CCS '15- Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security

Full Citation in the ACM Digital Library

SESSION: Keynote Talks

From Mental Poker to Core Business: Why and How to Deploy Secure Computation Protocols?

Keynote Talk

SESSION: Session 1A: How Real World Crypto Fails

Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice

Ciphertext-only Cryptanalysis on Hardened Mifare Classic Cards

SESSION: Session 1B: MAC OS and iOS Security

Cracking App Isolation on Apple: Unauthorized Cross-App Resource Access on MAC OS~X and iOS

iRiS: Vetting Private API Abuse in iOS Applications

SESSION: Session 1C: Censorship and Resistance

Seeing through Network-Protocol Obfuscation

CacheBrowser: Bypassing Chinese Censorship without Proxies Using Cached Content

SESSION: Session 2A: Authenticated Encryption

Automated Analysis and Synthesis of Authenticated Encryption Schemes

Leakage-Resilient Authentication and Encryption from Symmetric Cryptographic Primitives

GCM-SIV: Full Nonce Misuse-Resistant Authenticated Encryption at Under One Cycle per Byte

SESSION: Session 2B: Android and Web Forensics

GUITAR: Piecing Together Android App GUIs from Memory Images

WebCapsule: Towards a Lightweight Forensic Engine for Web Browsers

VCR: App-Agnostic Recovery of Photographic Evidence from Android Device Memory Images

SESSION: Session 2C: Password Security

Monte Carlo Strength Evaluation: Fast and Reliable Password Checking

Surpass: System-initiated User-replaceable Passwords

Optimal Distributed Password Verification

SESSION: Session 3A: Using CryptoCurrency

How to Use Bitcoin to Play Decentralized Poker

Micropayments for Decentralized Currencies

Liar, Liar, Coins on Fire!: Penalizing Equivocation By Loss of Bitcoins

Traitor Deterring Schemes: Using Bitcoin as Collateral for Digital Content

SESSION: Session 3B: Memory Randomization

It's a TRaP: Table Randomization and Protection against Function-Reuse Attacks

Heisenbyte: Thwarting Memory Disclosure Attacks using Destructive Code Reads

Timely Rerandomization for Mitigating Memory Disclosures

ASLR-Guard: Stopping Address Space Leakage for Code Reuse Attacks

SESSION: Session 3C: Wireless and VoLTE Security

Location-restricted Services Access Control Leveraging Pinpoint Waveforming

SafeDSA: Safeguard Dynamic Spectrum Access against Fake Secondary Users

Insecurity of Voice Solution VoLTE in LTE Mobile Networks

Breaking and Fixing VoLTE: Exploiting Hidden Data Channels and Mis-implementations

SESSION: Session 4A: Applied Crypto

Defeating IMSI Catchers

DEMOS-2: Scalable E2E Verifiable Elections without Random Oracles

Subversion-Resilient Signature Schemes

Walls Have Ears! Opportunistically Communicating Secret Messages Over the Wiretap Channel: from Theory to Practice

SESSION: Session 4B: Software Vulnerabilities

Static Detection of Packet Injection Vulnerabilities: A Case for Identifying Attacker-controlled Implicit Information Leaks

Unearthing Stealthy Program Attacks Buried in Extremely Long Execution Paths

From Collision To Exploitation: Unleashing Use-After-Free Vulnerabilities in Linux Kernel

VCCFinder: Finding Potential Vulnerabilities in Open-Source Projects to Assist Code Audits

SESSION: Session 4C: Assessing Current Defences

UCognito: Private Browsing without Tears

Security by Any Other Name: On the Effectiveness of Provider Based Email Security

Certified PUP: Abuse in Authenticode Code Signing

A Multi-Modal Neuro-Physiological Study of Phishing Detection and Malware Warnings

SESSION: Session 5A: Computing on Encrypted Data

Efficient Genome-Wide, Privacy-Preserving Similar Patient Query based on Private Edit Distance

GRECS: Graph Encryption for Approximate Shortest Distance Queries

SESSION: Session 5B: Understanding Android Apps

Towards Automatic Generation of Security-Centric Descriptions for Android Apps

AUTOREB: Automatically Understanding the Review-to-Behavior Fidelity in Android Applications

SESSION: Session 5C: Scanning the Web

A Search Engine Backed by Internet-Wide Scanning

Sunlight: Fine-grained Targeting Detection at Scale with Statistical Confidence

SESSION: Session 6A: Garbled Circuits

Fast Garbling of Circuits Under Standard Assumptions

Blazing Fast 2PC in the Offline/Online Setting with Security for Malicious Adversaries

Fast and Secure Three-party Computation: The Garbled Circuit Approach

SESSION: Session 6B: Web Application Security

FlowWatcher: Defending against Data Disclosure Vulnerabilities in Web Applications

Detecting and Exploiting Second Order Denial-of-Service Vulnerabilities in Web Applications

Inlined Information Flow Monitoring for JavaScript

SESSION: Session 6C: Property-Preserving Encryption

Inference Attacks on Property-Preserving Encrypted Databases

Frequency-Hiding Order-Preserving Encryption

Leakage-Abuse Attacks Against Searchable Encryption

SESSION: Session 7A: CryptoCurrency

Nonoutsourceable Scratch-Off Puzzles to Discourage Bitcoin Mining Coalitions

Tampering with the Delivery of Blocks and Transactions in Bitcoin

Demystifying Incentives in the Consensus Computer

Provisions: Privacy-preserving Proofs of Solvency for Bitcoin Exchanges

SESSION: Session 7B: Analyzing Obfuscated Code

Symbolic Execution of Obfuscated Code

CoDisasm: Medium Scale Concatic Disassembly of Self-Modifying Binaries with Overlapping Instructions

LOOP: Logic-Oriented Opaque Predicate Detection in Obfuscated Binary Code

MalGene: Automatic Extraction of Malware Analysis Evasion Signature

SESSION: Session 7C: Online Social Networks

Face/Off: Preventing Privacy Leakage From Photos in Social Networks

CrowdTarget: Target-based Detection of Crowdturfing in Online Social Networks

Exploiting Temporal Dynamics in Sybil Defenses

Where's Wally?: Precise User Discovery Attacks in Location Proximity Services

SESSION: Session 8A: Outsourced Storage

Practicing Oblivious Access on Cloud Storage: the Gap, the Fallacy, and the New Way Forward

Circuit ORAM: On Tightness of the Goldreich-Ostrovsky Lower Bound

Constant Communication ORAM with Small Blocksize

Secure Deduplication of Encrypted Data without Additional Independent Servers

Transparent Data Deduplication in the Cloud

SESSION: Session 8B: Control Flow Integrity

Control Jujutsu: On the Weaknesses of Fine-Grained Control Flow Integrity

Per-Input Control-Flow Integrity

Practical Context-Sensitive CFI

CCFI: Cryptographically Enforced Control Flow Integrity

Losing Control: On the Effectiveness of Control-Flow Integrity under Stack Attacks

SESSION: Session 8C: Enhancing Trust

SEDA: Scalable Embedded Device Attestation

TrustOTP: Transforming Smartphones into Secure One-Time Password Tokens

Trusted Display on Untrusted Commodity Platforms

PyCRA: Physical Challenge-Response Authentication For Active Sensors Under Spoofing Attacks

Clean Application Compartmentalization with SOAAP

SESSION: Session 9A: Coding, Commitments, and Cipher Design

Falcon Codes: Fast, Authenticated LT Codes (Or: Making Rapid Tornadoes Unstoppable)

Fast Non-Malleable Commitments

White-Box Cryptography Revisited: Space-Hard Ciphers

Lattice Basis Reduction Attack against Physically Unclonable Functions

SESSION: Session 9B: Security-Related Ecosystems

Drops for Stuff: An Analysis of Reshipping Mule Scams

Android Root and its Providers: A Double-Edged Sword

An Empirical Study of Web Vulnerability Discovery Ecosystems

The Dropper Effect: Insights into Malware Distribution with Downloader Graph Analytics

SESSION: Session 9C: Formal Methods Meet Cryptography

Equivalence-based Security for Querying Encrypted Databases: Theory and Application to Privacy Policy Audits

Automated Symbolic Proofs of Observational Equivalence

Automated Proofs of Pairing-Based Cryptography

Moat: Verifying Confidentiality of Enclave Programs

SESSION: Session 10A: Key Exchange: Theory and Practice

On the Security of TLS 1.3 and QUIC Against Weaknesses in PKCS#1 v1.5 Encryption

A Cryptographic Analysis of the TLS 1.3 Handshake Protocol Candidates

Deniable Key Exchanges for Secure Messaging

TOPAS: 2-Pass Key Exchange with Full Perfect Forward Secrecy and Optimal Communication Complexity

SESSION: Session 10B: Mobile Device Attacks

From System Services Freezing to System Server Shutdown in Android: All You Need Is a Loop in an App

Hare Hunting in the Wild Android: A Study on the Threat of Hanging Attribute References

Perplexed Messengers from the Cloud: Automated Security Analysis of Push-Messaging Integrations

When Good Becomes Evil: Keystroke Inference with Smartwatch

SESSION: Session 10C: Statistical Privacy

Differential Privacy with Bounded Priors: Reconciling Utility and Privacy in Genome-Wide Association Studies

Protecting Locations with Differential Privacy under Temporal Correlations

Privacy-Preserving Deep Learning

Model Inversion Attacks that Exploit Confidence Information and Basic Countermeasures

SESSION: Session 11A: Privacy-Preserving Authentication

Group Signatures with Probabilistic Revocation: A Computationally-Scalable Approach for Providing Privacy-Preserving Authentication

Authenticating Privately over Public Wi-Fi Hotspots

SPRESSO: A Secure, Privacy-Respecting Single Sign-On System for the Web

Automating Fast and Secure Translations from Type-I to Type-III Pairing Schemes

SESSION: Session 11B: Web Attacks

The Clock is Still Ticking: Timing Attacks in the Modern Web

Cross-Site Search Attacks

The Spy in the Sandbox: Practical Cache Attacks in JavaScript and their Implications

From Facepalm to Brain Bender: Exploring Client-Side Cross-Site Scripting

SESSION: Session 11C: Surveillance and Countermeasures

Mass-surveillance without the State: Strongly Undetectable Algorithm-Substitution Attacks

HORNET: High-speed Onion Routing at the Network Layer

CARONTE: Detecting Location Leaks for Deanonymizing Tor Hidden Services

(Un)linkable Pseudonyms for Governmental Databases

SESSION: Session 12A: Outsourcing Data and Computation

IntegriDB: Verifiable SQL for Outsourced Databases

A Domain-Specific Language for Low-Level Secure Multiparty Computation Protocols

Automated Synthesis of Optimized Circuits for Secure Computation

Using Linearly-Homomorphic Encryption to Evaluate Degree-2 Functions on Encrypted Data

SESSION: Session 12B: Cloud, Web, and Authentication

Maneuvering Around Clouds: Bypassing Cloud-based Security Providers

The SICILIAN Defense: Signature-based Whitelisting of Web JavaScript

Seeing Your Face Is Not Enough: An Inertial Sensor-Based Liveness Detection for Face Authentication

SESSION: Session 12C: Side Channels

Observing and Preventing Leakage in MapReduce

Mitigating Storage Side Channels Using Statistical Privacy Mechanisms

Nomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration

Thwarting Memory Disclosure with Efficient Hypervisor-enforced Intra-domain Isolation

POSTER SESSION: Demo & Poster Abstracts

DEMO: Action Recommendation for Cyber Resilience

POSTER: Secure Chat for the Masses? User-centered Security to the Rescue

POSTER: In the Net of the Spider: Measuring the Anonymity-Impact of Network-level Adversaries Against Tor

POSTER: Towards Compiler-Assisted Taint Tracking on the Android Runtime (ART)

POSTER: iPKI: Identity-based Private Key Infrastructure for Securing BGP Protocol

POSTER: Mobile Device Identification by Leveraging Built-in Capacitive Signature

POSTER: Implementing and Testing a Novel Chaotic Cryptosystem for Use in Small Satellites

POSTER: A Password-based Authentication by Splitting Roles of User Interface

POSTER: Page Table Manipulation Attack

POSTER: Toward Energy-Wasting Misbehavior Detection Platform with Privacy Preservation in Building Energy Use

POSTER: A Hardware Fingerprint Using GPU Core Frequency Variations

POSTER: The Popular Apps in Your Pocket Are Leaking Your Privacy

POSTER: PatchGen: Towards Automated Patch Detection and Generation for 1-Day Vulnerabilities

POSTER: Using Unit Testing to Detect Sanitization Flaws

POSTER: PsychoRithm: A Framework for Studying How Human Traits Affect User Response to Security Situations

POSTER: Dynamic Labelling for Analyzing Security Protocols

POSTER: Computations on Encrypted Data in the Internet of Things Applications

POSTER: Detecting Malicious Web Pages based on Structural Similarity of Redirection Chains

POSTER: WinOver Enterprise Dark Data

POSTER: A Logic Based Network Forensics Model for Evidence Analysis

POSTER: OFX: Enabling OpenFlow Extensions for Switch-Level Security Applications

POSTER: Blackboard-Based Electronic Warfare System

POSTER: PRINCESS: A Secure Cloud File Storage System for Managing Data with Hierarchical Levels of Sensitivity

POSTER: Pseudonymizing Client as a Privacy-Preserving Service: A Case Study of CDN

POSTER: biTheft: Stealing Your Secrets by Bidirectional Covert Channel Communication with Zero-Permission Android Application

POSTER: Lightweight Streaming Authenticated Data Structures

TUTORIAL SESSION: Tutorial Abstracts

Fraud Detection through Graph-Based User Behavior Modeling

Program Analysis for Mobile Application Integrity and Privacy Enforcement

Introduction to Cryptocurrencies

WORKSHOP SESSION: Workshop Summaries

Workshop Summary of AISec'15: 2015 Workshop on Artificial Intelligent and Security

CCSW 2015: The 7th ACM Cloud Computing Security Workshop

First Workshop on Cyber-Physical Systems Security and PrivaCy (CPS-SPC): Challenges and Research Directions

MIST 2015: 7th International Workshop on Managing Insider Security Threats

MTD 2015: Second ACM Workshop on Moving Target Defense

SafeConfig 2015: Workshop on Automated Decision Making for Active Cyber Defense

SPSM 2015: 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices

Fifth International Workshop on Trustworthy Embedded Devices (TrustED 2015)

WISCS'15: The 2nd ACM Workshop on Information Sharing and Collaborative Security

WPES 2015: The 14th Workshop on Privacy in the Electronic Society