
Dimitrios Papadopoulos, Stavros Papadopoulos and Nikos Triandopoulos

Wiretapping via Mimicry: Short Voice Imitation Man-in-the-Middle Attacks on Crypto Phones
Maliheh Shirvanian and Nitesh Saxena

Clubbing Seals: Exploring the Ecosystem of Third-party Security Seals
Tom Van Goethem, Frank Piessens, Wouter Joosen and Nick Nikiforakis

Outsourced Proofs of Retrievability
Frederik Armknecht, Jens-Matthias Bohli, Ghassan Karame, Zongren Liu and Christian A. Reuter

Context-Based Zero-Interaction Pairing and Key Evolution for Advanced Personal Devices
Markus Miettinen, N. Asokan, Thien Duc Nguyen, Ahmad-Reza Sadeghi and Majid Sobhani

A Nearly Four-Year Longitudinal Study of Search-Engine Poisoning
Nektarios Leontiadis, Tyler Moore and Nicolas Christin

Efficiently Verifiable Computation on Encrypted Data
Dario Fiore, Rosario Gennaro and Valerio Pastro

OAuth Demystified for Mobile Application Developers
Eric Chen, Yutong Pei, Shuo Chen, Yuan Tian, Robert Kotcher and Patrick Tague

From Patches to Honey-Patches: Lightweight Attacker Misdirection, Deception, and Disinformation
Frederico Araujo, Kevin Hamlen, Sebastian Biedermann and Stefan Katzenbeisser

ALITHEIA: Towards Practical Verifiable Graph Processing
Yupeng Zhang, Charalampos Papamanthou and Jonathan Katz

Beware, Your Hands Reveal Your Secrets !
Diksha Shukla, Rajesh Kumar, Abdul Serwadda and Vir Phoha

A Threat for Tablet PCs in Public Space: Remote Visualization of Screen Images Using EM Emanation
Yuichi Hayashi, Naofumi Homma, Mamoru Miura, Takafumi Aoki and Hideaki Sone

Quantifying Web-Search Privacy
Arthur Gervais, Reza Shokri, Adish Singla, Srdjan Capkun and Vincent Lenders

SCharacterization of Real-Life PRNGs under Partial State Corruption
Mario Cornejo and Sylvain Ruhault

Structural Data De-anonymization: Quantification, Practice, and Implications
Shouling Ji, Weiqing Li, Mudhakar Srivatsa and Raheem Beyah

Mayhem in the Push Clouds: Understanding and Mitigating Security Hazards in Mobile Push-Messaging Services
Tongxin Li, Xiaoyong Zhou, Luyi Xing, Yeonjoon Lee, Muhammad Naveed, Xiaofeng Wang and Xinhui Han

Synthesis of Fault Attacks on Cryptographic Implementations
Gilles Barthe, François Dupressoir, Pierre-Alain Fouque, Benjamin Grégoire and Jean-Christophe Zapalowicz

RAPPOR: Randomized Aggregatable Privacy-Preserving Ordinal Response
Úlfar Erlingsson, Vasyl Pihur and Aleksandra Korolova

Cross-Tenant Side-Channel Attacks in PaaS Clouds
Yinqian Zhang, Ari Juels, Mike Reiter and Thomas Ristenpart

ShadowCrypt: Encrypted Web Applications for Everyone
Warren He, Devdatta Akhawe, Sumeet Jain, Elaine Shi and Dawn Song

PrivEx: Private Collection of Traffic Statistics for Anonymous Communication Networks
Tariq Elahi, George Danezis and Ian Goldberg

Automating Information Flow Analysis of Low Level Code
Musard Balliu, Mads Dam and Roberto Guanciale

Semantics-Aware Android Malware Classification Using Weighted Contextual API Dependency Graphs
Mu Zhang, Yue Duan, Heng Yin and Zhiruo Zhao

PixelVault: Using GPUs for Securing Cryptographic Operations
Giorgos Vasiliadis, Elias Athanasopoulos, Michalis Polychronakis and Sotiris Ioannidis

Collaborative Verification of Information Flow for a High-Assurance App Store
Michael D. Ernst, René Just, Suzanne Millstein, Werner Dietl, Stuart Pernsteiner, Franziska Roesner, Karl Koscher, Paulo Barros, Ravi Bhoraskar, Seungyeop Han, Paul Vines and Edward Wu

An Epidemiological Study of Malware Encounters in a Large Enterprise
Ting-Fang Yen, Victor Heorhiadi, Alina Oprea, Michael Reiter and Ari Juels

Hey, NSA: Stay Away from my Market! Future Proofing App Markets against Powerful Attackers
Sascha Fahl, Sergej Dechand, Henning Perl, Felix Fischer, Jaromir Smrcek and Matthew Smith

11:45-
12:45

Fail-Security in Access Control
Petar Tsankov, Srdjan Marinovic, Mohammad Torabi Dashti and David Basin

Multi-Stage Key Exchange and the Case of Google's QUIC Protocol
Marc Fischlin and Felix Günther

S3: A Symbolic String Solver for Vulnerability Detection in Web Applications
Minh-Thai Trinh, Duc-Hiep Chu and Joxan Jaffar

TUTORIAL 3
Lecturer: Florian Kerschbaum(SAP, Germany)
Title: Client-Controlled Cloud Encryption

World-Driven Access Control for Continuous Sensing
Franziska Roesner, David Molnar, Alexander Moshchuk, Tadayoshi Kohno and Helen J. Wang

Algebraic MACs and Keyed-Verification Anonymous Credentials  
Melissa Chase, Sarah Meiklejohn and Gregory Zaverucha

ClickMiner: Towards Forensic Reconstruction of User-Browser Interactions from Network Traces
Christopher Neasbitt, Roberto Perdisci, Kang Li and Terry Nelms

Decide Now or Decide Later? Quantifying the Tradeoff between Prospective and Retrospective Access Decisions
Wen Zhang, You Chen, Thaddeus Cybulski, Daniel Fabbri, Carl A. Gunter, Patrick Lawlor, David Liebovitz and Bradley Malin

Security Analyses of Click-based Graphical Passwords via Image Point Memorability
Bin Zhu, Jeff Yan, Dongchen Wei and Maowei Yang

Moving Target: Security and Rapid-Release in Firefox
Sandy Clark, Michael Collis, Matt Blaze and Jonathan Smith

System-level Non-interference for Constant-time Cryptography
Gilles Barthe, Gustavo Betarte, Juan Diego Campo, Carlos Luna and David Pichardie

RockJIT: Securing Just-In-Time Compilation Using Modular Control-Flow Integrity
Ben Niu and Gang Tan

A Tale of Two Kernels: Towards Ending Kernel Hardening Wars with Split Kernel
Anil Kurmus and Robby Zippel

Controlled Functional Encryption
Muhammad Naveed, Shashank Agrawal, Manoj Prabhakaran, Xiaofeng Wang, Erman Ayday, Jean-Pierre Hubaux and Carl A. Gunter

Amandroid: A Precise and General Inter-component Data Flow Analysis Framework for Security Vetting of Android Apps
Fengguo Wei, Sankardas Roy, Xinming Ou and Robby

Beyond Pattern Matching: A Concurrency Model for Stateful Deep Packet Inspection
Lorenzo De Carli, Robin Sommer and Somesh Jha

Formatted Encryption Beyond Regular Languages
Daniel Luchaup, Thomas Shrimpton, Thomas Ristenpart and Somesh Jha

You Can Run but You Can't Read: Preventing Disclosure Exploits in Executable Code
Michael Backes, Thorsten Holz, Benjamin Kollenda, Philipp Koppe, Stefan Nürnberger and Jannik Pewny

The UNIX Process Identity Crisis: A Standards-Driven Approach to Setuid
Mark Dittmer and Mahesh Tripunitara

VerSum: Verifiable Computations over Large Public Logs
Jelle van den Hooff, M. Frans Kaashoek and Nickolai Zeldovich

AutoCog: Measuring the Description-to-permission Fidelity in Android Applications
Zhengyang Qu, Vaibhav Rastogi, Xinyi Zhang, Yan Chen, Tiantian Zhu and Zhong Chen

Blind Recognition of Touched Keys on Mobile Devices
Qinggang Yue, Zhen Ling, Xinwen Fu, Benyuan Liu, Kui Ren and Wei Zhao