ACM Conference on Computer and Communications Security

CCS 2017 - Authors

List of Accepted Papers · Institutions

Authors of papers accepted to the 24th ACM Conference on Computer and Communications Security

Gunes Acar (KU Leuven)
Rebekah Overdorf, Marc Juarez, Gunes Acar, Rachel Greenstadt, Claudia Diaz. How Unique is Your .onion? An Analysis of the Fingerprintability of Tor Onion Services [Artifact]
Yasemin Acar (Leibniz University Hannover)
Duc Cuong Nguyen, Dominik Wermke, Yasemin Acar, Michael Backes, Charles Weir, Sascha Fahl. A Stitch in Time: Supporting Android Developers in Writing Secure Code
Erik Derr, Sven Bugiel, Sascha Fahl, Yasemin Acar, Michael Backes. Keep me Updated: An Empirical Study of Third-Party Library Updatability on Android [Paper] [Artifact]
Mustafa Emre Acer (Google)
Mustafa Emre Acer, Emily Stark, Adrienne Porter Felt, Sascha Fahl, Radhika Bhargava, Bhanu Dev, Matt Braithwaite, Ryan Sleevi, Parisa Tabriz. Where the Wild Warnings Are: Root Causes of Chrome HTTPS Certificate Errors
Shashank Agrawal (Visa Research)
Shashank Agrawal, Melissa Chase. FAME: Fast Attribute-based Message Encryption [Paper] [Artifact]
Shweta Agrawal (IIT Madras)
Shweta Agrawal, Sanjay Bhattacherjee, Duong Hieu Phan, Damien Stehle, Shota Yamada. Efficient Public Trace-and-Revoke from Standard Assumptions [Paper]
Amjad Aldweesh (Newcastle University)
Changyu Dong, Yilei Wang, Amjad Aldweesh, Patrick McCorry, Aad van Moorsel. Betrayal, Distrust, and Rationality: Smart Counter-Collusion Contracts for Verifiable Cloud Computing [Paper] [Artifact]
Luca Allodi (Eindhoven University of Technology)
Luca Allodi. Economic Factors of Vulnerability Trade and Exploitation: Empirical evidence from a prominent Russian cybercrime market [Paper]
José Bacelar Almeida (HASLab – INESC TEC / Universidade do Minho)
José Bacelar Almeida, Manuel Barbosa, Gilles Barthe, François Dupressoir, Benjamin Grégoire, Vincent Laporte, Vitor Pereira. A Fast and Verified Software Stack for Secure Function Evaluation [Paper] [Artifact]
José Bacelar Almeida, Manuel Barbosa, Gilles Barthe, Arthur Blot, Benjamin Grégoire, Vincent Laporte, Tiago Oliveira, Hugo Pacheco, Benedikt Schmidt, Pierre-Yves Strub. Jasmin: High-Assurance and High-Speed Cryptography [Artifact]
Joel Alwen (IST Austria)
Joel Alwen, Jeremiah Blocki, Ben Harsha. Practical Graphs for Optimal Side-Channel Resistant Memory-Hard Functions [Paper] [Artifact]
Miguel Ambrona (IMDEA Software Institute / Universidad Politécnica de Madrid)
Miguel Ambrona, Gilles Barthe, Romain Gay, Hoeteck Wee. Attribute-Based Encryption in the Generic Group Model: Automated Proofs and New Constructions
Scott Ames (University of Rochester)
Scott Ames, Carmit Hazay, Yuval Ishai, Muthuramakrishnan Venkitasubramaniam. Ligero: Lightweight Sublinear Arguments Without a Trusted Setup
Dennis Andriesse (Vrije Universiteit Amsterdam)
Victor van der Veen, Dennis Andriesse, Manolis Stamatogiannakis, Xi Chen, Herbert Bos, Cristiano Giuffrida. The Dynamics of Innocent Flesh on the Bone: Code Reuse Ten Years Later [Paper] [Artifact]
Manos Antonakakis (Georgia Institute of Technology)
Panagiotis Kintis, Najmeh Miramirkhani, Charles Lever, Yizheng Chen, Rosa Romero-Gómez, Nikolaos Pitropakis, Nick Nikiforakis, Manos Antonakakis. Hiding in Plain Sight: A Longitudinal Study of Combosquatting Abuse [Paper]
Yizheng Chen, Yacin Nadji, Athanasios Kountouras, Fabian Monrose, Roberto Perdisci, Manos Antonakakis, Nikolaos Vasiloglou. Practical Attacks Against Graph-based Clustering [Paper]
Andrew W. Appel (Princeton University)
Katherine Q. Ye, Matthew Green, Naphat Sanguansin, Lennart Beringer, Adam Petcher, Andrew W. Appel. Verified Correctness and Security of mbedTLS HMAC-DRBG [Paper] [Artifact]
Owen Arden (University of California, Santa Cruz)
Lucas Waye, Pablo Buiras, Owen Arden, Alejandro Russo, Stephen Chong. Cryptographically Secure Information Flow Control on Key-Value Stores [Paper]
Ethan Cecchetti, Andrew Myers, Owen Arden. Nonmalleable Information Flow Control
Mohammed Ashraf (New York University)
Muhammad Yasin, Abhrajit Sengupta, Mohammed Thari Nabeel, Mohammed Ashraf, Jeyavijayan (JV) Rajendran, Ozgur Sinanoglu. Provably-Secure Logic Locking: From Theory To Practice
N. Asokan (Aalto University)
Jian Liu, Mika Juuti, Yao Lu, N. Asokan. Oblivious Neural Network Predictions via MiniONN transformations [Paper]
Giuseppe Ateniese (Stevens Institute of Technology)
Briland Hitaj, Giuseppe Ateniese, Fernando Perez-Cruz. Deep Models Under the GAN: Information Leakage from Collaborative Deep Learning [Paper]
Adam J. Aviv (United States Naval Academy)
Daniel S. Roche, Adam J. Aviv, Seung Geol Choi, Travis Mayberry. Deterministic, Stash-Free Write-Only ORAM [Paper] [Artifact]
Marcel Böhme (National University of Singapore)
Marcel Böhme, Van-Thuan Pham, Manh-Dung Nguyen, Abhik Roychoudhury. Directed Greybox Fuzzing [Paper] [Artifact]
Rainer Böhme (Innsbruck University)
Samaneh Tajalizadehkhoob, Tom van Goethem, Maciej Korczyński, Arman Noroozian, Rainer Böhme, Tyler Moore, Wouter Joosen, Michel van Eeten. Herding Vulnerable Cats: A Statistical Approach to Disentangle Joint Responsibility for Web Security in Shared Hosting [Paper]
Michael Backes (CISPA, Saarland University)
Duc Cuong Nguyen, Dominik Wermke, Yasemin Acar, Michael Backes, Charles Weir, Sascha Fahl. A Stitch in Time: Supporting Android Developers in Writing Secure Code
Giancarlo Pellegrino, Martin Johns, Simon Koch, Michael Backes, Christian Rossow. Deemon: Detecting CSRF with Dynamic Analysis and Property Graphs [Paper]
Erik Derr, Sven Bugiel, Sascha Fahl, Yasemin Acar, Michael Backes. Keep me Updated: An Empirical Study of Third-Party Library Updatability on Android [Paper] [Artifact]
Jie Huang, Oliver Schranz, Sven Bugiel, Michael Backes. The ART of App Compartmentalization: Compiler-based Library Privilege Separation on Stock Android
Michael Backes, Mathias Humbert, Jun Pang, Yang Zhang. walk2friends: Inferring Social Links from Mobility Profiles [Paper] [Artifact]
Xiaolong Bai (Tsinghua University)
Tongxin Li, Xueqiang Wang, Mingming Zha, Kai Chen, XiaoFeng Wang, Luyi Xing, Xiaolong Bai, Nan Zhang, Xinhui Han. Unleashing the Walking Dead: Understanding Cross-App Remote Infections on Mobile WebViews
Manuel Barbosa (HASLab – INESC TEC / DCC FC Universidade do Porto)
José Bacelar Almeida, Manuel Barbosa, Gilles Barthe, François Dupressoir, Benjamin Grégoire, Vincent Laporte, Vitor Pereira. A Fast and Verified Software Stack for Secure Function Evaluation [Paper] [Artifact]
José Bacelar Almeida, Manuel Barbosa, Gilles Barthe, Arthur Blot, Benjamin Grégoire, Vincent Laporte, Tiago Oliveira, Hugo Pacheco, Benedikt Schmidt, Pierre-Yves Strub. Jasmin: High-Assurance and High-Speed Cryptography [Artifact]
Jake Barrett (Google)
Kurt Thomas, Frank Li, Ali Zand, Jake Barrett, Juri Ranieri, Luca Invernizzi, Yarik Markov, Oxana Comanescu, Vijay Eranti, Angelika Moscicki, Dan Margolis, Vern Paxson, Elie Bursztein. Data breaches, phishing, or malware? Understanding the risks of stolen credentials
Timothy Barron (Stony Brook University)
Thomas Vissers, Timothy Barron, Tom Van Goethem, Wouter Joosen, Nick Nikiforakis. The Wolf of Name Street: Hijacking Domains Through Their Nameservers [Paper]
Gilles Barthe (IMDEA Software Institute)
José Bacelar Almeida, Manuel Barbosa, Gilles Barthe, François Dupressoir, Benjamin Grégoire, Vincent Laporte, Vitor Pereira. A Fast and Verified Software Stack for Secure Function Evaluation [Paper] [Artifact]
Miguel Ambrona, Gilles Barthe, Romain Gay, Hoeteck Wee. Attribute-Based Encryption in the Generic Group Model: Automated Proofs and New Constructions
José Bacelar Almeida, Manuel Barbosa, Gilles Barthe, Arthur Blot, Benjamin Grégoire, Vincent Laporte, Tiago Oliveira, Hugo Pacheco, Benedikt Schmidt, Pierre-Yves Strub. Jasmin: High-Assurance and High-Speed Cryptography [Artifact]
Lujo Bauer (Carnegie Mellon University)
Sarah Pearman, Jeremy Thomas, Pardis Emami Naeini, Hana Habib, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, Serge Egelman, Alain Forget. Let’s go in for a closer look: Observing passwords in their natural habitat
Mihir Bellare (University of California, San Diego)
Mihir Bellare, Joseph Jaeger, Julia Len. Better Than Advertised: Improved Collision-Resistance Guarantees for MD-Based Hash Functions
Mihir Bellare, Wei Dai. Defending Against Key Exfiltration: Efficiency Improvements for Big-Key Cryptography via Large-Alphabet Subkey Prediction
Mihir Bellare, Viet Tung Hoang. Identity-Based Format-Preserving Encryption
Lennart Beringer (Princeton University)
Katherine Q. Ye, Matthew Green, Naphat Sanguansin, Lennart Beringer, Adam Petcher, Andrew W. Appel. Verified Correctness and Security of mbedTLS HMAC-DRBG [Paper] [Artifact]
Sebastian Berndt (University of Luebeck)
Sebastian Berndt, Maciej Liskiewicz. Algorithm Substitution Attacks from a Steganographic Perspective [Paper]
Benjamin Beurdouche (Inria Paris)
Jean-Karim Zinzindohoué and Karthikeyan Bhargavan, Jonathan Protzenko, Benjamin Beurdouche. HACL: A Verified Modern Cryptographic Library [Paper] [Artifact]
Radhika Bhargava (Purdue University)
Mustafa Emre Acer, Emily Stark, Adrienne Porter Felt, Sascha Fahl, Radhika Bhargava, Bhanu Dev, Matt Braithwaite, Ryan Sleevi, Parisa Tabriz. Where the Wild Warnings Are: Root Causes of Chrome HTTPS Certificate Errors
Jean-Karim Zinzindohoué and Karthikeyan Bhargavan (Inria Paris)
Jean-Karim Zinzindohoué and Karthikeyan Bhargavan, Jonathan Protzenko, Benjamin Beurdouche. HACL: A Verified Modern Cryptographic Library [Paper] [Artifact]
Sanjay Bhattacherjee (Turing Lab, ASU, ISI Kolkata)
Shweta Agrawal, Sanjay Bhattacherjee, Duong Hieu Phan, Damien Stehle, Shota Yamada. Efficient Public Trace-and-Revoke from Standard Assumptions [Paper]
Pan Bian (Renmin University of China)
Wei You, Peiyuan Zong, Kai Chen, XiaoFeng Wang, Xiaojing Liao, Pan Bian, Bin Liang. SemFuzz: Semantics-based Automatic Generation of Proof-of-Concept Exploits
Ashish Bijlani (Georgia Institute of Technology)
Ruian Duan, Ashish Bijlani, Meng Xu, Taesoo Kim, Wenke Lee. Checking Open-Source License Violation and 1-day Security Risk at Large Scale
Leyla Bilge (Symantec Research Labs)
Leyla Bilge, Yufei Han, Matteo Dell’Amico. Predicting the Risk of Cyber Incidents
Vincent Bindschaedler (University of Illinois at Urbana-Champaign)
Wenhao Wang, Guoxing Chen, Xiaorui Pan, Yinqian Zhang, XiaoFeng Wang, Vincent Bindschaedler, Haixu Tang, Carl A. Gunter. Leaky Cauldron on the Dark Land: Understanding Memory Side-Channel Hazards in SGX
Priyam Biswas (Purdue University)
Yuseok Jeon, Priyam Biswas, Scott Carr, Byoungyoung Lee, Mathias Payer. HexType: Efficient Detection of Type Confusion Errors for C++
Jeremiah Blocki (Purdue University)
Joel Alwen, Jeremiah Blocki, Ben Harsha. Practical Graphs for Optimal Side-Channel Resistant Memory-Hard Functions [Paper] [Artifact]
Arthur Blot (ENS Lyon)
José Bacelar Almeida, Manuel Barbosa, Gilles Barthe, Arthur Blot, Benjamin Grégoire, Vincent Laporte, Tiago Oliveira, Hugo Pacheco, Benedikt Schmidt, Pierre-Yves Strub. Jasmin: High-Assurance and High-Speed Cryptography [Artifact]
Andrew J. Blumberg (University of Texas at Austin)
Riad S. Wahby, Ye Ji, Andrew J. Blumberg, abhi shelat, Justin Thaler, Michael Walfish, Thomas Wies. Full accounting for verifiable outsourcing [Paper]
Christian Boit (Technische Universität Berlin)
Shahin Tajik, Heiko Lohrke, Jean-Pierre Seifert, Christian Boit. On the Power of Optical Contactless Probing: Attacking Bitstream Encryption of FPGAs [Paper]
Keith Bonawitz (Google)
Keith Bonawitz, Vladimir Ivanov, Ben Kreuter, Antonio Marcedone, H. Brendan McMahan, Sarvar Patel, Daniel Ramage, Aaron Segal, Karn Seth. Practical Secure Aggregation for Privacy-Preserving Machine Learning [Paper]
Dan Boneh (Stanford University)
Ben Fisch, Dhinakaran Vinayagamurthy, Dan Boneh, Sergey Gorbunov. Iron: Functional Encryption using Intel SGX [Paper]
Dmitry Kogan, Nathan Manohar, Dan Boneh. T/Key: Second-Factor Authentication From Secure Hash Chains [Paper]
Herbert Bos (Vrije Universiteit Amsterdam)
Victor van der Veen, Dennis Andriesse, Manolis Stamatogiannakis, Xi Chen, Herbert Bos, Cristiano Giuffrida. The Dynamics of Innocent Flesh on the Bone: Code Reuse Ten Years Later [Paper] [Artifact]
Raphael Bost (Direction Générale de l’Armement - Maitrise de l’Information / Université de Rennes 1)
Raphael Bost, Brice Minaud, Olga Ohrimenko. Forward and Backward Private Searchable Encryption from Constrained Cryptographic Primitives [Paper] [Artifact]
Elette Boyle (IDC Herzliya)
Elette Boyle, Geoffroy Couteau, Niv Gilboa, Yuval Ishai, Michele Orru. Homomorphic Secret Sharing: Optimizations and Applications [Artifact]
Matt Braithwaite (Google)
Mustafa Emre Acer, Emily Stark, Adrienne Porter Felt, Sascha Fahl, Radhika Bhargava, Bhanu Dev, Matt Braithwaite, Ryan Sleevi, Parisa Tabriz. Where the Wild Warnings Are: Root Causes of Chrome HTTPS Certificate Errors
Leon Groot Bruinderink (Technische Universiteit Eindhoven)
Peter Pessl, Leon Groot Bruinderink, Yuval Yarom. To BLISS-B or not to be - Attacking strongSwan’s Implementation of Post-Quantum Signatures [Paper]
Sven Bugiel (CISPA, Saarland University)
Erik Derr, Sven Bugiel, Sascha Fahl, Yasemin Acar, Michael Backes. Keep me Updated: An Empirical Study of Third-Party Library Updatability on Android [Paper] [Artifact]
Jie Huang, Oliver Schranz, Sven Bugiel, Michael Backes. The ART of App Compartmentalization: Compiler-based Library Privilege Separation on Stock Android
Pablo Buiras (Harvard University)
Lucas Waye, Pablo Buiras, Owen Arden, Alejandro Russo, Stephen Chong. Cryptographically Secure Information Flow Control on Key-Value Stores [Paper]
Elie Bursztein (Google)
Kurt Thomas, Frank Li, Ali Zand, Jake Barrett, Juri Ranieri, Luca Invernizzi, Yarik Markov, Oxana Comanescu, Vijay Eranti, Angelika Moscicki, Dan Margolis, Vern Paxson, Elie Bursztein. Data breaches, phishing, or malware? Understanding the risks of stolen credentials
Kevin Butler (University of Florida)
Grant Hernandez, Farhaan Fowze, Dave (Jing) Tian, Tuba Yavuz, Kevin Butler. FirmUSB: Vetting USB Device Firmware using Domain Informed Symbolic Execution [Paper]
Jan Camenisch (IBM Research - Zürich)
Jan Camenisch, Manu Drijvers, Maria Dubovitskaya. Practical UC-Secure Delegatable Credentials with Attributes and Their Application to Blockchain
Matteo Campanelli (City College of New York)
Matteo Campanelli, Rosario Gennaro, Steven Goldfeder, Luca Nizzardo. Zero-Knowledge Contingent Payments Revisited: Attacks and Payments for Services [Paper] [Artifact]
Yinzhi Cao (Lehigh University)
Yinzhi Cao, Zhanhao Chen, Song Li, Shujiang Wu. Deterministic Browser [Paper] [Artifact]
Yulong Cao (University of Michigan)
Qi Alfred Chen, Matthew Thomas, Eric Osterweil, Yulong Cao, Jie You, Z. Morley Mao. Client-side Name Collision Vulnerability in the New gTLD Era: A Systematic Study
Brent Carmer (Oregon State University / Galois, Inc.)
Brent Carmer, Alex J. Malozemoff, Mariana Raykova. 5Gen-C: Multi-input Functional Encryption and Program Obfuscation for Arithmetic Circuits [Artifact]
Scott Carr (Purdue University)
Yuseok Jeon, Priyam Biswas, Scott Carr, Byoungyoung Lee, Mathias Payer. HexType: Efficient Detection of Type Confusion Errors for C++
Darion Cassel (Carnegie Mellon University)
Ruiyu Zhu, Yan Huang, Darion Cassel. Pool: Scalable On-Demand Secure Computation Service Against Malicious Adversaries
Ethan Cecchetti (Cornell University)
Ethan Cecchetti, Andrew Myers, Owen Arden. Nonmalleable Information Flow Control
Ethan Cecchetti, Fan Zhang, Yan Ji, Ahmed Kosba, Ari Juels, Elaine Shi. Solidus: Confidential Distributed Ledger Transactions via PVORM [Paper]
Andrea Cerulli (University College London)
Vasilios Mavroudis, Andrea Cerulli, Petr Svenda, Dan Cvrcek, Dusan Klinec, George Danezis. A Touch of Evil: High-Assurance Cryptographic Hardware from Untrusted Components [Artifact]
Sang Kil Cha (KAIST)
HyungSeok Han, Sang Kil Cha. IMF: Inferred Model-based Fuzzer [Artifact]
Nishanth Chandran (Microsoft Research India)
Nishanth Chandran, Juan Garay, Payman Mohassel, Satyanarayana Vusirikala. Efficient, Constant-Round and Actively Secure MPC: Beyond the Three-Party Case [Paper]
Ee-Chien Chang (National University of Singapore)
Hung Dang, Yue Huang, Ee-Chien Chang. Evading Classifiers by Morphing in the Dark
Melissa Chase (Microsoft Research)
Shashank Agrawal, Melissa Chase. FAME: Fast Attribute-based Message Encryption [Paper] [Artifact]
Melissa Chase, David Derler, Steven Goldfeder, Claudio Orlandi, Sebastian Ramacher, Christian Rechberger, Daniel Slamanig, Greg Zaverucha. Post-Quantum Zero-Knowledge and Signatures from Symmetric-Key Primitives
Rahul Chatterjee (Cornell Tech)
Rahul Chatterjee, Joanne Woodage, Yuval Pnueli, Anusha Chowdhury, Thomas Ristenpart. The TypTop System: Personalized Typo-tolerant Password Checking [Paper] [Artifact]
Bo Chen (Michigan Technological University)
Shijie Jia, Luning Xia, Bo Chen, Peng Liu. DEFTL: Implementing Plausibly Deniable Encryption in Flash Translation Layer
Guoxing Chen (The Ohio State University)
Wenhao Wang, Guoxing Chen, Xiaorui Pan, Yinqian Zhang, XiaoFeng Wang, Vincent Bindschaedler, Haixu Tang, Carl A. Gunter. Leaky Cauldron on the Dark Land: Understanding Memory Side-Channel Hazards in SGX
Hao Chen (Microsoft Research)
Hao Chen, Kim Laine, Peter Rindal. Fast Private Set Intersection from Homomorphic Encryption [Paper]
Hao Chen (University of California, Davis)
Dongyu Meng, Hao Chen. MagNet: a Two-Pronged Defense against Adversarial Examples [Paper]
Jia Chen (University of Texas at Austin)
Jia Chen, Yu Feng, Isil Dillig. Precise Detection of Side-Channel Vulnerabilities using Quantitative Cartesian Hoare Logic
Kai Chen (Chinese Academy of Sciences)
Tongxin Li, Xueqiang Wang, Mingming Zha, Kai Chen, XiaoFeng Wang, Luyi Xing, Xiaolong Bai, Nan Zhang, Xinhui Han. Unleashing the Walking Dead: Understanding Cross-App Remote Infections on Mobile WebViews
Kai Chen (Chinese Academy of Sciences, Institute of Information Engineering)
Wei You, Peiyuan Zong, Kai Chen, XiaoFeng Wang, Xiaojing Liao, Pan Bian, Bin Liang. SemFuzz: Semantics-based Automatic Generation of Proof-of-Concept Exploits
Kai Chen (University of Chinese Academy of Sciences)
Yi Chen, Wei You, Yeonjoon Lee, Kai Chen, XiaoFeng Wang, Wei Zou. Mass Discovery of Android Traffic Imprints through Instantiated Partial Execution
Qi Alfred Chen (University of Michigan)
Qi Alfred Chen, Matthew Thomas, Eric Osterweil, Yulong Cao, Jie You, Z. Morley Mao. Client-side Name Collision Vulnerability in the New gTLD Era: A Systematic Study
Sanchuan Chen (The Ohio State University)
Yuan Xiao, Mengyuan Li, Sanchuan Chen, Yinqian Zhang. Stacco: Differentially Analyzing Side-Channel Traces for Detecting SSL/TLS Vulnerabilities in Secure Enclaves [Paper]
Xi Chen (Vrije Universiteit Amsterdam / Microsoft)
Victor van der Veen, Dennis Andriesse, Manolis Stamatogiannakis, Xi Chen, Herbert Bos, Cristiano Giuffrida. The Dynamics of Innocent Flesh on the Bone: Code Reuse Ten Years Later [Paper] [Artifact]
Yan Chen (Duke University)
Yan Chen, Ashwin Machanavajjhala, Michael Hay, Gerome Miklau. PeGaSus: Data-Adaptive Differentially Private Stream Processing
Yi Chen (University of Chinese Academy of Sciences)
Yi Chen, Wei You, Yeonjoon Lee, Kai Chen, XiaoFeng Wang, Wei Zou. Mass Discovery of Android Traffic Imprints through Instantiated Partial Execution
Yingying Chen (Rutgers University)
Jian Liu, Chen Wang, Yingying Chen, Nitesh Saxena. VibWrite: Towards Finger-input Authentication on Ubiquitous Surfaces via Physical Vibration
Yizheng Chen (Georgia Institute of Technology)
Panagiotis Kintis, Najmeh Miramirkhani, Charles Lever, Yizheng Chen, Rosa Romero-Gómez, Nikolaos Pitropakis, Nick Nikiforakis, Manos Antonakakis. Hiding in Plain Sight: A Longitudinal Study of Combosquatting Abuse [Paper]
Yizheng Chen, Yacin Nadji, Athanasios Kountouras, Fabian Monrose, Roberto Perdisci, Manos Antonakakis, Nikolaos Vasiloglou. Practical Attacks Against Graph-based Clustering [Paper]
Zhanhao Chen (Lehigh University)
Yinzhi Cao, Zhanhao Chen, Song Li, Shujiang Wu. Deterministic Browser [Paper] [Artifact]
Animesh Chhotaray (University of Florida)
Animesh Chhotaray, Adib Nahiyan, Thomas Shrimpton, Domenic J Forte, Mark Tehranipoor. Standardizing Bad Cryptographic Practice - A teardown of the IEEE standard for protecting electronic-design intellectual property
Kyong-Tak Cho (University of Michigan)
Kyong-Tak Cho, Kang G. Shin. Viden: Attacker Identification on In-Vehicle Networks [Paper]
Seung Geol Choi (United States Naval Academy)
Daniel S. Roche, Adam J. Aviv, Seung Geol Choi, Travis Mayberry. Deterministic, Stash-Free Write-Only ORAM [Paper] [Artifact]
Stephen Chong (Harvard University)
Lucas Waye, Pablo Buiras, Owen Arden, Alejandro Russo, Stephen Chong. Cryptographically Secure Information Flow Control on Key-Value Stores [Paper]
Arka Rai Choudhuri (Johns Hopkins University)
Arka Rai Choudhuri, Matthew Green, Abhishek Jain, Gabriel Kaptchuk, Ian Miers. Fairness in an Unfair World: Fair Multiparty Computation from Public Bulletin Boards
Anusha Chowdhury (Cornell University)
Rahul Chatterjee, Joanne Woodage, Yuval Pnueli, Anusha Chowdhury, Thomas Ristenpart. The TypTop System: Personalized Typo-tolerant Password Checking [Paper] [Artifact]
Nicolas Christin (Carnegie Mellon University)
Sarah Pearman, Jeremy Thomas, Pardis Emami Naeini, Hana Habib, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, Serge Egelman, Alain Forget. Let’s go in for a closer look: Observing passwords in their natural habitat
Daren B.H. Cline (Texas A&M University)
Zain Shamsi, Daren B.H. Cline, Dmitri Loguinov. Faulds: A Non-Parametric Iterative Classifier for Internet-Wide OS Fingerprinting [Paper]
Oxana Comanescu (Google)
Kurt Thomas, Frank Li, Ali Zand, Jake Barrett, Juri Ranieri, Luca Invernizzi, Yarik Markov, Oxana Comanescu, Vijay Eranti, Angelika Moscicki, Dan Margolis, Vern Paxson, Elie Bursztein. Data breaches, phishing, or malware? Understanding the risks of stolen credentials
Jake Corina (University of California, Santa Barbara)
Jake Corina, Aravind Machiry, Christopher Salls, Yan Shoshitaishvili, Shuang Hao, Christopher Kruegel, Giovanni Vigna. DIFUZE:Interface Aware Fuzzing for Kernel Drivers [Artifact]
Véronique Cortier (Loria, CNRS / Inria)
Véronique Cortier, Niklas Grimm, Joseph Lallemand, Matteo Maffei. A Type System for Privacy Properties [Paper] [Artifact]
Geoffroy Couteau (ENS, Paris)
Elette Boyle, Geoffroy Couteau, Niv Gilboa, Yuval Ishai, Michele Orru. Homomorphic Secret Sharing: Optimizations and Applications [Artifact]
Lorrie Faith Cranor (Carnegie Mellon University)
Sarah Pearman, Jeremy Thomas, Pardis Emami Naeini, Hana Habib, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, Serge Egelman, Alain Forget. Let’s go in for a closer look: Observing passwords in their natural habitat
Cas Cremers (University of Oxford)
Cas Cremers, Marko Horvat, Jonathan Hoyland, Sam Scott, Thyla van der Merwe. A Comprehensive Symbolic Analysis of TLS 1.3 [Paper] [Artifact]
Corey Crosser (University of Texas at San Antonio)
Sam Silvestro, Hongyu Liu, Corey Crosser, Zhiqiang Lin, Tongping Liu. FreeGuard: A Faster Secure Heap Allocator [Artifact]
Jenna Cryan (University of Chicago)
Yuanshun Yao, Bimal Viswanath, Jenna Cryan, Haitao Zheng, Ben Y. Zhao. Automated Crowdturfing Attacks and Defenses in Online Review Systems [Paper]
Jinhua Cui (Singapore Management University)
Zhangkai Zhang, Xuhua Ding, Gene Tsudik, Jinhua Cui, Zhoujun Li. Presence Attestation: The Missing Link In Dynamic Trust Bootstrapping
Dan Cvrcek (EnigmaBridge)
Vasilios Mavroudis, Andrea Cerulli, Petr Svenda, Dan Cvrcek, Dusan Klinec, George Danezis. A Touch of Evil: High-Assurance Cryptographic Hardware from Untrusted Components [Artifact]
Nico Döttling (University of California, Berkeley)
Nico Döttling, Satrajit Ghosh, Jesper Buus Nielsen, Tobias Nilges, Roberto Trifiletti. TinyOLE: Efficient Actively Secure Two-Party Computation from Oblivious Linear Function Evaluation
Wei Dai (University of California, San Diego)
Mihir Bellare, Wei Dai. Defending Against Key Exfiltration: Efficiency Improvements for Big-Key Cryptography via Large-Alphabet Subkey Prediction
George Danezis (University College London)
Vasilios Mavroudis, Andrea Cerulli, Petr Svenda, Dan Cvrcek, Dusan Klinec, George Danezis. A Touch of Evil: High-Assurance Cryptographic Hardware from Untrusted Components [Artifact]
Hung Dang (National University of Singapore)
Hung Dang, Yue Huang, Ee-Chien Chang. Evading Classifiers by Morphing in the Dark
Anastasia Danilova (University of Bonn)
Alena Naiakshina, Anastasia Danilova, Christian Tiefenau, Marco Herzog, Sergej Dechand, Matthew Smith. Why Do Developers Get Password Storage Wrong? A Qualitative Usability Study [Paper]
Anupam Datta (Carnegie Mellon University)
Anupam Datta, Matthew Fredrikson, Gihyuk Ko, Piotr Mardziel, Shayak Sen. Use Privacy in Data-Driven Systems: Theory and Experiments with Machine Learnt Programs [Paper] [Artifact]
Sergej Dechand (University of Bonn)
Alena Naiakshina, Anastasia Danilova, Christian Tiefenau, Marco Herzog, Sergej Dechand, Matthew Smith. Why Do Developers Get Password Storage Wrong? A Qualitative Usability Study [Paper]
Matteo Dell’Amico (Symantec Research Labs)
Leyla Bilge, Yufei Han, Matteo Dell’Amico. Predicting the Risk of Cyber Incidents
David Derler (Graz University of Technology)
Melissa Chase, David Derler, Steven Goldfeder, Claudio Orlandi, Sebastian Ramacher, Christian Rechberger, Daniel Slamanig, Greg Zaverucha. Post-Quantum Zero-Knowledge and Signatures from Symmetric-Key Primitives
Erik Derr (CISPA, Saarland University)
Erik Derr, Sven Bugiel, Sascha Fahl, Yasemin Acar, Michael Backes. Keep me Updated: An Empirical Study of Third-Party Library Updatability on Android [Paper] [Artifact]
Bhanu Dev (International Institute of Information Technology Hyderabad)
Mustafa Emre Acer, Emily Stark, Adrienne Porter Felt, Sascha Fahl, Radhika Bhargava, Bhanu Dev, Matt Braithwaite, Ryan Sleevi, Parisa Tabriz. Where the Wild Warnings Are: Root Causes of Chrome HTTPS Certificate Errors
Srinivas Devadas (Massachusetts Institute of Technology)
Pramod Subramanyan, Rohit Sinha, Ilia Lebedev, Srinivas Devadas, Sanjit Seshia. A Formal Foundation for Secure Remote Execution of Enclaves [Paper] [Artifact]
Claudia Diaz (KU Leuven)
Rebekah Overdorf, Marc Juarez, Gunes Acar, Rachel Greenstadt, Claudia Diaz. How Unique is Your .onion? An Analysis of the Fingerprintability of Tor Onion Services [Artifact]
Isil Dillig (University of Texas at Austin)
Jia Chen, Yu Feng, Isil Dillig. Precise Detection of Side-Channel Vulnerabilities using Quantitative Cartesian Hoare Logic
Xuhua Ding (Singapore Management University)
Zhangkai Zhang, Xuhua Ding, Gene Tsudik, Jinhua Cui, Zhoujun Li. Presence Attestation: The Missing Link In Dynamic Trust Bootstrapping
Jack Doerner (Northeastern University)
Jack Doerner, abhi shelat. Scaling ORAM for Secure Computation [Paper] [Artifact]
Changyu Dong (Newcastle University)
Changyu Dong, Yilei Wang, Amjad Aldweesh, Patrick McCorry, Aad van Moorsel. Betrayal, Distrust, and Rationality: Smart Counter-Collusion Contracts for Verifiable Cloud Computing [Paper] [Artifact]
Evan Downing (Georgia Institute of Technology)
Yang Ji, Sangho Lee, Evan Downing, Weiren Wang, Mattia Fazzini, Taesoo Kim, Alessandro Orso, Wenke Lee. RAIN: Refinable Attack Investigation with On-demand Inter-Process Information Flow Tracking
Lukas Dresel (University of California, Santa Barbara)
Yan Shoshitaishvili, Michael Weissbacher, Lukas Dresel, Christopher Salls, Ruoyu Wang, Christopher Kruegel, Giovanni Vigna. Rise of the HaCRS: Augmenting Autonomous Cyber Reasoning Systems with Human Assistance
Manu Drijvers (IBM Research - Zürich / ETH Zürich)
Jan Camenisch, Manu Drijvers, Maria Dubovitskaya. Practical UC-Secure Delegatable Credentials with Attributes and Their Application to Blockchain
Kun Du (Tsinghua University)
Daiping Liu, Zhou Li, Kun Du, Haining Wang, Baojun Liu, Haixin Duan. Don’t Let One Rotten Apple Spoil the Whole Barrel: Towards Automated Detection of Shadowed Domains
Min Du (University of Utah)
Min Du, Feifei Li, Guineng Zheng, Vivek Srikumar. DeepLog: Anomaly Detection and Diagnosis from System Logs through Deep Learning
Haixin Duan (Tsinghua University)
Daiping Liu, Zhou Li, Kun Du, Haining Wang, Baojun Liu, Haixin Duan. Don’t Let One Rotten Apple Spoil the Whole Barrel: Towards Automated Detection of Shadowed Domains
Ruian Duan (Georgia Institute of Technology)
Ruian Duan, Ashish Bijlani, Meng Xu, Taesoo Kim, Wenke Lee. Checking Open-Source License Violation and 1-day Security Risk at Large Scale
Maria Dubovitskaya (IBM Research - Zürich)
Jan Camenisch, Manu Drijvers, Maria Dubovitskaya. Practical UC-Secure Delegatable Credentials with Attributes and Their Application to Blockchain
Tudor Dumitraş  (University of Maryland)
Doowon Kim, Bum Jun Kwon, Tudor Dumitraş . Certified Malware: Measuring Breaches of Trust in the Windows Code-Signing PKI
François Dupressoir (University of Surrey)
José Bacelar Almeida, Manuel Barbosa, Gilles Barthe, François Dupressoir, Benjamin Grégoire, Vincent Laporte, Vitor Pereira. A Fast and Verified Software Stack for Secure Function Evaluation [Paper] [Artifact]
Michel van Eeten (Delft University of Technology)
Samaneh Tajalizadehkhoob, Tom van Goethem, Maciej Korczyński, Arman Noroozian, Rainer Böhme, Tyler Moore, Wouter Joosen, Michel van Eeten. Herding Vulnerable Cats: A Statistical Approach to Disentangle Joint Responsibility for Web Security in Shared Hosting [Paper]
Serge Egelman (University of California, Berkeley)
Sarah Pearman, Jeremy Thomas, Pardis Emami Naeini, Hana Habib, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, Serge Egelman, Alain Forget. Let’s go in for a closer look: Observing passwords in their natural habitat
Vijay Eranti (Google)
Kurt Thomas, Frank Li, Ali Zand, Jake Barrett, Juri Ranieri, Luca Invernizzi, Yarik Markov, Oxana Comanescu, Vijay Eranti, Angelika Moscicki, Dan Margolis, Vern Paxson, Elie Bursztein. Data breaches, phishing, or malware? Understanding the risks of stolen credentials
Thomas Espitau (UPMC)
Thomas Espitau, Pierre-Alain Fouque, Benoït Gérard, Mehdi Tibouchi. Side-Channel Attacks on BLISS Lattice-Based Signatures: Exploiting Branch Tracing Against strongSwan and Electromagnetic Emanations in Microcontrollers [Paper] [Artifact]
Sriharsha Etigowni (Rutgers University)
Yi Han, Sriharsha Etigowni, Hua Liu, Saman Zonouz, Athina Petropulu. Watch Me, but Don’t Touch Me! Contactless Control Flow Monitoring via Electromagnetic Emanations [Paper]
Sascha Fahl (Leibniz University Hannover)
Duc Cuong Nguyen, Dominik Wermke, Yasemin Acar, Michael Backes, Charles Weir, Sascha Fahl. A Stitch in Time: Supporting Android Developers in Writing Secure Code
Erik Derr, Sven Bugiel, Sascha Fahl, Yasemin Acar, Michael Backes. Keep me Updated: An Empirical Study of Third-Party Library Updatability on Android [Paper] [Artifact]
Mustafa Emre Acer, Emily Stark, Adrienne Porter Felt, Sascha Fahl, Radhika Bhargava, Bhanu Dev, Matt Braithwaite, Ryan Sleevi, Parisa Tabriz. Where the Wild Warnings Are: Root Causes of Chrome HTTPS Certificate Errors
Mattia Fazzini (Georgia Institute of Technology)
Yang Ji, Sangho Lee, Evan Downing, Weiren Wang, Mattia Fazzini, Taesoo Kim, Alessandro Orso, Wenke Lee. RAIN: Refinable Attack Investigation with On-demand Inter-Process Information Flow Tracking
Adrienne Porter Felt (Google)
Mustafa Emre Acer, Emily Stark, Adrienne Porter Felt, Sascha Fahl, Radhika Bhargava, Bhanu Dev, Matt Braithwaite, Ryan Sleevi, Parisa Tabriz. Where the Wild Warnings Are: Root Causes of Chrome HTTPS Certificate Errors
Qian Feng (Samsung Research America)
Xiaojun Xu, Chang Liu, Qian Feng, Heng Yin, Le Song, Dawn Song. Neural Network-based Graph Embedding for Cross-Platform Binary Code Similarity Detection [Paper]
Yu Feng (University of Texas at Austin)
Jia Chen, Yu Feng, Isil Dillig. Precise Detection of Side-Channel Vulnerabilities using Quantitative Cartesian Hoare Logic
Ellis Fenske (Tulane University)
Ellis Fenske, Akshaya Mani, Aaron Johnson, Micah Sherr. Distributed Measurement with Private Set-Union Cardinality
José Fernandez (École Polytechnique de Montréal)
Shirin Nilizadeh, François Labrèche, Alireza Sadighian, Ali Zand, José Fernandez, Christopher Kruegel, Gianluca Stringhini, Giovanni Vigna. POISED: Spotting Twitter Spam Off the Beaten Paths
Bernd Finkbeiner (CISPA, Saarland University)
Bernd Finkbeiner, Christian Müller, Helmut Seidl, Eugen Zalinescu. Verifying Security Policies in Multi-agent Workflows with Loops [Paper] [Artifact]
Ben Fisch (Stanford University)
Ben Fisch, Dhinakaran Vinayagamurthy, Dan Boneh, Sergey Gorbunov. Iron: Functional Encryption using Intel SGX [Paper]
Cheryl Flynn (AT&T Labs-Research)
Xi He, Ashwin Machanavajjhala, Cheryl Flynn, Divesh Srivastava. Composing Differential Privacy and Secure Computation: A case study on scaling private record linkage [Paper]
Alain Forget (Google)
Sarah Pearman, Jeremy Thomas, Pardis Emami Naeini, Hana Habib, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, Serge Egelman, Alain Forget. Let’s go in for a closer look: Observing passwords in their natural habitat
Domenic J Forte (University of Florida)
Animesh Chhotaray, Adib Nahiyan, Thomas Shrimpton, Domenic J Forte, Mark Tehranipoor. Standardizing Bad Cryptographic Practice - A teardown of the IEEE standard for protecting electronic-design intellectual property
Pierre-Alain Fouque (Université de Rennes 1)
Thomas Espitau, Pierre-Alain Fouque, Benoït Gérard, Mehdi Tibouchi. Side-Channel Attacks on BLISS Lattice-Based Signatures: Exploiting Branch Tracing Against strongSwan and Electromagnetic Emanations in Microcontrollers [Paper] [Artifact]
Farhaan Fowze (University of Florida)
Grant Hernandez, Farhaan Fowze, Dave (Jing) Tian, Tuba Yavuz, Kevin Butler. FirmUSB: Vetting USB Device Firmware using Domain Informed Symbolic Execution [Paper]
Tommaso Frassetto (Technische Universität Darmstadt)
Tommaso Frassetto, David Gens, Christopher Liebchen, Ahmad-Reza Sadeghi. JITGuard: Hardening Just-in-time Compilers with SGX [Paper]
Matthew Fredrikson (Carnegie Mellon University)
Anupam Datta, Matthew Fredrikson, Gihyuk Ko, Piotr Mardziel, Shayak Sen. Use Privacy in Data-Driven Systems: Theory and Experiments with Machine Learnt Programs [Paper] [Artifact]
Benoït Gérard (DGA.MI)
Thomas Espitau, Pierre-Alain Fouque, Benoït Gérard, Mehdi Tibouchi. Side-Channel Attacks on BLISS Lattice-Based Signatures: Exploiting Branch Tracing Against strongSwan and Electromagnetic Emanations in Microcontrollers [Paper] [Artifact]
Alexander Gamero-Garrido (University of California, San Diego)
Alexander Gamero-Garrido, Stefan Savage, Kirill Levchenko, Alex C. Snoeren. Quantifying the Pressure of Legal Risks on Third-party Vulnerability Research [Paper] [Artifact]
Juan Garay (Texas A&M University)
Nishanth Chandran, Juan Garay, Payman Mohassel, Satyanarayana Vusirikala. Efficient, Constant-Round and Actively Secure MPC: Beyond the Three-Party Case [Paper]
Romain Gay (ENS, Paris)
Miguel Ambrona, Gilles Barthe, Romain Gay, Hoeteck Wee. Attribute-Based Encryption in the Generic Group Model: Automated Proofs and New Constructions
Timon Gehr (ETH Zürich)
Martin Kucera, Petar Tsankov, Timon Gehr, Marco Guarnieri, Martin Vechev. Synthesis of Probabilistic Privacy Enforcement [Artifact]
Daniel Genkin (University of Pennsylvania / University of Maryland)
Daniel Genkin, Luke Valenta, Yuval Yarom. May the Fourth Be With You: A Microarchitectural Side Channel Attack on Several Real-World Applications of Curve25519 [Paper]
Rosario Gennaro (City College of New York)
Matteo Campanelli, Rosario Gennaro, Steven Goldfeder, Luca Nizzardo. Zero-Knowledge Contingent Payments Revisited: Attacks and Payments for Services [Paper] [Artifact]
David Gens (Technische Universität Darmstadt)
Tommaso Frassetto, David Gens, Christopher Liebchen, Ahmad-Reza Sadeghi. JITGuard: Hardening Just-in-time Compilers with SGX [Paper]
Arthur Gervais (ETH Zürich)
Rami Khalil, Arthur Gervais. Revive: Rebalancing Off-Blockchain Payment Networks [Artifact]
Satrajit Ghosh (Aarhus University)
Nico Döttling, Satrajit Ghosh, Jesper Buus Nielsen, Tobias Nilges, Roberto Trifiletti. TinyOLE: Efficient Actively Secure Two-Party Computation from Oblivious Linear Function Evaluation
Niv Gilboa (Ben Gurion University)
Elette Boyle, Geoffroy Couteau, Niv Gilboa, Yuval Ishai, Michele Orru. Homomorphic Secret Sharing: Optimizations and Applications [Artifact]
Cristiano Giuffrida (Vrije Universiteit Amsterdam)
Victor van der Veen, Dennis Andriesse, Manolis Stamatogiannakis, Xi Chen, Herbert Bos, Cristiano Giuffrida. The Dynamics of Innocent Flesh on the Bone: Code Reuse Ten Years Later [Paper] [Artifact]
Tom Van Goethem (KU Leuven, imec-DistriNet)
Thomas Vissers, Timothy Barron, Tom Van Goethem, Wouter Joosen, Nick Nikiforakis. The Wolf of Name Street: Hijacking Domains Through Their Nameservers [Paper]
Tom van Goethem (KU Leuven, imec-DistriNet)
Samaneh Tajalizadehkhoob, Tom van Goethem, Maciej Korczyński, Arman Noroozian, Rainer Böhme, Tyler Moore, Wouter Joosen, Michel van Eeten. Herding Vulnerable Cats: A Statistical Approach to Disentangle Joint Responsibility for Web Security in Shared Hosting [Paper]
Steven Goldfeder (Princeton University)
Melissa Chase, David Derler, Steven Goldfeder, Claudio Orlandi, Sebastian Ramacher, Christian Rechberger, Daniel Slamanig, Greg Zaverucha. Post-Quantum Zero-Knowledge and Signatures from Symmetric-Key Primitives
Matteo Campanelli, Rosario Gennaro, Steven Goldfeder, Luca Nizzardo. Zero-Knowledge Contingent Payments Revisited: Attacks and Payments for Services [Paper] [Artifact]
Sergey Gorbunov (University of Waterloo)
Ben Fisch, Dhinakaran Vinayagamurthy, Dan Boneh, Sergey Gorbunov. Iron: Functional Encryption using Intel SGX [Paper]
Benjamin Grégoire (INRIA Sophia-Antipolis)
José Bacelar Almeida, Manuel Barbosa, Gilles Barthe, François Dupressoir, Benjamin Grégoire, Vincent Laporte, Vitor Pereira. A Fast and Verified Software Stack for Secure Function Evaluation [Paper] [Artifact]
Benjamin Grégoire (Inria)
José Bacelar Almeida, Manuel Barbosa, Gilles Barthe, Arthur Blot, Benjamin Grégoire, Vincent Laporte, Tiago Oliveira, Hugo Pacheco, Benedikt Schmidt, Pierre-Yves Strub. Jasmin: High-Assurance and High-Speed Cryptography [Artifact]
Matthew Green (Johns Hopkins University)
Matthew Green, Ian Miers. Bolt: Anonymous Payment Channels for Decentralized Currencies
Arka Rai Choudhuri, Matthew Green, Abhishek Jain, Gabriel Kaptchuk, Ian Miers. Fairness in an Unfair World: Fair Multiparty Computation from Public Bulletin Boards
Katherine Q. Ye, Matthew Green, Naphat Sanguansin, Lennart Beringer, Adam Petcher, Andrew W. Appel. Verified Correctness and Security of mbedTLS HMAC-DRBG [Paper] [Artifact]
Rachel Greenstadt (Drexel University)
Rebekah Overdorf, Marc Juarez, Gunes Acar, Rachel Greenstadt, Claudia Diaz. How Unique is Your .onion? An Analysis of the Fingerprintability of Tor Onion Services [Artifact]
Niklas Grimm (TU Wien)
Véronique Cortier, Niklas Grimm, Joseph Lallemand, Matteo Maffei. A Type System for Privacy Properties [Paper] [Artifact]
Samuel Groß  (SAP SE)
Sebastian Lekies, Krzysztof Kotowicz, Samuel Groß , Eduardo Vela, Martin Johns. Code-reuse attacks for the Web: Breaking Cross-Site Scripting Mitigations via Script Gadgets
Jorge Guajardo (Robert Bosch Research and Technology Center)
Thang Hoang, Ceyhun D. Ozkaptan, Attila A. Yavuz, Jorge Guajardo, Tam Nguyen. S3ORAM: A Computation-Efficient and Constant Client Bandwidth Blowup ORAM with Shamir Secret Sharing [Paper] [Artifact]
Marco Guarnieri (ETH Zürich)
Martin Kucera, Petar Tsankov, Timon Gehr, Marco Guarnieri, Martin Vechev. Synthesis of Probabilistic Privacy Enforcement [Artifact]
Shay Gueron (Haifa University / AWS)
Shay Gueron, Yehuda Lindell. Better Bounds for Block Cipher Modes of Operation via Nonce-Based Key Derivation [Paper]
Carl A. Gunter (University of Illinois at Urbana-Champaign)
Wenhao Wang, Guoxing Chen, Xiaorui Pan, Yinqian Zhang, XiaoFeng Wang, Vincent Bindschaedler, Haixu Tang, Carl A. Gunter. Leaky Cauldron on the Dark Land: Understanding Memory Side-Channel Hazards in SGX
Hana Habib (Carnegie Mellon University)
Sarah Pearman, Jeremy Thomas, Pardis Emami Naeini, Hana Habib, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, Serge Egelman, Alain Forget. Let’s go in for a closer look: Observing passwords in their natural habitat
Syed Mahbub Hafiz (Indiana University)
Syed Mahbub Hafiz, Ryan Henry. Querying for Queries: Indexes of Queries for Efficient and Expressive IT-PIR [Paper]
Shai Halevi (IBM)
Shai Halevi, Tzipora Halevi, Victor Shoup, Noah Stephens-Davidowitz. Implementing BP-Obfuscation Using Graph-Induced Encoding [Paper]
Tzipora Halevi (IBM)
Shai Halevi, Tzipora Halevi, Victor Shoup, Noah Stephens-Davidowitz. Implementing BP-Obfuscation Using Graph-Induced Encoding [Paper]
Kevin Hamlen (University of Texas at Dallas)
Wenhao Wang, Xiaoyang Xu, Kevin Hamlen. Object Flow Integrity
HyungSeok Han (KAIST)
HyungSeok Han, Sang Kil Cha. IMF: Inferred Model-based Fuzzer [Artifact]
Xinhui Han (Peking University)
Tongxin Li, Xueqiang Wang, Mingming Zha, Kai Chen, XiaoFeng Wang, Luyi Xing, Xiaolong Bai, Nan Zhang, Xinhui Han. Unleashing the Walking Dead: Understanding Cross-App Remote Infections on Mobile WebViews
Yi Han (Rutgers University)
Yi Han, Sriharsha Etigowni, Hua Liu, Saman Zonouz, Athina Petropulu. Watch Me, but Don’t Touch Me! Contactless Control Flow Monitoring via Electromagnetic Emanations [Paper]
Yufei Han (Symantec Research Labs)
Leyla Bilge, Yufei Han, Matteo Dell’Amico. Predicting the Risk of Cyber Incidents
Shuang Hao (University of Texas at Dallas)
Jake Corina, Aravind Machiry, Christopher Salls, Yan Shoshitaishvili, Shuang Hao, Christopher Kruegel, Giovanni Vigna. DIFUZE:Interface Aware Fuzzing for Kernel Drivers [Artifact]
Ben Harsha (Purdue University)
Joel Alwen, Jeremiah Blocki, Ben Harsha. Practical Graphs for Optimal Side-Channel Resistant Memory-Hard Functions [Paper] [Artifact]
Gunnar Hartung (Karlsruhe Institute of Technology)
Gunnar Hartung, Max Hoffmann, Matthias Nagel, Andy Rupp. BBA+: Improving the Security and Applicability of Privacy-Preserving Point Collection
Michael Hay (Colgate University)
Yan Chen, Ashwin Machanavajjhala, Michael Hay, Gerome Miklau. PeGaSus: Data-Adaptive Differentially Private Stream Processing
Carmit Hazay (Bar-Ilan University)
Scott Ames, Carmit Hazay, Yuval Ishai, Muthuramakrishnan Venkitasubramaniam. Ligero: Lightweight Sublinear Arguments Without a Trusted Setup
Xi He (Duke University)
Xi He, Ashwin Machanavajjhala, Cheryl Flynn, Divesh Srivastava. Composing Differential Privacy and Secure Computation: A case study on scaling private record linkage [Paper]
Yi He (Tsinghua University)
Lingguang Lei, Yi He, Kun Sun, Jiwu Jing, Yuewu Wang, Qi Li, Jian Weng. Vulnerable Implicit Service: A Revisit
Ryan Henry (Indiana University)
Syed Mahbub Hafiz, Ryan Henry. Querying for Queries: Indexes of Queries for Efficient and Expressive IT-PIR [Paper]
Grant Hernandez (University of Florida)
Grant Hernandez, Farhaan Fowze, Dave (Jing) Tian, Tuba Yavuz, Kevin Butler. FirmUSB: Vetting USB Device Firmware using Domain Informed Symbolic Execution [Paper]
Gottfried Herold (ENS Lyon)
Gottfried Herold, Max Hoffmann, Michael Klooß , Carla Ràfols, Andy Rupp. New Techniques for Structural Batch Verification in Bilinear Groups with Applications to Groth-Sahai Proofs [Paper]
Marco Herzog (University of Bonn)
Alena Naiakshina, Anastasia Danilova, Christian Tiefenau, Marco Herzog, Sergej Dechand, Matthew Smith. Why Do Developers Get Password Storage Wrong? A Qualitative Usability Study [Paper]
Briland Hitaj (Stevens Institute of Technology)
Briland Hitaj, Giuseppe Ateniese, Fernando Perez-Cruz. Deep Models Under the GAN: Information Leakage from Collaborative Deep Learning [Paper]
Thang Hoang (Oregon State University)
Thang Hoang, Ceyhun D. Ozkaptan, Attila A. Yavuz, Jorge Guajardo, Tam Nguyen. S3ORAM: A Computation-Efficient and Constant Client Bandwidth Blowup ORAM with Shamir Secret Sharing [Paper] [Artifact]
Viet Tung Hoang (Florida State University)
Mihir Bellare, Viet Tung Hoang. Identity-Based Format-Preserving Encryption
Max Hoffmann (Ruhr-Universität Bochum)
Gunnar Hartung, Max Hoffmann, Matthias Nagel, Andy Rupp. BBA+: Improving the Security and Applicability of Privacy-Preserving Point Collection
Gottfried Herold, Max Hoffmann, Michael Klooß , Carla Ràfols, Andy Rupp. New Techniques for Structural Batch Verification in Bilinear Groups with Applications to Groth-Sahai Proofs [Paper]
Nima Honarmand (Stony Brook University)
Meng Luo, Oleksii Starov, Nima Honarmand, Nick Nikiforakis. Hindsight: Understanding the Evolution of UI Vulnerabilities in Mobile Browsers
Marko Horvat (The Max Planck Institute For Software Systems)
Cas Cremers, Marko Horvat, Jonathan Hoyland, Sam Scott, Thyla van der Merwe. A Comprehensive Symbolic Analysis of TLS 1.3 [Paper] [Artifact]
Amir Houmansadr (University of Massachusetts Amherst)
Milad Nasr, Amir Houmansadr, Arya Mazumdar. Compressive Traffic Analysis: A New Paradigm for Scalable Traffic Analysis [Paper]
Milad Nasr, Hadi Zolfaghari, Amir Houmansadr. The Waterfall of Liberty: Decoy Routing Circumvention that Resists Routing Attacks
Jonathan Hoyland (Royal Holloway, University of London)
Cas Cremers, Marko Horvat, Jonathan Hoyland, Sam Scott, Thyla van der Merwe. A Comprehensive Symbolic Analysis of TLS 1.3 [Paper] [Artifact]
Jian Huang (Georgia Institute of Technology)
Jian Huang, Jun Xu, Xinyu Xing, Peng Liu, Moinuddin K. Qureshi. FlashGuard: Leveraging Intrinsic Flash Properties to Defend Against Encryption Ransomware
Jie Huang (CISPA, Saarland University)
Jie Huang, Oliver Schranz, Sven Bugiel, Michael Backes. The ART of App Compartmentalization: Compiler-based Library Privilege Separation on Stock Android
Yan Huang (Indiana University)
Ruiyu Zhu, Yan Huang, Darion Cassel. Pool: Scalable On-Demand Secure Computation Service Against Malicious Adversaries
Yue Huang (National University of Singapore)
Hung Dang, Yue Huang, Ee-Chien Chang. Evading Classifiers by Morphing in the Dark
Mathias Humbert (Swiss Data Science Center, ETH/EPFL)
Michael Backes, Mathias Humbert, Jun Pang, Yang Zhang. walk2friends: Inferring Social Links from Mobility Profiles [Paper] [Artifact]
Luca Invernizzi (Google)
Kurt Thomas, Frank Li, Ali Zand, Jake Barrett, Juri Ranieri, Luca Invernizzi, Yarik Markov, Oxana Comanescu, Vijay Eranti, Angelika Moscicki, Dan Margolis, Vern Paxson, Elie Bursztein. Data breaches, phishing, or malware? Understanding the risks of stolen credentials
Yuval Ishai (Technion / University of California, Los Angeles)
Elette Boyle, Geoffroy Couteau, Niv Gilboa, Yuval Ishai, Michele Orru. Homomorphic Secret Sharing: Optimizations and Applications [Artifact]
Scott Ames, Carmit Hazay, Yuval Ishai, Muthuramakrishnan Venkitasubramaniam. Ligero: Lightweight Sublinear Arguments Without a Trusted Setup
Mohammad A. Islam (University of California, Riverside)
Mohammad A. Islam, Shaolei Ren, Adam Wierman. Exploiting a Thermal Side Channel for Power Attacks in Multi-Tenant Data Centers
Vladimir Ivanov (Google)
Keith Bonawitz, Vladimir Ivanov, Ben Kreuter, Antonio Marcedone, H. Brendan McMahan, Sarvar Patel, Daniel Ramage, Aaron Segal, Karn Seth. Practical Secure Aggregation for Privacy-Preserving Machine Learning [Paper]
Joseph Jaeger (University of California, San Diego)
Mihir Bellare, Joseph Jaeger, Julia Len. Better Than Advertised: Improved Collision-Resistance Guarantees for MD-Based Hash Functions
Trent Jaeger (The Pennsylvania State University)
Shen Liu, Gang Tan, Trent Jaeger. PtrSplit: Supporting general pointers in automatic program partitioning
Abhishek Jain (Johns Hopkins University)
Arka Rai Choudhuri, Matthew Green, Abhishek Jain, Gabriel Kaptchuk, Ian Miers. Fairness in an Unfair World: Fair Multiparty Computation from Public Bulletin Boards
Suman Jana (Columbia University)
Theofilos Petsios, Jason Zhao, Angelos D. Keromytis, Suman Jana. SlowFuzz: Automated Domain-Independent Detection of Algorithmic Complexity Vulnerabilities [Paper]
Yuseok Jeon (Purdue University)
Yuseok Jeon, Priyam Biswas, Scott Carr, Byoungyoung Lee, Mathias Payer. HexType: Efficient Detection of Type Confusion Errors for C++
Xiaoyu Ji (Zhejiang University)
Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang, Taimin Zhang, Wenyuan Xu. DolphinAttack: Inaudible Voice Commands [Paper]
Yan Ji (Cornell University)
Ethan Cecchetti, Fan Zhang, Yan Ji, Ahmed Kosba, Ari Juels, Elaine Shi. Solidus: Confidential Distributed Ledger Transactions via PVORM [Paper]
Yang Ji (Georgia Institute of Technology)
Yang Ji, Sangho Lee, Evan Downing, Weiren Wang, Mattia Fazzini, Taesoo Kim, Alessandro Orso, Wenke Lee. RAIN: Refinable Attack Investigation with On-demand Inter-Process Information Flow Tracking
Ye Ji (New York University)
Riad S. Wahby, Ye Ji, Andrew J. Blumberg, abhi shelat, Justin Thaler, Michael Walfish, Thomas Wies. Full accounting for verifiable outsourcing [Paper]
Shijie Jia (Chinese Academy of Sciences, Institute of Information Engineering)
Shijie Jia, Luning Xia, Bo Chen, Peng Liu. DEFTL: Implementing Plausibly Deniable Encryption in Flash Translation Layer
Jiwu Jing (Chinese Academy of Sciences, Institute of Information Engineering)
Lingguang Lei, Yi He, Kun Sun, Jiwu Jing, Yuewu Wang, Qi Li, Jian Weng. Vulnerable Implicit Service: A Revisit
Martin Johns (SAP SE)
Sebastian Lekies, Krzysztof Kotowicz, Samuel Groß , Eduardo Vela, Martin Johns. Code-reuse attacks for the Web: Breaking Cross-Site Scripting Mitigations via Script Gadgets
Giancarlo Pellegrino, Martin Johns, Simon Koch, Michael Backes, Christian Rossow. Deemon: Detecting CSRF with Dynamic Analysis and Property Graphs [Paper]
Aaron Johnson (U.S. Naval Research Lab)
Ellis Fenske, Akshaya Mani, Aaron Johnson, Micah Sherr. Distributed Measurement with Private Set-Union Cardinality
Wouter Joosen (KU Leuven, imec-DistriNet)
Samaneh Tajalizadehkhoob, Tom van Goethem, Maciej Korczyński, Arman Noroozian, Rainer Böhme, Tyler Moore, Wouter Joosen, Michel van Eeten. Herding Vulnerable Cats: A Statistical Approach to Disentangle Joint Responsibility for Web Security in Shared Hosting [Paper]
Thomas Vissers, Timothy Barron, Tom Van Goethem, Wouter Joosen, Nick Nikiforakis. The Wolf of Name Street: Hijacking Domains Through Their Nameservers [Paper]
Marc Juarez (KU Leuven)
Rebekah Overdorf, Marc Juarez, Gunes Acar, Rachel Greenstadt, Claudia Diaz. How Unique is Your .onion? An Analysis of the Fingerprintability of Tor Onion Services [Artifact]
Ari Juels (Cornell Tech, Jacobs Institute)
Ethan Cecchetti, Fan Zhang, Yan Ji, Ahmed Kosba, Ari Juels, Elaine Shi. Solidus: Confidential Distributed Ledger Transactions via PVORM [Paper]
Mika Juuti (Aalto University)
Jian Liu, Mika Juuti, Yao Lu, N. Asokan. Oblivious Neural Network Predictions via MiniONN transformations [Paper]
Chris Kanich (University of Illinois at Chicago)
Peter Snyder, Cynthia Taylor, Chris Kanich. Most Websites Don’t Need to Vibrate: A Cost-Benefit Approach to Improving Browser Security [Paper]
Murat Kantarcioglu (University of Texas at Dallas)
Fahad Shaon, Murat Kantarcioglu, Zhiqiang Lin, Latifur Khan. A Practical Encrypted Data Analytic Framework With Trusted Processors
Gabriel Kaptchuk (Johns Hopkins University)
Arka Rai Choudhuri, Matthew Green, Abhishek Jain, Gabriel Kaptchuk, Ian Miers. Fairness in an Unfair World: Fair Multiparty Computation from Public Bulletin Boards
Sanidhya Kashyap (Georgia Institute of Technology)
Wen Xu, Sanidhya Kashyap, Changwoo Min, Taesoo Kim. Designing New Operating Primitives to Improve Fuzzing Performance
Aniket Kate (Purdue University)
Giulio Malavolta, Pedro Moreno-Sanchez, Aniket Kate, Matteo Maffei, Srivatsan Ravi. Concurrency and Privacy with Payment-Channel Networks [Paper]
Jonathan Katz (University of Maryland)
Xiao Wang, Samuel Ranellucci, Jonathan Katz. Authenticated Garbling and Efficient Maliciously Secure Two-Party Computation [Paper] [Artifact]
Xiao Wang, Samuel Ranellucci, Jonathan Katz. Global-Scale Secure Multiparty Computation [Paper] [Artifact]
Angelos D. Keromytis (Columbia University)
Theofilos Petsios, Jason Zhao, Angelos D. Keromytis, Suman Jana. SlowFuzz: Automated Domain-Independent Detection of Algorithmic Complexity Vulnerabilities [Paper]
Issa Khalil (Qatar Computing Research Institute, Hamad Bin Khalifa University)
Zhan Qin, Yin Yang, Ting Yu, Xiaokui Xiao, Issa Khalil, Kui Ren. Generating Synthetic Decentralized Social Graphs with Local Differential Privacy
Rami Khalil (ETH Zürich)
Rami Khalil, Arthur Gervais. Revive: Rebalancing Off-Blockchain Payment Networks [Artifact]
Latifur Khan (University of Texas at Dallas)
Fahad Shaon, Murat Kantarcioglu, Zhiqiang Lin, Latifur Khan. A Practical Encrypted Data Analytic Framework With Trusted Processors
Dohyun Kim (KAIST)
Yujin Kwon, Dohyun Kim, Yunmok Son, Eugene Vasserman, Yongdae Kim. Be Selfish and Avoid Dilemmas: Fork After Withholding (FAW) Attacks on Bitcoin [Paper]
Doowon Kim (University of Maryland)
Doowon Kim, Bum Jun Kwon, Tudor Dumitraş . Certified Malware: Measuring Breaches of Trust in the Windows Code-Signing PKI
Kee Sung Kim (National Security Research Institute)
Kee Sung Kim, Minkyu Kim, Dongsoo Lee, Je Hong Park, Woo-Hwan Kim. Forward Secure Dynamic Searchable Symmetric Encryption with Efficient Updates
Minkyu Kim (National Security Research Institute)
Kee Sung Kim, Minkyu Kim, Dongsoo Lee, Je Hong Park, Woo-Hwan Kim. Forward Secure Dynamic Searchable Symmetric Encryption with Efficient Updates
Taesoo Kim (Georgia Institute of Technology)
Ruian Duan, Ashish Bijlani, Meng Xu, Taesoo Kim, Wenke Lee. Checking Open-Source License Violation and 1-day Security Risk at Large Scale
Wen Xu, Sanidhya Kashyap, Changwoo Min, Taesoo Kim. Designing New Operating Primitives to Improve Fuzzing Performance
Yang Ji, Sangho Lee, Evan Downing, Weiren Wang, Mattia Fazzini, Taesoo Kim, Alessandro Orso, Wenke Lee. RAIN: Refinable Attack Investigation with On-demand Inter-Process Information Flow Tracking
Woo-Hwan Kim (National Security Research Institute)
Kee Sung Kim, Minkyu Kim, Dongsoo Lee, Je Hong Park, Woo-Hwan Kim. Forward Secure Dynamic Searchable Symmetric Encryption with Efficient Updates
Yongdae Kim (KAIST)
Yujin Kwon, Dohyun Kim, Yunmok Son, Eugene Vasserman, Yongdae Kim. Be Selfish and Avoid Dilemmas: Fork After Withholding (FAW) Attacks on Bitcoin [Paper]
Panagiotis Kintis (Georgia Institute of Technology)
Panagiotis Kintis, Najmeh Miramirkhani, Charles Lever, Yizheng Chen, Rosa Romero-Gómez, Nikolaos Pitropakis, Nick Nikiforakis, Manos Antonakakis. Hiding in Plain Sight: A Longitudinal Study of Combosquatting Abuse [Paper]
Dusan Klinec (EnigmaBridge)
Vasilios Mavroudis, Andrea Cerulli, Petr Svenda, Dan Cvrcek, Dusan Klinec, George Danezis. A Touch of Evil: High-Assurance Cryptographic Hardware from Untrusted Components [Artifact]
Dusan Klinec (Masaryk University / EnigmaBridge)
Matus Nemec, Marek Sys, Petr Svenda, Dusan Klinec, Vashek Matyas. The Return of Coppersmith’s Attack: Practical Factorization of Widely Used RSA Moduli [Artifact]
Michael Klooß  (Karlsruhe Institute of Technology)
Gottfried Herold, Max Hoffmann, Michael Klooß , Carla Ràfols, Andy Rupp. New Techniques for Structural Batch Verification in Bilinear Groups with Applications to Groth-Sahai Proofs [Paper]
Gihyuk Ko (Carnegie Mellon University)
Anupam Datta, Matthew Fredrikson, Gihyuk Ko, Piotr Mardziel, Shayak Sen. Use Privacy in Data-Driven Systems: Theory and Experiments with Machine Learnt Programs [Paper] [Artifact]
Simon Koch (CISPA, Saarland University)
Giancarlo Pellegrino, Martin Johns, Simon Koch, Michael Backes, Christian Rossow. Deemon: Detecting CSRF with Dynamic Analysis and Property Graphs [Paper]
Dmitry Kogan (Stanford University)
Dmitry Kogan, Nathan Manohar, Dan Boneh. T/Key: Second-Factor Authentication From Secure Hash Chains [Paper]
Tadayoshi Kohno (University of Washington)
Ada Lerner, Tadayoshi Kohno, Franziska Roesner. Rewriting History: Changing the Archived Web from the Present [Artifact]
Vladimir Kolesnikov (Bell Labs)
Vladimir Kolesnikov, Jesper Buus Nielsen, Mike Rosulek, Ni Trieu, Roberto Trifiletti. DUPLO: Unifying Cut-and-Choose for Garbled Circuits [Paper] [Artifact]
Vladimir Kolesnikov, Naor Matania, Benny Pinkas, Mike Rosulek, Ni Trieu. Practical Multi-party Private Set Intersection from Symmetric-Key Techniques [Paper] [Artifact]
Maciej Korczyński (Delft University of Technology)
Samaneh Tajalizadehkhoob, Tom van Goethem, Maciej Korczyński, Arman Noroozian, Rainer Böhme, Tyler Moore, Wouter Joosen, Michel van Eeten. Herding Vulnerable Cats: A Statistical Approach to Disentangle Joint Responsibility for Web Security in Shared Hosting [Paper]
David Korczynski (University of Oxford)
David Korczynski, Heng Yin. Capturing Malware Propagations with Code Injections and Code-Reuse attacks
Ahmed Kosba (University of Maryland)
Ethan Cecchetti, Fan Zhang, Yan Ji, Ahmed Kosba, Ari Juels, Elaine Shi. Solidus: Confidential Distributed Ledger Transactions via PVORM [Paper]
Krzysztof Kotowicz (Google)
Sebastian Lekies, Krzysztof Kotowicz, Samuel Groß , Eduardo Vela, Martin Johns. Code-reuse attacks for the Web: Breaking Cross-Site Scripting Mitigations via Script Gadgets
Athanasios Kountouras (Georgia Institute of Technology)
Yizheng Chen, Yacin Nadji, Athanasios Kountouras, Fabian Monrose, Roberto Perdisci, Manos Antonakakis, Nikolaos Vasiloglou. Practical Attacks Against Graph-based Clustering [Paper]
Ben Kreuter (Google)
Keith Bonawitz, Vladimir Ivanov, Ben Kreuter, Antonio Marcedone, H. Brendan McMahan, Sarvar Patel, Daniel Ramage, Aaron Segal, Karn Seth. Practical Secure Aggregation for Privacy-Preserving Machine Learning [Paper]
Christopher Kruegel (University of California, Santa Barbara)
Jake Corina, Aravind Machiry, Christopher Salls, Yan Shoshitaishvili, Shuang Hao, Christopher Kruegel, Giovanni Vigna. DIFUZE:Interface Aware Fuzzing for Kernel Drivers [Artifact]
Shirin Nilizadeh, François Labrèche, Alireza Sadighian, Ali Zand, José Fernandez, Christopher Kruegel, Gianluca Stringhini, Giovanni Vigna. POISED: Spotting Twitter Spam Off the Beaten Paths
Yan Shoshitaishvili, Michael Weissbacher, Lukas Dresel, Christopher Salls, Ruoyu Wang, Christopher Kruegel, Giovanni Vigna. Rise of the HaCRS: Augmenting Autonomous Cyber Reasoning Systems with Human Assistance
Martin Kucera (ETH Zürich)
Martin Kucera, Petar Tsankov, Timon Gehr, Marco Guarnieri, Martin Vechev. Synthesis of Probabilistic Privacy Enforcement [Artifact]
Bum Jun Kwon (University of Maryland)
Doowon Kim, Bum Jun Kwon, Tudor Dumitraş . Certified Malware: Measuring Breaches of Trust in the Windows Code-Signing PKI
Yujin Kwon (KAIST)
Yujin Kwon, Dohyun Kim, Yunmok Son, Eugene Vasserman, Yongdae Kim. Be Selfish and Avoid Dilemmas: Fork After Withholding (FAW) Attacks on Bitcoin [Paper]
François Labrèche (École Polytechnique de Montréal)
Shirin Nilizadeh, François Labrèche, Alireza Sadighian, Ali Zand, José Fernandez, Christopher Kruegel, Gianluca Stringhini, Giovanni Vigna. POISED: Spotting Twitter Spam Off the Beaten Paths
Kim Laine (Microsoft Research)
Hao Chen, Kim Laine, Peter Rindal. Fast Private Set Intersection from Homomorphic Encryption [Paper]
Joseph Lallemand (Loria, CNRS / Inria)
Véronique Cortier, Niklas Grimm, Joseph Lallemand, Matteo Maffei. A Type System for Privacy Properties [Paper] [Artifact]
Vincent Laporte (IMDEA Software Institute)
José Bacelar Almeida, Manuel Barbosa, Gilles Barthe, François Dupressoir, Benjamin Grégoire, Vincent Laporte, Vitor Pereira. A Fast and Verified Software Stack for Secure Function Evaluation [Paper] [Artifact]
José Bacelar Almeida, Manuel Barbosa, Gilles Barthe, Arthur Blot, Benjamin Grégoire, Vincent Laporte, Tiago Oliveira, Hugo Pacheco, Benedikt Schmidt, Pierre-Yves Strub. Jasmin: High-Assurance and High-Speed Cryptography [Artifact]
Ilia Lebedev (Massachusetts Institute of Technology)
Pramod Subramanyan, Rohit Sinha, Ilia Lebedev, Srinivas Devadas, Sanjit Seshia. A Formal Foundation for Secure Remote Execution of Enclaves [Paper] [Artifact]
Byoungyoung Lee (Purdue University)
Yuseok Jeon, Priyam Biswas, Scott Carr, Byoungyoung Lee, Mathias Payer. HexType: Efficient Detection of Type Confusion Errors for C++
Dongsoo Lee (National Security Research Institute)
Kee Sung Kim, Minkyu Kim, Dongsoo Lee, Je Hong Park, Woo-Hwan Kim. Forward Secure Dynamic Searchable Symmetric Encryption with Efficient Updates
Sangho Lee (Georgia Institute of Technology)
Yang Ji, Sangho Lee, Evan Downing, Weiren Wang, Mattia Fazzini, Taesoo Kim, Alessandro Orso, Wenke Lee. RAIN: Refinable Attack Investigation with On-demand Inter-Process Information Flow Tracking
Wenke Lee (Georgia Institute of Technology)
Ruian Duan, Ashish Bijlani, Meng Xu, Taesoo Kim, Wenke Lee. Checking Open-Source License Violation and 1-day Security Risk at Large Scale
Yang Ji, Sangho Lee, Evan Downing, Weiren Wang, Mattia Fazzini, Taesoo Kim, Alessandro Orso, Wenke Lee. RAIN: Refinable Attack Investigation with On-demand Inter-Process Information Flow Tracking
Yeonjoon Lee (Indiana University)
Yi Chen, Wei You, Yeonjoon Lee, Kai Chen, XiaoFeng Wang, Wei Zou. Mass Discovery of Android Traffic Imprints through Instantiated Partial Execution
Lingguang Lei (Chinese Academy of Sciences, Institute of Information Engineering / George Mason University)
Lingguang Lei, Yi He, Kun Sun, Jiwu Jing, Yuewu Wang, Qi Li, Jian Weng. Vulnerable Implicit Service: A Revisit
Sebastian Lekies (Google)
Sebastian Lekies, Krzysztof Kotowicz, Samuel Groß , Eduardo Vela, Martin Johns. Code-reuse attacks for the Web: Breaking Cross-Site Scripting Mitigations via Script Gadgets
Julia Len (University of California, San Diego)
Mihir Bellare, Joseph Jaeger, Julia Len. Better Than Advertised: Improved Collision-Resistance Guarantees for MD-Based Hash Functions
Ada Lerner (Wellesley College)
Ada Lerner, Tadayoshi Kohno, Franziska Roesner. Rewriting History: Changing the Archived Web from the Present [Artifact]
Kirill Levchenko (University of California, San Diego)
Alexander Gamero-Garrido, Stefan Savage, Kirill Levchenko, Alex C. Snoeren. Quantifying the Pressure of Legal Risks on Third-party Vulnerability Research [Paper] [Artifact]
Charles Lever (Georgia Institute of Technology)
Panagiotis Kintis, Najmeh Miramirkhani, Charles Lever, Yizheng Chen, Rosa Romero-Gómez, Nikolaos Pitropakis, Nick Nikiforakis, Manos Antonakakis. Hiding in Plain Sight: A Longitudinal Study of Combosquatting Abuse [Paper]
Feifei Li (University of Utah)
Min Du, Feifei Li, Guineng Zheng, Vivek Srikumar. DeepLog: Anomaly Detection and Diagnosis from System Logs through Deep Learning
Frank Li (University of California, Berkeley)
Frank Li, Vern Paxson. A Large-Scale Empirical Study of Security Patches
Kurt Thomas, Frank Li, Ali Zand, Jake Barrett, Juri Ranieri, Luca Invernizzi, Yarik Markov, Oxana Comanescu, Vijay Eranti, Angelika Moscicki, Dan Margolis, Vern Paxson, Elie Bursztein. Data breaches, phishing, or malware? Understanding the risks of stolen credentials
Mengyuan Li (The Ohio State University)
Yuan Xiao, Mengyuan Li, Sanchuan Chen, Yinqian Zhang. Stacco: Differentially Analyzing Side-Channel Traces for Detecting SSL/TLS Vulnerabilities in Secure Enclaves [Paper]
Qi Li (Tsinghua University)
Lingguang Lei, Yi He, Kun Sun, Jiwu Jing, Yuewu Wang, Qi Li, Jian Weng. Vulnerable Implicit Service: A Revisit
Song Li (Lehigh University)
Yinzhi Cao, Zhanhao Chen, Song Li, Shujiang Wu. Deterministic Browser [Paper] [Artifact]
Tongxin Li (Peking University)
Tongxin Li, Xueqiang Wang, Mingming Zha, Kai Chen, XiaoFeng Wang, Luyi Xing, Xiaolong Bai, Nan Zhang, Xinhui Han. Unleashing the Walking Dead: Understanding Cross-App Remote Infections on Mobile WebViews
Yong Li (Huawei Technologies Düsseldorf)
Yong Li, Sven Schäge. No-Match Attacks and Robust Partnering Definitions – Defining Trivial Attacks for Security Protocols is Not Trivial [Paper]
Zhou Li (ACM Member)
Daiping Liu, Zhou Li, Kun Du, Haining Wang, Baojun Liu, Haixin Duan. Don’t Let One Rotten Apple Spoil the Whole Barrel: Towards Automated Detection of Shadowed Domains
Zhoujun Li (Beihang University)
Zhangkai Zhang, Xuhua Ding, Gene Tsudik, Jinhua Cui, Zhoujun Li. Presence Attestation: The Missing Link In Dynamic Trust Bootstrapping
Bin Liang (Renmin University of China)
Wei You, Peiyuan Zong, Kai Chen, XiaoFeng Wang, Xiaojing Liao, Pan Bian, Bin Liang. SemFuzz: Semantics-based Automatic Generation of Proof-of-Concept Exploits
Xiaojing Liao (William and Mary)
Wei You, Peiyuan Zong, Kai Chen, XiaoFeng Wang, Xiaojing Liao, Pan Bian, Bin Liang. SemFuzz: Semantics-based Automatic Generation of Proof-of-Concept Exploits
Christopher Liebchen (Technische Universität Darmstadt)
Tommaso Frassetto, David Gens, Christopher Liebchen, Ahmad-Reza Sadeghi. JITGuard: Hardening Just-in-time Compilers with SGX [Paper]
Zhiqiang Lin (University of Texas at Dallas)
Fahad Shaon, Murat Kantarcioglu, Zhiqiang Lin, Latifur Khan. A Practical Encrypted Data Analytic Framework With Trusted Processors
Chaoshun Zuo, Qingchuan Zhao, Zhiqiang Lin. AUTHSCOPE: Towards Automatic Discovery of Vulnerable Access Control in Online Services
Sam Silvestro, Hongyu Liu, Corey Crosser, Zhiqiang Lin, Tongping Liu. FreeGuard: A Faster Secure Heap Allocator [Artifact]
Yehuda Lindell (Bar-Ilan University)
Yehuda Lindell, Ariel Nof. A Framework for Constructing Fast MPC over Arithmetic Circuits with Malicious Adversaries and an Honest-Majority
Shay Gueron, Yehuda Lindell. Better Bounds for Block Cipher Modes of Operation via Nonce-Based Key Derivation [Paper]
Maciej Liskiewicz (University of Luebeck)
Sebastian Berndt, Maciej Liskiewicz. Algorithm Substitution Attacks from a Steganographic Perspective [Paper]
Baojun Liu (Tsinghua University)
Daiping Liu, Zhou Li, Kun Du, Haining Wang, Baojun Liu, Haixin Duan. Don’t Let One Rotten Apple Spoil the Whole Barrel: Towards Automated Detection of Shadowed Domains
Chang Liu (University of California, Berkeley)
Xiaojun Xu, Chang Liu, Qian Feng, Heng Yin, Le Song, Dawn Song. Neural Network-based Graph Embedding for Cross-Platform Binary Code Similarity Detection [Paper]
Daiping Liu (University of Delaware)
Daiping Liu, Zhou Li, Kun Du, Haining Wang, Baojun Liu, Haixin Duan. Don’t Let One Rotten Apple Spoil the Whole Barrel: Towards Automated Detection of Shadowed Domains
Hongyu Liu (University of Texas at San Antonio)
Sam Silvestro, Hongyu Liu, Corey Crosser, Zhiqiang Lin, Tongping Liu. FreeGuard: A Faster Secure Heap Allocator [Artifact]
Hua Liu (Rutgers University)
Yi Han, Sriharsha Etigowni, Hua Liu, Saman Zonouz, Athina Petropulu. Watch Me, but Don’t Touch Me! Contactless Control Flow Monitoring via Electromagnetic Emanations [Paper]
Jian Liu (Aalto University)
Jian Liu, Mika Juuti, Yao Lu, N. Asokan. Oblivious Neural Network Predictions via MiniONN transformations [Paper]
Jian Liu (Rutgers University)
Jian Liu, Chen Wang, Yingying Chen, Nitesh Saxena. VibWrite: Towards Finger-input Authentication on Ubiquitous Surfaces via Physical Vibration
Peng Liu (The Pennsylvania State University)
Jian Huang, Jun Xu, Xinyu Xing, Peng Liu, Moinuddin K. Qureshi. FlashGuard: Leveraging Intrinsic Flash Properties to Defend Against Encryption Ransomware
Peng Liu (The Pennsylvania State University, College of Information Sciences and Technology)
Shijie Jia, Luning Xia, Bo Chen, Peng Liu. DEFTL: Implementing Plausibly Deniable Encryption in Flash Translation Layer
Shen Liu (The Pennsylvania State University)
Shen Liu, Gang Tan, Trent Jaeger. PtrSplit: Supporting general pointers in automatic program partitioning
Tongping Liu (University of Texas at San Antonio)
Sam Silvestro, Hongyu Liu, Corey Crosser, Zhiqiang Lin, Tongping Liu. FreeGuard: A Faster Secure Heap Allocator [Artifact]
Dmitri Loguinov (Texas A&M University)
Zain Shamsi, Daren B.H. Cline, Dmitri Loguinov. Faulds: A Non-Parametric Iterative Classifier for Internet-Wide OS Fingerprinting [Paper]
Heiko Lohrke (Technische Universität Berlin)
Shahin Tajik, Heiko Lohrke, Jean-Pierre Seifert, Christian Boit. On the Power of Optical Contactless Probing: Attacking Bitstream Encryption of FPGAs [Paper]
Yao Lu (Aalto University)
Jian Liu, Mika Juuti, Yao Lu, N. Asokan. Oblivious Neural Network Predictions via MiniONN transformations [Paper]
Meng Luo (Stony Brook University)
Meng Luo, Oleksii Starov, Nima Honarmand, Nick Nikiforakis. Hindsight: Understanding the Evolution of UI Vulnerabilities in Mobile Browsers
Vadim Lyubashevsky (IBM Research - Zürich)
Rafael del Pino, Vadim Lyubashevsky, Gregory Neven, Gregor Seiler. Practical Quantum-Safe Voting from Lattices
Christian Müller (Technische Universität München)
Bernd Finkbeiner, Christian Müller, Helmut Seidl, Eugen Zalinescu. Verifying Security Policies in Multi-agent Workflows with Loops [Paper] [Artifact]
Ashwin Machanavajjhala (Duke University)
Xi He, Ashwin Machanavajjhala, Cheryl Flynn, Divesh Srivastava. Composing Differential Privacy and Secure Computation: A case study on scaling private record linkage [Paper]
Yan Chen, Ashwin Machanavajjhala, Michael Hay, Gerome Miklau. PeGaSus: Data-Adaptive Differentially Private Stream Processing
Aravind Machiry (University of California, Santa Barbara)
Jake Corina, Aravind Machiry, Christopher Salls, Yan Shoshitaishvili, Shuang Hao, Christopher Kruegel, Giovanni Vigna. DIFUZE:Interface Aware Fuzzing for Kernel Drivers [Artifact]
Matteo Maffei (TU Wien)
Véronique Cortier, Niklas Grimm, Joseph Lallemand, Matteo Maffei. A Type System for Privacy Properties [Paper] [Artifact]
Giulio Malavolta, Pedro Moreno-Sanchez, Aniket Kate, Matteo Maffei, Srivatsan Ravi. Concurrency and Privacy with Payment-Channel Networks [Paper]
Giulio Malavolta (Friedrich-Alexander University Erlangen Nuernberg)
Giulio Malavolta, Pedro Moreno-Sanchez, Aniket Kate, Matteo Maffei, Srivatsan Ravi. Concurrency and Privacy with Payment-Channel Networks [Paper]
Alex J. Malozemoff (Galois, Inc.)
Brent Carmer, Alex J. Malozemoff, Mariana Raykova. 5Gen-C: Multi-input Functional Encryption and Program Obfuscation for Arithmetic Circuits [Artifact]
Akshaya Mani (Georgetown University)
Ellis Fenske, Akshaya Mani, Aaron Johnson, Micah Sherr. Distributed Measurement with Private Set-Union Cardinality
Nathan Manohar (Stanford University)
Dmitry Kogan, Nathan Manohar, Dan Boneh. T/Key: Second-Factor Authentication From Secure Hash Chains [Paper]
Z. Morley Mao (University of Michigan)
Qi Alfred Chen, Matthew Thomas, Eric Osterweil, Yulong Cao, Jie You, Z. Morley Mao. Client-side Name Collision Vulnerability in the New gTLD Era: A Systematic Study
Antonio Marcedone (Cornell University)
Keith Bonawitz, Vladimir Ivanov, Ben Kreuter, Antonio Marcedone, H. Brendan McMahan, Sarvar Patel, Daniel Ramage, Aaron Segal, Karn Seth. Practical Secure Aggregation for Privacy-Preserving Machine Learning [Paper]
Piotr Mardziel (Carnegie Mellon University)
Anupam Datta, Matthew Fredrikson, Gihyuk Ko, Piotr Mardziel, Shayak Sen. Use Privacy in Data-Driven Systems: Theory and Experiments with Machine Learnt Programs [Paper] [Artifact]
Dan Margolis (Google)
Kurt Thomas, Frank Li, Ali Zand, Jake Barrett, Juri Ranieri, Luca Invernizzi, Yarik Markov, Oxana Comanescu, Vijay Eranti, Angelika Moscicki, Dan Margolis, Vern Paxson, Elie Bursztein. Data breaches, phishing, or malware? Understanding the risks of stolen credentials
Yarik Markov (Google)
Kurt Thomas, Frank Li, Ali Zand, Jake Barrett, Juri Ranieri, Luca Invernizzi, Yarik Markov, Oxana Comanescu, Vijay Eranti, Angelika Moscicki, Dan Margolis, Vern Paxson, Elie Bursztein. Data breaches, phishing, or malware? Understanding the risks of stolen credentials
Naor Matania (Bar-Ilan University)
Vladimir Kolesnikov, Naor Matania, Benny Pinkas, Mike Rosulek, Ni Trieu. Practical Multi-party Private Set Intersection from Symmetric-Key Techniques [Paper] [Artifact]
Vashek Matyas (Masaryk University)
Matus Nemec, Marek Sys, Petr Svenda, Dusan Klinec, Vashek Matyas. The Return of Coppersmith’s Attack: Practical Factorization of Widely Used RSA Moduli [Artifact]
Vasilios Mavroudis (University College London)
Vasilios Mavroudis, Andrea Cerulli, Petr Svenda, Dan Cvrcek, Dusan Klinec, George Danezis. A Touch of Evil: High-Assurance Cryptographic Hardware from Untrusted Components [Artifact]
Travis Mayberry (United States Naval Academy)
Daniel S. Roche, Adam J. Aviv, Seung Geol Choi, Travis Mayberry. Deterministic, Stash-Free Write-Only ORAM [Paper] [Artifact]
Arya Mazumdar (University of Massachusetts Amherst)
Milad Nasr, Amir Houmansadr, Arya Mazumdar. Compressive Traffic Analysis: A New Paradigm for Scalable Traffic Analysis [Paper]
Patrick McCorry (Newcastle University)
Changyu Dong, Yilei Wang, Amjad Aldweesh, Patrick McCorry, Aad van Moorsel. Betrayal, Distrust, and Rationality: Smart Counter-Collusion Contracts for Verifiable Cloud Computing [Paper] [Artifact]
H. Brendan McMahan (Google)
Keith Bonawitz, Vladimir Ivanov, Ben Kreuter, Antonio Marcedone, H. Brendan McMahan, Sarvar Patel, Daniel Ramage, Aaron Segal, Karn Seth. Practical Secure Aggregation for Privacy-Preserving Machine Learning [Paper]
Nasir Memon (New York University)
Hossein Siadati, Nasir Memon. Detecting Structurally Anomalous Logins Within Enterprise Networks
Dongyu Meng (ShanghaiTech University)
Dongyu Meng, Hao Chen. MagNet: a Two-Pronged Defense against Adversarial Examples [Paper]
Ian Miers (Johns Hopkins University)
Matthew Green, Ian Miers. Bolt: Anonymous Payment Channels for Decentralized Currencies
Arka Rai Choudhuri, Matthew Green, Abhishek Jain, Gabriel Kaptchuk, Ian Miers. Fairness in an Unfair World: Fair Multiparty Computation from Public Bulletin Boards
Gerome Miklau (University of Massachusetts Amherst)
Yan Chen, Ashwin Machanavajjhala, Michael Hay, Gerome Miklau. PeGaSus: Data-Adaptive Differentially Private Stream Processing
Changwoo Min (Georgia Institute of Technology)
Wen Xu, Sanidhya Kashyap, Changwoo Min, Taesoo Kim. Designing New Operating Primitives to Improve Fuzzing Performance
Brice Minaud (Royal Holloway, University of London)
Raphael Bost, Brice Minaud, Olga Ohrimenko. Forward and Backward Private Searchable Encryption from Constrained Cryptographic Primitives [Paper] [Artifact]
Najmeh Miramirkhani (Stony Brook University)
Panagiotis Kintis, Najmeh Miramirkhani, Charles Lever, Yizheng Chen, Rosa Romero-Gómez, Nikolaos Pitropakis, Nick Nikiforakis, Manos Antonakakis. Hiding in Plain Sight: A Longitudinal Study of Combosquatting Abuse [Paper]
Payman Mohassel (Visa Research)
Nishanth Chandran, Juan Garay, Payman Mohassel, Satyanarayana Vusirikala. Efficient, Constant-Round and Actively Secure MPC: Beyond the Three-Party Case [Paper]
Fabian Monrose (University of North Carolina at Chapel Hill)
Yizheng Chen, Yacin Nadji, Athanasios Kountouras, Fabian Monrose, Roberto Perdisci, Manos Antonakakis, Nikolaos Vasiloglou. Practical Attacks Against Graph-based Clustering [Paper]
Tyler Moore (The University of Tulsa)
Samaneh Tajalizadehkhoob, Tom van Goethem, Maciej Korczyński, Arman Noroozian, Rainer Böhme, Tyler Moore, Wouter Joosen, Michel van Eeten. Herding Vulnerable Cats: A Statistical Approach to Disentangle Joint Responsibility for Web Security in Shared Hosting [Paper]
Aad van Moorsel (Newcastle University)
Changyu Dong, Yilei Wang, Amjad Aldweesh, Patrick McCorry, Aad van Moorsel. Betrayal, Distrust, and Rationality: Smart Counter-Collusion Contracts for Verifiable Cloud Computing [Paper] [Artifact]
Pedro Moreno-Sanchez (Purdue University)
Giulio Malavolta, Pedro Moreno-Sanchez, Aniket Kate, Matteo Maffei, Srivatsan Ravi. Concurrency and Privacy with Payment-Channel Networks [Paper]
Angelika Moscicki (Google)
Kurt Thomas, Frank Li, Ali Zand, Jake Barrett, Juri Ranieri, Luca Invernizzi, Yarik Markov, Oxana Comanescu, Vijay Eranti, Angelika Moscicki, Dan Margolis, Vern Paxson, Elie Bursztein. Data breaches, phishing, or malware? Understanding the risks of stolen credentials
Andrew Myers (Cornell University)
Ethan Cecchetti, Andrew Myers, Owen Arden. Nonmalleable Information Flow Control
Mohammed Thari Nabeel (New York University)
Muhammad Yasin, Abhrajit Sengupta, Mohammed Thari Nabeel, Mohammed Ashraf, Jeyavijayan (JV) Rajendran, Ozgur Sinanoglu. Provably-Secure Logic Locking: From Theory To Practice
Yacin Nadji (Georgia Institute of Technology)
Yizheng Chen, Yacin Nadji, Athanasios Kountouras, Fabian Monrose, Roberto Perdisci, Manos Antonakakis, Nikolaos Vasiloglou. Practical Attacks Against Graph-based Clustering [Paper]
Pardis Emami Naeini (Carnegie Mellon University)
Sarah Pearman, Jeremy Thomas, Pardis Emami Naeini, Hana Habib, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, Serge Egelman, Alain Forget. Let’s go in for a closer look: Observing passwords in their natural habitat
Matthias Nagel (Karlsruhe Institute of Technology)
Gunnar Hartung, Max Hoffmann, Matthias Nagel, Andy Rupp. BBA+: Improving the Security and Applicability of Privacy-Preserving Point Collection
Adib Nahiyan (University of Florida)
Animesh Chhotaray, Adib Nahiyan, Thomas Shrimpton, Domenic J Forte, Mark Tehranipoor. Standardizing Bad Cryptographic Practice - A teardown of the IEEE standard for protecting electronic-design intellectual property
Alena Naiakshina (University of Bonn)
Alena Naiakshina, Anastasia Danilova, Christian Tiefenau, Marco Herzog, Sergej Dechand, Matthew Smith. Why Do Developers Get Password Storage Wrong? A Qualitative Usability Study [Paper]
Milad Nasr (University of Massachusetts Amherst)
Milad Nasr, Amir Houmansadr, Arya Mazumdar. Compressive Traffic Analysis: A New Paradigm for Scalable Traffic Analysis [Paper]
Milad Nasr, Hadi Zolfaghari, Amir Houmansadr. The Waterfall of Liberty: Decoy Routing Circumvention that Resists Routing Attacks
Matus Nemec (Masaryk University / Ca’ Foscari University of Venice)
Matus Nemec, Marek Sys, Petr Svenda, Dusan Klinec, Vashek Matyas. The Return of Coppersmith’s Attack: Practical Factorization of Widely Used RSA Moduli [Artifact]
Gregory Neven (IBM Research - Zürich)
Rafael del Pino, Vadim Lyubashevsky, Gregory Neven, Gregor Seiler. Practical Quantum-Safe Voting from Lattices
Duc Cuong Nguyen (CISPA, Saarland University)
Duc Cuong Nguyen, Dominik Wermke, Yasemin Acar, Michael Backes, Charles Weir, Sascha Fahl. A Stitch in Time: Supporting Android Developers in Writing Secure Code
Manh-Dung Nguyen (National University of Singapore)
Marcel Böhme, Van-Thuan Pham, Manh-Dung Nguyen, Abhik Roychoudhury. Directed Greybox Fuzzing [Paper] [Artifact]
Tam Nguyen (Oregon State University)
Thang Hoang, Ceyhun D. Ozkaptan, Attila A. Yavuz, Jorge Guajardo, Tam Nguyen. S3ORAM: A Computation-Efficient and Constant Client Bandwidth Blowup ORAM with Shamir Secret Sharing [Paper] [Artifact]
Jesper Buus Nielsen (Aarhus University)
Vladimir Kolesnikov, Jesper Buus Nielsen, Mike Rosulek, Ni Trieu, Roberto Trifiletti. DUPLO: Unifying Cut-and-Choose for Garbled Circuits [Paper] [Artifact]
Nico Döttling, Satrajit Ghosh, Jesper Buus Nielsen, Tobias Nilges, Roberto Trifiletti. TinyOLE: Efficient Actively Secure Two-Party Computation from Oblivious Linear Function Evaluation
Nick Nikiforakis (Stony Brook University)
Panagiotis Kintis, Najmeh Miramirkhani, Charles Lever, Yizheng Chen, Rosa Romero-Gómez, Nikolaos Pitropakis, Nick Nikiforakis, Manos Antonakakis. Hiding in Plain Sight: A Longitudinal Study of Combosquatting Abuse [Paper]
Meng Luo, Oleksii Starov, Nima Honarmand, Nick Nikiforakis. Hindsight: Understanding the Evolution of UI Vulnerabilities in Mobile Browsers
Thomas Vissers, Timothy Barron, Tom Van Goethem, Wouter Joosen, Nick Nikiforakis. The Wolf of Name Street: Hijacking Domains Through Their Nameservers [Paper]
Tobias Nilges (Aarhus University)
Nico Döttling, Satrajit Ghosh, Jesper Buus Nielsen, Tobias Nilges, Roberto Trifiletti. TinyOLE: Efficient Actively Secure Two-Party Computation from Oblivious Linear Function Evaluation
Shirin Nilizadeh (University of California, Santa Barbara)
Shirin Nilizadeh, François Labrèche, Alireza Sadighian, Ali Zand, José Fernandez, Christopher Kruegel, Gianluca Stringhini, Giovanni Vigna. POISED: Spotting Twitter Spam Off the Beaten Paths
Luca Nizzardo (IMDEA Software Institute and Universidad Politécnica de Madrid)
Matteo Campanelli, Rosario Gennaro, Steven Goldfeder, Luca Nizzardo. Zero-Knowledge Contingent Payments Revisited: Attacks and Payments for Services [Paper] [Artifact]
Ariel Nof (Bar-Ilan University)
Yehuda Lindell, Ariel Nof. A Framework for Constructing Fast MPC over Arithmetic Circuits with Malicious Adversaries and an Honest-Majority
Arman Noroozian (Delft University of Technology)
Samaneh Tajalizadehkhoob, Tom van Goethem, Maciej Korczyński, Arman Noroozian, Rainer Böhme, Tyler Moore, Wouter Joosen, Michel van Eeten. Herding Vulnerable Cats: A Statistical Approach to Disentangle Joint Responsibility for Web Security in Shared Hosting [Paper]
Olga Ohrimenko (Microsoft Research, Cambridge)
Raphael Bost, Brice Minaud, Olga Ohrimenko. Forward and Backward Private Searchable Encryption from Constrained Cryptographic Primitives [Paper] [Artifact]
Tiago Oliveira (HASLab – INESC TEC / Universidade do Minho)
José Bacelar Almeida, Manuel Barbosa, Gilles Barthe, Arthur Blot, Benjamin Grégoire, Vincent Laporte, Tiago Oliveira, Hugo Pacheco, Benedikt Schmidt, Pierre-Yves Strub. Jasmin: High-Assurance and High-Speed Cryptography [Artifact]
Claudio Orlandi (Aarhus University)
Melissa Chase, David Derler, Steven Goldfeder, Claudio Orlandi, Sebastian Ramacher, Christian Rechberger, Daniel Slamanig, Greg Zaverucha. Post-Quantum Zero-Knowledge and Signatures from Symmetric-Key Primitives
Michele Orru (ENS, Paris)
Elette Boyle, Geoffroy Couteau, Niv Gilboa, Yuval Ishai, Michele Orru. Homomorphic Secret Sharing: Optimizations and Applications [Artifact]
Alessandro Orso (Georgia Institute of Technology)
Yang Ji, Sangho Lee, Evan Downing, Weiren Wang, Mattia Fazzini, Taesoo Kim, Alessandro Orso, Wenke Lee. RAIN: Refinable Attack Investigation with On-demand Inter-Process Information Flow Tracking
Eric Osterweil (Verisign Labs)
Qi Alfred Chen, Matthew Thomas, Eric Osterweil, Yulong Cao, Jie You, Z. Morley Mao. Client-side Name Collision Vulnerability in the New gTLD Era: A Systematic Study
Rebekah Overdorf (Drexel University)
Rebekah Overdorf, Marc Juarez, Gunes Acar, Rachel Greenstadt, Claudia Diaz. How Unique is Your .onion? An Analysis of the Fingerprintability of Tor Onion Services [Artifact]
Simon Oya (University of Vigo)
Simon Oya, Carmela Troncoso, Fernando Pérez-González. Back to the drawing board: Revisiting the design of optimal location privacy-preserving mechanisms [Paper]
Ceyhun D. Ozkaptan (Oregon State University)
Thang Hoang, Ceyhun D. Ozkaptan, Attila A. Yavuz, Jorge Guajardo, Tam Nguyen. S3ORAM: A Computation-Efficient and Constant Client Bandwidth Blowup ORAM with Shamir Secret Sharing [Paper] [Artifact]
Fernando Pérez-González (University of Vigo)
Simon Oya, Carmela Troncoso, Fernando Pérez-González. Back to the drawing board: Revisiting the design of optimal location privacy-preserving mechanisms [Paper]
Hugo Pacheco (HASLab – INESC TEC / Universidade do Minho)
José Bacelar Almeida, Manuel Barbosa, Gilles Barthe, Arthur Blot, Benjamin Grégoire, Vincent Laporte, Tiago Oliveira, Hugo Pacheco, Benedikt Schmidt, Pierre-Yves Strub. Jasmin: High-Assurance and High-Speed Cryptography [Artifact]
Xiaorui Pan (Indiana University)
Wenhao Wang, Guoxing Chen, Xiaorui Pan, Yinqian Zhang, XiaoFeng Wang, Vincent Bindschaedler, Haixu Tang, Carl A. Gunter. Leaky Cauldron on the Dark Land: Understanding Memory Side-Channel Hazards in SGX
Jun Pang (University of Luxembourg)
Michael Backes, Mathias Humbert, Jun Pang, Yang Zhang. walk2friends: Inferring Social Links from Mobility Profiles [Paper] [Artifact]
Je Hong Park (National Security Research Institute)
Kee Sung Kim, Minkyu Kim, Dongsoo Lee, Je Hong Park, Woo-Hwan Kim. Forward Secure Dynamic Searchable Symmetric Encryption with Efficient Updates
Sarvar Patel (Google)
Keith Bonawitz, Vladimir Ivanov, Ben Kreuter, Antonio Marcedone, H. Brendan McMahan, Sarvar Patel, Daniel Ramage, Aaron Segal, Karn Seth. Practical Secure Aggregation for Privacy-Preserving Machine Learning [Paper]
Vern Paxson (University of California, Berkeley)
Frank Li, Vern Paxson. A Large-Scale Empirical Study of Security Patches
Kurt Thomas, Frank Li, Ali Zand, Jake Barrett, Juri Ranieri, Luca Invernizzi, Yarik Markov, Oxana Comanescu, Vijay Eranti, Angelika Moscicki, Dan Margolis, Vern Paxson, Elie Bursztein. Data breaches, phishing, or malware? Understanding the risks of stolen credentials
Mathias Payer (Purdue University)
Yuseok Jeon, Priyam Biswas, Scott Carr, Byoungyoung Lee, Mathias Payer. HexType: Efficient Detection of Type Confusion Errors for C++
Sarah Pearman (Carnegie Mellon University)
Sarah Pearman, Jeremy Thomas, Pardis Emami Naeini, Hana Habib, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, Serge Egelman, Alain Forget. Let’s go in for a closer look: Observing passwords in their natural habitat
Giancarlo Pellegrino (CISPA, Saarland University)
Giancarlo Pellegrino, Martin Johns, Simon Koch, Michael Backes, Christian Rossow. Deemon: Detecting CSRF with Dynamic Analysis and Property Graphs [Paper]
Roberto Perdisci (University of Georgia)
Yizheng Chen, Yacin Nadji, Athanasios Kountouras, Fabian Monrose, Roberto Perdisci, Manos Antonakakis, Nikolaos Vasiloglou. Practical Attacks Against Graph-based Clustering [Paper]
Vitor Pereira (HASLab – INESC TEC / DCC FC Universidade do Porto)
José Bacelar Almeida, Manuel Barbosa, Gilles Barthe, François Dupressoir, Benjamin Grégoire, Vincent Laporte, Vitor Pereira. A Fast and Verified Software Stack for Secure Function Evaluation [Paper] [Artifact]
Fernando Perez-Cruz (Stevens Institute of Technology)
Briland Hitaj, Giuseppe Ateniese, Fernando Perez-Cruz. Deep Models Under the GAN: Information Leakage from Collaborative Deep Learning [Paper]
Peter Pessl (Graz University of Technology)
Peter Pessl, Leon Groot Bruinderink, Yuval Yarom. To BLISS-B or not to be - Attacking strongSwan’s Implementation of Post-Quantum Signatures [Paper]
Adam Petcher (Oracle)
Katherine Q. Ye, Matthew Green, Naphat Sanguansin, Lennart Beringer, Adam Petcher, Andrew W. Appel. Verified Correctness and Security of mbedTLS HMAC-DRBG [Paper] [Artifact]
Athina Petropulu (Rutgers University)
Yi Han, Sriharsha Etigowni, Hua Liu, Saman Zonouz, Athina Petropulu. Watch Me, but Don’t Touch Me! Contactless Control Flow Monitoring via Electromagnetic Emanations [Paper]
Theofilos Petsios (Columbia University)
Theofilos Petsios, Jason Zhao, Angelos D. Keromytis, Suman Jana. SlowFuzz: Automated Domain-Independent Detection of Algorithmic Complexity Vulnerabilities [Paper]
Van-Thuan Pham (National University of Singapore)
Marcel Böhme, Van-Thuan Pham, Manh-Dung Nguyen, Abhik Roychoudhury. Directed Greybox Fuzzing [Paper] [Artifact]
Duong Hieu Phan (XLIM (U. Limoges, CNRS), France)
Shweta Agrawal, Sanjay Bhattacherjee, Duong Hieu Phan, Damien Stehle, Shota Yamada. Efficient Public Trace-and-Revoke from Standard Assumptions [Paper]
Frank Piessens (KU Leuven, imec-DistriNet)
Mathy Vanhoef, Frank Piessens. Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2
Benny Pinkas (Bar-Ilan University)
Vladimir Kolesnikov, Naor Matania, Benny Pinkas, Mike Rosulek, Ni Trieu. Practical Multi-party Private Set Intersection from Symmetric-Key Techniques [Paper] [Artifact]
Rafael del Pino (IBM Research - Zürich)
Rafael del Pino, Vadim Lyubashevsky, Gregory Neven, Gregor Seiler. Practical Quantum-Safe Voting from Lattices
Nikolaos Pitropakis (London South Bank University)
Panagiotis Kintis, Najmeh Miramirkhani, Charles Lever, Yizheng Chen, Rosa Romero-Gómez, Nikolaos Pitropakis, Nick Nikiforakis, Manos Antonakakis. Hiding in Plain Sight: A Longitudinal Study of Combosquatting Abuse [Paper]
Yuval Pnueli (Technion - Israel Institute of Technology)
Rahul Chatterjee, Joanne Woodage, Yuval Pnueli, Anusha Chowdhury, Thomas Ristenpart. The TypTop System: Personalized Typo-tolerant Password Checking [Paper] [Artifact]
Jonathan Protzenko (Microsoft Research)
Jean-Karim Zinzindohoué and Karthikeyan Bhargavan, Jonathan Protzenko, Benjamin Beurdouche. HACL*: A Verified Modern Cryptographic Library [Paper] [Artifact]
Calton Pu (Georgia Institute of Technology)
Huasong Shan, Qingyang Wang, Calton Pu. Tail Attacks on Web Applications
Zhan Qin (State University of New York at Buffalo)
Zhan Qin, Yin Yang, Ting Yu, Xiaokui Xiao, Issa Khalil, Kui Ren. Generating Synthetic Decentralized Social Graphs with Local Differential Privacy
Moinuddin K. Qureshi (Georgia Institute of Technology)
Jian Huang, Jun Xu, Xinyu Xing, Peng Liu, Moinuddin K. Qureshi. FlashGuard: Leveraging Intrinsic Flash Properties to Defend Against Encryption Ransomware
Carla Ràfols (UPF Barcelona)
Gottfried Herold, Max Hoffmann, Michael Klooß , Carla Ràfols, Andy Rupp. New Techniques for Structural Batch Verification in Bilinear Groups with Applications to Groth-Sahai Proofs [Paper]
Jeyavijayan (JV) Rajendran (University of Texas at Dallas)
Muhammad Yasin, Abhrajit Sengupta, Mohammed Thari Nabeel, Mohammed Ashraf, Jeyavijayan (JV) Rajendran, Ozgur Sinanoglu. Provably-Secure Logic Locking: From Theory To Practice
Sebastian Ramacher (Graz University of Technology)
Melissa Chase, David Derler, Steven Goldfeder, Claudio Orlandi, Sebastian Ramacher, Christian Rechberger, Daniel Slamanig, Greg Zaverucha. Post-Quantum Zero-Knowledge and Signatures from Symmetric-Key Primitives
Daniel Ramage (Google)
Keith Bonawitz, Vladimir Ivanov, Ben Kreuter, Antonio Marcedone, H. Brendan McMahan, Sarvar Patel, Daniel Ramage, Aaron Segal, Karn Seth. Practical Secure Aggregation for Privacy-Preserving Machine Learning [Paper]
Samuel Ranellucci (University of Maryland / George Mason University)
Xiao Wang, Samuel Ranellucci, Jonathan Katz. Authenticated Garbling and Efficient Maliciously Secure Two-Party Computation [Paper] [Artifact]
Xiao Wang, Samuel Ranellucci, Jonathan Katz. Global-Scale Secure Multiparty Computation [Paper] [Artifact]
Juri Ranieri (Google)
Kurt Thomas, Frank Li, Ali Zand, Jake Barrett, Juri Ranieri, Luca Invernizzi, Yarik Markov, Oxana Comanescu, Vijay Eranti, Angelika Moscicki, Dan Margolis, Vern Paxson, Elie Bursztein. Data breaches, phishing, or malware? Understanding the risks of stolen credentials
Srivatsan Ravi (University of Southern California)
Giulio Malavolta, Pedro Moreno-Sanchez, Aniket Kate, Matteo Maffei, Srivatsan Ravi. Concurrency and Privacy with Payment-Channel Networks [Paper]
Mariana Raykova (Yale University)
Brent Carmer, Alex J. Malozemoff, Mariana Raykova. 5Gen-C: Multi-input Functional Encryption and Program Obfuscation for Arithmetic Circuits [Artifact]
Christian Rechberger (Graz University of Technology / Denmark Technical University)
Melissa Chase, David Derler, Steven Goldfeder, Claudio Orlandi, Sebastian Ramacher, Christian Rechberger, Daniel Slamanig, Greg Zaverucha. Post-Quantum Zero-Knowledge and Signatures from Symmetric-Key Primitives
Kui Ren (State University of New York at Buffalo)
Zhan Qin, Yin Yang, Ting Yu, Xiaokui Xiao, Issa Khalil, Kui Ren. Generating Synthetic Decentralized Social Graphs with Local Differential Privacy
Shaolei Ren (University of California, Riverside)
Mohammad A. Islam, Shaolei Ren, Adam Wierman. Exploiting a Thermal Side Channel for Power Attacks in Multi-Tenant Data Centers
Peter Rindal (Oregon State University)
Hao Chen, Kim Laine, Peter Rindal. Fast Private Set Intersection from Homomorphic Encryption [Paper]
Peter Rindal, Mike Rosulek. Malicious-Secure Private Set Intersection via Dual Execution [Paper] [Artifact]
Thomas Ristenpart (Cornell Tech)
Congzheng Song, Thomas Ristenpart, Vitaly Shmatikov. Machine Learning Models that Remember Too Much
Rahul Chatterjee, Joanne Woodage, Yuval Pnueli, Anusha Chowdhury, Thomas Ristenpart. The TypTop System: Personalized Typo-tolerant Password Checking [Paper] [Artifact]
Daniel S. Roche (United States Naval Academy)
Daniel S. Roche, Adam J. Aviv, Seung Geol Choi, Travis Mayberry. Deterministic, Stash-Free Write-Only ORAM [Paper] [Artifact]
Franziska Roesner (University of Washington)
Ada Lerner, Tadayoshi Kohno, Franziska Roesner. Rewriting History: Changing the Archived Web from the Present [Artifact]
Rosa Romero-Gómez (Georgia Institute of Technology)
Panagiotis Kintis, Najmeh Miramirkhani, Charles Lever, Yizheng Chen, Rosa Romero-Gómez, Nikolaos Pitropakis, Nick Nikiforakis, Manos Antonakakis. Hiding in Plain Sight: A Longitudinal Study of Combosquatting Abuse [Paper]
Christian Rossow (CISPA, Saarland University)
Giancarlo Pellegrino, Martin Johns, Simon Koch, Michael Backes, Christian Rossow. Deemon: Detecting CSRF with Dynamic Analysis and Property Graphs [Paper]
Mike Rosulek (Oregon State University)
Vladimir Kolesnikov, Jesper Buus Nielsen, Mike Rosulek, Ni Trieu, Roberto Trifiletti. DUPLO: Unifying Cut-and-Choose for Garbled Circuits [Paper] [Artifact]
Peter Rindal, Mike Rosulek. Malicious-Secure Private Set Intersection via Dual Execution [Paper] [Artifact]
Vladimir Kolesnikov, Naor Matania, Benny Pinkas, Mike Rosulek, Ni Trieu. Practical Multi-party Private Set Intersection from Symmetric-Key Techniques [Paper] [Artifact]
Abhik Roychoudhury (National University of Singapore)
Marcel Böhme, Van-Thuan Pham, Manh-Dung Nguyen, Abhik Roychoudhury. Directed Greybox Fuzzing [Paper] [Artifact]
Andy Rupp (Karlsruhe Institute of Technology)
Gunnar Hartung, Max Hoffmann, Matthias Nagel, Andy Rupp. BBA+: Improving the Security and Applicability of Privacy-Preserving Point Collection
Gottfried Herold, Max Hoffmann, Michael Klooß , Carla Ràfols, Andy Rupp. New Techniques for Structural Batch Verification in Bilinear Groups with Applications to Groth-Sahai Proofs [Paper]
Alexander Russell (University of Connecticut)
Alexander Russell, Qiang Tang, Moti Yung, Hong-Sheng Zhou. Generic Semantic Security against a Kleptographic Adversary
Alejandro Russo (Chalmers University of Technology)
Lucas Waye, Pablo Buiras, Owen Arden, Alejandro Russo, Stephen Chong. Cryptographically Secure Information Flow Control on Key-Value Stores [Paper]
Ahmad-Reza Sadeghi (Technische Universität Darmstadt)
Tommaso Frassetto, David Gens, Christopher Liebchen, Ahmad-Reza Sadeghi. JITGuard: Hardening Just-in-time Compilers with SGX [Paper]
Alireza Sadighian (École Polytechnique de Montréal)
Shirin Nilizadeh, François Labrèche, Alireza Sadighian, Ali Zand, José Fernandez, Christopher Kruegel, Gianluca Stringhini, Giovanni Vigna. POISED: Spotting Twitter Spam Off the Beaten Paths
Christopher Salls (University of California, Santa Barbara)
Jake Corina, Aravind Machiry, Christopher Salls, Yan Shoshitaishvili, Shuang Hao, Christopher Kruegel, Giovanni Vigna. DIFUZE:Interface Aware Fuzzing for Kernel Drivers [Artifact]
Yan Shoshitaishvili, Michael Weissbacher, Lukas Dresel, Christopher Salls, Ruoyu Wang, Christopher Kruegel, Giovanni Vigna. Rise of the HaCRS: Augmenting Autonomous Cyber Reasoning Systems with Human Assistance
Naphat Sanguansin (Princeton University)
Katherine Q. Ye, Matthew Green, Naphat Sanguansin, Lennart Beringer, Adam Petcher, Andrew W. Appel. Verified Correctness and Security of mbedTLS HMAC-DRBG [Paper] [Artifact]
Stefan Savage (University of California, San Diego)
Alexander Gamero-Garrido, Stefan Savage, Kirill Levchenko, Alex C. Snoeren. Quantifying the Pressure of Legal Risks on Third-party Vulnerability Research [Paper] [Artifact]
Nitesh Saxena (University of Alabama at Birmingham)
Maliheh Shirvanian, Nitesh Saxena. CCCP: Closed Caption Crypto Phones to Resist MITM Attacks, Human Errors and Click-Through
Jian Liu, Chen Wang, Yingying Chen, Nitesh Saxena. VibWrite: Towards Finger-input Authentication on Ubiquitous Surfaces via Physical Vibration
Sven Schäge (Ruhr-Universität Bochum)
Yong Li, Sven Schäge. No-Match Attacks and Robust Partnering Definitions – Defining Trivial Attacks for Security Protocols is Not Trivial [Paper]
Benedikt Schmidt (IMDEA Software Institute)
José Bacelar Almeida, Manuel Barbosa, Gilles Barthe, Arthur Blot, Benjamin Grégoire, Vincent Laporte, Tiago Oliveira, Hugo Pacheco, Benedikt Schmidt, Pierre-Yves Strub. Jasmin: High-Assurance and High-Speed Cryptography [Artifact]
Oliver Schranz (CISPA, Saarland University)
Jie Huang, Oliver Schranz, Sven Bugiel, Michael Backes. The ART of App Compartmentalization: Compiler-based Library Privilege Separation on Stock Android
Sam Scott (Royal Holloway, University of London)
Cas Cremers, Marko Horvat, Jonathan Hoyland, Sam Scott, Thyla van der Merwe. A Comprehensive Symbolic Analysis of TLS 1.3 [Paper] [Artifact]
Aaron Segal (Google)
Keith Bonawitz, Vladimir Ivanov, Ben Kreuter, Antonio Marcedone, H. Brendan McMahan, Sarvar Patel, Daniel Ramage, Aaron Segal, Karn Seth. Practical Secure Aggregation for Privacy-Preserving Machine Learning [Paper]
Helmut Seidl (Technische Universität München)
Bernd Finkbeiner, Christian Müller, Helmut Seidl, Eugen Zalinescu. Verifying Security Policies in Multi-agent Workflows with Loops [Paper] [Artifact]
Jean-Pierre Seifert (Technische Universität Berlin)
Shahin Tajik, Heiko Lohrke, Jean-Pierre Seifert, Christian Boit. On the Power of Optical Contactless Probing: Attacking Bitstream Encryption of FPGAs [Paper]
Gregor Seiler (IBM Research - Zürich)
Rafael del Pino, Vadim Lyubashevsky, Gregory Neven, Gregor Seiler. Practical Quantum-Safe Voting from Lattices
Shayak Sen (Carnegie Mellon University)
Anupam Datta, Matthew Fredrikson, Gihyuk Ko, Piotr Mardziel, Shayak Sen. Use Privacy in Data-Driven Systems: Theory and Experiments with Machine Learnt Programs [Paper] [Artifact]
Abhrajit Sengupta (New York University)
Muhammad Yasin, Abhrajit Sengupta, Mohammed Thari Nabeel, Mohammed Ashraf, Jeyavijayan (JV) Rajendran, Ozgur Sinanoglu. Provably-Secure Logic Locking: From Theory To Practice
Sanjit Seshia (University of California, Berkeley)
Pramod Subramanyan, Rohit Sinha, Ilia Lebedev, Srinivas Devadas, Sanjit Seshia. A Formal Foundation for Secure Remote Execution of Enclaves [Paper] [Artifact]
Karn Seth (Google)
Keith Bonawitz, Vladimir Ivanov, Ben Kreuter, Antonio Marcedone, H. Brendan McMahan, Sarvar Patel, Daniel Ramage, Aaron Segal, Karn Seth. Practical Secure Aggregation for Privacy-Preserving Machine Learning [Paper]
Zain Shamsi (Texas A&M University)
Zain Shamsi, Daren B.H. Cline, Dmitri Loguinov. Faulds: A Non-Parametric Iterative Classifier for Internet-Wide OS Fingerprinting [Paper]
Huasong Shan (Louisiana State University, Computer Science and Engineering Division)
Huasong Shan, Qingyang Wang, Calton Pu. Tail Attacks on Web Applications
Fahad Shaon (University of Texas at Dallas)
Fahad Shaon, Murat Kantarcioglu, Zhiqiang Lin, Latifur Khan. A Practical Encrypted Data Analytic Framework With Trusted Processors
abhi shelat (Northeastern University)
Riad S. Wahby, Ye Ji, Andrew J. Blumberg, abhi shelat, Justin Thaler, Michael Walfish, Thomas Wies. Full accounting for verifiable outsourcing [Paper]
Jack Doerner, abhi shelat. Scaling ORAM for Secure Computation [Paper] [Artifact]
Micah Sherr (Georgetown University)
Ellis Fenske, Akshaya Mani, Aaron Johnson, Micah Sherr. Distributed Measurement with Private Set-Union Cardinality
Elaine Shi (Cornell University)
Ethan Cecchetti, Fan Zhang, Yan Ji, Ahmed Kosba, Ari Juels, Elaine Shi. Solidus: Confidential Distributed Ledger Transactions via PVORM [Paper]
Kang G. Shin (University of Michigan)
Kyong-Tak Cho, Kang G. Shin. Viden: Attacker Identification on In-Vehicle Networks [Paper]
Maliheh Shirvanian (University of Alabama at Birmingham)
Maliheh Shirvanian, Nitesh Saxena. CCCP: Closed Caption Crypto Phones to Resist MITM Attacks, Human Errors and Click-Through
Vitaly Shmatikov (Cornell Tech)
Congzheng Song, Thomas Ristenpart, Vitaly Shmatikov. Machine Learning Models that Remember Too Much
Yan Shoshitaishvili (Arizona State University)
Jake Corina, Aravind Machiry, Christopher Salls, Yan Shoshitaishvili, Shuang Hao, Christopher Kruegel, Giovanni Vigna. DIFUZE:Interface Aware Fuzzing for Kernel Drivers [Artifact]
Yan Shoshitaishvili, Michael Weissbacher, Lukas Dresel, Christopher Salls, Ruoyu Wang, Christopher Kruegel, Giovanni Vigna. Rise of the HaCRS: Augmenting Autonomous Cyber Reasoning Systems with Human Assistance
Victor Shoup (IBM and New York University)
Shai Halevi, Tzipora Halevi, Victor Shoup, Noah Stephens-Davidowitz. Implementing BP-Obfuscation Using Graph-Induced Encoding [Paper]
Thomas Shrimpton (University of Florida)
Animesh Chhotaray, Adib Nahiyan, Thomas Shrimpton, Domenic J Forte, Mark Tehranipoor. Standardizing Bad Cryptographic Practice - A teardown of the IEEE standard for protecting electronic-design intellectual property
Hossein Siadati (New York University)
Hossein Siadati, Nasir Memon. Detecting Structurally Anomalous Logins Within Enterprise Networks
Sam Silvestro (University of Texas at San Antonio)
Sam Silvestro, Hongyu Liu, Corey Crosser, Zhiqiang Lin, Tongping Liu. FreeGuard: A Faster Secure Heap Allocator [Artifact]
Ozgur Sinanoglu (New York University)
Muhammad Yasin, Abhrajit Sengupta, Mohammed Thari Nabeel, Mohammed Ashraf, Jeyavijayan (JV) Rajendran, Ozgur Sinanoglu. Provably-Secure Logic Locking: From Theory To Practice
Rohit Sinha (University of California, Berkeley)
Pramod Subramanyan, Rohit Sinha, Ilia Lebedev, Srinivas Devadas, Sanjit Seshia. A Formal Foundation for Secure Remote Execution of Enclaves [Paper] [Artifact]
Daniel Slamanig (AIT Austrian Institute of Technology)
Melissa Chase, David Derler, Steven Goldfeder, Claudio Orlandi, Sebastian Ramacher, Christian Rechberger, Daniel Slamanig, Greg Zaverucha. Post-Quantum Zero-Knowledge and Signatures from Symmetric-Key Primitives
Ryan Sleevi (Google)
Mustafa Emre Acer, Emily Stark, Adrienne Porter Felt, Sascha Fahl, Radhika Bhargava, Bhanu Dev, Matt Braithwaite, Ryan Sleevi, Parisa Tabriz. Where the Wild Warnings Are: Root Causes of Chrome HTTPS Certificate Errors
Matthew Smith (University of Bonn)
Alena Naiakshina, Anastasia Danilova, Christian Tiefenau, Marco Herzog, Sergej Dechand, Matthew Smith. Why Do Developers Get Password Storage Wrong? A Qualitative Usability Study [Paper]
Alex C. Snoeren (University of California, San Diego)
Alexander Gamero-Garrido, Stefan Savage, Kirill Levchenko, Alex C. Snoeren. Quantifying the Pressure of Legal Risks on Third-party Vulnerability Research [Paper] [Artifact]
Peter Snyder (University of Illinois at Chicago)
Peter Snyder, Cynthia Taylor, Chris Kanich. Most Websites Don’t Need to Vibrate: A Cost-Benefit Approach to Improving Browser Security [Paper]
Yunmok Son (KAIST)
Yujin Kwon, Dohyun Kim, Yunmok Son, Eugene Vasserman, Yongdae Kim. Be Selfish and Avoid Dilemmas: Fork After Withholding (FAW) Attacks on Bitcoin [Paper]
Congzheng Song (Cornell University)
Congzheng Song, Thomas Ristenpart, Vitaly Shmatikov. Machine Learning Models that Remember Too Much
Dawn Song (University of California, Berkeley)
Xiaojun Xu, Chang Liu, Qian Feng, Heng Yin, Le Song, Dawn Song. Neural Network-based Graph Embedding for Cross-Platform Binary Code Similarity Detection [Paper]
Le Song (Georgia Institute of Technology)
Xiaojun Xu, Chang Liu, Qian Feng, Heng Yin, Le Song, Dawn Song. Neural Network-based Graph Embedding for Cross-Platform Binary Code Similarity Detection [Paper]
Vivek Srikumar (University of Utah)
Min Du, Feifei Li, Guineng Zheng, Vivek Srikumar. DeepLog: Anomaly Detection and Diagnosis from System Logs through Deep Learning
Divesh Srivastava (AT&T Labs-Research)
Xi He, Ashwin Machanavajjhala, Cheryl Flynn, Divesh Srivastava. Composing Differential Privacy and Secure Computation: A case study on scaling private record linkage [Paper]
Manolis Stamatogiannakis (Vrije Universiteit Amsterdam)
Victor van der Veen, Dennis Andriesse, Manolis Stamatogiannakis, Xi Chen, Herbert Bos, Cristiano Giuffrida. The Dynamics of Innocent Flesh on the Bone: Code Reuse Ten Years Later [Paper] [Artifact]
Emily Stark (Google)
Mustafa Emre Acer, Emily Stark, Adrienne Porter Felt, Sascha Fahl, Radhika Bhargava, Bhanu Dev, Matt Braithwaite, Ryan Sleevi, Parisa Tabriz. Where the Wild Warnings Are: Root Causes of Chrome HTTPS Certificate Errors
Oleksii Starov (Stony Brook University)
Meng Luo, Oleksii Starov, Nima Honarmand, Nick Nikiforakis. Hindsight: Understanding the Evolution of UI Vulnerabilities in Mobile Browsers
Damien Stehle (ENS Lyon, Laboratoire LIP (U. Lyon, CNRS, ENSL, INRIA, UCBL))
Shweta Agrawal, Sanjay Bhattacherjee, Duong Hieu Phan, Damien Stehle, Shota Yamada. Efficient Public Trace-and-Revoke from Standard Assumptions [Paper]
Noah Stephens-Davidowitz (New York University)
Shai Halevi, Tzipora Halevi, Victor Shoup, Noah Stephens-Davidowitz. Implementing BP-Obfuscation Using Graph-Induced Encoding [Paper]
Gianluca Stringhini (University College London)
Shirin Nilizadeh, François Labrèche, Alireza Sadighian, Ali Zand, José Fernandez, Christopher Kruegel, Gianluca Stringhini, Giovanni Vigna. POISED: Spotting Twitter Spam Off the Beaten Paths
Pierre-Yves Strub (Ecole Polytechnique)
José Bacelar Almeida, Manuel Barbosa, Gilles Barthe, Arthur Blot, Benjamin Grégoire, Vincent Laporte, Tiago Oliveira, Hugo Pacheco, Benedikt Schmidt, Pierre-Yves Strub. Jasmin: High-Assurance and High-Speed Cryptography [Artifact]
Pramod Subramanyan (University of California, Berkeley)
Pramod Subramanyan, Rohit Sinha, Ilia Lebedev, Srinivas Devadas, Sanjit Seshia. A Formal Foundation for Secure Remote Execution of Enclaves [Paper] [Artifact]
Kun Sun (George Mason University)
Lingguang Lei, Yi He, Kun Sun, Jiwu Jing, Yuewu Wang, Qi Li, Jian Weng. Vulnerable Implicit Service: A Revisit
Petr Svenda (Masaryk University)
Vasilios Mavroudis, Andrea Cerulli, Petr Svenda, Dan Cvrcek, Dusan Klinec, George Danezis. A Touch of Evil: High-Assurance Cryptographic Hardware from Untrusted Components [Artifact]
Matus Nemec, Marek Sys, Petr Svenda, Dusan Klinec, Vashek Matyas. The Return of Coppersmith’s Attack: Practical Factorization of Widely Used RSA Moduli [Artifact]
Marek Sys (Masaryk University)
Matus Nemec, Marek Sys, Petr Svenda, Dusan Klinec, Vashek Matyas. The Return of Coppersmith’s Attack: Practical Factorization of Widely Used RSA Moduli [Artifact]
Parisa Tabriz (Google)
Mustafa Emre Acer, Emily Stark, Adrienne Porter Felt, Sascha Fahl, Radhika Bhargava, Bhanu Dev, Matt Braithwaite, Ryan Sleevi, Parisa Tabriz. Where the Wild Warnings Are: Root Causes of Chrome HTTPS Certificate Errors
Samaneh Tajalizadehkhoob (Delft University of Technology)
Samaneh Tajalizadehkhoob, Tom van Goethem, Maciej Korczyński, Arman Noroozian, Rainer Böhme, Tyler Moore, Wouter Joosen, Michel van Eeten. Herding Vulnerable Cats: A Statistical Approach to Disentangle Joint Responsibility for Web Security in Shared Hosting [Paper]
Shahin Tajik (Technische Universität Berlin)
Shahin Tajik, Heiko Lohrke, Jean-Pierre Seifert, Christian Boit. On the Power of Optical Contactless Probing: Attacking Bitstream Encryption of FPGAs [Paper]
Gang Tan (The Pennsylvania State University)
Shen Liu, Gang Tan, Trent Jaeger. PtrSplit: Supporting general pointers in automatic program partitioning
Sheng Tan (Florida State University)
Linghan Zhang, Sheng Tan, Jie Yang. Hearing Your Voice Is Not Enough: An Articulatory Gesture Based Liveness Detection for Voice Authentication
Haixu Tang (Indiana University)
Wenhao Wang, Guoxing Chen, Xiaorui Pan, Yinqian Zhang, XiaoFeng Wang, Vincent Bindschaedler, Haixu Tang, Carl A. Gunter. Leaky Cauldron on the Dark Land: Understanding Memory Side-Channel Hazards in SGX
Qiang Tang (New Jersey Institute of Technology)
Alexander Russell, Qiang Tang, Moti Yung, Hong-Sheng Zhou. Generic Semantic Security against a Kleptographic Adversary
Cynthia Taylor (University of Illinois at Chicago)
Peter Snyder, Cynthia Taylor, Chris Kanich. Most Websites Don’t Need to Vibrate: A Cost-Benefit Approach to Improving Browser Security [Paper]
Mark Tehranipoor (University of Florida)
Animesh Chhotaray, Adib Nahiyan, Thomas Shrimpton, Domenic J Forte, Mark Tehranipoor. Standardizing Bad Cryptographic Practice - A teardown of the IEEE standard for protecting electronic-design intellectual property
Justin Thaler (Georgetown University)
Riad S. Wahby, Ye Ji, Andrew J. Blumberg, abhi shelat, Justin Thaler, Michael Walfish, Thomas Wies. Full accounting for verifiable outsourcing [Paper]
Jeremy Thomas (Carnegie Mellon University)
Sarah Pearman, Jeremy Thomas, Pardis Emami Naeini, Hana Habib, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, Serge Egelman, Alain Forget. Let’s go in for a closer look: Observing passwords in their natural habitat
Kurt Thomas (Google)
Kurt Thomas, Frank Li, Ali Zand, Jake Barrett, Juri Ranieri, Luca Invernizzi, Yarik Markov, Oxana Comanescu, Vijay Eranti, Angelika Moscicki, Dan Margolis, Vern Paxson, Elie Bursztein. Data breaches, phishing, or malware? Understanding the risks of stolen credentials
Matthew Thomas (Verisign Labs)
Qi Alfred Chen, Matthew Thomas, Eric Osterweil, Yulong Cao, Jie You, Z. Morley Mao. Client-side Name Collision Vulnerability in the New gTLD Era: A Systematic Study
Dave (Jing) Tian (University of Florida)
Grant Hernandez, Farhaan Fowze, Dave (Jing) Tian, Tuba Yavuz, Kevin Butler. FirmUSB: Vetting USB Device Firmware using Domain Informed Symbolic Execution [Paper]
Mehdi Tibouchi (NTT Secure Platform Laboratories)
Thomas Espitau, Pierre-Alain Fouque, Benoït Gérard, Mehdi Tibouchi. Side-Channel Attacks on BLISS Lattice-Based Signatures: Exploiting Branch Tracing Against strongSwan and Electromagnetic Emanations in Microcontrollers [Paper] [Artifact]
Christian Tiefenau (University of Bonn)
Alena Naiakshina, Anastasia Danilova, Christian Tiefenau, Marco Herzog, Sergej Dechand, Matthew Smith. Why Do Developers Get Password Storage Wrong? A Qualitative Usability Study [Paper]
Ni Trieu (Oregon State University)
Vladimir Kolesnikov, Jesper Buus Nielsen, Mike Rosulek, Ni Trieu, Roberto Trifiletti. DUPLO: Unifying Cut-and-Choose for Garbled Circuits [Paper] [Artifact]
Vladimir Kolesnikov, Naor Matania, Benny Pinkas, Mike Rosulek, Ni Trieu. Practical Multi-party Private Set Intersection from Symmetric-Key Techniques [Paper] [Artifact]
Roberto Trifiletti (Aarhus University)
Vladimir Kolesnikov, Jesper Buus Nielsen, Mike Rosulek, Ni Trieu, Roberto Trifiletti. DUPLO: Unifying Cut-and-Choose for Garbled Circuits [Paper] [Artifact]
Nico Döttling, Satrajit Ghosh, Jesper Buus Nielsen, Tobias Nilges, Roberto Trifiletti. TinyOLE: Efficient Actively Secure Two-Party Computation from Oblivious Linear Function Evaluation
Carmela Troncoso (IMDEA Software Institute)
Simon Oya, Carmela Troncoso, Fernando Pérez-González. Back to the drawing board: Revisiting the design of optimal location privacy-preserving mechanisms [Paper]
Ming-Hsien Tsai (Academia Sinica)
Ming-Hsien Tsai, Bow-Yaw Wang, Bo-Yin Yang. Certified Verification of Algebraic Properties on Low-Level Mathematical Constructs in Cryptographic Programs
Petar Tsankov (ETH Zürich)
Martin Kucera, Petar Tsankov, Timon Gehr, Marco Guarnieri, Martin Vechev. Synthesis of Probabilistic Privacy Enforcement [Artifact]
Gene Tsudik (University of California, Irvine)
Zhangkai Zhang, Xuhua Ding, Gene Tsudik, Jinhua Cui, Zhoujun Li. Presence Attestation: The Missing Link In Dynamic Trust Bootstrapping
Luke Valenta (University of Pennsylvania)
Daniel Genkin, Luke Valenta, Yuval Yarom. May the Fourth Be With You: A Microarchitectural Side Channel Attack on Several Real-World Applications of Curve25519 [Paper]
Thyla van der Merwe (Royal Holloway, University of London)
Cas Cremers, Marko Horvat, Jonathan Hoyland, Sam Scott, Thyla van der Merwe. A Comprehensive Symbolic Analysis of TLS 1.3 [Paper] [Artifact]
Victor van der Veen (Vrije Universiteit Amsterdam)
Victor van der Veen, Dennis Andriesse, Manolis Stamatogiannakis, Xi Chen, Herbert Bos, Cristiano Giuffrida. The Dynamics of Innocent Flesh on the Bone: Code Reuse Ten Years Later [Paper] [Artifact]
Mathy Vanhoef (KU Leuven, imec-DistriNet)
Mathy Vanhoef, Frank Piessens. Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2
Nikolaos Vasiloglou (Symantec)
Yizheng Chen, Yacin Nadji, Athanasios Kountouras, Fabian Monrose, Roberto Perdisci, Manos Antonakakis, Nikolaos Vasiloglou. Practical Attacks Against Graph-based Clustering [Paper]
Eugene Vasserman (Kansas State University)
Yujin Kwon, Dohyun Kim, Yunmok Son, Eugene Vasserman, Yongdae Kim. Be Selfish and Avoid Dilemmas: Fork After Withholding (FAW) Attacks on Bitcoin [Paper]
Martin Vechev (ETH Zürich)
Martin Kucera, Petar Tsankov, Timon Gehr, Marco Guarnieri, Martin Vechev. Synthesis of Probabilistic Privacy Enforcement [Artifact]
Eduardo Vela (Google)
Sebastian Lekies, Krzysztof Kotowicz, Samuel Groß , Eduardo Vela, Martin Johns. Code-reuse attacks for the Web: Breaking Cross-Site Scripting Mitigations via Script Gadgets
Muthuramakrishnan Venkitasubramaniam (University of Rochester)
Scott Ames, Carmit Hazay, Yuval Ishai, Muthuramakrishnan Venkitasubramaniam. Ligero: Lightweight Sublinear Arguments Without a Trusted Setup
Giovanni Vigna (University of California, Santa Barbara)
Jake Corina, Aravind Machiry, Christopher Salls, Yan Shoshitaishvili, Shuang Hao, Christopher Kruegel, Giovanni Vigna. DIFUZE:Interface Aware Fuzzing for Kernel Drivers [Artifact]
Shirin Nilizadeh, François Labrèche, Alireza Sadighian, Ali Zand, José Fernandez, Christopher Kruegel, Gianluca Stringhini, Giovanni Vigna. POISED: Spotting Twitter Spam Off the Beaten Paths
Yan Shoshitaishvili, Michael Weissbacher, Lukas Dresel, Christopher Salls, Ruoyu Wang, Christopher Kruegel, Giovanni Vigna. Rise of the HaCRS: Augmenting Autonomous Cyber Reasoning Systems with Human Assistance
Dhinakaran Vinayagamurthy (University of Waterloo)
Ben Fisch, Dhinakaran Vinayagamurthy, Dan Boneh, Sergey Gorbunov. Iron: Functional Encryption using Intel SGX [Paper]
Thomas Vissers (KU Leuven, imec-DistriNet)
Thomas Vissers, Timothy Barron, Tom Van Goethem, Wouter Joosen, Nick Nikiforakis. The Wolf of Name Street: Hijacking Domains Through Their Nameservers [Paper]
Bimal Viswanath (University of Chicago)
Yuanshun Yao, Bimal Viswanath, Jenna Cryan, Haitao Zheng, Ben Y. Zhao. Automated Crowdturfing Attacks and Defenses in Online Review Systems [Paper]
Satyanarayana Vusirikala (Microsoft Research India)
Nishanth Chandran, Juan Garay, Payman Mohassel, Satyanarayana Vusirikala. Efficient, Constant-Round and Actively Secure MPC: Beyond the Three-Party Case [Paper]
Riad S. Wahby (Stanford University)
Riad S. Wahby, Ye Ji, Andrew J. Blumberg, abhi shelat, Justin Thaler, Michael Walfish, Thomas Wies. Full accounting for verifiable outsourcing [Paper]
Michael Walfish (New York University)
Riad S. Wahby, Ye Ji, Andrew J. Blumberg, abhi shelat, Justin Thaler, Michael Walfish, Thomas Wies. Full accounting for verifiable outsourcing [Paper]
Bow-Yaw Wang (Academia Sinica)
Ming-Hsien Tsai, Bow-Yaw Wang, Bo-Yin Yang. Certified Verification of Algebraic Properties on Low-Level Mathematical Constructs in Cryptographic Programs
Chen Wang (Rutgers University)
Jian Liu, Chen Wang, Yingying Chen, Nitesh Saxena. VibWrite: Towards Finger-input Authentication on Ubiquitous Surfaces via Physical Vibration
Haining Wang (University of Delaware)
Daiping Liu, Zhou Li, Kun Du, Haining Wang, Baojun Liu, Haixin Duan. Don’t Let One Rotten Apple Spoil the Whole Barrel: Towards Automated Detection of Shadowed Domains
Qingyang Wang (Louisiana State University, Computer Science and Engineering Division)
Huasong Shan, Qingyang Wang, Calton Pu. Tail Attacks on Web Applications
Ruoyu Wang (University of California, Santa Barbara)
Yan Shoshitaishvili, Michael Weissbacher, Lukas Dresel, Christopher Salls, Ruoyu Wang, Christopher Kruegel, Giovanni Vigna. Rise of the HaCRS: Augmenting Autonomous Cyber Reasoning Systems with Human Assistance
Weiren Wang (Georgia Institute of Technology)
Yang Ji, Sangho Lee, Evan Downing, Weiren Wang, Mattia Fazzini, Taesoo Kim, Alessandro Orso, Wenke Lee. RAIN: Refinable Attack Investigation with On-demand Inter-Process Information Flow Tracking
Wenhao Wang (Indiana University)
Wenhao Wang, Guoxing Chen, Xiaorui Pan, Yinqian Zhang, XiaoFeng Wang, Vincent Bindschaedler, Haixu Tang, Carl A. Gunter. Leaky Cauldron on the Dark Land: Understanding Memory Side-Channel Hazards in SGX
Wenhao Wang (University of Texas at Dallas)
Wenhao Wang, Xiaoyang Xu, Kevin Hamlen. Object Flow Integrity
Xiao Wang (University of Maryland)
Xiao Wang, Samuel Ranellucci, Jonathan Katz. Authenticated Garbling and Efficient Maliciously Secure Two-Party Computation [Paper] [Artifact]
Xiao Wang, Samuel Ranellucci, Jonathan Katz. Global-Scale Secure Multiparty Computation [Paper] [Artifact]
XiaoFeng Wang (Indiana University)
Wenhao Wang, Guoxing Chen, Xiaorui Pan, Yinqian Zhang, XiaoFeng Wang, Vincent Bindschaedler, Haixu Tang, Carl A. Gunter. Leaky Cauldron on the Dark Land: Understanding Memory Side-Channel Hazards in SGX
Yi Chen, Wei You, Yeonjoon Lee, Kai Chen, XiaoFeng Wang, Wei Zou. Mass Discovery of Android Traffic Imprints through Instantiated Partial Execution
Wei You, Peiyuan Zong, Kai Chen, XiaoFeng Wang, Xiaojing Liao, Pan Bian, Bin Liang. SemFuzz: Semantics-based Automatic Generation of Proof-of-Concept Exploits
Tongxin Li, Xueqiang Wang, Mingming Zha, Kai Chen, XiaoFeng Wang, Luyi Xing, Xiaolong Bai, Nan Zhang, Xinhui Han. Unleashing the Walking Dead: Understanding Cross-App Remote Infections on Mobile WebViews
Xueqiang Wang (Indiana University)
Tongxin Li, Xueqiang Wang, Mingming Zha, Kai Chen, XiaoFeng Wang, Luyi Xing, Xiaolong Bai, Nan Zhang, Xinhui Han. Unleashing the Walking Dead: Understanding Cross-App Remote Infections on Mobile WebViews
Yilei Wang (Newcastle University)
Changyu Dong, Yilei Wang, Amjad Aldweesh, Patrick McCorry, Aad van Moorsel. Betrayal, Distrust, and Rationality: Smart Counter-Collusion Contracts for Verifiable Cloud Computing [Paper] [Artifact]
Yuewu Wang (Chinese Academy of Sciences, Institute of Information Engineering)
Lingguang Lei, Yi He, Kun Sun, Jiwu Jing, Yuewu Wang, Qi Li, Jian Weng. Vulnerable Implicit Service: A Revisit
Lucas Waye (Harvard University)
Lucas Waye, Pablo Buiras, Owen Arden, Alejandro Russo, Stephen Chong. Cryptographically Secure Information Flow Control on Key-Value Stores [Paper]
Hoeteck Wee (ENS, Paris)
Miguel Ambrona, Gilles Barthe, Romain Gay, Hoeteck Wee. Attribute-Based Encryption in the Generic Group Model: Automated Proofs and New Constructions
Charles Weir (Security Lancaster, Lancaster University)
Duc Cuong Nguyen, Dominik Wermke, Yasemin Acar, Michael Backes, Charles Weir, Sascha Fahl. A Stitch in Time: Supporting Android Developers in Writing Secure Code
Michael Weissbacher (Northeastern University)
Yan Shoshitaishvili, Michael Weissbacher, Lukas Dresel, Christopher Salls, Ruoyu Wang, Christopher Kruegel, Giovanni Vigna. Rise of the HaCRS: Augmenting Autonomous Cyber Reasoning Systems with Human Assistance
Jian Weng (Jinan University)
Lingguang Lei, Yi He, Kun Sun, Jiwu Jing, Yuewu Wang, Qi Li, Jian Weng. Vulnerable Implicit Service: A Revisit
Dominik Wermke (Leibniz University Hannover)
Duc Cuong Nguyen, Dominik Wermke, Yasemin Acar, Michael Backes, Charles Weir, Sascha Fahl. A Stitch in Time: Supporting Android Developers in Writing Secure Code
Adam Wierman (California Institute of Technology)
Mohammad A. Islam, Shaolei Ren, Adam Wierman. Exploiting a Thermal Side Channel for Power Attacks in Multi-Tenant Data Centers
Thomas Wies (New York University)
Riad S. Wahby, Ye Ji, Andrew J. Blumberg, abhi shelat, Justin Thaler, Michael Walfish, Thomas Wies. Full accounting for verifiable outsourcing [Paper]
Joanne Woodage (Royal Holloway, University of London)
Rahul Chatterjee, Joanne Woodage, Yuval Pnueli, Anusha Chowdhury, Thomas Ristenpart. The TypTop System: Personalized Typo-tolerant Password Checking [Paper] [Artifact]
Shujiang Wu (Lehigh University)
Yinzhi Cao, Zhanhao Chen, Song Li, Shujiang Wu. Deterministic Browser [Paper] [Artifact]
Luning Xia (Chinese Academy of Sciences, Institute of Information Engineering)
Shijie Jia, Luning Xia, Bo Chen, Peng Liu. DEFTL: Implementing Plausibly Deniable Encryption in Flash Translation Layer
Xiaokui Xiao (Nanyang Technological University)
Zhan Qin, Yin Yang, Ting Yu, Xiaokui Xiao, Issa Khalil, Kui Ren. Generating Synthetic Decentralized Social Graphs with Local Differential Privacy
Yuan Xiao (The Ohio State University)
Yuan Xiao, Mengyuan Li, Sanchuan Chen, Yinqian Zhang. Stacco: Differentially Analyzing Side-Channel Traces for Detecting SSL/TLS Vulnerabilities in Secure Enclaves [Paper]
Luyi Xing (Indiana University)
Tongxin Li, Xueqiang Wang, Mingming Zha, Kai Chen, XiaoFeng Wang, Luyi Xing, Xiaolong Bai, Nan Zhang, Xinhui Han. Unleashing the Walking Dead: Understanding Cross-App Remote Infections on Mobile WebViews
Xinyu Xing (The Pennsylvania State University)
Jian Huang, Jun Xu, Xinyu Xing, Peng Liu, Moinuddin K. Qureshi. FlashGuard: Leveraging Intrinsic Flash Properties to Defend Against Encryption Ransomware
Jun Xu (The Pennsylvania State University)
Jian Huang, Jun Xu, Xinyu Xing, Peng Liu, Moinuddin K. Qureshi. FlashGuard: Leveraging Intrinsic Flash Properties to Defend Against Encryption Ransomware
Meng Xu (Georgia Institute of Technology)
Ruian Duan, Ashish Bijlani, Meng Xu, Taesoo Kim, Wenke Lee. Checking Open-Source License Violation and 1-day Security Risk at Large Scale
Wen Xu (Georgia Institute of Technology)
Wen Xu, Sanidhya Kashyap, Changwoo Min, Taesoo Kim. Designing New Operating Primitives to Improve Fuzzing Performance
Wenyuan Xu (Zhejiang University)
Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang, Taimin Zhang, Wenyuan Xu. DolphinAttack: Inaudible Voice Commands [Paper]
Xiaojun Xu (Shanghai Jiao Tong University)
Xiaojun Xu, Chang Liu, Qian Feng, Heng Yin, Le Song, Dawn Song. Neural Network-based Graph Embedding for Cross-Platform Binary Code Similarity Detection [Paper]
Xiaoyang Xu (University of Texas at Dallas)
Wenhao Wang, Xiaoyang Xu, Kevin Hamlen. Object Flow Integrity
Shota Yamada (National Institute of Advanced Industrial Science and Technology (AIST), Japan)
Shweta Agrawal, Sanjay Bhattacherjee, Duong Hieu Phan, Damien Stehle, Shota Yamada. Efficient Public Trace-and-Revoke from Standard Assumptions [Paper]
Chen Yan (Zhejiang University)
Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang, Taimin Zhang, Wenyuan Xu. DolphinAttack: Inaudible Voice Commands [Paper]
Bo-Yin Yang (Academia Sinica)
Ming-Hsien Tsai, Bow-Yaw Wang, Bo-Yin Yang. Certified Verification of Algebraic Properties on Low-Level Mathematical Constructs in Cryptographic Programs
Jie Yang (Florida State University)
Linghan Zhang, Sheng Tan, Jie Yang. Hearing Your Voice Is Not Enough: An Articulatory Gesture Based Liveness Detection for Voice Authentication
Yin Yang (College of Science and Engineering, Hamad Bin Khalifa University)
Zhan Qin, Yin Yang, Ting Yu, Xiaokui Xiao, Issa Khalil, Kui Ren. Generating Synthetic Decentralized Social Graphs with Local Differential Privacy
Yuanshun Yao (University of Chicago)
Yuanshun Yao, Bimal Viswanath, Jenna Cryan, Haitao Zheng, Ben Y. Zhao. Automated Crowdturfing Attacks and Defenses in Online Review Systems [Paper]
Yuval Yarom (University of Adelaide / Data61)
Daniel Genkin, Luke Valenta, Yuval Yarom. May the Fourth Be With You: A Microarchitectural Side Channel Attack on Several Real-World Applications of Curve25519 [Paper]
Peter Pessl, Leon Groot Bruinderink, Yuval Yarom. To BLISS-B or not to be - Attacking strongSwan’s Implementation of Post-Quantum Signatures [Paper]
Muhammad Yasin (New York University)
Muhammad Yasin, Abhrajit Sengupta, Mohammed Thari Nabeel, Mohammed Ashraf, Jeyavijayan (JV) Rajendran, Ozgur Sinanoglu. Provably-Secure Logic Locking: From Theory To Practice
Attila A. Yavuz (Oregon State University)
Thang Hoang, Ceyhun D. Ozkaptan, Attila A. Yavuz, Jorge Guajardo, Tam Nguyen. S3ORAM: A Computation-Efficient and Constant Client Bandwidth Blowup ORAM with Shamir Secret Sharing [Paper] [Artifact]
Tuba Yavuz (University of Florida)
Grant Hernandez, Farhaan Fowze, Dave (Jing) Tian, Tuba Yavuz, Kevin Butler. FirmUSB: Vetting USB Device Firmware using Domain Informed Symbolic Execution [Paper]
Katherine Q. Ye (Princeton University / Carnegie Mellon University)
Katherine Q. Ye, Matthew Green, Naphat Sanguansin, Lennart Beringer, Adam Petcher, Andrew W. Appel. Verified Correctness and Security of mbedTLS HMAC-DRBG [Paper] [Artifact]
Heng Yin (University of California, Riverside)
David Korczynski, Heng Yin. Capturing Malware Propagations with Code Injections and Code-Reuse attacks
Xiaojun Xu, Chang Liu, Qian Feng, Heng Yin, Le Song, Dawn Song. Neural Network-based Graph Embedding for Cross-Platform Binary Code Similarity Detection [Paper]
Jie You (University of Michigan)
Qi Alfred Chen, Matthew Thomas, Eric Osterweil, Yulong Cao, Jie You, Z. Morley Mao. Client-side Name Collision Vulnerability in the New gTLD Era: A Systematic Study
Wei You (Indiana University)
Yi Chen, Wei You, Yeonjoon Lee, Kai Chen, XiaoFeng Wang, Wei Zou. Mass Discovery of Android Traffic Imprints through Instantiated Partial Execution
Wei You, Peiyuan Zong, Kai Chen, XiaoFeng Wang, Xiaojing Liao, Pan Bian, Bin Liang. SemFuzz: Semantics-based Automatic Generation of Proof-of-Concept Exploits
Ting Yu (Qatar Computing Research Institute, Hamad Bin Khalifa University)
Zhan Qin, Yin Yang, Ting Yu, Xiaokui Xiao, Issa Khalil, Kui Ren. Generating Synthetic Decentralized Social Graphs with Local Differential Privacy
Moti Yung (Snap, Inc. / Columbia University)
Alexander Russell, Qiang Tang, Moti Yung, Hong-Sheng Zhou. Generic Semantic Security against a Kleptographic Adversary
Eugen Zalinescu (Technische Universität München)
Bernd Finkbeiner, Christian Müller, Helmut Seidl, Eugen Zalinescu. Verifying Security Policies in Multi-agent Workflows with Loops [Paper] [Artifact]
Ali Zand (Google)
Kurt Thomas, Frank Li, Ali Zand, Jake Barrett, Juri Ranieri, Luca Invernizzi, Yarik Markov, Oxana Comanescu, Vijay Eranti, Angelika Moscicki, Dan Margolis, Vern Paxson, Elie Bursztein. Data breaches, phishing, or malware? Understanding the risks of stolen credentials
Ali Zand (University of California, Santa Barbara)
Shirin Nilizadeh, François Labrèche, Alireza Sadighian, Ali Zand, José Fernandez, Christopher Kruegel, Gianluca Stringhini, Giovanni Vigna. POISED: Spotting Twitter Spam Off the Beaten Paths
Greg Zaverucha (Microsoft Research)
Melissa Chase, David Derler, Steven Goldfeder, Claudio Orlandi, Sebastian Ramacher, Christian Rechberger, Daniel Slamanig, Greg Zaverucha. Post-Quantum Zero-Knowledge and Signatures from Symmetric-Key Primitives
Mingming Zha (Chinese Academy of Sciences)
Tongxin Li, Xueqiang Wang, Mingming Zha, Kai Chen, XiaoFeng Wang, Luyi Xing, Xiaolong Bai, Nan Zhang, Xinhui Han. Unleashing the Walking Dead: Understanding Cross-App Remote Infections on Mobile WebViews
Fan Zhang (Cornell University)
Ethan Cecchetti, Fan Zhang, Yan Ji, Ahmed Kosba, Ari Juels, Elaine Shi. Solidus: Confidential Distributed Ledger Transactions via PVORM [Paper]
Guoming Zhang (Zhejiang University)
Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang, Taimin Zhang, Wenyuan Xu. DolphinAttack: Inaudible Voice Commands [Paper]
Linghan Zhang (Florida State University)
Linghan Zhang, Sheng Tan, Jie Yang. Hearing Your Voice Is Not Enough: An Articulatory Gesture Based Liveness Detection for Voice Authentication
Nan Zhang (Indiana University)
Tongxin Li, Xueqiang Wang, Mingming Zha, Kai Chen, XiaoFeng Wang, Luyi Xing, Xiaolong Bai, Nan Zhang, Xinhui Han. Unleashing the Walking Dead: Understanding Cross-App Remote Infections on Mobile WebViews
Taimin Zhang (Zhejiang University)
Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang, Taimin Zhang, Wenyuan Xu. DolphinAttack: Inaudible Voice Commands [Paper]
Tianchen Zhang (Zhejiang University)
Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang, Taimin Zhang, Wenyuan Xu. DolphinAttack: Inaudible Voice Commands [Paper]
Yang Zhang (CISPA, Saarland University)
Michael Backes, Mathias Humbert, Jun Pang, Yang Zhang. walk2friends: Inferring Social Links from Mobility Profiles [Paper] [Artifact]
Yinqian Zhang (The Ohio State University)
Wenhao Wang, Guoxing Chen, Xiaorui Pan, Yinqian Zhang, XiaoFeng Wang, Vincent Bindschaedler, Haixu Tang, Carl A. Gunter. Leaky Cauldron on the Dark Land: Understanding Memory Side-Channel Hazards in SGX
Yuan Xiao, Mengyuan Li, Sanchuan Chen, Yinqian Zhang. Stacco: Differentially Analyzing Side-Channel Traces for Detecting SSL/TLS Vulnerabilities in Secure Enclaves [Paper]
Zhangkai Zhang (Beihang University)
Zhangkai Zhang, Xuhua Ding, Gene Tsudik, Jinhua Cui, Zhoujun Li. Presence Attestation: The Missing Link In Dynamic Trust Bootstrapping
Ben Y. Zhao (University of Chicago)
Yuanshun Yao, Bimal Viswanath, Jenna Cryan, Haitao Zheng, Ben Y. Zhao. Automated Crowdturfing Attacks and Defenses in Online Review Systems [Paper]
Jason Zhao (Columbia University)
Theofilos Petsios, Jason Zhao, Angelos D. Keromytis, Suman Jana. SlowFuzz: Automated Domain-Independent Detection of Algorithmic Complexity Vulnerabilities [Paper]
Qingchuan Zhao (University of Texas at Dallas)
Chaoshun Zuo, Qingchuan Zhao, Zhiqiang Lin. AUTHSCOPE: Towards Automatic Discovery of Vulnerable Access Control in Online Services
Guineng Zheng (University of Utah)
Min Du, Feifei Li, Guineng Zheng, Vivek Srikumar. DeepLog: Anomaly Detection and Diagnosis from System Logs through Deep Learning
Haitao Zheng (University of Chicago)
Yuanshun Yao, Bimal Viswanath, Jenna Cryan, Haitao Zheng, Ben Y. Zhao. Automated Crowdturfing Attacks and Defenses in Online Review Systems [Paper]
Hong-Sheng Zhou (Virginia Commonwealth University)
Alexander Russell, Qiang Tang, Moti Yung, Hong-Sheng Zhou. Generic Semantic Security against a Kleptographic Adversary
Ruiyu Zhu (Indiana University)
Ruiyu Zhu, Yan Huang, Darion Cassel. Pool: Scalable On-Demand Secure Computation Service Against Malicious Adversaries
Hadi Zolfaghari (University of Massachusetts Amherst)
Milad Nasr, Hadi Zolfaghari, Amir Houmansadr. The Waterfall of Liberty: Decoy Routing Circumvention that Resists Routing Attacks
Peiyuan Zong (Chinese Academy of Sciences, Institute of Information Engineering)
Wei You, Peiyuan Zong, Kai Chen, XiaoFeng Wang, Xiaojing Liao, Pan Bian, Bin Liang. SemFuzz: Semantics-based Automatic Generation of Proof-of-Concept Exploits
Saman Zonouz (Rutgers University)
Yi Han, Sriharsha Etigowni, Hua Liu, Saman Zonouz, Athina Petropulu. Watch Me, but Don’t Touch Me! Contactless Control Flow Monitoring via Electromagnetic Emanations [Paper]
Wei Zou (University of Chinese Academy of Sciences)
Yi Chen, Wei You, Yeonjoon Lee, Kai Chen, XiaoFeng Wang, Wei Zou. Mass Discovery of Android Traffic Imprints through Instantiated Partial Execution
Chaoshun Zuo (University of Texas at Dallas)
Chaoshun Zuo, Qingchuan Zhao, Zhiqiang Lin. AUTHSCOPE: Towards Automatic Discovery of Vulnerable Access Control in Online Services