CCS 2017 Program (PDF)

CCS 2017 Program Overview (PDF)


Sheraton Dallas Floorplans

Agenda

Monday (October 30th, 2017) — Pre-Conference Workshops

Tuesday (October 31st, 2017) — CCS Main Conference

Wednesday(November 1st, 2017) — CCS Main Conference

Thursday (November 2nd, 2017) — CCS Main Conference

Friday (November 3rd, 2017) — Post-Conference Workshops





Pre-Conference Workshops on Monday, October 30th, 2017 (07:30-6:00)

Time Multimedia Privacy and Security
(MPS)

Dallas Ballroom A1
Workshop on Privacy in the Electronic Society
(WPES)

Dallas Ballroom A2
Moving Target Defense
(MTD)

Dallas Ballroom A3
Managing Insider Security Threats
(MIST)

Dallas Ballroom D1
Programming Languages and Analysis for Security
(PLAS)

Dallas Ballroom D2
Theory and Practice of Differential Privacy
(TPDP)

Dallas Ballroom D3
Women in Cyber Security
(CyberW)

Austin Ballroom 1
07:30-09:00 Breakfast & Registration
9:00-10:00 MPS WPES MTD MIST PLAS TPDP CyberW
10:00-10:45 Break
10:45-12:00 MPS WPES MTD MIST PLAS TPDP CyberW
12:00-2:00 Lunch Break
2:00-3:00 MPS WPES MTD MIST PLAS TPDP CyberW
3:00-3:45 Break
3:45-6:00 MPS WPES MTD MIST PLAS TPDP CyberW



CCS Main Conference on Tuesday, October 31st, 2017

Room
Time
Dallas Ballroom A1 Dallas Ballroom A2 Dallas Ballroom A3 Dallas Ballroom D1 Dallas Ballroom D2 Dallas Ballroom D3
07:30-09:00 Breakfast & Registration
09:00-9:15 Dallas Ballroom BC
Chairs' Welcome
09:15-10:30 Keynote by Prof. David Wagner (UC Berkeley) "Security and Machine Learning"
10:30-10:45 Coffee Break
10:45-12:15 1A: Multi-Party Computation 1 2A: Human Authentication 3A: Adversarial Machine Learning 4A: Browsers 5A: Cryptocurrency Tutorial
[10:45–12:15]
Session chair: Marcel Keller Session chair: Jeremiah Blocki Session chair: Saman Zonouz Session chair: Joseph Calandrino Session chair: Aniket Kate
DUPLO: Unifying Cut-and-Choose for Garbled Circuits
Vladimir Kolesnikov (Bell Labs); Jesper Buus Nielsen (Aarhus University); Mike Rosulek and Ni Trieu (Oregon State University); Roberto Trifiletti (Aarhus University) [Paper] [Artifact]
Hearing Your Voice Is Not Enough: An Articulatory Gesture Based Liveness Detection for Voice Authentication
Linghan Zhang, Sheng Tan, and Jie Yang (Florida State University)
Evading Classifiers by Morphing in the Dark
Hung Dang, Yue Huang, and Ee-Chien Chang (National University of Singapore)
Hindsight: Understanding the Evolution of UI Vulnerabilities in Mobile Browsers
Meng Luo, Oleksii Starov, Nima Honarmand, and Nick Nikiforakis (Stony Brook University)
Be Selfish and Avoid Dilemmas: Fork After Withholding (FAW) Attacks on Bitcoin
Yujin Kwon, Dohyun Kim, and Yunmok Son (KAIST); Eugene Vasserman (Kansas State University); Yongdae Kim (KAIST) [Paper] [Artifact]
Cache Side Channels: State-of-the-Art and Research Opportunities
Yinqian Zhang (Ohio State University)
Authenticated Garbling and Efficient Maliciously Secure Two-Party Computation
Xiao Wang (University of Maryland); Samuel Ranellucci (University of Maryland/George Mason University); Jonathan Katz (University of Maryland) [Paper] [Artifact]
VibWrite: Towards Finger-input Authentication on Ubiquitous Surfaces via Physical Vibration
Jian Liu, Chen Wang, and Yingying Chen (Rutgers University); Nitesh Saxena (University of Alabama at Birmingham)
MagNet: a Two-Pronged Defense against Adversarial Examples
Dongyu Meng (ShanghaiTech University); Hao Chen (University of California, Davis) [Paper] [Artifact]
Deterministic Browser
Yinzhi Cao, Zhanhao Chen, Song Li, and Shujiang Wu (Lehigh University) [Paper] [Artifact]
Betrayal, Distrust, and Rationality: Smart Counter-Collusion Contracts for Verifiable Cloud Computing
Changyu Dong, Yilei Wang, Amjad Aldweesh, Patrick McCorry, and Aad van Moorsel (Newcastle University) [Paper] [Artifact]
Global-Scale Secure Multiparty Computation
Xiao Wang (University of Maryland); Samuel Ranellucci (University of Maryland/George Mason University); Jonathan Katz (University of Maryland) [Paper] [Artifact]
Presence Attestation: The Missing Link In Dynamic Trust Bootstrapping
Zhangkai Zhang (Beihang University); Xuhua Ding (Singapore Management University); Gene Tsudik (University of California, Irvine); Jinhua Cui (Singapore Management University); Zhoujun Li (Beihang University)
DolphinAttack: Inaudible Voice Commands
Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang, Taimin Zhang, and Wenyuan Xu (Zhejiang University) [Paper] [Artifact]
Most Websites Don't Need to Vibrate: A Cost-Benefit Approach to Improving Browser Security
Peter Snyder, Cynthia Taylor, and Chris Kanich (University of Illinois at Chicago) [Paper] [Artifact]
Zero-Knowledge Contingent Payments Revisited: Attacks and Payments for Services
Matteo Campanelli and Rosario Gennaro (City College of New York); Steven Goldfeder (Princeton University); Luca Nizzardo (IMDEA Software Institute and Universidad Politécnica de Madrid) [Paper] [Artifact]
12:15-1:45 Lunch Break
1:45-3:15 1B: Multi-Party Computation 2 2B: Passwords 3B: Investigating Attacks 4B: Privacy Policies 5B: Blockchains Tutorial
[1:45–5:00]
Session chair: Samee Zahur Session chair: Hamed Okhravi Session chair: Georgios Portokalidis Session chair: Michael Hicks Session chair: Christina Garman
Pool: Scalable On-Demand Secure Computation Service Against Malicious Adversaries
Ruiyu Zhu and Yan Huang (Indiana University); Darion Cassel (Carnegie Mellon University)
Let's go in for a closer look: Observing passwords in their natural habitat
Sarah Pearman, Jeremy Thomas, Pardis Emami Naeini, Hana Habib, Lujo Bauer, Nicolas Christin, and Lorrie Faith Cranor (Carnegie Mellon University); Serge Egelman (University of California, Berkeley); Alain Forget (Google)
Rise of the HaCRS: Augmenting Autonomous Cyber Reasoning Systems with Human Assistance
Yan Shoshitaishvili (Arizona State University); Michael Weissbacher (Northeastern University); Lukas Dresel, Christopher Salls, Ruoyu Wang, Christopher Kruegel, and Giovanni Vigna (University of California, Santa Barbara)
Synthesis of Probabilistic Privacy Enforcement
Martin Kucera, Petar Tsankov, Timon Gehr, Marco Guarnieri, and Martin Vechev (ETH Zürich)
Revive: Rebalancing Off-Blockchain Payment Networks
Rami Khalil and Arthur Gervais (ETH Zürich)
Cliptography: Post-Snowden Cryptography
Qiang Tang (New Jersey Institute of Technology), Moti Yung (Snap, Inc./Columbia University)
A Framework for Constructing Fast MPC over Arithmetic Circuits with Malicious Adversaries and an Honest-Majority
Yehuda Lindell and Ariel Nof (Bar-Ilan University) [Paper] [Artifact]
Why Do Developers Get Password Storage Wrong? A Qualitative Usability Study
Alena Naiakshina, Anastasia Danilova, Christian Tiefenau, Marco Herzog, Sergej Dechand, and Matthew Smith (University of Bonn) [Paper] [Artifact]
Neural Network-based Graph Embedding for Cross-Platform Binary Code Similarity Detection
Xiaojun Xu (Shanghai Jiao Tong University); Chang Liu (University of California, Berkeley); Qian Feng (Samsung Research America); Heng Yin (University of California, Riverside); Le Song (Georgia Institute of Technology); Dawn Song (University of California, Berkeley) [Paper] [Artifact]
A Type System for Privacy Properties
Véronique Cortier (Loria, CNRS/Inria); Niklas Grimm (TU Wien); Joseph Lallemand (Loria, CNRS/Inria); Matteo Maffei (TU Wien) [Paper] [Artifact]
Concurrency and Privacy with Payment-Channel Networks
Giulio Malavolta (Friedrich-Alexander University Erlangen Nuernberg); Pedro Moreno-Sanchez and Aniket Kate (Purdue University); Matteo Maffei (TU Wien); Srivatsan Ravi (University of Southern California) [Paper] [Artifact]
Efficient, Constant-Round and Actively Secure MPC: Beyond the Three-Party Case
Nishanth Chandran (Microsoft Research India); Juan Garay (Texas A&M University); Payman Mohassel (Visa Research); Satyanarayana Vusirikala (Microsoft Research India) [Paper] [Artifact]
The TypTop System: Personalized Typo-tolerant Password Checking
Rahul Chatterjee (Cornell Tech); Joanne Woodage (Royal Holloway, University of London); Yuval Pnueli (Technion - Israel Institute of Technology); Anusha Chowdhury (Cornell University); Thomas Ristenpart (Cornell Tech) [Paper] [Artifact]
RAIN: Refinable Attack Investigation with On-demand Inter-Process Information Flow Tracking
Yang Ji, Sangho Lee, Evan Downing, Weiren Wang, Mattia Fazzini, Taesoo Kim, Alessandro Orso, and Wenke Lee (Georgia Institute of Technology)
Generating Synthetic Decentralized Social Graphs with Local Differential Privacy
Zhan Qin (State University of New York at Buffalo); Yin Yang (College of Science and Engineering, Hamad Bin Khalifa University); Ting Yu (Qatar Computing Research Institute, Hamad Bin Khalifa University); Xiaokui Xiao (Nanyang Technological University); Issa Khalil (Qatar Computing Research Institute, Hamad Bin Khalifa University); Kui Ren (State University of New York at Buffalo)
Bolt: Anonymous Payment Channels for Decentralized Currencies
Matthew Green and Ian Miers (Johns Hopkins University)
3:15-3:45 Coffee Break
3:45-5:15 1C: Oblivious RAM 2C: World Wide Web of Wickedness 3C: Machine Learning Privacy 4C: From Verification to ABE 5C: Using Blockchains Tutorial
[1:45–5:00]
Session chair: Yan Huang Session chair: Gianluca Stringhini Session chair: Aylin Caliskan Session chair: Shai Halevi Session chair: Nicolas Christin
S3ORAM: A Computation-Efficient and Constant Client Bandwidth Blowup ORAM with Shamir Secret Sharing
Thang Hoang, Ceyhun D. Ozkaptan, and Attila A. Yavuz (Oregon State University); Jorge Guajardo (Robert Bosch Research and Technology Center); Tam Nguyen (Oregon State University) [Paper] [Artifact]
Don't Let One Rotten Apple Spoil the Whole Barrel: Towards Automated Detection of Shadowed Domains
Daiping Liu (University of Delaware); Zhou Li (ACM Member); Kun Du (Tsinghua University); Haining Wang (University of Delaware); Baojun Liu and Haixin Duan (Tsinghua University)
Machine Learning Models that Remember Too Much
Congzheng Song (Cornell University); Thomas Ristenpart and Vitaly Shmatikov (Cornell Tech)
Verifying Security Policies in Multi-agent Workflows with Loops
Bernd Finkbeiner (CISPA, Saarland University); Christian Müller, Helmut Seidl, and Eugen Zalinescu (Technische Universität München) [Paper] [Artifact]
Practical UC-Secure Delegatable Credentials with Attributes and Their Application to Blockchain
Jan Camenisch (IBM Research - Zürich); Manu Drijvers (IBM Research - Zürich/ETH Zürich); Maria Dubovitskaya (IBM Research - Zürich)
Cliptography: Post-Snowden Cryptography
Qiang Tang (New Jersey Institute of Technology), Moti Yung (Snap. Inc,/Columbia University)
Deterministic, Stash-Free Write-Only ORAM
Daniel S. Roche, Adam J. Aviv, Seung Geol Choi, and Travis Mayberry (United States Naval Academy) [Paper] [Artifact]
Herding Vulnerable Cats: A Statistical Approach to Disentangle Joint Responsibility for Web Security in Shared Hosting
Samaneh Tajalizadehkhoob (Delft University of Technology); Tom van Goethem (KU Leuven, imec-DistriNet); Maciej Korczyński and Arman Noroozian (Delft University of Technology); Rainer Böhme (Innsbruck University); Tyler Moore (The University of Tulsa); Wouter Joosen (KU Leuven, imec-DistriNet); Michel van Eeten (Delft University of Technology) [Paper] [Artifact]
Deep Models Under the GAN: Information Leakage from Collaborative Deep Learning
Briland Hitaj, Giuseppe Ateniese, and Fernando Perez-Cruz (Stevens Institute of Technology) [Paper] [Artifact]
Attribute-Based Encryption in the Generic Group Model: Automated Proofs and New Constructions
Miguel Ambrona (IMDEA Software Institute/Universidad Politécnica de Madrid); Gilles Barthe (IMDEA Software Institute); Romain Gay and Hoeteck Wee (ENS, Paris)
Solidus: Confidential Distributed Ledger Transactions via PVORM
Ethan Cecchetti and Fan Zhang (Cornell University); Yan Ji (Cornell University); Ahmed Kosba (University of Maryland); Ari Juels (Cornell Tech, Jacobs Institute); Elaine Shi (Cornell University) [Paper] [Artifact]
Scaling ORAM for Secure Computation
Jack Doerner and abhi shelat (Northeastern University) [Paper] [Artifact]
Hiding in Plain Sight: A Longitudinal Study of Combosquatting Abuse
Panagiotis Kintis (Georgia Institute of Technology); Najmeh Miramirkhani (Stony Brook University); Charles Lever, Yizheng Chen, and Rosa Romero-Gómez (Georgia Institute of Technology); Nikolaos Pitropakis (London South Bank University); Nick Nikiforakis (Stony Brook University); Manos Antonakakis (Georgia Institute of Technology) [Paper] [Artifact]
Oblivious Neural Network Predictions via MiniONN transformations
Jian Liu, Mika Juuti, Yao Lu, and N. Asokan (Aalto University) [Paper] [Artifact]
FAME: Fast Attribute-based Message Encryption
Shashank Agrawal (Visa Research); Melissa Chase (Microsoft Research) [Paper] [Artifact]
Fairness in an Unfair World: Fair Multiparty Computation from Public Bulletin Boards
Arka Rai Choudhuri, Matthew Green, Abhishek Jain, Gabriel Kaptchuk, and Ian Miers (Johns Hopkins University)
5:15-6:00 Break
6:00-8:00 Welcome Reception & Poster Session



CCS Main Conference on Wednesday, November 1st, 2017

Room
Time
Dallas Ballroom A1 Dallas Ballroom A2 Dallas Ballroom A3 Dallas Ballroom D1 Dallas Ballroom D2 Dallas Ballroom D3
07:30-09:00 Breakfast & Registration
9:00-10:30 1D: Functional Encryption and Obfuscation 2D: Vulnerable Mobile Apps 3D: Logical Side Channels 4D: Crypto Primitives 5D: Network Security Tutorial
[9:00–10:30]
Session chair: Tal Malkin Session chair: Yao Liu Session chair: Mohit Tiwari Session chair: abhi shelat Session chair: Yuan Tian
5Gen-C: Multi-input Functional Encryption and Program Obfuscation for Arithmetic Circuits
Brent Carmer (Oregon State University/Galois, Inc.); Alex J. Malozemoff (Galois$ Inc.); Mariana Raykova (Yale University)
AUTHSCOPE: Towards Automatic Discovery of Vulnerable Access Control in Online Services
Chaoshun Zuo, Qingchuan Zhao, and Zhiqiang Lin (University of Texas at Dallas)
May the Fourth Be With You: A Microarchitectural Side Channel Attack on Several Real-World Applications of Curve25519
Daniel Genkin (University of Pennsylvania/University of Maryland); Luke Valenta (University of Pennsylvania); Yuval Yarom (University of Adelaide/Data61) [Paper] [Artifact]
Better Than Advertised: Improved Collision-Resistance Guarantees for MD-Based Hash Functions
Mihir Bellare, Joseph Jaeger, and Julia Len (University of California, San Diego)
Client-side Name Collision Vulnerability in the New gTLD Era: A Systematic Study
Qi Alfred Chen (University of Michigan); Matthew Thomas and Eric Osterweil (Verisign Labs); Yulong Cao, Jie You, and Z. Morley Mao (University of Michigan)
Iron: Functional Encryption using Intel SGX
Ben Fisch (Stanford University); Dhinakaran Vinayagamurthy (University of Waterloo); Dan Boneh (Stanford University); Sergey Gorbunov (University of Waterloo) [Paper] [Artifact]
Mass Discovery of Android Traffic Imprints through Instantiated Partial Execution
Yi Chen (University of Chinese Academy of Sciences); Wei You and Yeonjoon Lee (Indiana University); Kai Chen (University of Chinese Academy of Sciences); XiaoFeng Wang (Indiana University); Wei Zou (University of Chinese Academy of Sciences)
Stacco: Differentially Analyzing Side-Channel Traces for Detecting SSL/TLS Vulnerabilities in Secure Enclaves
Yuan Xiao, Mengyuan Li, Sanchuan Chen, and Yinqian Zhang (The Ohio State University) [Paper] [Artifact]
Generic Semantic Security against a Kleptographic Adversary
Alexander Russell (University of Connecticut); Qiang Tang (New Jersey Institute of Technology); Moti Yung (Snap, Inc./Columbia University); Hong-Sheng Zhou (Virginia Commonwealth University)
The Wolf of Name Street: Hijacking Domains Through Their Nameservers
Thomas Vissers (KU Leuven, imec-DistriNet); Timothy Barron (Stony Brook University); Tom Van Goethem and Wouter Joosen (KU Leuven, imec-DistriNet); Nick Nikiforakis (Stony Brook University) [Paper] [Artifact]
Implementing BP-Obfuscation Using Graph-Induced Encoding
Shai Halevi and Tzipora Halevi (IBM); Victor Shoup (IBM and New York University); Noah Stephens-Davidowitz (New York University) [Paper] [Artifact]
Unleashing the Walking Dead: Understanding Cross-App Remote Infections on Mobile WebViews
Tongxin Li (Peking University); Xueqiang Wang (Indiana University); Mingming Zha and Kai Chen (Chinese Academy of Sciences); XiaoFeng Wang and Luyi Xing (Indiana University); Xiaolong Bai (Tsinghua University); Nan Zhang (Indiana University); Xinhui Han (Peking University)
Precise Detection of Side-Channel Vulnerabilities using Quantitative Cartesian Hoare Logic
Jia Chen, Yu Feng, and Isil Dillig (University of Texas at Austin)
Defending Against Key Exfiltration: Efficiency Improvements for Big-Key Cryptography via Large-Alphabet Subkey Prediction
Mihir Bellare and Wei Dai (University of California, San Diego)
Faulds: A Non-Parametric Iterative Classifier for Internet-Wide OS Fingerprinting
Zain Shamsi (Texas A&M University); Daren B.H. Cline and Dmitri Loguinov (Texas A&M University) [Paper] [Artifact]
10:30-11:00 Coffee Break
11:00-12:30 1E: Hardening Crypto 2E: Securing Mobile Apps 3E: Physical Side Channels 4E: Adversarial Social Networking 5E: Privacy-Preserving Analytics Tutorial
[11:00–12:30]
Session chair: Samee Zahur Session chair: Kyu Hyung Lee Session chair: Alvaro A. Cardenas Session chair: Hao Chen Session chair: Yinqian Zhang
T/Key: Second-Factor Authentication From Secure Hash Chains
Dmitry Kogan, Nathan Manohar, and Dan Boneh (Stanford University) [Paper] [Artifact]
The ART of App Compartmentalization: Compiler-based Library Privilege Separation on Stock Android
Jie Huang, Oliver Schranz, Sven Bugiel, and Michael Backes (CISPA, Saarland University)
Exploiting a Thermal Side Channel for Power Attacks in Multi-Tenant Data Centers
Mohammad A. Islam and Shaolei Ren (University of California, Riverside); Adam Wierman (California Institute of Technology)
Practical Attacks Against Graph-based Clustering
Yizheng Chen, Yacin Nadji, and Athanasios Kountouras (Georgia Institute of Technology); Fabian Monrose (University of North Carolina at Chapel Hill); Roberto Perdisci (University of Georgia); Manos Antonakakis (Georgia Institute of Technology); Nikolaos Vasiloglou (Symantec) [Paper] [Artifact]
Practical Secure Aggregation for Privacy-Preserving Machine Learning
Keith Bonawitz, Vladimir Ivanov, and Ben Kreuter (Google); Antonio Marcedone (Cornell University); H. Brendan McMahan, Sarvar Patel, Daniel Ramage, Aaron Segal, and Karn Seth (Google) [Paper] [Artifact]
Practical Graphs for Optimal Side-Channel Resistant Memory-Hard Functions
Joel Alwen (IST Austria); Jeremiah Blocki and Ben Harsha (Purdue University) [Paper] [Artifact]
Vulnerable Implicit Service: A Revisit
Lingguang Lei (Chinese Academy of Sciences, Institute of Information Engineering/George Mason University); Yi He (Tsinghua University); Kun Sun (George Mason University); Jiwu Jing and Yuewu Wang (Chinese Academy of Sciences, Institute of Information Engineering); Qi Li (Tsinghua University); Jian Weng (Jinan University)
Watch Me, but Don't Touch Me! Contactless Control Flow Monitoring via Electromagnetic Emanations
Yi Han, Sriharsha Etigowni, Hua Liu, Saman Zonouz, and Athina Petropulu (Rutgers University) [Paper] [Artifact]
Automated Crowdturfing Attacks and Defenses in Online Review Systems
Yuanshun Yao, Bimal Viswanath, Jenna Cryan, Haitao Zheng, and Ben Y. Zhao (University of Chicago) [Paper] [Artifact]
Use Privacy in Data-Driven Systems: Theory and Experiments with Machine Learnt Programs
Anupam Datta, Matthew Fredrikson, Gihyuk Ko, Piotr Mardziel, and Shayak Sen (Carnegie Mellon University) [Paper] [Artifact]
Better Bounds for Block Cipher Modes of Operation via Nonce-Based Key Derivation
Shay Gueron (Haifa University/AWS); Yehuda Lindell (Bar-Ilan University) [Paper] [Artifact]
A Stitch in Time: Supporting Android Developers in Writing Secure Code
Duc Cuong Nguyen (CISPA, Saarland University); Dominik Wermke (Leibniz University Hannover); Yasemin Acar (Leibniz University Hannover); Michael Backes (CISPA, Saarland University); Charles Weir (Security Lancaster, Lancaster University); Sascha Fahl (Leibniz University Hannover)
Viden: Attacker Identification on In-Vehicle Networks
Kyong-Tak Cho and Kang G. Shin (University of Michigan) [Paper] [Artifact]
POISED: Spotting Twitter Spam Off the Beaten Paths
Shirin Nilizadeh (University of California, Santa Barbara); François Labrèche (École Polytechnique de Montréal); Alireza Sadighian (École Polytechnique de Montréal); Ali Zand (University of California, Santa Barbara); José Fernandez (École Polytechnique de Montréal); Christopher Kruegel (University of California, Santa Barbara); Gianluca Stringhini (University College London); Giovanni Vigna (University of California, Santa Barbara) [Paper] [Artifact]
A Practical Encrypted Data Analytic Framework With Trusted Processors
Fahad Shaon, Murat Kantarcioglu, Zhiqiang Lin, and Latifur Khan (University of Texas at Dallas)
12:30-2:00 Lunch Break
2:00-3:30 1F: Private Set Intersection 2F: Insights from Log(in)s 3F: Crypto Pitfalls 4F: Private Queries 5F: Understanding Security Fails Tutorial
[2:00–5:00]
Session chair: XiaoFeng Wang Session chair: Trent Jaeger Session chair: Guanhua Yan Session chair: Amir Houmansadr Session chair: Nick Nikiforakis
Malicious-Secure Private Set Intersection via Dual Execution
Peter Rindal and Mike Rosulek (Oregon State University) [Paper] [Artifact]
Detecting Structurally Anomalous Logins Within Enterprise Networks
Hossein Siadati and Nasir Memon (New York University)
Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2
Mathy Vanhoef and Frank Piessens (KU Leuven, imec-DistriNet)
Querying for Queries: Indexes of Queries for Efficient and Expressive IT-PIR
Syed Mahbub Hafiz and Ryan Henry (Indiana University) [Paper] [Artifact]
Where the Wild Warnings Are: Root Causes of Chrome HTTPS Certificate Errors
Mustafa Emre Acer, Emily Stark, and Adrienne Porter Felt (Google); Sascha Fahl (Leibniz University Hannover); Radhika Bhargava (Purdue University); Bhanu Dev (International Institute of Information Technology Hyderabad); Matt Braithwaite, Ryan Sleevi, and Parisa Tabriz (Google)
Adversarial Data Mining: Big Data Meets Cyber Security
Murat Kantarcioglu (University of Texas at Dallas)
Fast Private Set Intersection from Homomorphic Encryption
Hao Chen and Kim Laine (Microsoft Research); Peter Rindal (Oregon State University) [Paper] [Artifact]
DeepLog: Anomaly Detection and Diagnosis from System Logs through Deep Learning
Min Du, Feifei Li, Guineng Zheng, and Vivek Srikumar (University of Utah)
CCCP: Closed Caption Crypto Phones to Resist MITM Attacks, Human Errors and Click-Through
Maliheh Shirvanian and Nitesh Saxena (University of Alabama at Birmingham)
PeGaSus: Data-Adaptive Differentially Private Stream Processing
Yan Chen and Ashwin Machanavajjhala (Duke University); Michael Hay (Colgate University); Gerome Miklau (University of Massachusetts Amherst)
Data breaches, phishing, or malware? Understanding the risks of stolen credentials
Kurt Thomas (Google); Frank Li (University of California, Berkeley); Ali Zand, Jake Barrett, Juri Ranieri, Luca Invernizzi, Yarik Markov, Oxana Comanescu, Vijay Eranti, Angelika Moscicki, and Dan Margolis (Google); Vern Paxson (University of California, Berkeley); Elie Bursztein (Google)
Practical Multi-party Private Set Intersection from Symmetric-Key Techniques
Vladimir Kolesnikov (Bell Labs); Naor Matania and Benny Pinkas (Bar-Ilan University); Mike Rosulek and Ni Trieu (Oregon State University) [Paper] [Artifact]
Predicting the Risk of Cyber Incidents
Leyla Bilge, Yufei Han, and Matteo Dell'Amico (Symantec Research Labs)
No-Match Attacks and Robust Partnering Definitions — Defining Trivial Attacks for Security Protocols is Not Trivial
Yong Li (Huawei Technologies Düsseldorf); Sven Schäge (Ruhr-Universität Bochum) [Paper] [Artifact]
Composing Differential Privacy and Secure Computation: A case study on scaling private record linkage
Xi He and Ashwin Machanavajjhala (Duke University); Cheryl Flynn and Divesh Srivastava (AT&T Labs-Research) [Paper] [Artifact]
Certified Malware: Measuring Breaches of Trust in the Windows Code-Signing PKI
Doowon Kim, Bum Jun Kwon, and Tudor Dumitraş (University of Maryland)
3:30-4:00 Coffee Break
4:00-5:00 1G: Searchable Encryption 2G: Bug-Hunting Risks and Rewards 3G: Crypto Standards 4G: Voting 5G: Hardening Hardware Tutorial
[2:00–5:00]
Session chair: Mariana Raykova Session chair: Mathias Payer Session chair: Shai Halevi Session chair: Marcel Keller Session chair: Haining Wang
Forward Secure Dynamic Searchable Symmetric Encryption with Efficient Updates
Kee Sung Kim, Minkyu Kim, Dongsoo Lee, Je Hong Park, and Woo-Hwan Kim (National Security Research Institute)
Economic Factors of Vulnerability Trade and Exploitation: Empirical evidence from a prominent Russian cybercrime market
Luca Allodi (Eindhoven University of Technology) [Paper] [Artifact]
Identity-Based Format-Preserving Encryption
Mihir Bellare (University of California, San Diego); Viet Tung Hoang (Florida State University)
New Techniques for Structural Batch Verification in Bilinear Groups with Applications to Groth-Sahai Proofs
Gottfried Herold (ENS Lyon); Max Hoffmann (Ruhr-Universität Bochum); Michael Klooß (Karlsruhe Institute of Technology); Carla Ràfols (UPF Barcelona); Andy Rupp (Karlsruhe Institute of Technology) [Paper] [Artifact]
A Touch of Evil: High-Assurance Cryptographic Hardware from Untrusted Components
Vasilios Mavroudis and Andrea Cerulli (University College London); Petr Svenda (Masaryk University); Dan Cvrcek and Dusan Klinec (EnigmaBridge); George Danezis (University College London)
Adversarial Data Mining: Big Data Meets Cyber Security
Murat Kantarcioglu (University of Texas at Dallas)
Forward and Backward Private Searchable Encryption from Constrained Cryptographic Primitives
Raphael Bost (Direction Générale de l'Armement - Maitrise de l'Information/Université de Rennes 1); Brice Minaud (Royal Holloway, University of London); Olga Ohrimenko (Microsoft Research, Cambridge) [Paper] [Artifact]
Quantifying the Pressure of Legal Risks on Third-party Vulnerability Research
Alexander Gamero-Garrido, Stefan Savage, Kirill Levchenko, and Alex C. Snoeren (University of California, San Diego) [Paper] [Artifact]
Standardizing Bad Cryptographic Practice - A teardown of the IEEE standard for protecting electronic-design intellectual property
Animesh Chhotaray, Adib Nahiyan, Thomas Shrimpton, Domenic J Forte, and Mark Tehranipoor (University of Florida)
Practical Quantum-Safe Voting from Lattices
Rafael del Pino, Vadim Lyubashevsky, Gregory Neven, and Gregor Seiler (IBM Research - Zürich)
Provably-Secure Logic Locking: From Theory To Practice
Muhammad Yasin, Abhrajit Sengupta, Mohammed Thari Nabeel, Mohammed Ashraf (New York University); Jeyavijayan JV Rajendran (University of Texas at Dallas); Ozgur Sinanoglu (New York University)
5:00-5:15 Break
5:15-6:45 Dallas Ballroom BC
Panel
6:45-7:00 Break
7:00-9:00 Award Ceremony & Banquet



CCS Main Conference on Thursday, November 2nd, 2017

Room
Time
Dallas Ballroom A1 Dallas Ballroom A2 Dallas Ballroom A3 Dallas Ballroom D1 Dallas Ballroom D2 Dallas Ballroom D3
07:30-09:00 Breakfast & Registration
09:00-10:30 1H: Crypto Attacks 2H: Code Reuse Attacks 3H: Web Security 4H: Formal Verification Tutorial
[9:00–12:30]
Session chair: Daniel Genkin Session chair: Hovav Shacham Session chair: Suman Jana Session chair: Dinghao Wu
The Return of Coppersmith's Attack: Practical Factorization of Widely Used RSA Moduli
Matus Nemec (Masaryk University/Ca' Foscari University of Venice); Marek Sys and Petr Svenda (Masaryk University); Dusan Klinec (Masaryk University/EnigmaBridge); Vashek Matyas (Masaryk University)
The Dynamics of Innocent Flesh on the Bone: Code Reuse Ten Years Later
Victor van der Veen, Dennis Andriesse, Manolis Stamatogiannakis (Vrije Universiteit Amsterdam); Xi Chen (Vrije Universiteit Amsterdam/Microsoft); Herbert Bos, and Cristiano Giuffrida (Vrije Universiteit Amsterdam) [Paper] [Artifact]
Rewriting History: Changing the Archived Web from the Present
Ada Lerner (Wellesley College); Tadayoshi Kohno, and Franziska Roesner (University of Washington)
A Comprehensive Symbolic Analysis of TLS 1.3
Cas Cremers (University of Oxford); Marko Horvat (The Max Planck Institute For Software Systems); Jonathan Hoyland, Sam Scott, and Thyla van der Merwe (Royal Holloway, University of London) [Paper] [Artifact]
SGX Security and Privacy
Taesoo Kim (Georgia Tech), Zhiqiang Lin (UT Dallas), Chia-Che Tsai (UC Berkeley/Texas A&M University)
Algorithm Substitution Attacks from a Steganographic Perspective
Sebastian Berndt and Maciej Liskiewicz (University of Luebeck) [Paper] [Artifact]
Capturing Malware Propagations with Code Injections and Code-Reuse attacks
David Korczynski (University of Oxford); Heng Yin (University of California, Riverside)
Deemon: Detecting CSRF with Dynamic Analysis and Property Graphs
Giancarlo Pellegrino (CISPA, Saarland University); Martin Johns (SAP SE); Simon Koch, Michael Backes, and Christian Rossow (CISPA, Saarland University) [Paper] [Artifact]
HACL*: A Verified Modern Cryptographic Library
Jean-Karim Zinzindohoué(Inria Paris); Karthikeyan Bhargavan (Inria Paris); Jonathan Protzenko (Microsoft Research); Benjamin Beurdouche (Inria Paris) [Paper] [Artifact]
On the Power of Optical Contactless Probing: Attacking Bitstream Encryption of FPGAs
Shahin Tajik, Heiko Lohrke, Jean-Pierre Seifert, and Christian Boit (Technische Universität Berlin) [Paper] [Artifact]
Code-reuse attacks for the Web: Breaking Cross-Site Scripting Mitigations via Script Gadgets
Sebastian Lekies and Krzysztof Kotowicz (Google); Samuel Groß (SAP SE); Eduardo Vela (Google); Martin Johns (SAP SE)
Tail Attacks on Web Applications
Huasong Shan and Qingyang Wang (Louisiana State University, Computer Science and Engineering Division); Calton Pu (Georgia Institute of Technology)
Jasmin: High-Assurance and High-Speed Cryptography
José Bacelar Almeida (HASLab -- INESC TEC/Universidade do Minho); Manuel Barbosa (HASLab -- INESC TEC/DCC FC Universidade do Porto); Gilles Barthe (IMDEA Software Institute); Arthur Blot (ENS Lyon); Benjamin Grégoire (Inria); Vincent Laporte (IMDEA Software Institute); Tiago Oliveira and Hugo Pacheco (HASLab -- INESC TEC/Universidade do Minho); Benedikt Schmidt (IMDEA Software Institute); Pierre-Yves Strub (Ecole Polytechnique)
10:30-11:00 Coffee Break
11:00-12:30 1I: Post-Quantum 2I: Information Flow 3I: Personal Privacy 4I: Verifying Crypto 5I: Communication Privacy Tutorial
[9:00–12:30]
Session chair: Fengwei Zhang Session chair: Heng Yin Session chair: David Kotz Session chair: Micah Sherr Session chair: Matthew Wright
Post-Quantum Zero-Knowledge and Signatures from Symmetric-Key Primitives
Melissa Chase (Microsoft Research); David Derler (Graz University of Technology); Steven Goldfeder (Princeton University); Claudio Orlandi (Aarhus University); Sebastian Ramacher (Graz University of Technology); Christian Rechberger (Graz University of Technology/Denmark Technical University); Daniel Slamanig (AIT Austrian Institute of Technology); Greg Zaverucha (Microsoft Research)
Nonmalleable Information Flow Control
Ethan Cecchetti and Andrew Myers (Cornell University); Owen Arden (University of California, Santa Cruz)
BBA+: Improving the Security and Applicability of Privacy-Preserving Point Collection
Gunnar Hartung (Karlsruhe Institute of Technology); Max Hoffmann (Ruhr-Universität Bochum); Matthias Nagel and Andy Rupp (Karlsruhe Institute of Technology)
Certified Verification of Algebraic Properties on Low-Level Mathematical Constructs in Cryptographic Programs
Ming-Hsien Tsai, Bow-Yaw Wang, and Bo-Yin Yang (Academia Sinica)
How Unique is Your .onion? An Analysis of the Fingerprintability of Tor Onion Services
Rebekah Overdorf (Drexel University); Marc Juarez and Gunes Acar (KU Leuven); Rachel Greenstadt (Drexel University); Claudia Diaz (KU Leuven)
SGX Security and Privacy
Taesoo Kim (Georgia Tech), Zhiqiang Lin (UT Dallas), Chia-Che Tsai (UC Berkeley/Texas A&M University)
To BLISS-B or not to be - Attacking strongSwan's Implementation of Post-Quantum Signatures
Peter Pessl (Graz University of Technology); Leon Groot Bruinderink (Technische Universiteit Eindhoven); Yuval Yarom (University of Adelaide/Data61) [Paper] [Artifact]
Cryptographically Secure Information Flow Control on Key-Value Stores
Lucas Waye, Pablo Buiras (Harvard University); Owen Arden (University of California, Santa Cruz); Alejandro Russo (Chalmers University of Technology); Stephen Chong (Harvard University) [Paper] [Artifact]
walk2friends: Inferring Social Links from Mobility Profiles
Michael Backes (CISPA, Saarland University); Mathias Humbert (Swiss Data Science Center, ETH/EPFL); Jun Pang (University of Luxembourg); Yang Zhang (CISPA, Saarland University) [Paper] [Artifact]
A Fast and Verified Software Stack for Secure Function Evaluation
José Bacelar Almeida (HASLab -- INESC TEC/Universidade do Minho); Manuel Barbosa (HASLab -- INESC TEC/DCC FC Universidade do Porto); Gilles Barthe (IMDEA Software Institute); François Dupressoir (University of Surrey); Benjamin Grégoire (INRIA Sophia-Antipolis); Vincent Laporte (IMDEA Software Institute); Vitor Pereira (HASLab -- INESC TEC/DCC FC Universidade do Porto) [Paper] [Artifact]
The Waterfall of Liberty: Decoy Routing Circumvention that Resists Routing Attacks
Milad Nasr, Hadi Zolfaghari, and Amir Houmansadr (University of Massachusetts Amherst)
Side-Channel Attacks on BLISS Lattice-Based Signatures: Exploiting Branch Tracing Against strongSwan and Electromagnetic Emanations in Microcontrollers
Thomas Espitau (UPMC); Pierre-Alain Fouque (Université de Rennes 1); Benoït Gérard (DGA.MI); Mehdi Tibouchi (NTT Secure Platform Laboratories) [Paper] [Artifact]
Object Flow Integrity
Wenhao Wang, Xiaoyang Xu, and Kevin Hamlen (University of Texas at Dallas)
Back to the drawing board: Revisiting the design of optimal location privacy-preserving mechanisms
Simon Oya (University of Vigo); Carmela Troncoso (IMDEA Software Institute); Fernando Pérez-González (University of Vigo) [Paper] [Artifact]
Verified Correctness and Security of mbedTLS HMAC-DRBG
Katherine Q. Ye (Princeton University/Carnegie Mellon University); Matthew Green (Johns Hopkins University); Naphat Sanguansin and Lennart Beringer (Princeton University); Adam Petcher (Oracle); Andrew W. Appel (Princeton University) [Paper] [Artifact]
Compressive Traffic Analysis: A New Paradigm for Scalable Traffic Analysis
Milad Nasr, Amir Houmansadr, and Arya Mazumdar (University of Massachusetts Amherst) [Paper] [Artifact]
12:30-2:00 Lunch Break
2:00-3:30 1J: Outsourcing 2J: Fun with Fuzzing 3J: Problematic Patches 4J: Flash Security Tutorial
[2:00–5:00]
Session chair: Daniel Genkin Session chair: Byoungyoung Lee Session chair: Xinyu Xing Session chair: Taesoo Kim
Full accounting for verifiable outsourcing
Riad S. Wahby (Stanford University); Ye Ji (New York University); Andrew J. Blumberg (University of Texas at Austin); abhi shelat (Northeastern University); Justin Thaler (Georgetown University); Michael Walfish and Thomas Wies (New York University) [Paper] [Artifact]
DIFUZE:Interface Aware Fuzzing for Kernel Drivers
Jake Corina, Aravind Machiry, Christopher Salls (University of California, Santa Barbara); Yan Shoshitaishvili (Arizona State University); Shuang Hao (University of Texas at Dallas); Christopher Kruegel, and Giovanni Vigna (University of California, Santa Barbara)
Checking Open-Source License Violation and 1-day Security Risk at Large Scale
Ruian Duan, Ashish Bijlani, Meng Xu, Taesoo Kim, and Wenke Lee (Georgia Institute of Technology)
DEFTL: Implementing Plausibly Deniable Encryption in Flash Translation Layer
Shijie Jia and Luning Xia (Chinese Academy of Sciences, Institute of Information Engineering); Bo Chen (Michigan Technological University); Peng Liu (The Pennsylvania State University, College of Information Sciences and Technology)
Private Information Retrieval
Ryan Henry (Indiana University)
Ligero: Lightweight Sublinear Arguments Without a Trusted Setup
Scott Ames (University of Rochester); Carmit Hazay (Bar-Ilan University); Yuval Ishai (Technion/University of California, Los Angeles); Muthuramakrishnan Venkitasubramaniam (University of Rochester)
SemFuzz: Semantics-based Automatic Generation of Proof-of-Concept Exploits
Wei You (Indiana University); Peiyuan Zong and Kai Chen (Chinese Academy of Sciences, Institute of Information Engineering); XiaoFeng Wang (Indiana University); Xiaojing Liao (William and Mary); Pan Bian and Bin Liang (Renmin University of China)
Keep me Updated: An Empirical Study of Third-Party Library Updatability on Android
Erik Derr, Sven Bugiel (CISPA, Saarland University); Sascha Fahl (Leibniz University Hannover); Yasemin Acar (Leibniz University Hannover); Michael Backes (CISPA, Saarland University) [Paper] [Artifact]
FlashGuard: Leveraging Intrinsic Flash Properties to Defend Against Encryption Ransomware
Jian Huang (Georgia Institute of Technology); Jun Xu,Xinyu Xing, and Peng Liu (The Pennsylvania State University); Moinuddin K. Qureshi (Georgia Institute of Technology)
Homomorphic Secret Sharing: Optimizations and Applications
Elette Boyle (IDC Herzliya); Geoffroy Couteau (ENS, Paris); Niv Gilboa (Ben Gurion University); Yuval Ishai (Technion/University of California, Los Angeles); Michele Orru (ENS, Paris)
SlowFuzz: Automated Domain-Independent Detection of Algorithmic Complexity Vulnerabilities
Theofilos Petsios, Jason Zhao, Angelos D. Keromytis, and Suman Jana (Columbia University) [Paper] [Artifact]
A Large-Scale Empirical Study of Security Patches
Frank Li and Vern Paxson (University of California, Berkeley)
FirmUSB: Vetting USB Device Firmware using Domain Informed Symbolic Execution
Grant Hernandez, Farhaan Fowze, Dave Jing Tian, Tuba Yavuz, and Kevin Butler (University of Florida) [Paper] [Artifact]
3:30-4:00 Coffee Break
4:00-5:30 1K: Secure Computation 2K: Fuzzing Finer and Faster 3K: Program Analysis 4K: Secure Enclaves Tutorial
[2:00–5:00]
Session chair: Stefan Katzenbeisser Session chair: Wil Robertson Session chair: Wenke Lee Session chair: Alex Malozemoff
TinyOLE: Efficient Actively Secure Two-Party Computation from Oblivious Linear Function Evaluation
Nico Döttling (University of California, Berkeley); Satrajit Ghosh, Jesper Buus Nielsen, Tobias Nilges, and Roberto Trifiletti (Aarhus University)
Designing New Operating Primitives to Improve Fuzzing Performance
Wen Xu, Sanidhya Kashyap, Changwoo Min, and Taesoo Kim (Georgia Institute of Technology)
PtrSplit: Supporting general pointers in automatic program partitioning
Shen Liu, Gang Tan, and Trent Jaeger (The Pennsylvania State University)
JITGuard: Hardening Just-in-time Compilers with SGX
Tommaso Frassetto, David Gens, Christopher Liebchen, and Ahmad-Reza Sadeghi (Technische Universität Darmstadt) [Paper] [Artifact]
Private Information Retrieval
Ryan Henry (Indiana University)
Distributed Measurement with Private Set-Union Cardinality
Ellis Fenske (Tulane University); Akshaya Mani (Georgetown University); Aaron Johnson (U.S. Naval Research Lab); Micah Sherr (Georgetown University)
Directed Greybox Fuzzing
Marcel Böhme, Van-Thuan Pham, Manh-Dung Nguyen, and Abhik Roychoudhury (National University of Singapore) [Paper] [Artifact]
HexType: Efficient Detection of Type Confusion Errors for C++
Yuseok Jeon (Purdue University); Priyam Biswas, Scott Carr, Byoungyoung Lee, and Mathias Payer (Purdue University)
Leaky Cauldron on the Dark Land: Understanding Memory Side-Channel Hazards in SGX
Wenhao Wang (Indiana University); Guoxing Chen (The Ohio State University); Xiaorui Pan (Indiana University); Yinqian Zhang (The Ohio State University); XiaoFeng Wang (Indiana University); Vincent Bindschaedler (University of Illinois at Urbana-Champaign); Haixu Tang (Indiana University); Carl A. Gunter (University of Illinois at Urbana-Champaign)
Efficient Public Trace-and-Revoke from Standard Assumptions
Shweta Agrawal (IIT Madras); Sanjay Bhattacherjee (Turing Lab, ASU, ISI Kolkata); Duong Hieu Phan (XLIM U. Limoges, CNRS, France); Damien Stehle (ENS Lyon, Laboratoire LIP U. Lyon, CNRS, ENSL, INRIA, UCBL); Shota Yamada (National Institute of Advanced Industrial Science and Technology AIST, Japan) [Paper] [Artifact]
IMF: Inferred Model-based Fuzzer
HyungSeok Han and Sang Kil Cha (KAIST)
FreeGuard: A Faster Secure Heap Allocator
Sam Silvestro, Hongyu Liu, and Corey Crosser (University of Texas at San Antonio); Zhiqiang Lin (University of Texas at Dallas); Tongping Liu (University of Texas at San Antonio)
A Formal Foundation for Secure Remote Execution of Enclaves
Pramod Subramanyan and Rohit Sinha (University of California, Berkeley); Ilia Lebedev and Srinivas Devadas (Massachusetts Institute of Technology); Sanjit Seshia (University of California, Berkeley) [Paper] [Artifact]
5:30-5:45 Break
5:45-6:30 Dallas Ballroom BC
Business Meeting



Post-Conference Workshops on Friday, November 3rd, 2017 (07:30-5:00)

Time Applying the Scientific Method to Active Cyber Defense Research
(SafeConfig)

Dallas Ballroom A1
Cyber-Physical System Security & Privacy
(CPS-SPC)

Dallas Ballroom A2
Forming an Ecosystem Around Software Transformation
(FEAST)

Dallas Ballroom A3
Attacks and Solutions in Hardware Security
(ASHES)

Dallas Ballroom D1
Internet of Things Security and Privacy
(IoT S&P)

Dallas Ballroom D2
Cloud Computing Security Workshop
(CCSW)

Dallas Ballroom D3
Artificial Intelligence and Security
(AISec)

Austin Ballroom 1
07:30-09:00 Breakfast & Registration
9:00-10:00 SafeConfig CPS-SPC FEAST ASHES IoT S&P CCSW AISec
10:00-10:45 Break
10:45-12:00 SafeConfig CPS-SPC FEAST ASHES IoT S&P CCSW AISec
12:00-2:00 Lunch Break
2:00-3:00 SafeConfig CPS-SPC FEAST ASHES IoT S&P CCSW AISec
3:00-3:45 Break
3:45-5:00** SafeConfig CPS-SPC FEAST ASHES IoT S&P CCSW AISec

Finalists for paper awards. The awards will be announced at the CCS Banquet, 1 November 2017

**Workshops must end no later than 5pm