ACM CCS 2016 Accepted papers
23rd ACM Conference on Computer and Communication Security
October 25 – 27, 2016, Hofburg Palace, Vienna, Austria
The following papers were accepted to be presented at CCS 2016:
Accepted papers
“Make Sure DSA Signing Exponentiations Really are Constant-Time”
Cesar Pereida Garcia (Aalto University), Billy Bob Brumley (Tampere University of Technology) and Yuval Yarom (The University of Adelaide)
5Gen: A Framework for Prototyping Applications Using Multilinear Maps and Matrix Branching Programs
Kevin Lewi (Stanford University), Alex J. Malozemoff (Galois), Daniel Apon (University of Maryland), Brent Carmer (Oregon State University), Adam Foltzer, Daniel Wagner, David W. Archer (Galois), Daniel Boneh (Stanford University), Jonathan Katz (University of Maryland) and Mariana Raykova (Yale University)
A Comprehensive Formal Security Analysis of OAuth 2.0
Daniel Fett, Ralf Küsters and Guido Schmitz (University of Trier)
A Secure Sharding Protocol For Open Blockchains
Loi Luu, Viswesh Narayanan, Chaodong Zheng, Kunal Baweja, Seth Gilbert and Prateek Saxena (National University of Singapore)
A Software Approach to Defeating Side Channels in Last-Level Caches
Ziqiao Zhou, Michael K. Reiter (University of North Carolina at Chapel Hill) and Yinqian Zhang (Ohio State University)
A Surfeit of SSH Cipher Suites
Maritin R. Albrecht, Jean Paul Degabriele ,Torben Hansen and Kenneth G. Paterson (Royal Holloway, University of London)
A Systematic Analysis of the Juniper Dual EC Incident
Stephen Checkoway (University of Illinois at Chicago), Jacob Maskiewicz (UC San Diego), Christina Garman (Johns Hopkins University), Joshua Fried (University of Pennsylvania), Shaanan Cohney (University of Pennsylvania), Matthew Green (Johns Hopkins University), Nadia Heninger (University of Pennsylvania), Ralf-Philipp Weinmann (Comsecuris), Eric Rescorla and Hovav Shacham (UC San Diego)
A Unilateral-to-Mutual Authentication Compiler for Key Exchange (with Applications to Client Authentication in TLS 1.3)
Hugo Krawczyk (IBM Research)
Accessorize to a Crime: Real and Stealthy Attacks on State-Of-The-Art Face Recognition
Mahmood Sharif, Sruti Bhagavatula, Lujo Bauer (Carnegie Mellon University) and Michael Reiter (University of North Carolina Chapel Hill)
Acing the IOC Game: Toward Automatic Discovery and Analysis of Open-Source Cyber Threat Intelligence
Xiaojing Liao (Georgia Institute of Technology), Kan Yuan (Indiana University Bloomington), XiaoFeng Wang (Indiana University Bloomington), Zhou Li (ACM member), Luyi Xing (Indiana University Bloomington) and Raheem Beyah (Georgia Institute of Technology)
AdScale: Scalable Private Advertising with Practical Trusted Third Parties
Matthew Green (Johns Hopkins University), Watson Ladd (University of California Berkeley) and Ian Miers (Johns Hopkins University)
Advanced Probabilistic Couplings for Differential Privacy
Gilles Barthe (IMDEA Software Institute), Noémie Fong (ENS & IMDEA Software Institute), Marco Gaboardi (University at Buffalo, SUNY), Benjamin Grégoire (Inria), Justin Hsu (University of Pennsylvania) and Pierre-Yves Strub (IMDEA Software Institute)
All Your DNS Records Point to Us: Understanding the Security Threats of Dangling DNS Records
Daiping Liu (University of Delaware), Shuai Hao College of (William and Mary) and Haining Wang (University of Delaware)
Alternative implementations of secure real numbers
Vassil Dimitrov (University of Calgary), Liisi Kerik (Cybernetica), Toomas Krips (STACC), Jaak Randmets and Jan Willemson (Cybernetica)
Amortizing Secure Computation with Penalties
Ranjit Kumaresan (MIT) and Iddo Bentov (Cornell)
An Empirical Study of Mnemonic Sentence-based Password Generation Strategies
Weining Yang, Ninghui Li, Omar Chowdhury, Aiping Xiong and Robert W. Proctor (Purdue University)
An In-Depth Study of More Than Ten Years of Java Exploitation
Philipp Holzinger, Stefan Triller (Fraunhofer SIT), Alexandre Bartel (TU Darmstadt) and Eric Bodden (Paderborn University)
Android ION Hazard: the Curse of Customizable Memory Management System
Hang Zhang, Dongdong She and Zhiyun Qian (University of California, Riverside)
Attacking OpenSSL Implementation of ECDSA with a Few Signatures
Shuqin Fan (State Key Laboratory of Cryptology), Wenbo Wang and Qingfeng Cheng (Luoyang University of Foreign Languages)
Attribute-based Key Exchange with General Policies
Vladimir Kolesnikov (Bell Labs), Hugo Krawczyk (IBM Research), Yehuda Lindell (Bar-llan University), Alex J. Malozemoff (Galios) and Tal Rabin (IBM Research)
AUDACIOUS: User-Driven Access Control with Unmodified Operating Systems
Talia Ringer, Dan Grossman and Franziska Roesner (University of Washington)
BeleniosRF: A Non-Interactive Receipt-Free Electronic Voting Scheme
Pyrros Chaidos, (University College London), Véronique Cortier (CNRS), Georg Fuchsbauer (Inria) and David Galindo (University of Birmingham)
Breaking Kernel Address Space Layout Randomization with Intel TSX
Yeongjin Jang, Sangho Lee and Taesoo Kim (Georgia Institute of Technology)
Breaking web applications built on top of encrypted data
Paul Grubbs (Cornell University), Richard McPherson (University of Texas, Austin), Muhammed Naveed (University of Southern California), Thomas Risenpart and Vitaly Shmatikov (Cornell Tech)
Build It, Break It, Fix It: Contesting Secure Development
Andrew Ruef, Michael Hicks, James Parker, Dave Levin, Michelle Mazurek (University of Maryland, College Park) and Piotr Mardziel (Carnegie Mellon University)
Call Me Back! Attacks on System Server and System Apps in Android through Synchronous Callback
Kai Wang, Yuqing Zhang (University of Chinese Academy of Sciences, Beijing) and Peng Liu (The Pennsylvania State University)
C-FLAT: Control-Flow Attestation for Embedded Systems Software
Tigist Abera (TU Darmstadt), N. Asokan (Aalto University), Lucas Davi (TU Darmstadt), Jan-Erik Ekberg (Trustonic), Thomas Nyman, Andrew Paverd (Aalto University), Ahmad-Reza Sadeghi (TU Darmstadt) and Gene Tsudik (University of California, Irvine)
Chainsaw: Chained Automated Workflow-Based Exploit Generation
Abeer Alhuzali, Birhanu Eshete, Rigel Gjomemo and Venkat Venkatakrishnan (University of Illinois at Chicago)
Computational Soundness for Dalvik Bytecode
Michael Backes, Robert Kuennemann (CISPA, Saarland University) and Esfandiar Mohammadi (ETH Zurich)
Content Security Problems? Evaluating the Effectiveness of Content Security Policy in the Wild
Stefano Calzavara, Alvise Rabitti and Michele Bugliesi (Università Ca’ Foscari Venezia)
Coverage-based Greybox Fuzzing as Markov Chain
Marcel Boehme, Van-Thuan Pham and Abhik Roychoudhury (National University of Singapore)
Covert Channels through Random Number Generator: Mechanisms, Capacity Estimation and Mitigations
Dmitry Evtyushkin and Dmitry Ponomarev (SUNY Binghamton)
CREDAL: Towards Locating a Memory Corruption Vulnerability with Your Core Dump
Jun Xu (Pennsylvania State University), Dongliang Mu (Nanjing University) Ping Chen, Xinyu Xing and Peng Liu (Pennsylvania State University)
CSP is Dead, Long Live CSP: On the Insecurity of Whitelists and the Future of the Content Security Policy
Lukas Weichselbaum, Michele Spagnuolo, Sebastian Lekies and Artur Janc (Google)
CSPAutoGen: Black-box Enforcement of Content Security Policy upon Real-World Websites
Xiang Pan (Northwestern University), Yinzhi Cao (Lehigh University), Shuangping Liu, Yu Zhou, Yan Chen, Yang Hu (Northwestern University) and Tingzhe Zhou (Lehigh University)
Deep Learning with Differential Privacy
Martin Abadi; Andy Chu (Google), Ian Goodfellow (OpenAl), Brendan McMahan, Ilya Mironov, Kunal Talwar and Li Zhang (Google)
Differential Privacy as a Mutual Information Constraint
Paul Cuff and Lanqing Yu (Princeton University)
Differentially Private Bayesian Programming
Gilles Barthe (IMDEA Software Institute), Gian Pietro Farina, Marco Gaboardi (University at Buffalo, SUNY), Emilio Jesús Gallego Arias (CRI Mines – ParisTech), Andrew D. Gordon (Microsoft Research), Justin Hsu (University of Pennsylvania) and Pierre-Yves Strub (IMDEA Software Institute)
DPSense: Differentially Private Crowdsourced Spectrum Sensing
Xiaocong Jin (Arizona State University), Rui Zhang (University of Hawaii), Yimin Chen, Tao Li and Yanchao Zhang (Arizona State University)
Draco: A System for Uniform and Fine-grained Access Control for Web Code on Android
Guliz Seray Tuncay, Soteris Demetriou and Carl Gunter (University of Illinois at Urbana-Champaign)
Drammer: Deterministic Rowhammer Attacks on Mobile Platforms
Victor van der Veen (Vrije Universiteit Amsterdam), Yanick Fratantonio, Martina Lindorfer (UC Santa Barbara), Daniel Gruss, Clementine Maurice (TU Graz), Giovanni Vigna (UC Santa Barbara), Herbert Bos, Kaveh Razavi and Cristiano Giuffrida (Vrije Universiteit Amsterdam)
ECDSA Key Extraction from Mobile Devices via Nonintrusive Physical Side Channels
Daniel Genkin (Technion), Lev Pachmanov, Itamar Pipman, Eran Tromer (Tel Aviv University) and Yuval Yarom (The University of Adelaide)
Efficient Batched Oblivious PRF with Applications to Private Set Intersection
Vladimir Kolesnikov (Bell Labs), Ranjit Kumaresan (MIT), Mike Rosulek and Ni Trieu (Oregon State University)
Efficient Cryptographic Password Hardening Services From Partially Oblivious Commitments
Jonas Schneider, Nils Fleischhacker (CISPA, Saarland University), Dominique Schröder (Friedrich-Alexander-University Erlangen-Nürnberg) and Michael Backes (CISPA, Saarland University)
Enforcing Least Privilege Memory Views for Multithreaded Applications
Terry Ching-Hsiang Hsu (Purdue University), Kevin Hoffman (eFolder), Patrick Eugster (TU Darmstadt) and Mathias Payer (Purdue University)
A EpicRec: Towards Practical Differentially Private Framework for Personalized Recommendation
Yilin Shen and Hongxia Jin (Samsung Research America)
Error Handling of In-vehicle Networks Makes Them Vulnerable
Kyong-Tak Cho and Kang G. Shin (University of Michigan)
FeatureSmith: Automatically Engineering Features for Malware Detection by Mining the Security Literature
Ziyun Zhu and Tudor Dumitras (University of Maryland)
Frodo: Take off the ring! Practical, Quantum-Secure Key Exchange from LWE
Joppe Bos (NXP Semiconductors), Craig Costello (Microsoft Research), Léo Ducas (CWI), Ilya Mironov (Google), Michael Naehrig (Microsoft Research), Valeria Nikolaenko (Stanford University), Ananth Raghunathan (Google) and Douglas Stebila (McMaster University)
Function Secret Sharing: Improvements and Extensions
Elette Boyle (IDC Herzliya), Niv Gilboa (Ben Gurion University) and Yuval Ishai (Technion)
GAME OF DECOYS: Optimal Decoy Routing Through Game Theory
Milad Nasr and Amir Houmansadr (UMass Amherst)
Garbling Gadgets for Boolean and Arithmetic Circuits
Marshall Ball, Tal Malkin (Columbia University) and Mike Rosulek (Oregon State University)
Generic Attacks on Secure Outsourced Databases
Georgios Kellaris (Harvard University), George Kollios (Boston University), Kobbi Nissim (Ben-Gurion University) and Adam O´Neill (Georgetown University)
Hardware Trojan-Resilience via Testing Amplification
Stefan Dziembowski (University of Warsaw), Sebastian Faust (University of Bochum) and Francois-Xavier Standaert (Université catholique de Louvain)
Hash First, Argue Later: Adaptive Verifiable Computations on Outsourced Data
Dario Fiore (IMDEA Software Institute), Cédric Fournet (Microsoft Research), Esha Ghosh (Brown University), Markulf Kohlweiss, Olga Ohrimenko and Bryan Parno (Microsoft Research)
Heavy Hitter Estimation over Set-Valued Data with Local Differential Privacy
Zhan Qin (Qatar Computing Research Institute), Yin David Yang (Hamad Bin Khalifa University), Ting Yu, Issa Khalil (Qatar Computing Research Institute), Xiaokui Xiao (Nanyang Technological University) and Kui Ren (SUNY Buffalo)
High Fidelity Data Reduction for Big Data Security Dependency Analyses
Zhang Xu (College of William and Mary), Zhenyu Wu, Zhichun Li, Kangkook Jee, Junghwan Rhee, Xusheng Xiao, Fengyuan Xu (NEC Laboratories America), Haining Wang (University of Delaware) and Guofei Jiang (NEC Laboratories America)
High-Throughput Semi-Honest Secure Three-Party Computation with an Honest Majority
Toshinori Araki, Jun Furukawa (NEC), Yehuda Lindell, Ariel Nof (Bar-llan University) and Kazuma Ohara (NEC)
Host of Troubles: Multiple Host Ambiguities in HTTP Implementations
Jianjun Chen (Tsinghua University), Jian Jiang (University of California, Berkeley), Haixin Duan (Tsinghua University), Nicholas Weaver (International Computer Science Institute), Tao Wan (Huawei Canada) and Vern Paxson (International Computer Science Institute
How I Learned to be Secure: a Census-Representative Survey of Security Advice Sources and Behavior
Elissa M. Redmiles (University of Maryland), Sean Kross (Johns Hopkins University) and Michelle L. Mazurek (University of Maryland)
Hypnoguard: Protecting Secrets across Sleep-wake Cycles
Lianying Zhao, Mohammad Mannan (Concordia University)
Identifying the Scanners and Attack Infrastructure behind Amplification DDoS attacks
Johannes Krupp, Michael Backes and Christian Rossow (CISPA, Saarland University)
Identity-Concealed Authenticated Encryption and Key Exchange
Yunlei Zhao (Fudan University)
iLock: Immediate and Automatic Locking of Mobile Devices against Data Theft
Tao Li, Yimin Chen, Jinchao Sun, Xiaocong Jin, Yanchao Zhang (Arizona State University)
Improvements to Secure Computation with Penalties
Ranjit Kumaresan, Vinod Vaikuntanathan and Prashant Nalini Vasudevan (MIT)
Instant and Robust Authentication and Key Agreement among Mobile Devices
Wei Xi (Xi’an Jiaotong University), Chen Qian (University of Kentucky), Jinsong Han, Kun Zhao (Xi’an Jiaotong University), Sheng Zhong (Nanjing University), Xiang-Yang Li (University of Science and Technology of China) and Jizhong Zhao (Xi’an Jiaotong University)
Leave Your Phone at the Door: Side Channels that Reveal Factory Floor Secrets
Avesta Hojjati, Katarina Struckmann, Anku Adhikari (University of Illinois at Urbana-Champaign), Thi Ngoc Tho Nguyen (ADSC), Edward J. Chou, Carl A. Gunter, Marianne Winslett, William P. King (University of Illinois at Urbana-Champaign)
Limiting The Impact of Stealthy Attacks on Industrial Control Systems
David I. Urbina, Jairo Giraldo, Alvaro A. Cardenas (The University of Texas at Dallas), Nils Ole Tippenhauer (Singapore University of Technology and Design), Junia Valente, Mustafa Faisal, Justin Ruths (The University of Texas at Dallas), Richard Candell (National Institute of Standards and Technology) and Henrik Sandberg (Royal Institute of Technology)
Lurking Malice in the Cloud: Understanding and Detecting Cloud Repository as a Malicious Service
Xiaojing Liao (Georgia Institute of Technology), Sumayah Alrwais, Kan Yuan, Luyi Xing, XiaoFeng Wang (Indiana University Bloomington), Shuang Hao (University of California Santa Barbara) and Raheem Beyah (Georgia Institute of Technology)
Making Smart Contracts Smarter
Loi Luu, Duc-Hiep Chu (National University of Singapore), Hrishi Olickel (Yale-NUS College), Prateek Saxena (National University of Singapore) and Aquinas Hobor (Yale-NUS College & National University of Singapore)
MASCOT: Faster Malicious Arithmetic Secure Computation with Oblivious Transfer
Marcel Keller, Emmanuela Orsini and Peter Scholl (University of Bristol)
Measurement and Analysis of Private Key Sharing in the HTTPS Ecosystem
Frank Canglialosi (University of Maryland), Taejoong Chung, David Choffnes (Northeastern University), Dave Levin (University of Maryland), Bruce M. Maggs (Duke University), Alan Mislove and Christo Wilson (Northeastern University)
Membership Privacy in MicroRNA-based Studies
Michael Backes, Pascal Berrang, Mathias Humbert and Praveen Manoharan (CISPA, Saarland University)
MEMS Gyroscopes as Physical Unclonable Functions
Oliver Willers, Chrisptopher Huth (Robert Bosch GmbH), Jorge Guajardo (Robert Bosch LLC – RTC) and Helmut Seidel (Saarland University)
MERS: Statistical Test Generation for Side-Channel Analysis based Trojan Detection
Yuanwen Huang, Swarup Bhunia and Prabhat Mishra (University of Florida)
Message-recovery attacks on Feistel-based Format Preserving Encryption
Mihir Bellare (UC San Diego), Viet Tung Hoang and Stefano Tessaro (UC Santa Barbara)
MiddlePolice: Toward Enforcing Destination-Defined Policies in the Middle of the Internet
Zhuotao Liu (UIUC), Hao Jin (Nanjing University), Yih-Chun Hu and Michael Bailey (UIUC)
Mix&Slice: Efficient Access Revocation in the Cloud
Enrico Bacis (Università degli Studi di Bergamo), Sabrina De Capitani di Vimercati, Sara Foresti (Università degli Studi di Milano), Stefano Paraboschi, Marco Rosa (Università degli Studi di Bergamo) and Pierangela Samarati (Università degli Studi di Milano)
MPC-Friendly Symmetric Key Primitives
Lorenzo Grassi, Christian Rechberger (TU Graz), Dragos Rotaru, Peter Scholl, Nigel P. Smart (University of Bristol)
My Smartphone Knows What You Print: Exploring Smartphone-based Side-channel Attacks Against 3D Printer
Chen Song, Feng Lin, Zhongije Ba, Kui Ren, Chi Zhou, Wenyao Xu (University at Buffalo, State University of New York)
New Security Threats Caused by IMS-based SMS Service in 4G LTE Networks
Guan-Hua Tu (Michigan State University), Chi-Yu Li (National Chiao Tung University), Chunyi Peng (Ohio State University), Yuanjie Li and Songwu Lu (University of California, Los Angeles)
On Code Execution Tracking via Power Side-Channel
Yannan Liu, Lingxiao Wei, Zhe Zhou, Kehuan Zhang (The Chinese University of Hong Kong), Wenyuan Xu (Zhejiang University) and Qiang Xu (The Chinese University of Hong Kong)
On the instability of Bitcoin without the block reward
Miles Carlsten, Harry Kalodner, Matthew Weinberg and Arvind Narayanan (Princeton University)
On the Practical (In-)Security of 64-bit Block Ciphers: Collision Attacks on HTTP over TLS and OpenVPN
Karthikeyan Bhargavan and Gaëtan Leurent (INRIA)
On the provable security of (EC)DSA signatures
Manuel Fersch, Eike Kiltz and Bertram Poettering (Ruhr University Bochum)
On the Security and Performance of Proof of Work Blockchains
Arthur Gervais (ETH Zürich), Ghassan O. Karame (NEC Laboratories Europe), Karl Wüst, Vasileios Glykantzis, Hubert Ritzdorf and Srdjan Capkun (ETH Zürich)
On the Security and Usability of Segment-based Visual Cryptographic Authentication Protocols
Tianhao Wang, Huangyi Ge, Omar Chowdhury, Hemanta K. Maij and Ninghui Li (Purdue University)
On the Security of Cracking-Resistant Password Vaults
Maximilian Golla, Benedict Beuscher and Markus Dürmuth (Ruhr-University Bochum)
Online tracking: A 1-million-site measurement and analysis
Steven Englehardt and Arvind Narayanan (Princeton University)
Optimizing Semi-Honest Secure Multiparty Computation for the Internet
Aner Ben-Efraim (Ben-Gurion University), Yehuda Lindell (Bar-Ilan University) and Eran Omri (Ariel University)
Order-Revealing Encryption: New Constructions, Applications, and Lower Bounds
Kevin Lewi and David J. Wu (Stanford University)
Over-The-Top Bypass: Study of a Recent Telephony Fraud
Merve Sahin and Aurélien Francillon (Eurecom)
PhishEye: Live Monitoring of Sandboxed Phishing Kits
Xiao Han, Nizar Kheir (Orange Labs) and Davide Balzarotti (Eurecom)
PIPSEA: A Practical IPsec Gateway on Embedded APUs
Jungho Park, Wookeun Jung, Gangwon Jo, Ilkoo Lee and Jaejin Lee (Seoul National University)
POPE: Partial Order Preserving Encoding
Daniel S. Roche (United States Naval Academy), Daniel Apon (University of Maryland), Seung Geol Choi (United States Naval Academy) and Arkady Yerukhimovich (MIT Lincoln Laboratory)
Practical Anonymous Password Authentication and TLS with Anonymous Client Authentication
Zhenfeng Zhang, Kang Yang (Chinese Academy of Sciences), Xuexian Hu (State Key Laboratory of Mathematical Engineering and Advanced Computing) and Yuchen Wang (Chinese Academy of Sciences)
Practical Censorship Evasion Leveraging Content Delivery Networks
Hadi Zolfaghari and Amir Houmansadr (UMass Amherst)
Practical Detection of Entropy Loss in Pseudo-Random Number Generators
Felix Dörre and Vladimir Klebanov (Karlsruhe Institute of Technology)
Practical Non-Malleable Codes from $\ell$-more Extractable Hash Functions
Aggelos Kiayias (University of Edinburgh), Feng-Hao Liu (Florida Atlantic University) and Yiannis Tselekounis (National and Kapodistrian University of Athens)
PREDATOR: Proactive Recognition and Elimination of Domain Abuse at Time-Of-Registration
Shuang Hao (UC Santa Barbara), Alex Kantchelian (UC Berkeley), Brad Miller (Google), Vern Paxson (UC Berkeley) and Nick Feamster (Princeton University)
Prefetch Side-Channel Attacks: Bypassing SMAP and Kernel ASLR
Daniel Gruss, Clémentine Maurice (TU Graz), Andreas Fogh (G-Data Advanced Analytics), Moritz Lipp and Stefan Mangard (TU Graz)
Protecting insecure communications with topology-aware network tunnels
Georgios Kontaxis and Angelos D. Keromytis (Columbia University)
ProvUSB: Block-level Provenance-Based Data Protection for USB Storage Devices
Dave (Jing) Tian (University of Florida), Adam Bates (University of Illinois at Urbana-Champaign), Kevin R.B. Butler (University of Florida) and Raju Rangaswami (Florida International University)
Reliable Third-Party Library Detection in Android and its Security Applications
Michael Backes, Sven Bugiel and Erik Derr (CISPA, Saarland University)
Return-Oriented Flush-Reload Side Channels on ARM and Their Implications for Android Devices
Xiaokuan Zhang, Yuan Xiao and Yinqian Zhang (The Ohio State University)
Safe Serializable Secure Scheduling: Transactions and the Trade-off Between Security and Consistency
Isaac Sheff, Tom Magrino, Jed Liu, Andrew C. Myers and Robert Van Renesse (Cornell)
Safely Measuring Tor
Rob Jansen and Aaron Johnson (U.S. Naval Research Laboratory)
SANA: Secure and Scalable Aggregate Network Attestation
Moreno Ambrosin, Mauro Conti (University of Padua), Ahmad Ibrahim (TU Darmstadt), Gregory Neven (IBM Research), Ahmad-Reza Sadeghi (TU Darmstadt) and Matthias Schunter (Intel Labs – Darmstadt)
SandScout: Automatic Detection of Flaws in iOS Sandbox Profiles
Luke Deshotels (North Carolina State University), Razvan Deaconescu, Mihai Chiroiu (University POLITEHNICA of Bucharest), Lucas Davi (TU Darmstadt), William Enck (North Carolina State University) and Ahmad-Reza Sadeghi (TU Darmstadt)
Scalable Graph-based Bug Search for Firmware Images
Qian Feng, Rundong Zhou, Chengcheng Xu, Yao Cheng, Brian Testa and Heng Yin (Syracuse University)
Secure Stable Matching at Scale
Jack Doerner, David Evans and Abhi Shelat (University of Virginia)
SFADiff: Automated Evasion Attacks and Fingerprinting Using Blackbox Differential Automata Learning
George Argyros (Columbia University), Ioannis Stais (University of Athens), Suman Jana, Angelos Keromytis (Columbia University) and Aggelos Kiayias (University of Edinburgh)
Slitheen: Perfectly imitated decoy routing through traffic replacement
Cecylia Bocovich and Ian Goldberg (University of Waterloo)
SmartWalk: Enhancing Social Network Security via Adaptive Random Walks
Yushan Liu (Princeton University), Shouling Ji (Georgia Tech) and Prateek Mittal (Princeton University)
Sophos – Forward Secure Searchable Encryption
Raphael Bost (Direction Générale de l’Armement – Maitrise de l’Information & Université de Rennes 1)
Statistical Deobfuscation of Android Applications
Benjamin Bichsel, Veselin Raychev, Petar Tsankov and Martin Vechev (ETH Zurich)
Stemming Downlink Leakage from Training Sequences in Multi-User MIMO Networks
Yunlong Mao, Yuan Zhang and Sheng Zhong (Nanjing University)
Strong non-interference and type-directed higher-order masking
Gilles Barthe (IMDEA Software Institute), Sonia Belaïd (Thales Communications & Security), François Dupressoir (IMDEA Software Institute), Pierre-Alain Fouque (Université Rennes 1), Benjamin Grégoire (Inria), Pierre-Yves Strub (IMDEA Software Institute) and Rebecca Zucchini (Inria)
Systematic Fuzzing and Testing of TLS Libraries
Juraj Somorovsky (Ruhr University Bochum)
TaintART: A Practical Multi-level Information-Flow Tracking System for Android RunTime
Mingshen Sun (The Chinese University of Hong Kong), Tao Wei (Baidu) and John C.S. Lui (The Chinese University of Hong Kong)
Targeted Online Password Guessing: An Underestimated Threat
Ding Wang, Zijian Zhang, Ping Wang (Peking University), Jeff Yan (Lancaster University) and Xinyi Huang (Fujian Normal University)
The “Web/Local” Boundary Is Fuzzy – A Security Study of Chrome’s Process-based Sandboxing
Yaoqi Jia, Zheng Leong Chua, Hong Hu (National University of Singapore), Shuo Chen (Microsoft Research), Prateek Saxena and Zhenkai Liang (National University of Singapore)
The Honey Badger of BFT Protocols
Andrew Miller (University of Maryland), Yu Xia (Tsinghua University), Kyle Croman, Elaine Shi (Cornell University) and Dawn Song (University of California)
The Misuse of Android Unix Domain Sockets and Security Implications
Yuru Shao, Yunhan Jack Jia, Z. Morley Mao (University of Michigan), Jason Ott and Zhiyun Qian (University of California)
The Ring of Gyges: Investigating the Future of Criminal Smart Contracts
Ari Juels (Jacobs Institute), Ahmed Kosba (University of Maryland) and Elaine Shi (Cornell University)
The Shadow Nemesis: Inference Attacks on Efficiently Deployable, Efficiently Searchable Encryption
David Pouliot and Charles V. Wright (Portland State University)
The Sounds of the Phones: Dangers of Zero-Effort Second Factor Login based on Ambient Audio
Babins Shrestha, Maliheh Shirvanian, Prakash Shrestha and Nitesh Saxena (University of Alabama at Birmingham)
Town Crier: An Authenticated Data Feed for Smart Contracts
Fan Zhang, Ethan Cecchetti (Cornell University), Kyle Croman (Jacobs Institute), Ari Juels (Cornell Tech) and Elaine Shi (Cornell University)
Transparency Overlays and Applications
Melissa Chase (Microsoft Research Redmond) and Sarah Meiklejohn (University College London)
Twice the Bits, Twice the Trouble: Vulnerabilities Induced by Migrating to 64-Bit Platforms
Christian Wressnegger, Fabian Yamaguchi, Alwin Maier and Konrad Rieck (TU Braunschweig)
TypeSanitizer: Practical Type Confusion Detection
Istvan Haller, Erik van der Kouwe (Vrije Universiteit Amsterdam), Jeon Yuseok, Hui Peng, Mathias Payer (CS, Purdue University), Cristiano Giuffrida and Herbert Bos (Vrije Universiteit Amsterdam)
UniSan: Proactive Kernel Memory Initialization to Eliminate Data Leakages
Kangjie Lu, Chengyu Song, Taesoo Kim and Wenke Lee (Georgia Institute of Technology)
Using Reflexive Eye Movements For Fast Challenge-Response Authentication
Ivo Sluganovic, Marc Roeschlin, Kasper B. Rasmussen and Ivan Martinovic (University of Oxford)
VoiceLive: A Phoneme Localization based Liveness Detection for Voice Authentication on Smartphones
Linghan Zhang, Sheng Tan, Jie Yang (Florida State University) and Yingying Chen (Stevens Institute of Technology)
What Else is Revealed by Order-Revealing Encryption?
F. Betül Durak, David Cash (Rutgers University) and Thomas M. DuBuisson (Galois)
When CSI Meets Public WiFi: Inferring Your Mobile Phone Password via WiFi Signals
Mengyuan Li, Yan Meng, Junyi Liu, Haojin Zhu (Shanghai Jiao Tong University), Xiaohui Liang (University of Massachusetts at Boston), Yao Liu (University of South Florida) and Na Ruan (Shanghai Jiao Tong University)
Λ○λ: Functional Lattice Cryptography
Eric Crockett (Georgia Institute of Technology) and Chris Peikert (University of Michigan)