DUPLO: Unifying Cut-and-Choose for Garbled Circuits

Vladimir Kolesnikov (Bell Labs); Jesper Buus Nielsen (Aarhus University); Mike Rosulek and Ni Trieu (Oregon State University); Roberto Trifiletti (Aarhus University) [Paper] [Artifact]

Hearing Your Voice Is Not Enough: An Articulatory Gesture Based Liveness Detection for Voice Authentication

Linghan Zhang, Sheng Tan, and Jie Yang (Florida State University)

Evading Classifiers by Morphing in the Dark

Hung Dang, Yue Huang, and Ee-Chien Chang (National University of Singapore)

Hindsight: Understanding the Evolution of UI Vulnerabilities in Mobile Browsers

Meng Luo, Oleksii Starov, Nima Honarmand, and Nick Nikiforakis (Stony Brook University)

Be Selfish and Avoid Dilemmas: Fork After Withholding (FAW) Attacks on Bitcoin

Yujin Kwon, Dohyun Kim, and Yunmok Son (KAIST); Eugene Vasserman (Kansas State University); Yongdae Kim (KAIST) [Paper] [Artifact]

Cache Side Channels: State-of-the-Art and Research Opportunities

Yinqian Zhang (Ohio State University)

Authenticated Garbling and Efficient Maliciously Secure Two-Party Computation★

Xiao Wang (University of Maryland); Samuel Ranellucci (University of Maryland/George Mason University); Jonathan Katz (University of Maryland) [Paper] [Artifact]

VibWrite: Towards Finger-input Authentication on Ubiquitous Surfaces via Physical Vibration

Jian Liu, Chen Wang, and Yingying Chen (Rutgers University); Nitesh Saxena (University of Alabama at Birmingham)

MagNet: a Two-Pronged Defense against Adversarial Examples

Dongyu Meng (ShanghaiTech University); Hao Chen (University of California, Davis) [Paper] [Artifact]

Deterministic Browser

Yinzhi Cao, Zhanhao Chen, Song Li, and Shujiang Wu (Lehigh University) [Paper] [Artifact]

Betrayal, Distrust, and Rationality: Smart Counter-Collusion Contracts for Verifiable Cloud Computing

Changyu Dong, Yilei Wang, Amjad Aldweesh, Patrick McCorry, and Aad van Moorsel (Newcastle University) [Paper] [Artifact]

Global-Scale Secure Multiparty Computation

Xiao Wang (University of Maryland); Samuel Ranellucci (University of Maryland/George Mason University); Jonathan Katz (University of Maryland) [Paper] [Artifact]

Presence Attestation: The Missing Link In Dynamic Trust Bootstrapping

Zhangkai Zhang (Beihang University); Xuhua Ding (Singapore Management University); Gene Tsudik (University of California, Irvine); Jinhua Cui (Singapore Management University); Zhoujun Li (Beihang University)

DolphinAttack: Inaudible Voice Commands★

Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang, Taimin Zhang, and Wenyuan Xu (Zhejiang University) [Paper] [Artifact]

Most Websites Don't Need to Vibrate: A Cost-Benefit Approach to Improving Browser Security

Peter Snyder, Cynthia Taylor, and Chris Kanich (University of Illinois at Chicago) [Paper] [Artifact]

Zero-Knowledge Contingent Payments Revisited: Attacks and Payments for Services

Matteo Campanelli and Rosario Gennaro (City College of New York); Steven Goldfeder (Princeton University); Luca Nizzardo (IMDEA Software Institute and Universidad Politécnica de Madrid) [Paper] [Artifact]

Pool: Scalable On-Demand Secure Computation Service Against Malicious Adversaries

Ruiyu Zhu and Yan Huang (Indiana University); Darion Cassel (Carnegie Mellon University)

Let's go in for a closer look: Observing passwords in their natural habitat

Sarah Pearman, Jeremy Thomas, Pardis Emami Naeini, Hana Habib, Lujo Bauer, Nicolas Christin, and Lorrie Faith Cranor (Carnegie Mellon University); Serge Egelman (University of California, Berkeley); Alain Forget (Google)

Rise of the HaCRS: Augmenting Autonomous Cyber Reasoning Systems with Human Assistance

Yan Shoshitaishvili (Arizona State University); Michael Weissbacher (Northeastern University); Lukas Dresel, Christopher Salls, Ruoyu Wang, Christopher Kruegel, and Giovanni Vigna (University of California, Santa Barbara)

Synthesis of Probabilistic Privacy Enforcement

Martin Kucera, Petar Tsankov, Timon Gehr, Marco Guarnieri, and Martin Vechev (ETH Zürich)

Revive: Rebalancing Off-Blockchain Payment Networks

Rami Khalil and Arthur Gervais (ETH Zürich)

Cliptography: Post-Snowden Cryptography

Qiang Tang (New Jersey Institute of Technology), Moti Yung (Snap, Inc./Columbia University)

A Framework for Constructing Fast MPC over Arithmetic Circuits with Malicious Adversaries and an Honest-Majority

Yehuda Lindell and Ariel Nof (Bar-Ilan University) [Paper] [Artifact]

Why Do Developers Get Password Storage Wrong? A Qualitative Usability Study

Alena Naiakshina, Anastasia Danilova, Christian Tiefenau, Marco Herzog, Sergej Dechand, and Matthew Smith (University of Bonn) [Paper] [Artifact]

Neural Network-based Graph Embedding for Cross-Platform Binary Code Similarity Detection

Xiaojun Xu (Shanghai Jiao Tong University); Chang Liu (University of California, Berkeley); Qian Feng (Samsung Research America); Heng Yin (University of California, Riverside); Le Song (Georgia Institute of Technology); Dawn Song (University of California, Berkeley) [Paper] [Artifact]

A Type System for Privacy Properties

Véronique Cortier (Loria, CNRS/Inria); Niklas Grimm (TU Wien); Joseph Lallemand (Loria, CNRS/Inria); Matteo Maffei (TU Wien) [Paper] [Artifact]

Concurrency and Privacy with Payment-Channel Networks

Giulio Malavolta (Friedrich-Alexander University Erlangen Nuernberg); Pedro Moreno-Sanchez and Aniket Kate (Purdue University); Matteo Maffei (TU Wien); Srivatsan Ravi (University of Southern California) [Paper] [Artifact]

Efficient, Constant-Round and Actively Secure MPC: Beyond the Three-Party Case

Nishanth Chandran (Microsoft Research India); Juan Garay (Texas A&M University); Payman Mohassel (Visa Research); Satyanarayana Vusirikala (Microsoft Research India) [Paper] [Artifact]

The TypTop System: Personalized Typo-tolerant Password Checking

Rahul Chatterjee (Cornell Tech); Joanne Woodage (Royal Holloway, University of London); Yuval Pnueli (Technion - Israel Institute of Technology); Anusha Chowdhury (Cornell University); Thomas Ristenpart (Cornell Tech) [Paper] [Artifact]

RAIN: Refinable Attack Investigation with On-demand Inter-Process Information Flow Tracking

Yang Ji, Sangho Lee, Evan Downing, Weiren Wang, Mattia Fazzini, Taesoo Kim, Alessandro Orso, and Wenke Lee (Georgia Institute of Technology)

Generating Synthetic Decentralized Social Graphs with Local Differential Privacy

Zhan Qin (State University of New York at Buffalo); Yin Yang (College of Science and Engineering, Hamad Bin Khalifa University); Ting Yu (Qatar Computing Research Institute, Hamad Bin Khalifa University); Xiaokui Xiao (Nanyang Technological University); Issa Khalil (Qatar Computing Research Institute, Hamad Bin Khalifa University); Kui Ren (State University of New York at Buffalo)

Bolt: Anonymous Payment Channels for Decentralized Currencies

Matthew Green and Ian Miers (Johns Hopkins University)

S3ORAM: A Computation-Efficient and Constant Client Bandwidth Blowup ORAM with Shamir Secret Sharing

Thang Hoang, Ceyhun D. Ozkaptan, and Attila A. Yavuz (Oregon State University); Jorge Guajardo (Robert Bosch Research and Technology Center); Tam Nguyen (Oregon State University) [Paper] [Artifact]

Don't Let One Rotten Apple Spoil the Whole Barrel: Towards Automated Detection of Shadowed Domains

Daiping Liu (University of Delaware); Zhou Li (ACM Member); Kun Du (Tsinghua University); Haining Wang (University of Delaware); Baojun Liu and Haixin Duan (Tsinghua University)

Machine Learning Models that Remember Too Much

Congzheng Song (Cornell University); Thomas Ristenpart and Vitaly Shmatikov (Cornell Tech)

Verifying Security Policies in Multi-agent Workflows with Loops

Bernd Finkbeiner (CISPA, Saarland University); Christian Müller, Helmut Seidl, and Eugen Zalinescu (Technische Universität München) [Paper] [Artifact]

Practical UC-Secure Delegatable Credentials with Attributes and Their Application to Blockchain

Jan Camenisch (IBM Research - Zürich); Manu Drijvers (IBM Research - Zürich/ETH Zürich); Maria Dubovitskaya (IBM Research - Zürich)

Cliptography: Post-Snowden Cryptography

Qiang Tang (New Jersey Institute of Technology), Moti Yung (Snap. Inc,/Columbia University)

Deterministic, Stash-Free Write-Only ORAM

Daniel S. Roche, Adam J. Aviv, Seung Geol Choi, and Travis Mayberry (United States Naval Academy) [Paper] [Artifact]

Herding Vulnerable Cats: A Statistical Approach to Disentangle Joint Responsibility for Web Security in Shared Hosting

Samaneh Tajalizadehkhoob (Delft University of Technology); Tom van Goethem (KU Leuven, imec-DistriNet); Maciej Korczyński and Arman Noroozian (Delft University of Technology); Rainer Böhme (Innsbruck University); Tyler Moore (The University of Tulsa); Wouter Joosen (KU Leuven, imec-DistriNet); Michel van Eeten (Delft University of Technology) [Paper] [Artifact]

Deep Models Under the GAN: Information Leakage from Collaborative Deep Learning

Briland Hitaj, Giuseppe Ateniese, and Fernando Perez-Cruz (Stevens Institute of Technology) [Paper] [Artifact]

Attribute-Based Encryption in the Generic Group Model: Automated Proofs and New Constructions

Miguel Ambrona (IMDEA Software Institute/Universidad Politécnica de Madrid); Gilles Barthe (IMDEA Software Institute); Romain Gay and Hoeteck Wee (ENS, Paris)

Solidus: Confidential Distributed Ledger Transactions via PVORM

Ethan Cecchetti and Fan Zhang (Cornell University); Yan Ji (Cornell University); Ahmed Kosba (University of Maryland); Ari Juels (Cornell Tech, Jacobs Institute); Elaine Shi (Cornell University) [Paper] [Artifact]

Scaling ORAM for Secure Computation★

Jack Doerner and abhi shelat (Northeastern University) [Paper] [Artifact]

Hiding in Plain Sight: A Longitudinal Study of Combosquatting Abuse

Panagiotis Kintis (Georgia Institute of Technology); Najmeh Miramirkhani (Stony Brook University); Charles Lever, Yizheng Chen, and Rosa Romero-Gómez (Georgia Institute of Technology); Nikolaos Pitropakis (London South Bank University); Nick Nikiforakis (Stony Brook University); Manos Antonakakis (Georgia Institute of Technology) [Paper] [Artifact]

Oblivious Neural Network Predictions via MiniONN transformations

Jian Liu, Mika Juuti, Yao Lu, and N. Asokan (Aalto University) [Paper] [Artifact]

FAME: Fast Attribute-based Message Encryption

Shashank Agrawal (Visa Research); Melissa Chase (Microsoft Research) [Paper] [Artifact]

Fairness in an Unfair World: Fair Multiparty Computation from Public Bulletin Boards

Arka Rai Choudhuri, Matthew Green, Abhishek Jain, Gabriel Kaptchuk, and Ian Miers (Johns Hopkins University)

5Gen-C: Multi-input Functional Encryption and Program Obfuscation for Arithmetic Circuits

Brent Carmer (Oregon State University/Galois, Inc.); Alex J. Malozemoff (Galois$ Inc.); Mariana Raykova (Yale University)

AUTHSCOPE: Towards Automatic Discovery of Vulnerable Access Control in Online Services

Chaoshun Zuo, Qingchuan Zhao, and Zhiqiang Lin (University of Texas at Dallas)

May the Fourth Be With You: A Microarchitectural Side Channel Attack on Several Real-World Applications of Curve25519

Daniel Genkin (University of Pennsylvania/University of Maryland); Luke Valenta (University of Pennsylvania); Yuval Yarom (University of Adelaide/Data61) [Paper] [Artifact]

Better Than Advertised: Improved Collision-Resistance Guarantees for MD-Based Hash Functions

Mihir Bellare, Joseph Jaeger, and Julia Len (University of California, San Diego)

Client-side Name Collision Vulnerability in the New gTLD Era: A Systematic Study

Qi Alfred Chen (University of Michigan); Matthew Thomas and Eric Osterweil (Verisign Labs); Yulong Cao, Jie You, and Z. Morley Mao (University of Michigan)

Iron: Functional Encryption using Intel SGX★

Ben Fisch (Stanford University); Dhinakaran Vinayagamurthy (University of Waterloo); Dan Boneh (Stanford University); Sergey Gorbunov (University of Waterloo) [Paper] [Artifact]

Mass Discovery of Android Traffic Imprints through Instantiated Partial Execution

Yi Chen (University of Chinese Academy of Sciences); Wei You and Yeonjoon Lee (Indiana University); Kai Chen (University of Chinese Academy of Sciences); XiaoFeng Wang (Indiana University); Wei Zou (University of Chinese Academy of Sciences)

Stacco: Differentially Analyzing Side-Channel Traces for Detecting SSL/TLS Vulnerabilities in Secure Enclaves

Yuan Xiao, Mengyuan Li, Sanchuan Chen, and Yinqian Zhang (The Ohio State University) [Paper] [Artifact]

Generic Semantic Security against a Kleptographic Adversary

Alexander Russell (University of Connecticut); Qiang Tang (New Jersey Institute of Technology); Moti Yung (Snap, Inc./Columbia University); Hong-Sheng Zhou (Virginia Commonwealth University)

The Wolf of Name Street: Hijacking Domains Through Their Nameservers

Thomas Vissers (KU Leuven, imec-DistriNet); Timothy Barron (Stony Brook University); Tom Van Goethem and Wouter Joosen (KU Leuven, imec-DistriNet); Nick Nikiforakis (Stony Brook University) [Paper] [Artifact]

Implementing BP-Obfuscation Using Graph-Induced Encoding

Shai Halevi and Tzipora Halevi (IBM); Victor Shoup (IBM and New York University); Noah Stephens-Davidowitz (New York University) [Paper] [Artifact]

Unleashing the Walking Dead: Understanding Cross-App Remote Infections on Mobile WebViews

Tongxin Li (Peking University); Xueqiang Wang (Indiana University); Mingming Zha and Kai Chen (Chinese Academy of Sciences); XiaoFeng Wang and Luyi Xing (Indiana University); Xiaolong Bai (Tsinghua University); Nan Zhang (Indiana University); Xinhui Han (Peking University)

Precise Detection of Side-Channel Vulnerabilities using Quantitative Cartesian Hoare Logic

Jia Chen, Yu Feng, and Isil Dillig (University of Texas at Austin)

Defending Against Key Exfiltration: Efficiency Improvements for Big-Key Cryptography via Large-Alphabet Subkey Prediction

Mihir Bellare and Wei Dai (University of California, San Diego)

Faulds: A Non-Parametric Iterative Classifier for Internet-Wide OS Fingerprinting

Zain Shamsi (Texas A&M University); Daren B.H. Cline and Dmitri Loguinov (Texas A&M University) [Paper] [Artifact]

T/Key: Second-Factor Authentication From Secure Hash Chains

Dmitry Kogan, Nathan Manohar, and Dan Boneh (Stanford University) [Paper] [Artifact]

The ART of App Compartmentalization: Compiler-based Library Privilege Separation on Stock Android

Jie Huang, Oliver Schranz, Sven Bugiel, and Michael Backes (CISPA, Saarland University)

Exploiting a Thermal Side Channel for Power Attacks in Multi-Tenant Data Centers

Mohammad A. Islam and Shaolei Ren (University of California, Riverside); Adam Wierman (California Institute of Technology)

Practical Attacks Against Graph-based Clustering

Yizheng Chen, Yacin Nadji, and Athanasios Kountouras (Georgia Institute of Technology); Fabian Monrose (University of North Carolina at Chapel Hill); Roberto Perdisci (University of Georgia); Manos Antonakakis (Georgia Institute of Technology); Nikolaos Vasiloglou (Symantec) [Paper] [Artifact]

Practical Secure Aggregation for Privacy-Preserving Machine Learning

Keith Bonawitz, Vladimir Ivanov, and Ben Kreuter (Google); Antonio Marcedone (Cornell University); H. Brendan McMahan, Sarvar Patel, Daniel Ramage, Aaron Segal, and Karn Seth (Google) [Paper] [Artifact]

Practical Graphs for Optimal Side-Channel Resistant Memory-Hard Functions

Joel Alwen (IST Austria); Jeremiah Blocki and Ben Harsha (Purdue University) [Paper] [Artifact]

Vulnerable Implicit Service: A Revisit

Lingguang Lei (Chinese Academy of Sciences, Institute of Information Engineering/George Mason University); Yi He (Tsinghua University); Kun Sun (George Mason University); Jiwu Jing and Yuewu Wang (Chinese Academy of Sciences, Institute of Information Engineering); Qi Li (Tsinghua University); Jian Weng (Jinan University)

Watch Me, but Don't Touch Me! Contactless Control Flow Monitoring via Electromagnetic Emanations

Yi Han, Sriharsha Etigowni, Hua Liu, Saman Zonouz, and Athina Petropulu (Rutgers University) [Paper] [Artifact]

Automated Crowdturfing Attacks and Defenses in Online Review Systems

Yuanshun Yao, Bimal Viswanath, Jenna Cryan, Haitao Zheng, and Ben Y. Zhao (University of Chicago) [Paper] [Artifact]

Use Privacy in Data-Driven Systems: Theory and Experiments with Machine Learnt Programs

Anupam Datta, Matthew Fredrikson, Gihyuk Ko, Piotr Mardziel, and Shayak Sen (Carnegie Mellon University) [Paper] [Artifact]

Better Bounds for Block Cipher Modes of Operation via Nonce-Based Key Derivation★

Shay Gueron (Haifa University/AWS); Yehuda Lindell (Bar-Ilan University) [Paper] [Artifact]

A Stitch in Time: Supporting Android Developers in Writing Secure Code

Duc Cuong Nguyen (CISPA, Saarland University); Dominik Wermke (Leibniz University Hannover); Yasemin Acar (Leibniz University Hannover); Michael Backes (CISPA, Saarland University); Charles Weir (Security Lancaster, Lancaster University); Sascha Fahl (Leibniz University Hannover)

Viden: Attacker Identification on In-Vehicle Networks

Kyong-Tak Cho and Kang G. Shin (University of Michigan) [Paper] [Artifact]

POISED: Spotting Twitter Spam Off the Beaten Paths

Shirin Nilizadeh (University of California, Santa Barbara); François Labrèche (École Polytechnique de Montréal); Alireza Sadighian (École Polytechnique de Montréal); Ali Zand (University of California, Santa Barbara); José Fernandez (École Polytechnique de Montréal); Christopher Kruegel (University of California, Santa Barbara); Gianluca Stringhini (University College London); Giovanni Vigna (University of California, Santa Barbara) [Paper] [Artifact]

A Practical Encrypted Data Analytic Framework With Trusted Processors

Fahad Shaon, Murat Kantarcioglu, Zhiqiang Lin, and Latifur Khan (University of Texas at Dallas)

Malicious-Secure Private Set Intersection via Dual Execution

Peter Rindal and Mike Rosulek (Oregon State University) [Paper] [Artifact]

Detecting Structurally Anomalous Logins Within Enterprise Networks

Hossein Siadati and Nasir Memon (New York University)

Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2★

Mathy Vanhoef and Frank Piessens (KU Leuven, imec-DistriNet)

Querying for Queries: Indexes of Queries for Efficient and Expressive IT-PIR

Syed Mahbub Hafiz and Ryan Henry (Indiana University) [Paper] [Artifact]

Where the Wild Warnings Are: Root Causes of Chrome HTTPS Certificate Errors

Mustafa Emre Acer, Emily Stark, and Adrienne Porter Felt (Google); Sascha Fahl (Leibniz University Hannover); Radhika Bhargava (Purdue University); Bhanu Dev (International Institute of Information Technology Hyderabad); Matt Braithwaite, Ryan Sleevi, and Parisa Tabriz (Google)

Adversarial Data Mining: Big Data Meets Cyber Security

Fast Private Set Intersection from Homomorphic Encryption

Hao Chen and Kim Laine (Microsoft Research); Peter Rindal (Oregon State University) [Paper] [Artifact]

DeepLog: Anomaly Detection and Diagnosis from System Logs through Deep Learning

Min Du, Feifei Li, Guineng Zheng, and Vivek Srikumar (University of Utah)

CCCP: Closed Caption Crypto Phones to Resist MITM Attacks, Human Errors and Click-Through

Maliheh Shirvanian and Nitesh Saxena (University of Alabama at Birmingham)

PeGaSus: Data-Adaptive Differentially Private Stream Processing

Yan Chen and Ashwin Machanavajjhala (Duke University); Michael Hay (Colgate University); Gerome Miklau (University of Massachusetts Amherst)

Data breaches, phishing, or malware? Understanding the risks of stolen credentials

Kurt Thomas (Google); Frank Li (University of California, Berkeley); Ali Zand, Jake Barrett, Juri Ranieri, Luca Invernizzi, Yarik Markov, Oxana Comanescu, Vijay Eranti, Angelika Moscicki, and Dan Margolis (Google); Vern Paxson (University of California, Berkeley); Elie Bursztein (Google)

Practical Multi-party Private Set Intersection from Symmetric-Key Techniques

Vladimir Kolesnikov (Bell Labs); Naor Matania and Benny Pinkas (Bar-Ilan University); Mike Rosulek and Ni Trieu (Oregon State University) [Paper] [Artifact]

Predicting the Risk of Cyber Incidents

Leyla Bilge, Yufei Han, and Matteo Dell'Amico (Symantec Research Labs)

No-Match Attacks and Robust Partnering Definitions — Defining Trivial Attacks for Security Protocols is Not Trivial

Yong Li (Huawei Technologies Düsseldorf); Sven Schäge (Ruhr-Universität Bochum) [Paper] [Artifact]

Composing Differential Privacy and Secure Computation: A case study on scaling private record linkage

Xi He and Ashwin Machanavajjhala (Duke University); Cheryl Flynn and Divesh Srivastava (AT&T Labs-Research) [Paper] [Artifact]

Certified Malware: Measuring Breaches of Trust in the Windows Code-Signing PKI

Doowon Kim, Bum Jun Kwon, and Tudor Dumitraş (University of Maryland)

Forward Secure Dynamic Searchable Symmetric Encryption with Efficient Updates

Kee Sung Kim, Minkyu Kim, Dongsoo Lee, Je Hong Park, and Woo-Hwan Kim (National Security Research Institute)

Economic Factors of Vulnerability Trade and Exploitation: Empirical evidence from a prominent Russian cybercrime market

Luca Allodi (Eindhoven University of Technology) [Paper] [Artifact]

Identity-Based Format-Preserving Encryption

Mihir Bellare (University of California, San Diego); Viet Tung Hoang (Florida State University)

New Techniques for Structural Batch Verification in Bilinear Groups with Applications to Groth-Sahai Proofs

Gottfried Herold (ENS Lyon); Max Hoffmann (Ruhr-Universität Bochum); Michael Klooß (Karlsruhe Institute of Technology); Carla Ràfols (UPF Barcelona); Andy Rupp (Karlsruhe Institute of Technology) [Paper] [Artifact]

A Touch of Evil: High-Assurance Cryptographic Hardware from Untrusted Components

Vasilios Mavroudis and Andrea Cerulli (University College London); Petr Svenda (Masaryk University); Dan Cvrcek and Dusan Klinec (EnigmaBridge); George Danezis (University College London)

Adversarial Data Mining: Big Data Meets Cyber Security

Forward and Backward Private Searchable Encryption from Constrained Cryptographic Primitives

Raphael Bost (Direction Générale de l'Armement - Maitrise de l'Information/Université de Rennes 1); Brice Minaud (Royal Holloway, University of London); Olga Ohrimenko (Microsoft Research, Cambridge) [Paper] [Artifact]

Quantifying the Pressure of Legal Risks on Third-party Vulnerability Research

Alexander Gamero-Garrido, Stefan Savage, Kirill Levchenko, and Alex C. Snoeren (University of California, San Diego) [Paper] [Artifact]

Standardizing Bad Cryptographic Practice - A teardown of the IEEE standard for protecting electronic-design intellectual property

Animesh Chhotaray, Adib Nahiyan, Thomas Shrimpton, Domenic J Forte, and Mark Tehranipoor (University of Florida)

Practical Quantum-Safe Voting from Lattices

Rafael del Pino, Vadim Lyubashevsky, Gregory Neven, and Gregor Seiler (IBM Research - Zürich)

Provably-Secure Logic Locking: From Theory To Practice

Muhammad Yasin, Abhrajit Sengupta, Mohammed Thari Nabeel, Mohammed Ashraf (New York University); Jeyavijayan JV Rajendran (University of Texas at Dallas); Ozgur Sinanoglu (New York University)

The Return of Coppersmith's Attack: Practical Factorization of Widely Used RSA Moduli★

Matus Nemec (Masaryk University/Ca' Foscari University of Venice); Marek Sys and Petr Svenda (Masaryk University); Dusan Klinec (Masaryk University/EnigmaBridge); Vashek Matyas (Masaryk University)

The Dynamics of Innocent Flesh on the Bone: Code Reuse Ten Years Later

Victor van der Veen, Dennis Andriesse, Manolis Stamatogiannakis (Vrije Universiteit Amsterdam); Xi Chen (Vrije Universiteit Amsterdam/Microsoft); Herbert Bos, and Cristiano Giuffrida (Vrije Universiteit Amsterdam) [Paper] [Artifact]

Rewriting History: Changing the Archived Web from the Present

Ada Lerner (Wellesley College); Tadayoshi Kohno, and Franziska Roesner (University of Washington)

A Comprehensive Symbolic Analysis of TLS 1.3

Cas Cremers (University of Oxford); Marko Horvat (The Max Planck Institute For Software Systems); Jonathan Hoyland, Sam Scott, and Thyla van der Merwe (Royal Holloway, University of London) [Paper] [Artifact]

SGX Security and Privacy

Taesoo Kim (Georgia Tech), Zhiqiang Lin (UT Dallas), Chia-Che Tsai (UC Berkeley/Texas A&M University)

Sebastian Berndt and Maciej Liskiewicz (University of Luebeck) [Paper] [Artifact]

Capturing Malware Propagations with Code Injections and Code-Reuse attacks

David Korczynski (University of Oxford); Heng Yin (University of California, Riverside)

Deemon: Detecting CSRF with Dynamic Analysis and Property Graphs

Giancarlo Pellegrino (CISPA, Saarland University); Martin Johns (SAP SE); Simon Koch, Michael Backes, and Christian Rossow (CISPA, Saarland University) [Paper] [Artifact]

HACL*: A Verified Modern Cryptographic Library

Jean-Karim Zinzindohoué(Inria Paris); Karthikeyan Bhargavan (Inria Paris); Jonathan Protzenko (Microsoft Research); Benjamin Beurdouche (Inria Paris) [Paper] [Artifact]

On the Power of Optical Contactless Probing: Attacking Bitstream Encryption of FPGAs★

Shahin Tajik, Heiko Lohrke, Jean-Pierre Seifert, and Christian Boit (Technische Universität Berlin) [Paper] [Artifact]

Code-reuse attacks for the Web: Breaking Cross-Site Scripting Mitigations via Script Gadgets

Sebastian Lekies and Krzysztof Kotowicz (Google); Samuel Groß (SAP SE); Eduardo Vela (Google); Martin Johns (SAP SE)

Tail Attacks on Web Applications

Huasong Shan and Qingyang Wang (Louisiana State University, Computer Science and Engineering Division); Calton Pu (Georgia Institute of Technology)

Jasmin: High-Assurance and High-Speed Cryptography

José Bacelar Almeida (HASLab -- INESC TEC/Universidade do Minho); Manuel Barbosa (HASLab -- INESC TEC/DCC FC Universidade do Porto); Gilles Barthe (IMDEA Software Institute); Arthur Blot (ENS Lyon); Benjamin Grégoire (Inria); Vincent Laporte (IMDEA Software Institute); Tiago Oliveira and Hugo Pacheco (HASLab -- INESC TEC/Universidade do Minho); Benedikt Schmidt (IMDEA Software Institute); Pierre-Yves Strub (Ecole Polytechnique)

Post-Quantum Zero-Knowledge and Signatures from Symmetric-Key Primitives

Melissa Chase (Microsoft Research); David Derler (Graz University of Technology); Steven Goldfeder (Princeton University); Claudio Orlandi (Aarhus University); Sebastian Ramacher (Graz University of Technology); Christian Rechberger (Graz University of Technology/Denmark Technical University); Daniel Slamanig (AIT Austrian Institute of Technology); Greg Zaverucha (Microsoft Research)

Nonmalleable Information Flow Control★

Ethan Cecchetti and Andrew Myers (Cornell University); Owen Arden (University of California, Santa Cruz)

BBA+: Improving the Security and Applicability of Privacy-Preserving Point Collection

Gunnar Hartung (Karlsruhe Institute of Technology); Max Hoffmann (Ruhr-Universität Bochum); Matthias Nagel and Andy Rupp (Karlsruhe Institute of Technology)

Certified Verification of Algebraic Properties on Low-Level Mathematical Constructs in Cryptographic Programs

Ming-Hsien Tsai, Bow-Yaw Wang, and Bo-Yin Yang (Academia Sinica)

How Unique is Your .onion? An Analysis of the Fingerprintability of Tor Onion Services★

Rebekah Overdorf (Drexel University); Marc Juarez and Gunes Acar (KU Leuven); Rachel Greenstadt (Drexel University); Claudia Diaz (KU Leuven)

SGX Security and Privacy

Taesoo Kim (Georgia Tech), Zhiqiang Lin (UT Dallas), Chia-Che Tsai (UC Berkeley/Texas A&M University)

To BLISS-B or not to be - Attacking strongSwan's Implementation of Post-Quantum Signatures

Peter Pessl (Graz University of Technology); Leon Groot Bruinderink (Technische Universiteit Eindhoven); Yuval Yarom (University of Adelaide/Data61) [Paper] [Artifact]

Cryptographically Secure Information Flow Control on Key-Value Stores

Lucas Waye, Pablo Buiras (Harvard University); Owen Arden (University of California, Santa Cruz); Alejandro Russo (Chalmers University of Technology); Stephen Chong (Harvard University) [Paper] [Artifact]

walk2friends: Inferring Social Links from Mobility Profiles

Michael Backes (CISPA, Saarland University); Mathias Humbert (Swiss Data Science Center, ETH/EPFL); Jun Pang (University of Luxembourg); Yang Zhang (CISPA, Saarland University) [Paper] [Artifact]

A Fast and Verified Software Stack for Secure Function Evaluation

José Bacelar Almeida (HASLab -- INESC TEC/Universidade do Minho); Manuel Barbosa (HASLab -- INESC TEC/DCC FC Universidade do Porto); Gilles Barthe (IMDEA Software Institute); François Dupressoir (University of Surrey); Benjamin Grégoire (INRIA Sophia-Antipolis); Vincent Laporte (IMDEA Software Institute); Vitor Pereira (HASLab -- INESC TEC/DCC FC Universidade do Porto) [Paper] [Artifact]

The Waterfall of Liberty: Decoy Routing Circumvention that Resists Routing Attacks

Milad Nasr, Hadi Zolfaghari, and Amir Houmansadr (University of Massachusetts Amherst)

Side-Channel Attacks on BLISS Lattice-Based Signatures: Exploiting Branch Tracing Against strongSwan and Electromagnetic Emanations in Microcontrollers

Thomas Espitau (UPMC); Pierre-Alain Fouque (Université de Rennes 1); Benoït Gérard (DGA.MI); Mehdi Tibouchi (NTT Secure Platform Laboratories) [Paper] [Artifact]

Object Flow Integrity

Wenhao Wang, Xiaoyang Xu, and Kevin Hamlen (University of Texas at Dallas)

Back to the drawing board: Revisiting the design of optimal location privacy-preserving mechanisms

Simon Oya (University of Vigo); Carmela Troncoso (IMDEA Software Institute); Fernando Pérez-González (University of Vigo) [Paper] [Artifact]

Verified Correctness and Security of mbedTLS HMAC-DRBG

Katherine Q. Ye (Princeton University/Carnegie Mellon University); Matthew Green (Johns Hopkins University); Naphat Sanguansin and Lennart Beringer (Princeton University); Adam Petcher (Oracle); Andrew W. Appel (Princeton University) [Paper] [Artifact]

Compressive Traffic Analysis: A New Paradigm for Scalable Traffic Analysis

Milad Nasr, Amir Houmansadr, and Arya Mazumdar (University of Massachusetts Amherst) [Paper] [Artifact]

Full accounting for verifiable outsourcing

Riad S. Wahby (Stanford University); Ye Ji (New York University); Andrew J. Blumberg (University of Texas at Austin); abhi shelat (Northeastern University); Justin Thaler (Georgetown University); Michael Walfish and Thomas Wies (New York University) [Paper] [Artifact]

DIFUZE:Interface Aware Fuzzing for Kernel Drivers

Jake Corina, Aravind Machiry, Christopher Salls (University of California, Santa Barbara); Yan Shoshitaishvili (Arizona State University); Shuang Hao (University of Texas at Dallas); Christopher Kruegel, and Giovanni Vigna (University of California, Santa Barbara)

Checking Open-Source License Violation and 1-day Security Risk at Large Scale

Ruian Duan, Ashish Bijlani, Meng Xu, Taesoo Kim, and Wenke Lee (Georgia Institute of Technology)

DEFTL: Implementing Plausibly Deniable Encryption in Flash Translation Layer

Shijie Jia and Luning Xia (Chinese Academy of Sciences, Institute of Information Engineering); Bo Chen (Michigan Technological University); Peng Liu (The Pennsylvania State University, College of Information Sciences and Technology)

Private Information Retrieval

Ryan Henry (Indiana University)

Ligero: Lightweight Sublinear Arguments Without a Trusted Setup

Scott Ames (University of Rochester); Carmit Hazay (Bar-Ilan University); Yuval Ishai (Technion/University of California, Los Angeles); Muthuramakrishnan Venkitasubramaniam (University of Rochester)

SemFuzz: Semantics-based Automatic Generation of Proof-of-Concept Exploits

Wei You (Indiana University); Peiyuan Zong and Kai Chen (Chinese Academy of Sciences, Institute of Information Engineering); XiaoFeng Wang (Indiana University); Xiaojing Liao (William and Mary); Pan Bian and Bin Liang (Renmin University of China)

Keep me Updated: An Empirical Study of Third-Party Library Updatability on Android

Erik Derr, Sven Bugiel (CISPA, Saarland University); Sascha Fahl (Leibniz University Hannover); Yasemin Acar (Leibniz University Hannover); Michael Backes (CISPA, Saarland University) [Paper] [Artifact]

FlashGuard: Leveraging Intrinsic Flash Properties to Defend Against Encryption Ransomware

Jian Huang (Georgia Institute of Technology); Jun Xu,Xinyu Xing, and Peng Liu (The Pennsylvania State University); Moinuddin K. Qureshi (Georgia Institute of Technology)

Homomorphic Secret Sharing: Optimizations and Applications

Elette Boyle (IDC Herzliya); Geoffroy Couteau (ENS, Paris); Niv Gilboa (Ben Gurion University); Yuval Ishai (Technion/University of California, Los Angeles); Michele Orru (ENS, Paris)

SlowFuzz: Automated Domain-Independent Detection of Algorithmic Complexity Vulnerabilities

Theofilos Petsios, Jason Zhao, Angelos D. Keromytis, and Suman Jana (Columbia University) [Paper] [Artifact]

A Large-Scale Empirical Study of Security Patches

Frank Li and Vern Paxson (University of California, Berkeley)

FirmUSB: Vetting USB Device Firmware using Domain Informed Symbolic Execution

Grant Hernandez, Farhaan Fowze, Dave Jing Tian, Tuba Yavuz, and Kevin Butler (University of Florida) [Paper] [Artifact]

TinyOLE: Efficient Actively Secure Two-Party Computation from Oblivious Linear Function Evaluation

Nico Döttling (University of California, Berkeley); Satrajit Ghosh, Jesper Buus Nielsen, Tobias Nilges, and Roberto Trifiletti (Aarhus University)

Designing New Operating Primitives to Improve Fuzzing Performance

Wen Xu, Sanidhya Kashyap, Changwoo Min, and Taesoo Kim (Georgia Institute of Technology)

PtrSplit: Supporting general pointers in automatic program partitioning

Shen Liu, Gang Tan, and Trent Jaeger (The Pennsylvania State University)

JITGuard: Hardening Just-in-time Compilers with SGX

Tommaso Frassetto, David Gens, Christopher Liebchen, and Ahmad-Reza Sadeghi (Technische Universität Darmstadt) [Paper] [Artifact]

Private Information Retrieval

Ryan Henry (Indiana University)

Distributed Measurement with Private Set-Union Cardinality

Ellis Fenske (Tulane University); Akshaya Mani (Georgetown University); Aaron Johnson (U.S. Naval Research Lab); Micah Sherr (Georgetown University)

Directed Greybox Fuzzing

Marcel Böhme, Van-Thuan Pham, Manh-Dung Nguyen, and Abhik Roychoudhury (National University of Singapore) [Paper] [Artifact]

HexType: Efficient Detection of Type Confusion Errors for C++

Yuseok Jeon (Purdue University); Priyam Biswas, Scott Carr, Byoungyoung Lee, and Mathias Payer (Purdue University)

Leaky Cauldron on the Dark Land: Understanding Memory Side-Channel Hazards in SGX

Wenhao Wang (Indiana University); Guoxing Chen (The Ohio State University); Xiaorui Pan (Indiana University); Yinqian Zhang (The Ohio State University); XiaoFeng Wang (Indiana University); Vincent Bindschaedler (University of Illinois at Urbana-Champaign); Haixu Tang (Indiana University); Carl A. Gunter (University of Illinois at Urbana-Champaign)

Efficient Public Trace-and-Revoke from Standard Assumptions

Shweta Agrawal (IIT Madras); Sanjay Bhattacherjee (Turing Lab, ASU, ISI Kolkata); Duong Hieu Phan (XLIM U. Limoges, CNRS, France); Damien Stehle (ENS Lyon, Laboratoire LIP U. Lyon, CNRS, ENSL, INRIA, UCBL); Shota Yamada (National Institute of Advanced Industrial Science and Technology AIST, Japan) [Paper] [Artifact]

IMF: Inferred Model-based Fuzzer

HyungSeok Han and Sang Kil Cha (KAIST)

FreeGuard: A Faster Secure Heap Allocator

Sam Silvestro, Hongyu Liu, and Corey Crosser (University of Texas at San Antonio); Zhiqiang Lin (University of Texas at Dallas); Tongping Liu (University of Texas at San Antonio)

A Formal Foundation for Secure Remote Execution of Enclaves★

Pramod Subramanyan and Rohit Sinha (University of California, Berkeley); Ilia Lebedev and Srinivas Devadas (Massachusetts Institute of Technology); Sanjit Seshia (University of California, Berkeley) [Paper] [Artifact]