PRELIMINARY PROGRAM

ACM CCS 2020 - November 10-12, 2020

Initial Occurrence of Program: in U.S. Eastern Standard Time (UTC -5:00)
Repeat Occurrence of Program: One Day Later in China Standard Time (UTC +8:00)

CCS Main Conference on Tuesday, November 10th, 2020

Opening Remarks

Keynote: Machine Learning and Security: The Good, The Bad, and The Ugly

Wenke Lee (Georgia Institute of Technology)

Session Chair: Jonathan Katz (George Mason University)


Break

Session 1A: Anonymous Routing and Censorship

Session Chair: Dave Levin (University of Maryland)


Bypassing Tor Exit Blocking with Exit Bridge Onion Services

Zhao Zhang (Georgetown University); Micah Sherr (Georgetown University); Wenchao Zhou (Georgetown University)

CLAPS: Client-Location-Aware Path Selection in Tor

Florentin Rochet (UCLouvain); Ryan Wails (U.S. Naval Research Laboratory); Aaron Johnson (U.S. Naval Research Laboratory); Prateek Mittal (Princeton Univ.); Olivier Pereira (UCLouvain)

Poking a Hole in the Wall: Efficient Censorship-Resistant Internet Communications by Parasitizing on WebRTC

Diogo Barradas (Instituto Superior Técnico, Universidade de Lisboa); Nuno Santos (Instituto Superior Técnico, Universidade de Lisboa); Luis Rodrigues (Instituto Superior Técnico, Universidade de Lisboa); Vítor Nunes (Instituto Superior Técnico, Universidade de Lisboa)

Censored Planet: An Internet-wide, Longitudinal Censorship Observatory

Ram Sundara Raman (University of Michigan); Prerana Shenoy (University of Michigan); Katharina Kohls (Ruhr University Bochum); Roya Ensafi (University of Michigan)


Session 1B: Attacking and Defending ML Systems

Session Chair: Ting Wang (Pennsylvania State University)


Gotta Catch'Em All: Using Honeypots to Catch Adversarial Attacks on Neural Networks

Shawn Shan (University of Chicago); Emily Wenger (University of Chicago); Bolun Wang (University of Chicago); Bo Li (UIUC); Haitao Zheng (University of Chicago); Ben Y. Zhao (University of Chicago)

A Tale of Evil Twins: Adversarial Inputs versus Poisoned Models

Ren Pang (Penn State University); Hua Shen (Penn State University); Xinyang Zhang (Penn State University); Shouling Ji (Zhejiang University); Yevgeniy Vorobeychik (Washington University in St. Louis); Xiapu Luo (The Hong Kong Polytechnic University); Alex X. Liu (Ant Financial Services Group); Ting Wang (Penn State)

DeepDyve: Dynamic Verification for Deep Neural Networks

YU LI (The Chinese University of Hong Kong); Min Li (The Chinese University of Hong Kong); Bo Luo (The Chinese University of Hong Kong); Ye Tian (The Chinese University of Hong Kong); Qiang Xu (The Chinese University of Hong Kong)

Composite Backdoor Attack for Deep Neural Network by Mixing Existing Benign Features

Junyu Lin (National Key Laboratory for Novel Software Technology, Nanjing University); Lei Xu (National Key Laboratory for Novel Software Technology, Nanjing University); Yingqi Liu (Purdue Univ.); Xiangyu Zhang (Purdue University)


Session 1C: Binary Analysis/Policy and Access Control

Session Chair: Fish Wang (Arizona State University)


Devil is Virtual: Reversing Virtual Inheritance in C++ Binaries

Rukayat Ayomide Erinfolami (Binghamton University); Aravind Prakash (Binghamton University)

PatchScope: Memory Object Centric Patch Diffing

Lei Zhao (Wuhan University); Yuncong Zhu (Wuhan University); Jiang Ming (University of Texas at Arlington); Yichen Zhang (Wuhan University); Haotian Zhang (University of Texas at Arlington); Heng Yin (University of California, Riverside)

FirmRay: Detecting BLE Link Layer Vulnerabilities from Configurations in Bare-Metal Firmware

Haohuang Wen (Ohio State University); Zhiqiang Lin (Ohio State University); Yinqian Zhang (Ohio State University)

Privaros: A Framework for Privacy-Compliant Delivery Drones

Rakesh Beck (IISc Bangalore); Abhishek Vijeev (IISc Bangalore); Vinod Ganapathy (IISc Bangalore)


Session 1D: Applied Cryptography and Cryptanalysis

Session Chair: Xiao Wang (Northwestern University)


A Performant, Misuse-Resistant API for Primality Testing

Jake Massimo (Royal Holloway, University of London); Kenny Paterson (ETH Zurich)

ProMACs: Progressive and Resynchronizing MACs for Continuous Efficient Authentication of Message Streams

Frederik Armknecht (University of Mannheim); Paul Walther (TU Dresden); Gene Tsudik (UCI); Martin Beck (TU Dresden); Thorsten Strufe (Karlsruhe Institute of Technology and CeTI TU Dresden)

LadderLeak: Breaking ECDSA with Less than One Bit of Nonce Leakage

Diego F. Aranha (Aarhus University); Felipe Rodrigues Novaes (University of Campinas); Akira Takahashi (Aarhus University); Mehdi Tibouchi (NTT); Yuval Yarom (University of Adelaide and Data61)

Security of Streaming Encryption in Google's Tink Library

Viet Tung Hoang (Florida State University); Yaobin Shen (Shanghai Jiao Tong Univeristy)


Session 1E: Cyberphysical Systems

Session Chair: Brendan Saltaformaggio (Georgia Tech)


Cyber-Physical Inconsistency Vulnerability Identification for Safety Checks in Robotic Vehicles

Hongjun Choi (Purdue University); Sayali Kate (Purdue University); Yousra Aafer (University of Waterloo); Xiangyu Zhang (Purdue University); Dongyan Xu (Purdue University)

HoneyPLC: A Next-Generation Honeypot for Industrial Control Systems

Efren Lopez-Morales (Arizona State University); Carlos E. Rubio-Medrano (Arizona State University); Tiffany Bao (Arizona State University); Adam Doupe (Arizona State University); Yan Shoshitaishvili (Arizona State University); Ruoyu Wang (Arizona State University); Gail-Joon Ahn (Arizona State University)

Phantom of the ADAS: Securing Advanced Driver-Assistance Systems from Split-Second Phantom Attacks

Ben Nassi (Ben-Gurion University of the Negev); Yisroel Mirsky (Georgia Institute of Technology); Dudi Nassi (Ben-Gurion University of the Negev); Raz Ben-Netanel (Ben-Gurion University of the Negev); Oleg Drokin (Independent Researcher); Yuval Elovici (Ben Gurion University of the Negev)

T2Pair: Secure and Usable Pairing for Heterogeneous IoT Devices

Xiaopeng Li (University of South Carolina); Qiang Zeng (University of South Carolina); Lannan Luo (University of South Carolina); Tongbo Luo (JD.com)

Break/Interaction with paper authors

Session 2A: ML and Information Leakage

Session Chair: Murat Kantarcioglu (UT Dallas)


CrypTFlow: Practical 2-Party Secure Inference

Deevashwer Rathee (Microsoft Research); Mayank Rathee (Microsoft Research); Nishant Kumar (Microsoft Research); Nishanth Chandran (Microsoft Research); Divya Gupta (Microsoft Research); Aseem Rastogi (Microsoft Research); Rahul Sharma (Microsoft Research)

GAN-Leaks: A Taxonomy of Membership Inference Attacks against Generative Models

Dingfan Chen (CISPA Helmholtz Center for Information Security); Ning Yu (Max Planck Institute for Informatics); Yang Zhang (CISPA Helmholtz Center for Information Security); Mario Fritz (CISPA Helmholtz Center for Information Security)

Analyzing Information Leakage of Updates to Natural Language Models

Santiago Zanella-Béguelin (Microsoft Research); Lukas Wutschitz (Microsoft Research); Shruti Tople (Microsoft Research); Victor Rühle (Microsoft Research); Andrew Paverd (Microsoft Research); Olga Ohrimenko (University of Melbourne); Boris Köpf (Microsoft Research); Marc Brockschmidt (Microsoft Research)

Information Leakage in Embedding Models

Congzheng Song (Cornell University); Ananth Raghunathan (Facebook)


Session 2B: Applied Cryptography

Session Chair: Ling Ren (UIUC)


PPE Circuits: Formal Definition to Software Automation

Susan Hohenberger (Johns Hopkins University); Satyanarayana Vusirikala (University of Texas at Austin); Brent Waters (University of Texas at Austin and NTT Research)

Threshold Password-Hardened Encryption Services

Julian Brost (Friedrich-Alexander-University); Christoph Egger (Friedrich-Alexander-University); Russell Lai (Friedrich-Alexander-University); Fritz Schmid (Friedrich-Alexander-University); Dominique Schröder (Friedrich-Alexander-University); Markus Zoppelt (Nuremberg Institute of Technology)

Minimal Symmetric PAKE and 1-out-of-N OT from Programmable-Once Public Functions

Ian McQuoid (Oregon State University); Mike Rosulek (Oregon State University); Lance Roy (Oregon State University)

Full Database Reconstruction in Two Dimensions

Francesca Falzon (University of Chicago); Evangelia Anna Markatou (Brown University); Akshima (University of Chicago); David Cash (University of Chicago); Adam Rivkin (University of Chicago); Jesse Stern (University of Chicago); Roberto Tamassia (Brown University)


Session 2C: Browser Security

Session Chair: Alexandros Kapravelos (NCSU)


Slimium: Debloating the Chromium Browser with Feature Subsetting

Chenxiong Qian (Georgia Institute of Technology); HyungJoon Koo (Georgia Institute of Technology); ChangSeok Oh (Georgia Institute of Technology); Taesoo Kim (Georgia Institute of Technology); Wenke Lee (Georgia Institute of Technology)

You’ve Changed: Detecting Malicious Browser Extensions through their Update Deltas

Nikolaos Pantelaios (North Carolina State University); Nick Nikiforakis (Stony Brook University); Alexandros Kapravelos (North Carolina State University)

PMForce: Systematically Analyzing postMessage Handlers at Scale

Marius Steffens (CISPA Helmholtz Center for Information Security); Ben Stock (CISPA Helmholtz Center for Information Security)

Fill in the Blanks: Empirical Analysis of the Privacy Threats of Browser Form Autofill

Xu Lin (University of Illinois at Chicago); Panagiotis Ilia (University of Illinois at Chicago); Jason Polakis (University of Illinois at Chicago)


Session 2D: Mobile Security

Session Chair: Xusheng Xiao (Case Western Reserve University)


Lies in the Air: Characterizing Fake-base-station Spam Ecosystem in China

Yiming Zhang (Beijing National Research Center for Information Science and Technology (BNRist), Tsinghua University; Department of Computer Science and Technology, Tsinghua University); Baojun Liu (Beijing National Research Center for Information Science and Technology (BNRist), Tsinghua University; Department of Computer Science and Technology, Tsinghua University; 360 Netlab); Chaoyi Lu (Institute for Network Sciences and Cyberspace, Tsinghua University; Beijing National Research Center for Information Science and Technology (BNRist), Tsinghua University; 360 Netlab); Zhou Li (University of California, Irvine); Haixin Duan (Institute for Network Sciences and Cyberspace, Tsinghua University; Beijing National Research Center for Information Science and Technology (BNRist), Tsinghua University; Qi An Xin Technology Research Institute); Shuang Hao (University of Texas at Dallas); Mingxuan Liu (Institute for Network Sciences and Cyberspace, Tsinghua University; Beijing National Research Center for Information Science and Technology (BNRist), Tsinghua University); Ying Liu (Institute for Network Sciences and Cyberspace, Tsinghua University); Dong Wang (360 Mobile Safe); Qiang Li (360 Mobile Safe)

VAHunt: Warding Off New Repackaged Android Malware in App-Virtualization’s Clothing

Luman Shi (Wuhan University); Jiang Ming (University of Texas at Arlington); Jianming Fu (Wuhan University); Guojun Peng (Wuhan University); Dongpeng Xu (University of New Hampshire); Kun Gao (Wuhan Antiy Information Technology); Xuanchen Pan (Wuhan Antiy Information Technology)

Deploying Android Security Updates: An Extensive Study Involving Manufacturers, Carriers, and End Users

Kailani R. Jones (University of Kansas); Ting-Fang Yen (DataVisor, Inc.); Sathya Chandran Sundaramurthy (DataVisor, Inc.); Alexandru G. Bardas (University of Kansas)

Demystifying Resource Management Risks in Emerging Mobile App-in-App Ecosystems

Haoran Lu (Indiana University Bloomington); Luyi Xing (Indiana University Bloomington); Yifan Zhang (Indiana University Bloomington); Yue Xiao (Indiana University Bloomington); Xiaojing Liao (Indiana University Bloomington); XiaoFeng Wang (Indiana University Bloomington); Xueqiang Wang (Indiana University Bloomington)


Session 2E: Smart Contracts and Cryptocurrencies

Session Chair: Foteini Baldimtsi (George Mason University)


ACE: Asynchronous and Concurrent Execution of Complex Smart Contracts

Karl Wüst (ETH Zurich); Sinisa Matetic (ETH Zurich); Silvan Egli (ETH Zurich); Kari Kostiainen (ETH Zurich); Srdjan Capkun (ETH Zurich)

BDoS: Blockchain Denial-of-Service

Michael Mirkin (Technion); Yan Ji (Cornell Tech); Jonathan Pang (Cornell University); Ariah Klages-Mundt (Cornell University); Ittay Eyal (Technion); Ari Juels (Cornell Tech)

eThor: Practical and Provably Sound Static Analysis of Ethereum Smart Contracts

Clara Schneidewind (TU Wien); Markus Scherer (TU Wien); Ilya Grishchenko (TU Wien); Matteo Maffei (TU Wien)

WI is Almost Enough: Contingent Payment All Over Again

Ky Nguyen (Ecole Normale Superieure); Miguel Ambrona (NTT Laboratories); Masayuki Abe (NTT Secure Platform Laboratories)

Interaction with paper authors

CCS Main Conference on Wednesday, November 11th, 2020

Opening Remarks

Keynote: Realistic Threats and Realistic Users: Lessons from the Election

Alex Stamos (Stanford University)

Session Chair: Giovanni Vigna (UC Santa Barbara / VMware)


Break

Session 3A: Privacy

Session Chair: Catuscia Palamidessi (Inria)


Private Summation in the Multi-Message Shuffle Model

Borja Balle (DeepMind); James Bell (The Alan Turing Institute); Adrià Gascón (Google); Kobbi Nissim (Georgetown University)

R^2DP: A Universal and Automated Approach to Optimizing the Randomization Mechanisms of Differential Privacy for Utility Metrics with No Known Optimal Distributions

Meisam Mohammady (Concordia University); Shangyu Xie (Illinois Institute of Technology); Yuan Hong (Illinois Institute of Technology); Mengyuan Zhang (Ericsson Security Research); Lingyu Wang (Concordia University); Makan Pourzandi (Ericsson Security Research); Mourad Debbabi (Concordia University)

Estimating g-Leakage via Machine Learning

Marco Romanelli (INRIA, Ecole Polytechinque, Università di Siena); Konstantinos Chatzikokolakis (University of Athens); Catuscia Palamidessi (INRIA (Invited Chair on Privacy)); Pablo Piantanida (L2S, CentraleSupelec, CNRS, Université Paris Saclay)

Implementing the Exponential Mechanism with Base-2 Differential Privacy

Christina Ilvento (Harvard University);


Session 3B: Malware

Session Chair: Lorenzo Cavallaro (King's College London)


Examining Mirai's Battle over the Internet of Things

Harm Griffioen (Hasso Plattner Institute); Christian Doerr (Hasso Plattner Institute)

Enhancing State-of-the-art Classifiers with API Semantics to Detect Evolved Android Malware

Xiaohan Zhang (Fudan University); Yuan Zhang (Fudan University); Ming Zhong (Fudan University); Daizong Ding (Fudan University); Yinzhi Cao (Johns Hopkins University); Yukun Zhang (Fudan University); Mi Zhang (Fudan University); Min Yang (Fudan University)

Towards Attribution in Mobile Markets: Identifying Developer Account Polymorphism

Silvia Sebastián (IMDEA Software Institute); Juan Caballero (IMDEA Software Institute)

Mnemosyne: An Effective and Efficient Postmortem Watering Hole Attack Investigation System

Joey Allen (Georgia Institute of Technology); Zheng Yang (Georgia Institute of Technology); Matthew Landen (Georgia Institute of Technology); Raghav Bhat (Georgia Institute of Technology); Harsh Grover (Georgia Institute of Technology); Andrew Chang (Georgia Institute of Technology); Yang Ji (Palo Alto Networks); Roberto Perdisci (University of Georgia and Georgia Tech); Wenke Lee (Georgia Institute of Technology)


Session 3C: Consensus

Session Chair: Kartik Nayak (Duke University)


Dumbo: Faster Asynchronous BFT Protocols

Bingyong Guo (Institute of Software, Chinese Academy of Sciences; State Key Laboratory of Cryptology; School of Computer Science and Technology, University of Chinese Academy of Sciences; JDD-NJIT-ISCAS Joint Blockchain Lab); Zhenliang Lu (New jersey institute of technology; JDD-NJIT-ISCAS Joint Blockchain Lab); Qiang Tang (New Jersey Institute of Technology; JDD-NJIT-ISCAS Joint Blockchain Lab); Jing Xu (Institute of Software, Chinese Academy of Sciences; JDD-NJIT-ISCAS Joint Blockchain Lab); Zhenfeng Zhang (Institute of Software, Chinese Academy of Sciences; JDD-NJIT-ISCAS Joint Blockchain Lab)

Tight Consistency Bounds for Bitcoin

Peter Gaži (IOHK); Aggelos Kiayias (University of Edinburgh and IOHK); Alexander Russell (University of Connecticut and IOHK)

On the Optimality of Optimistic Responsiveness

Ittai Abraham (VMware Research); Kartik Nayak (Duke University); Ling Ren (UIUC); Nibesh Shrestha (Rochester Institute of Technology)

Everything is a Race and Nakamoto Always Wins

Amir Dembo (Stanford University); Sreeram Kannan (University of Washington); Ertem Nusret Tas (Stanford University); David Tse (Stanford University); Pramod Viswanath (University of Illinois at Urbana-Champaign); Xuechao Wang (University of Illinois at Urbana-Champaign); Ofer Zeitouni (Weizmann Institute of Science)


Session 3D: Formal Methods

Session Chair: Deepak Garg (Max Planck Institute for Software Systems)


Security Analysis and Implementation of Relay-Resistant Contactless Payments

Ioana Boureanu (Univ. of Surrey, Surrey Centre for Cyber Security); Tom Chothia (University of Birmingham); Alexandre Debant (Univ Rennes, CNRS, IRISA); Stéphanie Delaune (Univ Rennes, CNRS, IRISA)

HACL×N: Verified Generic SIMD Crypto (for all your favourite platforms)

Marina Polubelova (INRIA); Karthikeyan Bhargavan (INRIA); Jonathan Protzenko (Microsoft Research); Benjamin Beurdouche (INRIA & Mozilla); Aymeric Fromherz (Carnegie Mellon University); Natalia Kulatova (INRIA); Santiago Zanella-Béguelin (Microsoft Research)

CheckDP: An Automated and Integrated Approach for Proving Differential Privacy or Finding Precise Counterexamples

Yuxin Wang (Pennsylvania State University); Zeyu Ding (Pennsylvania State University); Daniel Kifer (Pennsylvania State University); Danfeng Zhang (Pennsylvania State University)

Asynchronous Remote Key Generation: An Analysis of Yubico’s Proposal for W3C WebAuthn

Nick Frymann (University of Surrey); Daniel Gardham (University of Surrey); Franziskus Kiefer (Unaffiliated); Emil Lundberg (Yubico); Mark Manulis (University of Surrey); Dain Nilsson (Yubico)


Session 3E: Fuzzing/Trusted Execution Environments

Session Chair: Tiffany Bao (CMU)


SQUIRREL: Testing Database Management Systems with Language Validity and Coverage Feedback

Rui Zhong (Pennsylvania State University); Yongheng Chen (GeorgiaTech); Hong Hu (GeorgiaTech); Hangfan Zhang (Nanjing University); Wenke Lee (GeorgiaTech); Dinghao Wu (Pennsylvania State University)

FREEDOM: Engineering a State-of-the-Art DOM Fuzzer

Wen Xu (Georgia Institute of Technology); Soyeon Park (Georgia Institute of Technology); Taesoo Kim (Georgia Institute of Technology)

BlackMirror: Preventing Wallhacks in 3D Online FPS Games

Seonghyun Park (Seoul National University); Adil Ahmad (Purdue); Byoungyoung Lee (Seoul National University)

Cache-in-the-Middle (CITM) Attacks : Manipulating Sensitive Data in Isolated Execution Environments

Jie Wang (State Key Laboratory of Information Security,Institute of Information Engineering,CAS,Beijing,China;George Mason University,Fairfax,VA,USA;School of Cyber Security,University of Chinese Academy of Sciences,Beijing,China;Data Assurance and Communication Security Research Center,CAS,Beijing,China); Kun Sun (George Mason University,Fairfax,VA,USA); Lingguang Lei (State Key Laboratory of Information Security,Institute of Information Engineering,CAS,Beijing,China;School of Cyber Security,University of Chinese Academy of Sciences,Beijing,China;Data Assurance and Communication Security Research Center,CAS,Beijing,China); Shengye Wan (College of William and Mary); Yuewu Wang (State Key Laboratory of Information Security,Institute of Information Engineering,CAS,Beijing,China;School of Cyber Security,University of Chinese Academy of Sciences,Beijing,China;Data Assurance and Communication Security Research Center,CAS,Beijing,China); Jiwu Jing (University of Chinese Academy of Sciences,Beijing,China)

Break/Interaction with paper authors

Session 4A: Post-Quantum Cryptography

Session Chair: Karim Eldefrawy (SRI International)


Deterministic Wallets in a Quantum World

Nabil Alkeilani Alkadri (Technische Universität Darmstadt); Poulami Das (Technische Universität Darmstadt); Andreas Erwig (Technische Universität Darmstadt); Sebastian Faust (Technische Universität Darmstadt); Juliane Krämer (Technische Universität Darmstadt); Siavash Riahi (Technische Universität Darmstadt); Patrick Struck (Technische Universität Darmstadt)

SNI-in-the-head: Protecting MPC-in-the-head Protocols against Side-channel Analysis

Okan Seker (University of Lübeck); Sebastian Berndt (University of Lübeck); Luca Wilke (University of Lübeck); Thomas Eisenbarth (University of Lübeck)

Practical Lattice-Based Zero-Knowledge Proofs for Integer Relations

Vadim Lyubashevsky (IBM Research - Zurich); Ngoc Khanh Nguyen (IBM Research - Zurich and ETH Zurich); Gregor Seiler (IBM Research - Zurich and ETH Zurich)

QuantumHammer: A Practical Hybrid Attack on the LUOV Signature Scheme

Koksal Mus (Worcester Polytechnic Institute (WPI)); Saad Islam (Worcester Polytechnic Institute (WPI)); Berk Sunar (Worcester Polytechnic Institute (WPI))


Session 4B: Physical Attacks

Session Chair: Sara Rampazzi (University of Florida)


TEMPEST Comeback: A Realistic Audio Eavesdropping Threat on Mixed-signal SoCs

Jieun Choi (KAIST); Hae-Yong Yang (The Affiliated Institute of ETRI); Dong-Ho Cho (KAIST)

When the Differences in Frequency Domain are Compensated: Understanding and Defeating Modulated Replay Attacks on Automatic Speech Recognition

Shu Wang (George Mason University); Jiahao Cao (Tsinghua University); Xu He (George Mason University); Kun Sun (George Mason University); Qi Li (Tsinghua University)

AdvPulse: Universal, Synchronization-free, and Targeted Audio Adversarial Attacks via Subsecond Perturbations

Zhuohang Li (University of Tennessee, Knoxville); Yi Wu (University of Tennessee, Knoxville); Jian Liu (University of Tennessee, Knoxville); Yingying Chen (Rutgers University)

Harnessing the Ambient Radio Frequency Noise for Wearable Device Pairing

Wenqiang Jin (The University of Texas at Arlington); Ming Li (The University of Texas at Arlington); Srinivasan Murali (The University of Texas at Arlington); Linke Guo (Clemson University)


Session 4C: Kernel Security

Session Chair: Erik van der Kouwe (Vrije Universiteit Amsterdam)


Pdiff: Semantic-based Patch Presence Testing for Downstream Kernels

Zheyue Jiang (Fudan University); Yuan Zhang (Fudan University); Jun Xu (Stevens Institute of Technology); Qi Wen (Fudan University); Zhenghe Wang (Fudan University); Xiaohan Zhang (Fudan University); Xinyu Xing (Pennsylvania State University); Min Yang (Fudan University); Zhemin Yang (Fudan University)

A Systematic Study of Elastic Objects in Kernel Exploitation

Yueqi Chen (Pennsylvania State University); Zhenpeng Lin (Pennsylvania State University); Xinyu Xing (Pennsylvania State University)

iDEA: Towards Static Analysis on the Security of Apple Kernel Drivers

Xiaolong Bai (Alibaba Group); Luyi Xing (Indiana University Bloomington); Min Zheng (Alibaba Group); Fuping Qu (Alibaba Group)

Exaggerated Error Handling Hurts! An In-Depth Study and Context-Aware Detection

Aditya Pakki (University of Minnesota); Kangjie Lu (University of Minnesota)


Session 4D: Distributed Protocols

Session Chair: Vassilis Zikas (RPI)


LEAF: A Faster Secure Search Algorithm via Localization, Extraction, and Reconstruction

Rui Wen (CISPA Helmholtz Center for Information Security); Yu Yu (Shanghai Jiao Tong University); Xiang Xie (Platon); Yang Zhang (CISPA Helmholtz Center for Information Security)

Blinder -- Scalable, Robust Anonymous Committed Broadcast

Avishay Yanai (Bar-Ilan University); Ittai Abraham (VMware Research); Benny Pinkas (VMware Research, Bar Ilan University)

Secure Single-Server Aggregation with (Poly)Logarithmic Overhead

James Bell (The Alan Turing Institute); Kallista Bonawitz (Google LLC); Adrià Gascón (Google LLC); Tancrède Lepoint (Google LLC); Mariana Raykova (Google LLC)

Fast Database Joins and PSI for Secret Shared Data

Peter Rindal (Visa Research); Mike Rosulek (Oregon State University); Payman Mohassel (Facebook)


Session 4E: Network Security

Session Chair: Ben Stock (CISPA Helmholtz Center for Information Security)


The Boon and Bane of Cross-Signing: Shedding Light on a Common Practice in Public Key Infrastructures

Jens Hiller (RWTH Aachen University); Johanna Amann (ICSI, Corelight, LBNL); Oliver Hohlfeld (Brandenburg University of Technology)

Zombie Awakening: Stealthy Hijacking of Active Domains through DNS Hosting Referral

Eihal Alowaisheq (Indiana University, King Saud University); Siyuan Tang (Indiana University); Zhihao Wang (Institute of Information Engineering, Chinese Academy of Sciences); Fatemah Alharbi (Taibah University); Xiaojing Liao (Indiana University); XiaoFeng Wang (Indiana University)

Off-Path TCP Exploits of the Mixed IPID Assignment

Xuewei Feng (Tsinghua University); Chuanpu Fu (Dalian University of Technology); Qi Li (Tsinghua University; Beijing National Research Center for Information Science and Technology); Kun Sun (George Mason University); Ke Xu (Tsinghua University; Beijing National Research Center for Information Science and Technology; Peng Cheng Laboratory)

DNS Cache Poisoning Attack Reloaded: Revolutions with Side Channels

Keyu Man (University of California, Riverside); Zhiyun Qian (University of California, Riverside); Zhongjie Wang (University of California, Riverside); Xiaofeng Zheng (Qi-AnXin Group, Tsinghua University); Youjun Huang (Tsinghua University); Haixin Duan (Tsinghua University, Qi-AnXin Group)


Interaction with paper authors

CCS Main Conference on Thursday, November 12th, 2020

Opening Remarks

Awards Ceremony

Break/Poster Session

Session 5A: User Authentication

Session Chair: Alisa Frick (ICSI)


Game-Set-MATCH: Using Mobile Devices for Seamless External-Facing Biometric Matching

Shashank Agrawal (Visa Research); Saikrishna Badrinarayanan (Visa Research); Pratyay Mukherjee (Visa Research); Peter Rindal (Visa Research)

Usage Patterns of Privacy-Enhancing Technologies

Kovila P.L. Coopamootoo (Newcastle University)

Text Captcha Is Dead? A Large Scale Deployment and Empirical Study

Chenghui Shi (Zhejiang University); Shouling Ji (Zhejiang University); Qianjun Liu (Zhejiang University); Changchang Liu (IBM Research); Yuefeng Chen (Alibaba Group); Yuan He (Alibaba Group); Zhe Liu (Nanjing University of Aeronautics and Astronautics); Raheem Beyah (Georgia Institute of Technology); Ting Wang (Penn State)

Practical Recommendations for Stronger, More Usable Passwords Combining Minimum-strength, Minimum-length, and Blocklist Requirements

Joshua Tan (Carnegie Mellon University); Lujo Bauer (Carnegie Mellon University); Nicolas Christin (Carnegie Mellon University); Lorrie Faith Cranor (Carnegie Mellon University)


Session 5B: Secure Messaging and Key Exchange

Session Chair: Benny Pinkas (VMware Research, Bar Ilan University)


Oracle Simulation: A Technique for Protocol Composition with Long Term Shared Secrets

Charlie Jacomme (LSV); Hubert Comon (LSV); Guillaume Scerri (Université Paris Saclay, UVSQ, Inria, DAVID)

The Signal Private Group System and Anonymous Credentials Supporting Efficient Verifiable Encryption

Melissa Chase (Microsoft Research); Trevor Perrin (Signal Technology Foundation); Greg Zaverucha (Microsoft Research)

Post-quantum TLS without handshake signatures

Peter Schwabe (Radboud University); Douglas Stebila (University of Waterloo); Thom Wiggers (Radboud University)

Clone Detection in Secure Messaging: Improving Post-Compromise Security in Practice

Cas Cremers (CISPA Helmholtz Center for Information Security); Jaiden Fairoze (CISPA Helmholtz Center for Information Security); Benjamin Kiesl (CISPA Helmholtz Center for Information Security); Aurora Naska (CISPA Helmholtz Center for Information Security)


Session 5C: Forensics

Session Chair: Juan Caballero (IMDEA)


A Forensically Sound Method of Identifying Downloaders and Uploaders in Freenet

Brian N. Levine (University of Massachusetts Amherst); Marc Liberatore (University of Massachusetts Amherst); Brian Lynn (University of Massachusetts Amherst); Matthew Wright (Rochester Institute of Technology)

A Qualitative Study of Dependency Management and Its Security Implications

Ivan Pashchenko (University of Trento, Italy); Duc Ly Vu (University of Trento, Italy); Fabio Massacci (University of Trento, Italy)

Forensic Analysis in Access Control: Foundations and a Case-Study from Practice

Nahid Juma (University of Waterloo); Xiaowei Huang (University of Waterloo); Mahesh Tripunitara (University of Waterloo)

Logging to the Danger Zone: Race Condition Attacks and Defenses on System Audit Frameworks

Riccardo Paccagnella (University of Illinois at Urbana-Champaign); Kevin Liao (Max Planck Institute for Security and Privacy); Dave (Jing) Tian (Purdue University); Adam Bates (University of Illinois at Urbana-Champaign)


Session 5D: Secure Computation

Session Chair: Dov Gordon (GMU)


MP-SPDZ: A Versatile Framework for Multi-Party Computation

Marcel Keller (CSIRO's Data61)

Is the Classical GMW Paradigm Practical? The Case of Non-Interactive Actively Secure 2PC

Jackson Abascal (Carnegie Mellon University); Carmit Hazay (Bar-Ilan University); Mohammad Hossein Faghihi Sereshgi (University of Rochester); Yuval Ishai (Technion); Muthuramakrishnan Venkitasubramaniam (University of Rochester)

Ferret: Fast Extension for Correlated OT with Small Communication

Kang Yang (State Key Laboratory of Cryptology); Chenkai Weng (Northwestern University); Xiao Lan (Sichuan University); Jiang Zhang (State Key Laboratory of Cryptology); Xiao Wang (Northwestern University)

More Efficient MPC from Improved Triple Generation and Authenticated Garbling

Kang Yang (State Key Laboratory of Cryptology); Xiao Wang (Northwestern University); Jiang Zhang (State Key Laboratory of Cryptology)


Session 5E: Infrastructure Security

Session Chair: Mohit Tiwari (UT Austin)


Mitigation of Attacks on Email End-to-End Encryption

Jörg Schwenk (Ruhr University Bochum); Marcus Brinkmann (Ruhr University Bochum); Damian Poddebniak (Münster University of Applied Sciences); Jens Müller (Ruhr University Bochum); Juraj Somorovsky (Paderborn University); Sebastian Schinzel (Münster University of Applied Sciences)

Impersonation-as-a-Service: Characterizing the Emerging Criminal Infrastructure for User Impersonation at Scale

Michele Campobasso (Eindhoven University of Technology); Luca Allodi (Eindhoven University of Technology)

VisualPhishNet: Zero-Day Phishing Website Detection by Visual Similarity

Sahar Abdelnabi (CISPA Helmholtz Center for Information Security); Katharina Krombholz (CISPA Helmholtz Center for Information Security); Mario Fritz (CISPA Helmholtz Center for Information Security)

Dangerous Skills Got Certified: Measuring the Trustworthiness of Skill Certification in Voice Personal Assistant Platforms

Long Cheng (Clemson University); Christin Wilson (Clemson University); Song Liao (Clemson University); Jeffrey Alan Young (Clemson University); Daniel Dong (Clemson University); Hongxin Hu (Clemson University)

Break/Interaction with paper authors

Session 6A: Signatures

Session Chair: Mariana Raykova (Google)


MuSig-DN: Schnorr Multi-Signatures with Verifiably Deterministic Nonces

Jonas Nick (Blockstream); Tim Ruffing (Blockstream); Yannick Seurin (ANSSI, France); Pieter Wuille (Blockstream)

Verifiable Timed Signatures Made Practical

Sri AravindaKrishnan Thyagarajan (Friedrich Alexander Universität Erlangen-Nürnberg); Adithya Bhat (Purdue University); Giulio Malavolta (UC Berkeley); Nico Döttling (CISPA Helmholtz Center for Information Security); Aniket Kate (Purdue University); Dominique Schröder (Friedrich-Alexander Universität Erlangen-Nürnberg)

Asynchronous Distributed Key Generation for Computationally Secure Randomness, Consensus, and Threshold Signatures

Eleftherios Kokoris Kogias (Novi and IST Austria); Dahlia Malkhi (Novi); Alexander Spiegelman (Novi)

UC Non-Interactive, Proactive, Threshold ECDSA with Identifiable Aborts

Ran Canetti (Boston University); Rosario Gennaro (City College, CUNY); Steven Goldfeder (Cornell Tech); Nikolaos Makriyannis (Fireblocks); Udi Peled (Fireblocks)


Session 6B: Exploitation and Defenses

Session Chair: Michael Franz (UC Irvine)


A Generic Technique for Automatically Finding Defense-Aware Code Reuse Attacks

Edward J. Schwartz (Carnegie Mellon University); Stephanie M. Schwartz (Millersville University); Cory Cohen (Carnegie Mellon University); Jeff Gennari (Carnegie Mellon University)

Methodologies for Quantifying (Re-)randomization Security and Timing under JIT-ROP

Md Salman Ahmed (Virginia Tech, Dept of Computer Science); Ya Xiao (Virginia Tech, Dept of Computer Science); Kevin Z. Snow (Zeropoint Dynamics); Gang Tan (Penn State University); Fabian Monrose (University of North Carolina-Chapel Hill); Danfeng (Daphne) Yao (Virginia Tech, Dept of Computer Science)

Finding Cracks in Shields: On the Security of Control Flow Integrity Mechanisms

Yuan Li (Tsinghua University); Mingzhe Wang (Tsinghua University); Chao Zhang (Tsinghua University); Xingman Chen (Tsinghua University); Songtao Yang (Tsinghua University); Ying Liu (Tsinghua University)

RTFM! Automatic Assumption Discovery and Verification Derivation from Library Document for API Misuse Detection

Tao Lv (SKLOIS, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China; School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China); Ruishi Li (SKLOIS, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China; School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China); Yi Yang (SKLOIS, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China; School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China); Kai Chen (SKLOIS, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China; School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China); Xiaojing Liao (Indiana University Bloomington); XiaoFeng Wang (Indiana University Bloomington); Peiwei Hu (SKLOIS, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China; School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China); Luyi Xing (Indiana University Bloomington)


Session 6C: Side Channels

Session Chair: Yinqian Zhang (Ohio State)


InSpectre: Breaking and Fixing Microarchitectural Vulnerabilities by Formal Analysis

Roberto Guanciale (KTH Royal Institute of Technology); Musard Balliu (KTH Royal Institute of Technology); Mads Dam (KTH Royal Institute of Technology)

Speculative Probing: Hacking Blind in the Spectre Era

Enes Goktas (Stevens Institute of Technology); Kaveh Razavi (ETH Zurich); Georgios Portokalidis (Stevens Institute of Technology); Herbert Bos (Vrije Universiteit Amsterdam); Cristiano Giuffrida (Vrije Universiteit Amsterdam)

Deja Vu: Side-Channel Analysis of Mozilla's NSS

Sohaib ul Hassan (Tampere University); Iaroslav Gridin (Tampere University); Ignacio M. Delgado-Lozano (Tampere University); Cesar Pereida García (Tampere University); Jesús-Javier Chi-Domínguez (Tampere University); Alejandro Cabrera Aldaya (Tampere University); Billy Bob Brumley (Tampere University)

TRUSTORE: Side-Channel Resistant Storage for SGX using Intel Hybrid CPU-FPGA

Hyunyoung Oh (Seoul National University); Adil Ahmad (Purdue University); Seonghyun Park (Seoul National University); Byoungyoung Lee (Seoul National University); Yunheung Paek (Seoul National University)


Session 6D: Web Security

Session Chair: Adam Doupé (Arizona State University)


DECO: Liberating Web Data Using Decentralized Oracles for TLS

Fan Zhang (Cornell); Sai Krishna Deepak Maram (Cornell Tech); Harjasleen Malvai (Cornell University); Steven Goldfeder (Cornell Tech); Ari Juels (Jacobs Institute, Cornell Tech)

Talking with Familiar Strangers: An Empirical Study on HTTPS Context Confusion Attacks

Mingming Zhang (Institute for Network Sciences and Cyberspace, Tsinghua University); Xiaofeng Zheng (Institute for Network Sciences and Cyberspace, Tsinghua University; QiAnXin Technology Research Institute.); Kaiwen Shen (Institute for Network Sciences and Cyberspace, Tsinghua University); Ziqiao Kong (QiAnXin Technology Research Institute); Chaoyi Lu (Institute for Network Sciences and Cyberspace, Tsinghua University); Yu Wang (Institute for Network Sciences and Cyberspace, Tsinghua University); Haixin Duan (Institute for Network Sciences and Cyberspace, Tsinghua University; QiAnXin Technology Research Institute.); Shuang Hao (University of Texas at Dallas); Baojun Liu (Department of Computer Science and Technology, Tsinghua University); Min Yang (Fudan University)

The Cookie Hunter: Automated Black-box Auditing for Web Authentication and Authorization Flaws

Kostas Drakonakis (FORTH); Sotiris Ioannidis (Technical University of Crete, Greece); Jason Polakis (University of Illinois at Chicago)

TrafficSliver: Fighting Website Fingerprinting Attacks with Traffic Splitting

Wladimir De la Cadena (University of Luxembourg); Asya Mitseva (Brandenburg University of Technology); Jens Hiller (RWTH Aachen University); Jan Pennekamp (RWTH Aachen University); Sebastian Reuter (RWTH Aachen University); Julian Filter (RWTH Aachen University); Klaus Wehrle (RWTH Aachen University); Thomas Engel (University of Luxembourg); Andriy Panchenko (Brandenburg University of Technology)


Session 6E: Zero Knowledge

Session Chair: Jonathan Bootle (IBM Research - Zurich)


Lift-and-Shift: Obtaining Simulation Extractable Subversion and Updatable SNARKs Generically

Behzad Abdolmaleki (University of Tartu); Sebastian Ramacher (AIT Austrian Institute of Technology); Daniel Slamanig (AIT Austrian Institute of Technology)

Pointproofs: Aggregating Proofs for Multiple Vector Commitments

Sergey Gorbunov (University of Waterloo); Leonid Reyzin (Algorand and Boston University); Hoeteck Wee (CNRS, ENS, PSL, and NTT Research); Zhenfei Zhang (Algorand)

Ligero++: A New Optimized Sublinear IOP

Rishabh Bhadauria (Bar-Ilan University); Zhiyong Fang (Texas A&M University); Carmit Hazay (Bar-Ilan University); Muthuramakrishnan Venkitasubramaniam (University of Rochester); Tiancheng Xie (UC Berkeley); Yupeng Zhang (Texas A&M University)

Zero Knowledge Proofs for Decision Tree Predictions and Accuracy

Jiaheng Zhang (UC Berkeley); Zhiyong Fang (Texas A&M University); Yupeng Zhang (Texas A&M University); Dawn Song (UC Berkeley)

A 2.1 KHz Zero-Knowledge Processor with BubbleRAM

David Heath (Georgia Institute of Technology); Vladimir Kolesnikov (Georgia Tech)


Interaction with paper authors