CCS '16- Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security

Full Citation in the ACM Digital Library

SESSION: Keynote

Cybersecurity, Nuclear Security, Alan Turing, and Illogical Logic

SESSION: Paper Session 1A: Blockchain I

On the Security and Performance of Proof of Work Blockchains

A Secure Sharding Protocol For Open Blockchains

The Honey Badger of BFT Protocols

SESSION: Paper Session 1B: Differential Privacy

Differential Privacy as a Mutual Information Constraint

Advanced Probabilistic Couplings for Differential Privacy

Differentially Private Bayesian Programming

SESSION: Paper Session 1C: Android Security

The Misuse of Android Unix Domain Sockets and Security Implications

Call Me Back!: Attacks on System Server and System Apps in Android through Synchronous Callback

Draco: A System for Uniform and Fine-grained Access Control for Web Code on Android

SESSION: Paper Session 1D: Hardware Protection

Strong Non-Interference and Type-Directed Higher-Order Masking

MERS: Statistical Test Generation for Side-Channel Analysis based Trojan Detection

Private Circuits III: Hardware Trojan-Resilience via Testing Amplification

SESSION: Paper Session 2A: Blockchain II

On the Instability of Bitcoin Without the Block Reward

Transparency Overlays and Applications

SESSION: Paper Session 2B: Differentially Private Systems I

EpicRec: Towards Practical Differentially Private Framework for Personalized Recommendation

Heavy Hitter Estimation over Set-Valued Data with Local Differential Privacy

SESSION: Paper Session 2C: Access Control

AUDACIOUS: User-Driven Access Control with Unmodified Operating Systems

Mix&Slice: Efficient Access Revocation in the Cloud

SESSION: Paper Session 2D: Security and Persistence

Safe Serializable Secure Scheduling: Transactions and the Trade-Off Between Security and Consistency

ProvUSB: Block-level Provenance-Based Data Protection for USB Storage Devices

SESSION: Paper Session 3A: Smart Contracts

Making Smart Contracts Smarter

Town Crier: An Authenticated Data Feed for Smart Contracts

The Ring of Gyges: Investigating the Future of Criminal Smart Contracts

SESSION: Paper Session 3B: Differentially Private Systems II

DPSense: Differentially Private Crowdsourced Spectrum Sensing

Deep Learning with Differential Privacy

Membership Privacy in MicroRNA-based Studies

SESSION: Paper Session 3C: Mobile Software Analysis

TaintART: A Practical Multi-level Information-Flow Tracking System for Android RunTime

Statistical Deobfuscation of Android Applications

Reliable Third-Party Library Detection in Android and its Security Applications

SESSION: Paper Session 3D: Kernel Memory Security

Prefetch Side-Channel Attacks: Bypassing SMAP and Kernel ASLR

Breaking Kernel Address Space Layout Randomization with Intel TSX

Enforcing Least Privilege Memory Views for Multithreaded Applications

SESSION: Paper Session 4A: Secure MPC I

Improvements to Secure Computation with Penalties

Amortizing Secure Computation with Penalties

MPC-Friendly Symmetric Key Primitives

SESSION: Paper Session 4B: Attacks on Ciphers

Message-Recovery Attacks on Feistel-Based Format Preserving Encryption

On the Practical (In-)Security of 64-bit Block Ciphers: Collision Attacks on HTTP over TLS and OpenVPN

A Systematic Analysis of the Juniper Dual EC Incident

SESSION: Paper Session 4C: Big Data Meets Security

Scalable Graph-based Bug Search for Firmware Images

SmartWalk: Enhancing Social Network Security via Adaptive Random Walks

High Fidelity Data Reduction for Big Data Security Dependency Analyses

SESSION: Paper Session 4D: Types and Memory Safety

TypeSan: Practical Type Confusion Detection

CREDAL: Towards Locating a Memory Corruption Vulnerability with Your Core Dump

Twice the Bits, Twice the Trouble: Vulnerabilities Induced by Migrating to 64-Bit Platforms

SESSION: Paper Session 5A: Secure MPC II

Alternative Implementations of Secure Real Numbers

Garbling Gadgets for Boolean and Arithmetic Circuits

Optimizing Semi-Honest Secure Multiparty Computation for the Internet

SESSION: Paper Session 5B: Physically Based Authentication

MEMS Gyroscopes as Physical Unclonable Functions

On the Security and Usability of Segment-based Visual Cryptographic Authentication Protocols

Instant and Robust Authentication and Key Agreement among Mobile Devices

SESSION: Paper Session 5C: Web Security

Measurement and Analysis of Private Key Sharing in the HTTPS Ecosystem

Chainsaw: Chained Automated Workflow-based Exploit Generation

CSPAutoGen: Black-box Enforcement of Content Security Policy upon Real-world Websites

SESSION: Paper Session 5D: Security Bug Finding

How I Learned to be Secure: a Census-Representative Survey of Security Advice Sources and Behavior

Practical Detection of Entropy Loss in Pseudo-Random Number Generators

Build It, Break It, Fix It: Contesting Secure Development

SESSION: Paper Session 6A: Phone Security using Formal Methods

SandScout: Automatic Detection of Flaws in iOS Sandbox Profiles

Computational Soundness for Dalvik Bytecode

SESSION: Paper Session 6B: Attestation

SANA: Secure and Scalable Aggregate Network Attestation

C-FLAT: Control-Flow Attestation for Embedded Systems Software

SESSION: Paper Session 6C: Mine your Literature

Acing the IOC Game: Toward Automatic Discovery and Analysis of Open-Source Cyber Threat Intelligence

FeatureSmith: Automatically Engineering Features for Malware Detection by Mining the Security Literature

SESSION: Paper Session 6D: Security Studies

An In-Depth Study of More Than Ten Years of Java Exploitation

"The Web/Local" Boundary Is Fuzzy: A Security Study of Chrome's Process-based Sandboxing

SESSION: Paper Session 7A: Secure MPC III

High-Throughput Semi-Honest Secure Three-Party Computation with an Honest Majority

Efficient Batched Oblivious PRF with Applications to Private Set Intersection

MASCOT: Faster Malicious Arithmetic Secure Computation with Oblivious Transfer

SESSION: Paper Session 7B: Side-Channel Attacks

Covert Channels through Random Number Generator: Mechanisms, Capacity Estimation and Mitigations

Return-Oriented Flush-Reload Side Channels on ARM and Their Implications for Android Devices

A Software Approach to Defeating Side Channels in Last-Level Caches

SESSION: Paper Session 7C: Acoustic Attacks

Leave Your Phone at the Door: Side Channels that Reveal Factory Floor Secrets

My Smartphone Knows What You Print: Exploring Smartphone-based Side-channel Attacks Against 3D Printers

The Sounds of the Phones: Dangers of Zero-Effort Second Factor Login based on Ambient Audio

SESSION: Paper Session 7D: Protection Across Executions

UniSan: Proactive Kernel Memory Initialization to Eliminate Data Leakages

iLock: Immediate and Automatic Locking of Mobile Devices against Data Theft

Hypnoguard: Protecting Secrets across Sleep-wake Cycles

SESSION: Paper Session 8A: Lattices and Obfuscation

5Gen: A Framework for Prototyping Applications Using Multilinear Maps and Matrix Branching Programs

Λολ: Functional Lattice Cryptography

Frodo: Take off the Ring! Practical, Quantum-Secure Key Exchange from LWE

SESSION: Paper Session 8B: Attacks and Defenses

On Code Execution Tracking via Power Side-Channel

Coverage-based Greybox Fuzzing as Markov Chain

Error Handling of In-vehicle Networks Makes Them Vulnerable

SESSION: Paper Session 8C: Phone Security

Using Reflexive Eye Movements for Fast Challenge-Response Authentication

When CSI Meets Public WiFi: Inferring Your Mobile Phone Password via WiFi Signals

VoiceLive: A Phoneme Localization based Liveness Detection for Voice Authentication on Smartphones

SESSION: Paper Session 8D: Infrastructure Attacks

Limiting the Impact of Stealthy Attacks on Industrial Control Systems

Over-The-Top Bypass: Study of a Recent Telephony Fraud

New Security Threats Caused by IMS-based SMS Service in 4G LTE Networks

SESSION: Paper Session 9A: Order-Revealing and Searchable Encryption

POPE: Partial Order Preserving Encoding

∑oφoς: Forward Secure Searchable Encryption

What Else is Revealed by Order-Revealing Encryption?

Order-Revealing Encryption: New Constructions, Applications, and Lower Bounds

SESSION: Paper Session 9B: Authentication

Practical Anonymous Password Authentication and TLS with Anonymous Client Authentication

Efficient Cryptographic Password Hardening Services from Partially Oblivious Commitments

A Comprehensive Formal Security Analysis of OAuth 2.0

SESSION: Paper Session 9C: Passwords

An Empirical Study of Mnemonic Sentence-based Password Generation Strategies

On the Security of Cracking-Resistant Password Vaults

Targeted Online Password Guessing: An Underestimated Threat

SESSION: Paper Session 9D: Internet Security

PIPSEA: A Practical IPsec Gateway on Embedded APUs

MiddlePolice: Toward Enforcing Destination-Defined Policies in the Middle of the Internet

Protecting Insecure Communications with Topology-aware Network Tunnels

SESSION: Paper Session 10A: Specialized Crypto Tools

Function Secret Sharing: Improvements and Extensions

Hash First, Argue Later: Adaptive Verifiable Computations on Outsourced Data

Practical Non-Malleable Codes from l-more Extractable Hash Functions

SESSION: Paper Session 10B: Crypto Implementations

A Surfeit of SSH Cipher Suites

Systematic Fuzzing and Testing of TLS Libraries

Attacking OpenSSL Implementation of ECDSA with a Few Signatures

SESSION: Paper Session 10C: Measuring Security in the Wild

Content Security Problems?: Evaluating the Effectiveness of Content Security Policy in the Wild

CSP Is Dead, Long Live CSP! On the Insecurity of Whitelists and the Future of Content Security Policy

Online Tracking: A 1-million-site Measurement and Analysis

SESSION: Paper Session 10D: Network Security I

PhishEye: Live Monitoring of Sandboxed Phishing Kits

All Your DNS Records Point to Us: Understanding the Security Threats of Dangling DNS Records

Identifying the Scan and Attack Infrastructures Behind Amplification DDoS Attacks

SESSION: Paper Session 11A: Key Exchange

A Unilateral-to-Mutual Authentication Compiler for Key Exchange (with Applications to Client Authentication in TLS 1.3)

Attribute-based Key Exchange with General Policies

Identity-Concealed Authenticated Encryption and Key Exchange

SESSION: Paper Session 11B: Attacks using a Little Leakage

Generic Attacks on Secure Outsourced Databases

The Shadow Nemesis: Inference Attacks on Efficiently Deployable, Efficiently Searchable Encryption

Breaking Web Applications Built On Top of Encrypted Data

SESSION: Paper Session 11C: More Attacks

Host of Troubles: Multiple Host Ambiguities in HTTP Implementations

Accessorize to a Crime: Real and Stealthy Attacks on State-of-the-Art Face Recognition

Lurking Malice in the Cloud: Understanding and Detecting Cloud Repository as a Malicious Service

SESSION: Paper Session 11D: Network Security II

Safely Measuring Tor

PREDATOR: Proactive Recognition and Elimination of Domain Abuse at Time-Of-Registration

Stemming Downlink Leakage from Training Sequences in Multi-User MIMO Networks

SESSION: Paper Session 12A: Secure Protocols

A Protocol for Privately Reporting Ad Impressions at Scale

Secure Stable Matching at Scale

BeleniosRF: A Non-interactive Receipt-Free Electronic Voting Scheme

SESSION: Paper Session 12B: DSA/ECDSA

ECDSA Key Extraction from Mobile Devices via Nonintrusive Physical Side Channels

"Make Sure DSA Signing Exponentiations Really are Constant-Time"

On the Provable Security of (EC)DSA Signatures

SESSION: Paper Session 12C: Even more Attacks

Android ION Hazard: the Curse of Customizable Memory Management System

Drammer: Deterministic Rowhammer Attacks on Mobile Platforms

SFADiff: Automated Evasion Attacks and Fingerprinting Using Black-box Differential Automata Learning

SESSION: Paper Session 12D: Censorship Resistance

Slitheen: Perfectly Imitated Decoy Routing through Traffic Replacement

Practical Censorship Evasion Leveraging Content Delivery Networks

GAME OF DECOYS: Optimal Decoy Routing Through Game Theory


POSTER: An Educational Network Protocol for Covert Channel Analysis Using Patterns

POSTER: A Behavioural Authentication System for Mobile Users

POSTER: A Keyless Efficient Algorithm for Data Protection by Means of Fragmentation

POSTER: Accuracy vs. Time Cost: Detecting Android Malware through Pareto Ensemble Pruning

POSTER: Attack on Non-Linear Physical Unclonable Function

POSTER: ConcurORAM: High-Throughput Parallel Multi-Client ORAM

POSTER: DataLair: A Storage Block Device with Plausible Deniability

POSTER: DroidShield: Protecting User Applications from Normal World Access

POSTER: Efficient Cross-User Chunk-Level Client-Side Data Deduplication with Symmetrically Encrypted Two-Party Interactions

POSTER: Fingerprinting Tor Hidden Services

POSTER: I Don't Want That Content! On the Risks of Exploiting Bitcoin's Blockchain as a Content Store

POSTER: Identifying Dynamic Data Structures in Malware

POSTER: Improved Markov Strength Meters for Passwords

POSTER: Insights of Antivirus Relationships when Detecting Android Malware: A Data Analytics Approach

POSTER: KXRay: Introspecting the Kernel for Rootkit Timing Footprints

POSTER: Locally Virtualized Environment for Mitigating Ransomware Threat

POSTER: Mapping the Landscape of Large-Scale Vulnerability Notifications

POSTER: Phishing Website Detection with a Multiphase Framework to Find Visual Similarity

POSTER: Privacy Enhanced Secure Location Verification

POSTER: Re-Thinking Risks and Rewards for Trusted Third Parties

POSTER: RIA: an Audition-based Method to Protect the Runtime Integrity of MapReduce Applications

POSTER: Security Enhanced Administrative Role Based Access Control Models

POSTER: (Semi)-Supervised Machine Learning Approaches for Network Security in High-Dimensional Network Data

POSTER: Static ROP Chain Detection Based on Hidden Markov Model Considering ROP Chain Integrity

POSTER: The ART of App Compartmentalization

POSTER: Toward Automating the Generation of Malware Analysis Reports Using the Sandbox Logs

POSTER: Towards Collaboratively Supporting Decision Makers in Choosing Suitable Authentication Schemes

POSTER: Towards Exposing Internet of Things: A Roadmap

POSTER: Towards Highly Interactive Honeypots for Industrial Control Systems

POSTER: Towards Privacy-Preserving Biometric Identification in Cloud Computing

POSTER: VUDEC: A Framework for Vulnerability Management in Decentralized Communication Networks

POSTER: Weighing in eHealth Security

POSTER: WiPING: Wi-Fi signal-based PIN Guessing attack


DEMO: Easy Deployment of a Secure Internet Architecture for the 21st Century: How hard can it be to build a secure Internet?

DEMO: High-Throughput Secure Three-Party Computation of Kerberos Ticket Generation

DEMO: Integrating MPC in Big Data Workflows

DEMO: OffPAD - Offline Personal Authenticating Device with Applications in Hospitals and e-Banking

DEMO: Starving Permission-Hungry Android Apps Using SecuRank


Program Anomaly Detection: Methodology and Practices

Security on Wheels: Security and Privacy for Vehicular Communication Systems

Condensed Cryptographic Currencies Crash Course (C5)

Introduction to Credit Networks: Security, Privacy, and Applications

On the Security and Scalability of Bitcoin's Blockchain

Privacy and Security in the Genomic Era

Adversarial Data Mining: Big Data Meets Cyber Security

WORKSHOP SESSION: Pre-Conference Workshops co-located with CCS 2016

MTD 2016: Third ACM Workshop on Moving Target Defense

PLAS'16: ACM SIGPLAN 11th Workshop on Programming Languages and Analysis for Security

SafeConfig'16: Testing and Evaluation for Active and Resilient Cyber Systems

Sixth Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM 2016)

Theory of Implementation Security Workshop (TIs 2016)

WISCS'16: The 3rd ACM Workshop on Information Sharing and Collaborative Security

15th Workshop on Privacy in the Electronic Society (WPES 2016)

WORKSHOP SESSION: Post-Conference Workshops co-located with CCS 2016

9th International Workshop on Artificial Intelligence and Security: AISec 2016

CCSW'16: 8th ACM Cloud Computing Security Workshop

Second Workshop on Cyber-Physical Systems Security and PrivaCy (CPS-SPC'16)

2nd International Workshop on Software Protection: SPRO 2016

Sixth International Workshop on Trustworthy Embedded Devices (TrustED 2016)

MIST 2016: 8th International Workshop on Managing Insider Security Threats