ACM CCS 2015

22nd ACM Conference on Computer and Communications Security

The Denver Marriot City Center, Denver, Colorado, US

October 12-16, 2015

  • Aspens
  • Pikes Peak
  • Denver Skyline
  • Welcome to Colorado
  • Denver Museum of Nature and Science
  • Denver Zoo
  • Garden of the Gods
  • Rocky Mountain National Park

Accepted Papers

  • Automating Fast and Secure Translations from Type-I to Type-III Pairing Schemes
    Joseph A. Akinyele (Johns Hopkins Univ.); Christina Garman (Johns Hopkins Univ.); Susan Hohenberger (Johns Hopkins Univ.)

  • Group Signatures with Probabilistic Revocation: A Computationally-Scalable Approach for Providing Privacy-Preserving Authentication
    Vireshwar Kumar (Virginia Tech); He Li (Virginia Tech); Jung-Min (Jerry) Park (Virginia Tech); Kaigui Bian (Peking Univ.); Yaling Yang (Virginia Tech)

  • Face/Off: Preventing Privacy Leakage From Photos in Social Networks
    Panagiotis Ilia (FORTH); Iasonas Polakis (Columbia Univ.); Elias Athanasopoulos (FORTH); Federico Maggi (Politecnico di Milano); Sotiris Ioannidis (FORTH)

  • VCCFinder: Finding Potential Vulnerabilities in Open-Source Projects to Assist Code Audits
    Henning Perl (Fraunhofer FKIE); Daniel Arp (Universität Göttingen); Sergej Dechand (Universität Bonn); Fabian Yamaguchi (Universität Göttingen); Sascha Fahl (Fraunhofer FKIE); Yasemin Acar (Universität Hannover); Konrad Rieck (Universität Göttingen); Matthew Smith (Universität Bonn)

  • Where's Wally? Precise User Discovery Attacks in Location Proximity Services
    Iasonas Polakis (Columbia Univ.); George Argyros (Columbia Univ.); Theofilos Petsios (Columbia Univ.); Suphannee Sivakorn (Columbia Univ.); Angelos D. Keromytis (Columbia Univ.)

  • From System Services Freezing to System Server Shutdown in Android: All You Need Is a Loop in an Application
    Heqing Huang (The Pennsylvania State Univ.); Sencun Zhu (The Pennsylvania State Univ.); Kai Chen (Chinese Academy of Sciences); Peng Liu (The Pennsylvania State Univ.)

  • Security by Any Other Name: On the Effectiveness of Provider Based Email Security
    Ian Foster (Univ. of California, San Diego); Jon Larson (Univ. of California, San Diego); Max Masich (Univ. of California, San Diego); Alex C. Snoeren (Univ. of California, San Diego); Stefan Savage (Univ. of California, San Diego); Kirill Levchenko (Univ. of California, San Diego)

  • Moat: Verifying Confidentiality of Enclave Programs
    Rohit Sinha (Univ. of California, Berkeley); Sriram Rajamani (Microsoft Research); Sanjit Seshia (Univ. of California, Berkeley); Kapil Vaswani (Microsoft Research)

  • Cracking App Isolation on Apple: Unauthorized Cross-App Resource Access on MAC OS X and iOS
    Luyi Xing (Indiana Univ. Bloomington); Xiaolong Bai (Indiana Univ. Bloomington & Tsinghua Univ.); Tongxin Li (Peking Univ.); XiaoFeng Wang (Indiana Univ. Bloomington); Kai Chen (Indiana Univ. Bloomington & Chinese Academy of Sciences); Xiaojing Liao (Georgia Institute of Technology); Shi-Min Hu (Tsinghua Univ.); Xinhui Han (Peking Univ.)

  • Differential Privacy with Bounded Priors: Reconciling Utility and Privacy in Genome-Wide Association Studies
    Florian Tramèr (EPFL); Zhicong Huang (EPFL); Erman Ayday (Bilkent Univ.); Jean-Pierre Hubaux (EPFL)

  • Clean Application Compartmentalization with SOAAP
    Khilan Gudka (Univ. of Cambridge); Robert N.M. Watson (Univ. of Cambridge); Jonathan Anderson (Memorial Univ.); David Chisnall (Univ. of Cambridge); Brooks Davis (SRI International); Ben Laurie (Google UK Ltd.); Ilias Marinos (Univ. of Cambridge); Peter G. Neumann (SRI International); Alex Richardson (Univ. of Cambridge)

  • Seeing Your Face Is Not Enough: An Inertial Sensor-Based Liveness Detection for Face Authentication
    Yan LI (Singapore Management Univ.); Yingjiu LI (Singapore Management Univ.); Qiang YAN (Singapore Management Univ.); Hancong KONG (Singapore Management Univ.); Robert H. DENG (Singapore Management Univ.)

  • GCM-SIV: Full Nonce Misuse-Resistant Authenticated Encryption at Under One Cycle per Byte
    Shay Gueron (Univ. of Haifa); Yehuda Lindell (Bar-Ilan Univ.)

  • Sunlight: Fine-grained Targeting Detection at Scale with Statistical Confidence
    Mathias Lecuyer (Columbia Univ.); Riley Spahn (Columbia Univ.); Yannis Spiliopoulos (Columbia Univ.); Augustin Chaintreau (Columbia Univ.); Roxana Geambasu (Columbia Univ.); Daniel Hsu (Columbia Univ.)

  • Defeating IMSI Catchers
    Fabian van den Broek (Radboud Univ. Nijmegen); Roel Verdult (Radboud Univ. Nijmegen); Joeri de Ruiter (Univ. of Birmingham)

  • Deniable Key Exchanges for Secure Messaging
    Nik Unger (Univ. of Waterloo); Ian Goldberg (Univ. of Waterloo)

  • LOOP: Logic-Oriented Opaque Predicate Detection in Obfuscated Binary Code
    Jiang Ming (The Pennsylvania State Univ.); Dongpeng Xu (The Pennsylvania State Univ.); Li Wang (The Pennsylvania State Univ.); Dinghao Wu (The Pennsylvania State Univ.)

  • Insecurity of Voice Solution VoLTE in LTE Mobile Networks
    Chi-Yu Li (UCLA); Guan-Hua Tu (UCLA); Chunyi Peng (OSU); Zengwen Yuan (UCLA); Yuanjie Li (UCLA); Songwu Lu (UCLA); Xinbing Wang (Shanghai Jiao Tong Univ.)

  • Fast Garbling of Circuits Under Standard Assumptions
    Shay Gueron (Univ. of Haifa and Intel); Yehuda Lindell (Bar Ilan Univ.); Ariel Nof (Bar Ilan Univ.); Benny Pinkas (Bar Ilan Univ.)

  • Drops for Stuff: An Analysis of Reshipping Mule Scams
    Shuang Hao (UC Santa Barbara); Kevin Borgolte (UC Santa Barbara); Nick Nikiforakis (Stony Brook University); Gianluca Stringhini (University College London); Manuel Egele (Boston University); Michael Eubanks (Federal Bureau of Investigation); Brian Krebs (KrebsOnSecurity.com); Giovanni Vigna (UC Santa Barbara & Lastline Inc.)

  • Nonoutsourceable Scratch-Off Puzzles to Discourage Bitcoin Mining Coalitions
    Andrew Miller (Univ. of Maryland); Ahmed Kosba (Univ. of Maryland); Elaine Shi (Cornell Univ.); Jonathan Katz (Univ. of Maryland)

  • Surpass: System-initiated user-replaceable passwords
    Jun Ho Huh (Honeywell ACS Labs); Seongyeol Oh (Sungkyunkwan Univ.); Hyoungshick Kim (Sungkyunkwan Univ.); Konstantin Beznosov (Univ. of British Columbia); Apurva Mohan (Honeywell ACS Labs); Raj Rajagopalan (Honeywell ACS Labs)

  • Secure Deduplication of Encrypted Data without Additional Independent Servers
    Jian Liu (Aalto Univ.); N. Asokan (Aalto Univ. and Univ. of Helsinki); Benny Pinkas (Bar Ilan Univ.);

  • Using Linearly-Homomorphic Encryption to Evaluate Degree-2 Functions on Encrypted Data
    Dario Catalano (Univ. of Catania); Dario Fiore (IMDEA Software Institute)

  • From Facepalm to Brain Bender: Exploring Client-Side Cross-Site Scripting
    Ben Stock (FAU Erlangen-Nuremberg); Stephan Pfistner (SAP SE); Bernd Kaiser (FAU Erlangen-Nuremberg); Sebastian Lekies (Ruhr-Univ. Bochum); Martin Johns (SAP SE)

  • Leakage-Resilient Authentication and Encryption from Symmetric Cryptographic Primitives
    Olivier Pereira (Universite catholique de Louvain); Francois-Xavier Standaert (Universite catholique de Louvain); Srinivas Vivek (Univ. of Luxembourg & Univ. of Bristol)

  • CoDisasm : Medium scale concatic disassembly of self-modifying binaries with overlapping instructions
    Guillaume Bonfante (Universitè de Lorraine); Josè Fernandez (Ecole Politechnique, Canada); Jean-Yves Marion (Universitè de Lorraine); Rouxel (Universitè de Lorraine); Sabatier (INRIA); Thierry (Universitè de Lorraine)

  • HORNET: High-speed Onion Routing at the Network Layer
    Chen Chen (ETH Zurich & Carnegie Mellon Univ.); Daniele E. Asoni (ETH Zurich); David Barrera (ETH Zurich); George Danezis (Univ. College London); Adrian Perrig (ETH Zurich);

  • Frequency-Hiding Order-Preserving Encryption
    Florian Kerschbaum (SAP)

  • Transparent Data Deduplication in the Cloud
    Frederik Armknecht (Univ. of Mannheim); Jens-Matthias Bohli (NEC Laboratories Europe); Ghassan O. Karame (NEC Laboratories Europe); Franck Youssef (NEC Laboratories Europe)

  • Monte Carlo Strength Evaluation: Fast and Reliable Password Checking
    Matteo Dell'Amico (Symantec Research Labs); Maurizio Filippone (Univ. of Glasgow)

  • The Clock is Still Ticking: Timing Attacks in the Modern Web
    Tom Van Goethem (KU Leuven); Wouter Joosen (KU Leuven); Nick Nikiforakis (Stony Brook Univ.)

  • Maneuvering Around Clouds: Bypassing Cloud-based Security Providers
    Thomas Vissers (KU Leuven); Tom Van Goethem (KU Leuven); Wouter Joosen (KU Leuven); Nick Nikiforakis (Stony Brook Univ.)

  • Circuit ORAM: On Tightness of the Goldreich-Ostrovsky Lower Bound
    Xiao Shaun Wang (Univ. of Maryland); T-H. Hubert Chan (HKU); Elaine Shi (Cornell Univ.)

  • Subversion-Resilient Signature Schemes
    Giuseppe Ateniese (Sapienza Univ. of Rome); Bernardo Magri (Sapienza Univ. of Rome); Daniele Venturi (Sapienza Univ. of Rome)

  • Automated Analysis and Synthesis of Authenticated Encryption Schemes
    Viet Tung Hoang (Univ. of Maryland, Georgetown Univ.); Jonathan Katz (Univ. of Maryland); Alex J. Malozemoff (Univ. of Maryland)

  • From Collision To Exploitation: Unleashing Use-After-Free Vulnerabilities in Linux Kernel
    Wen Xu (Shanghai Jiao Tong Univ.); Juanru Li (Shanghai Jiao Tong Univ.); Junliang Shu (Shanghai Jiao Tong Univ.); Wenbo Yang (Shanghai Jiao Tong Univ.); Tianyi Xie (Shanghai Jiao Tong Univ.); Yuanyuan Zhang (Shanghai Jiao Tong Univ.); Dawu Gu (Shanghai Jiao Tong Univ.)

  • Equivalence-based Security for Querying Encrypted Databases: Theory and Application to Privacy Policy Audits
    Omar Chowdhury (Purdue Univ.); Deepak Garg (Max Planck Institute for Software Systems); Limin Jia (Carnegie Mellon Univ.); Anupam Datta (Carnegie Mellon Univ.)

  • FlowWatcher: Defending against Data Disclosure Vulnerabilities in Web Applications
    Divya Muthukumaran (Imperial College London); Dan O'Keeffe (Imperial College London); Christian Priebe (Imperial College London); David Eyers (Univ. of Otago); Brian Shand (NCRS, Public Health England); Peter Pietzuch (Imperial College London)

  • Protecting Locations with Differential Privacy under Temporal Correlations
    Yonghui Xiao (Emory Univ.); Li Xiong (Emory Univ.)

  • Ciphertext-only Cryptanalysis on Hardened Mifare Classic Cards
    Carlo Meijer (Radboud University); Roel Verdult (Radboud University)

  • MalGene: Automatic Extraction of Malware Analysis Evasion Signature
    Dhilung Kirat (UC Santa Barbara); Giovanni Vigna (UC Santa Barbara)

  • Static Detection of Packet Injection Vulnerabilities -- A Case for Identifying Attacker-controlled Implicit Information Leaks
    Qi Alfred Chen (Univ. of Michigan); Zhiyun Qian (Univ. of California Riverside); Yunhan Jack Jia (Univ. of Michigan); Yuru Shao (Univ. of Michigan); Z. Morley Mao (Univ. of Michigan)

  • Per-Input Control-Flow Integrity
    Ben Niu (Lehigh Univ.); Gang Tan (Lehigh Univ.)

  • Mitigating Storage Side Channels Using Statistical Privacy Mechanisms
    Qiuyu Xiao (Univ. of North Carolina at Chapel Hill); Michael K. Reiter (Univ. of North Carolina at Chapel Hill); Yinqian Zhang (The Ohio State Univ.)

  • Control Jujutsu: On the Weaknesses of Fine-Grained Control Flow Integrity
    Isaac Evans (MIT Lincoln Laboratory); Fan Long (MIT CSAIL); Ulziibayar Otgonbaatar (MIT CSAIL); Howard Shrobe (MIT CSAIL); Martin Rinard (MIT CSAIL); Hamed Okhravi (MIT Lincoln Laboratory); Stelios Sidiroglou-Douskos (MIT CSAIL)

  • Authenticating Privately over Public Hotspots
    Aldo Cassola (Northeastern Univ. & Univ. San Francisco de Quito); Erik-Oliver Blass (Airbus Group Innovations & Northeastern Univ.); Guevara Noubir (Northeastern Univ.)

  • Hare Hunting in the Wild Android: A Study on the Threat of Hanging Attribute References
    Yousra Aafer (Syracuse Univ.); Nan Zhang (Indiana Univ. Bloomington); Zhongwen Zhang (Institute of Information Engineering, Chinese Academic of Sciences); Xiao Zhang (Syracuse Univ.); Kai Chen (Indiana Univ. Bloomington, Chinese Academy of Sciences); XiaoFeng Wang (Indiana Univ. Bloomington); Xiaoyong Zhou (Samsung Research America); Wenliang Du (Syracuse Univ.); Michael Grace (Samsung Research America)

  • Practicing Oblivious Access on Cloud Storage: the Gap, the Fallacy and the New Way Forward
    Vincent Bindschaedler (Univ. of Illinois at Urbana-Champaign); Muhammad Naveed (Univ. of Illinois at Urbana-Champaign); Xiaorui Pan (Indiana Univ. Bloomington); XiaoFeng Wang (Indiana Univ. Bloomington); Yan Huang (Indiana Univ. Bloomington)

  • GUITAR: Piecing Together Android App GUIs from Memory Images
    Brendan Saltaformaggio (Purdue Univ.); Rohit Bhatia (Purdue Univ.); Zhongshu Gu (Purdue Univ.); Xiangyu Zhang (Purdue Univ.); Dongyan Xu (Purdue Univ.)

  • Inference Attacks on Property-Preserving Encrypted Databases
    Muhammad Naveed (Univ. of Illinois at Urbana-Champaign); Seny Kamara (Microsoft Research); Charles V Wright (Portland State Univ.)

  • Perplexed Messengers from the Cloud: Automated Security Analysis of Push-Messaging Integrations
    Yangyi Chen (Indiana Univ. Bloomington); Tongxin Li (Peking Univ.); XiaoFeng Wang (Indiana Univ. Bloomington); Kai Chen (Indiana Univ. Bloomington and Institute of Information Engineering, CAS); Xinhui Han (Peking Univ.)

  • A Cryptographic Analysis of the TLS 1.3 Handshake Protocol Candidates
    Benjamin Dowling (Queensland Univ. of Technology); Marc Fischlin (Technische Universität Darmstadt); Felix Günther (Technische Universität Darmstadt); Douglas Stebila (Queensland Univ. of Technology)

  • Unearthing Stealthy Program Attacks Buried in Extremely Long Execution Paths
    Xiaokui Shu (Virginia Tech); Danfeng (Daphne) Yao (Virginia Tech); Naren Ramakrishnan (Virginia Tech)

  • Tampering with the Delivery of Blocks and Transactions in Bitcoin
    Arthur Gervais (ETH Zurich); Hubert Ritzdorf (ETH Zurich); Ghassan O. Karame (NEC Laboratories Europe); Srdjan Capkun (ETH Zurich)

  • WebCapsule: Towards a Lightweight Forensic Engine for Web Browsers
    Christopher Neasbitt (Univ. of Georgia); Bo Li (Univ. of Georgia); Roberto Perdisci (Univ. of Georgia); Long Lu (Stony Brook Univ.); Kapil Singh (IBM Research); Kang Li (Univ. of Georgia)

  • On the Security of TLS 1.3 and QUIC Against Weaknesses in PKCS#1 v1.5 Encryption
    Tibor Jager (Ruhr Univ. Bochum); Jörg Schwenk (Ruhr Univ. Bochum); Juraj Somorovsky (Ruhr Univ. Bochum)

  • (Un)linkable Pseudonyms for Governmental Databases
    Jan Camenisch (IBM Research Zurich); Anja Lehmann (IBM Research Zurich)

  • Demystifying Incentives In The Consensus Computer
    Loi Luu (National Univ. of Singapore); Jason Teutsch (National Univ. of Singapore); Raghav Kulkarni (National Univ. of Singapore); Prateek Saxena (National Univ. of Singapore)

  • A Multi-Modal Neuro-Physiological Study of Phishing Detection and Malware Warnings
    Ajaya Neupane (Univ. of Alabama at Birmingham); Md. Lutfor Rahman (Marvin Technologies); Nitesh Saxena (Univ. of Alabama at Birmingham); Leanne Hirshfield (Syracuse Univ.)

  • CrowdTarget: Target-based Detection of Crowdturfing in Online Social Networks
    Jonghyuk Song (Pohang Univ. of Science and Technology); Sangho Lee (Pohang Univ. of Science and Technology); Jong Kim (Pohang Univ. of Science and Technology)

  • Automated Symbolic Proofs of Observational Equivalence
    David Basin (ETH Zurich); Jannik Dreier (ETH Zurich); Ralf Sasse (ETH Zurich)

  • Symbolic Execution of Obfuscated Code
    Babak Yadegari (Univ. of Arizona); Saumya Debray (Univ. of Arizona)

  • A Domain-Specific Language for Low-Level Secure Multiparty Computation Protocols
    Peeter Laud (Cybernetica AS); Jaak Randmets (Cybernetica AS & Univ. of Tartu)

  • Certified PUP: Abuse in Authenticode Code Signing
    Platon Kotzias (IMDEA Software Institute); Srdjan Matic (Universita degli Studi di Milano); Richard Rivera (IMDEA Software Institute); Juan Caballero (IMDEA Software Institute)

  • Blazing Fast 2PC in the Offline/Online Setting with Security for Malicious Adversaries
    Yehuda Lindell (Bar-Ilan Univ.); Ben Riva (Bar-Ilan Univ.)

  • Caronte: Detecting Location Leaks for Deanonymizing Tor Hidden Services
    Srdjan Matic (Universita degli Studi di Milano); Platon Kotzias (IMDEA Software Institute); Juan Caballero (IMDEA Software Institute)

  • When Good Becomes Evil: Keystroke Inference with Smartwatch
    Xiangyu Liu (The Chinese Univ. of Hong Kong); Zhe Zhou (The Chinese Univ. of Hong Kong); Wenrui Diao (The Chinese Univ. of Hong Kong); Zhou Li (ACM Member); Kehuan Zhang (The Chinese Univ. of Hong Kong)

  • Towards Automatic Generation of Security-Centric Descriptions for Android Apps
    Mu Zhang (NEC Laboratories America); Yue Duan (Syracuse Univ.); Qian Feng (Syracuse Univ.); Heng Yin (Syracuse Univ.)

  • SEDA: Scalable Embedded Device Attestation
    N. Asokan (Aalto Univ. and Univ. of Helsinki); Ferdinand Brasser (Technische Universität Darmstadt); Ahmad Ibrahim (Technische Universität Darmstadt); Ahmad-Reza Sadeghi (Technische Universität Darmstadt); Matthias Schunter (Intel Collaborative Research Institute for Secure Computing (ICRI-SC), Darmstadt); Gene Tsudik (Univ. of California, Irvine); Christian Wachsmann (Technische Universität Darmstadt)

  • Losing Control: On the Effectiveness of Control-Flow Integrity under Stack Attacks
    Christopher Liebchen (Technische Universität Darmstadt); Marco Negro (Technische Universität Darmstadt); Per Larsen (Univ. of California, Irvine); Lucas Davi (Technische Universität Darmstadt); Ahmad-Reza Sadeghi (Technische Universität Darmstadt); Stephen Crane (Univ. of California, Irvine); Mohaned Qunaibit (Univ. of California, Irvine); Michael Franz (Univ. of California, Irvine); Mauro Conti (Univ. of Padua)

  • GRECS: Graph Encryption for Approximate Shortest Distance Queries
    Xianrui Meng (Boston Univ.); Seny Kamara (Microsoft Research); Kobbi Nissim (Ben-Gurion Univ.); George Kollios (Boston Univ.)

  • Practical Context-Sensitive CFI
    Victor van der Veen (VU University Amsterdam); Dennis Andriesse (VU University Amsterdam); Enes Göktas (VU University Amsterdam); Ben Gras (VU University Amsterdam); Lionel Sambuc (VU University Amsterdam); Asia Slowinska (VU University Amsterdam, Lastline, Inc.); Herbert Bos (VU University Amsterdam); Cristiano Giuffrida (VU University Amsterdam);

  • Provisions: Privacy-preserving proofs of solvency for Bitcoin exchanges
    Jeremy Clark (Concordia Univ.); Gaby Dagher (Concordia Univ.); Benedikt Bünz (Stanford Univ.); Joseph Bonneau (Stanford Univ. & EFF); Dan Boneh (Stanford Univ.)

  • iRiS: Vetting Private API Abuse in iOS Applications
    Zhui Deng (Purdue Univ.); Brendan Saltaformaggio (Purdue Univ.); Xiangyu Zhang (Purdue Univ.); Dongyan Xu (Purdue Univ.)

  • CCFI: Cryptographically Enforced Control Flow Integrity
    Ali Jose Mashtizadeh (Stanford Univ.); Andrea Bittau (Stanford Univ.); Dan Boneh (Stanford Univ.); David Mazieres (Stanford Univ.)

  • Model Inversion Attacks that Exploit Confidence Information and Basic Countermeasures
    Matt Fredrikson (Carnegie Mellon Univ.); Somesh Jha (Univ. of Wisconsin); Thomas Ristenpart (Cornell Tech)

  • Automated Synthesis of Optimized Circuits for Secure Computation
    Daniel Demmler (TU Darmstadt); Ghada Dessouky (TU Darmstadt); Farinaz Koushanfar (Rice Univ.); Ahmad-Reza Sadeghi (TU Darmstadt); Thomas Schneider (TU Darmstadt); Shaza Zeitouni (TU Darmstadt)

  • PyCRA: Physical Challenge-Response Authentication for Active Sensors Under Spoofing Attacks
    Yasser Shoukry (UCLA); Paul Martin (UCLA); Yair Yona (UCLA); Suhas Diggavi (UCLA); Mani Srivastava (UCLA)

  • Detecting and Exploiting Second Order Denial-of-Service Vulnerabilities in Web Applications
    Oswaldo Olivo (The Univ. of Texas at Austin); Isil Dillig (The Univ. of Texas at Austin); Calvin Lin (The Univ. of Texas at Austin)

  • Mass-surveillance without the State: Strongly Undetectable Algorithm-Substitution Attacks
    Mihir Bellare (UCSD); Joseph Jaeger (UCSD); Daniel Kane (UCSD)

  • It's a TRAP: Table Randomization and Protection against Function Reuse Attacks
    Stephen Crane (Univ. of California, Irvine); Stijn Volckaert (Universiteit Gent); Felix Schuster (Ruhr-Universität Bochum); Christopher Liebchen (Technische Universität Darmstadt); Per Larsen (Univ. of California, Irvine); Lucas Davi (Technische Universität Darmstadt); Ahmad-Reza Sadeghi (Technische Universität Darmstadt); Thorsten Holz (Ruhr-Universität Bochum); Bjorn De Sutter (Universiteit Gent); Michael Franz (Univ. of California, Irvine)

  • TOPAS --- 2-Pass Key Exchange with Full Perfect Forward Secrecy and Optimal Communication Complexity
    Sven Schäge (Ruhr-Universität Bochum)

  • Inlined Information Flow Monitoring for JavaScript
    Andrey Chudnov (Stevens Institute of Technology); David A. Naumann (Stevens Institute of Technology)

  • Heisenbyte: Thwarting Memory Disclosure Attacks using Destructive Code Reads
    Adrian Tang (Columbia Univ.); Simha Sethumadhavan (Columbia Univ.); Salvatore Stolfo (Columbia Univ.)

  • Liar, Liar, Coins on Fire! --- Penalizing Equivocation By Loss of Bitcoins
    Tim Ruffing (CISPA, Saarland Univ.); Aniket Kate (CISPA, Saarland Univ.); Dominique Schröder (CISPA, Saarland Univ.)

  • Privacy-Preserving Deep Learning
    Reza Shokri (Univ. of Texas at Austin); Vitaly Shmatikov (Cornell Tech)

  • Cross-Site Search Attacks
    Nethanel Gelernter (Bar-Ilan Univ.); Amir Herzberg (Bar-Ilan Univ.)

  • AUTOREB: Automatically Understanding the Review-to-Behavior Fidelity in Android Applications
    Deguang Kong (Samsung Research America); Lei Cen (Purdue Univ.); Hongxia Jin (Samsung Research America)

  • Thwarting Memory Disclosure with Efficient Hypervisor-enforced Intra-domain Isolation
    Yutao Liu (Shanghai Jiao Tong Univ.); Tianyu Zhou (Shanghai Jiao Tong Univ.); Kexin Chen (Shanghai Jiao Tong Univ.); Haibo Chen (Shanghai Jiao Tong Univ.); Yubin Xia (Shanghai Jiao Tong Univ.)

  • Timely Rerandomization for Mitigating Memory Disclosures
    David Bigelow (MIT Lincoln Laboratory); Thomas Hobson (MIT Lincoln Laboratory); Robert Rudd (MIT Lincoln Laboratory); William Streilein (MIT Lincoln Laboratory); Hamed Okhravi (MIT Lincoln Laboratory)

  • TrustOTP: Transforming Smartphones into Secure One-Time Password Tokens
    He Sun (College of William and Mary & Chinese Academy of Sciences); Kun Sun (College of William and Mary); Yuewu Wang (Chinese Academy of Sciences); Jiwu Jing (Chinese Academy of Sciences)

  • Exploiting Temporal Dynamics in Sybil Defenses
    Peng Gao (Princeton Univ.); Changchang Liu (Princeton Univ.); Matthew Wright (Univ. of Texas at Arlington); Prateek Mittal (Princeton Univ.)

  • ASLR-Guard: Stopping Address Space Leakage for Code Reuse Attacks
    Kangjie Lu (Georgia Institute of Technology); Chengyu Song (Georgia Institute of Technology); Byoungyoung Lee (Georgia Institute of Technology); Simon P. Chung (Georgia Institute of Technology); Taesoo Kim (Georgia Institute of Technology); Wenke Lee (Georgia Institute of Technology)

  • Observing and Preventing Leakage in MapReduce
    Olga Ohrimenko (Microsoft Research); Manuel Costa (Microsoft Research); Cédric Fournet (Microsoft Research); Christos Gkantsidis (Microsoft Research); Markulf Kohlweiss (Microsoft Research); Divya Sharma (Carnegie Mellon University)

  • CacheBrowser: Bypassing Chinese Censorship without Proxies Using Cached Content
    John A. Holowczak (Univ. of Massachusetts Amherst); Amir Houmansadr (Univ. of Massachusetts Amherst)

  • Automated Proofs of Pairing-Based Cryptography
    Gilles Barthe (IMDEA Software Institute); Benjamin Grègoire (INRIA); Benedikt Schmidt (IMDEA Software Institute)

  • Traitor Deterring Schemes: Using Bitcoin as Collateral for Digital Content
    Aggelos Kiayias (National and Kapodistrian Univ. of Athens); Qiang Tang (Univ. of Connecticut);

  • White-Box Cryptography Revisited: Space-Hard Ciphers
    Andrey Bogdanov (Technical Univ. of Denmark); Takanori Isobe (Sony Corporation)

  • Leakage-Abuse Attacks Against Searchable Encryption
    David Cash (Rutgers Univ.); Paul Grubbs (Cornell Univ., SkyHigh Networks); Jason Perry (Rutgers Univ.); Thomas Ristenpart (Cornell Tech)

  • Constant Communication ORAM with Small Blocksize
    Tarik Moataz (Colorado State Univ. & Telecom Bretagne); Travis Mayberry (United States Naval Academy); Erik-Oliver Blass (Airbus Group Innovations)

  • Walls Have Ears! Opportunistically Communicating Secret Messages Over the Wiretap Channel: from Theory to Practice
    Qian Wang (Wuhan Univ.); Kui Ren (The State Univ. of New York at Buffalo); Guancheng Li (Wuhan Univ.); Chenbo Xia (Wuhan Univ.); Xiaobing Chen (Wuhan Univ.); Zhibo Wang (Wuhan Univ.); Qin Zou (Wuhan Univ.)

  • A Search Engine Backed by Internet-Wide Scanning
    Zakir Durumeric (Univ. of Michigan); David Adrian (Univ. of Michigan); Ariana Mirian (Univ. of Michigan); Michael Bailey (Univ. of Illinois at Urbana-Champaign); J. Alex Halderman (Univ. of Michigan)

  • An Empirical Study of Web Vulnerability Discovery Ecosystems
    Mingyi Zhao (Pennsylvania State Univ.); Jens Grossklags (Pennsylvania State Univ.); Peng Liu (Pennsylvania State Univ.)

  • Fast and Secure Three-party Computation: The Garbled Circuit Approach
    Payman Mohassel (Yahoo Labs); Mike Rosulek (Oregon State Univ.); Ye Zhang (Penn State Univ.)

  • Nomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration
    Soo-Jin Moon (Carnegie Mellon Univ.); Vyas Sekar (Carnegie Mellon Univ.); Michael K. Reiter (Univ. of North Carolina at Chapel Hill)

  • Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice
    David Adrian (Univ. of Michigan); Karthikeyan Bhargavan (INRIA Paris-Rocquencourt); Zakir Durumeric (Univ. of Michigan); Pierrick Gaudry (INRIA Nancy-Grand Est, CNRS and Université de Lorraine); Matthew Green (Johns Hopkins Univ.); J. Alex Halderman (Univ. of Michigan); Nadia Heninger (Univ. of Pennsylvania); Drew Springall (Univ. of Michigan); Emmanuel Thomé (INRIA Nancy-Grand Est, CNRS and Université de Lorraine); Luke Valenta (Univ. of Pennsylvania); Benjamin VanderSloot (Univ. of Michigan); Eric Wustrow (Univ. of Michigan); Santiago Zanella-Béguelin (Microsoft Research); Paul Zimmermann (INRIA Nancy-Grand Est, CNRS and Université de Lorraine)

  • The Spy in the Sandbox: Practical Cache Attacks in Javascript and their Implications
    Yossef Oren (Columbia Univ.); Vasileios P. Kemerlis (Columbia Univ.); Simha Sethumadhavan (Columbia Univ.); Angelos D. Keromytis (Columbia Univ.)

  • Location-restricted Service Access Control Leveraging Pinpoint Waveforming
    Tao Wang (Univ. of South Florida); Yao Liu (Univ. of South Florida); Qingqi Pei (Xidian Univ.); Tao Hou (Univ. of South Florida)

  • The SICILIAN Defense: Signature-based Whitelisting of Web JavaScript
    Pratik Soni (National Univ. of Singapore); Enrico Budianto (National Univ. of Singapore); Prateek Saxena (National Univ. of Singapore)

  • IntegriDB: Verifiable SQL for Outsourced Databases
    Yupeng Zhang (Univ. of Maryland); Jonathan Katz (Univ. of Maryland); Charalampos Papamanthou (Univ. of Maryland)

  • How to Use Bitcoin to Play Decentralized Poker
    Ranjit Kumaresan (MIT); Tal Moran (IDC Herzliya); Iddo Bentov (Technion)

  • Micropayments for Decentralized Currencies
    Rafael Pass (Cornell Tech); abhi shelat (U Virginia)

  • Android Root and its Providers: A Double-Edged Sword
    Hang Zhang (Univ. of California, Riverside); Dongdong She (Univ. of California, Riverside); Zhiyun Qian (Univ. of California, Riverside)

  • Seeing through Network Protocol Obfuscation
    Liang Wang (Univ. of Wisconsin); Kevin P. Dyer (Portland State Univ.); Aditya Akella (Univ. of Wisconsin); Thomas Ristenpart (Cornell Tech); Thomas Shrimpton (Portland State Univ.)

  • UCognito: Private Browsing without Tears
    Meng Xu (Georgia Institute of Technology); Yeongjin Jang (Georgia Institute of Technology); Xinyu Xing (Georgia Institute of Technology); Taesoo Kim (Georgia Institute of Technology); Wenke Lee (Georgia Institute of Technology)

  • SafeDSA: Safeguard Dynamic Spectrum Access against Fake Secondary Users
    Xiaocong Jin (Arizona State Univ.); Jingchao Sun (Arizona State Univ.); Rui Zhang (Univ. of Hawaii); Yanchao Zhang (Arizona State Univ.)

  • Breaking and Fixing VoLTE: Exploiting Hidden Data Channels and Mis-implementations
    Hongil Kim (KAIST); Dongkwan Kim (KAIST); Minhee Kwon (KAIST); HyungSeok Han (KAIST); Yeongjin Jang (Georgia Institute of Technology); Dongsu Han (KAIST); Taesoo Kim (Georgia Institute of Technology); Yongdae Kim (KAIST)

  • Trusted Display on Untrusted Commodity Platforms
    Miao Yu (Carnegie Mellon Univ.); Virgil D. Gligor (Carnegie Mellon Univ.); Zongwei Zhou (Carnegie Mellon Univ.)

  • VCR: App-Agnostic Recovery of Photographic Evidence from Android Device Memory Images
    Brendan Saltaformaggio (Purdue Univ.); Rohit Bhatia (Purdue Univ.); Zhongshu Gu (Purdue Univ.); Xiangyu Zhang (Purdue Univ.); Dongyan Xu (Purdue Univ.)

  • Fast Non-Malleable Commitments
    Hai Brenner (IDC Herzliya); Vipul Goyal (Microsoft Research, Bangalore); Silas Richelson (UCLA); Alon Rosen (IDC Herzliya); Margarita Vald (Tel Aviv Univ.)

  • Optimal Distributed Password Verification
    Jan Camenisch (IBM Research - Zurich); Anja Lehmann (IBM Research - Zurich); Gregory Neven (IBM Research - Zurich)

  • Lattice Basis Reduction Attack against Physically Unclonable Functions
    Fatemeh Ganji (Technische Universität Berlin); Juliane Krämer (Technische Universität Darmstadt); Jean-Pierre Seifert (Technische Universität Berlin); Shahin Tajik (Technische Universität Berlin)

  • The Dropper Effect: Insights into Malware Distribution with Downloader Graph Analytics
    Bum Jun Kwon (Univ. of Maryland); Jayanta Mondal (Univ. of Maryland); Jiyong Jang (IBM Research, Yorktown Heights); Leyla Bilge (Symantec Research Labs, France); Tudor Dumitraș (Univ. of Maryland)

  • Efficient Genome-Wide, Privacy-Preserving Similar Patient Query based on Private Edit Distance
    Xiao Shaun Wang (Univ. of Maryland); Yan Huang (Indiana Univ. Bloomington); Yongan Zhao (Indiana Univ. Bloomington); Haixu Tang (Indiana Univ. Bloomington); Xiaofeng Wang (Indiana Univ. Bloomington); Diyue Bu (Indiana Univ. Bloomington)

  • SPRESSO: A Secure, Privacy-Respecting Single Sign-On System for the Web
    Daniel Fett (Univ. of Trier); Ralf Kuesters (Univ. of Trier); Guido Schmitz (Univ. of Trier)

  • DEMOS-2: Scalable E2E Verifiable Elections without Random Oracles
    Aggelos Kiayias (National and Kapodistrian Univ. of Athens); Thomas Zacharias (National and Kapodistrian Univ. of Athens); Bingsheng Zhang (Lancaster Univ.)

  • Falcon Codes: Fast, Authenticated LT Codes (Or: Making Rapid Tornadoes Unstoppable)
    Ari Juels (Cornell Tech); James Kelley (NetApp); Roberto Tamassia (Brown Univ.); Nikos Triandopoulos (RSA Laboratories & Boston Univ.)