ACCEPTED PAPERS

ACM CCS 2020 - November 9-13, 2020

Lift-and-Shift: Obtaining Simulation Extractable Subversion and Updatable SNARKs Generically

Behzad Abdolmaleki (University of Tartu); Sebastian Ramacher (AIT Austrian Institute of Technology); Daniel Slamanig (AIT Austrian Institute of Technology)

Oracle simulation: a technique for protocol composition with long term shared secrets

Charlie Jacomme (LSV); Hubert Comon (LSV); Guillaume Scerri (Université Paris Saclay, UVSQ, Inria, DAVID)

PPE Circuits: Formal Definition to Software Automation

Susan Hohenberger (Johns Hopkins University); Satyanarayana Vusirikala (University of Texas at Austin); Brent Waters (University of Texas at Austin and NTT Research)

Gotta Catch’Em All: Using Honeypots to Catch Adversarial Attacks on Neural Networks

Shawn Shan (University of Chicago); Emily Wenger (University of Chicago); Bolun Wang (University of Chicago); Bo Li (UIUC); Haitao Zheng (University of Chicago); Ben Y. Zhao (University of Chicago)

A Qualitative Study of Dependency Management and Its Security Implications

Ivan Pashchenko (University of Trento, Italy); Duc Ly Vu (University of Trento, Italy); Fabio Massacci (University of Trento, Italy)

VisualPhishNet: Zero-Day Phishing Website Detection by Visual Similarity

Sahar Abdelnabi (CISPA Helmholtz Center for Information Security); Katharina Krombholz (CISPA Helmholtz Center for Information Security); Mario Fritz (CISPA Helmholtz Center for Information Security)

A Generic Technique for Automatically Finding Defense-Aware Code Reuse Attacks

Edward J. Schwartz (Carnegie Mellon University); Stephanie M. Schwartz (Millersville University); Cory Cohen (Carnegie Mellon University); Jeff Gennari (Carnegie Mellon University)

Security Analysis and Implementation of Relay-Resistant Contactless Payments

Ioana Boureanu (Univ. of Surrey, Surrey Centre for Cyber Security); Tom Chothia (University of Birmingham); Alexandre Debant (Univ Rennes, CNRS, IRISA); Stéphanie Delaune (Univ Rennes, CNRS, IRISA)

MuSig-DN: Two-Round Schnorr Multi-Signatures with Verifiably Deterministic Nonces

Jonas Nick (Blockstream); Tim Ruffing (Blockstream); Yannick Seurin (ANSSI, France); Pieter Wuille (Blockstream)

LEAF: A Faster Secure Search Algorithm via Localization, Extraction, and Reconstruction

Rui Wen (CISPA Helmholtz Center for Information Security); Yu Yu (Shanghai Jiao Tong University); Xiang Xie (Platon); Yang Zhang (CISPA Helmholtz Center for Information Security)

GAN-Leaks: A Taxonomy of Membership Inference Attacks against Generative Models

Dingfan Chen (CISPA Helmholtz Center for Information Security); Ning Yu (Max Planck Institute for Informatics); Yang Zhang (CISPA Helmholtz Center for Information Security); Mario Fritz (CISPA Helmholtz Center for Information Security)

DECO: Liberating Web Data Using Decentralized Oracles for TLS

Fan Zhang (Cornell); Sai Krishna Deepak Maram (Cornell Tech); Harjasleen Malvai (Cornell University); Steven Goldfeder (Cornell Tech); Ari Juels (Jacobs Institute, Cornell Tech)

PDiff: Semantic-based Patch Presence Testing for Downstream Kernels

Zheyue Jiang (Fudan University); Yuan Zhang (Fudan University); Jun Xu (Stevens Institute of Technology); Qi Wen (Fudan University); Zhenghe Wang (Fudan University); Xiaohan Zhang (Fudan University); Xinyu Xing (Pennsylvania State University); Min Yang (Fudan University); Zhemin Yang (Fudan University)

TEMPEST Comeback: A Realistic Audio Eavesdropping Threat on Mixed-signal SoCs

Jieun Choi (KAIST); Hae-Yong Yang (The Affiliated Institute of ETRI); Dong-Ho Cho (KAIST)

Private Summation in the Multi-Message Shuffle Model

Borja Balle (DeepMind); James Bell (The Alan Turing Institute); Adrià Gascón (Google); Kobbi Nissim (Georgetown University)

ACE: Asynchronous and Concurrent Execution of Complex Smart Contracts

Karl Wüst (ETH Zurich); Sinisa Matetic (ETH Zurich); Silvan Egli (ETH Zurich); Kari Kostiainen (ETH Zurich); Srdjan Capkun (ETH Zurich)

Pointproofs: Aggregating Proofs for Multiple Vector Commitments

Sergey Gorbunov (University of Waterloo); Leonid Reyzin (Algorand and Boston University); Hoeteck Wee (CNRS, ENS, PSL, and NTT Research); Zhenfei Zhang (Algorand)

Bypassing Tor Exit Blocking with Exit Bridge Onion Services

Zhao Zhang (Georgetown University); Micah Sherr (Georgetown University); Wenchao Zhou (Georgetown University)

InSpectre: Breaking and Fixing Microarchitectural Vulnerabilities by Formal Analysis

Roberto Guanciale (KTH Royal Institute of Technology); Musard Balliu (KTH Royal Institute of Technology); Mads Dam (KTH Royal Institute of Technology)

BDoS: Blockchain Denial-of-Service Attacks

Michael Mirkin (Technion); Yan Ji (Cornell Tech); Jonathan Pang (Cornell University); Ariah Klages-Mundt (Cornell University); Ittay Eyal (Technion); Ari Juels (Cornell Tech)

Methodologies for Quantifying (Re-)randomization Security and Timing under JIT-ROP

Md Salman Ahmed (Virginia Tech, Dept of Computer Science); Ya Xiao (Virginia Tech, Dept of Computer Science); Kevin Z. Snow (Zeropoint Dynamics); Gang Tan (Penn State University); Fabian Monrose (University of North Carolina-Chapel Hill); Danfeng (Daphne) Yao (Virginia Tech, Dept of Computer Science)

Cyber-Physical Inconsistency Vulnerability Identification for Safety Checks in Robotic Vehicles

Hongjun Choi (Purdue University); Sayali Kate (Purdue University); Yousra Aafer (University of Waterloo); Xiangyu Zhang (Purdue University); Dongyan Xu (Purdue University)

eThor: Practical and Provably Sound Static Analysis of Ethereum Smart Contracts

Clara Schneidewind (TU Wien); Markus Scherer (TU Wien); Ilya Grishchenko (TU Wien); Matteo Maffei (TU Wien)

Devil is Virtual: Reversing Virtual Inheritance in C++ Binaries

Rukayat Ayomide Erinfolami (Binghamton University); Aravind Prakash (Binghamton University)

Talking with Familiar Strangers: An Empirical Study on HTTPS Context Confusion Attacks

Mingming Zhang (Institute for Network Sciences and Cyberspace, Tsinghua University); Xiaofeng Zheng (Institute for Network Sciences and Cyberspace, Tsinghua University; QiAnXin Technology Research Institute.); Kaiwen Shen (Institute for Network Sciences and Cyberspace, Tsinghua University); Ziqiao Kong (QiAnXin Technology Research Institute); Chaoyi Lu (Institute for Network Sciences and Cyberspace, Tsinghua University); Yu Wang (Institute for Network Sciences and Cyberspace, Tsinghua University); Haixin Duan (Institute for Network Sciences and Cyberspace, Tsinghua University; QiAnXin Technology Research Institute.); Shuang Hao (University of Texas at Dallas); Baojun Liu (Department of Computer Science and Technology, Tsinghua University); Min Yang (Fudan University)

A Tale of Evil Twins: Adversarial Inputs versus Poisoned Models

Ren Pang (Penn State University); Hua Shen (Penn State University); Xinyang Zhang (Penn State University); Shouling Ji (Zhejiang University); Yevgeniy Vorobeychik (Washington University in St. Louis); Xiapu Luo (The Hong Kong Polytechnic University); Alex X. Liu (Ant Financial Services Group); Ting Wang (Penn State)

When the Differences in Frequency Domain are Compensated: Understanding and Defeating Modulated Replay Attacks on Automatic Speech Recognition

Shu Wang (George Mason University); Jiahao Cao (Tsinghua University); Xu He (George Mason University); Kun Sun (George Mason University); Qi Li (Tsinghua University)

Demystifying Resource Management Risks in Emerging Mobile App-in-App Ecosystems

Haoran Lu (Indiana University Bloomington); Luyi Xing (Indiana University Bloomington); Yifan Zhang (Indiana University Bloomington); Yue Xiao (Indiana University Bloomington); Xiaojing Liao (Indiana University Bloomington); XiaoFeng Wang (Indiana University Bloomington); Xueqiang Wang (Indiana University Bloomington)

Exaggerated Error Handling Hurts! An In-Depth Study and Context-Aware Detection

Aditya Pakki (University of Minnesota); Kangjie Lu (University of Minnesota)

Lies in the Air: Characterizing Fake-base-station Spam Ecosystem in China

Yiming Zhang (Beijing National Research Center for Information Science and Technology (BNRist), Tsinghua University; Department of Computer Science and Technology, Tsinghua University); Baojun Liu (Beijing National Research Center for Information Science and Technology (BNRist), Tsinghua University; Department of Computer Science and Technology, Tsinghua University; 360 Netlab); Chaoyi Lu (Institute for Network Sciences and Cyberspace, Tsinghua University; Beijing National Research Center for Information Science and Technology (BNRist), Tsinghua University; 360 Netlab); Zhou Li (University of California, Irvine); Haixin Duan (Institute for Network Sciences and Cyberspace, Tsinghua University; Beijing National Research Center for Information Science and Technology (BNRist), Tsinghua University; Qi An Xin Technology Research Institute); Shuang Hao (University of Texas at Dallas); Mingxuan Liu (Institute for Network Sciences and Cyberspace, Tsinghua University; Beijing National Research Center for Information Science and Technology (BNRist), Tsinghua University); Ying Liu (Institute for Network Sciences and Cyberspace, Tsinghua University); Dong Wang (360 Mobile Safe); Qiang Li (360 Mobile Safe)

Text Captcha Is Dead? A Large Scale Deployment and Empirical Study

Chenghui Shi (Zhejiang University); Shouling Ji (Zhejiang University); Qianjun Liu (Zhejiang University); Changchang Liu (IBM Research); Yuefeng Chen (Alibaba Group); Yuan He (Alibaba Group); Zhe Liu (Nanjing University of Aeronautics and Astronautics); Raheem Beyah (Georgia Institute of Technology); Ting Wang (Penn State)

R^2DP: A Universal and Automated Approach to Optimizing the Randomization Mechanisms of Differential Privacy for Utility Metrics with No Known Optimal Distributions

Meisam Mohammady (Concordia University); Shangyu Xie (Illinois Institute of Technology); Yuan Hong (Illinois Institute of Technology); Mengyuan Zhang (Ericsson Security Research); Lingyu Wang (Concordia University); Makan Pourzandi (Ericsson Security Research); Mourad Debbabi (Concordia University)

SQUIRREL: Testing Database Management Systems with Language Validity and Coverage Feedback

Rui Zhong (Pennsylvania State University); Yongheng Chen (GeorgiaTech); Hong Hu (GeorgiaTech); Hangfan Zhang (Nanjing University); Wenke Lee (GeorgiaTech); Dinghao Wu (Pennsylvania State University)

Blinder -- Scalable, Robust Anonymous Committed Broadcast

Avishay Yanai (Bar-Ilan University); Ittai Abraham (VMware Research); Benny Pinkas (VMware Research, Bar Ilan University)

Dumbo: Faster Asynchronous BFT Protocols

Bingyong Guo (Institute of Software, Chinese Academy of Sciences; State Key Laboratory of Cryptology; School of Computer Science and Technology, University of Chinese Academy of Sciences; JDD-NJIT-ISCAS Joint Blockchain Lab); Zhenliang Lu (New jersey institute of technology; JDD-NJIT-ISCAS Joint Blockchain Lab); Qiang Tang (New Jersey Institute of Technology; JDD-NJIT-ISCAS Joint Blockchain Lab); Jing Xu (Institute of Software, Chinese Academy of Sciences; JDD-NJIT-ISCAS Joint Blockchain Lab); Zhenfeng Zhang (Institute of Software, Chinese Academy of Sciences; JDD-NJIT-ISCAS Joint Blockchain Lab)

Verifiable Timed Signatures Made Practical

Sri AravindaKrishnan Thyagarajan (Friedrich Alexander Universität Erlangen-Nürnberg); Adithya Bhat (Purdue University); Giulio Malavolta (UC Berkeley); Nico Döttling (CISPA Helmholtz Center for Information Security); Aniket Kate (Purdue University); Dominique Schröder (Friedrich-Alexander Universität Erlangen-Nürnberg)

A Performant, Misuse-Resistant API for Primality Testing

Jake Massimo (Royal Holloway, University of London); Kenny Paterson (ETH Zurich)

TRUSTORE: Side-Channel Resistant Storage for SGX using Intel Hybrid CPU-FPGA

Hyunyoung Oh (Seoul National University); Adil Ahmad (Purdue University); Seonghyun Park (Seoul National University); Byoungyoung Lee (Seoul National University); Yunheung Paek (Seoul National University)

Threshold Password-Hardened Encryption Services

Julian Brost (Friedrich-Alexander-University); Christoph Egger (Friedrich-Alexander-University); Russell Lai (Friedrich-Alexander-University); Fritz Schmid (Friedrich-Alexander-University); Dominique Schröder (Friedrich-Alexander-University); Markus Zoppelt (Nuremberg Institute of Technology)

Privaros: A Framework for Privacy-Compliant Delivery Drones

Rakesh Beck (IISc Bangalore); Abhishek Vijeev (IISc Bangalore); Vinod Ganapathy (IISc Bangalore)

PMForce: Systematically Analyzing postMessage Handlers at Scale

Marius Steffens (CISPA Helmholtz Center for Information Security); Ben Stock (CISPA Helmholtz Center for Information Security)

Forensic Analysis in Access Control: Foundations and a Case-Study from Practice

Nahid Juma (University of Waterloo); Xiaowei Huang (University of Waterloo); Mahesh Tripunitara (University of Waterloo)

DeepDyve: Dynamic Verification for Deep Neural Networks

YU LI (The Chinese University of Hong Kong); Min Li (The Chinese University of Hong Kong); Bo Luo (The Chinese University of Hong Kong); Ye Tian (The Chinese University of Hong Kong); Qiang Xu (The Chinese University of Hong Kong)

LadderLeak: Breaking ECDSA With Less Than One Bit Of Nonce Leakage

Diego F. Aranha (Aarhus University); Felipe Rodrigues Novaes (University of Campinas); Akira Takahashi (Aarhus University); Mehdi Tibouchi (NTT); Yuval Yarom (University of Adelaide and Data61)

Dangerous Skills Got Certified: Measuring the Trustworthiness of Skill Certification in Voice Personal Assistant Platforms

Long Cheng (Clemson University); Christin Wilson (Clemson University); Song Liao (Clemson University); Jeffrey Alan Young (Clemson University); Daniel Dong (Clemson University); Hongxin Hu (Clemson University)

Logging to the Danger Zone: Race Condition Attacks and Defenses on System Audit Frameworks

Riccardo Paccagnella (University of Illinois at Urbana-Champaign); Kevin Liao (Max Planck Institute for Security and Privacy); Dave (Jing) Tian (Purdue University); Adam Bates (University of Illinois at Urbana-Champaign)

FREEDOM: Engineering a State-of-the-Art DOM Fuzzer

Wen Xu (Georgia Institute of Technology); Soyeon Park (Georgia Institute of Technology); Taesoo Kim (Georgia Institute of Technology)

Zombie Awakening: Stealthy Hijacking of Active Domains Through DNS Hosting Referral

Eihal Alowaisheq (Indiana University, King Saud University); Siyuan Tang (Indiana University); Zhihao Wang (Institute of Information Engineering, Chinese Academy of Sciences); Fatemah Alharbi (Taibah University); Xiaojing Liao (Indiana University); XiaoFeng Wang (Indiana University)

VAHunt: Warding Off New Repackaged Android Malware in App-Virtualization’s Clothing

Luman Shi (Wuhan University); Jiang Ming (University of Texas at Arlington); Jianming Fu (Wuhan University); Guojun Peng (Wuhan University); Dongpeng Xu (University of New Hampshire); Kun Gao (Wuhan Antiy Information Technology); Xuanchen Pan (Wuhan Antiy Information Technology)

PatchScope: Memory Object Centric Patch Diffing

Lei Zhao (Wuhan University); Yuncong Zhu (Wuhan University); Jiang Ming (University of Texas at Arlington); Yichen Zhang (Wuhan University); Haotian Zhang (University of Texas at Arlington); Heng Yin (University of California, Riverside)

Slimium: Debloating the Chromium Browser with Feature Subsetting

Chenxiong Qian (Georgia Institute of Technology); HyungJoon Koo (Georgia Institute of Technology); ChangSeok Oh (Georgia Institute of Technology); Taesoo Kim (Georgia Institute of Technology); Wenke Lee (Georgia Institute of Technology)

You’ve Changed: Detecting Malicious Browser Extensions through their Update Deltas

Nikolaos Pantelaios (North Carolina State University); Nick Nikiforakis (Stony Brook University); Alexandros Kapravelos (North Carolina State University)

Implementing the Exponential Mechanism with Base-2 Differential Privacy

Christina Ilvento (Harvard University);

FirmRay: Detecting BLE Link Layer Vulnerabilities from Configurations in Bare-Metal Firmware

Haohuang Wen (Ohio State University); Zhiqiang Lin (Ohio State University); Yinqian Zhang (Ohio State University)

Finding Cracks in Shields: On the Security of Control Flow Integrity Mechanisms

Yuan Li (Tsinghua University); Mingzhe Wang (Tsinghua University); Chao Zhang (Tsinghua University); Xingman Chen (Tsinghua University); Songtao Yang (Tsinghua University); Ying Liu (Tsinghua University)

The Boon and Bane of Cross-Signing: Shedding Light on a Common Practice in Public Key Infrastructures

Jens Hiller (RWTH Aachen University); Johanna Amann (ICSI, Corelight, LBNL); Oliver Hohlfeld (Brandenburg University of Technology)

Information Leakage in Embedding Models

Congzheng Song (Cornell University); Ananth Raghunathan (Facebook)

The Cookie Hunter: Automated Black-box Auditing for Web Authentication and Authorization Flaws

Kostas Drakonakis (FORTH); Sotiris Ioannidis (Technical University of Crete, Greece); Jason Polakis (University of Illinois at Chicago)

Deploying Android Security Updates: An Extensive Study Involving Manufacturers, Carriers, and End Users

Kailani R. Jones (University of Kansas); Ting-Fang Yen (DataVisor, Inc.); Sathya Chandran Sundaramurthy (DataVisor, Inc.); Alexandru G. Bardas (University of Kansas)

Fill in the Blanks: Empirical Analysis of the Privacy Threats of Browser Form Autofill

Xu Lin (University of Illinois at Chicago); Panagiotis Ilia (University of Illinois at Chicago); Jason Polakis (University of Illinois at Chicago)

QuantumHammer: A Practical Hybrid Attack on the LUOV Signature Scheme

Koksal Mus (Worcester Polytechnic Institute (WPI)); Saad Islam (Worcester Polytechnic Institute (WPI)); Berk Sunar (Worcester Polytechnic Institute (WPI))

Minimal Symmetric PAKE and 1-out-of-N OT from Programmable-Once Public Functions

Ian McQuoid (Oregon State University); Mike Rosulek (Oregon State University); Lance Roy (Oregon State University)

Usage Patterns of Privacy-Enhancing Technologies

Kovila P.L. Coopamootoo (Newcastle University)

AdvPulse: Universal, Synchronization-free, and Targeted Audio Adversarial Attacks via Subsecond Perturbations

Zhuohang Li (University of Tennessee, Knoxville); Yi Wu (University of Tennessee, Knoxville); Jian Liu (University of Tennessee, Knoxville); Yingying Chen (Rutgers University)

Security of Streaming Encryption in Google's Tink Library

Viet Tung Hoang (Florida State University); Yaobin Shen (Shanghai Jiao Tong Univeristy)

CrypTFlow2: Practical 2-Party Secure Inference

Deevashwer Rathee (Microsoft Research); Mayank Rathee (Microsoft Research); Nishant Kumar (Microsoft Research); Nishanth Chandran (Microsoft Research); Divya Gupta (Microsoft Research); Aseem Rastogi (Microsoft Research); Rahul Sharma (Microsoft Research)

ProMACs: Progressive and Resynchronizing MACs for Continuous Efficient Authentication of Message Streams

Frederik Armknecht (University of Mannheim); Paul Walther (TU Dresden); Gene Tsudik (UCI); Martin Beck (TU Dresden); Thorsten Strufe (Karlsruhe Institute of Technology and CeTI TU Dresden)

MP-SPDZ: A Versatile Framework for Multi-Party Computation

Marcel Keller (CSIRO's Data61)

Full Database Reconstruction in Two Dimensions

Francesca Falzon (University of Chicago); Evangelia Anna Markatou (Brown University); Akshima (University of Chicago); David Cash (University of Chicago); Adam Rivkin (University of Chicago); Jesse Stern (University of Chicago); Roberto Tamassia (Brown University)

Post-quantum TLS without handshake signatures

Peter Schwabe (Radboud University); Douglas Stebila (University of Waterloo); Thom Wiggers (Radboud University)

Ferret: Fast Extension for Correlated OT with Small Communication

Kang Yang (State Key Laboratory of Cryptology); Chenkai Weng (Northwestern University); Xiao Lan (Sichuan University); Jiang Zhang (State Key Laboratory of Cryptology); Xiao Wang (Northwestern University)

Poking a Hole in the Wall: Efficient Censorship-Resistant Internet Communications by Parasitizing on WebRTC

Diogo Barradas (INESC-ID, Instituto Superior Técnico, Universidade de Lisboa); Nuno Santos (INESC-ID, Instituto Superior Técnico, Universidade de Lisboa); Luis Rodrigues (INESC-ID, Instituto Superior Técnico, Universidade de Lisboa); Vítor Nunes (INESC-ID, Instituto Superior Técnico, Universidade de Lisboa)

Examining Mirai's Battle over the Internet of Things

Harm Griffioen (Hasso Plattner Institute); Christian Doerr (Hasso Plattner Institute)

A Forensically Sound Method of Identifying Downloaders and Uploaders in Freenet

Brian N. Levine (University of Massachusetts Amherst); Marc Liberatore (University of Massachusetts Amherst); Brian Lynn (University of Massachusetts Amherst); Matthew Wright (Rochester Institute of Technology)

Zero Knowledge Proofs for Decision Tree Predictions and Accuracy

Jiaheng Zhang (UC Berkeley); Zhiyong Fang (Texas A&M University); Yupeng Zhang (Texas A&M University); Dawn Song (UC Berkeley)

TrafficSliver: Fighting Website Fingerprinting Attacks with Traffic Splitting

Wladimir De la Cadena (University of Luxembourg); Asya Mitseva (Brandenburg University of Technology); Jens Hiller (RWTH Aachen University); Jan Pennekamp (RWTH Aachen University); Sebastian Reuter (RWTH Aachen University); Julian Filter (RWTH Aachen University); Klaus Wehrle (RWTH Aachen University); Thomas Engel (University of Luxembourg); Andriy Panchenko (Brandenburg University of Technology)

HACL×N: Verified Generic SIMD Crypto (for all your favourite platforms)

Marina Polubelova (INRIA); Karthikeyan Bhargavan (INRIA); Jonathan Protzenko (Microsoft Research); Benjamin Beurdouche (INRIA & Mozilla); Aymeric Fromherz (Carnegie Mellon University); Natalia Kulatova (INRIA); Santiago Zanella-Béguelin (Microsoft Research)

Mitigation of Attacks on Email End-to-End Encryption

Jörg Schwenk (Ruhr University Bochum); Marcus Brinkmann (Ruhr University Bochum); Damian Poddebniak (Münster University of Applied Sciences); Jens Müller (Ruhr University Bochum); Juraj Somorovsky (Paderborn University); Sebastian Schinzel (Münster University of Applied Sciences)

CLAPS: Client-Location-Aware Path Selection in Tor

Florentin Rochet (UCLouvain); Ryan Wails (U.S. Naval Research Laboratory); Aaron Johnson (U.S. Naval Research Laboratory); Prateek Mittal (Princeton Univ.); Olivier Pereira (UCLouvain)

Analyzing Information Leakage of Updates to Natural Language Models

Santiago Zanella-Béguelin (Microsoft Research); Lukas Wutschitz (Microsoft Research); Shruti Tople (Microsoft Research); Victor Rühle (Microsoft Research); Andrew Paverd (Microsoft Research); Olga Ohrimenko (University of Melbourne); Boris Köpf (Microsoft Research); Marc Brockschmidt (Microsoft Research)

A Systematic Study of Elastic Objects in Kernel Exploitation

Yueqi Chen (Pennsylvania State University); Zhenpeng Lin (Pennsylvania State University); Xinyu Xing (Pennsylvania State University)

Definitive recommendations for stronger, more usable passwords combining minimum-strength, minimum-length, and blacklist requirements

Joshua Tan (Carnegie Mellon University); Lujo Bauer (Carnegie Mellon University); Nicolas Christin (Carnegie Mellon University); Lorrie Faith Cranor (Carnegie Mellon University)

Clone Detection in Secure Messaging: Improving Post-Compromise Security in Practice

Cas Cremers (CISPA Helmholtz Center for Information Security); Jaiden Fairoze (CISPA Helmholtz Center for Information Security); Benjamin Kiesl (CISPA Helmholtz Center for Information Security); Aurora Naska (CISPA Helmholtz Center for Information Security)

DNS Cache Poisoning Attack Reloaded: Revolutions With Side Channels

Keyu Man (University of California, Riverside); Zhiyun Qian (University of California, Riverside); Zhongjie Wang (University of California, Riverside); Xiaofeng Zheng (Qi-AnXin Group, Tsinghua University); Youjun Huang (Tsinghua University); Haixin Duan (Tsinghua University, Qi-AnXin Group)

Towards Attribution in Mobile Markets: Identifying Developer Account Polymorphism

Silvia Sebastián (IMDEA Software Institute); Juan Caballero (IMDEA Software Institute)

CheckDP: An Automated and Integrated Approach for Proving Differential Privacy or Finding Precise Counterexamples

Yuxin Wang (Pennsylvania State University); Zeyu Ding (Pennsylvania State University); Daniel Kifer (Pennsylvania State University); Danfeng Zhang (Pennsylvania State University)

Censored Planet: An Internet-wide, Longitudinal Censorship Observatory

Ram Sundara Raman (University of Michigan); Prerana Shenoy (University of Michigan); Katharina Kohls (Ruhr University Bochum); Roya Ensafi (University of Michigan)

A 2.1 KHz Zero-Knowledge Processor with BubbleRAM

David Heath (Georgia Institute of Technology); Vladimir Kolesnikov (Georgia Tech)

On the Optimality of Optimistic Responsiveness

Ittai Abraham (VMware Research); Kartik Nayak (Duke University); Ling Ren (UIUC); Nibesh Shrestha (Rochester Institute of Technology)

More Efficient MPC from Improved Triple Generation and Authenticated Garbling

Kang Yang (State Key Laboratory of Cryptology); Xiao Wang (Northwestern University); Jiang Zhang (State Key Laboratory of Cryptology)

Mnemosyne: An Effective and Efficient Postmortem Watering Hole Attack Investigation System

Joey Allen (Georgia Institute of Technology); Zheng Yang (Georgia Institute of Technology); Matthew Landen (Georgia Institute of Technology); Raghav Bhat (Georgia Institute of Technology); Harsh Grover (Georgia Institute of Technology); Andrew Chang (Georgia Institute of Technology); Yang Ji (Palo Alto Networks); Roberto Perdisci (University of Georgia and Georgia Tech); Wenke Lee (Georgia Institute of Technology)

Off-Path TCP Exploits of the Mixed IPID Assignment

Xuewei Feng (Tsinghua University); Chuanpu Fu (Dalian University of Technology); Qi Li (Tsinghua University; Beijing National Research Center for Information Science and Technology); Kun Sun (George Mason University); Ke Xu (Tsinghua University; Beijing National Research Center for Information Science and Technology; Peng Cheng Laboratory)

Secure Single-Server Aggregation with (Poly)Logarithmic Overhead

James Bell (The Alan Turing Institute); Kallista Bonawitz (Google LLC); Adrià Gascón (Google LLC); Tancrède Lepoint (Google LLC); Mariana Raykova (Google LLC)

Cache-in-the-Middle (CITM) Attacks : Manipulating Sensitive Data in Isolated Execution Environments

Jie Wang (State Key Laboratory of Information Security,Institute of Information Engineering,CAS,Beijing,China;George Mason University,Fairfax,VA,USA;School of Cyber Security,University of Chinese Academy of Sciences,Beijing,China;Data Assurance and Communication Security Research Center,CAS,Beijing,China); Kun Sun (George Mason University,Fairfax,VA,USA); Lingguang Lei (State Key Laboratory of Information Security,Institute of Information Engineering,CAS,Beijing,China;School of Cyber Security,University of Chinese Academy of Sciences,Beijing,China;Data Assurance and Communication Security Research Center,CAS,Beijing,China); Shengye Wan (College of William and Mary); Yuewu Wang (State Key Laboratory of Information Security,Institute of Information Engineering,CAS,Beijing,China;School of Cyber Security,University of Chinese Academy of Sciences,Beijing,China;Data Assurance and Communication Security Research Center,CAS,Beijing,China); Jiwu Jing (University of Chinese Academy of Sciences,Beijing,China)

HoneyPLC: A Next-Generation Honeypot for Industrial Control Systems

Efren Lopez-Morales (Arizona State University); Carlos E. Rubio-Medrano (Arizona State University); Tiffany Bao (Arizona State University); Adam Doupe (Arizona State University); Yan Shoshitaishvili (Arizona State University); Ruoyu Wang (Arizona State University); Gail-Joon Ahn (Arizona State University)

T2Pair: Secure and Usable Pairing for Heterogeneous IoT Devices

Xiaopeng Li (University of South Carolina); Qiang Zeng (University of South Carolina); Lannan Luo (University of South Carolina); Tongbo Luo (JD.com)

iDEA: Towards Static Analysis on the Security of Apple Kernel Drivers

Xiaolong Bai (Alibaba Group); Luyi Xing (Indiana University Bloomington); Min Zheng (Alibaba Group); Fuping Qu (Alibaba Group)

Fast Database Joins and PSI for Secret Shared Data

Peter Rindal (Visa Research); Mike Rosulek (Oregon State University); Payman Mohassel (Facebook)

Phantom of the ADAS: Securing Advanced Driver-Assistance Systems from Split-Second Phantom Attacks

Ben Nassi (Ben-Gurion University of the Negev); Yisroel Mirsky (Georgia Institute of Technology); Dudi Nassi (Ben-Gurion University of the Negev); Raz Ben-Netanel (Ben-Gurion University of the Negev); Oleg Drokin (Independent Researcher); Yuval Elovici (Ben Gurion University of the Negev)

Game-Set-MATCH: Using Mobile Devices for Seamless External-Facing Biometric Matching

Shashank Agrawal (Visa Research); Saikrishna Badrinarayanan (Visa Research); Pratyay Mukherjee (Visa Research); Peter Rindal (Visa Research)

RTFM! Automatic Assumption Discovery and Verification Derivation from Library Document for API Misuse Detection

Tao Lv (SKLOIS, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China; School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China); Ruishi Li (SKLOIS, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China; School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China); Yi Yang (SKLOIS, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China; School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China); Kai Chen (SKLOIS, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China; School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China); Xiaojing Liao (Indiana University Bloomington); XiaoFeng Wang (Indiana University Bloomington); Peiwei Hu (SKLOIS, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China; School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China); Luyi Xing (Indiana University Bloomington)

Deterministic Wallets in a Quantum World

Nabil Alkeilani Alkadri (Technische Universität Darmstadt); Poulami Das (Technische Universität Darmstadt); Andreas Erwig (Technische Universität Darmstadt); Sebastian Faust (Technische Universität Darmstadt); Juliane Krämer (Technische Universität Darmstadt); Siavash Riahi (Technische Universität Darmstadt); Patrick Struck (Technische Universität Darmstadt)

Composite Backdoor Attack for Deep Neural Network by Mixing Existing Benign Features

Junyu Lin (National Key Laboratory for Novel Software Technology, Nanjing University); Lei Xu (National Key Laboratory for Novel Software Technology, Nanjing University); Yingqi Liu (Purdue Univ.); Xiangyu Zhang (Purdue University)

The Signal Private Group System and Anonymous Credentials Supporting Efficient Verifiable Encryption

Melissa Chase (Microsoft Research); Trevor Perrin (Signal Technology Foundation); Greg Zaverucha (Microsoft Research)

Harnessing the Ambient Radio Frequency Noise for Wearable Device Pairing

Wenqiang Jin (The University of Texas at Arlington); Ming Li (The University of Texas at Arlington); Srinivasan Murali (The University of Texas at Arlington); Linke Guo (Clemson University)

Speculative Probing: Hacking Blind in the Spectre Era

Enes Goktas (Stevens Institute of Technology); Kaveh Razavi (ETH Zurich); Georgios Portokalidis (Stevens Institute of Technology); Herbert Bos (Vrije Universiteit Amsterdam); Cristiano Giuffrida (Vrije Universiteit Amsterdam)

Estimating g-Leakage via Machine Learning

Marco Romanelli (INRIA, Ecole Polytechinque, Università di Siena); Konstantinos Chatzikokolakis (University of Athens); Catuscia Palamidessi (INRIA (Invited Chair on Privacy)); Pablo Piantanida (L2S, CentraleSupelec, CNRS, Université Paris Saclay)

Asynchronous Distributed Key Generation for Computationally Secure Randomness, Consensus, and Threshold Signatures

Eleftherios Kokoris Kogias (Novi and IST Austria); Dahlia Malkhi (Novi); Alexander Spiegelman (Novi)

WI is almost enough: Contingent (Service) Payment all over again

Ky Nguyen (Ecole Normale Superieure); Miguel Ambrona (NTT Laboratories); Masayuki Abe (NTT Secure Platform Laboratories)

SNI-in-the-head: Protecting MPC-in-the-head Protocols against Side-channel Analysis

Okan Seker (University of Lübeck); Sebastian Berndt (University of Lübeck); Luca Wilke (University of Lübeck); Thomas Eisenbarth (University of Lübeck)

BlackMirror: Preventing Wallhacks in 3D Online FPS Games

Seonghyun Park (Seoul National University); Adil Ahmad (Purdue); Byoungyoung Lee (Seoul National University)

Everything is a Race and Nakamoto Always Wins

Amir Dembo (Stanford University); Sreeram Kannan (University of Washington); Ertem Nusret Tas (Stanford University); David Tse (Stanford University); Pramod Viswanath (University of Illinois at Urbana-Champaign); Xuechao Wang (University of Illinois at Urbana-Champaign); Ofer Zeitouni (Weizmann Institute of Science)

Enhancing State-of-the-art Classifiers with API Semantics to Detect Evolved Android Malware

Xiaohan Zhang (Fudan University); Yuan Zhang (Fudan University); Ming Zhong (Fudan University); Daizong Ding (Fudan University); Yinzhi Cao (Johns Hopkins University); Yukun Zhang (Fudan University); Mi Zhang (Fudan University); Min Yang (Fudan University)

Tight Consistency Bounds for Bitcoin

Peter Gaži (IOHK); Aggelos Kiayias (University of Edinburgh and IOHK); Alexander Russell (University of Connecticut and IOHK);

Déjà vu: Side-channel analysis of Mozilla’s NSS

Sohaib ul Hassan (Tampere University); Iaroslav Gridin (Tampere University); Ignacio M. Delgado-Lozano (Tampere University); Cesar Pereida García (Tampere University); Jesús-Javier Chi-Domínguez (Tampere University); Alejandro Cabrera Aldaya (Tampere University); Billy Bob Brumley (Tampere University)

Asynchronous Remote Key Generation: An Analysis of Yubico’s Proposal for W3C WebAuthn

Nick Frymann (University of Surrey); Daniel Gardham (University of Surrey); Franziskus Kiefer (Unaffiliated); Emil Lundberg (Yubico); Mark Manulis (University of Surrey); Dain Nilsson (Yubico)

Impersonation-as-a-Service: Characterizing the Emerging Criminal Infrastructure for User Impersonation at Scale

Michele Campobasso (Eindhoven University of Technology); Luca Allodi (Eindhoven University of Technology)

Is the Classical GMW Paradigm Practical? The Case of Non-Interactive Actively Secure 2PC

Jackson Abascal (Carnegie Mellon University); Carmit Hazay (Bar-Ilan University); Mohammad Hossein Faghihi Sereshgi (University of Rochester); Yuval Ishai (Technion); Muthuramakrishnan Venkitasubramaniam (University of Rochester)

Ligero++: A New Optimized Sublinear IOP

Rishabh Bhadauria (Bar-Ilan University); Zhiyong Fang (Texas A&M University); Carmit Hazay (Bar-Ilan University); Muthuramakrishnan Venkitasubramaniam (University of Rochester); Tiancheng Xie (UC Berkeley); Yupeng Zhang (Texas A&M University)

Practical Lattice-Based Zero-Knowledge Proofs for Integer Relations

Vadim Lyubashevsky (IBM Research - Zurich); Ngoc Khanh Nguyen (IBM Research - Zurich and ETH Zurich); Gregor Seiler (IBM Research - Zurich and ETH Zurich)

UC Non-Interactive, Proactive, Threshold ECDSA with Identifiable Aborts

Ran Canetti (Boston University); Rosario Gennaro (City College, CUNY); Steven Goldfeder (Cornell Tech); Nikolaos Makriyannis (Fireblocks); Udi Peled (Fireblocks)