ACM Conference on Computer and Communications Security

CCS 2017 - Authors

Papers · Institutions · Papers by Session · Papers by Topic · Award Finalists · Available Papers · Artifacts

Authors of papers accepted to the 24th ACM Conference on Computer and Communications Security

Gunes Acar (KU Leuven)
Rebekah Overdorf, Marc Juarez, Gunes Acar, Rachel Greenstadt, Claudia Diaz. How Unique is Your .onion? An Analysis of the Fingerprintability of Tor Onion Services [PDF] [Paper] [Artifact] (I5)
Yasemin Acar (Leibniz University Hannover)
Duc Cuong Nguyen, Dominik Wermke, Yasemin Acar, Michael Backes, Charles Weir, Sascha Fahl. A Stitch in Time: Supporting Android Developers in Writing Secure Code [PDF] (E2)
Erik Derr, Sven Bugiel, Sascha Fahl, Yasemin Acar, Michael Backes. Keep me Updated: An Empirical Study of Third-Party Library Updatability on Android [PDF] [Paper] [Artifact] (J3)
Mustafa Emre Acer (Google)
Mustafa Emre Acer, Emily Stark, Adrienne Porter Felt, Sascha Fahl, Radhika Bhargava, Bhanu Dev, Matt Braithwaite, Ryan Sleevi, Parisa Tabriz. Where the Wild Warnings Are: Root Causes of Chrome HTTPS Certificate Errors [PDF] (F5)
Shashank Agrawal (Visa Research)
Shashank Agrawal, Melissa Chase. FAME: Fast Attribute-based Message Encryption [PDF] [Paper] [Artifact] (C4)
Shweta Agrawal (IIT Madras)
Shweta Agrawal, Sanjay Bhattacherjee, Duong Hieu Phan, Damien Stehle, Shota Yamada. Efficient Public Trace-and-Revoke from Standard Assumptions [PDF] [Paper] (K1)
Amjad Aldweesh (Newcastle University)
Changyu Dong, Yilei Wang, Amjad Aldweesh, Patrick McCorry, Aad van Moorsel. Betrayal, Distrust, and Rationality: Smart Counter-Collusion Contracts for Verifiable Cloud Computing [PDF] [Paper] [Artifact] (A5)
Luca Allodi (Eindhoven University of Technology)
Luca Allodi. Economic Factors of Vulnerability Trade and Exploitation: Empirical evidence from a prominent Russian cybercrime market [PDF] [Paper] (G2)
José Bacelar Almeida (HASLab – INESC TEC / Universidade do Minho)
José Bacelar Almeida, Manuel Barbosa, Gilles Barthe, François Dupressoir, Benjamin Grégoire, Vincent Laporte, Vitor Pereira. A Fast and Verified Software Stack for Secure Function Evaluation [PDF] [Paper] [Artifact] (I4)
José Bacelar Almeida, Manuel Barbosa, Gilles Barthe, Arthur Blot, Benjamin Grégoire, Vincent Laporte, Tiago Oliveira, Hugo Pacheco, Benedikt Schmidt, Pierre-Yves Strub. Jasmin: High-Assurance and High-Speed Cryptography [PDF] [Artifact] (H4)
Joel Alwen (IST Austria)
Joel Alwen, Jeremiah Blocki, Ben Harsha. Practical Graphs for Optimal Side-Channel Resistant Memory-Hard Functions [PDF] [Paper] [Artifact] (E1)
Miguel Ambrona (IMDEA Software Institute / Universidad Politécnica de Madrid)
Miguel Ambrona, Gilles Barthe, Romain Gay, Hoeteck Wee. Attribute-Based Encryption in the Generic Group Model: Automated Proofs and New Constructions [PDF] (C4)
Scott Ames (University of Rochester)
Scott Ames, Carmit Hazay, Yuval Ishai, Muthuramakrishnan Venkitasubramaniam. Ligero: Lightweight Sublinear Arguments Without a Trusted Setup [PDF] (J1)
Dennis Andriesse (Vrije Universiteit Amsterdam)
Victor van der Veen, Dennis Andriesse, Manolis Stamatogiannakis, Xi Chen, Herbert Bos, Cristiano Giuffrida. The Dynamics of Innocent Flesh on the Bone: Code Reuse Ten Years Later [PDF] [Paper] [Artifact] (H2)
Manos Antonakakis (Georgia Institute of Technology)
Panagiotis Kintis, Najmeh Miramirkhani, Charles Lever, Yizheng Chen, Rosa Romero-Gómez, Nikolaos Pitropakis, Nick Nikiforakis, Manos Antonakakis. Hiding in Plain Sight: A Longitudinal Study of Combosquatting Abuse [PDF] [Paper] (C2)
Yizheng Chen, Yacin Nadji, Athanasios Kountouras, Fabian Monrose, Roberto Perdisci, Manos Antonakakis, Nikolaos Vasiloglou. Practical Attacks Against Graph-based Clustering [PDF] [Paper] (E4)
Andrew W. Appel (Princeton University)
Katherine Q. Ye, Matthew Green, Naphat Sanguansin, Lennart Beringer, Adam Petcher, Andrew W. Appel. Verified Correctness and Security of mbedTLS HMAC-DRBG [PDF] [Paper] [Artifact] (I4)
Owen Arden (University of California, Santa Cruz)
Lucas Waye, Pablo Buiras, Owen Arden, Alejandro Russo, Stephen Chong. Cryptographically Secure Information Flow Control on Key-Value Stores [PDF] [Paper] (I2)
Ethan Cecchetti, Andrew Myers, Owen Arden. Nonmalleable Information Flow Control [PDF] [Paper] (I2)
Mohammed Ashraf (New York University)
Muhammad Yasin, Abhrajit Sengupta, Mohammed Thari Nabeel, Mohammed Ashraf, Jeyavijayan (JV) Rajendran, Ozgur Sinanoglu. Provably-Secure Logic Locking: From Theory To Practice [PDF] (G5)
N. Asokan (Aalto University)
Jian Liu, Mika Juuti, Yao Lu, N. Asokan. Oblivious Neural Network Predictions via MiniONN transformations [PDF] [Paper] (C3)
Giuseppe Ateniese (Stevens Institute of Technology)
Briland Hitaj, Giuseppe Ateniese, Fernando Perez-Cruz. Deep Models Under the GAN: Information Leakage from Collaborative Deep Learning [PDF] [Paper] (C3)
Adam J. Aviv (United States Naval Academy)
Daniel S. Roche, Adam J. Aviv, Seung Geol Choi, Travis Mayberry. Deterministic, Stash-Free Write-Only ORAM [PDF] [Paper] [Artifact] (C1)
Marcel Böhme (National University of Singapore)
Marcel Böhme, Van-Thuan Pham, Manh-Dung Nguyen, Abhik Roychoudhury. Directed Greybox Fuzzing [PDF] [Paper] [Artifact] (K2)
Rainer Böhme (Innsbruck University)
Samaneh Tajalizadehkhoob, Tom van Goethem, Maciej Korczyński, Arman Noroozian, Rainer Böhme, Tyler Moore, Wouter Joosen, Michel van Eeten. Herding Vulnerable Cats: A Statistical Approach to Disentangle Joint Responsibility for Web Security in Shared Hosting [PDF] [Paper] (C2)
Michael Backes (CISPA, Saarland University)
Duc Cuong Nguyen, Dominik Wermke, Yasemin Acar, Michael Backes, Charles Weir, Sascha Fahl. A Stitch in Time: Supporting Android Developers in Writing Secure Code [PDF] (E2)
Giancarlo Pellegrino, Martin Johns, Simon Koch, Michael Backes, Christian Rossow. Deemon: Detecting CSRF with Dynamic Analysis and Property Graphs [PDF] [Paper] (H3)
Erik Derr, Sven Bugiel, Sascha Fahl, Yasemin Acar, Michael Backes. Keep me Updated: An Empirical Study of Third-Party Library Updatability on Android [PDF] [Paper] [Artifact] (J3)
Jie Huang, Oliver Schranz, Sven Bugiel, Michael Backes. The ART of App Compartmentalization: Compiler-based Library Privilege Separation on Stock Android [PDF] (E2)
Michael Backes, Mathias Humbert, Jun Pang, Yang Zhang. walk2friends: Inferring Social Links from Mobility Profiles [PDF] [Paper] [Artifact] (I3)
Xiaolong Bai (Tsinghua University)
Tongxin Li, Xueqiang Wang, Mingming Zha, Kai Chen, XiaoFeng Wang, Luyi Xing, Xiaolong Bai, Nan Zhang, Xinhui Han. Unleashing the Walking Dead: Understanding Cross-App Remote Infections on Mobile WebViews [PDF] (D2)
Manuel Barbosa (HASLab – INESC TEC / DCC FC Universidade do Porto)
José Bacelar Almeida, Manuel Barbosa, Gilles Barthe, François Dupressoir, Benjamin Grégoire, Vincent Laporte, Vitor Pereira. A Fast and Verified Software Stack for Secure Function Evaluation [PDF] [Paper] [Artifact] (I4)
José Bacelar Almeida, Manuel Barbosa, Gilles Barthe, Arthur Blot, Benjamin Grégoire, Vincent Laporte, Tiago Oliveira, Hugo Pacheco, Benedikt Schmidt, Pierre-Yves Strub. Jasmin: High-Assurance and High-Speed Cryptography [PDF] [Artifact] (H4)
Jake Barrett (Google)
Kurt Thomas, Frank Li, Ali Zand, Jake Barrett, Juri Ranieri, Luca Invernizzi, Yarik Markov, Oxana Comanescu, Vijay Eranti, Angelika Moscicki, Dan Margolis, Vern Paxson, Elie Bursztein. Data breaches, phishing, or malware? Understanding the risks of stolen credentials [PDF] (F5)
Timothy Barron (Stony Brook University)
Thomas Vissers, Timothy Barron, Tom Van Goethem, Wouter Joosen, Nick Nikiforakis. The Wolf of Name Street: Hijacking Domains Through Their Nameservers [PDF] [Paper] (D5)
Gilles Barthe (IMDEA Software Institute)
José Bacelar Almeida, Manuel Barbosa, Gilles Barthe, François Dupressoir, Benjamin Grégoire, Vincent Laporte, Vitor Pereira. A Fast and Verified Software Stack for Secure Function Evaluation [PDF] [Paper] [Artifact] (I4)
Miguel Ambrona, Gilles Barthe, Romain Gay, Hoeteck Wee. Attribute-Based Encryption in the Generic Group Model: Automated Proofs and New Constructions [PDF] (C4)
José Bacelar Almeida, Manuel Barbosa, Gilles Barthe, Arthur Blot, Benjamin Grégoire, Vincent Laporte, Tiago Oliveira, Hugo Pacheco, Benedikt Schmidt, Pierre-Yves Strub. Jasmin: High-Assurance and High-Speed Cryptography [PDF] [Artifact] (H4)
Lujo Bauer (Carnegie Mellon University)
Sarah Pearman, Jeremy Thomas, Pardis Emami Naeini, Hana Habib, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, Serge Egelman, Alain Forget. Let’s go in for a closer look: Observing passwords in their natural habitat [PDF] (B2)
Mihir Bellare (University of California, San Diego)
Mihir Bellare, Joseph Jaeger, Julia Len. Better Than Advertised: Improved Collision-Resistance Guarantees for MD-Based Hash Functions [PDF] (D4)
Mihir Bellare, Wei Dai. Defending Against Key Exfiltration: Efficiency Improvements for Big-Key Cryptography via Large-Alphabet Subkey Prediction [PDF] (D4)
Mihir Bellare, Viet Tung Hoang. Identity-Based Format-Preserving Encryption [PDF] (G3)
Lennart Beringer (Princeton University)
Katherine Q. Ye, Matthew Green, Naphat Sanguansin, Lennart Beringer, Adam Petcher, Andrew W. Appel. Verified Correctness and Security of mbedTLS HMAC-DRBG [PDF] [Paper] [Artifact] (I4)
Sebastian Berndt (University of Luebeck)
Sebastian Berndt, Maciej Liskiewicz. Algorithm Substitution Attacks from a Steganographic Perspective [PDF] [Paper] (H1)
Benjamin Beurdouche (Inria Paris)
Jean-Karim Zinzindohoué, Karthikeyan Bhargavan, Jonathan Protzenko, Benjamin Beurdouche. HACL*: A Verified Modern Cryptographic Library [PDF] [Paper] [Artifact] (H4)
Radhika Bhargava (Purdue University)
Mustafa Emre Acer, Emily Stark, Adrienne Porter Felt, Sascha Fahl, Radhika Bhargava, Bhanu Dev, Matt Braithwaite, Ryan Sleevi, Parisa Tabriz. Where the Wild Warnings Are: Root Causes of Chrome HTTPS Certificate Errors [PDF] (F5)
Karthikeyan Bhargavan (Inria Paris)
Jean-Karim Zinzindohoué, Karthikeyan Bhargavan, Jonathan Protzenko, Benjamin Beurdouche. HACL*: A Verified Modern Cryptographic Library [PDF] [Paper] [Artifact] (H4)
Sanjay Bhattacherjee (Turing Lab, ASU, ISI Kolkata)
Shweta Agrawal, Sanjay Bhattacherjee, Duong Hieu Phan, Damien Stehle, Shota Yamada. Efficient Public Trace-and-Revoke from Standard Assumptions [PDF] [Paper] (K1)
Pan Bian (Renmin University of China)
Wei You, Peiyuan Zong, Kai Chen, XiaoFeng Wang, Xiaojing Liao, Pan Bian, Bin Liang. SemFuzz: Semantics-based Automatic Generation of Proof-of-Concept Exploits [PDF] (J2)
Ashish Bijlani (Georgia Institute of Technology)
Ruian Duan, Ashish Bijlani, Meng Xu, Taesoo Kim, Wenke Lee. Checking Open-Source License Violation and 1-day Security Risk at Large Scale [PDF] (J3)
Leyla Bilge (Symantec Research Labs)
Leyla Bilge, Yufei Han, Matteo Dell’Amico. Predicting the Risk of Cyber Incidents [PDF] (F2)
Vincent Bindschaedler (University of Illinois at Urbana-Champaign)
Wenhao Wang, Guoxing Chen, Xiaorui Pan, Yinqian Zhang, XiaoFeng Wang, Vincent Bindschaedler, Haixu Tang, Carl A. Gunter. Leaky Cauldron on the Dark Land: Understanding Memory Side-Channel Hazards in SGX [PDF] (K4)
Priyam Biswas (Purdue University)
Yuseok Jeon, Priyam Biswas, Scott Carr, Byoungyoung Lee, Mathias Payer. HexType: Efficient Detection of Type Confusion Errors for C++ [PDF] (K3)
Jeremiah Blocki (Purdue University)
Joel Alwen, Jeremiah Blocki, Ben Harsha. Practical Graphs for Optimal Side-Channel Resistant Memory-Hard Functions [PDF] [Paper] [Artifact] (E1)
Arthur Blot (ENS Lyon)
José Bacelar Almeida, Manuel Barbosa, Gilles Barthe, Arthur Blot, Benjamin Grégoire, Vincent Laporte, Tiago Oliveira, Hugo Pacheco, Benedikt Schmidt, Pierre-Yves Strub. Jasmin: High-Assurance and High-Speed Cryptography [PDF] [Artifact] (H4)
Andrew J. Blumberg (University of Texas at Austin)
Riad S. Wahby, Ye Ji, Andrew J. Blumberg, abhi shelat, Justin Thaler, Michael Walfish, Thomas Wies. Full accounting for verifiable outsourcing [PDF] [Paper] (J1)
Christian Boit (Technische Universität Berlin)
Shahin Tajik, Heiko Lohrke, Jean-Pierre Seifert, Christian Boit. On the Power of Optical Contactless Probing: Attacking Bitstream Encryption of FPGAs [PDF] [Paper] (H1)
Keith Bonawitz (Google)
Keith Bonawitz, Vladimir Ivanov, Ben Kreuter, Antonio Marcedone, H. Brendan McMahan, Sarvar Patel, Daniel Ramage, Aaron Segal, Karn Seth. Practical Secure Aggregation for Privacy-Preserving Machine Learning [PDF] [Paper] (E5)
Dan Boneh (Stanford University)
Ben Fisch, Dhinakaran Vinayagamurthy, Dan Boneh, Sergey Gorbunov. Iron: Functional Encryption using Intel SGX [PDF] [Paper] (D1)
Dmitry Kogan, Nathan Manohar, Dan Boneh. T/Key: Second-Factor Authentication From Secure Hash Chains [PDF] [Paper] (E1)
Herbert Bos (Vrije Universiteit Amsterdam)
Victor van der Veen, Dennis Andriesse, Manolis Stamatogiannakis, Xi Chen, Herbert Bos, Cristiano Giuffrida. The Dynamics of Innocent Flesh on the Bone: Code Reuse Ten Years Later [PDF] [Paper] [Artifact] (H2)
Raphael Bost (Direction Générale de l’Armement - Maitrise de l’Information / Université de Rennes 1)
Raphael Bost, Brice Minaud, Olga Ohrimenko. Forward and Backward Private Searchable Encryption from Constrained Cryptographic Primitives [PDF] [Paper] [Artifact] (G1)
Elette Boyle (IDC Herzliya)
Elette Boyle, Geoffroy Couteau, Niv Gilboa, Yuval Ishai, Michele Orru. Homomorphic Secret Sharing: Optimizations and Applications [PDF] [Artifact] (J1)
Matt Braithwaite (Google)
Mustafa Emre Acer, Emily Stark, Adrienne Porter Felt, Sascha Fahl, Radhika Bhargava, Bhanu Dev, Matt Braithwaite, Ryan Sleevi, Parisa Tabriz. Where the Wild Warnings Are: Root Causes of Chrome HTTPS Certificate Errors [PDF] (F5)
Leon Groot Bruinderink (Technische Universiteit Eindhoven)
Peter Pessl, Leon Groot Bruinderink, Yuval Yarom. To BLISS-B or not to be - Attacking strongSwan’s Implementation of Post-Quantum Signatures [PDF] [Paper] (I1)
Sven Bugiel (CISPA, Saarland University)
Erik Derr, Sven Bugiel, Sascha Fahl, Yasemin Acar, Michael Backes. Keep me Updated: An Empirical Study of Third-Party Library Updatability on Android [PDF] [Paper] [Artifact] (J3)
Jie Huang, Oliver Schranz, Sven Bugiel, Michael Backes. The ART of App Compartmentalization: Compiler-based Library Privilege Separation on Stock Android [PDF] (E2)
Pablo Buiras (Harvard University)
Lucas Waye, Pablo Buiras, Owen Arden, Alejandro Russo, Stephen Chong. Cryptographically Secure Information Flow Control on Key-Value Stores [PDF] [Paper] (I2)
Elie Bursztein (Google)
Kurt Thomas, Frank Li, Ali Zand, Jake Barrett, Juri Ranieri, Luca Invernizzi, Yarik Markov, Oxana Comanescu, Vijay Eranti, Angelika Moscicki, Dan Margolis, Vern Paxson, Elie Bursztein. Data breaches, phishing, or malware? Understanding the risks of stolen credentials [PDF] (F5)
Kevin Butler (University of Florida)
Grant Hernandez, Farhaan Fowze, Dave (Jing) Tian, Tuba Yavuz, Kevin Butler. FirmUSB: Vetting USB Device Firmware using Domain Informed Symbolic Execution [PDF] [Paper] (J4)
Jan Camenisch (IBM Research - Zürich)
Jan Camenisch, Manu Drijvers, Maria Dubovitskaya. Practical UC-Secure Delegatable Credentials with Attributes and Their Application to Blockchain [PDF] (C5)
Matteo Campanelli (City College of New York)
Matteo Campanelli, Rosario Gennaro, Steven Goldfeder, Luca Nizzardo. Zero-Knowledge Contingent Payments Revisited: Attacks and Payments for Services [PDF] [Paper] [Artifact] (A5)
Yinzhi Cao (Lehigh University)
Yinzhi Cao, Zhanhao Chen, Song Li, Shujiang Wu. Deterministic Browser [PDF] [Paper] [Artifact] (A4)
Yulong Cao (University of Michigan)
Qi Alfred Chen, Matthew Thomas, Eric Osterweil, Yulong Cao, Jie You, Z. Morley Mao. Client-side Name Collision Vulnerability in the New gTLD Era: A Systematic Study [PDF] [Paper] (D5)
Brent Carmer (Oregon State University / Galois, Inc.)
Brent Carmer, Alex J. Malozemoff, Mariana Raykova. 5Gen-C: Multi-input Functional Encryption and Program Obfuscation for Arithmetic Circuits [PDF] [Artifact] (D1)
Scott Carr (Purdue University)
Yuseok Jeon, Priyam Biswas, Scott Carr, Byoungyoung Lee, Mathias Payer. HexType: Efficient Detection of Type Confusion Errors for C++ [PDF] (K3)
Darion Cassel (Carnegie Mellon University)
Ruiyu Zhu, Yan Huang, Darion Cassel. Pool: Scalable On-Demand Secure Computation Service Against Malicious Adversaries [PDF] [Paper] [Artifact] (B1)
Ethan Cecchetti (Cornell University)
Ethan Cecchetti, Andrew Myers, Owen Arden. Nonmalleable Information Flow Control [PDF] [Paper] (I2)
Ethan Cecchetti, Fan Zhang, Yan Ji, Ahmed Kosba, Ari Juels, Elaine Shi. Solidus: Confidential Distributed Ledger Transactions via PVORM [PDF] [Paper] (C5)
Andrea Cerulli (University College London)
Vasilios Mavroudis, Andrea Cerulli, Petr Svenda, Dan Cvrcek, Dusan Klinec, George Danezis. A Touch of Evil: High-Assurance Cryptographic Hardware from Untrusted Components [PDF] [Paper] [Artifact] (G5)
Sang Kil Cha (KAIST)
HyungSeok Han, Sang Kil Cha. IMF: Inferred Model-based Fuzzer [PDF] [Artifact] (K2)
Nishanth Chandran (Microsoft Research India)
Nishanth Chandran, Juan Garay, Payman Mohassel, Satyanarayana Vusirikala. Efficient, Constant-Round and Actively Secure MPC: Beyond the Three-Party Case [PDF] [Paper] (B1)
Ee-Chien Chang (National University of Singapore)
Hung Dang, Yue Huang, Ee-Chien Chang. Evading Classifiers by Morphing in the Dark [PDF] (A3)
Melissa Chase (Microsoft Research)
Shashank Agrawal, Melissa Chase. FAME: Fast Attribute-based Message Encryption [PDF] [Paper] [Artifact] (C4)
Melissa Chase, David Derler, Steven Goldfeder, Claudio Orlandi, Sebastian Ramacher, Christian Rechberger, Daniel Slamanig, Greg Zaverucha. Post-Quantum Zero-Knowledge and Signatures from Symmetric-Key Primitives [PDF] (I1)
Rahul Chatterjee (Cornell Tech)
Rahul Chatterjee, Joanne Woodage, Yuval Pnueli, Anusha Chowdhury, Thomas Ristenpart. The TypTop System: Personalized Typo-tolerant Password Checking [PDF] [Paper] [Artifact] (B2)
Bo Chen (Michigan Technological University)
Shijie Jia, Luning Xia, Bo Chen, Peng Liu. DEFTL: Implementing Plausibly Deniable Encryption in Flash Translation Layer [PDF] (J4)
Guoxing Chen (The Ohio State University)
Wenhao Wang, Guoxing Chen, Xiaorui Pan, Yinqian Zhang, XiaoFeng Wang, Vincent Bindschaedler, Haixu Tang, Carl A. Gunter. Leaky Cauldron on the Dark Land: Understanding Memory Side-Channel Hazards in SGX [PDF] (K4)
Hao Chen (Microsoft Research)
Hao Chen, Kim Laine, Peter Rindal. Fast Private Set Intersection from Homomorphic Encryption [PDF] [Paper] (F1)
Hao Chen (University of California, Davis)
Dongyu Meng, Hao Chen. MagNet: a Two-Pronged Defense against Adversarial Examples [PDF] [Paper] (A3)
Jia Chen (University of Texas at Austin)
Jia Chen, Yu Feng, Isil Dillig. Precise Detection of Side-Channel Vulnerabilities using Quantitative Cartesian Hoare Logic [PDF] (D3)
Kai Chen (Chinese Academy of Sciences)
Tongxin Li, Xueqiang Wang, Mingming Zha, Kai Chen, XiaoFeng Wang, Luyi Xing, Xiaolong Bai, Nan Zhang, Xinhui Han. Unleashing the Walking Dead: Understanding Cross-App Remote Infections on Mobile WebViews [PDF] (D2)
Kai Chen (Chinese Academy of Sciences, Institute of Information Engineering)
Wei You, Peiyuan Zong, Kai Chen, XiaoFeng Wang, Xiaojing Liao, Pan Bian, Bin Liang. SemFuzz: Semantics-based Automatic Generation of Proof-of-Concept Exploits [PDF] (J2)
Kai Chen (University of Chinese Academy of Sciences)
Yi Chen, Wei You, Yeonjoon Lee, Kai Chen, XiaoFeng Wang, Wei Zou. Mass Discovery of Android Traffic Imprints through Instantiated Partial Execution [PDF] (D2)
Qi Alfred Chen (University of Michigan)
Qi Alfred Chen, Matthew Thomas, Eric Osterweil, Yulong Cao, Jie You, Z. Morley Mao. Client-side Name Collision Vulnerability in the New gTLD Era: A Systematic Study [PDF] [Paper] (D5)
Sanchuan Chen (The Ohio State University)
Yuan Xiao, Mengyuan Li, Sanchuan Chen, Yinqian Zhang. Stacco: Differentially Analyzing Side-Channel Traces for Detecting SSL/TLS Vulnerabilities in Secure Enclaves [PDF] [Paper] (D3)
Xi Chen (Vrije Universiteit Amsterdam / Microsoft)
Victor van der Veen, Dennis Andriesse, Manolis Stamatogiannakis, Xi Chen, Herbert Bos, Cristiano Giuffrida. The Dynamics of Innocent Flesh on the Bone: Code Reuse Ten Years Later [PDF] [Paper] [Artifact] (H2)
Yan Chen (Duke University)
Yan Chen, Ashwin Machanavajjhala, Michael Hay, Gerome Miklau. PeGaSus: Data-Adaptive Differentially Private Stream Processing [PDF] (F4)
Yi Chen (University of Chinese Academy of Sciences)
Yi Chen, Wei You, Yeonjoon Lee, Kai Chen, XiaoFeng Wang, Wei Zou. Mass Discovery of Android Traffic Imprints through Instantiated Partial Execution [PDF] (D2)
Yingying Chen (Rutgers University)
Jian Liu, Chen Wang, Yingying Chen, Nitesh Saxena. VibWrite: Towards Finger-input Authentication on Ubiquitous Surfaces via Physical Vibration [PDF] (A2)
Yizheng Chen (Georgia Institute of Technology)
Panagiotis Kintis, Najmeh Miramirkhani, Charles Lever, Yizheng Chen, Rosa Romero-Gómez, Nikolaos Pitropakis, Nick Nikiforakis, Manos Antonakakis. Hiding in Plain Sight: A Longitudinal Study of Combosquatting Abuse [PDF] [Paper] (C2)
Yizheng Chen, Yacin Nadji, Athanasios Kountouras, Fabian Monrose, Roberto Perdisci, Manos Antonakakis, Nikolaos Vasiloglou. Practical Attacks Against Graph-based Clustering [PDF] [Paper] (E4)
Zhanhao Chen (Lehigh University)
Yinzhi Cao, Zhanhao Chen, Song Li, Shujiang Wu. Deterministic Browser [PDF] [Paper] [Artifact] (A4)
Animesh Chhotaray (University of Florida)
Animesh Chhotaray, Adib Nahiyan, Thomas Shrimpton, Domenic J Forte, Mark Tehranipoor. Standardizing Bad Cryptographic Practice - A teardown of the IEEE standard for protecting electronic-design intellectual property [PDF] (G3)
Kyong-Tak Cho (University of Michigan)
Kyong-Tak Cho, Kang G. Shin. Viden: Attacker Identification on In-Vehicle Networks [PDF] [Paper] (E3)
Seung Geol Choi (United States Naval Academy)
Daniel S. Roche, Adam J. Aviv, Seung Geol Choi, Travis Mayberry. Deterministic, Stash-Free Write-Only ORAM [PDF] [Paper] [Artifact] (C1)
Stephen Chong (Harvard University)
Lucas Waye, Pablo Buiras, Owen Arden, Alejandro Russo, Stephen Chong. Cryptographically Secure Information Flow Control on Key-Value Stores [PDF] [Paper] (I2)
Arka Rai Choudhuri (Johns Hopkins University)
Arka Rai Choudhuri, Matthew Green, Abhishek Jain, Gabriel Kaptchuk, Ian Miers. Fairness in an Unfair World: Fair Multiparty Computation from Public Bulletin Boards [PDF] (C5)
Anusha Chowdhury (Cornell University)
Rahul Chatterjee, Joanne Woodage, Yuval Pnueli, Anusha Chowdhury, Thomas Ristenpart. The TypTop System: Personalized Typo-tolerant Password Checking [PDF] [Paper] [Artifact] (B2)
Nicolas Christin (Carnegie Mellon University)
Sarah Pearman, Jeremy Thomas, Pardis Emami Naeini, Hana Habib, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, Serge Egelman, Alain Forget. Let’s go in for a closer look: Observing passwords in their natural habitat [PDF] (B2)
Daren B.H. Cline (Texas A&M University)
Zain Shamsi, Daren B.H. Cline, Dmitri Loguinov. Faulds: A Non-Parametric Iterative Classifier for Internet-Wide OS Fingerprinting [PDF] [Paper] (D5)
Oxana Comanescu (Google)
Kurt Thomas, Frank Li, Ali Zand, Jake Barrett, Juri Ranieri, Luca Invernizzi, Yarik Markov, Oxana Comanescu, Vijay Eranti, Angelika Moscicki, Dan Margolis, Vern Paxson, Elie Bursztein. Data breaches, phishing, or malware? Understanding the risks of stolen credentials [PDF] (F5)
Jake Corina (University of California, Santa Barbara)
Jake Corina, Aravind Machiry, Christopher Salls, Yan Shoshitaishvili, Shuang Hao, Christopher Kruegel, Giovanni Vigna. DIFUZE: Interface Aware Fuzzing for Kernel Drivers [PDF] [Artifact] (J2)
Véronique Cortier (Loria, CNRS / Inria)
Véronique Cortier, Niklas Grimm, Joseph Lallemand, Matteo Maffei. A Type System for Privacy Properties [PDF] [Paper] [Artifact] (B4)
Geoffroy Couteau (ENS, Paris)
Elette Boyle, Geoffroy Couteau, Niv Gilboa, Yuval Ishai, Michele Orru. Homomorphic Secret Sharing: Optimizations and Applications [PDF] [Artifact] (J1)
Lorrie Faith Cranor (Carnegie Mellon University)
Sarah Pearman, Jeremy Thomas, Pardis Emami Naeini, Hana Habib, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, Serge Egelman, Alain Forget. Let’s go in for a closer look: Observing passwords in their natural habitat [PDF] (B2)
Cas Cremers (University of Oxford)
Cas Cremers, Marko Horvat, Jonathan Hoyland, Sam Scott, Thyla van der Merwe. A Comprehensive Symbolic Analysis of TLS 1.3 [PDF] [Paper] [Artifact] (H4)
Corey Crosser (University of Texas at San Antonio)
Sam Silvestro, Hongyu Liu, Corey Crosser, Zhiqiang Lin, Tongping Liu. FreeGuard: A Faster Secure Heap Allocator [PDF] [Artifact] (K3)
Jenna Cryan (University of Chicago)
Yuanshun Yao, Bimal Viswanath, Jenna Cryan, Haitao Zheng, Ben Y. Zhao. Automated Crowdturfing Attacks and Defenses in Online Review Systems [PDF] [Paper] (E4)
Jinhua Cui (Singapore Management University)
Zhangkai Zhang, Xuhua Ding, Gene Tsudik, Jinhua Cui, Zhoujun Li. Presence Attestation: The Missing Link In Dynamic Trust Bootstrapping [PDF] (A2)
Dan Cvrcek (EnigmaBridge)
Vasilios Mavroudis, Andrea Cerulli, Petr Svenda, Dan Cvrcek, Dusan Klinec, George Danezis. A Touch of Evil: High-Assurance Cryptographic Hardware from Untrusted Components [PDF] [Paper] [Artifact] (G5)
Nico Döttling (University of California, Berkeley)
Nico Döttling, Satrajit Ghosh, Jesper Buus Nielsen, Tobias Nilges, Roberto Trifiletti. TinyOLE: Efficient Actively Secure Two-Party Computation from Oblivious Linear Function Evaluation [PDF] (K1)
Wei Dai (University of California, San Diego)
Mihir Bellare, Wei Dai. Defending Against Key Exfiltration: Efficiency Improvements for Big-Key Cryptography via Large-Alphabet Subkey Prediction [PDF] (D4)
George Danezis (University College London)
Vasilios Mavroudis, Andrea Cerulli, Petr Svenda, Dan Cvrcek, Dusan Klinec, George Danezis. A Touch of Evil: High-Assurance Cryptographic Hardware from Untrusted Components [PDF] [Paper] [Artifact] (G5)
Hung Dang (National University of Singapore)
Hung Dang, Yue Huang, Ee-Chien Chang. Evading Classifiers by Morphing in the Dark [PDF] (A3)
Anastasia Danilova (University of Bonn)
Alena Naiakshina, Anastasia Danilova, Christian Tiefenau, Marco Herzog, Sergej Dechand, Matthew Smith. Why Do Developers Get Password Storage Wrong? A Qualitative Usability Study [PDF] [Paper] (B2)
Anupam Datta (Carnegie Mellon University)
Anupam Datta, Matthew Fredrikson, Gihyuk Ko, Piotr Mardziel, Shayak Sen. Use Privacy in Data-Driven Systems: Theory and Experiments with Machine Learnt Programs [PDF] [Paper] [Artifact] (E5)
Sergej Dechand (University of Bonn)
Alena Naiakshina, Anastasia Danilova, Christian Tiefenau, Marco Herzog, Sergej Dechand, Matthew Smith. Why Do Developers Get Password Storage Wrong? A Qualitative Usability Study [PDF] [Paper] (B2)
Matteo Dell’Amico (Symantec Research Labs)
Leyla Bilge, Yufei Han, Matteo Dell’Amico. Predicting the Risk of Cyber Incidents [PDF] (F2)
David Derler (Graz University of Technology)
Melissa Chase, David Derler, Steven Goldfeder, Claudio Orlandi, Sebastian Ramacher, Christian Rechberger, Daniel Slamanig, Greg Zaverucha. Post-Quantum Zero-Knowledge and Signatures from Symmetric-Key Primitives [PDF] (I1)
Erik Derr (CISPA, Saarland University)
Erik Derr, Sven Bugiel, Sascha Fahl, Yasemin Acar, Michael Backes. Keep me Updated: An Empirical Study of Third-Party Library Updatability on Android [PDF] [Paper] [Artifact] (J3)
Bhanu Dev (International Institute of Information Technology Hyderabad)
Mustafa Emre Acer, Emily Stark, Adrienne Porter Felt, Sascha Fahl, Radhika Bhargava, Bhanu Dev, Matt Braithwaite, Ryan Sleevi, Parisa Tabriz. Where the Wild Warnings Are: Root Causes of Chrome HTTPS Certificate Errors [PDF] (F5)
Srinivas Devadas (Massachusetts Institute of Technology)
Pramod Subramanyan, Rohit Sinha, Ilia Lebedev, Srinivas Devadas, Sanjit Seshia. A Formal Foundation for Secure Remote Execution of Enclaves [PDF] [Paper] [Artifact] (K4)
Claudia Diaz (KU Leuven)
Rebekah Overdorf, Marc Juarez, Gunes Acar, Rachel Greenstadt, Claudia Diaz. How Unique is Your .onion? An Analysis of the Fingerprintability of Tor Onion Services [PDF] [Paper] [Artifact] (I5)
Isil Dillig (University of Texas at Austin)
Jia Chen, Yu Feng, Isil Dillig. Precise Detection of Side-Channel Vulnerabilities using Quantitative Cartesian Hoare Logic [PDF] (D3)
Xuhua Ding (Singapore Management University)
Zhangkai Zhang, Xuhua Ding, Gene Tsudik, Jinhua Cui, Zhoujun Li. Presence Attestation: The Missing Link In Dynamic Trust Bootstrapping [PDF] (A2)
Jack Doerner (Northeastern University)
Jack Doerner, abhi shelat. Scaling ORAM for Secure Computation [PDF] [Paper] [Artifact] (C1)
Changyu Dong (Newcastle University)
Changyu Dong, Yilei Wang, Amjad Aldweesh, Patrick McCorry, Aad van Moorsel. Betrayal, Distrust, and Rationality: Smart Counter-Collusion Contracts for Verifiable Cloud Computing [PDF] [Paper] [Artifact] (A5)
Evan Downing (Georgia Institute of Technology)
Yang Ji, Sangho Lee, Evan Downing, Weiren Wang, Mattia Fazzini, Taesoo Kim, Alessandro Orso, Wenke Lee. RAIN: Refinable Attack Investigation with On-demand Inter-Process Information Flow Tracking [PDF] (B3)
Lukas Dresel (University of California, Santa Barbara)
Yan Shoshitaishvili, Michael Weissbacher, Lukas Dresel, Christopher Salls, Ruoyu Wang, Christopher Kruegel, Giovanni Vigna. Rise of the HaCRS: Augmenting Autonomous Cyber Reasoning Systems with Human Assistance [PDF] (B3)
Manu Drijvers (IBM Research - Zürich / ETH Zürich)
Jan Camenisch, Manu Drijvers, Maria Dubovitskaya. Practical UC-Secure Delegatable Credentials with Attributes and Their Application to Blockchain [PDF] (C5)
Kun Du (Tsinghua University)
Daiping Liu, Zhou Li, Kun Du, Haining Wang, Baojun Liu, Haixin Duan. Don’t Let One Rotten Apple Spoil the Whole Barrel: Towards Automated Detection of Shadowed Domains [PDF] (C2)
Min Du (University of Utah)
Min Du, Feifei Li, Guineng Zheng, Vivek Srikumar. DeepLog: Anomaly Detection and Diagnosis from System Logs through Deep Learning [PDF] (F2)
Haixin Duan (Tsinghua University)
Daiping Liu, Zhou Li, Kun Du, Haining Wang, Baojun Liu, Haixin Duan. Don’t Let One Rotten Apple Spoil the Whole Barrel: Towards Automated Detection of Shadowed Domains [PDF] (C2)
Ruian Duan (Georgia Institute of Technology)
Ruian Duan, Ashish Bijlani, Meng Xu, Taesoo Kim, Wenke Lee. Checking Open-Source License Violation and 1-day Security Risk at Large Scale [PDF] (J3)
Maria Dubovitskaya (IBM Research - Zürich)
Jan Camenisch, Manu Drijvers, Maria Dubovitskaya. Practical UC-Secure Delegatable Credentials with Attributes and Their Application to Blockchain [PDF] (C5)
Tudor Dumitraş  (University of Maryland)
Doowon Kim, Bum Jun Kwon, Tudor Dumitraş . Certified Malware: Measuring Breaches of Trust in the Windows Code-Signing PKI [PDF] (F5)
François Dupressoir (University of Surrey)
José Bacelar Almeida, Manuel Barbosa, Gilles Barthe, François Dupressoir, Benjamin Grégoire, Vincent Laporte, Vitor Pereira. A Fast and Verified Software Stack for Secure Function Evaluation [PDF] [Paper] [Artifact] (I4)
Michel van Eeten (Delft University of Technology)
Samaneh Tajalizadehkhoob, Tom van Goethem, Maciej Korczyński, Arman Noroozian, Rainer Böhme, Tyler Moore, Wouter Joosen, Michel van Eeten. Herding Vulnerable Cats: A Statistical Approach to Disentangle Joint Responsibility for Web Security in Shared Hosting [PDF] [Paper] (C2)
Serge Egelman (University of California, Berkeley)
Sarah Pearman, Jeremy Thomas, Pardis Emami Naeini, Hana Habib, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, Serge Egelman, Alain Forget. Let’s go in for a closer look: Observing passwords in their natural habitat [PDF] (B2)
Vijay Eranti (Google)
Kurt Thomas, Frank Li, Ali Zand, Jake Barrett, Juri Ranieri, Luca Invernizzi, Yarik Markov, Oxana Comanescu, Vijay Eranti, Angelika Moscicki, Dan Margolis, Vern Paxson, Elie Bursztein. Data breaches, phishing, or malware? Understanding the risks of stolen credentials [PDF] (F5)
Thomas Espitau (UPMC)
Thomas Espitau, Pierre-Alain Fouque, Benoït Gérard, Mehdi Tibouchi. Side-Channel Attacks on BLISS Lattice-Based Signatures: Exploiting Branch Tracing Against strongSwan and Electromagnetic Emanations in Microcontrollers [PDF] [Paper] [Artifact] (I1)
Sriharsha Etigowni (Rutgers University)
Yi Han, Sriharsha Etigowni, Hua Liu, Saman Zonouz, Athina Petropulu. Watch Me, but Don’t Touch Me! Contactless Control Flow Monitoring via Electromagnetic Emanations [PDF] [Paper] (E3)
Sascha Fahl (Leibniz University Hannover)
Duc Cuong Nguyen, Dominik Wermke, Yasemin Acar, Michael Backes, Charles Weir, Sascha Fahl. A Stitch in Time: Supporting Android Developers in Writing Secure Code [PDF] (E2)
Erik Derr, Sven Bugiel, Sascha Fahl, Yasemin Acar, Michael Backes. Keep me Updated: An Empirical Study of Third-Party Library Updatability on Android [PDF] [Paper] [Artifact] (J3)
Mustafa Emre Acer, Emily Stark, Adrienne Porter Felt, Sascha Fahl, Radhika Bhargava, Bhanu Dev, Matt Braithwaite, Ryan Sleevi, Parisa Tabriz. Where the Wild Warnings Are: Root Causes of Chrome HTTPS Certificate Errors [PDF] (F5)
Mattia Fazzini (Georgia Institute of Technology)
Yang Ji, Sangho Lee, Evan Downing, Weiren Wang, Mattia Fazzini, Taesoo Kim, Alessandro Orso, Wenke Lee. RAIN: Refinable Attack Investigation with On-demand Inter-Process Information Flow Tracking [PDF] (B3)
Adrienne Porter Felt (Google)
Mustafa Emre Acer, Emily Stark, Adrienne Porter Felt, Sascha Fahl, Radhika Bhargava, Bhanu Dev, Matt Braithwaite, Ryan Sleevi, Parisa Tabriz. Where the Wild Warnings Are: Root Causes of Chrome HTTPS Certificate Errors [PDF] (F5)
Qian Feng (Samsung Research America)
Xiaojun Xu, Chang Liu, Qian Feng, Heng Yin, Le Song, Dawn Song. Neural Network-based Graph Embedding for Cross-Platform Binary Code Similarity Detection [PDF] [Paper] (B3)
Yu Feng (University of Texas at Austin)
Jia Chen, Yu Feng, Isil Dillig. Precise Detection of Side-Channel Vulnerabilities using Quantitative Cartesian Hoare Logic [PDF] (D3)
Ellis Fenske (Tulane University)
Ellis Fenske, Akshaya Mani, Aaron Johnson, Micah Sherr. Distributed Measurement with Private Set-Union Cardinality [PDF] (K1)
José Fernandez (École Polytechnique de Montréal)
Shirin Nilizadeh, François Labrèche, Alireza Sadighian, Ali Zand, José Fernandez, Christopher Kruegel, Gianluca Stringhini, Giovanni Vigna. POISED: Spotting Twitter Spam Off the Beaten Paths [PDF] [Paper] (E4)
Bernd Finkbeiner (CISPA, Saarland University)
Bernd Finkbeiner, Christian Müller, Helmut Seidl, Eugen Zalinescu. Verifying Security Policies in Multi-agent Workflows with Loops [PDF] [Paper] [Artifact] (C4)
Ben Fisch (Stanford University)
Ben Fisch, Dhinakaran Vinayagamurthy, Dan Boneh, Sergey Gorbunov. Iron: Functional Encryption using Intel SGX [PDF] [Paper] (D1)
Cheryl Flynn (AT&T Labs-Research)
Xi He, Ashwin Machanavajjhala, Cheryl Flynn, Divesh Srivastava. Composing Differential Privacy and Secure Computation: A case study on scaling private record linkage [PDF] [Paper] (F4)
Alain Forget (Google)
Sarah Pearman, Jeremy Thomas, Pardis Emami Naeini, Hana Habib, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, Serge Egelman, Alain Forget. Let’s go in for a closer look: Observing passwords in their natural habitat [PDF] (B2)
Domenic J Forte (University of Florida)
Animesh Chhotaray, Adib Nahiyan, Thomas Shrimpton, Domenic J Forte, Mark Tehranipoor. Standardizing Bad Cryptographic Practice - A teardown of the IEEE standard for protecting electronic-design intellectual property [PDF] (G3)
Pierre-Alain Fouque (Université de Rennes 1)
Thomas Espitau, Pierre-Alain Fouque, Benoït Gérard, Mehdi Tibouchi. Side-Channel Attacks on BLISS Lattice-Based Signatures: Exploiting Branch Tracing Against strongSwan and Electromagnetic Emanations in Microcontrollers [PDF] [Paper] [Artifact] (I1)
Farhaan Fowze (University of Florida)
Grant Hernandez, Farhaan Fowze, Dave (Jing) Tian, Tuba Yavuz, Kevin Butler. FirmUSB: Vetting USB Device Firmware using Domain Informed Symbolic Execution [PDF] [Paper] (J4)
Tommaso Frassetto (Technische Universität Darmstadt)
Tommaso Frassetto, David Gens, Christopher Liebchen, Ahmad-Reza Sadeghi. JITGuard: Hardening Just-in-time Compilers with SGX [PDF] [Paper] (K4)
Matthew Fredrikson (Carnegie Mellon University)
Anupam Datta, Matthew Fredrikson, Gihyuk Ko, Piotr Mardziel, Shayak Sen. Use Privacy in Data-Driven Systems: Theory and Experiments with Machine Learnt Programs [PDF] [Paper] [Artifact] (E5)
Benoït Gérard (DGA.MI)
Thomas Espitau, Pierre-Alain Fouque, Benoït Gérard, Mehdi Tibouchi. Side-Channel Attacks on BLISS Lattice-Based Signatures: Exploiting Branch Tracing Against strongSwan and Electromagnetic Emanations in Microcontrollers [PDF] [Paper] [Artifact] (I1)
Alexander Gamero-Garrido (University of California, San Diego)
Alexander Gamero-Garrido, Stefan Savage, Kirill Levchenko, Alex C. Snoeren. Quantifying the Pressure of Legal Risks on Third-party Vulnerability Research [PDF] [Paper] [Artifact] (G2)
Juan Garay (Texas A&M University)
Nishanth Chandran, Juan Garay, Payman Mohassel, Satyanarayana Vusirikala. Efficient, Constant-Round and Actively Secure MPC: Beyond the Three-Party Case [PDF] [Paper] (B1)
Romain Gay (ENS, Paris)
Miguel Ambrona, Gilles Barthe, Romain Gay, Hoeteck Wee. Attribute-Based Encryption in the Generic Group Model: Automated Proofs and New Constructions [PDF] (C4)
Timon Gehr (ETH Zürich)
Martin Kucera, Petar Tsankov, Timon Gehr, Marco Guarnieri, Martin Vechev. Synthesis of Probabilistic Privacy Enforcement [PDF] [Artifact] (B4)
Daniel Genkin (University of Pennsylvania / University of Maryland)
Daniel Genkin, Luke Valenta, Yuval Yarom. May the Fourth Be With You: A Microarchitectural Side Channel Attack on Several Real-World Applications of Curve25519 [PDF] [Paper] (D3)
Rosario Gennaro (City College of New York)
Matteo Campanelli, Rosario Gennaro, Steven Goldfeder, Luca Nizzardo. Zero-Knowledge Contingent Payments Revisited: Attacks and Payments for Services [PDF] [Paper] [Artifact] (A5)
David Gens (Technische Universität Darmstadt)
Tommaso Frassetto, David Gens, Christopher Liebchen, Ahmad-Reza Sadeghi. JITGuard: Hardening Just-in-time Compilers with SGX [PDF] [Paper] (K4)
Arthur Gervais (ETH Zürich)
Rami Khalil, Arthur Gervais. Revive: Rebalancing Off-Blockchain Payment Networks [PDF] [Artifact] (B5)
Satrajit Ghosh (Aarhus University)
Nico Döttling, Satrajit Ghosh, Jesper Buus Nielsen, Tobias Nilges, Roberto Trifiletti. TinyOLE: Efficient Actively Secure Two-Party Computation from Oblivious Linear Function Evaluation [PDF] (K1)
Niv Gilboa (Ben Gurion University)
Elette Boyle, Geoffroy Couteau, Niv Gilboa, Yuval Ishai, Michele Orru. Homomorphic Secret Sharing: Optimizations and Applications [PDF] [Artifact] (J1)
Cristiano Giuffrida (Vrije Universiteit Amsterdam)
Victor van der Veen, Dennis Andriesse, Manolis Stamatogiannakis, Xi Chen, Herbert Bos, Cristiano Giuffrida. The Dynamics of Innocent Flesh on the Bone: Code Reuse Ten Years Later [PDF] [Paper] [Artifact] (H2)
Tom van Goethem (KU Leuven, imec-DistriNet)
Samaneh Tajalizadehkhoob, Tom van Goethem, Maciej Korczyński, Arman Noroozian, Rainer Böhme, Tyler Moore, Wouter Joosen, Michel van Eeten. Herding Vulnerable Cats: A Statistical Approach to Disentangle Joint Responsibility for Web Security in Shared Hosting [PDF] [Paper] (C2)
Tom Van Goethem (KU Leuven, imec-DistriNet)
Thomas Vissers, Timothy Barron, Tom Van Goethem, Wouter Joosen, Nick Nikiforakis. The Wolf of Name Street: Hijacking Domains Through Their Nameservers [PDF] [Paper] (D5)
Steven Goldfeder (Princeton University)
Melissa Chase, David Derler, Steven Goldfeder, Claudio Orlandi, Sebastian Ramacher, Christian Rechberger, Daniel Slamanig, Greg Zaverucha. Post-Quantum Zero-Knowledge and Signatures from Symmetric-Key Primitives [PDF] (I1)
Matteo Campanelli, Rosario Gennaro, Steven Goldfeder, Luca Nizzardo. Zero-Knowledge Contingent Payments Revisited: Attacks and Payments for Services [PDF] [Paper] [Artifact] (A5)
Sergey Gorbunov (University of Waterloo)
Ben Fisch, Dhinakaran Vinayagamurthy, Dan Boneh, Sergey Gorbunov. Iron: Functional Encryption using Intel SGX [PDF] [Paper] (D1)
Benjamin Grégoire (INRIA Sophia-Antipolis)
José Bacelar Almeida, Manuel Barbosa, Gilles Barthe, François Dupressoir, Benjamin Grégoire, Vincent Laporte, Vitor Pereira. A Fast and Verified Software Stack for Secure Function Evaluation [PDF] [Paper] [Artifact] (I4)
Benjamin Grégoire (Inria)
José Bacelar Almeida, Manuel Barbosa, Gilles Barthe, Arthur Blot, Benjamin Grégoire, Vincent Laporte, Tiago Oliveira, Hugo Pacheco, Benedikt Schmidt, Pierre-Yves Strub. Jasmin: High-Assurance and High-Speed Cryptography [PDF] [Artifact] (H4)
Matthew Green (Johns Hopkins University)
Matthew Green, Ian Miers. Bolt: Anonymous Payment Channels for Decentralized Currencies [PDF] (B5)
Arka Rai Choudhuri, Matthew Green, Abhishek Jain, Gabriel Kaptchuk, Ian Miers. Fairness in an Unfair World: Fair Multiparty Computation from Public Bulletin Boards [PDF] (C5)
Katherine Q. Ye, Matthew Green, Naphat Sanguansin, Lennart Beringer, Adam Petcher, Andrew W. Appel. Verified Correctness and Security of mbedTLS HMAC-DRBG [PDF] [Paper] [Artifact] (I4)
Rachel Greenstadt (Drexel University)
Rebekah Overdorf, Marc Juarez, Gunes Acar, Rachel Greenstadt, Claudia Diaz. How Unique is Your .onion? An Analysis of the Fingerprintability of Tor Onion Services [PDF] [Paper] [Artifact] (I5)
Niklas Grimm (TU Wien)
Véronique Cortier, Niklas Grimm, Joseph Lallemand, Matteo Maffei. A Type System for Privacy Properties [PDF] [Paper] [Artifact] (B4)
Samuel Groß  (SAP SE)
Sebastian Lekies, Krzysztof Kotowicz, Samuel Groß , Eduardo Vela, Martin Johns. Code-reuse attacks for the Web: Breaking Cross-Site Scripting Mitigations via Script Gadgets [PDF] (H2)
Jorge Guajardo (Robert Bosch Research and Technology Center)
Thang Hoang, Ceyhun D. Ozkaptan, Attila A. Yavuz, Jorge Guajardo, Tam Nguyen. S3ORAM: A Computation-Efficient and Constant Client Bandwidth Blowup ORAM with Shamir Secret Sharing [PDF] [Paper] [Artifact] (C1)
Marco Guarnieri (ETH Zürich)
Martin Kucera, Petar Tsankov, Timon Gehr, Marco Guarnieri, Martin Vechev. Synthesis of Probabilistic Privacy Enforcement [PDF] [Artifact] (B4)
Shay Gueron (Haifa University / AWS)
Shay Gueron, Yehuda Lindell. Better Bounds for Block Cipher Modes of Operation via Nonce-Based Key Derivation [PDF] [Paper] (E1)
Carl A. Gunter (University of Illinois at Urbana-Champaign)
Wenhao Wang, Guoxing Chen, Xiaorui Pan, Yinqian Zhang, XiaoFeng Wang, Vincent Bindschaedler, Haixu Tang, Carl A. Gunter. Leaky Cauldron on the Dark Land: Understanding Memory Side-Channel Hazards in SGX [PDF] (K4)
Hana Habib (Carnegie Mellon University)
Sarah Pearman, Jeremy Thomas, Pardis Emami Naeini, Hana Habib, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, Serge Egelman, Alain Forget. Let’s go in for a closer look: Observing passwords in their natural habitat [PDF] (B2)
Syed Mahbub Hafiz (Indiana University)
Syed Mahbub Hafiz, Ryan Henry. Querying for Queries: Indexes of Queries for Efficient and Expressive IT-PIR [PDF] [Paper] (F4)
Shai Halevi (IBM)
Shai Halevi, Tzipora Halevi, Victor Shoup, Noah Stephens-Davidowitz. Implementing BP-Obfuscation Using Graph-Induced Encoding [PDF] [Paper] (D1)
Tzipora Halevi (IBM)
Shai Halevi, Tzipora Halevi, Victor Shoup, Noah Stephens-Davidowitz. Implementing BP-Obfuscation Using Graph-Induced Encoding [PDF] [Paper] (D1)
Kevin Hamlen (University of Texas at Dallas)
Wenhao Wang, Xiaoyang Xu, Kevin Hamlen. Object Flow Integrity [PDF] (I2)
HyungSeok Han (KAIST)
HyungSeok Han, Sang Kil Cha. IMF: Inferred Model-based Fuzzer [PDF] [Artifact] (K2)
Xinhui Han (Peking University)
Tongxin Li, Xueqiang Wang, Mingming Zha, Kai Chen, XiaoFeng Wang, Luyi Xing, Xiaolong Bai, Nan Zhang, Xinhui Han. Unleashing the Walking Dead: Understanding Cross-App Remote Infections on Mobile WebViews [PDF] (D2)
Yi Han (Rutgers University)
Yi Han, Sriharsha Etigowni, Hua Liu, Saman Zonouz, Athina Petropulu. Watch Me, but Don’t Touch Me! Contactless Control Flow Monitoring via Electromagnetic Emanations [PDF] [Paper] (E3)
Yufei Han (Symantec Research Labs)
Leyla Bilge, Yufei Han, Matteo Dell’Amico. Predicting the Risk of Cyber Incidents [PDF] (F2)
Shuang Hao (University of Texas at Dallas)
Jake Corina, Aravind Machiry, Christopher Salls, Yan Shoshitaishvili, Shuang Hao, Christopher Kruegel, Giovanni Vigna. DIFUZE: Interface Aware Fuzzing for Kernel Drivers [PDF] [Artifact] (J2)
Ben Harsha (Purdue University)
Joel Alwen, Jeremiah Blocki, Ben Harsha. Practical Graphs for Optimal Side-Channel Resistant Memory-Hard Functions [PDF] [Paper] [Artifact] (E1)
Gunnar Hartung (Karlsruhe Institute of Technology)
Gunnar Hartung, Max Hoffmann, Matthias Nagel, Andy Rupp. BBA+: Improving the Security and Applicability of Privacy-Preserving Point Collection [PDF] (I3)
Michael Hay (Colgate University)
Yan Chen, Ashwin Machanavajjhala, Michael Hay, Gerome Miklau. PeGaSus: Data-Adaptive Differentially Private Stream Processing [PDF] (F4)
Carmit Hazay (Bar-Ilan University)
Scott Ames, Carmit Hazay, Yuval Ishai, Muthuramakrishnan Venkitasubramaniam. Ligero: Lightweight Sublinear Arguments Without a Trusted Setup [PDF] (J1)
Xi He (Duke University)
Xi He, Ashwin Machanavajjhala, Cheryl Flynn, Divesh Srivastava. Composing Differential Privacy and Secure Computation: A case study on scaling private record linkage [PDF] [Paper] (F4)
Yi He (Tsinghua University)
Lingguang Lei, Yi He, Kun Sun, Jiwu Jing, Yuewu Wang, Qi Li, Jian Weng. Vulnerable Implicit Service: A Revisit [PDF] (E2)
Ryan Henry (Indiana University)
Syed Mahbub Hafiz, Ryan Henry. Querying for Queries: Indexes of Queries for Efficient and Expressive IT-PIR [PDF] [Paper] (F4)
Grant Hernandez (University of Florida)
Grant Hernandez, Farhaan Fowze, Dave (Jing) Tian, Tuba Yavuz, Kevin Butler. FirmUSB: Vetting USB Device Firmware using Domain Informed Symbolic Execution [PDF] [Paper] (J4)
Gottfried Herold (ENS Lyon)
Gottfried Herold, Max Hoffmann, Michael Klooß , Carla Ràfols, Andy Rupp. New Techniques for Structural Batch Verification in Bilinear Groups with Applications to Groth-Sahai Proofs [PDF] [Paper] (G4)
Marco Herzog (University of Bonn)
Alena Naiakshina, Anastasia Danilova, Christian Tiefenau, Marco Herzog, Sergej Dechand, Matthew Smith. Why Do Developers Get Password Storage Wrong? A Qualitative Usability Study [PDF] [Paper] (B2)
Briland Hitaj (Stevens Institute of Technology)
Briland Hitaj, Giuseppe Ateniese, Fernando Perez-Cruz. Deep Models Under the GAN: Information Leakage from Collaborative Deep Learning [PDF] [Paper] (C3)
Thang Hoang (Oregon State University)
Thang Hoang, Ceyhun D. Ozkaptan, Attila A. Yavuz, Jorge Guajardo, Tam Nguyen. S3ORAM: A Computation-Efficient and Constant Client Bandwidth Blowup ORAM with Shamir Secret Sharing [PDF] [Paper] [Artifact] (C1)
Viet Tung Hoang (Florida State University)
Mihir Bellare, Viet Tung Hoang. Identity-Based Format-Preserving Encryption [PDF] (G3)
Max Hoffmann (Ruhr-Universität Bochum)
Gunnar Hartung, Max Hoffmann, Matthias Nagel, Andy Rupp. BBA+: Improving the Security and Applicability of Privacy-Preserving Point Collection [PDF] (I3)
Gottfried Herold, Max Hoffmann, Michael Klooß , Carla Ràfols, Andy Rupp. New Techniques for Structural Batch Verification in Bilinear Groups with Applications to Groth-Sahai Proofs [PDF] [Paper] (G4)
Nima Honarmand (Stony Brook University)
Meng Luo, Oleksii Starov, Nima Honarmand, Nick Nikiforakis. Hindsight: Understanding the Evolution of UI Vulnerabilities in Mobile Browsers [PDF] (A4)
Marko Horvat (The Max Planck Institute For Software Systems)
Cas Cremers, Marko Horvat, Jonathan Hoyland, Sam Scott, Thyla van der Merwe. A Comprehensive Symbolic Analysis of TLS 1.3 [PDF] [Paper] [Artifact] (H4)
Amir Houmansadr (University of Massachusetts Amherst)
Milad Nasr, Amir Houmansadr, Arya Mazumdar. Compressive Traffic Analysis: A New Paradigm for Scalable Traffic Analysis [PDF] [Paper] (I5)
Milad Nasr, Hadi Zolfaghari, Amir Houmansadr. The Waterfall of Liberty: Decoy Routing Circumvention that Resists Routing Attacks [PDF] [Artifact] (I5)
Jonathan Hoyland (Royal Holloway, University of London)
Cas Cremers, Marko Horvat, Jonathan Hoyland, Sam Scott, Thyla van der Merwe. A Comprehensive Symbolic Analysis of TLS 1.3 [PDF] [Paper] [Artifact] (H4)
Jian Huang (Georgia Institute of Technology)
Jian Huang, Jun Xu, Xinyu Xing, Peng Liu, Moinuddin K. Qureshi. FlashGuard: Leveraging Intrinsic Flash Properties to Defend Against Encryption Ransomware [PDF] (J4)
Jie Huang (CISPA, Saarland University)
Jie Huang, Oliver Schranz, Sven Bugiel, Michael Backes. The ART of App Compartmentalization: Compiler-based Library Privilege Separation on Stock Android [PDF] (E2)
Yan Huang (Indiana University)
Ruiyu Zhu, Yan Huang, Darion Cassel. Pool: Scalable On-Demand Secure Computation Service Against Malicious Adversaries [PDF] [Paper] [Artifact] (B1)
Yue Huang (National University of Singapore)
Hung Dang, Yue Huang, Ee-Chien Chang. Evading Classifiers by Morphing in the Dark [PDF] (A3)
Mathias Humbert (Swiss Data Science Center, ETH/EPFL)
Michael Backes, Mathias Humbert, Jun Pang, Yang Zhang. walk2friends: Inferring Social Links from Mobility Profiles [PDF] [Paper] [Artifact] (I3)
Luca Invernizzi (Google)
Kurt Thomas, Frank Li, Ali Zand, Jake Barrett, Juri Ranieri, Luca Invernizzi, Yarik Markov, Oxana Comanescu, Vijay Eranti, Angelika Moscicki, Dan Margolis, Vern Paxson, Elie Bursztein. Data breaches, phishing, or malware? Understanding the risks of stolen credentials [PDF] (F5)
Yuval Ishai (Technion / University of California, Los Angeles)
Elette Boyle, Geoffroy Couteau, Niv Gilboa, Yuval Ishai, Michele Orru. Homomorphic Secret Sharing: Optimizations and Applications [PDF] [Artifact] (J1)
Scott Ames, Carmit Hazay, Yuval Ishai, Muthuramakrishnan Venkitasubramaniam. Ligero: Lightweight Sublinear Arguments Without a Trusted Setup [PDF] (J1)
Mohammad A. Islam (University of California, Riverside)
Mohammad A. Islam, Shaolei Ren, Adam Wierman. Exploiting a Thermal Side Channel for Power Attacks in Multi-Tenant Data Centers [PDF] (E3)
Vladimir Ivanov (Google)
Keith Bonawitz, Vladimir Ivanov, Ben Kreuter, Antonio Marcedone, H. Brendan McMahan, Sarvar Patel, Daniel Ramage, Aaron Segal, Karn Seth. Practical Secure Aggregation for Privacy-Preserving Machine Learning [PDF] [Paper] (E5)
Joseph Jaeger (University of California, San Diego)
Mihir Bellare, Joseph Jaeger, Julia Len. Better Than Advertised: Improved Collision-Resistance Guarantees for MD-Based Hash Functions [PDF] (D4)
Trent Jaeger (The Pennsylvania State University)
Shen Liu, Gang Tan, Trent Jaeger. PtrSplit: Supporting general pointers in automatic program partitioning [PDF] (K3)
Abhishek Jain (Johns Hopkins University)
Arka Rai Choudhuri, Matthew Green, Abhishek Jain, Gabriel Kaptchuk, Ian Miers. Fairness in an Unfair World: Fair Multiparty Computation from Public Bulletin Boards [PDF] (C5)
Suman Jana (Columbia University)
Theofilos Petsios, Jason Zhao, Angelos D. Keromytis, Suman Jana. SlowFuzz: Automated Domain-Independent Detection of Algorithmic Complexity Vulnerabilities [PDF] [Paper] (J2)
Yuseok Jeon (Purdue University)
Yuseok Jeon, Priyam Biswas, Scott Carr, Byoungyoung Lee, Mathias Payer. HexType: Efficient Detection of Type Confusion Errors for C++ [PDF] (K3)
Xiaoyu Ji (Zhejiang University)
Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang, Taimin Zhang, Wenyuan Xu. DolphinAttack: Inaudible Voice Commands [PDF] [Paper] (A3)
Yan Ji (Cornell University)
Ethan Cecchetti, Fan Zhang, Yan Ji, Ahmed Kosba, Ari Juels, Elaine Shi. Solidus: Confidential Distributed Ledger Transactions via PVORM [PDF] [Paper] (C5)
Yang Ji (Georgia Institute of Technology)
Yang Ji, Sangho Lee, Evan Downing, Weiren Wang, Mattia Fazzini, Taesoo Kim, Alessandro Orso, Wenke Lee. RAIN: Refinable Attack Investigation with On-demand Inter-Process Information Flow Tracking [PDF] (B3)
Ye Ji (New York University)
Riad S. Wahby, Ye Ji, Andrew J. Blumberg, abhi shelat, Justin Thaler, Michael Walfish, Thomas Wies. Full accounting for verifiable outsourcing [PDF] [Paper] (J1)
Shijie Jia (Chinese Academy of Sciences, Institute of Information Engineering)
Shijie Jia, Luning Xia, Bo Chen, Peng Liu. DEFTL: Implementing Plausibly Deniable Encryption in Flash Translation Layer [PDF] (J4)
Jiwu Jing (Chinese Academy of Sciences, Institute of Information Engineering)
Lingguang Lei, Yi He, Kun Sun, Jiwu Jing, Yuewu Wang, Qi Li, Jian Weng. Vulnerable Implicit Service: A Revisit [PDF] (E2)
Martin Johns (SAP SE)
Sebastian Lekies, Krzysztof Kotowicz, Samuel Groß , Eduardo Vela, Martin Johns. Code-reuse attacks for the Web: Breaking Cross-Site Scripting Mitigations via Script Gadgets [PDF] (H2)
Giancarlo Pellegrino, Martin Johns, Simon Koch, Michael Backes, Christian Rossow. Deemon: Detecting CSRF with Dynamic Analysis and Property Graphs [PDF] [Paper] (H3)
Aaron Johnson (U.S. Naval Research Lab)
Ellis Fenske, Akshaya Mani, Aaron Johnson, Micah Sherr. Distributed Measurement with Private Set-Union Cardinality [PDF] (K1)
Wouter Joosen (KU Leuven, imec-DistriNet)
Samaneh Tajalizadehkhoob, Tom van Goethem, Maciej Korczyński, Arman Noroozian, Rainer Böhme, Tyler Moore, Wouter Joosen, Michel van Eeten. Herding Vulnerable Cats: A Statistical Approach to Disentangle Joint Responsibility for Web Security in Shared Hosting [PDF] [Paper] (C2)
Thomas Vissers, Timothy Barron, Tom Van Goethem, Wouter Joosen, Nick Nikiforakis. The Wolf of Name Street: Hijacking Domains Through Their Nameservers [PDF] [Paper] (D5)
Marc Juarez (KU Leuven)
Rebekah Overdorf, Marc Juarez, Gunes Acar, Rachel Greenstadt, Claudia Diaz. How Unique is Your .onion? An Analysis of the Fingerprintability of Tor Onion Services [PDF] [Paper] [Artifact] (I5)
Ari Juels (Cornell Tech, Jacobs Institute)
Ethan Cecchetti, Fan Zhang, Yan Ji, Ahmed Kosba, Ari Juels, Elaine Shi. Solidus: Confidential Distributed Ledger Transactions via PVORM [PDF] [Paper] (C5)
Mika Juuti (Aalto University)
Jian Liu, Mika Juuti, Yao Lu, N. Asokan. Oblivious Neural Network Predictions via MiniONN transformations [PDF] [Paper] (C3)
Chris Kanich (University of Illinois at Chicago)
Peter Snyder, Cynthia Taylor, Chris Kanich. Most Websites Don’t Need to Vibrate: A Cost-Benefit Approach to Improving Browser Security [PDF] [Paper] (A4)
Murat Kantarcioglu (University of Texas at Dallas)
Fahad Shaon, Murat Kantarcioglu, Zhiqiang Lin, Latifur Khan. SGX-BigMatrix: A Practical Encrypted Data Analytic Framework With Trusted Processors [PDF] (E5)
Gabriel Kaptchuk (Johns Hopkins University)
Arka Rai Choudhuri, Matthew Green, Abhishek Jain, Gabriel Kaptchuk, Ian Miers. Fairness in an Unfair World: Fair Multiparty Computation from Public Bulletin Boards [PDF] (C5)
Sanidhya Kashyap (Georgia Institute of Technology)
Wen Xu, Sanidhya Kashyap, Changwoo Min, Taesoo Kim. Designing New Operating Primitives to Improve Fuzzing Performance [PDF] (K2)
Aniket Kate (Purdue University)
Giulio Malavolta, Pedro Moreno-Sanchez, Aniket Kate, Matteo Maffei, Srivatsan Ravi. Concurrency and Privacy with Payment-Channel Networks [PDF] [Paper] (B5)
Jonathan Katz (University of Maryland)
Xiao Wang, Samuel Ranellucci, Jonathan Katz. Authenticated Garbling and Efficient Maliciously Secure Two-Party Computation [PDF] [Paper] [Artifact] (A1)
Xiao Wang, Samuel Ranellucci, Jonathan Katz. Global-Scale Secure Multiparty Computation [PDF] [Paper] [Artifact] (A1)
Angelos D. Keromytis (Columbia University)
Theofilos Petsios, Jason Zhao, Angelos D. Keromytis, Suman Jana. SlowFuzz: Automated Domain-Independent Detection of Algorithmic Complexity Vulnerabilities [PDF] [Paper] (J2)
Issa Khalil (Qatar Computing Research Institute, Hamad Bin Khalifa University)
Zhan Qin, Yin Yang, Ting Yu, Xiaokui Xiao, Issa Khalil, Kui Ren. Generating Synthetic Decentralized Social Graphs with Local Differential Privacy [PDF] (B4)
Rami Khalil (ETH Zürich)
Rami Khalil, Arthur Gervais. Revive: Rebalancing Off-Blockchain Payment Networks [PDF] [Artifact] (B5)
Latifur Khan (University of Texas at Dallas)
Fahad Shaon, Murat Kantarcioglu, Zhiqiang Lin, Latifur Khan. SGX-BigMatrix: A Practical Encrypted Data Analytic Framework With Trusted Processors [PDF] (E5)
Dohyun Kim (KAIST)
Yujin Kwon, Dohyun Kim, Yunmok Son, Eugene Vasserman, Yongdae Kim. Be Selfish and Avoid Dilemmas: Fork After Withholding (FAW) Attacks on Bitcoin [PDF] [Paper] (A5)
Doowon Kim (University of Maryland)
Doowon Kim, Bum Jun Kwon, Tudor Dumitraş . Certified Malware: Measuring Breaches of Trust in the Windows Code-Signing PKI [PDF] (F5)
Kee Sung Kim (National Security Research Institute)
Kee Sung Kim, Minkyu Kim, Dongsoo Lee, Je Hong Park, Woo-Hwan Kim. Forward Secure Dynamic Searchable Symmetric Encryption with Efficient Updates [PDF] (G1)
Minkyu Kim (National Security Research Institute)
Kee Sung Kim, Minkyu Kim, Dongsoo Lee, Je Hong Park, Woo-Hwan Kim. Forward Secure Dynamic Searchable Symmetric Encryption with Efficient Updates [PDF] (G1)
Taesoo Kim (Georgia Institute of Technology)
Ruian Duan, Ashish Bijlani, Meng Xu, Taesoo Kim, Wenke Lee. Checking Open-Source License Violation and 1-day Security Risk at Large Scale [PDF] (J3)
Wen Xu, Sanidhya Kashyap, Changwoo Min, Taesoo Kim. Designing New Operating Primitives to Improve Fuzzing Performance [PDF] (K2)
Yang Ji, Sangho Lee, Evan Downing, Weiren Wang, Mattia Fazzini, Taesoo Kim, Alessandro Orso, Wenke Lee. RAIN: Refinable Attack Investigation with On-demand Inter-Process Information Flow Tracking [PDF] (B3)
Woo-Hwan Kim (National Security Research Institute)
Kee Sung Kim, Minkyu Kim, Dongsoo Lee, Je Hong Park, Woo-Hwan Kim. Forward Secure Dynamic Searchable Symmetric Encryption with Efficient Updates [PDF] (G1)
Yongdae Kim (KAIST)
Yujin Kwon, Dohyun Kim, Yunmok Son, Eugene Vasserman, Yongdae Kim. Be Selfish and Avoid Dilemmas: Fork After Withholding (FAW) Attacks on Bitcoin [PDF] [Paper] (A5)
Panagiotis Kintis (Georgia Institute of Technology)
Panagiotis Kintis, Najmeh Miramirkhani, Charles Lever, Yizheng Chen, Rosa Romero-Gómez, Nikolaos Pitropakis, Nick Nikiforakis, Manos Antonakakis. Hiding in Plain Sight: A Longitudinal Study of Combosquatting Abuse [PDF] [Paper] (C2)
Dusan Klinec (EnigmaBridge)
Vasilios Mavroudis, Andrea Cerulli, Petr Svenda, Dan Cvrcek, Dusan Klinec, George Danezis. A Touch of Evil: High-Assurance Cryptographic Hardware from Untrusted Components [PDF] [Paper] [Artifact] (G5)
Dusan Klinec (Masaryk University / EnigmaBridge)
Matus Nemec, Marek Sys, Petr Svenda, Dusan Klinec, Vashek Matyas. The Return of Coppersmith’s Attack: Practical Factorization of Widely Used RSA Moduli [PDF] [Artifact] (H1)
Michael Klooß  (Karlsruhe Institute of Technology)
Gottfried Herold, Max Hoffmann, Michael Klooß , Carla Ràfols, Andy Rupp. New Techniques for Structural Batch Verification in Bilinear Groups with Applications to Groth-Sahai Proofs [PDF] [Paper] (G4)
Gihyuk Ko (Carnegie Mellon University)
Anupam Datta, Matthew Fredrikson, Gihyuk Ko, Piotr Mardziel, Shayak Sen. Use Privacy in Data-Driven Systems: Theory and Experiments with Machine Learnt Programs [PDF] [Paper] [Artifact] (E5)
Simon Koch (CISPA, Saarland University)
Giancarlo Pellegrino, Martin Johns, Simon Koch, Michael Backes, Christian Rossow. Deemon: Detecting CSRF with Dynamic Analysis and Property Graphs [PDF] [Paper] (H3)
Dmitry Kogan (Stanford University)
Dmitry Kogan, Nathan Manohar, Dan Boneh. T/Key: Second-Factor Authentication From Secure Hash Chains [PDF] [Paper] (E1)
Tadayoshi Kohno (University of Washington)
Ada Lerner, Tadayoshi Kohno, Franziska Roesner. Rewriting History: Changing the Archived Web from the Present [PDF] [Paper] [Artifact] (H3)
Vladimir Kolesnikov (Bell Labs)
Vladimir Kolesnikov, Jesper Buus Nielsen, Mike Rosulek, Ni Trieu, Roberto Trifiletti. DUPLO: Unifying Cut-and-Choose for Garbled Circuits [PDF] [Paper] [Artifact] (A1)
Vladimir Kolesnikov, Naor Matania, Benny Pinkas, Mike Rosulek, Ni Trieu. Practical Multi-party Private Set Intersection from Symmetric-Key Techniques [PDF] [Paper] [Artifact] (F1)
Maciej Korczyński (Delft University of Technology)
Samaneh Tajalizadehkhoob, Tom van Goethem, Maciej Korczyński, Arman Noroozian, Rainer Böhme, Tyler Moore, Wouter Joosen, Michel van Eeten. Herding Vulnerable Cats: A Statistical Approach to Disentangle Joint Responsibility for Web Security in Shared Hosting [PDF] [Paper] (C2)
David Korczynski (University of Oxford)
David Korczynski, Heng Yin. Capturing Malware Propagations with Code Injections and Code-Reuse attacks [PDF] (H2)
Ahmed Kosba (University of Maryland)
Ethan Cecchetti, Fan Zhang, Yan Ji, Ahmed Kosba, Ari Juels, Elaine Shi. Solidus: Confidential Distributed Ledger Transactions via PVORM [PDF] [Paper] (C5)
Krzysztof Kotowicz (Google)
Sebastian Lekies, Krzysztof Kotowicz, Samuel Groß , Eduardo Vela, Martin Johns. Code-reuse attacks for the Web: Breaking Cross-Site Scripting Mitigations via Script Gadgets [PDF] (H2)
Athanasios Kountouras (Georgia Institute of Technology)
Yizheng Chen, Yacin Nadji, Athanasios Kountouras, Fabian Monrose, Roberto Perdisci, Manos Antonakakis, Nikolaos Vasiloglou. Practical Attacks Against Graph-based Clustering [PDF] [Paper] (E4)
Ben Kreuter (Google)
Keith Bonawitz, Vladimir Ivanov, Ben Kreuter, Antonio Marcedone, H. Brendan McMahan, Sarvar Patel, Daniel Ramage, Aaron Segal, Karn Seth. Practical Secure Aggregation for Privacy-Preserving Machine Learning [PDF] [Paper] (E5)
Christopher Kruegel (University of California, Santa Barbara)
Jake Corina, Aravind Machiry, Christopher Salls, Yan Shoshitaishvili, Shuang Hao, Christopher Kruegel, Giovanni Vigna. DIFUZE: Interface Aware Fuzzing for Kernel Drivers [PDF] [Artifact] (J2)
Shirin Nilizadeh, François Labrèche, Alireza Sadighian, Ali Zand, José Fernandez, Christopher Kruegel, Gianluca Stringhini, Giovanni Vigna. POISED: Spotting Twitter Spam Off the Beaten Paths [PDF] [Paper] (E4)
Yan Shoshitaishvili, Michael Weissbacher, Lukas Dresel, Christopher Salls, Ruoyu Wang, Christopher Kruegel, Giovanni Vigna. Rise of the HaCRS: Augmenting Autonomous Cyber Reasoning Systems with Human Assistance [PDF] (B3)
Martin Kucera (ETH Zürich)
Martin Kucera, Petar Tsankov, Timon Gehr, Marco Guarnieri, Martin Vechev. Synthesis of Probabilistic Privacy Enforcement [PDF] [Artifact] (B4)
Bum Jun Kwon (University of Maryland)
Doowon Kim, Bum Jun Kwon, Tudor Dumitraş . Certified Malware: Measuring Breaches of Trust in the Windows Code-Signing PKI [PDF] (F5)
Yujin Kwon (KAIST)
Yujin Kwon, Dohyun Kim, Yunmok Son, Eugene Vasserman, Yongdae Kim. Be Selfish and Avoid Dilemmas: Fork After Withholding (FAW) Attacks on Bitcoin [PDF] [Paper] (A5)
François Labrèche (École Polytechnique de Montréal)
Shirin Nilizadeh, François Labrèche, Alireza Sadighian, Ali Zand, José Fernandez, Christopher Kruegel, Gianluca Stringhini, Giovanni Vigna. POISED: Spotting Twitter Spam Off the Beaten Paths [PDF] [Paper] (E4)
Kim Laine (Microsoft Research)
Hao Chen, Kim Laine, Peter Rindal. Fast Private Set Intersection from Homomorphic Encryption [PDF] [Paper] (F1)
Joseph Lallemand (Loria, CNRS / Inria)
Véronique Cortier, Niklas Grimm, Joseph Lallemand, Matteo Maffei. A Type System for Privacy Properties [PDF] [Paper] [Artifact] (B4)
Vincent Laporte (IMDEA Software Institute)
José Bacelar Almeida, Manuel Barbosa, Gilles Barthe, François Dupressoir, Benjamin Grégoire, Vincent Laporte, Vitor Pereira. A Fast and Verified Software Stack for Secure Function Evaluation [PDF] [Paper] [Artifact] (I4)
José Bacelar Almeida, Manuel Barbosa, Gilles Barthe, Arthur Blot, Benjamin Grégoire, Vincent Laporte, Tiago Oliveira, Hugo Pacheco, Benedikt Schmidt, Pierre-Yves Strub. Jasmin: High-Assurance and High-Speed Cryptography [PDF] [Artifact] (H4)
Ilia Lebedev (Massachusetts Institute of Technology)
Pramod Subramanyan, Rohit Sinha, Ilia Lebedev, Srinivas Devadas, Sanjit Seshia. A Formal Foundation for Secure Remote Execution of Enclaves [PDF] [Paper] [Artifact] (K4)
Byoungyoung Lee (Purdue University)
Yuseok Jeon, Priyam Biswas, Scott Carr, Byoungyoung Lee, Mathias Payer. HexType: Efficient Detection of Type Confusion Errors for C++ [PDF] (K3)
Dongsoo Lee (National Security Research Institute)
Kee Sung Kim, Minkyu Kim, Dongsoo Lee, Je Hong Park, Woo-Hwan Kim. Forward Secure Dynamic Searchable Symmetric Encryption with Efficient Updates [PDF] (G1)
Sangho Lee (Georgia Institute of Technology)
Yang Ji, Sangho Lee, Evan Downing, Weiren Wang, Mattia Fazzini, Taesoo Kim, Alessandro Orso, Wenke Lee. RAIN: Refinable Attack Investigation with On-demand Inter-Process Information Flow Tracking [PDF] (B3)
Wenke Lee (Georgia Institute of Technology)
Ruian Duan, Ashish Bijlani, Meng Xu, Taesoo Kim, Wenke Lee. Checking Open-Source License Violation and 1-day Security Risk at Large Scale [PDF] (J3)
Yang Ji, Sangho Lee, Evan Downing, Weiren Wang, Mattia Fazzini, Taesoo Kim, Alessandro Orso, Wenke Lee. RAIN: Refinable Attack Investigation with On-demand Inter-Process Information Flow Tracking [PDF] (B3)
Yeonjoon Lee (Indiana University)
Yi Chen, Wei You, Yeonjoon Lee, Kai Chen, XiaoFeng Wang, Wei Zou. Mass Discovery of Android Traffic Imprints through Instantiated Partial Execution [PDF] (D2)
Lingguang Lei (Chinese Academy of Sciences, Institute of Information Engineering / George Mason University)
Lingguang Lei, Yi He, Kun Sun, Jiwu Jing, Yuewu Wang, Qi Li, Jian Weng. Vulnerable Implicit Service: A Revisit [PDF] (E2)
Sebastian Lekies (Google)
Sebastian Lekies, Krzysztof Kotowicz, Samuel Groß , Eduardo Vela, Martin Johns. Code-reuse attacks for the Web: Breaking Cross-Site Scripting Mitigations via Script Gadgets [PDF] (H2)
Julia Len (University of California, San Diego)
Mihir Bellare, Joseph Jaeger, Julia Len. Better Than Advertised: Improved Collision-Resistance Guarantees for MD-Based Hash Functions [PDF] (D4)
Ada Lerner (Wellesley College)
Ada Lerner, Tadayoshi Kohno, Franziska Roesner. Rewriting History: Changing the Archived Web from the Present [PDF] [Paper] [Artifact] (H3)
Kirill Levchenko (University of California, San Diego)
Alexander Gamero-Garrido, Stefan Savage, Kirill Levchenko, Alex C. Snoeren. Quantifying the Pressure of Legal Risks on Third-party Vulnerability Research [PDF] [Paper] [Artifact] (G2)
Charles Lever (Georgia Institute of Technology)
Panagiotis Kintis, Najmeh Miramirkhani, Charles Lever, Yizheng Chen, Rosa Romero-Gómez, Nikolaos Pitropakis, Nick Nikiforakis, Manos Antonakakis. Hiding in Plain Sight: A Longitudinal Study of Combosquatting Abuse [PDF] [Paper] (C2)
Feifei Li (University of Utah)
Min Du, Feifei Li, Guineng Zheng, Vivek Srikumar. DeepLog: Anomaly Detection and Diagnosis from System Logs through Deep Learning [PDF] (F2)
Frank Li (University of California, Berkeley)
Frank Li, Vern Paxson. A Large-Scale Empirical Study of Security Patches [PDF] (J3)
Kurt Thomas, Frank Li, Ali Zand, Jake Barrett, Juri Ranieri, Luca Invernizzi, Yarik Markov, Oxana Comanescu, Vijay Eranti, Angelika Moscicki, Dan Margolis, Vern Paxson, Elie Bursztein. Data breaches, phishing, or malware? Understanding the risks of stolen credentials [PDF] (F5)
Mengyuan Li (The Ohio State University)
Yuan Xiao, Mengyuan Li, Sanchuan Chen, Yinqian Zhang. Stacco: Differentially Analyzing Side-Channel Traces for Detecting SSL/TLS Vulnerabilities in Secure Enclaves [PDF] [Paper] (D3)
Qi Li (Tsinghua University)
Lingguang Lei, Yi He, Kun Sun, Jiwu Jing, Yuewu Wang, Qi Li, Jian Weng. Vulnerable Implicit Service: A Revisit [PDF] (E2)
Song Li (Lehigh University)
Yinzhi Cao, Zhanhao Chen, Song Li, Shujiang Wu. Deterministic Browser [PDF] [Paper] [Artifact] (A4)
Tongxin Li (Peking University)
Tongxin Li, Xueqiang Wang, Mingming Zha, Kai Chen, XiaoFeng Wang, Luyi Xing, Xiaolong Bai, Nan Zhang, Xinhui Han. Unleashing the Walking Dead: Understanding Cross-App Remote Infections on Mobile WebViews [PDF] (D2)
Yong Li (Huawei Technologies Düsseldorf)
Yong Li, Sven Schäge. No-Match Attacks and Robust Partnering Definitions — Defining Trivial Attacks for Security Protocols is Not Trivial [PDF] [Paper] (F3)
Zhou Li (ACM Member)
Daiping Liu, Zhou Li, Kun Du, Haining Wang, Baojun Liu, Haixin Duan. Don’t Let One Rotten Apple Spoil the Whole Barrel: Towards Automated Detection of Shadowed Domains [PDF] (C2)
Zhoujun Li (Beihang University)
Zhangkai Zhang, Xuhua Ding, Gene Tsudik, Jinhua Cui, Zhoujun Li. Presence Attestation: The Missing Link In Dynamic Trust Bootstrapping [PDF] (A2)
Bin Liang (Renmin University of China)
Wei You, Peiyuan Zong, Kai Chen, XiaoFeng Wang, Xiaojing Liao, Pan Bian, Bin Liang. SemFuzz: Semantics-based Automatic Generation of Proof-of-Concept Exploits [PDF] (J2)
Xiaojing Liao (William and Mary)
Wei You, Peiyuan Zong, Kai Chen, XiaoFeng Wang, Xiaojing Liao, Pan Bian, Bin Liang. SemFuzz: Semantics-based Automatic Generation of Proof-of-Concept Exploits [PDF] (J2)
Christopher Liebchen (Technische Universität Darmstadt)
Tommaso Frassetto, David Gens, Christopher Liebchen, Ahmad-Reza Sadeghi. JITGuard: Hardening Just-in-time Compilers with SGX [PDF] [Paper] (K4)
Zhiqiang Lin (University of Texas at Dallas)
Chaoshun Zuo, Qingchuan Zhao, Zhiqiang Lin. AUTHSCOPE: Towards Automatic Discovery of Vulnerable Access Control in Online Services [PDF] (D2)
Sam Silvestro, Hongyu Liu, Corey Crosser, Zhiqiang Lin, Tongping Liu. FreeGuard: A Faster Secure Heap Allocator [PDF] [Artifact] (K3)
Fahad Shaon, Murat Kantarcioglu, Zhiqiang Lin, Latifur Khan. SGX-BigMatrix: A Practical Encrypted Data Analytic Framework With Trusted Processors [PDF] (E5)
Yehuda Lindell (Bar-Ilan University)
Yehuda Lindell, Ariel Nof. A Framework for Constructing Fast MPC over Arithmetic Circuits with Malicious Adversaries and an Honest-Majority [PDF] [Paper] (B1)
Shay Gueron, Yehuda Lindell. Better Bounds for Block Cipher Modes of Operation via Nonce-Based Key Derivation [PDF] [Paper] (E1)
Maciej Liskiewicz (University of Luebeck)
Sebastian Berndt, Maciej Liskiewicz. Algorithm Substitution Attacks from a Steganographic Perspective [PDF] [Paper] (H1)
Baojun Liu (Tsinghua University)
Daiping Liu, Zhou Li, Kun Du, Haining Wang, Baojun Liu, Haixin Duan. Don’t Let One Rotten Apple Spoil the Whole Barrel: Towards Automated Detection of Shadowed Domains [PDF] (C2)
Chang Liu (University of California, Berkeley)
Xiaojun Xu, Chang Liu, Qian Feng, Heng Yin, Le Song, Dawn Song. Neural Network-based Graph Embedding for Cross-Platform Binary Code Similarity Detection [PDF] [Paper] (B3)
Daiping Liu (University of Delaware)
Daiping Liu, Zhou Li, Kun Du, Haining Wang, Baojun Liu, Haixin Duan. Don’t Let One Rotten Apple Spoil the Whole Barrel: Towards Automated Detection of Shadowed Domains [PDF] (C2)
Hongyu Liu (University of Texas at San Antonio)
Sam Silvestro, Hongyu Liu, Corey Crosser, Zhiqiang Lin, Tongping Liu. FreeGuard: A Faster Secure Heap Allocator [PDF] [Artifact] (K3)
Hua Liu (Rutgers University)
Yi Han, Sriharsha Etigowni, Hua Liu, Saman Zonouz, Athina Petropulu. Watch Me, but Don’t Touch Me! Contactless Control Flow Monitoring via Electromagnetic Emanations [PDF] [Paper] (E3)
Jian Liu (Aalto University)
Jian Liu, Mika Juuti, Yao Lu, N. Asokan. Oblivious Neural Network Predictions via MiniONN transformations [PDF] [Paper] (C3)
Jian Liu (Rutgers University)
Jian Liu, Chen Wang, Yingying Chen, Nitesh Saxena. VibWrite: Towards Finger-input Authentication on Ubiquitous Surfaces via Physical Vibration [PDF] (A2)
Peng Liu (The Pennsylvania State University)
Jian Huang, Jun Xu, Xinyu Xing, Peng Liu, Moinuddin K. Qureshi. FlashGuard: Leveraging Intrinsic Flash Properties to Defend Against Encryption Ransomware [PDF] (J4)
Peng Liu (The Pennsylvania State University, College of Information Sciences and Technology)
Shijie Jia, Luning Xia, Bo Chen, Peng Liu. DEFTL: Implementing Plausibly Deniable Encryption in Flash Translation Layer [PDF] (J4)
Shen Liu (The Pennsylvania State University)
Shen Liu, Gang Tan, Trent Jaeger. PtrSplit: Supporting general pointers in automatic program partitioning [PDF] (K3)
Tongping Liu (University of Texas at San Antonio)
Sam Silvestro, Hongyu Liu, Corey Crosser, Zhiqiang Lin, Tongping Liu. FreeGuard: A Faster Secure Heap Allocator [PDF] [Artifact] (K3)
Dmitri Loguinov (Texas A&M University)
Zain Shamsi, Daren B.H. Cline, Dmitri Loguinov. Faulds: A Non-Parametric Iterative Classifier for Internet-Wide OS Fingerprinting [PDF] [Paper] (D5)
Heiko Lohrke (Technische Universität Berlin)
Shahin Tajik, Heiko Lohrke, Jean-Pierre Seifert, Christian Boit. On the Power of Optical Contactless Probing: Attacking Bitstream Encryption of FPGAs [PDF] [Paper] (H1)
Yao Lu (Aalto University)
Jian Liu, Mika Juuti, Yao Lu, N. Asokan. Oblivious Neural Network Predictions via MiniONN transformations [PDF] [Paper] (C3)
Meng Luo (Stony Brook University)
Meng Luo, Oleksii Starov, Nima Honarmand, Nick Nikiforakis. Hindsight: Understanding the Evolution of UI Vulnerabilities in Mobile Browsers [PDF] (A4)
Vadim Lyubashevsky (IBM Research - Zürich)
Rafael del Pino, Vadim Lyubashevsky, Gregory Neven, Gregor Seiler. Practical Quantum-Safe Voting from Lattices [PDF] (G4)
Christian Müller (Technische Universität München)
Bernd Finkbeiner, Christian Müller, Helmut Seidl, Eugen Zalinescu. Verifying Security Policies in Multi-agent Workflows with Loops [PDF] [Paper] [Artifact] (C4)
Ashwin Machanavajjhala (Duke University)
Xi He, Ashwin Machanavajjhala, Cheryl Flynn, Divesh Srivastava. Composing Differential Privacy and Secure Computation: A case study on scaling private record linkage [PDF] [Paper] (F4)
Yan Chen, Ashwin Machanavajjhala, Michael Hay, Gerome Miklau. PeGaSus: Data-Adaptive Differentially Private Stream Processing [PDF] (F4)
Aravind Machiry (University of California, Santa Barbara)
Jake Corina, Aravind Machiry, Christopher Salls, Yan Shoshitaishvili, Shuang Hao, Christopher Kruegel, Giovanni Vigna. DIFUZE: Interface Aware Fuzzing for Kernel Drivers [PDF] [Artifact] (J2)
Matteo Maffei (TU Wien)
Véronique Cortier, Niklas Grimm, Joseph Lallemand, Matteo Maffei. A Type System for Privacy Properties [PDF] [Paper] [Artifact] (B4)
Giulio Malavolta, Pedro Moreno-Sanchez, Aniket Kate, Matteo Maffei, Srivatsan Ravi. Concurrency and Privacy with Payment-Channel Networks [PDF] [Paper] (B5)
Giulio Malavolta (Friedrich-Alexander University Erlangen Nuernberg)
Giulio Malavolta, Pedro Moreno-Sanchez, Aniket Kate, Matteo Maffei, Srivatsan Ravi. Concurrency and Privacy with Payment-Channel Networks [PDF] [Paper] (B5)
Alex J. Malozemoff (Galois, Inc.)
Brent Carmer, Alex J. Malozemoff, Mariana Raykova. 5Gen-C: Multi-input Functional Encryption and Program Obfuscation for Arithmetic Circuits [PDF] [Artifact] (D1)
Akshaya Mani (Georgetown University)
Ellis Fenske, Akshaya Mani, Aaron Johnson, Micah Sherr. Distributed Measurement with Private Set-Union Cardinality [PDF] (K1)
Nathan Manohar (Stanford University)
Dmitry Kogan, Nathan Manohar, Dan Boneh. T/Key: Second-Factor Authentication From Secure Hash Chains [PDF] [Paper] (E1)
Z. Morley Mao (University of Michigan)
Qi Alfred Chen, Matthew Thomas, Eric Osterweil, Yulong Cao, Jie You, Z. Morley Mao. Client-side Name Collision Vulnerability in the New gTLD Era: A Systematic Study [PDF] [Paper] (D5)
Antonio Marcedone (Cornell University)
Keith Bonawitz, Vladimir Ivanov, Ben Kreuter, Antonio Marcedone, H. Brendan McMahan, Sarvar Patel, Daniel Ramage, Aaron Segal, Karn Seth. Practical Secure Aggregation for Privacy-Preserving Machine Learning [PDF] [Paper] (E5)
Piotr Mardziel (Carnegie Mellon University)
Anupam Datta, Matthew Fredrikson, Gihyuk Ko, Piotr Mardziel, Shayak Sen. Use Privacy in Data-Driven Systems: Theory and Experiments with Machine Learnt Programs [PDF] [Paper] [Artifact] (E5)
Dan Margolis (Google)
Kurt Thomas, Frank Li, Ali Zand, Jake Barrett, Juri Ranieri, Luca Invernizzi, Yarik Markov, Oxana Comanescu, Vijay Eranti, Angelika Moscicki, Dan Margolis, Vern Paxson, Elie Bursztein. Data breaches, phishing, or malware? Understanding the risks of stolen credentials [PDF] (F5)
Yarik Markov (Google)
Kurt Thomas, Frank Li, Ali Zand, Jake Barrett, Juri Ranieri, Luca Invernizzi, Yarik Markov, Oxana Comanescu, Vijay Eranti, Angelika Moscicki, Dan Margolis, Vern Paxson, Elie Bursztein. Data breaches, phishing, or malware? Understanding the risks of stolen credentials [PDF] (F5)
Naor Matania (Bar-Ilan University)
Vladimir Kolesnikov, Naor Matania, Benny Pinkas, Mike Rosulek, Ni Trieu. Practical Multi-party Private Set Intersection from Symmetric-Key Techniques [PDF] [Paper] [Artifact] (F1)
Vashek Matyas (Masaryk University)
Matus Nemec, Marek Sys, Petr Svenda, Dusan Klinec, Vashek Matyas. The Return of Coppersmith’s Attack: Practical Factorization of Widely Used RSA Moduli [PDF] [Artifact] (H1)
Vasilios Mavroudis (University College London)
Vasilios Mavroudis, Andrea Cerulli, Petr Svenda, Dan Cvrcek, Dusan Klinec, George Danezis. A Touch of Evil: High-Assurance Cryptographic Hardware from Untrusted Components [PDF] [Paper] [Artifact] (G5)
Travis Mayberry (United States Naval Academy)
Daniel S. Roche, Adam J. Aviv, Seung Geol Choi, Travis Mayberry. Deterministic, Stash-Free Write-Only ORAM [PDF] [Paper] [Artifact] (C1)
Arya Mazumdar (University of Massachusetts Amherst)
Milad Nasr, Amir Houmansadr, Arya Mazumdar. Compressive Traffic Analysis: A New Paradigm for Scalable Traffic Analysis [PDF] [Paper] (I5)
Patrick McCorry (Newcastle University)
Changyu Dong, Yilei Wang, Amjad Aldweesh, Patrick McCorry, Aad van Moorsel. Betrayal, Distrust, and Rationality: Smart Counter-Collusion Contracts for Verifiable Cloud Computing [PDF] [Paper] [Artifact] (A5)
H. Brendan McMahan (Google)
Keith Bonawitz, Vladimir Ivanov, Ben Kreuter, Antonio Marcedone, H. Brendan McMahan, Sarvar Patel, Daniel Ramage, Aaron Segal, Karn Seth. Practical Secure Aggregation for Privacy-Preserving Machine Learning [PDF] [Paper] (E5)
Nasir Memon (New York University)
Hossein Siadati, Nasir Memon. Detecting Structurally Anomalous Logins Within Enterprise Networks [PDF] (F2)
Dongyu Meng (ShanghaiTech University)
Dongyu Meng, Hao Chen. MagNet: a Two-Pronged Defense against Adversarial Examples [PDF] [Paper] (A3)
Ian Miers (Johns Hopkins University)
Matthew Green, Ian Miers. Bolt: Anonymous Payment Channels for Decentralized Currencies [PDF] (B5)
Arka Rai Choudhuri, Matthew Green, Abhishek Jain, Gabriel Kaptchuk, Ian Miers. Fairness in an Unfair World: Fair Multiparty Computation from Public Bulletin Boards [PDF] (C5)
Gerome Miklau (University of Massachusetts Amherst)
Yan Chen, Ashwin Machanavajjhala, Michael Hay, Gerome Miklau. PeGaSus: Data-Adaptive Differentially Private Stream Processing [PDF] (F4)
Changwoo Min (Georgia Institute of Technology)
Wen Xu, Sanidhya Kashyap, Changwoo Min, Taesoo Kim. Designing New Operating Primitives to Improve Fuzzing Performance [PDF] (K2)
Brice Minaud (Royal Holloway, University of London)
Raphael Bost, Brice Minaud, Olga Ohrimenko. Forward and Backward Private Searchable Encryption from Constrained Cryptographic Primitives [PDF] [Paper] [Artifact] (G1)
Najmeh Miramirkhani (Stony Brook University)
Panagiotis Kintis, Najmeh Miramirkhani, Charles Lever, Yizheng Chen, Rosa Romero-Gómez, Nikolaos Pitropakis, Nick Nikiforakis, Manos Antonakakis. Hiding in Plain Sight: A Longitudinal Study of Combosquatting Abuse [PDF] [Paper] (C2)
Payman Mohassel (Visa Research)
Nishanth Chandran, Juan Garay, Payman Mohassel, Satyanarayana Vusirikala. Efficient, Constant-Round and Actively Secure MPC: Beyond the Three-Party Case [PDF] [Paper] (B1)
Fabian Monrose (University of North Carolina at Chapel Hill)
Yizheng Chen, Yacin Nadji, Athanasios Kountouras, Fabian Monrose, Roberto Perdisci, Manos Antonakakis, Nikolaos Vasiloglou. Practical Attacks Against Graph-based Clustering [PDF] [Paper] (E4)
Tyler Moore (The University of Tulsa)
Samaneh Tajalizadehkhoob, Tom van Goethem, Maciej Korczyński, Arman Noroozian, Rainer Böhme, Tyler Moore, Wouter Joosen, Michel van Eeten. Herding Vulnerable Cats: A Statistical Approach to Disentangle Joint Responsibility for Web Security in Shared Hosting [PDF] [Paper] (C2)
Aad van Moorsel (Newcastle University)
Changyu Dong, Yilei Wang, Amjad Aldweesh, Patrick McCorry, Aad van Moorsel. Betrayal, Distrust, and Rationality: Smart Counter-Collusion Contracts for Verifiable Cloud Computing [PDF] [Paper] [Artifact] (A5)
Pedro Moreno-Sanchez (Purdue University)
Giulio Malavolta, Pedro Moreno-Sanchez, Aniket Kate, Matteo Maffei, Srivatsan Ravi. Concurrency and Privacy with Payment-Channel Networks [PDF] [Paper] (B5)
Angelika Moscicki (Google)
Kurt Thomas, Frank Li, Ali Zand, Jake Barrett, Juri Ranieri, Luca Invernizzi, Yarik Markov, Oxana Comanescu, Vijay Eranti, Angelika Moscicki, Dan Margolis, Vern Paxson, Elie Bursztein. Data breaches, phishing, or malware? Understanding the risks of stolen credentials [PDF] (F5)
Andrew Myers (Cornell University)
Ethan Cecchetti, Andrew Myers, Owen Arden. Nonmalleable Information Flow Control [PDF] [Paper] (I2)
Mohammed Thari Nabeel (New York University)
Muhammad Yasin, Abhrajit Sengupta, Mohammed Thari Nabeel, Mohammed Ashraf, Jeyavijayan (JV) Rajendran, Ozgur Sinanoglu. Provably-Secure Logic Locking: From Theory To Practice [PDF] (G5)
Yacin Nadji (Georgia Institute of Technology)
Yizheng Chen, Yacin Nadji, Athanasios Kountouras, Fabian Monrose, Roberto Perdisci, Manos Antonakakis, Nikolaos Vasiloglou. Practical Attacks Against Graph-based Clustering [PDF] [Paper] (E4)
Pardis Emami Naeini (Carnegie Mellon University)
Sarah Pearman, Jeremy Thomas, Pardis Emami Naeini, Hana Habib, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, Serge Egelman, Alain Forget. Let’s go in for a closer look: Observing passwords in their natural habitat [PDF] (B2)
Matthias Nagel (Karlsruhe Institute of Technology)
Gunnar Hartung, Max Hoffmann, Matthias Nagel, Andy Rupp. BBA+: Improving the Security and Applicability of Privacy-Preserving Point Collection [PDF] (I3)
Adib Nahiyan (University of Florida)
Animesh Chhotaray, Adib Nahiyan, Thomas Shrimpton, Domenic J Forte, Mark Tehranipoor. Standardizing Bad Cryptographic Practice - A teardown of the IEEE standard for protecting electronic-design intellectual property [PDF] (G3)
Alena Naiakshina (University of Bonn)
Alena Naiakshina, Anastasia Danilova, Christian Tiefenau, Marco Herzog, Sergej Dechand, Matthew Smith. Why Do Developers Get Password Storage Wrong? A Qualitative Usability Study [PDF] [Paper] (B2)
Milad Nasr (University of Massachusetts Amherst)
Milad Nasr, Amir Houmansadr, Arya Mazumdar. Compressive Traffic Analysis: A New Paradigm for Scalable Traffic Analysis [PDF] [Paper] (I5)
Milad Nasr, Hadi Zolfaghari, Amir Houmansadr. The Waterfall of Liberty: Decoy Routing Circumvention that Resists Routing Attacks [PDF] [Artifact] (I5)
Matus Nemec (Masaryk University / Ca’ Foscari University of Venice)
Matus Nemec, Marek Sys, Petr Svenda, Dusan Klinec, Vashek Matyas. The Return of Coppersmith’s Attack: Practical Factorization of Widely Used RSA Moduli [PDF] [Artifact] (H1)
Gregory Neven (IBM Research - Zürich)
Rafael del Pino, Vadim Lyubashevsky, Gregory Neven, Gregor Seiler. Practical Quantum-Safe Voting from Lattices [PDF] (G4)
Duc Cuong Nguyen (CISPA, Saarland University)
Duc Cuong Nguyen, Dominik Wermke, Yasemin Acar, Michael Backes, Charles Weir, Sascha Fahl. A Stitch in Time: Supporting Android Developers in Writing Secure Code [PDF] (E2)
Manh-Dung Nguyen (National University of Singapore)
Marcel Böhme, Van-Thuan Pham, Manh-Dung Nguyen, Abhik Roychoudhury. Directed Greybox Fuzzing [PDF] [Paper] [Artifact] (K2)
Tam Nguyen (Oregon State University)
Thang Hoang, Ceyhun D. Ozkaptan, Attila A. Yavuz, Jorge Guajardo, Tam Nguyen. S3ORAM: A Computation-Efficient and Constant Client Bandwidth Blowup ORAM with Shamir Secret Sharing [PDF] [Paper] [Artifact] (C1)
Jesper Buus Nielsen (Aarhus University)
Vladimir Kolesnikov, Jesper Buus Nielsen, Mike Rosulek, Ni Trieu, Roberto Trifiletti. DUPLO: Unifying Cut-and-Choose for Garbled Circuits [PDF] [Paper] [Artifact] (A1)
Nico Döttling, Satrajit Ghosh, Jesper Buus Nielsen, Tobias Nilges, Roberto Trifiletti. TinyOLE: Efficient Actively Secure Two-Party Computation from Oblivious Linear Function Evaluation [PDF] (K1)
Nick Nikiforakis (Stony Brook University)
Panagiotis Kintis, Najmeh Miramirkhani, Charles Lever, Yizheng Chen, Rosa Romero-Gómez, Nikolaos Pitropakis, Nick Nikiforakis, Manos Antonakakis. Hiding in Plain Sight: A Longitudinal Study of Combosquatting Abuse [PDF] [Paper] (C2)
Meng Luo, Oleksii Starov, Nima Honarmand, Nick Nikiforakis. Hindsight: Understanding the Evolution of UI Vulnerabilities in Mobile Browsers [PDF] (A4)
Thomas Vissers, Timothy Barron, Tom Van Goethem, Wouter Joosen, Nick Nikiforakis. The Wolf of Name Street: Hijacking Domains Through Their Nameservers [PDF] [Paper] (D5)
Tobias Nilges (Aarhus University)
Nico Döttling, Satrajit Ghosh, Jesper Buus Nielsen, Tobias Nilges, Roberto Trifiletti. TinyOLE: Efficient Actively Secure Two-Party Computation from Oblivious Linear Function Evaluation [PDF] (K1)
Shirin Nilizadeh (University of California, Santa Barbara)
Shirin Nilizadeh, François Labrèche, Alireza Sadighian, Ali Zand, José Fernandez, Christopher Kruegel, Gianluca Stringhini, Giovanni Vigna. POISED: Spotting Twitter Spam Off the Beaten Paths [PDF] [Paper] (E4)
Luca Nizzardo (IMDEA Software Institute and Universidad Politécnica de Madrid)
Matteo Campanelli, Rosario Gennaro, Steven Goldfeder, Luca Nizzardo. Zero-Knowledge Contingent Payments Revisited: Attacks and Payments for Services [PDF] [Paper] [Artifact] (A5)
Ariel Nof (Bar-Ilan University)
Yehuda Lindell, Ariel Nof. A Framework for Constructing Fast MPC over Arithmetic Circuits with Malicious Adversaries and an Honest-Majority [PDF] [Paper] (B1)
Arman Noroozian (Delft University of Technology)
Samaneh Tajalizadehkhoob, Tom van Goethem, Maciej Korczyński, Arman Noroozian, Rainer Böhme, Tyler Moore, Wouter Joosen, Michel van Eeten. Herding Vulnerable Cats: A Statistical Approach to Disentangle Joint Responsibility for Web Security in Shared Hosting [PDF] [Paper] (C2)
Olga Ohrimenko (Microsoft Research, Cambridge)
Raphael Bost, Brice Minaud, Olga Ohrimenko. Forward and Backward Private Searchable Encryption from Constrained Cryptographic Primitives [PDF] [Paper] [Artifact] (G1)
Tiago Oliveira (HASLab – INESC TEC / Universidade do Minho)
José Bacelar Almeida, Manuel Barbosa, Gilles Barthe, Arthur Blot, Benjamin Grégoire, Vincent Laporte, Tiago Oliveira, Hugo Pacheco, Benedikt Schmidt, Pierre-Yves Strub. Jasmin: High-Assurance and High-Speed Cryptography [PDF] [Artifact] (H4)
Claudio Orlandi (Aarhus University)
Melissa Chase, David Derler, Steven Goldfeder, Claudio Orlandi, Sebastian Ramacher, Christian Rechberger, Daniel Slamanig, Greg Zaverucha. Post-Quantum Zero-Knowledge and Signatures from Symmetric-Key Primitives [PDF] (I1)
Michele Orru (ENS, Paris)
Elette Boyle, Geoffroy Couteau, Niv Gilboa, Yuval Ishai, Michele Orru. Homomorphic Secret Sharing: Optimizations and Applications [PDF] [Artifact] (J1)
Alessandro Orso (Georgia Institute of Technology)
Yang Ji, Sangho Lee, Evan Downing, Weiren Wang, Mattia Fazzini, Taesoo Kim, Alessandro Orso, Wenke Lee. RAIN: Refinable Attack Investigation with On-demand Inter-Process Information Flow Tracking [PDF] (B3)
Eric Osterweil (Verisign Labs)
Qi Alfred Chen, Matthew Thomas, Eric Osterweil, Yulong Cao, Jie You, Z. Morley Mao. Client-side Name Collision Vulnerability in the New gTLD Era: A Systematic Study [PDF] [Paper] (D5)
Rebekah Overdorf (Drexel University)
Rebekah Overdorf, Marc Juarez, Gunes Acar, Rachel Greenstadt, Claudia Diaz. How Unique is Your .onion? An Analysis of the Fingerprintability of Tor Onion Services [PDF] [Paper] [Artifact] (I5)
Simon Oya (University of Vigo)
Simon Oya, Carmela Troncoso, Fernando Pérez-González. Back to the drawing board: Revisiting the design of optimal location privacy-preserving mechanisms [PDF] [Paper] (I3)
Ceyhun D. Ozkaptan (Oregon State University)
Thang Hoang, Ceyhun D. Ozkaptan, Attila A. Yavuz, Jorge Guajardo, Tam Nguyen. S3ORAM: A Computation-Efficient and Constant Client Bandwidth Blowup ORAM with Shamir Secret Sharing [PDF] [Paper] [Artifact] (C1)
Fernando Pérez-González (University of Vigo)
Simon Oya, Carmela Troncoso, Fernando Pérez-González. Back to the drawing board: Revisiting the design of optimal location privacy-preserving mechanisms [PDF] [Paper] (I3)
Hugo Pacheco (HASLab – INESC TEC / Universidade do Minho)
José Bacelar Almeida, Manuel Barbosa, Gilles Barthe, Arthur Blot, Benjamin Grégoire, Vincent Laporte, Tiago Oliveira, Hugo Pacheco, Benedikt Schmidt, Pierre-Yves Strub. Jasmin: High-Assurance and High-Speed Cryptography [PDF] [Artifact] (H4)
Xiaorui Pan (Indiana University)
Wenhao Wang, Guoxing Chen, Xiaorui Pan, Yinqian Zhang, XiaoFeng Wang, Vincent Bindschaedler, Haixu Tang, Carl A. Gunter. Leaky Cauldron on the Dark Land: Understanding Memory Side-Channel Hazards in SGX [PDF] (K4)
Jun Pang (University of Luxembourg)
Michael Backes, Mathias Humbert, Jun Pang, Yang Zhang. walk2friends: Inferring Social Links from Mobility Profiles [PDF] [Paper] [Artifact] (I3)
Je Hong Park (National Security Research Institute)
Kee Sung Kim, Minkyu Kim, Dongsoo Lee, Je Hong Park, Woo-Hwan Kim. Forward Secure Dynamic Searchable Symmetric Encryption with Efficient Updates [PDF] (G1)
Sarvar Patel (Google)
Keith Bonawitz, Vladimir Ivanov, Ben Kreuter, Antonio Marcedone, H. Brendan McMahan, Sarvar Patel, Daniel Ramage, Aaron Segal, Karn Seth. Practical Secure Aggregation for Privacy-Preserving Machine Learning [PDF] [Paper] (E5)
Vern Paxson (University of California, Berkeley)
Frank Li, Vern Paxson. A Large-Scale Empirical Study of Security Patches [PDF] (J3)
Kurt Thomas, Frank Li, Ali Zand, Jake Barrett, Juri Ranieri, Luca Invernizzi, Yarik Markov, Oxana Comanescu, Vijay Eranti, Angelika Moscicki, Dan Margolis, Vern Paxson, Elie Bursztein. Data breaches, phishing, or malware? Understanding the risks of stolen credentials [PDF] (F5)
Mathias Payer (Purdue University)
Yuseok Jeon, Priyam Biswas, Scott Carr, Byoungyoung Lee, Mathias Payer. HexType: Efficient Detection of Type Confusion Errors for C++ [PDF] (K3)
Sarah Pearman (Carnegie Mellon University)
Sarah Pearman, Jeremy Thomas, Pardis Emami Naeini, Hana Habib, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, Serge Egelman, Alain Forget. Let’s go in for a closer look: Observing passwords in their natural habitat [PDF] (B2)
Giancarlo Pellegrino (CISPA, Saarland University)
Giancarlo Pellegrino, Martin Johns, Simon Koch, Michael Backes, Christian Rossow. Deemon: Detecting CSRF with Dynamic Analysis and Property Graphs [PDF] [Paper] (H3)
Roberto Perdisci (University of Georgia)
Yizheng Chen, Yacin Nadji, Athanasios Kountouras, Fabian Monrose, Roberto Perdisci, Manos Antonakakis, Nikolaos Vasiloglou. Practical Attacks Against Graph-based Clustering [PDF] [Paper] (E4)
Vitor Pereira (HASLab – INESC TEC / DCC FC Universidade do Porto)
José Bacelar Almeida, Manuel Barbosa, Gilles Barthe, François Dupressoir, Benjamin Grégoire, Vincent Laporte, Vitor Pereira. A Fast and Verified Software Stack for Secure Function Evaluation [PDF] [Paper] [Artifact] (I4)
Fernando Perez-Cruz (Stevens Institute of Technology)
Briland Hitaj, Giuseppe Ateniese, Fernando Perez-Cruz. Deep Models Under the GAN: Information Leakage from Collaborative Deep Learning [PDF] [Paper] (C3)
Peter Pessl (Graz University of Technology)
Peter Pessl, Leon Groot Bruinderink, Yuval Yarom. To BLISS-B or not to be - Attacking strongSwan’s Implementation of Post-Quantum Signatures [PDF] [Paper] (I1)
Adam Petcher (Oracle)
Katherine Q. Ye, Matthew Green, Naphat Sanguansin, Lennart Beringer, Adam Petcher, Andrew W. Appel. Verified Correctness and Security of mbedTLS HMAC-DRBG [PDF] [Paper] [Artifact] (I4)
Athina Petropulu (Rutgers University)
Yi Han, Sriharsha Etigowni, Hua Liu, Saman Zonouz, Athina Petropulu. Watch Me, but Don’t Touch Me! Contactless Control Flow Monitoring via Electromagnetic Emanations [PDF] [Paper] (E3)
Theofilos Petsios (Columbia University)
Theofilos Petsios, Jason Zhao, Angelos D. Keromytis, Suman Jana. SlowFuzz: Automated Domain-Independent Detection of Algorithmic Complexity Vulnerabilities [PDF] [Paper] (J2)
Van-Thuan Pham (National University of Singapore)
Marcel Böhme, Van-Thuan Pham, Manh-Dung Nguyen, Abhik Roychoudhury. Directed Greybox Fuzzing [PDF] [Paper] [Artifact] (K2)
Duong Hieu Phan (XLIM (U. Limoges, CNRS), France)
Shweta Agrawal, Sanjay Bhattacherjee, Duong Hieu Phan, Damien Stehle, Shota Yamada. Efficient Public Trace-and-Revoke from Standard Assumptions [PDF] [Paper] (K1)
Frank Piessens (KU Leuven, imec-DistriNet)
Mathy Vanhoef, Frank Piessens. Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2 [PDF] [Paper] (F3)
Benny Pinkas (Bar-Ilan University)
Vladimir Kolesnikov, Naor Matania, Benny Pinkas, Mike Rosulek, Ni Trieu. Practical Multi-party Private Set Intersection from Symmetric-Key Techniques [PDF] [Paper] [Artifact] (F1)
Rafael del Pino (IBM Research - Zürich)
Rafael del Pino, Vadim Lyubashevsky, Gregory Neven, Gregor Seiler. Practical Quantum-Safe Voting from Lattices [PDF] (G4)
Nikolaos Pitropakis (London South Bank University)
Panagiotis Kintis, Najmeh Miramirkhani, Charles Lever, Yizheng Chen, Rosa Romero-Gómez, Nikolaos Pitropakis, Nick Nikiforakis, Manos Antonakakis. Hiding in Plain Sight: A Longitudinal Study of Combosquatting Abuse [PDF] [Paper] (C2)
Yuval Pnueli (Technion - Israel Institute of Technology)
Rahul Chatterjee, Joanne Woodage, Yuval Pnueli, Anusha Chowdhury, Thomas Ristenpart. The TypTop System: Personalized Typo-tolerant Password Checking [PDF] [Paper] [Artifact] (B2)
Jonathan Protzenko (Microsoft Research)
Jean-Karim Zinzindohoué, Karthikeyan Bhargavan, Jonathan Protzenko, Benjamin Beurdouche. HACL*: A Verified Modern Cryptographic Library [PDF] [Paper] [Artifact] (H4)
Calton Pu (Georgia Institute of Technology)
Huasong Shan, Qingyang Wang, Calton Pu. Tail Attacks on Web Applications [PDF] (H3)
Zhan Qin (State University of New York at Buffalo)
Zhan Qin, Yin Yang, Ting Yu, Xiaokui Xiao, Issa Khalil, Kui Ren. Generating Synthetic Decentralized Social Graphs with Local Differential Privacy [PDF] (B4)
Moinuddin K. Qureshi (Georgia Institute of Technology)
Jian Huang, Jun Xu, Xinyu Xing, Peng Liu, Moinuddin K. Qureshi. FlashGuard: Leveraging Intrinsic Flash Properties to Defend Against Encryption Ransomware [PDF] (J4)
Carla Ràfols (UPF Barcelona)
Gottfried Herold, Max Hoffmann, Michael Klooß , Carla Ràfols, Andy Rupp. New Techniques for Structural Batch Verification in Bilinear Groups with Applications to Groth-Sahai Proofs [PDF] [Paper] (G4)
Jeyavijayan (JV) Rajendran (University of Texas at Dallas)
Muhammad Yasin, Abhrajit Sengupta, Mohammed Thari Nabeel, Mohammed Ashraf, Jeyavijayan (JV) Rajendran, Ozgur Sinanoglu. Provably-Secure Logic Locking: From Theory To Practice [PDF] (G5)
Sebastian Ramacher (Graz University of Technology)
Melissa Chase, David Derler, Steven Goldfeder, Claudio Orlandi, Sebastian Ramacher, Christian Rechberger, Daniel Slamanig, Greg Zaverucha. Post-Quantum Zero-Knowledge and Signatures from Symmetric-Key Primitives [PDF] (I1)
Daniel Ramage (Google)
Keith Bonawitz, Vladimir Ivanov, Ben Kreuter, Antonio Marcedone, H. Brendan McMahan, Sarvar Patel, Daniel Ramage, Aaron Segal, Karn Seth. Practical Secure Aggregation for Privacy-Preserving Machine Learning [PDF] [Paper] (E5)
Samuel Ranellucci (University of Maryland / George Mason University)
Xiao Wang, Samuel Ranellucci, Jonathan Katz. Authenticated Garbling and Efficient Maliciously Secure Two-Party Computation [PDF] [Paper] [Artifact] (A1)
Xiao Wang, Samuel Ranellucci, Jonathan Katz. Global-Scale Secure Multiparty Computation [PDF] [Paper] [Artifact] (A1)
Juri Ranieri (Google)
Kurt Thomas, Frank Li, Ali Zand, Jake Barrett, Juri Ranieri, Luca Invernizzi, Yarik Markov, Oxana Comanescu, Vijay Eranti, Angelika Moscicki, Dan Margolis, Vern Paxson, Elie Bursztein. Data breaches, phishing, or malware? Understanding the risks of stolen credentials [PDF] (F5)
Srivatsan Ravi (University of Southern California)
Giulio Malavolta, Pedro Moreno-Sanchez, Aniket Kate, Matteo Maffei, Srivatsan Ravi. Concurrency and Privacy with Payment-Channel Networks [PDF] [Paper] (B5)
Mariana Raykova (Yale University)
Brent Carmer, Alex J. Malozemoff, Mariana Raykova. 5Gen-C: Multi-input Functional Encryption and Program Obfuscation for Arithmetic Circuits [PDF] [Artifact] (D1)
Christian Rechberger (Graz University of Technology / Denmark Technical University)
Melissa Chase, David Derler, Steven Goldfeder, Claudio Orlandi, Sebastian Ramacher, Christian Rechberger, Daniel Slamanig, Greg Zaverucha. Post-Quantum Zero-Knowledge and Signatures from Symmetric-Key Primitives [PDF] (I1)
Kui Ren (State University of New York at Buffalo)
Zhan Qin, Yin Yang, Ting Yu, Xiaokui Xiao, Issa Khalil, Kui Ren. Generating Synthetic Decentralized Social Graphs with Local Differential Privacy [PDF] (B4)
Shaolei Ren (University of California, Riverside)
Mohammad A. Islam, Shaolei Ren, Adam Wierman. Exploiting a Thermal Side Channel for Power Attacks in Multi-Tenant Data Centers [PDF] (E3)
Peter Rindal (Oregon State University)
Hao Chen, Kim Laine, Peter Rindal. Fast Private Set Intersection from Homomorphic Encryption [PDF] [Paper] (F1)
Peter Rindal, Mike Rosulek. Malicious-Secure Private Set Intersection via Dual Execution [PDF] [Paper] [Artifact] (F1)
Thomas Ristenpart (Cornell Tech)
Congzheng Song, Thomas Ristenpart, Vitaly Shmatikov. Machine Learning Models that Remember Too Much [PDF] (C3)
Rahul Chatterjee, Joanne Woodage, Yuval Pnueli, Anusha Chowdhury, Thomas Ristenpart. The TypTop System: Personalized Typo-tolerant Password Checking [PDF] [Paper] [Artifact] (B2)
Daniel S. Roche (United States Naval Academy)
Daniel S. Roche, Adam J. Aviv, Seung Geol Choi, Travis Mayberry. Deterministic, Stash-Free Write-Only ORAM [PDF] [Paper] [Artifact] (C1)
Franziska Roesner (University of Washington)
Ada Lerner, Tadayoshi Kohno, Franziska Roesner. Rewriting History: Changing the Archived Web from the Present [PDF] [Paper] [Artifact] (H3)
Rosa Romero-Gómez (Georgia Institute of Technology)
Panagiotis Kintis, Najmeh Miramirkhani, Charles Lever, Yizheng Chen, Rosa Romero-Gómez, Nikolaos Pitropakis, Nick Nikiforakis, Manos Antonakakis. Hiding in Plain Sight: A Longitudinal Study of Combosquatting Abuse [PDF] [Paper] (C2)
Christian Rossow (CISPA, Saarland University)
Giancarlo Pellegrino, Martin Johns, Simon Koch, Michael Backes, Christian Rossow. Deemon: Detecting CSRF with Dynamic Analysis and Property Graphs [PDF] [Paper] (H3)
Mike Rosulek (Oregon State University)
Vladimir Kolesnikov, Jesper Buus Nielsen, Mike Rosulek, Ni Trieu, Roberto Trifiletti. DUPLO: Unifying Cut-and-Choose for Garbled Circuits [PDF] [Paper] [Artifact] (A1)
Peter Rindal, Mike Rosulek. Malicious-Secure Private Set Intersection via Dual Execution [PDF] [Paper] [Artifact] (F1)
Vladimir Kolesnikov, Naor Matania, Benny Pinkas, Mike Rosulek, Ni Trieu. Practical Multi-party Private Set Intersection from Symmetric-Key Techniques [PDF] [Paper] [Artifact] (F1)
Abhik Roychoudhury (National University of Singapore)
Marcel Böhme, Van-Thuan Pham, Manh-Dung Nguyen, Abhik Roychoudhury. Directed Greybox Fuzzing [PDF] [Paper] [Artifact] (K2)
Andy Rupp (Karlsruhe Institute of Technology)
Gunnar Hartung, Max Hoffmann, Matthias Nagel, Andy Rupp. BBA+: Improving the Security and Applicability of Privacy-Preserving Point Collection [PDF] (I3)
Gottfried Herold, Max Hoffmann, Michael Klooß , Carla Ràfols, Andy Rupp. New Techniques for Structural Batch Verification in Bilinear Groups with Applications to Groth-Sahai Proofs [PDF] [Paper] (G4)
Alexander Russell (University of Connecticut)
Alexander Russell, Qiang Tang, Moti Yung, Hong-Sheng Zhou. Generic Semantic Security against a Kleptographic Adversary [PDF] (D4)
Alejandro Russo (Chalmers University of Technology)
Lucas Waye, Pablo Buiras, Owen Arden, Alejandro Russo, Stephen Chong. Cryptographically Secure Information Flow Control on Key-Value Stores [PDF] [Paper] (I2)
Ahmad-Reza Sadeghi (Technische Universität Darmstadt)
Tommaso Frassetto, David Gens, Christopher Liebchen, Ahmad-Reza Sadeghi. JITGuard: Hardening Just-in-time Compilers with SGX [PDF] [Paper] (K4)
Alireza Sadighian (École Polytechnique de Montréal)
Shirin Nilizadeh, François Labrèche, Alireza Sadighian, Ali Zand, José Fernandez, Christopher Kruegel, Gianluca Stringhini, Giovanni Vigna. POISED: Spotting Twitter Spam Off the Beaten Paths [PDF] [Paper] (E4)
Christopher Salls (University of California, Santa Barbara)
Jake Corina, Aravind Machiry, Christopher Salls, Yan Shoshitaishvili, Shuang Hao, Christopher Kruegel, Giovanni Vigna. DIFUZE: Interface Aware Fuzzing for Kernel Drivers [PDF] [Artifact] (J2)
Yan Shoshitaishvili, Michael Weissbacher, Lukas Dresel, Christopher Salls, Ruoyu Wang, Christopher Kruegel, Giovanni Vigna. Rise of the HaCRS: Augmenting Autonomous Cyber Reasoning Systems with Human Assistance [PDF] (B3)
Naphat Sanguansin (Princeton University)
Katherine Q. Ye, Matthew Green, Naphat Sanguansin, Lennart Beringer, Adam Petcher, Andrew W. Appel. Verified Correctness and Security of mbedTLS HMAC-DRBG [PDF] [Paper] [Artifact] (I4)
Stefan Savage (University of California, San Diego)
Alexander Gamero-Garrido, Stefan Savage, Kirill Levchenko, Alex C. Snoeren. Quantifying the Pressure of Legal Risks on Third-party Vulnerability Research [PDF] [Paper] [Artifact] (G2)
Nitesh Saxena (University of Alabama at Birmingham)
Maliheh Shirvanian, Nitesh Saxena. CCCP: Closed Caption Crypto Phones to Resist MITM Attacks, Human Errors and Click-Through [PDF] (F3)
Jian Liu, Chen Wang, Yingying Chen, Nitesh Saxena. VibWrite: Towards Finger-input Authentication on Ubiquitous Surfaces via Physical Vibration [PDF] (A2)
Sven Schäge (Ruhr-Universität Bochum)
Yong Li, Sven Schäge. No-Match Attacks and Robust Partnering Definitions — Defining Trivial Attacks for Security Protocols is Not Trivial [PDF] [Paper] (F3)
Benedikt Schmidt (IMDEA Software Institute)
José Bacelar Almeida, Manuel Barbosa, Gilles Barthe, Arthur Blot, Benjamin Grégoire, Vincent Laporte, Tiago Oliveira, Hugo Pacheco, Benedikt Schmidt, Pierre-Yves Strub. Jasmin: High-Assurance and High-Speed Cryptography [PDF] [Artifact] (H4)
Oliver Schranz (CISPA, Saarland University)
Jie Huang, Oliver Schranz, Sven Bugiel, Michael Backes. The ART of App Compartmentalization: Compiler-based Library Privilege Separation on Stock Android [PDF] (E2)
Sam Scott (Royal Holloway, University of London)
Cas Cremers, Marko Horvat, Jonathan Hoyland, Sam Scott, Thyla van der Merwe. A Comprehensive Symbolic Analysis of TLS 1.3 [PDF] [Paper] [Artifact] (H4)
Aaron Segal (Google)
Keith Bonawitz, Vladimir Ivanov, Ben Kreuter, Antonio Marcedone, H. Brendan McMahan, Sarvar Patel, Daniel Ramage, Aaron Segal, Karn Seth. Practical Secure Aggregation for Privacy-Preserving Machine Learning [PDF] [Paper] (E5)
Helmut Seidl (Technische Universität München)
Bernd Finkbeiner, Christian Müller, Helmut Seidl, Eugen Zalinescu. Verifying Security Policies in Multi-agent Workflows with Loops [PDF] [Paper] [Artifact] (C4)
Jean-Pierre Seifert (Technische Universität Berlin)
Shahin Tajik, Heiko Lohrke, Jean-Pierre Seifert, Christian Boit. On the Power of Optical Contactless Probing: Attacking Bitstream Encryption of FPGAs [PDF] [Paper] (H1)
Gregor Seiler (IBM Research - Zürich)
Rafael del Pino, Vadim Lyubashevsky, Gregory Neven, Gregor Seiler. Practical Quantum-Safe Voting from Lattices [PDF] (G4)
Shayak Sen (Carnegie Mellon University)
Anupam Datta, Matthew Fredrikson, Gihyuk Ko, Piotr Mardziel, Shayak Sen. Use Privacy in Data-Driven Systems: Theory and Experiments with Machine Learnt Programs [PDF] [Paper] [Artifact] (E5)
Abhrajit Sengupta (New York University)
Muhammad Yasin, Abhrajit Sengupta, Mohammed Thari Nabeel, Mohammed Ashraf, Jeyavijayan (JV) Rajendran, Ozgur Sinanoglu. Provably-Secure Logic Locking: From Theory To Practice [PDF] (G5)
Sanjit Seshia (University of California, Berkeley)
Pramod Subramanyan, Rohit Sinha, Ilia Lebedev, Srinivas Devadas, Sanjit Seshia. A Formal Foundation for Secure Remote Execution of Enclaves [PDF] [Paper] [Artifact] (K4)
Karn Seth (Google)
Keith Bonawitz, Vladimir Ivanov, Ben Kreuter, Antonio Marcedone, H. Brendan McMahan, Sarvar Patel, Daniel Ramage, Aaron Segal, Karn Seth. Practical Secure Aggregation for Privacy-Preserving Machine Learning [PDF] [Paper] (E5)
Zain Shamsi (Texas A&M University)
Zain Shamsi, Daren B.H. Cline, Dmitri Loguinov. Faulds: A Non-Parametric Iterative Classifier for Internet-Wide OS Fingerprinting [PDF] [Paper] (D5)
Huasong Shan (Louisiana State University, Computer Science and Engineering Division)
Huasong Shan, Qingyang Wang, Calton Pu. Tail Attacks on Web Applications [PDF] (H3)
Fahad Shaon (University of Texas at Dallas)
Fahad Shaon, Murat Kantarcioglu, Zhiqiang Lin, Latifur Khan. SGX-BigMatrix: A Practical Encrypted Data Analytic Framework With Trusted Processors [PDF] (E5)
abhi shelat (Northeastern University)
Riad S. Wahby, Ye Ji, Andrew J. Blumberg, abhi shelat, Justin Thaler, Michael Walfish, Thomas Wies. Full accounting for verifiable outsourcing [PDF] [Paper] (J1)
Jack Doerner, abhi shelat. Scaling ORAM for Secure Computation [PDF] [Paper] [Artifact] (C1)
Micah Sherr (Georgetown University)
Ellis Fenske, Akshaya Mani, Aaron Johnson, Micah Sherr. Distributed Measurement with Private Set-Union Cardinality [PDF] (K1)
Elaine Shi (Cornell University)
Ethan Cecchetti, Fan Zhang, Yan Ji, Ahmed Kosba, Ari Juels, Elaine Shi. Solidus: Confidential Distributed Ledger Transactions via PVORM [PDF] [Paper] (C5)
Kang G. Shin (University of Michigan)
Kyong-Tak Cho, Kang G. Shin. Viden: Attacker Identification on In-Vehicle Networks [PDF] [Paper] (E3)
Maliheh Shirvanian (University of Alabama at Birmingham)
Maliheh Shirvanian, Nitesh Saxena. CCCP: Closed Caption Crypto Phones to Resist MITM Attacks, Human Errors and Click-Through [PDF] (F3)
Vitaly Shmatikov (Cornell Tech)
Congzheng Song, Thomas Ristenpart, Vitaly Shmatikov. Machine Learning Models that Remember Too Much [PDF] (C3)
Yan Shoshitaishvili (Arizona State University)
Jake Corina, Aravind Machiry, Christopher Salls, Yan Shoshitaishvili, Shuang Hao, Christopher Kruegel, Giovanni Vigna. DIFUZE: Interface Aware Fuzzing for Kernel Drivers [PDF] [Artifact] (J2)
Yan Shoshitaishvili, Michael Weissbacher, Lukas Dresel, Christopher Salls, Ruoyu Wang, Christopher Kruegel, Giovanni Vigna. Rise of the HaCRS: Augmenting Autonomous Cyber Reasoning Systems with Human Assistance [PDF] (B3)
Victor Shoup (IBM and New York University)
Shai Halevi, Tzipora Halevi, Victor Shoup, Noah Stephens-Davidowitz. Implementing BP-Obfuscation Using Graph-Induced Encoding [PDF] [Paper] (D1)
Thomas Shrimpton (University of Florida)
Animesh Chhotaray, Adib Nahiyan, Thomas Shrimpton, Domenic J Forte, Mark Tehranipoor. Standardizing Bad Cryptographic Practice - A teardown of the IEEE standard for protecting electronic-design intellectual property [PDF] (G3)
Hossein Siadati (New York University)
Hossein Siadati, Nasir Memon. Detecting Structurally Anomalous Logins Within Enterprise Networks [PDF] (F2)
Sam Silvestro (University of Texas at San Antonio)
Sam Silvestro, Hongyu Liu, Corey Crosser, Zhiqiang Lin, Tongping Liu. FreeGuard: A Faster Secure Heap Allocator [PDF] [Artifact] (K3)
Ozgur Sinanoglu (New York University)
Muhammad Yasin, Abhrajit Sengupta, Mohammed Thari Nabeel, Mohammed Ashraf, Jeyavijayan (JV) Rajendran, Ozgur Sinanoglu. Provably-Secure Logic Locking: From Theory To Practice [PDF] (G5)
Rohit Sinha (University of California, Berkeley)
Pramod Subramanyan, Rohit Sinha, Ilia Lebedev, Srinivas Devadas, Sanjit Seshia. A Formal Foundation for Secure Remote Execution of Enclaves [PDF] [Paper] [Artifact] (K4)
Daniel Slamanig (AIT Austrian Institute of Technology)
Melissa Chase, David Derler, Steven Goldfeder, Claudio Orlandi, Sebastian Ramacher, Christian Rechberger, Daniel Slamanig, Greg Zaverucha. Post-Quantum Zero-Knowledge and Signatures from Symmetric-Key Primitives [PDF] (I1)
Ryan Sleevi (Google)
Mustafa Emre Acer, Emily Stark, Adrienne Porter Felt, Sascha Fahl, Radhika Bhargava, Bhanu Dev, Matt Braithwaite, Ryan Sleevi, Parisa Tabriz. Where the Wild Warnings Are: Root Causes of Chrome HTTPS Certificate Errors [PDF] (F5)
Matthew Smith (University of Bonn)
Alena Naiakshina, Anastasia Danilova, Christian Tiefenau, Marco Herzog, Sergej Dechand, Matthew Smith. Why Do Developers Get Password Storage Wrong? A Qualitative Usability Study [PDF] [Paper] (B2)
Alex C. Snoeren (University of California, San Diego)
Alexander Gamero-Garrido, Stefan Savage, Kirill Levchenko, Alex C. Snoeren. Quantifying the Pressure of Legal Risks on Third-party Vulnerability Research [PDF] [Paper] [Artifact] (G2)
Peter Snyder (University of Illinois at Chicago)
Peter Snyder, Cynthia Taylor, Chris Kanich. Most Websites Don’t Need to Vibrate: A Cost-Benefit Approach to Improving Browser Security [PDF] [Paper] (A4)
Yunmok Son (KAIST)
Yujin Kwon, Dohyun Kim, Yunmok Son, Eugene Vasserman, Yongdae Kim. Be Selfish and Avoid Dilemmas: Fork After Withholding (FAW) Attacks on Bitcoin [PDF] [Paper] (A5)
Congzheng Song (Cornell University)
Congzheng Song, Thomas Ristenpart, Vitaly Shmatikov. Machine Learning Models that Remember Too Much [PDF] (C3)
Dawn Song (University of California, Berkeley)
Xiaojun Xu, Chang Liu, Qian Feng, Heng Yin, Le Song, Dawn Song. Neural Network-based Graph Embedding for Cross-Platform Binary Code Similarity Detection [PDF] [Paper] (B3)
Le Song (Georgia Institute of Technology)
Xiaojun Xu, Chang Liu, Qian Feng, Heng Yin, Le Song, Dawn Song. Neural Network-based Graph Embedding for Cross-Platform Binary Code Similarity Detection [PDF] [Paper] (B3)
Vivek Srikumar (University of Utah)
Min Du, Feifei Li, Guineng Zheng, Vivek Srikumar. DeepLog: Anomaly Detection and Diagnosis from System Logs through Deep Learning [PDF] (F2)
Divesh Srivastava (AT&T Labs-Research)
Xi He, Ashwin Machanavajjhala, Cheryl Flynn, Divesh Srivastava. Composing Differential Privacy and Secure Computation: A case study on scaling private record linkage [PDF] [Paper] (F4)
Manolis Stamatogiannakis (Vrije Universiteit Amsterdam)
Victor van der Veen, Dennis Andriesse, Manolis Stamatogiannakis, Xi Chen, Herbert Bos, Cristiano Giuffrida. The Dynamics of Innocent Flesh on the Bone: Code Reuse Ten Years Later [PDF] [Paper] [Artifact] (H2)
Emily Stark (Google)
Mustafa Emre Acer, Emily Stark, Adrienne Porter Felt, Sascha Fahl, Radhika Bhargava, Bhanu Dev, Matt Braithwaite, Ryan Sleevi, Parisa Tabriz. Where the Wild Warnings Are: Root Causes of Chrome HTTPS Certificate Errors [PDF] (F5)
Oleksii Starov (Stony Brook University)
Meng Luo, Oleksii Starov, Nima Honarmand, Nick Nikiforakis. Hindsight: Understanding the Evolution of UI Vulnerabilities in Mobile Browsers [PDF] (A4)
Damien Stehle (ENS Lyon, Laboratoire LIP (U. Lyon, CNRS, ENSL, INRIA, UCBL))
Shweta Agrawal, Sanjay Bhattacherjee, Duong Hieu Phan, Damien Stehle, Shota Yamada. Efficient Public Trace-and-Revoke from Standard Assumptions [PDF] [Paper] (K1)
Noah Stephens-Davidowitz (New York University)
Shai Halevi, Tzipora Halevi, Victor Shoup, Noah Stephens-Davidowitz. Implementing BP-Obfuscation Using Graph-Induced Encoding [PDF] [Paper] (D1)
Gianluca Stringhini (University College London)
Shirin Nilizadeh, François Labrèche, Alireza Sadighian, Ali Zand, José Fernandez, Christopher Kruegel, Gianluca Stringhini, Giovanni Vigna. POISED: Spotting Twitter Spam Off the Beaten Paths [PDF] [Paper] (E4)
Pierre-Yves Strub (Ecole Polytechnique)
José Bacelar Almeida, Manuel Barbosa, Gilles Barthe, Arthur Blot, Benjamin Grégoire, Vincent Laporte, Tiago Oliveira, Hugo Pacheco, Benedikt Schmidt, Pierre-Yves Strub. Jasmin: High-Assurance and High-Speed Cryptography [PDF] [Artifact] (H4)
Pramod Subramanyan (University of California, Berkeley)
Pramod Subramanyan, Rohit Sinha, Ilia Lebedev, Srinivas Devadas, Sanjit Seshia. A Formal Foundation for Secure Remote Execution of Enclaves [PDF] [Paper] [Artifact] (K4)
Kun Sun (George Mason University)
Lingguang Lei, Yi He, Kun Sun, Jiwu Jing, Yuewu Wang, Qi Li, Jian Weng. Vulnerable Implicit Service: A Revisit [PDF] (E2)
Petr Svenda (Masaryk University)
Vasilios Mavroudis, Andrea Cerulli, Petr Svenda, Dan Cvrcek, Dusan Klinec, George Danezis. A Touch of Evil: High-Assurance Cryptographic Hardware from Untrusted Components [PDF] [Paper] [Artifact] (G5)
Matus Nemec, Marek Sys, Petr Svenda, Dusan Klinec, Vashek Matyas. The Return of Coppersmith’s Attack: Practical Factorization of Widely Used RSA Moduli [PDF] [Artifact] (H1)
Marek Sys (Masaryk University)
Matus Nemec, Marek Sys, Petr Svenda, Dusan Klinec, Vashek Matyas. The Return of Coppersmith’s Attack: Practical Factorization of Widely Used RSA Moduli [PDF] [Artifact] (H1)
Parisa Tabriz (Google)
Mustafa Emre Acer, Emily Stark, Adrienne Porter Felt, Sascha Fahl, Radhika Bhargava, Bhanu Dev, Matt Braithwaite, Ryan Sleevi, Parisa Tabriz. Where the Wild Warnings Are: Root Causes of Chrome HTTPS Certificate Errors [PDF] (F5)
Samaneh Tajalizadehkhoob (Delft University of Technology)
Samaneh Tajalizadehkhoob, Tom van Goethem, Maciej Korczyński, Arman Noroozian, Rainer Böhme, Tyler Moore, Wouter Joosen, Michel van Eeten. Herding Vulnerable Cats: A Statistical Approach to Disentangle Joint Responsibility for Web Security in Shared Hosting [PDF] [Paper] (C2)
Shahin Tajik (Technische Universität Berlin)
Shahin Tajik, Heiko Lohrke, Jean-Pierre Seifert, Christian Boit. On the Power of Optical Contactless Probing: Attacking Bitstream Encryption of FPGAs [PDF] [Paper] (H1)
Gang Tan (The Pennsylvania State University)
Shen Liu, Gang Tan, Trent Jaeger. PtrSplit: Supporting general pointers in automatic program partitioning [PDF] (K3)
Sheng Tan (Florida State University)
Linghan Zhang, Sheng Tan, Jie Yang. Hearing Your Voice Is Not Enough: An Articulatory Gesture Based Liveness Detection for Voice Authentication [PDF] (A2)
Haixu Tang (Indiana University)
Wenhao Wang, Guoxing Chen, Xiaorui Pan, Yinqian Zhang, XiaoFeng Wang, Vincent Bindschaedler, Haixu Tang, Carl A. Gunter. Leaky Cauldron on the Dark Land: Understanding Memory Side-Channel Hazards in SGX [PDF] (K4)
Qiang Tang (New Jersey Institute of Technology)
Alexander Russell, Qiang Tang, Moti Yung, Hong-Sheng Zhou. Generic Semantic Security against a Kleptographic Adversary [PDF] (D4)
Cynthia Taylor (University of Illinois at Chicago)
Peter Snyder, Cynthia Taylor, Chris Kanich. Most Websites Don’t Need to Vibrate: A Cost-Benefit Approach to Improving Browser Security [PDF] [Paper] (A4)
Mark Tehranipoor (University of Florida)
Animesh Chhotaray, Adib Nahiyan, Thomas Shrimpton, Domenic J Forte, Mark Tehranipoor. Standardizing Bad Cryptographic Practice - A teardown of the IEEE standard for protecting electronic-design intellectual property [PDF] (G3)
Justin Thaler (Georgetown University)
Riad S. Wahby, Ye Ji, Andrew J. Blumberg, abhi shelat, Justin Thaler, Michael Walfish, Thomas Wies. Full accounting for verifiable outsourcing [PDF] [Paper] (J1)
Jeremy Thomas (Carnegie Mellon University)
Sarah Pearman, Jeremy Thomas, Pardis Emami Naeini, Hana Habib, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, Serge Egelman, Alain Forget. Let’s go in for a closer look: Observing passwords in their natural habitat [PDF] (B2)
Kurt Thomas (Google)
Kurt Thomas, Frank Li, Ali Zand, Jake Barrett, Juri Ranieri, Luca Invernizzi, Yarik Markov, Oxana Comanescu, Vijay Eranti, Angelika Moscicki, Dan Margolis, Vern Paxson, Elie Bursztein. Data breaches, phishing, or malware? Understanding the risks of stolen credentials [PDF] (F5)
Matthew Thomas (Verisign Labs)
Qi Alfred Chen, Matthew Thomas, Eric Osterweil, Yulong Cao, Jie You, Z. Morley Mao. Client-side Name Collision Vulnerability in the New gTLD Era: A Systematic Study [PDF] [Paper] (D5)
Dave (Jing) Tian (University of Florida)
Grant Hernandez, Farhaan Fowze, Dave (Jing) Tian, Tuba Yavuz, Kevin Butler. FirmUSB: Vetting USB Device Firmware using Domain Informed Symbolic Execution [PDF] [Paper] (J4)
Mehdi Tibouchi (NTT Secure Platform Laboratories)
Thomas Espitau, Pierre-Alain Fouque, Benoït Gérard, Mehdi Tibouchi. Side-Channel Attacks on BLISS Lattice-Based Signatures: Exploiting Branch Tracing Against strongSwan and Electromagnetic Emanations in Microcontrollers [PDF] [Paper] [Artifact] (I1)
Christian Tiefenau (University of Bonn)
Alena Naiakshina, Anastasia Danilova, Christian Tiefenau, Marco Herzog, Sergej Dechand, Matthew Smith. Why Do Developers Get Password Storage Wrong? A Qualitative Usability Study [PDF] [Paper] (B2)
Ni Trieu (Oregon State University)
Vladimir Kolesnikov, Jesper Buus Nielsen, Mike Rosulek, Ni Trieu, Roberto Trifiletti. DUPLO: Unifying Cut-and-Choose for Garbled Circuits [PDF] [Paper] [Artifact] (A1)
Vladimir Kolesnikov, Naor Matania, Benny Pinkas, Mike Rosulek, Ni Trieu. Practical Multi-party Private Set Intersection from Symmetric-Key Techniques [PDF] [Paper] [Artifact] (F1)
Roberto Trifiletti (Aarhus University)
Vladimir Kolesnikov, Jesper Buus Nielsen, Mike Rosulek, Ni Trieu, Roberto Trifiletti. DUPLO: Unifying Cut-and-Choose for Garbled Circuits [PDF] [Paper] [Artifact] (A1)
Nico Döttling, Satrajit Ghosh, Jesper Buus Nielsen, Tobias Nilges, Roberto Trifiletti. TinyOLE: Efficient Actively Secure Two-Party Computation from Oblivious Linear Function Evaluation [PDF] (K1)
Carmela Troncoso (IMDEA Software Institute)
Simon Oya, Carmela Troncoso, Fernando Pérez-González. Back to the drawing board: Revisiting the design of optimal location privacy-preserving mechanisms [PDF] [Paper] (I3)
Ming-Hsien Tsai (Academia Sinica)
Ming-Hsien Tsai, Bow-Yaw Wang, Bo-Yin Yang. Certified Verification of Algebraic Properties on Low-Level Mathematical Constructs in Cryptographic Programs [PDF] (I4)
Petar Tsankov (ETH Zürich)
Martin Kucera, Petar Tsankov, Timon Gehr, Marco Guarnieri, Martin Vechev. Synthesis of Probabilistic Privacy Enforcement [PDF] [Artifact] (B4)
Gene Tsudik (University of California, Irvine)
Zhangkai Zhang, Xuhua Ding, Gene Tsudik, Jinhua Cui, Zhoujun Li. Presence Attestation: The Missing Link In Dynamic Trust Bootstrapping [PDF] (A2)
Luke Valenta (University of Pennsylvania)
Daniel Genkin, Luke Valenta, Yuval Yarom. May the Fourth Be With You: A Microarchitectural Side Channel Attack on Several Real-World Applications of Curve25519 [PDF] [Paper] (D3)
Thyla van der Merwe (Royal Holloway, University of London)
Cas Cremers, Marko Horvat, Jonathan Hoyland, Sam Scott, Thyla van der Merwe. A Comprehensive Symbolic Analysis of TLS 1.3 [PDF] [Paper] [Artifact] (H4)
Victor van der Veen (Vrije Universiteit Amsterdam)
Victor van der Veen, Dennis Andriesse, Manolis Stamatogiannakis, Xi Chen, Herbert Bos, Cristiano Giuffrida. The Dynamics of Innocent Flesh on the Bone: Code Reuse Ten Years Later [PDF] [Paper] [Artifact] (H2)
Mathy Vanhoef (KU Leuven, imec-DistriNet)
Mathy Vanhoef, Frank Piessens. Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2 [PDF] [Paper] (F3)
Nikolaos Vasiloglou (Symantec)
Yizheng Chen, Yacin Nadji, Athanasios Kountouras, Fabian Monrose, Roberto Perdisci, Manos Antonakakis, Nikolaos Vasiloglou. Practical Attacks Against Graph-based Clustering [PDF] [Paper] (E4)
Eugene Vasserman (Kansas State University)
Yujin Kwon, Dohyun Kim, Yunmok Son, Eugene Vasserman, Yongdae Kim. Be Selfish and Avoid Dilemmas: Fork After Withholding (FAW) Attacks on Bitcoin [PDF] [Paper] (A5)
Martin Vechev (ETH Zürich)
Martin Kucera, Petar Tsankov, Timon Gehr, Marco Guarnieri, Martin Vechev. Synthesis of Probabilistic Privacy Enforcement [PDF] [Artifact] (B4)
Eduardo Vela (Google)
Sebastian Lekies, Krzysztof Kotowicz, Samuel Groß , Eduardo Vela, Martin Johns. Code-reuse attacks for the Web: Breaking Cross-Site Scripting Mitigations via Script Gadgets [PDF] (H2)
Muthuramakrishnan Venkitasubramaniam (University of Rochester)
Scott Ames, Carmit Hazay, Yuval Ishai, Muthuramakrishnan Venkitasubramaniam. Ligero: Lightweight Sublinear Arguments Without a Trusted Setup [PDF] (J1)
Giovanni Vigna (University of California, Santa Barbara)
Jake Corina, Aravind Machiry, Christopher Salls, Yan Shoshitaishvili, Shuang Hao, Christopher Kruegel, Giovanni Vigna. DIFUZE: Interface Aware Fuzzing for Kernel Drivers [PDF] [Artifact] (J2)
Shirin Nilizadeh, François Labrèche, Alireza Sadighian, Ali Zand, José Fernandez, Christopher Kruegel, Gianluca Stringhini, Giovanni Vigna. POISED: Spotting Twitter Spam Off the Beaten Paths [PDF] [Paper] (E4)
Yan Shoshitaishvili, Michael Weissbacher, Lukas Dresel, Christopher Salls, Ruoyu Wang, Christopher Kruegel, Giovanni Vigna. Rise of the HaCRS: Augmenting Autonomous Cyber Reasoning Systems with Human Assistance [PDF] (B3)
Dhinakaran Vinayagamurthy (University of Waterloo)
Ben Fisch, Dhinakaran Vinayagamurthy, Dan Boneh, Sergey Gorbunov. Iron: Functional Encryption using Intel SGX [PDF] [Paper] (D1)
Thomas Vissers (KU Leuven, imec-DistriNet)
Thomas Vissers, Timothy Barron, Tom Van Goethem, Wouter Joosen, Nick Nikiforakis. The Wolf of Name Street: Hijacking Domains Through Their Nameservers [PDF] [Paper] (D5)
Bimal Viswanath (University of Chicago)
Yuanshun Yao, Bimal Viswanath, Jenna Cryan, Haitao Zheng, Ben Y. Zhao. Automated Crowdturfing Attacks and Defenses in Online Review Systems [PDF] [Paper] (E4)
Satyanarayana Vusirikala (Microsoft Research India)
Nishanth Chandran, Juan Garay, Payman Mohassel, Satyanarayana Vusirikala. Efficient, Constant-Round and Actively Secure MPC: Beyond the Three-Party Case [PDF] [Paper] (B1)
Riad S. Wahby (Stanford University)
Riad S. Wahby, Ye Ji, Andrew J. Blumberg, abhi shelat, Justin Thaler, Michael Walfish, Thomas Wies. Full accounting for verifiable outsourcing [PDF] [Paper] (J1)
Michael Walfish (New York University)
Riad S. Wahby, Ye Ji, Andrew J. Blumberg, abhi shelat, Justin Thaler, Michael Walfish, Thomas Wies. Full accounting for verifiable outsourcing [PDF] [Paper] (J1)
Bow-Yaw Wang (Academia Sinica)
Ming-Hsien Tsai, Bow-Yaw Wang, Bo-Yin Yang. Certified Verification of Algebraic Properties on Low-Level Mathematical Constructs in Cryptographic Programs [PDF] (I4)
Chen Wang (Rutgers University)
Jian Liu, Chen Wang, Yingying Chen, Nitesh Saxena. VibWrite: Towards Finger-input Authentication on Ubiquitous Surfaces via Physical Vibration [PDF] (A2)
Haining Wang (University of Delaware)
Daiping Liu, Zhou Li, Kun Du, Haining Wang, Baojun Liu, Haixin Duan. Don’t Let One Rotten Apple Spoil the Whole Barrel: Towards Automated Detection of Shadowed Domains [PDF] (C2)
Qingyang Wang (Louisiana State University, Computer Science and Engineering Division)
Huasong Shan, Qingyang Wang, Calton Pu. Tail Attacks on Web Applications [PDF] (H3)
Ruoyu Wang (University of California, Santa Barbara)
Yan Shoshitaishvili, Michael Weissbacher, Lukas Dresel, Christopher Salls, Ruoyu Wang, Christopher Kruegel, Giovanni Vigna. Rise of the HaCRS: Augmenting Autonomous Cyber Reasoning Systems with Human Assistance [PDF] (B3)
Weiren Wang (Georgia Institute of Technology)
Yang Ji, Sangho Lee, Evan Downing, Weiren Wang, Mattia Fazzini, Taesoo Kim, Alessandro Orso, Wenke Lee. RAIN: Refinable Attack Investigation with On-demand Inter-Process Information Flow Tracking [PDF] (B3)
Wenhao Wang (Indiana University)
Wenhao Wang, Guoxing Chen, Xiaorui Pan, Yinqian Zhang, XiaoFeng Wang, Vincent Bindschaedler, Haixu Tang, Carl A. Gunter. Leaky Cauldron on the Dark Land: Understanding Memory Side-Channel Hazards in SGX [PDF] (K4)
Wenhao Wang (University of Texas at Dallas)
Wenhao Wang, Xiaoyang Xu, Kevin Hamlen. Object Flow Integrity [PDF] (I2)
Xiao Wang (University of Maryland)
Xiao Wang, Samuel Ranellucci, Jonathan Katz. Authenticated Garbling and Efficient Maliciously Secure Two-Party Computation [PDF] [Paper] [Artifact] (A1)
Xiao Wang, Samuel Ranellucci, Jonathan Katz. Global-Scale Secure Multiparty Computation [PDF] [Paper] [Artifact] (A1)
XiaoFeng Wang (Indiana University)
Wenhao Wang, Guoxing Chen, Xiaorui Pan, Yinqian Zhang, XiaoFeng Wang, Vincent Bindschaedler, Haixu Tang, Carl A. Gunter. Leaky Cauldron on the Dark Land: Understanding Memory Side-Channel Hazards in SGX [PDF] (K4)
Yi Chen, Wei You, Yeonjoon Lee, Kai Chen, XiaoFeng Wang, Wei Zou. Mass Discovery of Android Traffic Imprints through Instantiated Partial Execution [PDF] (D2)
Wei You, Peiyuan Zong, Kai Chen, XiaoFeng Wang, Xiaojing Liao, Pan Bian, Bin Liang. SemFuzz: Semantics-based Automatic Generation of Proof-of-Concept Exploits [PDF] (J2)
Tongxin Li, Xueqiang Wang, Mingming Zha, Kai Chen, XiaoFeng Wang, Luyi Xing, Xiaolong Bai, Nan Zhang, Xinhui Han. Unleashing the Walking Dead: Understanding Cross-App Remote Infections on Mobile WebViews [PDF] (D2)
Xueqiang Wang (Indiana University)
Tongxin Li, Xueqiang Wang, Mingming Zha, Kai Chen, XiaoFeng Wang, Luyi Xing, Xiaolong Bai, Nan Zhang, Xinhui Han. Unleashing the Walking Dead: Understanding Cross-App Remote Infections on Mobile WebViews [PDF] (D2)
Yilei Wang (Newcastle University)
Changyu Dong, Yilei Wang, Amjad Aldweesh, Patrick McCorry, Aad van Moorsel. Betrayal, Distrust, and Rationality: Smart Counter-Collusion Contracts for Verifiable Cloud Computing [PDF] [Paper] [Artifact] (A5)
Yuewu Wang (Chinese Academy of Sciences, Institute of Information Engineering)
Lingguang Lei, Yi He, Kun Sun, Jiwu Jing, Yuewu Wang, Qi Li, Jian Weng. Vulnerable Implicit Service: A Revisit [PDF] (E2)
Lucas Waye (Harvard University)
Lucas Waye, Pablo Buiras, Owen Arden, Alejandro Russo, Stephen Chong. Cryptographically Secure Information Flow Control on Key-Value Stores [PDF] [Paper] (I2)
Hoeteck Wee (ENS, Paris)
Miguel Ambrona, Gilles Barthe, Romain Gay, Hoeteck Wee. Attribute-Based Encryption in the Generic Group Model: Automated Proofs and New Constructions [PDF] (C4)
Charles Weir (Security Lancaster, Lancaster University)
Duc Cuong Nguyen, Dominik Wermke, Yasemin Acar, Michael Backes, Charles Weir, Sascha Fahl. A Stitch in Time: Supporting Android Developers in Writing Secure Code [PDF] (E2)
Michael Weissbacher (Northeastern University)
Yan Shoshitaishvili, Michael Weissbacher, Lukas Dresel, Christopher Salls, Ruoyu Wang, Christopher Kruegel, Giovanni Vigna. Rise of the HaCRS: Augmenting Autonomous Cyber Reasoning Systems with Human Assistance [PDF] (B3)
Jian Weng (Jinan University)
Lingguang Lei, Yi He, Kun Sun, Jiwu Jing, Yuewu Wang, Qi Li, Jian Weng. Vulnerable Implicit Service: A Revisit [PDF] (E2)
Dominik Wermke (Leibniz University Hannover)
Duc Cuong Nguyen, Dominik Wermke, Yasemin Acar, Michael Backes, Charles Weir, Sascha Fahl. A Stitch in Time: Supporting Android Developers in Writing Secure Code [PDF] (E2)
Adam Wierman (California Institute of Technology)
Mohammad A. Islam, Shaolei Ren, Adam Wierman. Exploiting a Thermal Side Channel for Power Attacks in Multi-Tenant Data Centers [PDF] (E3)
Thomas Wies (New York University)
Riad S. Wahby, Ye Ji, Andrew J. Blumberg, abhi shelat, Justin Thaler, Michael Walfish, Thomas Wies. Full accounting for verifiable outsourcing [PDF] [Paper] (J1)
Joanne Woodage (Royal Holloway, University of London)
Rahul Chatterjee, Joanne Woodage, Yuval Pnueli, Anusha Chowdhury, Thomas Ristenpart. The TypTop System: Personalized Typo-tolerant Password Checking [PDF] [Paper] [Artifact] (B2)
Shujiang Wu (Lehigh University)
Yinzhi Cao, Zhanhao Chen, Song Li, Shujiang Wu. Deterministic Browser [PDF] [Paper] [Artifact] (A4)
Luning Xia (Chinese Academy of Sciences, Institute of Information Engineering)
Shijie Jia, Luning Xia, Bo Chen, Peng Liu. DEFTL: Implementing Plausibly Deniable Encryption in Flash Translation Layer [PDF] (J4)
Xiaokui Xiao (Nanyang Technological University)
Zhan Qin, Yin Yang, Ting Yu, Xiaokui Xiao, Issa Khalil, Kui Ren. Generating Synthetic Decentralized Social Graphs with Local Differential Privacy [PDF] (B4)
Yuan Xiao (The Ohio State University)
Yuan Xiao, Mengyuan Li, Sanchuan Chen, Yinqian Zhang. Stacco: Differentially Analyzing Side-Channel Traces for Detecting SSL/TLS Vulnerabilities in Secure Enclaves [PDF] [Paper] (D3)
Luyi Xing (Indiana University)
Tongxin Li, Xueqiang Wang, Mingming Zha, Kai Chen, XiaoFeng Wang, Luyi Xing, Xiaolong Bai, Nan Zhang, Xinhui Han. Unleashing the Walking Dead: Understanding Cross-App Remote Infections on Mobile WebViews [PDF] (D2)
Xinyu Xing (The Pennsylvania State University)
Jian Huang, Jun Xu, Xinyu Xing, Peng Liu, Moinuddin K. Qureshi. FlashGuard: Leveraging Intrinsic Flash Properties to Defend Against Encryption Ransomware [PDF] (J4)
Jun Xu (The Pennsylvania State University)
Jian Huang, Jun Xu, Xinyu Xing, Peng Liu, Moinuddin K. Qureshi. FlashGuard: Leveraging Intrinsic Flash Properties to Defend Against Encryption Ransomware [PDF] (J4)
Meng Xu (Georgia Institute of Technology)
Ruian Duan, Ashish Bijlani, Meng Xu, Taesoo Kim, Wenke Lee. Checking Open-Source License Violation and 1-day Security Risk at Large Scale [PDF] (J3)
Wen Xu (Georgia Institute of Technology)
Wen Xu, Sanidhya Kashyap, Changwoo Min, Taesoo Kim. Designing New Operating Primitives to Improve Fuzzing Performance [PDF] (K2)
Wenyuan Xu (Zhejiang University)
Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang, Taimin Zhang, Wenyuan Xu. DolphinAttack: Inaudible Voice Commands [PDF] [Paper] (A3)
Xiaojun Xu (Shanghai Jiao Tong University)
Xiaojun Xu, Chang Liu, Qian Feng, Heng Yin, Le Song, Dawn Song. Neural Network-based Graph Embedding for Cross-Platform Binary Code Similarity Detection [PDF] [Paper] (B3)
Xiaoyang Xu (University of Texas at Dallas)
Wenhao Wang, Xiaoyang Xu, Kevin Hamlen. Object Flow Integrity [PDF] (I2)
Shota Yamada (National Institute of Advanced Industrial Science and Technology (AIST), Japan)
Shweta Agrawal, Sanjay Bhattacherjee, Duong Hieu Phan, Damien Stehle, Shota Yamada. Efficient Public Trace-and-Revoke from Standard Assumptions [PDF] [Paper] (K1)
Chen Yan (Zhejiang University)
Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang, Taimin Zhang, Wenyuan Xu. DolphinAttack: Inaudible Voice Commands [PDF] [Paper] (A3)
Bo-Yin Yang (Academia Sinica)
Ming-Hsien Tsai, Bow-Yaw Wang, Bo-Yin Yang. Certified Verification of Algebraic Properties on Low-Level Mathematical Constructs in Cryptographic Programs [PDF] (I4)
Jie Yang (Florida State University)
Linghan Zhang, Sheng Tan, Jie Yang. Hearing Your Voice Is Not Enough: An Articulatory Gesture Based Liveness Detection for Voice Authentication [PDF] (A2)
Yin Yang (College of Science and Engineering, Hamad Bin Khalifa University)
Zhan Qin, Yin Yang, Ting Yu, Xiaokui Xiao, Issa Khalil, Kui Ren. Generating Synthetic Decentralized Social Graphs with Local Differential Privacy [PDF] (B4)
Yuanshun Yao (University of Chicago)
Yuanshun Yao, Bimal Viswanath, Jenna Cryan, Haitao Zheng, Ben Y. Zhao. Automated Crowdturfing Attacks and Defenses in Online Review Systems [PDF] [Paper] (E4)
Yuval Yarom (University of Adelaide / Data61)
Daniel Genkin, Luke Valenta, Yuval Yarom. May the Fourth Be With You: A Microarchitectural Side Channel Attack on Several Real-World Applications of Curve25519 [PDF] [Paper] (D3)
Peter Pessl, Leon Groot Bruinderink, Yuval Yarom. To BLISS-B or not to be - Attacking strongSwan’s Implementation of Post-Quantum Signatures [PDF] [Paper] (I1)
Muhammad Yasin (New York University)
Muhammad Yasin, Abhrajit Sengupta, Mohammed Thari Nabeel, Mohammed Ashraf, Jeyavijayan (JV) Rajendran, Ozgur Sinanoglu. Provably-Secure Logic Locking: From Theory To Practice [PDF] (G5)
Attila A. Yavuz (Oregon State University)
Thang Hoang, Ceyhun D. Ozkaptan, Attila A. Yavuz, Jorge Guajardo, Tam Nguyen. S3ORAM: A Computation-Efficient and Constant Client Bandwidth Blowup ORAM with Shamir Secret Sharing [PDF] [Paper] [Artifact] (C1)
Tuba Yavuz (University of Florida)
Grant Hernandez, Farhaan Fowze, Dave (Jing) Tian, Tuba Yavuz, Kevin Butler. FirmUSB: Vetting USB Device Firmware using Domain Informed Symbolic Execution [PDF] [Paper] (J4)
Katherine Q. Ye (Princeton University / Carnegie Mellon University)
Katherine Q. Ye, Matthew Green, Naphat Sanguansin, Lennart Beringer, Adam Petcher, Andrew W. Appel. Verified Correctness and Security of mbedTLS HMAC-DRBG [PDF] [Paper] [Artifact] (I4)
Heng Yin (University of California, Riverside)
David Korczynski, Heng Yin. Capturing Malware Propagations with Code Injections and Code-Reuse attacks [PDF] (H2)
Xiaojun Xu, Chang Liu, Qian Feng, Heng Yin, Le Song, Dawn Song. Neural Network-based Graph Embedding for Cross-Platform Binary Code Similarity Detection [PDF] [Paper] (B3)
Jie You (University of Michigan)
Qi Alfred Chen, Matthew Thomas, Eric Osterweil, Yulong Cao, Jie You, Z. Morley Mao. Client-side Name Collision Vulnerability in the New gTLD Era: A Systematic Study [PDF] [Paper] (D5)
Wei You (Indiana University)
Yi Chen, Wei You, Yeonjoon Lee, Kai Chen, XiaoFeng Wang, Wei Zou. Mass Discovery of Android Traffic Imprints through Instantiated Partial Execution [PDF] (D2)
Wei You, Peiyuan Zong, Kai Chen, XiaoFeng Wang, Xiaojing Liao, Pan Bian, Bin Liang. SemFuzz: Semantics-based Automatic Generation of Proof-of-Concept Exploits [PDF] (J2)
Ting Yu (Qatar Computing Research Institute, Hamad Bin Khalifa University)
Zhan Qin, Yin Yang, Ting Yu, Xiaokui Xiao, Issa Khalil, Kui Ren. Generating Synthetic Decentralized Social Graphs with Local Differential Privacy [PDF] (B4)
Moti Yung (Snap, Inc. / Columbia University)
Alexander Russell, Qiang Tang, Moti Yung, Hong-Sheng Zhou. Generic Semantic Security against a Kleptographic Adversary [PDF] (D4)
Eugen Zalinescu (Technische Universität München)
Bernd Finkbeiner, Christian Müller, Helmut Seidl, Eugen Zalinescu. Verifying Security Policies in Multi-agent Workflows with Loops [PDF] [Paper] [Artifact] (C4)
Ali Zand (Google)
Kurt Thomas, Frank Li, Ali Zand, Jake Barrett, Juri Ranieri, Luca Invernizzi, Yarik Markov, Oxana Comanescu, Vijay Eranti, Angelika Moscicki, Dan Margolis, Vern Paxson, Elie Bursztein. Data breaches, phishing, or malware? Understanding the risks of stolen credentials [PDF] (F5)
Ali Zand (University of California, Santa Barbara)
Shirin Nilizadeh, François Labrèche, Alireza Sadighian, Ali Zand, José Fernandez, Christopher Kruegel, Gianluca Stringhini, Giovanni Vigna. POISED: Spotting Twitter Spam Off the Beaten Paths [PDF] [Paper] (E4)
Greg Zaverucha (Microsoft Research)
Melissa Chase, David Derler, Steven Goldfeder, Claudio Orlandi, Sebastian Ramacher, Christian Rechberger, Daniel Slamanig, Greg Zaverucha. Post-Quantum Zero-Knowledge and Signatures from Symmetric-Key Primitives [PDF] (I1)
Mingming Zha (Chinese Academy of Sciences)
Tongxin Li, Xueqiang Wang, Mingming Zha, Kai Chen, XiaoFeng Wang, Luyi Xing, Xiaolong Bai, Nan Zhang, Xinhui Han. Unleashing the Walking Dead: Understanding Cross-App Remote Infections on Mobile WebViews [PDF] (D2)
Fan Zhang (Cornell University)
Ethan Cecchetti, Fan Zhang, Yan Ji, Ahmed Kosba, Ari Juels, Elaine Shi. Solidus: Confidential Distributed Ledger Transactions via PVORM [PDF] [Paper] (C5)
Guoming Zhang (Zhejiang University)
Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang, Taimin Zhang, Wenyuan Xu. DolphinAttack: Inaudible Voice Commands [PDF] [Paper] (A3)
Linghan Zhang (Florida State University)
Linghan Zhang, Sheng Tan, Jie Yang. Hearing Your Voice Is Not Enough: An Articulatory Gesture Based Liveness Detection for Voice Authentication [PDF] (A2)
Nan Zhang (Indiana University)
Tongxin Li, Xueqiang Wang, Mingming Zha, Kai Chen, XiaoFeng Wang, Luyi Xing, Xiaolong Bai, Nan Zhang, Xinhui Han. Unleashing the Walking Dead: Understanding Cross-App Remote Infections on Mobile WebViews [PDF] (D2)
Taimin Zhang (Zhejiang University)
Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang, Taimin Zhang, Wenyuan Xu. DolphinAttack: Inaudible Voice Commands [PDF] [Paper] (A3)
Tianchen Zhang (Zhejiang University)
Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang, Taimin Zhang, Wenyuan Xu. DolphinAttack: Inaudible Voice Commands [PDF] [Paper] (A3)
Yang Zhang (CISPA, Saarland University)
Michael Backes, Mathias Humbert, Jun Pang, Yang Zhang. walk2friends: Inferring Social Links from Mobility Profiles [PDF] [Paper] [Artifact] (I3)
Yinqian Zhang (The Ohio State University)
Wenhao Wang, Guoxing Chen, Xiaorui Pan, Yinqian Zhang, XiaoFeng Wang, Vincent Bindschaedler, Haixu Tang, Carl A. Gunter. Leaky Cauldron on the Dark Land: Understanding Memory Side-Channel Hazards in SGX [PDF] (K4)
Yuan Xiao, Mengyuan Li, Sanchuan Chen, Yinqian Zhang. Stacco: Differentially Analyzing Side-Channel Traces for Detecting SSL/TLS Vulnerabilities in Secure Enclaves [PDF] [Paper] (D3)
Zhangkai Zhang (Beihang University)
Zhangkai Zhang, Xuhua Ding, Gene Tsudik, Jinhua Cui, Zhoujun Li. Presence Attestation: The Missing Link In Dynamic Trust Bootstrapping [PDF] (A2)
Ben Y. Zhao (University of Chicago)
Yuanshun Yao, Bimal Viswanath, Jenna Cryan, Haitao Zheng, Ben Y. Zhao. Automated Crowdturfing Attacks and Defenses in Online Review Systems [PDF] [Paper] (E4)
Jason Zhao (Columbia University)
Theofilos Petsios, Jason Zhao, Angelos D. Keromytis, Suman Jana. SlowFuzz: Automated Domain-Independent Detection of Algorithmic Complexity Vulnerabilities [PDF] [Paper] (J2)
Qingchuan Zhao (University of Texas at Dallas)
Chaoshun Zuo, Qingchuan Zhao, Zhiqiang Lin. AUTHSCOPE: Towards Automatic Discovery of Vulnerable Access Control in Online Services [PDF] (D2)
Guineng Zheng (University of Utah)
Min Du, Feifei Li, Guineng Zheng, Vivek Srikumar. DeepLog: Anomaly Detection and Diagnosis from System Logs through Deep Learning [PDF] (F2)
Haitao Zheng (University of Chicago)
Yuanshun Yao, Bimal Viswanath, Jenna Cryan, Haitao Zheng, Ben Y. Zhao. Automated Crowdturfing Attacks and Defenses in Online Review Systems [PDF] [Paper] (E4)
Hong-Sheng Zhou (Virginia Commonwealth University)
Alexander Russell, Qiang Tang, Moti Yung, Hong-Sheng Zhou. Generic Semantic Security against a Kleptographic Adversary [PDF] (D4)
Ruiyu Zhu (Indiana University)
Ruiyu Zhu, Yan Huang, Darion Cassel. Pool: Scalable On-Demand Secure Computation Service Against Malicious Adversaries [PDF] [Paper] [Artifact] (B1)
Jean-Karim Zinzindohoué (Inria Paris)
Jean-Karim Zinzindohoué, Karthikeyan Bhargavan, Jonathan Protzenko, Benjamin Beurdouche. HACL*: A Verified Modern Cryptographic Library [PDF] [Paper] [Artifact] (H4)
Hadi Zolfaghari (University of Massachusetts Amherst)
Milad Nasr, Hadi Zolfaghari, Amir Houmansadr. The Waterfall of Liberty: Decoy Routing Circumvention that Resists Routing Attacks [PDF] [Artifact] (I5)
Peiyuan Zong (Chinese Academy of Sciences, Institute of Information Engineering)
Wei You, Peiyuan Zong, Kai Chen, XiaoFeng Wang, Xiaojing Liao, Pan Bian, Bin Liang. SemFuzz: Semantics-based Automatic Generation of Proof-of-Concept Exploits [PDF] (J2)
Saman Zonouz (Rutgers University)
Yi Han, Sriharsha Etigowni, Hua Liu, Saman Zonouz, Athina Petropulu. Watch Me, but Don’t Touch Me! Contactless Control Flow Monitoring via Electromagnetic Emanations [PDF] [Paper] (E3)
Wei Zou (University of Chinese Academy of Sciences)
Yi Chen, Wei You, Yeonjoon Lee, Kai Chen, XiaoFeng Wang, Wei Zou. Mass Discovery of Android Traffic Imprints through Instantiated Partial Execution [PDF] (D2)
Chaoshun Zuo (University of Texas at Dallas)
Chaoshun Zuo, Qingchuan Zhao, Zhiqiang Lin. AUTHSCOPE: Towards Automatic Discovery of Vulnerable Access Control in Online Services [PDF] (D2)