CCS 2015 Main Conference, Tuesday October 13
6:45 - 8:00 Breakfast and Registration (Colorado Foyer & Central Registration Area)
8:00 -8:20 Opening Remarks (Colorado A-E)
8:30 - 9:30 Keynote Speech - Dr. Edward Felten (Colorado A-E), Session Chair: Indrajit Ray
9:30 - 9:50  Short Break
  TRACK A (Denver 1-3) TRACK B (Colorado E) TRACK C (Colorado A-E) Tutorial
  Session 1A Session 1B Session 1C  
  How Real World Crypto Fails iOS and MAC OS Security Censorship and Resistance  
  Session Chair - Ahmad-Reza Sadeghi (TU Darmstadt) Session Chair - Kapil Singh (IBM Research) Session Chair - Hamed Okhravi (MIT Lincoln Labs)  
9:55 - 10:20 Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice Cracking App Isolation on Apple: Unauthorized Cross-App Resource Access on MAC OS X and iOS Seeing through Network Protocol Obfuscation Fraud Detection through Graph-Based User Behavior Modeling — Alex Beutel (Carnegie Melon University); Leman Akoglu (Stony Brook University); Christos Faloutsos (Carnegie Melon University)
David Adrian (Univ. of Michigan); Karthikeyan Bhargavan (INRIA Paris-Rocquencourt); Zakir Durumeric (Univ. of Michigan); Pierrick Gaudry (INRIA Nancy-Grand Est, CNRS and UniversitŽ de Lorraine); Matthew Green (Johns Hopkins Univ.); J. Alex Halderman (Univ. of Michigan); Nadia Heninger (Univ. of Pennsylvania); Drew Springall (Univ. of Michigan); Emmanuel ThomŽ (INRIA Nancy-Grand Est, CNRS and UniversitŽ de Lorraine); Luke Valenta (Univ. of Pennsylvania); Benjamin VanderSloot (Univ. of Michigan); Eric Wustrow (Univ. of Michigan); Santiago Zanella-BŽguelin (Microsoft Research); Paul Zimmermann (INRIA Nancy-Grand Est, CNRS and UniversitŽ de Lorraine) Luyi Xing (Indiana Univ. Bloomington); Xiaolong Bai (Indiana Univ. Bloomington & Tsinghua Univ.); Tongxin Li (Peking Univ.); XiaoFeng Wang (Indiana Univ. Bloomington); Kai Chen (Indiana Univ. Bloomington & Chinese Academy of Sciences); Xiaojing Liao (Georgia Institute of Technology); Shi-Min Hu (Tsinghua Univ.); Xinhui Han (Peking Univ.) Liang Wang (Univ. of Wisconsin); Kevin P. Dyer (Portland State Univ.); Aditya Akella (Univ. of Wisconsin); Thomas Ristenpart (Univ. of Wisconsin); Thomas Shrimpton (Portland State Univ.)
10:20 - 10:45  Ciphertext-only Cryptanalysis on Hardened Mifare Classic Cards iRiS: Vetting Private API Abuse in iOS Applications CacheBrowser: Bypassing Chinese Censorship without Proxies Using Cached Content
Carlo Meijer (Radboud University); Roel Verdult (Radboud University) Zhui Deng (Purdue Univ.); Brendan Saltaformaggio (Purdue Univ.); Xiangyu Zhang (Purdue Univ.); Dongyan Xu (Purdue Univ.) John A. Holowczak (Univ. of Massachusetts Amherst); Amir Houmansadr (Univ. of Massachusetts Amherst)
10:45 - 11:10  Coffee Break (Colorado Foyer)
  Session 2A Session 2B Session 2C Tutorial
  Authenticated Encryption Android & Web Forensics Password Security  
  Session Chair - Moti Yung (Google Inc. & Columbia Univ.) Session Chair - Danfeng Yao (Virginia Tech.) Session Chair - Omar Chowdhury (Purdue Univ.)  
11:10 - 11:35 Automated Analysis and Synthesis of Authenticated Encryption Schemes GUITAR: Piecing Together Android App GUIs from Memory Images Monte Carlo Strength Evaluation: Fast and Reliable Password Checking Fraud Detection through Graph-Based User Behavior Modeling — Alex Beutel (Carnegie Melon University); Leman Akoglu (Stony Brook University); Christos Faloutsos (Carnegie Melon University)
Viet Tung Hoang (Univ. of Maryland, Georgetown Univ.); Jonathan Katz (Univ. of Maryland); Alex J. Malozemoff (Univ. of Maryland) Brendan Saltaformaggio (Purdue Univ.); Rohit Bhatia (Purdue Univ.); Zhongshu Gu (Purdue Univ.); Xiangyu Zhang (Purdue Univ.); Dongyan Xu (Purdue Univ.) Matteo Dell'Amico (Symantec Research Labs); Maurizio Filippone (Univ. of Glasgow)
11:35 - 12:00 Leakage-Resilient Authentication and Encryption from Symmetric Cryptographic Primitives WebCapsule: Towards a Lightweight Forensic Engine for Web Browsers Surpass: System-initiated user-replaceable passwords
Olivier Pereira (Universite catholique de Louvain); Francois-Xavier Standaert (Universite catholique de Louvain); Srinivas Vivek (Univ. of Luxembourg & Univ. of Bristol) Christopher Neasbitt (Univ. of Georgia); Bo Li (Univ. of Georgia); Roberto Perdisci (Univ. of Georgia); Long Lu (Stony Brook Univ.); Kapil Singh (IBM Research); Kang Li (Univ. of Georgia) Jun Ho Huh (Honeywell ACS Labs); Seongyeol Oh (Sungkyunkwan Univ.); Hyoungshick Kim (Sungkyunkwan Univ.); Konstantin Beznosov (Univ. of British Columbia); Apurva Mohan (Honeywell ACS Labs); Raj Rajagopalan (Honeywell ACS Labs)
12:00 - 12:25 GCM-SIV: Full Nonce Misuse-Resistant Authenticated Encryption at Under One Cycle per Byte VCR: App-Agnostic Recovery of Photographic Evidence from Android Device Memory Images Optimal Distributed Password Verification
Shay Gueron (Univ. of Haifa); Yehuda Lindell (Bar-Ilan Univ.) Brendan Saltaformaggio (Purdue Univ.); Rohit Bhatia (Purdue Univ.); Zhongshu Gu (Purdue Univ.); Xiangyu Zhang (Purdue Univ.); Dongyan Xu (Purdue Univ.) Jan Camenisch (IBM Research - Zurich); Anja Lehmann (IBM Research - Zurich); Gregory Neven (IBM Research - Zurich)
12:30 - 2:00 Lunch (Colorado F-J)
  Session 3A Session 3B Session 3C Tutorial
  Using Cryptocurrency Memory Randomization Wireless and VoLTE Security  
  Session Chair - Taesoo Kim (Georgia Inst. of Tech.) Session Chair - Long Lu (Stony Brook Univ.) Session Chair - Yao Liu (Univ. of South Florida)  
2:00 - 2:25 How to Use Bitcoin to Play Decentralized Poker It's a TRAP: Table Randomization and Protection against Function Reuse Attacks Location-restricted Service Access Control Leveraging Pinpoint Waveforming Fraud Detection through Graph-Based User Behavior Modeling — Alex Beutel (Carnegie Melon University); Leman Akoglu (Stony Brook University); Christos Faloutsos (Carnegie Melon University)
Ranjit Kumaresan (MIT); Tal Moran (IDC Herzliya); Iddo Bentov (Technion) Stephen Crane (Univ. of California, Irvine); Stijn Volckaert (Universiteit Gent); Felix Schuster (Ruhr-UniversitŠt Bochum); Christopher Liebchen (Technische UniversitŠt Darmstadt); Per Larsen (Univ. of California, Irvine); Lucas Davi (Technische UniversitŠt Darmstadt); Ahmad-Reza Sadeghi (Technische UniversitŠt Darmstadt); Thorsten Holz (Ruhr-UniversitŠt Bochum); Bjorn De Sutter (Universiteit Gent); Michael Franz (Univ. of California, Irvine) Tao Wang (Univ. of South Florida); Yao Liu (Univ. of South Florida); Qingqi Pei (Xidian Univ.); Tao Hou (Univ. of South Florida)
2:25 - 2:50 Micropayments for Decentralized Currencies Heisenbyte: Thwarting Memory Disclosure Attacks using Destructive Code Reads SafeDSA: Safeguard Dynamic Spectrum Access against Fake Secondary Users
Rafael Pass (Cornell Tech); Abhi Shelat (U Virginia) Adrian Tang (Columbia Univ.); Simha Sethumadhavan (Columbia Univ.); Salvatore Stolfo (Columbia Univ.) Xiaocong Jin (Arizona State Univ.); Jingchao Sun (Arizona State Univ.); Rui Zhang (Univ. of Hawaii); Yanchao Zhang (Arizona State Univ.)
2:50 PM - 3:15 PM Liar, Liar, Coins on Fire! --- Penalizing Equivocation By Loss of Bitcoins  Timely Rerandomization for Mitigating Memory Disclosures Insecurity of Voice Solution VoLTE in LTE Mobile Networks
Tim Ruffing (CISPA, Saarland Univ.); Aniket Kate (CISPA, Saarland Univ.); Dominique Schršder (CISPA, Saarland Univ.) David Bigelow (MIT Lincoln Laboratory); Thomas Hobson (MIT Lincoln Laboratory); Robert Rudd (MIT Lincoln Laboratory); William Streilein (MIT Lincoln Laboratory); Hamed Okhravi (MIT Lincoln Laboratory) Chi-Yu Li (UCLA); Guan-Hua Tu (UCLA); Chunyi Peng (OSU); Zengwen Yuan (UCLA); Yuanjie Li (UCLA); Songwu Lu (UCLA); Xinbing Wang (Shanghai Jiao Tong Univ.)
3:15 - 3:40 Traitor Deterring Schemes: Using Bitcoin as Collateral for  Digital Content ASLR-Guard: Stopping Address Space Leakage for Code Reuse Attacks Breaking and Fixing VoLTE: Exploiting Hidden Data Channels and Mis-implementations
Aggelos Kiayias (National and Kapodistrian Univ. of Athens); Qiang Tang (Univ. of Connecticut); Kangjie Lu (Georgia Institute of Technology); Chengyu Song (Georgia Institute of Technology); Byoungyoung Lee (Georgia Institute of Technology); Simon P. Chung (Georgia Institute of Technology); Taesoo Kim (Georgia Institute of Technology); Wenke Lee (Georgia Institute of Technology) Hongil Kim (KAIST); Dongkwan Kim (KAIST); Minhee Kwon (KAIST); HyungSeok Han (KAIST); Yeongjin Jang (Georgia Institute of Technology); Dongsu Han (KAIST); Taesoo Kim (Georgia Institute of Technology); Yongdae Kim (KAIST)
3:40 - 4:00 Coffee Break (Colorado Foyer)
  Session 4A Session 4B Session 4C Tutorial
  Applied Cryptography Software Vulnerabilities Assessing Current Defenses  
  Session Chair - Dario Fiore (IMDEA Software Inst.) Session Chair - Ben Livshits (Microsoft Research) Session Chair - Roberto Perdisci (Univ. of Georgia)  
4:00 - 4:25 Defeating IMSI Catchers Static Detection of Packet Injection Vulnerabilities -- A Case for Identifying Attacker-controlled Implicit Information Leaks UCognito: Private Browsing without Tears Fraud Detection through Graph-Based User Behavior Modeling — Alex Beutel (Carnegie Melon University); Leman Akoglu (Stony Brook University); Christos Faloutsos (Carnegie Melon University)
Fabian van den Broek (Radboud Univ. Nijmegen); Roel Verdult (Radboud Univ. Nijmegen); Joeri de Ruiter (Univ. of Birmingham) Qi Alfred Chen (Univ. of Michigan); Zhiyun Qian (Univ. of California Riverside); Yunhan Jack Jia (Univ. of Michigan); Yuru Shao (Univ. of Michigan); Z. Morley Mao (Univ. of Michigan) Meng Xu  (Georgia Institute of Technology); Yeongjin Jang  (Georgia Institute of Technology); Xinyu Xing  (Georgia Institute of Technology); Taesoo Kim (Georgia Institute of Technology); Wenke Lee (Georgia Institute of Technology)
4:25 - 4:50 DEMOS-2: Scalable E2E Verifiable Elections without Random Oracles Unearthing Stealthy Program Attacks Buried in Extremely Long Execution Paths Security by Any Other Name: On the Effectiveness of Provider Based Email Security
Aggelos Kiayias (National and Kapodistrian Univ. of Athens); Thomas Zacharias (National and Kapodistrian Univ. of Athens); Bingsheng Zhang (Lancaster Univ.) Xiaokui Shu (Virginia Tech); Danfeng (Daphne) Yao (Virginia Tech); Naren Ramakrishnan (Virginia Tech) Ian Foster (Univ. of California, San Diego); Jon Larson (Univ. of California, San Diego); Max Masich (Univ. of California, San Diego); Alex C. Snoeren (Univ. of California, San Diego); Stefan Savage (Univ. of California, San Diego); Kirill Levchenko (Univ. of California, San Diego)
4:50 - 5:15 Subversion-Resilient Signature Schemes From Collision To Exploitation: Unleashing Use-After-Free Vulnerabilities in Linux Kernel Certified PUP: Abuse in Authenticode Code Signing
Giuseppe Ateniese (Sapienza Univ. of Rome); Bernardo Magri (Sapienza Univ. of Rome); Daniele Venturi (Sapienza Univ. of Rome) Wen Xu (Shanghai Jiao Tong Univ.); Juanru Li (Shanghai Jiao Tong Univ.); Junliang Shu (Shanghai Jiao Tong Univ.); Wenbo Yang (Shanghai Jiao Tong Univ.); Tianyi Xie (Shanghai Jiao Tong Univ.); Yuanyuan Zhang (Shanghai Jiao Tong Univ.); Dawu Gu (Shanghai Jiao Tong Univ.) Platon Kotzias (IMDEA Software Institute); Srdjan Matic (Universita degli Studi di Milano); Richard Rivera (IMDEA Software Institute); Juan Caballero (IMDEA Software Institute)
5:15 - 5:40 Walls Have Ears! Opportunistically Communicating Secret Messages Over the Wiretap Channel: from Theory to Practice VCCFinder: Finding Potential Vulnerabilities in Open-Source Projects to Assist Code Audits A Multi-Modal Neuro-Physiological Study of Phishing Detection and Malware Warnings
Qian Wang (Wuhan Univ.); Kui Ren (The State Univ. of New York at Buffalo); Guancheng Li (Wuhan Univ.); Chenbo Xia (Wuhan Univ.); Xiaobing Chen (Wuhan Univ.); Zhibo Wang (Wuhan Univ.); Qin Zou (Wuhan Univ.) Henning Perl (Fraunhofer FKIE); Daniel Arp (UniversitŠt Gšttingen); Sergej Dechand (UniversitŠt Bonn); Fabian Yamaguchi (UniversitŠt Gšttingen); Sascha Fahl (Saarland University); Yasemin Acar (Saarland University); Konrad Rieck (UniversitŠt Gšttingen); Matthew Smith (UniversitŠt Bonn) Ajaya Neupane (Univ. of Alabama at Birmingham); Md. Lutfor Rahman (Marvin Technologies); Nitesh Saxena (Univ. of Alabama at Birmingham); Leanne Hirshfield (Syracuse Univ.)
5:45 - 6:45   CCS Business Meeting  
7:00  - 9:00 Poster Session; Conference Reception and Coctail (Colorado F-J)
         
  CCS 2015 Main Conference Wednesday October 14
6:45 - 8:00 Breakfast and Registration (Colorado Foyer and Central Registration Area)
8:30 - 9:30 Keynote Speech - Dr. Moti Yung (Colorado A-E), Session Chair: Trent Jaeger
9:30 - 9:50 Short Break
  TRACK A (Denver 1-3) TRACK B (Colorado E) TRACK C (Colorado A-E) Tutorial
  Session 5A Session 5B Session 5C  
  Computing on Encrypted Data Understanding Android Apps Scanning the Web (Mattie Silks)
  Session Chair - Florian Kerschbaum (SAP) Session Chair - Gang Tan (Lehigh Univ.) Session Chair - Amir Houmansadr (Univ. of Mass.)  
9:55 - 10:20 Efficient Genome-Wide, Privacy-Preserving Similar Patient Query based on Private Edit Distance Towards Automatic Generation of Security-Centric Descriptions for Android Apps A Search Engine Backed by Internet-Wide Scanning Program Analysis for Mobile Application Integrity — Marco Pistoia (IBM T. J. Watson Research Center)
Xiao Shaun Wang (Univ. of Maryland); Yan Huang (Indiana Univ. Bloomington); Yongan Zhao (Indiana Univ. Bloomington); Haixu Tang (Indiana Univ. Bloomington); Xiaofeng Wang (Indiana Univ. Bloomington); Diyue Bu (Indiana Univ. Bloomington) Mu Zhang (NEC Laboratories America); Yue Duan (Syracuse Univ.); Qian Feng (Syracuse Univ.); Heng Yin (Syracuse Univ.) Zakir Durumeric (Univ. of Michigan); David Adrian (Univ. of Michigan); Ariana Mirian (Univ. of Michigan); Michael Bailey (Univ. of Illinois at Urbana-Champaign); J. Alex Halderman (Univ. of Michigan)
10:20 - 10:45 GRECS: Graph Encryption for Approximate Shortest Distance Queries AUTOREB: Automatically Understanding the Review-to-Behavior Fidelity in Android Applications Sunlight: Fine-grained Targeting Detection at Scale with Statistical Confidence
Xianrui Meng (Boston Univ.); Seny Kamara (Microsoft Research); Kobbi Nissim (Ben-Gurion Univ.); George Kollios (Boston Univ.) Deguang Kong (Samsung Research America); Lei Cen (Purdue Univ.); Hongxia Jin (Samsung Research America) Mathias Lecuyer (Columbia Univ.); Riley Spahn (Columbia Univ.); Yannis Spiliopoulos (Columbia Univ.); Augustin Chaintreau (Columbia Univ.); Roxana Geambasu  (Columbia Univ.); Daniel Hsu (Columbia Univ.)
10:45 - 11:05 Coffee Break (Colorado Foyer)
  Session 6A  Session 6B Session 6C Tutorial
  Garbled Circuits Web Application Security Property Preserving Encryption  
  Session Chair - Yan Huan (Indiana Univ. Bloomington) Session Chair - Adam DoupŽ (Arizona State Univ.) Session Chair - Yinqian Zhang (Ohio State Univ.)  
11:10 - 11:35 Fast Garbling of Circuits Under Standard Assumptions FlowWatcher: Defending against Data Disclosure Vulnerabilities in Web Applications Inference Attacks on Property-Preserving Encrypted Databases Program Analysis for Mobile Application Integrity — Marco Pistoia (IBM T. J. Watson Research Center)
Shay Gueron (Univ. of Haifa and Intel); Yehuda Lindell (Bar Ilan Univ.); Ariel Nof (Bar Ilan Univ.); Benny Pinkas (Bar Ilan Univ.) Divya Muthukumaran (Imperial College London); Dan O'Keeffe (Imperial College London); Christian Priebe (Imperial College London); David Eyers (Univ. of Otago); Brian Shand (NCRS, Public Health England); Peter Pietzuch (Imperial College London) Muhammad Naveed (Univ. of Illinois at Urbana-Champaign); Seny Kamara (Microsoft Research); Charles V Wright (Portland State Univ.)
11:35 - 12:00 Blazing Fast 2PC in the Offline/Online Setting with Security for Malicious Adversaries Detecting and Exploiting Second Order Denial-of-Service Vulnerabilities in Web Applications Frequency-Hiding Order-Preserving Encryption
Yehuda Lindell (Bar-Ilan Univ.); Ben Riva (Bar-Ilan Univ.) Oswaldo Olivo (The Univ. of Texas at Austin); Isil Dillig (The Univ. of Texas at Austin); Calvin Lin (The Univ. of Texas at Austin) Florian Kerschbaum (SAP)
12:00 - 12:25 Fast and Secure Three-party Computation: The Garbled Circuit Approach Inlined Information Flow Monitoring for JavaScript Leakage-Abuse Attacks Against Searchable Encryption
Payman Mohassel (Yahoo Labs); Mike Rosulek (Oregon State Univ.); Ye Zhang (Penn State Univ.) Andrey Chudnov (Stevens Institute of Technology); David A. Naumann (Stevens Institute of Technology) David Cash (Rutgers Univ.); Paul Grubbs (Cornell Univ., SkyHigh Networks); Jason Perry (Rutgers Univ.); Thomas Ristenpart (Univ. of Wisconsin)
12:30 - 2:00 Lunch (Colorado F-J)
  Session 7A Session 7B Session 7C Tutorial
  CryptoCurrency Analyzing Obfuscated Code Online Social Networks  
  Session Chair - Abhi Shelat (Univ. of Virginia) Session Chair - Juan Caballero (IMDEA Software Inst.) Session Chair - Nick Nikiforakis (Stony Brook Univ.)  
2:00 - 2:25 Nonoutsourceable Scratch-Off Puzzles to Discourage Bitcoin Mining Coalitions Symbolic Execution of Obfuscated Code Face/Off: Preventing Privacy Leakage From Photos in Social Networks Program Analysis for Mobile Application Integrity — Marco Pistoia (IBM T. J. Watson Research Center)
Andrew Miller (Univ. of Maryland); Ahmed Kosba (Univ. of Maryland); Elaine Shi (Cornell Univ.); Jonathan Katz (Univ. of Maryland) Babak Yadegari (Univ. of Arizona); Saumya Debray  (Univ. of Arizona) Panagiotis Ilia (FORTH); Iasonas Polakis (Columbia Univ.); Elias Athanasopoulos (FORTH); Federico Maggi (Politecnico di Milano); Sotiris Ioannidis (FORTH)
2:25 - 2:50 Tampering with the Delivery of Blocks and Transactions in Bitcoin CoDisasm : Medium scale concatic disassembly of self-modifying binaries with overlapping instructions CrowdTarget: Target-based Detection of Crowdturfing in Online Social Networks
Arthur Gervais (ETH Zurich); Hubert Ritzdorf (ETH Zurich); Ghassan O. Karame (NEC Laboratories Europe); Srdjan Capkun (ETH Zurich) Guillaume Bonfante (UniversitŽ de Lorraine); JosŽ Fernandez (Ecole Politechnique, Canada); Jean-Yves Marion (UniversitŽ de Lorraine); Rouxel (UniversitŽ de Lorraine); Sabatier (INRIA); Thierry (UniversitŽ de Lorraine) Jonghyuk Song (Pohang Univ. of Science and Technology); Sangho Lee (Pohang Univ. of Science and Technology); Jong Kim (Pohang Univ. of Science and Technology)
2:50 - 3:15 Demystifying Incentives In The Consensus Computer LOOP: Logic-Oriented Opaque Predicate Detection in Obfuscated Binary Code Exploiting Temporal Dynamics in Sybil Defenses
Loi Luu (National Univ. of Singapore); Jason Teutsch (National Univ. of Singapore); Raghav Kulkarni (National Univ. of Singapore); Prateek Saxena (National Univ. of Singapore) Jiang Ming (The Pennsylvania State Univ.); Dongpeng Xu (The Pennsylvania State Univ.); Li Wang (The Pennsylvania State Univ.); Dinghao Wu (The Pennsylvania State Univ.) Peng Gao (Princeton Univ.); Changchang Liu (Princeton Univ.); Matthew Wright (Univ. of Texas at Arlington); Prateek Mittal (Princeton Univ.)
3:15 - 3:40 Provisions: Privacy-preserving proofs of solvency for Bitcoin exchanges MalGene: Automatic Extraction of Malware Analysis Evasion Signature Where's Wally? Precise User Discovery Attacks in Location Proximity Services
Jeremy Clark (Concordia Univ.); Gaby Dagher (Concordia Univ.); Benedikt Bźnz (Stanford Univ.); Joseph Bonneau (Stanford Univ. & EFF); Dan Boneh (Stanford Univ.) Dhilung Kirat (UC Santa Barbara); Giovanni Vigna (UC Santa Barbara) Iasonas Polakis (Columbia Univ.); George Argyros (Columbia Univ.); Theofilos Petsios (Columbia Univ.); Suphannee Sivakorn (Columbia Univ.); Angelos D. Keromytis (Columbia Univ.)
3:40 - 4:00 Coffee Break (Colorado Foyer)
  Session 8A Session 8B Session 8C Tutorial
  Outsourced Storage Control Flow Integrity Enhancing Trust  
  Session Chair - Matteo Maffei (Saarland Univ.) Session Chair - Xinming Ou (Univ. of South Florida) Session Chair - Brent Kang (KAIST)  
4:00 - 4:25 Practicing Oblivious Access on Cloud Storage: the Gap, the Fallacy and the New Way Forward Control Jujutsu: On the Weaknesses of Fine-Grained Control Flow Integrity SEDA: Scalable Embedded Device Attestation Program Analysis for Mobile Application Integrity — Marco Pistoia (IBM T. J. Watson Research Center)
Vincent Bindschaedler (Univ. of Illinois at Urbana-Champaign); Muhammad Naveed (Univ. of Illinois at Urbana-Champaign); Xiaorui Pan (Indiana Univ. Bloomington); XiaoFeng Wang (Indiana Univ. Bloomington); Yan Huang (Indiana Univ. Bloomington) Isaac Evans (MIT Lincoln Laboratory); Fan Long (MIT CSAIL); Ulziibayar Otgonbaatar (MIT CSAIL); Howard Shrobe (MIT CSAIL); Martin Rinard (MIT CSAIL); Hamed Okhravi (MIT Lincoln Laboratory); Stelios Sidiroglou-Douskos (MIT CSAIL) N. Asokan (Aalto Univ. and Univ. of Helsinki); Ferdinand Brasser (Technische UniversitŠt Darmstadt); Ahmad Ibrahim (Technische UniversitŠt Darmstadt); Ahmad-Reza Sadeghi (Technische UniversitŠt Darmstadt); Matthias Schunter (Intel Collaborative Research Institute for Secure Computing (ICRI-SC), Darmstadt); Gene Tsudik (Univ. of California, Irvine); Christian Wachsmann (Technische UniversitŠt Darmstadt)
4:25 - 4:50 Circuit ORAM: On Tightness of the Goldreich-Ostrovsky Lower Bound Per-Input Control-Flow Integrity TrustOTP: Transforming Smartphones into Secure One-Time Password Tokens
Xiao Shaun Wang (Univ. of Maryland); T-H. Hubert Chan (HKU); Elaine Shi (Cornell Univ.) Ben Niu (Lehigh Univ.); Gang Tan (Lehigh Univ.) He Sun (College of William and Mary & Chinese Academy of Sciences); Kun Sun (College of William and Mary); Yuewu Wang (Chinese Academy of Sciences); Jiwu Jing (Chinese Academy of Sciences)
4:50 - 5:15 Constant Communication ORAM with Small Blocksize Practical Context-Sensitive CFI Trusted Display on Untrusted Commodity Platforms
Tarik Moataz (Colorado State Univ. & Telecom Bretagne); Travis Mayberry (United States Naval Academy); Erik-Oliver Blass (Airbus Group Innovations) Victor van der Veen (VU University Amsterdam); Dennis Andriesse (VU University Amsterdam); Enes Gšktas (VU University Amsterdam); Ben Gras (VU University Amsterdam); Lionel Sambuc (VU University Amsterdam); Asia Slowinska (VU University Amsterdam, Lastline, Inc.); Herbert Bos (VU University Amsterdam); Cristiano Giuffrida (VU University Amsterdam);  Miao Yu (Carnegie Mellon Univ.); Virgil D. Gligor (Carnegie Mellon Univ.); Zongwei Zhou (Carnegie Mellon Univ.)
5:15 - 5:40 Secure Deduplication of Encrypted Data without Additional Independent Servers CCFI: Cryptographically Enforced Control Flow Integrity PyCRA: Physical Challenge-Response Authentication for Active Sensors Under Spoofing Attacks
Jian Liu (Aalto Univ.); N. Asokan (Aalto Univ. and Univ. of Helsinki); Benny Pinkas (Bar Ilan Univ.); Ali Jose Mashtizadeh (Stanford Univ.); Andrea Bittau (Stanford Univ.); Dan Boneh (Stanford Univ.); David Mazieres (Stanford Univ.) Yasser Shoukry (UCLA); Paul Martin (UCLA); Yair Yona (UCLA); Suhas Diggavi (UCLA); Mani Srivastava (UCLA)
5:40 - 6:05 Transparent Data Deduplication in the Cloud Losing Control: On the Effectiveness of Control-Flow Integrity under Stack Attacks Clean Application Compartmentalization with SOAAP
Frederik Armknecht (Univ. of Mannheim); Jens-Matthias Bohli (NEC Laboratories Europe); Ghassan O. Karame (NEC Laboratories Europe); Franck Youssef (NEC Laboratories Europe) Christopher Liebchen (Technische UniversitŠt Darmstadt); Marco Negro (Technische UniversitŠt Darmstadt); Per Larsen (Univ. of California, Irvine); Lucas Davi (Technische UniversitŠt Darmstadt); Ahmad-Reza Sadeghi (Technische UniversitŠt Darmstadt); Stephen Crane (Univ. of California, Irvine); Mohaned Qunaibit (Univ. of California, Irvine); Michael Franz (Univ. of California, Irvine); Mauro Conti (Univ. of Padua) Khilan Gudka (Univ. of Cambridge); Robert N.M. Watson (Univ. of Cambridge); Jonathan Anderson (Memorial Univ.); David Chisnall (Univ. of Cambridge); Brooks Davis (SRI International); Ben Laurie (Google UK Ltd.); Ilias Marinos (Univ. of Cambridge); Peter G. Neumann (SRI International); Alex Richardson (Univ. of Cambridge)
6:30 - 9:00 Conference Banquet & Award Ceremony (Colorado F-J)
         
  CCS 2015 Main Conference Thursday, October 15
6:45 - 8:00 Breakfast and Registration (Colorado Foyer and Central Registration Area)
         
  TRACK A (Denver 1-3) TRACK B (Colorado E) TRACK C (Colorado A-E) Tutorial
  Session 9A Session 9B Session 9C  
  Coding, Commitments, and Lattices Security-Related Ecosystems Formal Methods Meet Cryptography (Mattie Silks)
  Session Chair - Rei Safavi-Naini (Univ. of Calgary) Session Chair - Amir Herzberg  (Bar-Ilan Univ.)  Session Chair - Joseph Bonneau (Stanford Univ. & EFF)  
8:15 - 8:40 Falcon Codes: Fast, Authenticated LT Codes (Or: Making Rapid Tornadoes Unstoppable) Drops for Stuff: An Analysis of Reshipping Mule Scams Equivalence-based Security for Querying Encrypted Databases: Theory and Application to Privacy Policy Audits Introduction to Cryptocurrencies — Stefan Dziembowski (University of Warsaw)
Ari Juels (Cornell Tech); James Kelley (NetApp); Roberto Tamassia (Brown Univ.); Nikos Triandopoulos (RSA Laboratories & Boston Univ.) Shuang Hao (UC Santa Barbara); Kevin Borgolte (UC Santa Barbara); Nick Nikiforakis (Stony Brook University); Gianluca Stringhini (University College London); Manuel Egele (Boston University); Michael Eubanks (Federal Bureau of Investigation); Brian Krebs (KrebsOnSecurity.com); Giovanni Vigna (UC Santa Barbara & Lastline Inc.) Omar Chowdhury (Purdue Univ.); Deepak Garg (Max Planck Institute for Software Systems); Limin Jia (Carnegie Mellon Univ.); Anupam Datta (Carnegie Mellon Univ.)
8:40 - 9:05 Fast Non-Malleable Commitments Android Root and its Providers: A Double-Edged Sword Automated Symbolic Proofs of Observational Equivalence
Hai Brenner (IDC Herzliya); Vipul Goyal (Microsoft Research, Bangalore); Silas Richelson (UCLA); Alon Rosen (IDC Herzliya); Margarita Vald (Tel Aviv Univ.) Hang Zhang (Univ. of California, Riverside); Dongdong She (Univ. of California, Riverside); Zhiyun Qian (Univ. of California, Riverside) David Basin (ETH Zurich); Jannik Dreier (ETH Zurich); Ralf Sasse (ETH Zurich)
9:05 - 9:30 White-Box Cryptography Revisited: Space-Hard Ciphers An Empirical Study of Web Vulnerability Discovery Ecosystems Automated Proofs of Pairing-Based Cryptography
Andrey Bogdanov (Technical Univ. of Denmark); Takanori Isobe (Sony Corporation) Mingyi Zhao (Pennsylvania State Univ.); Jens Grossklags (Pennsylvania State Univ.); Peng Liu (Pennsylvania State Univ.) Gilles Barthe (IMDEA Software Institute); Benjamin GrŽgoire (INRIA); Benedikt Schmidt (IMDEA Software Institute)
9:30 - 9:55 Lattice Basis Reduction Attack against Physically Unclonable Functions The Dropper Effect: Insights into Malware Distribution with Downloader Graph Analytics Moat: Verifying Confidentiality of Enclave Programs
Fatemeh Ganji (Technische UniversitŠt Berlin); Juliane KrŠmer (Technische UniversitŠt Darmstadt); Jean-Pierre Seifert (Technische UniversitŠt Berlin); Shahin Tajik (Technische UniversitŠt Berlin) Bum Jun Kwon (Univ. of Maryland); Jayanta Mondal (Univ. of Maryland); Jiyong Jang (IBM Research, Yorktown Heights); Leyla Bilge (Symantec Research Labs, France); Tudor Dumitra_ (Univ. of Maryland) Rohit Sinha (Univ. of California, Berkeley); Sriram Rajamani (Microsoft Research); Sanjit Seshia (Univ. of California, Berkeley); Kapil Vaswani (Microsoft Research)
10:00 - 10:20 Coffee Break (Colorado Foyer)
  Session 10A Session 10B Session 10C Tutorial
  Key Exchange: Theory and Practice Mobile Device Attacks Statistical Privacy  
  Session Chair - Stefan Katzenbeisser (TU Darmstadt) Session Chair - Konstantin Beznosov (U of Brit. Columbia) Session Chair -  
10:30 - 10:55 On the Security of TLS 1.3 and QUIC Against Weaknesses in PKCS#1 v1.5 Encryption From System Services Freezing to System Server Shutdown in Android: All You Need Is a Loop in an Application Differential Privacy with Bounded Priors: Reconciling Utility and Privacy in Genome-Wide Association Studies Introduction to Cryptocurrencies — Stefan Dziembowski (University of Warsaw)
Tibor Jager (Ruhr Univ. Bochum); Jšrg Schwenk (Ruhr Univ. Bochum); Juraj Somorovsky (Ruhr Univ. Bochum) Heqing Huang (The Pennsylvania State Univ.); Sencun Zhu (The Pennsylvania State Univ.); Kai Chen (Chinese Academy of Sciences); Peng Liu (The Pennsylvania State Univ.) Florian TramŹr (EPFL); Zhicong Huang (EPFL); Erman Ayday (Bilkent Univ.); Jean-Pierre Hubaux (EPFL)
10:55 - 11:20 A Cryptographic Analysis of the TLS 1.3 Handshake Protocol Candidates Hare Hunting in the Wild Android: A Study on the Threat of Hanging Attribute References Protecting Locations with Differential Privacy under Temporal Correlations
Benjamin Dowling (Queensland Univ. of Technology); Marc Fischlin (Technische UniversitŠt Darmstadt);  Felix Gźnther (Technische UniversitŠt Darmstadt); Douglas Stebila (Queensland Univ. of Technology) Yousra Aafer (Syracuse Univ.); Nan Zhang (Indiana Univ. Bloomington); Zhongwen Zhang (Institute of Information Engineering, Chinese Academic of Sciences); Xiao Zhang (Syracuse Univ.); Kai Chen (Indiana Univ. Bloomington, Chinese Academy of Sciences); XiaoFeng Wang (Indiana Univ. Bloomington); Xiaoyong Zhou (Samsung Research America); Wenliang Du (Syracuse Univ.); Michael Grace (Samsung Research America) Yonghui Xiao (Emory Univ.); Li Xiong (Emory Univ.)
11:20 AM - 11:45 AM Deniable Key Exchanges for Secure Messaging Perplexed Messengers from the Cloud: Automated Security Analysis of Push-Messaging Integrations Privacy-Preserving Deep Learning
Nik Unger (Univ. of Waterloo); Ian Goldberg (Univ. of Waterloo) Yangyi Chen (Indiana Univ. Bloomington); Tongxin Li (Peking Univ.); XiaoFeng Wang (Indiana Univ. Bloomington); Kai Chen (Indiana Univ. Bloomington and Institute of Information Engineering, CAS); Xinhui Han (Peking Univ.) Reza Shokri (Univ. of Texas at Austin); Vitaly Shmatikov (Cornell Tech)
11:45 - 12:10 TOPAS --- 2-Pass Key Exchange with Full Perfect Forward Secrecy and Optimal Communication Complexity When Good Becomes Evil: Keystroke Inference with Smartwatch Model Inversion Attacks that Exploit Confidence Information and Basic Countermeasures
Sven SchŠge (Ruhr-UniversitŠt Bochum) Xiangyu Liu (The Chinese Univ. of Hong Kong); Zhe Zhou (The Chinese Univ. of Hong Kong); Wenrui Diao (The Chinese Univ. of Hong Kong); Zhou Li (ACM Member); Kehuan Zhang (The Chinese Univ. of Hong Kong) Matt Fredrikson (Carnegie Mellon Univ.); Somesh Jha (Univ. of Wisconsin); Thomas Ristenpart (Cornell Tech)
12:15 - 1:45 Lunch (Colorado F-J)
  Session 11A Session 11B Session 11C Tutorial
  Privacy-Preserving Authentication Web Attacks Surveillance and Countermeasures  
  Session Chair - Kui Ren (Univ. of Buffalo) Session Chair - Michael Franz (Univ. of California, Irvine) Session Chair - Prateek Mittal (Princeton Univ.)  
1:45 - 2:10 Group Signatures with Probabilistic Revocation: A Computationally-Scalable Approach for Providing Privacy-Preserving Authentication The Clock is Still Ticking: Timing Attacks in the Modern Web Mass-surveillance without the State: Strongly Undetectable Algorithm-Substitution Attacks Introduction to Cryptocurrencies — Stefan Dziembowski (University of Warsaw)
Vireshwar Kumar (Virginia Tech); He Li (Virginia Tech); Jung-Min (Jerry) Park (Virginia Tech); Kaigui Bian (Peking Univ.); Yaling Yang (Virginia Tech) Tom Van Goethem (KU Leuven); Wouter Joosen (KU Leuven); Nick Nikiforakis (Stony Brook Univ.) Mihir Bellare (UCSD); Joseph Jaeger (UCSD); Daniel Kane (UCSD)
2:10 - 2:35 Authenticating Privately over Public Hotspots Cross-Site Search Attacks HORNET: High-speed Onion Routing at the Network Layer
Aldo Cassola (Northeastern Univ. & Univ. San Francisco de Quito); Erik-Oliver Blass (Airbus Group Innovations & Northeastern Univ.);  Guevara Noubir (Northeastern Univ.) Nethanel Gelernter (Bar-Ilan Univ.); Amir Herzberg (Bar-Ilan Univ.) Chen Chen (ETH Zurich & Carnegie Mellon Univ.); Daniele E. Asoni (ETH Zurich); David Barrera (ETH Zurich); George Danezis (Univ. College London); Adrian Perrig (ETH Zurich);
2:35 - 3:00 SPRESSO: A Secure, Privacy-Respecting Single Sign-On System for the Web The Spy in the Sandbox: Practical Cache Attacks in Javascript and their Implications Caronte: Detecting Location Leaks for Deanonymizing Tor Hidden Services
Daniel Fett (Univ. of Trier); Ralf Kuesters (Univ. of Trier); Guido Schmitz (Univ. of Trier) Yossef Oren (Columbia Univ.); Vasileios P. Kemerlis (Columbia Univ.); Simha Sethumadhavan (Columbia Univ.); Angelos D. Keromytis (Columbia Univ.) Srdjan Matic (Universita degli Studi di Milano); Platon Kotzias (IMDEA Software Institute); Juan Caballero (IMDEA Software Institute) 
3:00 - 3:25 Automating Fast and Secure Translations from Type-I to Type-III Pairing Schemes From Facepalm to Brain Bender: Exploring Client-Side Cross-Site Scripting (Un)linkable Pseudonyms for Governmental Databases
Joseph A. Akinyele (Johns Hopkins Univ.); Christina Garman (Johns Hopkins Univ.); Susan Hohenberger (Johns Hopkins Univ.) Ben Stock (FAU Erlangen-Nuremberg);  Stephan Pfistner (SAP SE); Bernd Kaiser (FAU Erlangen-Nuremberg); Sebastian Lekies (Ruhr-Univ. Bochum); Martin Johns (SAP SE) Jan Camenisch (IBM Research Zurich); Anja Lehmann (IBM Research Zurich)
3:30 - 4:00 Coffee Break (Colorado Foyer)
  Session 12A Session 12B Session 12C Tutorial
  Outsourcing Data and Computation Cloud, Web & Authentication Side Channel  
  Session Chair - Nick Triandopoulos (RSA Lan & BU) Session Chair - Kehuan Zhang (Chinese Univ. of Hong Kong) Session Chair - Kun Sun (College of William & Mary)  
4:00 - 4:25 IntegriDB: Verifiable SQL for Outsourced Databases Maneuvering Around Clouds: Bypassing Cloud-based Security Providers Observing and Preventing Leakage in MapReduce Introduction to Cryptocurrencies — Stefan Dziembowski (University of Warsaw)
Yupeng Zhang (Univ. of Maryland); Jonathan Katz (Univ. of Maryland); Charalampos Papamanthou (Univ. of Maryland) Thomas Vissers (KU Leuven); Tom Van Goethem (KU Leuven); Wouter Joosen (KU Leuven); Nick Nikiforakis (Stony Brook Univ.) Olga Ohrimenko (Microsoft Research); Manuel Costa (Microsoft Research); CŽdric Fournet (Microsoft Research); Christos Gkantsidis (Microsoft Research) Markulf Kohlweiss (Microsoft Research) Divya Sharma (Carnegie Mellon University)
4:25 - 4:50 A Domain-Specific Language for Low-Level Secure Multiparty Computation Protocols The SICILIAN Defense: Signature-based Whitelisting of Web JavaScript Mitigating Storage Side Channels Using Statistical Privacy Mechanisms
Peeter Laud (Cybernetica AS); Jaak Randmets (Cybernetica AS & Univ. of Tartu) Pratik Soni (National Univ. of Singapore); Enrico Budianto (National Univ. of Singapore); Prateek Saxena (National Univ. of Singapore) Qiuyu Xiao (Univ. of North Carolina at Chapel Hill); Michael K. Reiter (Univ. of North Carolina at Chapel Hill); Yinqian Zhang (The Ohio State Univ.)
4:50 - 5:15 Automated Synthesis of Optimized Circuits for Secure Computation  Seeing Your Face Is Not Enough: An Inertial Sensor-Based Liveness Detection for Face Authentication Nomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration
Daniel Demmler (TU Darmstadt); Ghada Dessouky (TU Darmstadt); Farinaz Koushanfar (Rice Univ.); Ahmad-Reza Sadeghi (TU Darmstadt); Thomas Schneider (TU Darmstadt); Shaza Zeitouni (TU Darmstadt) Yan LI (Singapore Management Univ.); Yingjiu LI (Singapore Management Univ.); Qiang YAN (Singapore Management Univ.); Hancong KONG (Singapore Management Univ.); Robert H. DENG (Singapore Management Univ.) Soo-Jin Moon (Carnegie Mellon Univ.); Vyas Sekar (Carnegie Mellon Univ.); Michael Reiter (Univ. of North Carolina at Chapel Hill)
5:15 - 5:40 Using Linearly-Homomorphic Encryption to Evaluate Degree-2 Functions on Encrypted Data   Thwarting Memory Disclosure with Efficient Hypervisor-enforced Intra-domain Isolation
Dario Catalano (Univ. of Catania); Dario Fiore (IMDEA Software Institute)   Yutao Liu (Shanghai Jiao Tong Univ.); Tianyu Zhou (Shanghai Jiao Tong Univ.); Kexin Chen (Shanghai Jiao Tong Univ.); Haibo Chen (Shanghai Jiao Tong Univ.); Yubin Xia (Shanghai Jiao Tong Univ.)
5:40 - 6:00 CCS 2015 Main Conference Closing and Vote of Thanks