CCS 2018: Program


Monday, October 15 — Pre-Conference Workshops & Tutorials
Tuesday, October 16 — Main CCS Conference
Wednesday, October 17 — Main CCS Conference
Thursday, October 18 — Main CCS Conference
Friday, October 19 — Post-Conference Workshops & Tutorials

Monday, October 15

Workshop Proceedings

7:00-19:00 Registration (Prefunction B)
7:30-9:00 Breakfast (Ballroom)
12:00-14:00 Lunch (Ballroom)

Tuesday, October 16

Conference Proceedings

7:00-17:00 Registration (Prefunction B)
7:30-9:00 Breakfast (Ballroom)
9:00-9:15 Chairs’ Welcome (Ballroom)
9:15-10:40 Keynote: Helen Nissenbaum (Ballroom)
10:40-11:10 Break
11:10-12:00 SDN 1 (201 ABC)
Privacy (202 AB)
Smart Contracts (203 AB)
ML for Deanonymization (204 ABC)
12:00-13:30 Lunch
13:30-15:10 Side Channels (201 ABC)
Differential Privacy 1 (202 AB)
Crypto Attacks (203 AB)
ML 1 (204 ABC)
15:10-15:40 Break
15:40-17:20 Binary Analysis (201 ABC)
Differential Privacy 2 (202 AB)
Crypto: ZKPs & Lattices (203 AB)
ML 2 (204 ABC)
17:20-19:00 Poster Session & Dinner
19:00-20:00 Business Meeting (201 ABC)

Wednesday, October 17

Conference Proceedings

7:00-17:00 Registration (Prefunction B)
7:30-9:00 Breakfast (Ballroom)
9:00-10:30 Keynote: Shai Halevi (Ballroom)
10:30-11:10 Break
11:10-12:00 SDN 2 (201 ABC)
Secure Computation 1 (202 AB)
Blockchain 1 (203 AB)
Encrypted Search & Computation 1 (204 ABC)
12:00-13:30 Lunch
13:30-15:10 Cyberphysical Systems ( 201 ABC)
Secure Computation 2 (202 AB)
Blockchain 2 (203 AB)
Encrypted Search & Computation 2 (204 ABC)
15:10-15:40 Break
15:40-17:20 IoT Security (201 ABC)
Mobile Security 1 (202 AB)
Crypto 1 (203 AB)
Usable Security (204 ABC)
17:20-18:30 Panel Discussion (Ballroom)
18:30-21:00 Dinner Banquet & Awards (Ballroom)

Thursday, October 18

Conference Proceedings

7:00-17:00 Registration (Prefunction B)
7:30-9:00 Breakfast (Ballroom)
9:00-10:15 Forensics (201 ABC)
Formal Methods & Language Security (202 AB)
TLS (203 AB)
Binary Defenses 1 (204 ABC)
10:15-10:45 Break
10:45-12:00 Web Security 1 (201 ABC)
Usable Passwords (202 AB)
Information Flow (203 AB)
Binary Defenses 2 (204 ABC)
12:00-13:30 Lunch
13:30-15:10 Web Security 2 ( 201 ABC)
Mobile Security 2 (202 AB)
Crypto 2 (203 AB)
Vulnerability Detection (204 ABC)
15:10-15:40 Break
15:40-17:20 TOR (201 ABC)
Protocols (202 AB)
Key Exchanges (203 AB)
Fuzzing, Exploitation, & Side Channels (204 ABC)

Friday, October 19

Workshop Proceedings

7:00-12:00 Registration (Prefunction B)
7:30-9:00 Breakfast (Ballroom)
12:00-14:00 Lunch (Ballroom)


Tuesday, October 16, 9:15-10:40

Keynote: Helen Nissenbaum, Cornell Tech

Achieving Meaningful Privacy in Digital Systems

Across a range of subfields, computer scientists and engineers have responded to society’s call to safeguard privacy through technology, yielding scientific progress and impressive innovation. As the fields of privacy science and engineering mature, however, it’s worth taking a moment to ask what ideas of privacy explicitly or implicitly underlie this work and whether they are meaningful, that is to say, whether they map onto ideas of privacy that provoked societal concerns, in the first place. If not, it is unclear, at best, what ends these scientific efforts are actually serving. In my lecture, I argue that privacy as Contextual Integrity (CI) is meaningful in this sense – philosophically sound while being accessible to formal representation. As such, CI could serve as a much-needed a bridge between technical approaches and ethical and policy approaches. I will identify promising directions for future work based on interesting technical applications of CI that have already emerged.

Helen Nissenbaum is a professor of information science at Cornell Tech, where she is founding director of the Digital Life Initiative, focusing on ethics, politics, and quality of life in digital societies. Her books include Obfuscation: A User’s Guide for Privacy and Protest, with F. Brunton (2015), Values at Play in Digital Games, with M. Flanagan (2014), and Privacy in Context: Technology, Policy, and the Integrity of Social Life (2010). Recipient of the 2014 Barwise Prize of the American Philosophical Association, Nissenbaum has contributed to privacy-enhancing software: TrackMeNot and AdNauseam. She has earned grants from the US National Science Foundation, Defense Advanced Research Projects Agency, MacArthur Foundation, and others, many of these, in fruitful collaboration with colleagues in computer science and engineering.  She holds a Ph.D. in philosophy from Stanford University and BA (Hons) in mathematics and philosophy from University of Witwatersrand.

Tuesday, October 16, 11:10-12:00

SDN 1 (201 ABC)

Session Chair: Brad Reaves

Towards Fine-grained Network Security Forensics and Diagnosis in the SDN Era
Haopei Wang (TAMU), Guangliang Yang (TAMU), Phakpoom Chinprutthiwong (TAMU), Lei Xu (TAMU), Yangyong Zhang (TAMU), Guofei Gu (TAMU)

vNIDS: Towards Elastic Security with Safe and Efficient Virtualization of Network Intrusion Detection Systems
Hongda Li (Clemson University), Hongxin Hu (Clemson University), Guofei Gu (Texas A&, M University), Gail-Joon Ahn (Arizona State University & Samsung Research), Fuqiang Zhang (Clemson University)

Privacy (202 AB)

Session Chair: Apu Kapadia

ABY3: A Mixed Protocol Framework for Machine Learning
Payman Mohassel (Visa), Peter Rindal (Oregon State University)

Voting: you can’t have privacy without verifiability
Véronique Cortier (CNRS, Inria, Loria, Université de Lorraine, France), Joseph Lallemand (CNRS, Inria, Loria, Université de Lorraine, France)

Smart Contracts (203 AB)

Session Chair: Yan Chen

SECURIFY: Practical Security Analysis of Smart Contracts
Petar Tsankov (ETH Zurich), Andrei Marian Dan (ETH Zurich), Dana Drachsler Cohen (ETH Zurich), Arthur Gervais (Imperial College London), Florian Buenzli (ETH Zurich), Martin Vechev (ETH Zurich)

BitML: a calculus for Bitcoin smart contracts
Massimo Bartoletti (University of Cagliari), Roberto Zunino (University of Trento)

ML for Deanonymization (204 ABC)

Session Chair: Nikita Borisov

Large-Scale and Language-Oblivious Code Authorship Identification
Mohammed Abuhmed (Inha University), Tamer Abuhmed (Inha University), Aziz Mohaisen (University of Central Florida), DaeHun Nyang (Inha University)

Fraud De-Anonymization For Fun and Profit
Nestor Hernandez (Florida International University), Mizanur Rahman (Florida International University), Ruben Recabarren (Florida International University), Bogdan Carbunar (Florida International University)

Tuesday, October 16, 13:30-15:10

Side Channels (201 ABC)

Session Chair: Fengwei Zhang

Unveiling Hardware-based Data Prefetcher, a Hidden Source of Information Leakage
Youngjoo Shin (Kwangwoon University), Hyung Chan Kim (The Affiliated Institute of ETRI), Dokeun Kwon (The Affiliated Institute of ETRI), Ji Hoon Jeong (The Affiliated Institute of ETRI), Junbeom Hur (Korea University)

Ohm’, s Law in Data Centers: A Voltage Side Channel for Timing Power Attacks
Mohammad A. Islam (UC Riverside), Shaolei Ren (UC Riverside)

Screaming Channels: When Electromagnetic Side Channels Meet Radio Transceivers
Giovanni Camurati (EURECOM, France), Sebastian Poeplau (EURECOM, France), Marius Muench (EURECOM, France), Tom Hayes (EURECOM, France), Aurélien Francillon (EURECOM, France)

Nemesis: Studying Microarchitectural Timing Leaks in Rudimentary CPU Interrupt Logic
Jo Van Bulck (imec-DistriNet KU Leuven), Frank Piessens (imec-DistriNet KU Leuven), Raoul Strackx (imec-DistriNet KU Leuven)

Differential Privacy 1 (202 AB)

Session Chair: Nikita Borisov

Utility-aware synthesis of differentially private and attack-resilient location traces
Mehmet Emre Gursoy (Georgia Institute of Technology), Ling Liu (Georgia Institute of Technology), Stacey Truex (Georgia Institute of Technology), Lei Yu (Georgia Institute of Technology), Wenqi Wei (Georgia Institute of Technology)

CALM: Consistent Adaptive Local Marginal for Marginal Release under Local Differential Privacy
Zhikun Zhang (Zhejiang University), Tianhao Wang (Purdue University), Ninghui Li (Purdue University), Shibo He (Zhejiang University), Jiming Chen (Zhejiang University)

MVG Mechanism: Differential Privacy under Matrix-Valued Query
Thee Chanyaswad (Princeton University), Alex Dytso (Princeton University), H. Vincent Poor (Princeton University), Prateek Mittal (Princeton University)

Tight on Budget? Tight Bounds for r-Fold Approximate Differential Privacy
Sebastian Meiser (University College London), Esfandiar Mohammadi (ETH Zurich, Switzerland)

Crypto Attacks (203 AB)

Session Chair: Cas Cremers

Practical state recovery attacks against legacy RNG implementations
Shaanan Cohney (University of Pennsylvania), Matthew D. Green (Johns Hopkins University), Nadia Heninger (University of Pennsylvania)

Prime and Prejudice: Primality Testing Under Adversarial Conditions
Martin R. Albrecht (Royal Holloway, University of London), Jake Massimo (Royal Holloway, University of London), Kenneth G. Paterson (Royal Holloway, University of London), Juraj Somorovsky (Ruhr-Universität Bochum)

Release the Kraken: New KRACKs in the 802.11 Standard
Mathy Vanhoef (imec-DistriNet, KU Leuven), Frank Piessens (imec-DistriNet, KU Leuven)

Pump up the Volume: Practical Database Reconstruction from Volume Leakage on Range Queries
Paul Grubbs (Cornell Tech, RHUL), Marie-Sarah Lacharité (RHUL), Brice Minaud (RHUL), Kenneth G. Paterson (RHUL)

ML 1 (204 ABC)

Session Chair: Battista Biggio

Yet Another Text Captcha Solver: A Generative Adversarial Network Based Approach
Guixin Ye (Northwest University), Zhanyong Tang (Northwest University), Dingyi Fang (Northwest University), Zhanxing Zhu (Peking University), Yansong Feng (Peking University), Pengfei Xu (Northwest University), Xiaojiang Chen (Northwest University), Zheng Wang (Lancaster University)

Model-Reuse Attacks on Learning Systems
Yujie Ji (Lehigh University), Xinyang Zhang (Lehigh University), Shouling Ji (Zhejiang University), Xiapu Luo (The Hong Kong Polytechnic University), Ting Wang (Lehigh University)

LEMNA: Explaining Deep Learning based Security Applications
Wenbo Guo (The Pennsylvania State University), Dongliang Mu (The Pennsylvania State University), Jun Xu (The Pennsylvania State University), Purui Su (Chinese Academy of Sciences), Gang Wang (Virginia Tech), Xinyu Xing (The Pennsylvania State University)

Effective Program Debloating via Reinforcement Learning
Kihong Heo (University of Pennsylvania), Woosuk Lee (University of Pennsylvania, Hanyang University), Pardis Pashakhanloo (University of Pennsylvania), Mayur Naik (University of Pennsylvania)

Tuesday, October 16, 15:40-17:20

Binary Analysis (201 ABC)

Session Chair: Stefan Nürnberger

Towards Paving the Way for Large-Scale Windows Malware Analysis: Generic Binary Unpacking with Orders-of-Magnitude Performance Boost
Binlin Cheng (Wuhan University &, Hubei Normal University), Jiang Ming (University of Texas at Arlington), Jianming Fu (Wuhan University), Guojun Peng (Wuhan University), Ting Chen (University of Electronic Science and Technology of China), Xiaosong Zhang (University of Electronic Science and Technology of China), Jean-Yves Marion (LORIA)

Pinpointing Insecure Cryptographic Keys from Execution Traces
Juanru Li (Shanghai Jiao Tong University), Zhiqiang Lin (Ohio State University), Juan Caballero (IMDEA Software Institute), Yuanyuan Zhang (Shanghai Jiao Tong University), Dawu Gu (Shanghai Jiao Tong University)

Using Logic Programming to Recover C++ Classes and Methods from Compiled Executables
Edward J. Schwartz (Carnegie Mellon University), Cory Cohen (Carnegie Mellon University), Jeff Havrilla (Carnegie Mellon University), Jeff Gennari (Carnegie Mellon University), Charles Hines (Carnegie Mellon University), Michael Duggan (Carnegie Mellon University)

VMHunt: A Verifiable Approach to Partial-Virtualized Binary Code Simplification
Dongpeng Xu (The Pennsylvania State University), Jiang Ming (University of Texas at Arlington), Yu Fu (The Pennsylvania State University), Dinghao Wu (The Pennsylvania State University)

Differential Privacy 2 (202 AB)

Session Chair: Gilles Barthe

Preserving Both Privacy and Utility in Network Trace Anonymization
Meisam Mohammady (Concordia institute for information systems engineering), Lingyu Wang (Concordia institute for information systems engineering), Yuan Hong (Illinois Institute of Technology), Habib Louafi (Ericsson Research Security), Makan Pourzandi (Ericsson Research Security), Mourad Debbabi (Concordia institute for information systems engineering)

Toward Detecting Violations of Differential Privacy
Ding Ding (Pennsylvania State Univerisity), Yuxin Wang (Pennsylvania State Univerisity), Guanhong Wang (Pennsylvania State Univerisity), Danfeng Zhang (Pennsylvania State Univerisity), Daniel Kifer (Pennsylvania State Univerisity)

Secure Computation with Differentially Private Access Patterns
Sahar Mazloom (George Mason University), S. Dov Gordon (George Mason University)

DP-Finder: Finding Differential Privacy Violations by Sampling and Optimization
Benjamin Bichsel (ETH Zürich), Timon Gehr (ETH Zürich), Dana Drachsler Cohen (ETH Zürich), Petar Tsankov (ETH Zürich), Martin Vechev (ETH Zürich)

Crypto: ZKPs & Lattices (203 AB)

Session Chair: Yan Huang

Improved Non-Interactive Zero Knowledge with Applications to Post-Quantum Signatures
Jonathan Katz (University of Maryland), Vladimir Kolesnikov (Georgia Tech), Xiao Wang (University of Maryland)

Symbolic Proofs for Lattice-Based Cryptography
Gilles Barthe (IMDEA Software Institute), Xiong Fan (Cornell University), Joshua Gancher (Cornell University), Benjamin Grégoire (INRIA), Charlie Jacomme (LSV &, CNRS &, ENS Paris-Saclay &, Inria &, Université Paris-Saclay), Elaine Shi (Cornell University)

Lattice-Based zk-SNARKs from Square Span Programs
Michele Orru (ENS, Inria), Michele Minelli (ENS, Inria), Rosario Gennaro (City College of New York), Anca Nitulescu (ENS, Inria)

Lattice-Based Group Signatures and Zero-Knowledge Proofs of Automorphism Stability
Rafael del Pino (ENS and IBM Research – Zurich), Vadim Lyubashevsky (IBM Research – Zurich), Gregor Seiler (ETH and IBM Research – Zurich)

ML 2 (204 ABC)

Session Chair: Neil Gong

Tiresias: Predicting Security Events Through Deep Learning
Yun Shen (Symantec), Enrico Mariconti (University College London), Pierre-Antoine Vervier (Symantec), Gianluca Stringhini (University College London)

DeepMem: Learning Graph Neural Network Models for Fast and Robust Memory Forensic Analysis
Wei Song (UC Riverside), Heng Yin (UC Riverside), Chang Liu (UC Berkeley), Dawn Song (UC Berkeley)

Property Inference Attacks on Deep Neural Networks using Permutation Invariant Representations
Karan Ganju (University of Illinois at Urbana-Champaign), Qi Wang (University of Illinois at Urbana-Champaign), Wei Yang (University of Illinois at Urbana-Champaign), Carl Gunter (University of Illinois at Urbana-Champaign), Nikita Borisov (University of Illinois at Urbana-Champaign)

Machine Learning with Membership Privacy using Adversarial Regularization
Milad Nasr (UMass), Reza Shokri (NUS), Amir Houmansadr (UMass)

Wednesday, October 17, 9:00-10:30

Keynote: Shai Halevi, IBM

Advanced Cryptography: Promise and Challenges

I will discuss “advanced cryptography”, namely cryptographic techniques beyond communication security, including things like zero knowledge, secure multi-party computation, homomorphic encryption, and the like. I will make the case that advanced cryptography is (a) needed, (b) fast enough to be useful, and (c) Not “generally usable” yet.

Dr. Shai Halevi is a Principal Research Staff Member at IBM T.J. Watson Research Center, focusing on advanced cryptographic techniques such as homomorphic encryption, cryptographic code obfuscation, and secure computation. He is a fellow and a board member of the IACR, and the recipient of the 2017 ACM-SIGSAC Outstanding Innovation Award and several best-paper awards. Shai also wrote the HElib library for homomorphic encryption.

Wednesday, October 17, 11:10-12:00

SDN 2 (201 ABC)

Session Chair: Brad Reaves

Cross-App Poisoning in Software-Defined Networking
Benjamin E. Ujcich (University of Illinois at Urbana-Champaign), Samuel Jero (MIT Lincoln Laboratory), Anne Edmundson (Princeton University), Qi Wang (University of Illinois at Urbana-Champaign), Richard Skowyra (MIT Lincoln Laboratory), James Landry (MIT Lincoln Laboratory), Adam Bates (University of Illinois at Urbana-Champaign), William H. Sanders (University of Illinois at Urbana-Champaign), Cristina Nita-Rotaru (Northeastern University), Hamed Okhravi (MIT Lincoln Laboratory)

AIM-SDN: Attacking Information Mismanagement in SDN-datastores
Vaibhav Hemant Dixit (Arizona State University), Adam Doupé (Arizona State University), Yan Shoshitaishvili (Arizona State University), Ziming Zhao (Arizona State University), Gail-Joon Ahn (Arizona State University & Samsung Research)

Secure Computation 1 (202 AB)

Session Chair: Jonathan Katz

Fast Secure Computation for Small Population over the Internet
Megha Byali (Indian institute of Science, India), Arun Joseph (Indian institute of Science, India), Arpita Patra (Indian institute of Science, India), Divya Ravi (Indian institute of Science, India)

An End-to-End System for Large Scale P2P MPC-as-a-Service and Low-Bandwidth MPC for Weak Participants
Assi Barak (Bar-Ilan University), Martin Hirt (ETH Zurich), Lior Koskas (Bar-Ilan University), Yehuda Lindell (Bar-Ilan University)

Blockchain 1 (203 AB)

Session Chair: Rosario Gennaro

The Gap Game
Itay Tsabary (Technion), Ittay Eyal (Technion)

A better method to analyze blockchain consistency
Lucianna Kiffer (Northeastern University), Abhi Shelat (Northeastern University), Rajmohan Rajaraman (Northeastern University)

Encrypted Search & Computation 1 (204 ABC)

Session Chair: Ryan Henry

Result Pattern Hiding Searchable Encryption for Conjunctive Queries
Shangqi Lai (Monash University/Data 61, CSIRO), Sikhar Patranabis (Indian Institute of Technology Kharagpur), Amin Sakzad (Monash University), Joseph Liu (Monash University), Debdeep Mukhopadhyay (Indian Institute of Technology Kharagpur), Ron Steinfeld (Monash University), Shifeng Sun (Monash University/Data 61, CSIRO), Dongxi Liu (Data 61, CSIRO), Cong Zuo (Monash University/Data 61, CSIRO)

Practical Backward-Secure Searchable Encryption from Symmetric Puncturable Encryption
Shi-Feng Sun (Monash University/Data 61, CSIRO), Xingliang Yuan (Monash University), Joseph Liu (Monash University), Ron Steinfeld (Monash University), Amin Sakzad (Monash University), Viet Vo (Monash University/Data 61, CSIRO), Surya Nepal (Data 61, CSIRO)

Wednesday, October 17, 13:30-15:10

Cyberphysical Systems (201 ABC)

Session Chair: Nils Ole Tippenhauer

Scission: Signal Characteristic-Based Sender Identification and Intrusion Detection in Automotive Networks
Marcel Kneib (Bosch Engineering GmbH), Christopher Huth (Robert Bosch GmbH)

Detecting Attacks Against Robotic Vehicles: A Control Invariant Approach
Hongjun Choi (Purdue University), Wen-Chuan Lee (Purdue University), Yousra Aafer (Purdue University), Fan Fei (Purdue University), Zhan Tu (Purdue University), Xiangyu Zhang (Purdue University), Dongyan Xu (Purdue University), Xinyan Deng (Purdue University)

Truth Will Out: Departure-Based Process-Level Detection of Stealthy Attacks on Control Systems
Wissam Aoudi (Chalmers University of Technology), Mikel Iturbe (Mondragon University), Magnus Almgren (Chalmers University of Technology)

On the Safety of IoT Device Physical Interaction Control
Wenbo Ding (Clemson University), Hongxin Hu (Clemson University)

Secure Computation 2 (202 AB)

Session Chair: Kenny Paterson

HyCC: Compilation of Hybrid Protocols for Practical Secure Computation
Niklas Büscher (TU Darmstadt), Daniel Demmler (TU Darmstadt), Stefan Katzenbeisser (TU Darmstadt), David Kretzmer (TU Darmstadt), Thomas Schneider (TU Darmstadt)

nanoPI: Extreme-Scale Actively-Secure Multi-Party Computation
Ruiyu Zhu (Indiana University), Darion Cassel (Carnegie Mellon University), Amr Sabry (Indiana University), Yan Huang (Indiana University)

Generalizing the SPDZ Compiler For Other Protocols
Toshinori Araki (NEC), Assi Barak (Bar-Ilan University), Jun Furukawa (NEC Israel Research Center), Marcel Keller (Data61), Yehuda Lindell (Bar-Ilan University), Kazuma Ohara (NEC), Hikaru Tsuchida (NEC)

Compressing Vector OLE
Elette Boyle (IDC, Israel), Geoffroy Couteau (KIT, Germany), Niv Gilboa (Ben Gurion University, Israel), Yuval Ishai (Technion, Israel)

Blockchain 2 (203 AB)

Session Chair: Rosario Gennaro

Ouroboros Genesis: Composable Proof-of-Stake Blockchains with Dynamic Availability
Christian Badertscher (ETH Zurich), Peter Gazi (IOHK), Aggelos Kiayias (University of Edinburgh and IOHK), Alexander Russell (University of Connecticut), Vassilis Zikas (University of Edinburgh and IOHK)

RapidChain: Fast Blockchain Consensus via Full Sharding
Mahdi Zamani (Visa Research), Mahnush Movahedi (Dfinity), Mariana Raykova (Yale University)

General State Channel Networks
Stefan Dziembowski (University of Warsaw), Sebastian Faust (TU Darmstadt), Kristina Hostáková (TU Darmstadt)

FairSwap: How to fairly exchange digital goods
Stefan Dziembowski (University of Warsaw), Lisa Eckey (TU Darmstadt), Sebastian Faust (TU Darmstadt)

Encrypted Search & Computation 2 (204 ABC)

Session Chair: Ryan Henry

Secure Search via Sketching for Homomorphic Encryption
Adi Akavia (The Academic College of Tel Aviv Jaffa), Dan Feldman (The University of Haifa), Hayim Shaul (The University of Haifa and MIT)

Private Stateful Information Retrieval
Sarvar Patel (Google), Giuseppe Persiano (Google and University of Salerno), Kevin Yeo (Google)

ALCHEMY: A Language and Compiler for Homomorphic Encryption Made easY
Eric Crockett (Amazon), Chris Peikert (University of Michigan), Chad Sharp (University of Michigan)

New Constructions for Forward and Backward Private Symmetric Searchable Encryption
Javad Ghareh Chamani (Hong Kong University of Science and Technology &, Sharif University of Technology), Dimitrios Papadopoulos (Hong Kong University of Science and Technology), Charalampos Papamanthou (University of Maryland), Rasool Jalili (Sharif Univesity of Technology)

Wednesday, October 17, 15:40-17:20

IoT Security (201 ABC)

Session Chair: Yuqiong Sun

Situational Access Control in the Internet of Things
Roei Schuster (Cornell Tech, Tel Aviv University), Vitaly Shmatikov (Cornell Tech), Eran Tromer (Columbia University, Tel Aviv University)

HoMonit: Monitoring Smart Home Apps from Encrypted Traffic
Wei Zhang (Shanghai Jiao Tong University), Yan Meng (Shanghai Jiao Tong University), Yugeng Liu (Shanghai Jiao Tong University), Xiaokuan Zhang (The Ohio State University), Yinqian Zhang (The Ohio State University), Haojin Zhu (Shanghai Jiao Tong University)

Pinto: Enabling Video Privacy for Commodity IoT Cameras
Hyunwoo Yu (Hanyang University), Jaemin Lim (Hanyang University), Kiyeon Kim (Hanyang University), Suk-Bok Lee (Hanyang University)

If This Then What? Controlling Flows in IoT Apps
Iulia Bastys (Chalmers University of Technology), Musard Balliu (KTH Royal Institute of Technology), Andrei Sabelfeld (Chalmers University of Technology)

Crypto 1 (203 AB)

Session Chair: Jonathan Katz

Fast Multiparty Threshold ECDSA with Fast Trustless Setup
Rosario Gennaro (City College of New York), Steven Goldfeder (Princeton University)

On the Security of the PKCS#1 v1.5 Signature Scheme
Tibor Jager (Paderborn University), Saqib A. Kakvi (Paderborn University), Alexander May (Ruhr-University Bochum)

Secure Outsourced Matrix Computation and Application to Neural Networks
Xiaoqian Jiang (University of Texas, Health Science Center), Miran Kim (University of Texas, Health Science Center), Kristin Lauter (Microsoft Research), Yongsoo Song (University of California, San Diego)

Labeled PSI from Fully Homomorphic Encryption with Malicious Security
Hao Chen (Microsoft Research), Zhicong Huang (EPFL), Kim Laine (Microsoft Research), Peter Rindal (Oregon State University)

Usable Security (204 ABC)

Session Chair: Joshua Schiffman

Asking for a Friend: Evaluating Response Biases in Security User Studies
Elissa M. Redmiles (University of Maryland), Ziyun Zhu (University of Maryland), Sean Kross (University of California San Diego), Dhruv Kuchhal (Maharaja Agrasen Institute of Technology), Tudor Dumitras (University of Maryland), Michelle L. Mazurek (University of Maryland)

Towards Usable Checksums: Automating the Integrity Verification of Web Downloads for the Masses
Mauro Cherubini (UNIL – HEC Lausanne), Alexandre Meylan (UNIL – HEC Lausanne), Bertil Chapuis (UNIL – HEC Lausanne), Mathias Humbert (Swiss Data Science Center, ETH Zurich and EPFL), Igor Bilogrevic (Google Inc.), Kévin Huguenin (UNIL – HEC Lausanne)

Investigating System Operators’ Perspective on Security Misconfigurations
Constanze Dietrich (Berliner Hochschule für Technik), Katharina Krombholz (CISPA Helmholtz Center (i.G.)), Kevin Borgolte (Princeton University), Tobias Fiebig (TU Delft)

Detecting User Experience Issues of the Tor Browser In The Wild
Kevin Gallagher (New York University), Sameer Patil (Indiana University Bloomington), Brendan Dolan-Gavitt (New York University), Damon McCoy (New York University), Nasir Memon (New York University)

Mobile Security 1 (202 AB)

Session Chair: Sven Bugiel

ClickShield: Are You Hiding Something? Towards Eradicating Clickjacking on Android
Andrea Possemato (EURECOM), Andrea Lanzi (Universita’, degli Studi di Milano), Simon Pak Ho Chung (Georgia Institute of Technology), Wenke Lee (Georgia Institute of Technology), Yanick Fratantonio (EURECOM)

JN-SAF: Precise and Efficient NDK/JNI-aware Inter-language Static Analysis Framework for Security Vetting of Android Applications with Native Code
Fengguo Wei (University of South Florida), Xingwei Lin (University of Electronic Science and Technology of China), Xinming Ou (University of South Florida), Ting Chen (University of Electronic Science and Technology of China), Xiaosong Zhang (University of Electronic Science and Technology of China)

Precise Android API Protection Mapping Derivation and Reasoning
Yousra Aafer (Purdue University), Guanhong Tao (Purdue University), Jianjun Huang (Renmin University of China), Xiangyu Zhang (Purdue University), Ninghui Li (Purdue University)

Invetter: Locating Insecure Input Validations in Android Services
Lei Zhang (Fudan University), Zhemin Yang (Fudan University), Yuyu He (Fudan University), Zhenyu Zhang (Fudan University), Zhiyun Qian (University of Califormia Riverside), Geng Hong (Fudan University), Yuan Zhang (Fudan University), Min Yang (Fudan University)

Wednesday, October 17, 17:20-18:30

Panel: A Discussion on Security Education in Academia


  • Kevin Butler, University of Florida
  • Robert K. Cunningham, CMU Software Engineering Institute
  • Paul C. van Oorschot, Carleton University
  • Reihaneh Safavi-Naini, University of Calgary


  • Ashraf Matrawy, Carleton University
  • Jeremy Clark, Concordia University

Thursday, October 18, 09:00-10:15

Forensics (201 ABC)

Session Chair: Sadia Afroz

PrinTracker: Fingerprinting 3D Printers using Commodity Scanners
Zhengxiong Li (SUNY University at Buffalo), Aditya Singh Rathore (SUNY University at Buffalo), Chen Song (SUNY University at Buffalo), Wenyao Xu (SUNY University at Buffalo), Sheng Wei (Rutgers University), Yanzhi Wang (Northeastern University)

NodeMerge: Template Based Efficient Data Reduction For Big-Data Causality Analysis
Yutao Tang (College of William and Mary), Ding Li (NEC Laboratories America Inc), Zhichun Li (NEC Laboratories America Inc), Mu Zhang (Cornell University), Kangkook Jee (NEC Laboratories America Inc), Xusheng Xiao (Case Western Reserve University), Zhenyu Wu (NEC Laboratories America Inc), Junghwan Rhee (NEC Laboratories America Inc), Fengyuan Xu (Nanjing University), Qun Li (College of William and Mary)

EviHunter: Identifying Digital Evidence in the Permanent Storage of Android Devices via Static Analysis
Chris Chao-Chun Cheng (Iowa State University), Chen Shi (Iowa State University), Neil Zhenqiang Gong (Iowa State University), Yong Guan (Iowa State University)

Formal Methods & Language Security (202 AB)

Session Chair: Andrei Sabelfeld

When Good Components Go Bad: Formally Secure Compilation Despite Dynamic Compromise
Carmine Abate (Inria Paris and University of Trento), Arthur Azevedo de Amorim (Carnegie Mellon University), Roberto Blanco (Inria Paris), Ana Nora Evans (Inria Paris and University of Virginia), Guglielmo Fachini (Inria Paris), Catalin Hritcu (Inria Paris), Théo Laurent (Inria Paris and ENS Paris), Benjamin C. Pierce (University of Pennsylvania), Marco Stronati (Inria Paris), Andrew Tolmach (Portland State University)

Towards Verified, Constant-time Floating Point Operations
Marc Andrysco (University of California, San Diego), Andres Noetzli (Stanford), Fraser Brown (Stanford), Ranjit Jhala (University of California, San Diego), Deian Stefan (University of California, San Diego)

Formal Analysis of 5G Authentication
David Basin (ETH Zurich), Jannik Dreier (Universite de Lorraine, CNRS, Inria, LORIA), Lucca Hirschi (ETH Zurich), Sasa Radomirovic (University of Dundee), Ralf Sasse (ETH Zurich), Vincent Stettler (ETH Zurich)

TLS (203 AB)

Session Chair: Ehab Al-Shaer

Pseudo Constant Time Implementations of TLS Are Only Pseudo Secure
Eyal Ronen (Weizmann Institute of Science), Kenny Paterson (Royal Holloway, University of London), Adi Shamir (Weizmann Institute of Science)

Partially specified channels: The TLS 1.3 record layer without elision
Christopher Patton (University of Florida), Thomas Shrimpton (University of Florida)

The Multi-user Security of GCM, Revisited: Tight Bounds for Nonce Randomization
Viet Tung Hoang (Florida State University), Stefano Tessaro (University of California Santa Barbara), Aishwarya Thiruvengadam (University of California Santa Barbara)

Binary Defenses 1 (204 ABC)

Session Chair: Michael Franz

Lord of the x86 Rings: A Portable User Mode Privilege Separation Architecture on x86
Hojoon Lee (CISPA Helmholtz Center i.G.), Chihyun Song (KAIST), Brent Byunghoon Kang (KAIST)

Milkomeda: Safeguarding the Mobile GPU Interface Using WebGL’s Security Checks
Zhihao Yao (UC Irvine), Saeed Mirzamohammadi (UC Irvine), Ardalan Amiri Sani (UC Irvine), Mathias Payer (EPFL and Purdue University)

Enforcing Unique Code Target Property for Control-Flow Integrity
Hong Hu (Georgia Institute of Technology), Chenxiong Qian (Georgia Institute of Technology), Carter Yagemann (Georgia Institute of Technology), Simon Pak Ho Chung (Georgia Institute of Technology), Bill Harris (Georgia Institute of Technology), Taesoo Kim (Georgia Institute of Technology), Wenke Lee (Georgia Institute of Technology)

Thursday, October 18, 10:45-12:00

Web Security 1 (201 ABC)

Session Chair: Adam Doupé

Predicting Impending Exposure to Malicious Content from User Behavior
Mahmood Sharif (Carnegie Mellon University), Jumpei Urakawa (KDDI Research), Nicolas Christin (Carnegie Mellon University), Ayumu Kubota (KDDI Research), Akira Yamada (KDDI Research)

Clock Around the Clock: Time-Based Device Fingerprinting
Iskander Sanchez-Rola (Deustotech, University of Deusto), Igor Santos (Deustotech, University of Deusto), Davide Balzarotti (Eurecom)

Web’s Sixth Sense: A Study of Scripts Accessing Smartphone Sensors
Anupam Das (Carnegie Mellon University), Gunes Acar (Princeton University), Nikita Borisov (University of Illinois at Urbana-Champaign), Amogh Pradeep (Northeastern University)

Usable Passwords (202 AB)

Session Chair: Katharina Krombholz

Reinforcing System-Assigned Passphrases Through Implicit Learning
Zeinab Joudaki (University of Ontario Institute of Technology), Julie Thorpe (University of Ontario Institute of Technology), Miguel Vargas Martin (University of Ontario Institute of Technology)

“What was that site doing with my Facebook password?”, Designing Password-Reuse Notifications
Maximilian Golla (Ruhr-University Bochum), Miranda Wei (University of Chicago), Juliette Hainline (University of Chicago), Lydia Filipe (University of Chicago), Markus Dürmuth (Ruhr-University Bochum), Elissa M. Redmiles (University of Maryland), Blase Ur (University of Chicago)

On the Accuracy of Password Strength Meters
Maximilian Golla (Ruhr-University Bochum), Markus Dürmuth (Ruhr-University Bochum)

Information Flow (203 AB)

Session Chair: Yinzhi Cao

HyperFlow: A High-Assurance Processor Architecture for Practical Timing-Safe Information Flow Security
Andrew Ferraiuolo (Cornell University), Yuqi Zhao (Cornell University), Andrew C. Myers (Cornell University), G. Edward Suh (Cornell University)

Runtime Analysis of Whole-System Provenance
Thomas Pasquier (University of Cambridge), Xueyuan Han (Harvard University), Thomas Moyer (UNC Charlotte), Adam Bates (University of Illinois at Urbana-Champaign), Olivier Hermant (MINES ParisTech, PSL Research University), David Eyers (University of Otago), Jean Bacon (University of Cambridge), Margo Seltzer (Harvard University)

Faceted Secure Multi Execution
Thomas Schmitz (University of California, Santa Cruz), Maximilian Algehed (Chalmers University of Technology), Cormac Flanagan (University of California, Santa Cruz), Alejandro Russo (Chalmers University of Technology)

Binary Defenses 2 (204 ABC)

Session Chair: Lorenzo Cavallaro

A Robust and Efficient Defense against Use-after-Free Exploits via Concurrent Pointer Sweeping
Daiping Liu (University of Delaware), Mingwei Zhang (Intel Labs), Haining Wang (University of Delaware)

An Exploratory Analysis of Microcode as a Building Block for System Defenses
Benjamin Kollenda (Ruhr-Universität Bochum), Philipp Koppe (Ruhr-Universität Bochum), Marc Fyrbiak (Ruhr-Universität Bochum), Christian Kison (Ruhr-Universität Bochum), Christof Paar (Ruhr-Universität Bochum), Thorsten Holz (Ruhr-Universität Bochum)

Debin: Predicting Debug Information in Stripped Binaries
Jingxuan He (ETH Zurich), Pesho Ivanov (ETH Zurich), Petar Tsankov (ETH Zurich), Veselin Raychev (ETH Zurich), Martin Vechev (ETH Zurich)

Thursday, October 18, 13:30-15:10

Web Security 2 (201 ABC)

Session Chair: Ben Stock

Mystique: Uncovering Information Leakage from Browser Extensions
Quan Chen (North Carolina State University), Alexandros Kapravelos (North Carolina State University)

How You Get Bullets in Your Back: A Systematical Study about Cryptojacking in Real-world
Geng Hong (Fudan University), Zhemin Yang (Fudan University), Sen Yang (Fudan University), Lei Zhang (Fudan University), Yuhong Nan (Fudan University), Zhibo Zhang (Fudan University), Min Yang (Fudan University), Yuan Zhang (Fudan University), Zhiyun Qian (UC Riverside), Haixin Duan (Tsinghua University)

MineSweeper: An In-depth Look into Drive-by Cryptocurrency Mining and Its Defense
Radhesh Krishnan Konoth (Vrije Universiteit Amsterdam), Emanuele Vineti (Vrije Universiteit Amsterdam), Veelasha Moonsamy (Utrecht University), Martina Lindorfer (TU Wien), Christopher Kruegel (UC Santa Barbara), Herbert Bos (Vrije Universiteit Amsterdam), Giovanni Vigna (UC Santa Barbara)

Pride and Prejudice in Progressive Web Apps: Abusing Native App-like Features in Web Applications
Jiyeon Lee (KAIST), Hayeon Kim (KAIST), Junghwan Park (KAIST), Insik Shin (KAIST), Sooel Son (KAIST)

Mobile Security 2 (202 AB)

Session Chair: Gianluca Stringhini

No Training Hurdles: Fast Training-Agnostic Attacks to Infer Your Typing
Song Fang (University of South Florida), Ian Markwood (University of South Florida), Yao Liu (University of South Florida), Shangqing Zhao (University of South Florida), Zhuo Lu (University of South Florida), Haojin Zhu (Shanghai Jiao Tong University)

Lawful Device Access without Mass Surveillance Risk: A Technical Design Discussion
Stefan Savage (UC San Diego)

PatternListener: Cracking Android Pattern Lock Using Acoustic Signals
Man Zhou (Wuhan University), Qian Wang (Wuhan University), Jingxiao Yang (Wuhan University), Qi Li (Tsinghua University), Feng Xiao (Wuhan University), Zhibo Wang (Wuhan University), Xiaofeng Chen (Xidian University)

Phishing Attacks on Modern Android
Alessio Merlo (University of Genoa), Simone Aonzo (University of Genoa), Giulio Tavella (University of Genoa), Yanick Fratantonio (EURECOM)

Crypto 2 (203 AB)

Session Chair: Yan Huang

On Ends-to-Ends Encryption: Asynchronous Group Messaging with Strong Security Guarantees
Katriel Cohn-Gordon (University of Oxford), Cas Cremers (CISPA Helmholtz Center (i.G.)), Luke Garratt (University of Oxford), Jon Millican (Facebook), Kevin Milner (University of Oxford)

Bandwidth-Hard Functions: Reductions and Lower Bounds
Jeremiah Blocki (Purdue), Ling Ren (MIT), Samson Zhou (Purdue)

Fast Secure Multiparty ECDSA with Practical Distributed Key Generation and Applications to Cryptocurrency Custody
Yehuda Lindell (Bar-Ilan University), Ariel Nof (Bar-Ilan University)

TACHYON: Fast Signatures from Compact Knapsack
Rouzbeh Behnia (Oregon State University), Muslum Ozgur Ozmen (Oregon State University), Attila A. Yavuz (Oregon State University), Mike Rosulek (Oregon State University)

Vulnerability Detection (204 ABC)

Session Chair: Tudor Dumitras

Block Oriented Programming: Automating Data-Only Attacks
Kyriakos Ispoglou (Purdue University, West Lafayette), Bader AlBassam (Purdue University, West Lafayette), Trent Jaeger (Pennsylvania State University), Mathias Payer (EPFL and Purdue University)

Threat Intelligence Computing
Xiaokui Shu (IBM Research), Frederico Araujo (IBM Research), Douglas Schales (IBM Research), Marc Stoecklin (IBM Research), Jiyong Jang (IBM Research), Heqing Huang (IBM Research), Josyula Rao (IBM Research)

Check it Again: Detecting Lacking-Recheck Bugs in OS Kernels
Wenwen Wang (University of Minnesota, Twin Cities), Kangjie Lu (University of Minnesota, Twin Cities), Pen-Chung Yew (University of Minnesota, Twin Cities)

Revery: from Proof-of-Concept to Exploitable (One Step towards Automatic Exploit Generation)
Yan Wang (Institute of Information Engineering, Chinese Academy of Sciences), Chao Zhang (Institute for Network Sciences and Cyberspace, Tsinghua University), Xiaobo Xiang (Institute of Information Engineering, Chinese Academy of Sciences), Zixuan Zhao (Institute of Information Engineering, Chinese Academy of Sciences), Bingchang Liu (Institute of Information Engineering, Chinese Academy of Sciences), Wenjie Li (Institute of Information Engineering, Chinese Academy of Sciences), Xiaorui Gong (Institute of Information Engineering, Chinese Academy of Sciences), Kaixiang Chen (Institute for Network Sciences and Cyberspace, Tsinghua University), Wei Zou (Institute of Information Engineering, Chinese Academy of Sciences)

Thursday, October 18, 15:40-17:20

TOR (201 ABC)

Session Chair: Esfandiar Mohammadi

Deep Fingerprinting: Undermining Website Fingerprinting Defenses with Deep Learning
Payap Sirinam (Rochester Institute of Technology), Mohsen Imani (University of Texas at Arlington), Marc Juarez (imec-COSIC KU Leuven, Belgium), Matthew Wright (Rochester Institute of Technology)

Privacy-preserving Dynamic Learning of Tor Network Traffic
Rob Jansen (U.S. Naval Research Laboratory), Matthew Traudt (U.S. Naval Research Laboratory), Nicholas Hopper (University of Minnesota)

DeepCorr: Strong Flow Correlation Attacks on Tor Using Deep Learning
Milad Nasr (University of Massachusetts Amherst), Alireza Bahramali (University of Massachusetts Amherst), Amir Houmansadr (University of Massachusetts Amherst)

Measuring Information Leakage in Website Fingerprinting Attacks and Defenses
Shuai Li (University of Minnesota), Huajun Guo (University of Minnesota), Nicholas Hopper (University of Minnesota)

Protocols (202 AB)

Session Chair: Felix Günther

DISE: DIstributed Symmetric-key Encryption
Shashank Agrawal (Visa Research), Payman Mohassel (Visa Research), Pratyay Mukherjee (Visa Research), Peter Rindal (Oregon State University)

Mitigating Risk while Complying with Data Retention Laws
Luis Vargas (University of Florida), Gyan Hazarika (University of Florida), Rachel Culpepper (University of Richmond), Kevin Butler (University of Florida), Thomas Shrimpton (University of Florida), Doug Szajda (University of Richmond), Patrick Traynor (University of Florida)

BEAT: Asynchronous BFT Made Practical
Sisi Duan (University of Maryland, Baltimore County), Michael K. Reiter (University of North Carolina at Chapel Hill), Haibin Zhang (University of Maryland, Baltimore County)

PASTA: PASsword-based Threshold Authentication
Shashank Agrawal (Visa Research), Peihan Miao (University of California at Berkeley), Payman Mohassel (Visa Research), Pratyay Mukherjee (Visa Research)

Key Exchanges (203 AB)

Session Chair: Fengwei Zhang

Domain Validation ++ for MitM-Resilient PKI
Markus Brandt (Fraunhofer Institute for Secure Information Technology SIT), Tianxiang Dai (Fraunhofer Institute for Secure Information Technology SIT), Amit Klein (Fraunhofer Institute for Secure Information Technology SIT), Haya Shulman (Fraunhofer Institute for Secure Information Technology SIT), Michael Waidner (Fraunhofer Institute for Secure Information Technology SIT)

Secure Opportunistic Multipath Key Exchange
Sergiu Costea (ETH Zürich), Marios O. Choudary (University Politehnica of Bucharest), Doru Gucea (University Politehnica of Bucharest), Björn Tackmann (IBM Research – Zurich), Costin Raiciu (University Politehnica of Bucharest)

Fuzzing, Exploitation, & Side Channels (204 ABC)

Session Chair: Alexandros Kapravelos

Evaluating Fuzz Testing
George Klees (University of Maryland), Andrew Ruef (University of Maryland), Benji Cooper (University of Maryland), Shiyi Wei (University of Texas at Dallas), Michael Hicks (University of Maryland)

Hawkeye: Towards a Desired Directed Grey-box Fuzzer
Hongxu Chen (Nanyang Technological University), Yinxing Xue (University of Science and Technology of China), Yuekang Li (Nanyang Technological University), Bihuan Chen (Fudan University), Xiaofei Xie (Nanyang Technological University), Xiuheng Wu (Nanyang Technological University), Yang Liu (Nanyang Technological University)

ret2spec: Speculative Execution Using Return Stack Buffers
Giorgi Maisuradze (CISPA, Saarland University, Saarland Informatics Campus), Christian Rossow (CISPA, Saarland University, Saarland Informatics Campus)

Rendered Insecure: GPU side channel attacks are practical
Hoda Naghibijouybari (University of California, Riverside), Ajaya Neupane (University of California, Riverside), Zhiyun Qian (University of California, Riverside), Nael Abu-Ghazaleh (University of California, Riverside)