Initial Occurrence of Program: in U.S. Eastern Standard Time (UTC -5:00) Repeat Occurrence of Program: One Day Later in China Standard Time (UTC +8:00)
All plenary sessions (opening remarks, keynote, and award ceremony) are held in Plenary Room. All parallel talk sessions are held in rooms A-E based on session ID.
Join us in the CCS’20 venue to gather with fellow attendees, and get yourself familiarized with navigating on the Gather.town platform. Note: Please use Firefox or Chrome browser.
CCS Main Conference on Tuesday, November 10th, 2020
CLAPS: Client-Location-Aware Path Selection in Tor
Florentin Rochet (UCLouvain); Ryan Wails (U.S. Naval Research Laboratory); Aaron Johnson (U.S. Naval Research Laboratory); Prateek Mittal (Princeton Univ.); Olivier Pereira (UCLouvain)
Poking a Hole in the Wall: Efficient Censorship-Resistant Internet Communications by Parasitizing on WebRTC
Diogo Barradas (Instituto Superior Técnico, Universidade de Lisboa); Nuno Santos (Instituto Superior Técnico, Universidade de Lisboa); Luis Rodrigues (Instituto Superior Técnico, Universidade de Lisboa); Vítor Nunes (Instituto
Superior Técnico, Universidade de Lisboa)
Censored Planet: An Internet-wide, Longitudinal Censorship Observatory
Ram Sundara Raman (University of Michigan); Prerana Shenoy (University of Michigan); Katharina Kohls (Ruhr University Bochum); Roya Ensafi (University of Michigan)
Session 1B: Attacking and Defending ML Systems
Session Chair: Ting Wang (Pennsylvania State University)
Gotta Catch'Em All: Using Honeypots to Catch Adversarial Attacks on Neural Networks
Shawn Shan (University of Chicago); Emily Wenger (University of Chicago); Bolun Wang (University of Chicago); Bo Li (UIUC); Haitao Zheng (University of Chicago); Ben Y. Zhao (University of Chicago)
A Tale of Evil Twins: Adversarial Inputs versus Poisoned Models
Ren Pang (Penn State University); Hua Shen (Penn State University); Xinyang Zhang (Penn State University); Shouling Ji (Zhejiang University); Yevgeniy Vorobeychik (Washington University in St. Louis); Xiapu Luo (The Hong Kong
Polytechnic University); Alex X. Liu (Ant Financial Services Group); Ting Wang (Penn State)
DeepDyve: Dynamic Verification for Deep Neural Networks
YU LI (The Chinese University of Hong Kong); Min Li (The Chinese University of Hong Kong); Bo Luo (The Chinese University of Hong Kong); Ye Tian (The Chinese University of Hong Kong); Qiang Xu (The Chinese University of Hong
Kong)
Composite Backdoor Attack for Deep Neural Network by Mixing Existing Benign Features
Junyu Lin (National Key Laboratory for Novel Software Technology, Nanjing University); Lei Xu (National Key Laboratory for Novel Software Technology, Nanjing University); Yingqi Liu (Purdue Univ.); Xiangyu Zhang (Purdue
University)
Session 1C: Binary Analysis/Policy and Access Control
Session Chair: Fish Wang (Arizona State University)
Devil is Virtual: Reversing Virtual Inheritance in C++ Binaries
Lei Zhao (Wuhan University); Yuncong Zhu (Wuhan University); Jiang Ming (University of Texas at Arlington); Yichen Zhang (Wuhan University); Haotian Zhang (University of Texas at Arlington); Heng Yin (University of California,
Riverside)
FirmRay: Detecting BLE Link Layer Vulnerabilities from Configurations in Bare-Metal Firmware
Haohuang Wen (Ohio State University); Zhiqiang Lin (Ohio State University); Yinqian Zhang (Ohio State University)
Privaros: A Framework for Privacy-Compliant Delivery Drones
Session 1D: Applied Cryptography and Cryptanalysis
Session Chair: Xiao Wang (Northwestern University)
A Performant, Misuse-Resistant API for Primality Testing
Jake Massimo (Royal Holloway, University of London); Kenny Paterson (ETH Zurich)
ProMACs: Progressive and Resynchronizing MACs for Continuous Efficient Authentication of Message Streams
Frederik Armknecht (University of Mannheim); Paul Walther (TU Dresden); Gene Tsudik (UCI); Martin Beck (TU Dresden); Thorsten Strufe (Karlsruhe Institute of Technology and CeTI TU Dresden)
LadderLeak: Breaking ECDSA with Less than One Bit of Nonce Leakage
Diego F. Aranha (Aarhus University); Felipe Rodrigues Novaes (University of Campinas); Akira Takahashi (Aarhus University); Mehdi Tibouchi (NTT); Yuval Yarom (University of Adelaide and Data61)
Security of Streaming Encryption in Google's Tink Library
HoneyPLC: A Next-Generation Honeypot for Industrial Control Systems
Efren Lopez-Morales (Arizona State University); Carlos E. Rubio-Medrano (Arizona State University); Tiffany Bao (Arizona State University); Adam Doupe (Arizona State University); Yan Shoshitaishvili (Arizona State University);
Ruoyu Wang (Arizona State University); Gail-Joon Ahn (Arizona State University)
Phantom of the ADAS: Securing Advanced Driver-Assistance Systems from Split-Second Phantom Attacks
Ben Nassi (Ben-Gurion University of the Negev); Yisroel Mirsky (Georgia Institute of Technology); Dudi Nassi (Ben-Gurion University of the Negev); Raz Ben-Netanel (Ben-Gurion University of the Negev); Oleg Drokin (Independent
Researcher); Yuval Elovici (Ben Gurion University of the Negev)
T2Pair: Secure and Usable Pairing for Heterogeneous IoT Devices
Xiaopeng Li (University of South Carolina); Qiang Zeng (University of South Carolina); Lannan Luo (University of South Carolina); Tongbo Luo (JD.com)
GAN-Leaks: A Taxonomy of Membership Inference Attacks against Generative Models
Dingfan Chen (CISPA Helmholtz Center for Information Security); Ning Yu (Max Planck Institute for Informatics); Yang Zhang (CISPA Helmholtz Center for Information Security); Mario Fritz (CISPA Helmholtz Center for Information
Security)
Analyzing Information Leakage of Updates to Natural Language Models
Santiago Zanella-Béguelin (Microsoft Research); Lukas Wutschitz (Microsoft Research); Shruti Tople (Microsoft Research); Victor Rühle (Microsoft Research); Andrew Paverd (Microsoft Research); Olga Ohrimenko (University of
Melbourne); Boris Köpf (Microsoft Research); Marc Brockschmidt (Microsoft Research)
Information Leakage in Embedding Models
Congzheng Song (Cornell University); Ananth Raghunathan (Facebook)
PPE Circuits: Formal Definition to Software Automation
Susan Hohenberger (Johns Hopkins University); Satyanarayana Vusirikala (University of Texas at Austin); Brent Waters (University of Texas at Austin and NTT Research)
Threshold Password-Hardened Encryption Services
Julian Brost (Friedrich-Alexander-University); Christoph Egger (Friedrich-Alexander-University); Russell Lai (Friedrich-Alexander-University); Fritz Schmid (Friedrich-Alexander-University); Dominique Schröder
(Friedrich-Alexander-University); Markus Zoppelt (Nuremberg Institute of Technology)
Minimal Symmetric PAKE and 1-out-of-N OT from Programmable-Once Public Functions
Ian McQuoid (Oregon State University); Mike Rosulek (Oregon State University); Lance Roy (Oregon State University)
Full Database Reconstruction in Two Dimensions
Francesca Falzon (University of Chicago); Evangelia Anna Markatou (Brown University); Akshima (University of Chicago); David Cash (University of Chicago); Adam Rivkin (University of Chicago); Jesse Stern (University of Chicago);
Roberto Tamassia (Brown University)
Slimium: Debloating the Chromium Browser with Feature Subsetting
Chenxiong Qian (Georgia Institute of Technology); HyungJoon Koo (Georgia Institute of Technology); ChangSeok Oh (Georgia Institute of Technology); Taesoo Kim (Georgia Institute of Technology); Wenke Lee (Georgia Institute of
Technology)
You’ve Changed: Detecting Malicious Browser Extensions through their Update Deltas
Nikolaos Pantelaios (North Carolina State University); Nick Nikiforakis (Stony Brook University); Alexandros Kapravelos (North Carolina State University)
PMForce: Systematically Analyzing postMessage Handlers at Scale
Marius Steffens (CISPA Helmholtz Center for Information Security); Ben Stock (CISPA Helmholtz Center for Information Security)
Fill in the Blanks: Empirical Analysis of the Privacy Threats of Browser Form Autofill
Xu Lin (University of Illinois at Chicago); Panagiotis Ilia (University of Illinois at Chicago); Jason Polakis (University of Illinois at Chicago)
Session 2D: Mobile Security
Session Chair: Xusheng Xiao (Case Western Reserve
University)
Lies in the Air: Characterizing Fake-base-station Spam Ecosystem in China
Yiming Zhang (Beijing National Research Center for Information Science and Technology (BNRist), Tsinghua University; Department of Computer Science and Technology, Tsinghua University); Baojun Liu (Beijing National Research
Center for Information Science and Technology (BNRist), Tsinghua University; Department of Computer Science and Technology, Tsinghua University; 360 Netlab); Chaoyi Lu (Institute for Network Sciences and Cyberspace, Tsinghua
University; Beijing National Research Center for Information Science and Technology (BNRist), Tsinghua University; 360 Netlab); Zhou Li (University of California, Irvine); Haixin Duan (Institute for Network Sciences and Cyberspace,
Tsinghua University; Beijing National Research Center for Information Science and Technology (BNRist), Tsinghua University; Qi An Xin Technology Research Institute); Shuang Hao (University of Texas at Dallas); Mingxuan Liu
(Institute for Network Sciences and Cyberspace, Tsinghua University; Beijing National Research Center for Information Science and Technology (BNRist), Tsinghua University); Ying Liu (Institute for Network Sciences and Cyberspace,
Tsinghua University); Dong Wang (360 Mobile Safe); Qiang Li (360 Mobile Safe)
VAHunt: Warding Off New Repackaged Android Malware in App-Virtualization’s Clothing
Luman Shi (Wuhan University); Jiang Ming (University of Texas at Arlington); Jianming Fu (Wuhan University); Guojun Peng (Wuhan University); Dongpeng Xu (University of New Hampshire); Kun Gao (Wuhan Antiy Information Technology);
Xuanchen Pan (Wuhan Antiy Information Technology)
Deploying Android Security Updates: An Extensive Study Involving Manufacturers, Carriers, and End Users
Kailani R. Jones (University of Kansas); Ting-Fang Yen (DataVisor, Inc.); Sathya Chandran Sundaramurthy (DataVisor, Inc.); Alexandru G. Bardas (University of Kansas)
Demystifying Resource Management Risks in Emerging Mobile App-in-App Ecosystems
Haoran Lu (Indiana University Bloomington); Luyi Xing (Indiana University Bloomington); Yifan Zhang (Indiana University Bloomington); Yue Xiao (Indiana University Bloomington); Xiaojing Liao (Indiana University Bloomington);
XiaoFeng Wang (Indiana University Bloomington); Xueqiang Wang (Indiana University Bloomington)
ACE: Asynchronous and Concurrent Execution of Complex Smart Contracts
Karl Wüst (ETH Zurich); Sinisa Matetic (ETH Zurich); Silvan Egli (ETH Zurich); Kari Kostiainen (ETH Zurich); Srdjan Capkun (ETH Zurich)
BDoS: Blockchain Denial-of-Service
Michael Mirkin (Technion); Yan Ji (Cornell Tech); Jonathan Pang (Cornell University); Ariah Klages-Mundt (Cornell University); Ittay Eyal (Technion); Ari Juels (Cornell Tech)
eThor: Practical and Provably Sound Static Analysis of Ethereum Smart Contracts
Clara Schneidewind (TU Wien); Markus Scherer (TU Wien); Ilya Grishchenko (TU Wien); Matteo Maffei (TU Wien)
WI is Almost Enough: Contingent Payment All Over Again
Ky Nguyen (Ecole Normale Superieure); Miguel Ambrona (NTT Laboratories); Masayuki Abe (NTT Secure Platform Laboratories)
Interaction with paper authors
CCS Main Conference on Wednesday, November 11th, 2020
Private Summation in the Multi-Message Shuffle Model
Borja Balle (DeepMind); James Bell (The Alan Turing Institute); Adrià Gascón (Google); Kobbi Nissim (Georgetown University)
R^2DP: A Universal and Automated Approach to Optimizing the Randomization Mechanisms of Differential Privacy for Utility Metrics with No Known Optimal Distributions
Meisam Mohammady (Concordia University); Shangyu Xie (Illinois Institute of Technology); Yuan Hong (Illinois Institute of Technology); Mengyuan Zhang (Ericsson Security Research); Lingyu Wang (Concordia University); Makan
Pourzandi (Ericsson Security Research); Mourad Debbabi (Concordia University)
Estimating g-Leakage via Machine Learning
Marco Romanelli (INRIA, Ecole Polytechinque, Università di Siena); Konstantinos Chatzikokolakis (University of Athens); Catuscia Palamidessi (INRIA (Invited Chair on Privacy)); Pablo Piantanida (L2S,
CentraleSupelec, CNRS, Université Paris Saclay)
Implementing the Exponential Mechanism with Base-2 Differential Privacy
Examining Mirai's Battle over the Internet of Things
Harm Griffioen (Hasso Plattner Institute); Christian Doerr (Hasso Plattner Institute)
Enhancing State-of-the-art Classifiers with API Semantics to Detect Evolved Android Malware
Xiaohan Zhang (Fudan University); Yuan Zhang (Fudan University); Ming Zhong (Fudan University); Daizong Ding (Fudan University); Yinzhi Cao (Johns Hopkins University); Yukun Zhang (Fudan University); Mi Zhang (Fudan University);
Min Yang (Fudan University)
Towards Attribution in Mobile Markets: Identifying Developer Account Polymorphism
Silvia Sebastián (IMDEA Software Institute); Juan Caballero (IMDEA Software Institute)
Mnemosyne: An Effective and Efficient Postmortem Watering Hole Attack Investigation System
Joey Allen (Georgia Institute of Technology); Zheng Yang (Georgia Institute of Technology); Matthew Landen (Georgia Institute of Technology); Raghav Bhat (Georgia Institute of Technology); Harsh Grover (Georgia Institute of
Technology); Andrew Chang (Georgia Institute of Technology); Yang Ji (Palo Alto Networks); Roberto Perdisci (University of Georgia and Georgia Tech); Wenke Lee (Georgia Institute of Technology)
Bingyong Guo (Institute of Software, Chinese Academy of Sciences; State Key Laboratory of Cryptology; School of Computer Science and Technology, University of Chinese Academy of Sciences; JDD-NJIT-ISCAS Joint Blockchain Lab);
Zhenliang Lu (New jersey institute of technology; JDD-NJIT-ISCAS Joint Blockchain Lab); Qiang Tang (New Jersey Institute of Technology; JDD-NJIT-ISCAS Joint Blockchain Lab); Jing Xu (Institute of Software, Chinese Academy of
Sciences; JDD-NJIT-ISCAS Joint Blockchain Lab); Zhenfeng Zhang (Institute of Software, Chinese Academy of Sciences; JDD-NJIT-ISCAS Joint Blockchain Lab)
Tight Consistency Bounds for Bitcoin
Peter Gaži (IOHK); Aggelos Kiayias (University of Edinburgh and IOHK); Alexander Russell (University of Connecticut and IOHK)
On the Optimality of Optimistic Responsiveness
Ittai Abraham (VMware Research); Kartik Nayak (Duke University); Ling Ren (UIUC); Nibesh Shrestha (Rochester Institute of Technology)
Everything is a Race and Nakamoto Always Wins
Amir Dembo (Stanford University); Sreeram Kannan (University of Washington); Ertem Nusret Tas (Stanford University); David Tse (Stanford University);
Pramod Viswanath (University of Illinois at Urbana-Champaign); Xuechao Wang (University of Illinois at Urbana-Champaign); Ofer Zeitouni (Weizmann Institute of Science)
Session 3D: Formal Methods
Session Chair: Deepak Garg (Max Planck Institute for Software Systems)
Security Analysis and Implementation of Relay-Resistant Contactless Payments
Ioana Boureanu (Univ. of Surrey, Surrey Centre for Cyber Security); Tom Chothia (University of Birmingham); Alexandre Debant (Univ Rennes, CNRS, IRISA); Stéphanie Delaune (Univ Rennes, CNRS, IRISA)
HACL×N: Verified Generic SIMD Crypto (for all your favourite platforms)
Marina Polubelova (INRIA); Karthikeyan Bhargavan (INRIA); Jonathan Protzenko (Microsoft Research); Benjamin Beurdouche (INRIA & Mozilla); Aymeric Fromherz (Carnegie Mellon University); Natalia Kulatova (INRIA); Santiago
Zanella-Béguelin (Microsoft Research)
CheckDP: An Automated and Integrated Approach for Proving Differential Privacy or Finding Precise Counterexamples
Yuxin Wang (Pennsylvania State University); Zeyu Ding (Pennsylvania State University); Daniel Kifer (Pennsylvania State University); Danfeng Zhang (Pennsylvania State University)
Asynchronous Remote Key Generation: An Analysis of Yubico’s Proposal for W3C WebAuthn
Nick Frymann (University of Surrey); Daniel Gardham (University of Surrey); Franziskus Kiefer (Unaffiliated); Emil Lundberg (Yubico); Mark Manulis (University of Surrey); Dain Nilsson (Yubico)
Session Chair: Tiffany Bao (Arizona State University)
SQUIRREL: Testing Database Management Systems with Language Validity and Coverage Feedback
Rui Zhong (Pennsylvania State University); Yongheng Chen (GeorgiaTech); Hong Hu (GeorgiaTech); Hangfan Zhang (Nanjing University); Wenke Lee (GeorgiaTech); Dinghao Wu (Pennsylvania State University)
FREEDOM: Engineering a State-of-the-Art DOM Fuzzer
Wen Xu (Georgia Institute of Technology); Soyeon Park (Georgia Institute of Technology); Taesoo Kim (Georgia Institute of Technology)
BlackMirror: Preventing Wallhacks in 3D Online FPS Games
Seonghyun Park (Seoul National University); Adil Ahmad (Purdue); Byoungyoung Lee (Seoul National University)
Cache-in-the-Middle (CITM) Attacks : Manipulating Sensitive Data in Isolated Execution Environments
Jie Wang (State Key Laboratory of Information Security,Institute of Information Engineering,CAS,Beijing,China;George Mason University,Fairfax,VA,USA;School of Cyber Security,University of Chinese Academy of
Sciences,Beijing,China;Data Assurance and Communication Security Research Center,CAS,Beijing,China); Kun Sun (George Mason University,Fairfax,VA,USA); Lingguang Lei (State Key Laboratory of Information Security,Institute of
Information Engineering,CAS,Beijing,China;School of Cyber Security,University of Chinese Academy of Sciences,Beijing,China;Data Assurance and Communication Security Research Center,CAS,Beijing,China); Shengye Wan (College of
William and Mary); Yuewu Wang (State Key Laboratory of Information Security,Institute of Information Engineering,CAS,Beijing,China;School of Cyber Security,University of Chinese Academy of Sciences,Beijing,China;Data Assurance and
Communication Security Research Center,CAS,Beijing,China); Jiwu Jing (University of Chinese Academy of Sciences,Beijing,China)
Session 3P: Binary Analysis/Policy and Access Control
Session 1C from Day 1 moved to Day 2 and will be held in the Plenary room
Session Chair: Fish Wang (Arizona State University)
Devil is Virtual: Reversing Virtual Inheritance in C++ Binaries
Lei Zhao (Wuhan University); Yuncong Zhu (Wuhan University); Jiang Ming (University of Texas at Arlington); Yichen Zhang (Wuhan University); Haotian Zhang (University of Texas at Arlington); Heng Yin (University of California,
Riverside)
FirmRay: Detecting BLE Link Layer Vulnerabilities from Configurations in Bare-Metal Firmware
Haohuang Wen (Ohio State University); Zhiqiang Lin (Ohio State University); Yinqian Zhang (Ohio State University)
Privaros: A Framework for Privacy-Compliant Delivery Drones
Nabil Alkeilani Alkadri (Technische Universität Darmstadt); Poulami Das (Technische Universität Darmstadt); Andreas Erwig (Technische Universität Darmstadt); Sebastian Faust (Technische Universität Darmstadt); Juliane Krämer
(Technische Universität Darmstadt); Siavash Riahi (Technische Universität Darmstadt); Patrick Struck (Technische Universität Darmstadt)
SNI-in-the-head: Protecting MPC-in-the-head Protocols against Side-channel Analysis
Okan Seker (University of Lübeck); Sebastian Berndt (University of Lübeck); Luca Wilke (University of Lübeck); Thomas Eisenbarth (University of Lübeck)
Practical Lattice-Based Zero-Knowledge Proofs for Integer Relations
Vadim Lyubashevsky (IBM Research - Zurich); Ngoc Khanh Nguyen (IBM Research - Zurich and ETH Zurich); Gregor Seiler (IBM Research - Zurich and ETH Zurich)
QuantumHammer: A Practical Hybrid Attack on the LUOV Signature Scheme
Koksal Mus (Worcester Polytechnic Institute (WPI)); Saad Islam (Worcester Polytechnic Institute (WPI)); Berk Sunar (Worcester Polytechnic Institute (WPI))
Session 4B: Physical Attacks
Session Chair: Sara Rampazzi (University of Florida)
TEMPEST Comeback: A Realistic Audio Eavesdropping Threat on Mixed-signal SoCs
Jieun Choi (KAIST); Hae-Yong Yang (The Affiliated Institute of ETRI); Dong-Ho Cho (KAIST)
When the Differences in Frequency Domain are Compensated: Understanding and Defeating Modulated Replay Attacks on Automatic Speech Recognition
Shu Wang (George Mason University); Jiahao Cao (Tsinghua University); Xu He (George Mason University); Kun Sun (George Mason University); Qi Li (Tsinghua University)
AdvPulse: Universal, Synchronization-free, and Targeted Audio Adversarial Attacks via Subsecond Perturbations
Zhuohang Li (University of Tennessee, Knoxville); Yi Wu (University of Tennessee, Knoxville); Jian Liu (University of Tennessee, Knoxville); Yingying Chen (Rutgers University)
Harnessing the Ambient Radio Frequency Noise for Wearable Device Pairing
Wenqiang Jin (The University of Texas at Arlington); Ming Li (The University of Texas at Arlington); Srinivasan Murali (The University of Texas at Arlington); Linke Guo (Clemson University)
Pdiff: Semantic-based Patch Presence Testing for Downstream Kernels
Zheyue Jiang (Fudan University); Yuan Zhang (Fudan University); Jun Xu (Stevens Institute of Technology); Qi Wen (Fudan University); Zhenghe Wang (Fudan University); Xiaohan Zhang (Fudan University); Xinyu Xing (Pennsylvania
State University); Min Yang (Fudan University); Zhemin Yang (Fudan University)
A Systematic Study of Elastic Objects in Kernel Exploitation
Yueqi Chen (Pennsylvania State University); Zhenpeng Lin (Pennsylvania State University); Xinyu Xing (Pennsylvania State University)
iDEA: Towards Static Analysis on the Security of Apple Kernel Drivers
Xiaolong Bai (Alibaba Group); Luyi Xing (Indiana University Bloomington); Min Zheng (Alibaba Group); Fuping Qu (Alibaba Group)
Exaggerated Error Handling Hurts! An In-Depth Study and Context-Aware Detection
Aditya Pakki (University of Minnesota); Kangjie Lu (University of Minnesota)
LEAF: A Faster Secure Search Algorithm via Localization, Extraction, and Reconstruction
Rui Wen (CISPA Helmholtz Center for Information Security); Yu Yu (Shanghai Jiao Tong University); Xiang Xie (Platon); Yang Zhang (CISPA Helmholtz Center for Information Security)
Avishay Yanai (Bar-Ilan University); Ittai Abraham (VMware Research); Benny Pinkas (VMware Research, Bar Ilan University)
Secure Single-Server Aggregation with (Poly)Logarithmic Overhead
James Bell (The Alan Turing Institute); Kallista Bonawitz (Google LLC); Adrià Gascón (Google LLC); Tancrède Lepoint (Google LLC); Mariana Raykova (Google LLC)
Fast Database Joins and PSI for Secret Shared Data
Peter Rindal (Visa Research); Mike Rosulek (Oregon State University); Payman Mohassel (Facebook)
Session 4E: Network Security
Session Chair: Ben Stock (CISPA Helmholtz Center for Information
Security)
The Boon and Bane of Cross-Signing: Shedding Light on a Common Practice in Public Key Infrastructures
Jens Hiller (RWTH Aachen University); Johanna Amann (ICSI, Corelight, LBNL); Oliver Hohlfeld (Brandenburg University of Technology)
Zombie Awakening: Stealthy Hijacking of Active Domains through DNS Hosting Referral
Eihal Alowaisheq (Indiana University, King Saud University); Siyuan Tang (Indiana University); Zhihao Wang (Institute of Information Engineering, Chinese Academy of Sciences); Fatemah Alharbi (Taibah University); Xiaojing Liao
(Indiana University); XiaoFeng Wang (Indiana University)
Off-Path TCP Exploits of the Mixed IPID Assignment
Xuewei Feng (Tsinghua University); Chuanpu Fu (Dalian University of Technology); Qi Li (Tsinghua University; Beijing National Research Center for Information Science and Technology); Kun Sun (George Mason University); Ke Xu
(Tsinghua University; Beijing National Research Center for Information Science and Technology; Peng Cheng Laboratory)
DNS Cache Poisoning Attack Reloaded: Revolutions with Side Channels
Keyu Man (University of California, Riverside); Zhiyun Qian (University of California, Riverside); Zhongjie Wang (University of California, Riverside); Xiaofeng Zheng (Qi-AnXin Group, Tsinghua University); Youjun Huang (Tsinghua
University); Haixin Duan (Tsinghua University, Qi-AnXin Group)
Session 4P: Cyberphysical Systems
Session 1E from Day 1 moved to Day 2 and will be held in the Plenary room
HoneyPLC: A Next-Generation Honeypot for Industrial Control Systems
Efren Lopez-Morales (Arizona State University); Carlos E. Rubio-Medrano (Arizona State University); Tiffany Bao (Arizona State University); Adam Doupe (Arizona State University); Yan Shoshitaishvili (Arizona State University);
Ruoyu Wang (Arizona State University); Gail-Joon Ahn (Arizona State University)
Phantom of the ADAS: Securing Advanced Driver-Assistance Systems from Split-Second Phantom Attacks
Ben Nassi (Ben-Gurion University of the Negev); Yisroel Mirsky (Georgia Institute of Technology); Dudi Nassi (Ben-Gurion University of the Negev); Raz Ben-Netanel (Ben-Gurion University of the Negev); Oleg Drokin (Independent
Researcher); Yuval Elovici (Ben Gurion University of the Negev)
T2Pair: Secure and Usable Pairing for Heterogeneous IoT Devices
Xiaopeng Li (University of South Carolina); Qiang Zeng (University of South Carolina); Lannan Luo (University of South Carolina); Tongbo Luo (JD.com)
Interaction with paper authors
CCS Main Conference on Thursday, November 12th, 2020
Text Captcha Is Dead? A Large Scale Deployment and Empirical Study
Chenghui Shi (Zhejiang University); Shouling Ji (Zhejiang University); Qianjun Liu (Zhejiang University); Changchang Liu (IBM Research); Yuefeng Chen (Alibaba Group); Yuan He (Alibaba Group); Zhe Liu (Nanjing University of
Aeronautics and Astronautics); Raheem Beyah (Georgia Institute of Technology); Ting Wang (Penn State)
Practical Recommendations for Stronger, More Usable Passwords Combining Minimum-strength, Minimum-length, and Blocklist Requirements
Peter Schwabe (Radboud University); Douglas Stebila (University of Waterloo); Thom Wiggers (Radboud University)
Clone Detection in Secure Messaging: Improving Post-Compromise Security in Practice
Cas Cremers (CISPA Helmholtz Center for Information Security); Jaiden Fairoze (CISPA Helmholtz Center for Information Security); Benjamin Kiesl (CISPA Helmholtz Center for Information Security); Aurora Naska (CISPA Helmholtz
Center for Information Security)
A Forensically Sound Method of Identifying Downloaders and Uploaders in Freenet
Brian N. Levine (University of Massachusetts Amherst); Marc Liberatore (University of Massachusetts Amherst); Brian Lynn (University of Massachusetts Amherst); Matthew Wright (Rochester Institute of Technology)
A Qualitative Study of Dependency Management and Its Security Implications
Ivan Pashchenko (University of Trento, Italy); Duc Ly Vu (University of Trento, Italy); Fabio Massacci (University of Trento, Italy)
Forensic Analysis in Access Control: Foundations and a Case-Study from Practice
Nahid Juma (University of Waterloo); Xiaowei Huang (University of Waterloo); Mahesh Tripunitara (University of Waterloo)
Logging to the Danger Zone: Race Condition Attacks and Defenses on System Audit Frameworks
Riccardo Paccagnella (University of Illinois at Urbana-Champaign); Kevin Liao (Max Planck Institute for Security and Privacy); Dave (Jing) Tian (Purdue University); Adam Bates (University of Illinois at Urbana-Champaign)
MP-SPDZ: A Versatile Framework for Multi-Party Computation
Marcel Keller (CSIRO's Data61)
Is the Classical GMW Paradigm Practical? The Case of Non-Interactive Actively Secure 2PC
Jackson Abascal (Carnegie Mellon University); Carmit Hazay (Bar-Ilan University); Mohammad Hossein Faghihi Sereshgi (University of Rochester); Yuval Ishai (Technion); Muthuramakrishnan Venkitasubramaniam (University of Rochester)
Ferret: Fast Extension for Correlated OT with Small Communication
Kang Yang (State Key Laboratory of Cryptology); Chenkai Weng (Northwestern University); Xiao Lan (Sichuan University); Jiang Zhang (State Key Laboratory of Cryptology); Xiao Wang (Northwestern University)
More Efficient MPC from Improved Triple Generation and Authenticated Garbling
Kang Yang (State Key Laboratory of Cryptology); Xiao Wang (Northwestern University); Jiang Zhang (State Key Laboratory of Cryptology)
Mitigation of Attacks on Email End-to-End Encryption
Jörg Schwenk (Ruhr University Bochum); Marcus Brinkmann (Ruhr University Bochum); Damian Poddebniak (Münster University of Applied Sciences); Jens Müller (Ruhr University Bochum); Juraj Somorovsky (Paderborn University);
Sebastian Schinzel (Münster University of Applied Sciences)
Impersonation-as-a-Service: Characterizing the Emerging Criminal Infrastructure for User Impersonation at Scale
Michele Campobasso (Eindhoven University of Technology); Luca Allodi (Eindhoven University of Technology)
VisualPhishNet: Zero-Day Phishing Website Detection by Visual Similarity
Sahar Abdelnabi (CISPA Helmholtz Center for Information Security); Katharina Krombholz (CISPA Helmholtz Center for Information Security); Mario Fritz (CISPA Helmholtz Center for Information Security)
Dangerous Skills Got Certified: Measuring the Trustworthiness of Skill Certification in Voice Personal Assistant Platforms
Long Cheng (Clemson University); Christin Wilson (Clemson University); Song Liao (Clemson University); Jeffrey Alan Young (Clemson University); Daniel Dong (Clemson University); Hongxin Hu (Clemson University)
MuSig-DN: Schnorr Multi-Signatures with Verifiably Deterministic Nonces
Jonas Nick (Blockstream); Tim Ruffing (Blockstream); Yannick Seurin (ANSSI, France); Pieter Wuille (Blockstream)
Verifiable Timed Signatures Made Practical
Sri AravindaKrishnan Thyagarajan (Friedrich Alexander Universität Erlangen-Nürnberg); Adithya Bhat (Purdue University); Giulio Malavolta (UC Berkeley); Nico Döttling (CISPA Helmholtz Center for Information Security); Aniket Kate
(Purdue University); Dominique Schröder (Friedrich-Alexander Universität Erlangen-Nürnberg)
Asynchronous Distributed Key Generation for Computationally Secure Randomness, Consensus, and Threshold Signatures
Eleftherios Kokoris Kogias (Novi and IST Austria); Dahlia Malkhi (Novi); Alexander Spiegelman (Novi)
UC Non-Interactive, Proactive, Threshold ECDSA with Identifiable Aborts
Ran Canetti (Boston University); Rosario Gennaro (City College, CUNY); Steven Goldfeder (Cornell Tech); Nikolaos Makriyannis (Fireblocks); Udi Peled (Fireblocks)
A Generic Technique for Automatically Finding Defense-Aware Code Reuse Attacks
Edward J. Schwartz (Carnegie Mellon University); Stephanie M. Schwartz (Millersville University); Cory Cohen (Carnegie Mellon University); Jeff Gennari (Carnegie Mellon University)
Methodologies for Quantifying (Re-)randomization Security and Timing under JIT-ROP
Md Salman Ahmed (Virginia Tech, Dept of Computer Science); Ya Xiao (Virginia Tech, Dept of Computer Science); Kevin Z. Snow (Zeropoint Dynamics); Gang Tan (Penn State University); Fabian Monrose (University of North
Carolina-Chapel Hill); Danfeng (Daphne) Yao (Virginia Tech, Dept of Computer Science)
Finding Cracks in Shields: On the Security of Control Flow Integrity Mechanisms
Yuan Li (Tsinghua University); Mingzhe Wang (Tsinghua University); Chao Zhang (Tsinghua University); Xingman Chen (Tsinghua University); Songtao Yang (Tsinghua University); Ying Liu (Tsinghua University)
RTFM! Automatic Assumption Discovery and Verification Derivation from Library Document for API Misuse Detection
Tao Lv (SKLOIS, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China; School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China); Ruishi Li (SKLOIS, Institute of Information
Engineering, Chinese Academy of Sciences, Beijing, China; School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China); Yi Yang (SKLOIS, Institute of Information Engineering, Chinese Academy of Sciences,
Beijing, China; School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China); Kai Chen (SKLOIS, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China; School of Cyber Security,
University of Chinese Academy of Sciences, Beijing, China); Xiaojing Liao (Indiana University Bloomington); XiaoFeng Wang (Indiana University Bloomington); Peiwei Hu (SKLOIS, Institute of Information Engineering, Chinese Academy of
Sciences, Beijing, China; School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China); Luyi Xing (Indiana University Bloomington)
InSpectre: Breaking and Fixing Microarchitectural Vulnerabilities by Formal Analysis
Roberto Guanciale (KTH Royal Institute of Technology); Musard Balliu (KTH Royal Institute of Technology); Mads Dam (KTH Royal Institute of Technology)
Speculative Probing: Hacking Blind in the Spectre Era
Enes Goktas (Stevens Institute of Technology); Kaveh Razavi (ETH Zurich); Georgios Portokalidis (Stevens Institute of Technology); Herbert Bos (Vrije Universiteit Amsterdam); Cristiano Giuffrida (Vrije Universiteit Amsterdam)
Deja Vu: Side-Channel Analysis of Mozilla's NSS
Sohaib ul Hassan (Tampere University); Iaroslav Gridin (Tampere University); Ignacio M. Delgado-Lozano (Tampere University); Cesar Pereida García (Tampere University); Jesús-Javier Chi-Domínguez (Tampere University); Alejandro
Cabrera Aldaya (Tampere University); Billy Bob Brumley (Tampere University)
TRUSTORE: Side-Channel Resistant Storage for SGX using Intel Hybrid CPU-FPGA
Hyunyoung Oh (Seoul National University); Adil Ahmad (Purdue University); Seonghyun Park (Seoul National University); Byoungyoung Lee (Seoul National University); Yunheung Paek (Seoul National University)
Session 6D: Web Security
Session Chair: Adam Doupé (Arizona State University)
DECO: Liberating Web Data Using Decentralized Oracles for TLS
Fan Zhang (Cornell); Sai Krishna Deepak Maram (Cornell Tech); Harjasleen Malvai (Cornell University); Steven Goldfeder (Cornell Tech); Ari Juels (Jacobs Institute, Cornell Tech)
Talking with Familiar Strangers: An Empirical Study on HTTPS Context Confusion Attacks
Mingming Zhang (Institute for Network Sciences and Cyberspace, Tsinghua University); Xiaofeng Zheng (Institute for Network Sciences and Cyberspace, Tsinghua University; QiAnXin Technology Research Institute.); Kaiwen Shen
(Institute for Network Sciences and Cyberspace, Tsinghua University); Ziqiao Kong (QiAnXin Technology Research Institute); Chaoyi Lu (Institute for Network Sciences and Cyberspace, Tsinghua University); Yu Wang (Institute for
Network Sciences and Cyberspace, Tsinghua University); Haixin Duan (Institute for Network Sciences and Cyberspace, Tsinghua University; QiAnXin Technology Research Institute.); Shuang Hao (University of Texas at Dallas); Baojun Liu
(Department of Computer Science and Technology, Tsinghua University); Min Yang (Fudan University)
The Cookie Hunter: Automated Black-box Auditing for Web Authentication and Authorization Flaws
Kostas Drakonakis (FORTH); Sotiris Ioannidis (Technical University of Crete, Greece); Jason Polakis (University of Illinois at Chicago)
TrafficSliver: Fighting Website Fingerprinting Attacks with Traffic Splitting
Wladimir De la Cadena (University of Luxembourg); Asya Mitseva (Brandenburg University of Technology); Jens Hiller (RWTH Aachen University); Jan Pennekamp (RWTH Aachen University); Sebastian Reuter (RWTH Aachen University);
Julian Filter (RWTH Aachen University); Klaus Wehrle (RWTH Aachen University); Thomas Engel (University of Luxembourg); Andriy Panchenko (Brandenburg University of Technology)
Lift-and-Shift: Obtaining Simulation Extractable Subversion and Updatable SNARKs Generically
Behzad Abdolmaleki (University of Tartu); Sebastian Ramacher (AIT Austrian Institute of Technology); Daniel Slamanig (AIT Austrian Institute of Technology)
Pointproofs: Aggregating Proofs for Multiple Vector Commitments
Sergey Gorbunov (University of Waterloo); Leonid Reyzin (Algorand and Boston University); Hoeteck Wee (CNRS, ENS, PSL, and NTT Research); Zhenfei Zhang (Algorand)
PPE Circuits: Formal Definition to Software Automation
Susan Hohenberger (Johns Hopkins University); Satyanarayana Vusirikala (University of Texas at Austin); Brent Waters (University of Texas at Austin and NTT Research)
Threshold Password-Hardened Encryption Services
Julian Brost (Friedrich-Alexander-University); Christoph Egger (Friedrich-Alexander-University); Russell Lai (Friedrich-Alexander-University); Fritz Schmid (Friedrich-Alexander-University); Dominique Schröder
(Friedrich-Alexander-University); Markus Zoppelt (Nuremberg Institute of Technology)
Minimal Symmetric PAKE and 1-out-of-N OT from Programmable-Once Public Functions
Ian McQuoid (Oregon State University); Mike Rosulek (Oregon State University); Lance Roy (Oregon State University)
Full Database Reconstruction in Two Dimensions
Francesca Falzon (University of Chicago); Evangelia Anna Markatou (Brown University); Akshima (University of Chicago); David Cash (University of Chicago); Adam Rivkin (University of Chicago); Jesse Stern (University of Chicago);
Roberto Tamassia (Brown University)