ACM Conference on Computer and Communications Security

CCS 2017 - All Sessions

List By Authors · Institutions · Papers by Session · Papers by Topic · Award Finalists · Available Papers · Artifacts

1A: Multi-Party Computation 1, Tuesday, 10:45am-noon (Session chair: Marcel Keller)

DUPLO: Unifying Cut-and-Choose for Garbled Circuits (Vladimir Kolesnikov, Jesper Buus Nielsen, Mike Rosulek, Ni Trieu, Roberto Trifiletti) [PDF] [Paper] [Artifact]
Authenticated Garbling and Efficient Maliciously Secure Two-Party Computation (Xiao Wang, Samuel Ranellucci, Jonathan Katz) [PDF] [Paper] [Artifact]
Global-Scale Secure Multiparty Computation (Xiao Wang, Samuel Ranellucci, Jonathan Katz) [PDF] [Paper] [Artifact]

2A: Human Authentication, Tuesday, 10:45am-noon (Session chair: Jeremiah Blocki)

Hearing Your Voice Is Not Enough: An Articulatory Gesture Based Liveness Detection for Voice Authentication (Linghan Zhang, Sheng Tan, Jie Yang) [PDF]
VibWrite: Towards Finger-input Authentication on Ubiquitous Surfaces via Physical Vibration (Jian Liu, Chen Wang, Yingying Chen, Nitesh Saxena) [PDF]
Presence Attestation: The Missing Link In Dynamic Trust Bootstrapping (Zhangkai Zhang, Xuhua Ding, Gene Tsudik, Jinhua Cui, Zhoujun Li) [PDF]

3A: Adversarial Machine Learning, Tuesday, 10:45am-noon (Session chair: Saman Zonouz)

DolphinAttack: Inaudible Voice Commands (Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang, Taimin Zhang, Wenyuan Xu) [PDF] [Paper]
Evading Classifiers by Morphing in the Dark (Hung Dang, Yue Huang, Ee-Chien Chang) [PDF]
MagNet: a Two-Pronged Defense against Adversarial Examples (Dongyu Meng, Hao Chen) [PDF] [Paper]

4A: Browsers, Tuesday, 10:45am-noon (Session chair: Joseph Calandrino)

Hindsight: Understanding the Evolution of UI Vulnerabilities in Mobile Browsers (Meng Luo, Oleksii Starov, Nima Honarmand, Nick Nikiforakis) [PDF]
Deterministic Browser (Yinzhi Cao, Zhanhao Chen, Song Li, Shujiang Wu) [PDF] [Paper] [Artifact]
Most Websites Don't Need to Vibrate: A Cost-Benefit Approach to Improving Browser Security (Peter Snyder, Cynthia Taylor, Chris Kanich) [PDF] [Paper]

5A: Cryptocurrency, Tuesday, 10:45am-noon (Session chair: Aniket Kate)

Be Selfish and Avoid Dilemmas: Fork After Withholding (FAW) Attacks on Bitcoin (Yujin Kwon, Dohyun Kim, Yunmok Son, Eugene Vasserman, Yongdae Kim) [PDF] [Paper]
Betrayal, Distrust, and Rationality: Smart Counter-Collusion Contracts for Verifiable Cloud Computing (Changyu Dong, Yilei Wang, Amjad Aldweesh, Patrick McCorry, Aad van Moorsel) [PDF] [Paper] [Artifact]
Zero-Knowledge Contingent Payments Revisited: Attacks and Payments for Services (Matteo Campanelli, Rosario Gennaro, Steven Goldfeder, Luca Nizzardo) [PDF] [Paper] [Artifact]

1B: Multi-Party Computation 2, Tuesday, 1:45-3:15pm (Session chair: Samee Zahur)

Pool: Scalable On-Demand Secure Computation Service Against Malicious Adversaries (Ruiyu Zhu, Yan Huang, Darion Cassel) [PDF] [Paper] [Artifact]
A Framework for Constructing Fast MPC over Arithmetic Circuits with Malicious Adversaries and an Honest-Majority (Yehuda Lindell, Ariel Nof) [PDF] [Paper]
Efficient, Constant-Round and Actively Secure MPC: Beyond the Three-Party Case (Nishanth Chandran, Juan Garay, Payman Mohassel, Satyanarayana Vusirikala) [PDF] [Paper]

2B: Passwords, Tuesday, 1:45-3:15pm (Session chair: Hamed Okhravi)

Let's go in for a closer look: Observing passwords in their natural habitat (Sarah Pearman, Jeremy Thomas, Pardis Emami Naeini, Hana Habib, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, Serge Egelman, Alain Forget) [PDF]
Why Do Developers Get Password Storage Wrong? A Qualitative Usability Study (Alena Naiakshina, Anastasia Danilova, Christian Tiefenau, Marco Herzog, Sergej Dechand, Matthew Smith) [PDF] [Paper]
The TypTop System: Personalized Typo-tolerant Password Checking (Rahul Chatterjee, Joanne Woodage, Yuval Pnueli, Anusha Chowdhury, Thomas Ristenpart) [PDF] [Paper] [Artifact]

3B: Investigating Attacks, Tuesday, 1:45-3:15pm (Session chair: Georgios Portokalidis)

Rise of the HaCRS: Augmenting Autonomous Cyber Reasoning Systems with Human Assistance (Yan Shoshitaishvili, Michael Weissbacher, Lukas Dresel, Christopher Salls, Ruoyu Wang, Christopher Kruegel, Giovanni Vigna) [PDF]
Neural Network-based Graph Embedding for Cross-Platform Binary Code Similarity Detection (Xiaojun Xu, Chang Liu, Qian Feng, Heng Yin, Le Song, Dawn Song) [PDF] [Paper]
RAIN: Refinable Attack Investigation with On-demand Inter-Process Information Flow Tracking (Yang Ji, Sangho Lee, Evan Downing, Weiren Wang, Mattia Fazzini, Taesoo Kim, Alessandro Orso, Wenke Lee) [PDF]

4B: Privacy Policies, Tuesday, 1:45-3:15pm (Session chair: Michael Hicks)

Synthesis of Probabilistic Privacy Enforcement (Martin Kucera, Petar Tsankov, Timon Gehr, Marco Guarnieri, Martin Vechev) [PDF] [Artifact]
A Type System for Privacy Properties (Véronique Cortier, Niklas Grimm, Joseph Lallemand, Matteo Maffei) [PDF] [Paper] [Artifact]
Generating Synthetic Decentralized Social Graphs with Local Differential Privacy (Zhan Qin, Yin Yang, Ting Yu, Xiaokui Xiao, Issa Khalil, Kui Ren) [PDF]

5B: Blockchains, Tuesday, 1:45-3:15pm (Session chair: Christina Garman)

Revive: Rebalancing Off-Blockchain Payment Networks (Rami Khalil, Arthur Gervais) [PDF] [Artifact]
Concurrency and Privacy with Payment-Channel Networks (Giulio Malavolta, Pedro Moreno-Sanchez, Aniket Kate, Matteo Maffei, Srivatsan Ravi) [PDF] [Paper]
Bolt: Anonymous Payment Channels for Decentralized Currencies (Matthew Green, Ian Miers) [PDF]

1C: Oblivious RAM, Tuesday, 3:45-5:15pm (Session chair: Yan Huang)

S3ORAM: A Computation-Efficient and Constant Client Bandwidth Blowup ORAM with Shamir Secret Sharing (Thang Hoang, Ceyhun D. Ozkaptan, Attila A. Yavuz, Jorge Guajardo, Tam Nguyen) [PDF] [Paper] [Artifact]
Deterministic, Stash-Free Write-Only ORAM (Daniel S. Roche, Adam J. Aviv, Seung Geol Choi, Travis Mayberry) [PDF] [Paper] [Artifact]
Scaling ORAM for Secure Computation (Jack Doerner, abhi shelat) [PDF] [Paper] [Artifact]

2C: World Wide Web of Wickedness, Tuesday, 3:45-5:15pm (Session chair: Gianluca Stringhini)

Don't Let One Rotten Apple Spoil the Whole Barrel: Towards Automated Detection of Shadowed Domains (Daiping Liu, Zhou Li, Kun Du, Haining Wang, Baojun Liu, Haixin Duan) [PDF]
Herding Vulnerable Cats: A Statistical Approach to Disentangle Joint Responsibility for Web Security in Shared Hosting (Samaneh Tajalizadehkhoob, Tom van Goethem, Maciej Korczyński, Arman Noroozian, Rainer Böhme, Tyler Moore, Wouter Joosen, Michel van Eeten) [PDF] [Paper]
Hiding in Plain Sight: A Longitudinal Study of Combosquatting Abuse (Panagiotis Kintis, Najmeh Miramirkhani, Charles Lever, Yizheng Chen, Rosa Romero-Gómez, Nikolaos Pitropakis, Nick Nikiforakis, Manos Antonakakis) [PDF] [Paper]

3C: Machine Learning Privacy, Tuesday, 3:45-5:15pm (Session chair: Aylin Caliskan)

Machine Learning Models that Remember Too Much (Congzheng Song, Thomas Ristenpart, Vitaly Shmatikov) [PDF]
Deep Models Under the GAN: Information Leakage from Collaborative Deep Learning (Briland Hitaj, Giuseppe Ateniese, Fernando Perez-Cruz) [PDF] [Paper]
Oblivious Neural Network Predictions via MiniONN transformations (Jian Liu, Mika Juuti, Yao Lu, N. Asokan) [PDF] [Paper]

4C: From Verification to ABE, Tuesday, 3:45-5:15pm (Session chair: Shai Halevi)

Verifying Security Policies in Multi-agent Workflows with Loops (Bernd Finkbeiner, Christian Müller, Helmut Seidl, Eugen Zalinescu) [PDF] [Paper] [Artifact]
Attribute-Based Encryption in the Generic Group Model: Automated Proofs and New Constructions (Miguel Ambrona, Gilles Barthe, Romain Gay, Hoeteck Wee) [PDF]
FAME: Fast Attribute-based Message Encryption (Shashank Agrawal, Melissa Chase) [PDF] [Paper] [Artifact]

5C: Using Blockchains, Tuesday, 3:45-5:15pm (Session chair: Nicolas Cristin)

Practical UC-Secure Delegatable Credentials with Attributes and Their Application to Blockchain (Jan Camenisch, Manu Drijvers, Maria Dubovitskaya) [PDF]
Solidus: Confidential Distributed Ledger Transactions via PVORM (Ethan Cecchetti, Fan Zhang, Yan Ji, Ahmed Kosba, Ari Juels, Elaine Shi) [PDF] [Paper]
Fairness in an Unfair World: Fair Multiparty Computation from Public Bulletin Boards (Arka Rai Choudhuri, Matthew Green, Abhishek Jain, Gabriel Kaptchuk, Ian Miers) [PDF]

1D: Functional Encryption and Obfuscation, Wednesday, 9:00-10:30am (Session chair: Tal Malkin)

5Gen-C: Multi-input Functional Encryption and Program Obfuscation for Arithmetic Circuits (Brent Carmer, Alex J. Malozemoff, Mariana Raykova) [PDF] [Artifact]
Iron: Functional Encryption using Intel SGX (Ben Fisch, Dhinakaran Vinayagamurthy, Dan Boneh, Sergey Gorbunov) [PDF] [Paper]
Implementing BP-Obfuscation Using Graph-Induced Encoding (Shai Halevi, Tzipora Halevi, Victor Shoup, Noah Stephens-Davidowitz) [PDF] [Paper]

2D: Vulnerable Mobile Apps, Wednesday, 9:00-10:30am (Session chair: Yao Liu)

AUTHSCOPE: Towards Automatic Discovery of Vulnerable Access Control in Online Services (Chaoshun Zuo, Qingchuan Zhao, Zhiqiang Lin) [PDF]
Mass Discovery of Android Traffic Imprints through Instantiated Partial Execution (Yi Chen, Wei You, Yeonjoon Lee, Kai Chen, XiaoFeng Wang, Wei Zou) [PDF]
Unleashing the Walking Dead: Understanding Cross-App Remote Infections on Mobile WebViews (Tongxin Li, Xueqiang Wang, Mingming Zha, Kai Chen, XiaoFeng Wang, Luyi Xing, Xiaolong Bai, Nan Zhang, Xinhui Han) [PDF]

3D: Logical Side Channels, Wednesday, 9:00-10:30am (Session chair: Mohit Tiwari)

May the Fourth Be With You: A Microarchitectural Side Channel Attack on Several Real-World Applications of Curve25519 (Daniel Genkin, Luke Valenta, Yuval Yarom) [PDF] [Paper]
Stacco: Differentially Analyzing Side-Channel Traces for Detecting SSL/TLS Vulnerabilities in Secure Enclaves (Yuan Xiao, Mengyuan Li, Sanchuan Chen, Yinqian Zhang) [PDF] [Paper]
Precise Detection of Side-Channel Vulnerabilities using Quantitative Cartesian Hoare Logic (Jia Chen, Yu Feng, Isil Dillig) [PDF]

4D: Crypto Primitives, Wednesday, 9:00-10:30am (Session chair: abhi shelat)

Better Than Advertised: Improved Collision-Resistance Guarantees for MD-Based Hash Functions (Mihir Bellare, Joseph Jaeger, Julia Len) [PDF]
Generic Semantic Security against a Kleptographic Adversary (Alexander Russell, Qiang Tang, Moti Yung, Hong-Sheng Zhou) [PDF]
Defending Against Key Exfiltration: Efficiency Improvements for Big-Key Cryptography via Large-Alphabet Subkey Prediction (Mihir Bellare, Wei Dai) [PDF]

5D: Network Security, Wednesday, 9:00-10:30am (Session chair: Ivan Martinovic)

Client-side Name Collision Vulnerability in the New gTLD Era: A Systematic Study (Qi Alfred Chen, Matthew Thomas, Eric Osterweil, Yulong Cao, Jie You, Z. Morley Mao) [PDF] [Paper]
The Wolf of Name Street: Hijacking Domains Through Their Nameservers (Thomas Vissers, Timothy Barron, Tom Van Goethem, Wouter Joosen, Nick Nikiforakis) [PDF] [Paper]
Faulds: A Non-Parametric Iterative Classifier for Internet-Wide OS Fingerprinting (Zain Shamsi, Daren B.H. Cline, Dmitri Loguinov) [PDF] [Paper]

1E: Hardening Crypto, Wednesday, 11:00am-12:30pm (Session chair: Samee Zahur)

T/Key: Second-Factor Authentication From Secure Hash Chains (Dmitry Kogan, Nathan Manohar, Dan Boneh) [PDF] [Paper]
Practical Graphs for Optimal Side-Channel Resistant Memory-Hard Functions (Joel Alwen, Jeremiah Blocki, Ben Harsha) [PDF] [Paper] [Artifact]
Better Bounds for Block Cipher Modes of Operation via Nonce-Based Key Derivation (Shay Gueron, Yehuda Lindell) [PDF] [Paper]

2E: Securing Mobile Apps, Wednesday, 11:00am-12:30pm (Session chair: Kyu Hyung Lee)

The ART of App Compartmentalization: Compiler-based Library Privilege Separation on Stock Android (Jie Huang, Oliver Schranz, Sven Bugiel, Michael Backes) [PDF]
Vulnerable Implicit Service: A Revisit (Lingguang Lei, Yi He, Kun Sun, Jiwu Jing, Yuewu Wang, Qi Li, Jian Weng) [PDF]
A Stitch in Time: Supporting Android Developers in Writing Secure Code (Duc Cuong Nguyen, Dominik Wermke, Yasemin Acar, Michael Backes, Charles Weir, Sascha Fahl) [PDF]

3E: Physical Side Channels, Wednesday, 11:00am-12:30pm (Session chair: Alvaro A. Cardenas)

Exploiting a Thermal Side Channel for Power Attacks in Multi-Tenant Data Centers (Mohammad A. Islam, Shaolei Ren, Adam Wierman) [PDF]
Watch Me, but Don't Touch Me! Contactless Control Flow Monitoring via Electromagnetic Emanations (Yi Han, Sriharsha Etigowni, Hua Liu, Saman Zonouz, Athina Petropulu) [PDF] [Paper]
Viden: Attacker Identification on In-Vehicle Networks (Kyong-Tak Cho, Kang G. Shin) [PDF] [Paper]

4E: Adversarial Social Networking, Wednesday, 11:00am-12:30pm (Session chair: Hao Chen)

Practical Attacks Against Graph-based Clustering (Yizheng Chen, Yacin Nadji, Athanasios Kountouras, Fabian Monrose, Roberto Perdisci, Manos Antonakakis, Nikolaos Vasiloglou) [PDF] [Paper]
Automated Crowdturfing Attacks and Defenses in Online Review Systems (Yuanshun Yao, Bimal Viswanath, Jenna Cryan, Haitao Zheng, Ben Y. Zhao) [PDF] [Paper]
POISED: Spotting Twitter Spam Off the Beaten Paths (Shirin Nilizadeh, François Labrèche, Alireza Sadighian, Ali Zand, José Fernandez, Christopher Kruegel, Gianluca Stringhini, Giovanni Vigna) [PDF] [Paper]

5E: Privacy-Preserving Analytics, Wednesday, 11:00am-12:30pm (Session chair: Yinqian Zhang)

Practical Secure Aggregation for Privacy-Preserving Machine Learning (Keith Bonawitz, Vladimir Ivanov, Ben Kreuter, Antonio Marcedone, H. Brendan McMahan, Sarvar Patel, Daniel Ramage, Aaron Segal, Karn Seth) [PDF] [Paper]
Use Privacy in Data-Driven Systems: Theory and Experiments with Machine Learnt Programs (Anupam Datta, Matthew Fredrikson, Gihyuk Ko, Piotr Mardziel, Shayak Sen) [PDF] [Paper] [Artifact]
SGX-BigMatrix: A Practical Encrypted Data Analytic Framework With Trusted Processors (Fahad Shaon, Murat Kantarcioglu, Zhiqiang Lin, Latifur Khan) [PDF]

1F: Private Set Intersection, Wednesday, 2:00-3:30pm (Session chair: XiaoFeng Wang)

Malicious-Secure Private Set Intersection via Dual Execution (Peter Rindal, Mike Rosulek) [PDF] [Paper] [Artifact]
Fast Private Set Intersection from Homomorphic Encryption (Hao Chen, Kim Laine, Peter Rindal) [PDF] [Paper]
Practical Multi-party Private Set Intersection from Symmetric-Key Techniques (Vladimir Kolesnikov, Naor Matania, Benny Pinkas, Mike Rosulek, Ni Trieu) [PDF] [Paper] [Artifact]

2F: Insights from Log(in)s, Wednesday, 2:00-3:30pm (Session chair: Trent Jaeger)

Detecting Structurally Anomalous Logins Within Enterprise Networks (Hossein Siadati, Nasir Memon) [PDF]
DeepLog: Anomaly Detection and Diagnosis from System Logs through Deep Learning (Min Du, Feifei Li, Guineng Zheng, Vivek Srikumar) [PDF]
Predicting the Risk of Cyber Incidents (Leyla Bilge, Yufei Han, Matteo Dell'Amico) [PDF]

3F: Crypto Pitfalls, Wednesday, 2:00-3:30pm (Session chair: Guanhua Yan)

Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2 (Mathy Vanhoef, Frank Piessens) [PDF] [Paper]
CCCP: Closed Caption Crypto Phones to Resist MITM Attacks, Human Errors and Click-Through (Maliheh Shirvanian, Nitesh Saxena) [PDF]
No-Match Attacks and Robust Partnering Definitions — Defining Trivial Attacks for Security Protocols is Not Trivial (Yong Li, Sven Schäge) [PDF] [Paper]

4F: Private Queries, Wednesday, 2:00-3:30pm (Session chair: Amir Houmansadr)

Querying for Queries: Indexes of Queries for Efficient and Expressive IT-PIR (Syed Mahbub Hafiz, Ryan Henry) [PDF] [Paper]
PeGaSus: Data-Adaptive Differentially Private Stream Processing (Yan Chen, Ashwin Machanavajjhala, Michael Hay, Gerome Miklau) [PDF]
Composing Differential Privacy and Secure Computation: A case study on scaling private record linkage (Xi He, Ashwin Machanavajjhala, Cheryl Flynn, Divesh Srivastava) [PDF] [Paper]

5F: Understanding Security Fails, Wednesday, 2:00-3:30pm (Session chair: Nick Nikiforakis)

Where the Wild Warnings Are: Root Causes of Chrome HTTPS Certificate Errors (Mustafa Emre Acer, Emily Stark, Adrienne Porter Felt, Sascha Fahl, Radhika Bhargava, Bhanu Dev, Matt Braithwaite, Ryan Sleevi, Parisa Tabriz) [PDF]
Data breaches, phishing, or malware? Understanding the risks of stolen credentials (Kurt Thomas, Frank Li, Ali Zand, Jake Barrett, Juri Ranieri, Luca Invernizzi, Yarik Markov, Oxana Comanescu, Vijay Eranti, Angelika Moscicki, Dan Margolis, Vern Paxson, Elie Bursztein) [PDF]
Certified Malware: Measuring Breaches of Trust in the Windows Code-Signing PKI (Doowon Kim, Bum Jun Kwon, Tudor Dumitraş ) [PDF]

1G: Searchable Encryption, Wednesday, 4:00-5:00pm (Session chair: Mariana Raykova)

Forward Secure Dynamic Searchable Symmetric Encryption with Efficient Updates (Kee Sung Kim, Minkyu Kim, Dongsoo Lee, Je Hong Park, Woo-Hwan Kim) [PDF]
Forward and Backward Private Searchable Encryption from Constrained Cryptographic Primitives (Raphael Bost, Brice Minaud, Olga Ohrimenko) [PDF] [Paper] [Artifact]

2G: Bug-Hunting Risks and Rewards, Wednesday, 4:00-5:00pm (Session chair: Mathias Payer)

Economic Factors of Vulnerability Trade and Exploitation: Empirical evidence from a prominent Russian cybercrime market (Luca Allodi) [PDF] [Paper]
Quantifying the Pressure of Legal Risks on Third-party Vulnerability Research (Alexander Gamero-Garrido, Stefan Savage, Kirill Levchenko, Alex C. Snoeren) [PDF] [Paper] [Artifact]

3G: Crypto Standards, Wednesday, 4:00-5:00pm (Session chair: Shai Halevi)

Identity-Based Format-Preserving Encryption (Mihir Bellare, Viet Tung Hoang) [PDF]
Standardizing Bad Cryptographic Practice - A teardown of the IEEE standard for protecting electronic-design intellectual property (Animesh Chhotaray, Adib Nahiyan, Thomas Shrimpton, Domenic J Forte, Mark Tehranipoor) [PDF]

4G: Voting, Wednesday, 4:00-5:00pm (Session chair: Marcel Keller)

New Techniques for Structural Batch Verification in Bilinear Groups with Applications to Groth-Sahai Proofs (Gottfried Herold, Max Hoffmann, Michael Klooß , Carla Ràfols, Andy Rupp) [PDF] [Paper]
Practical Quantum-Safe Voting from Lattices (Rafael del Pino, Vadim Lyubashevsky, Gregory Neven, Gregor Seiler) [PDF]

5G: Hardening Hardware, Wednesday, 4:00-5:00pm (Session chair: Haining Wang)

A Touch of Evil: High-Assurance Cryptographic Hardware from Untrusted Components (Vasilios Mavroudis, Andrea Cerulli, Petr Svenda, Dan Cvrcek, Dusan Klinec, George Danezis) [PDF] [Paper] [Artifact]
Provably-Secure Logic Locking: From Theory To Practice (Muhammad Yasin, Abhrajit Sengupta, Mohammed Thari Nabeel, Mohammed Ashraf, Jeyavijayan (JV) Rajendran, Ozgur Sinanoglu) [PDF]

1H: Crypto Attacks, Thursday, 9:00-10:30am (Session chair: Daniel Genkin)

The Return of Coppersmith's Attack: Practical Factorization of Widely Used RSA Moduli (Matus Nemec, Marek Sys, Petr Svenda, Dusan Klinec, Vashek Matyas) [PDF] [Artifact]
Algorithm Substitution Attacks from a Steganographic Perspective (Sebastian Berndt, Maciej Liskiewicz) [PDF] [Paper]
On the Power of Optical Contactless Probing: Attacking Bitstream Encryption of FPGAs (Shahin Tajik, Heiko Lohrke, Jean-Pierre Seifert, Christian Boit) [PDF] [Paper]

2H: Code Reuse Attacks, Thursday, 9:00-10:30am (Session chair: Hovav Shacham (Honorary Session Chair))

The Dynamics of Innocent Flesh on the Bone: Code Reuse Ten Years Later (Victor van der Veen, Dennis Andriesse, Manolis Stamatogiannakis, Xi Chen, Herbert Bos, Cristiano Giuffrida) [PDF] [Paper] [Artifact]
Capturing Malware Propagations with Code Injections and Code-Reuse attacks (David Korczynski, Heng Yin) [PDF]
Code-reuse attacks for the Web: Breaking Cross-Site Scripting Mitigations via Script Gadgets (Sebastian Lekies, Krzysztof Kotowicz, Samuel Groß , Eduardo Vela, Martin Johns) [PDF]

3H: Web Security, Thursday, 9:00-10:30am (Session chair: Suman Jana)

Tail Attacks on Web Applications (Huasong Shan, Qingyang Wang, Calton Pu) [PDF]
Rewriting History: Changing the Archived Web from the Present (Ada Lerner, Tadayoshi Kohno, Franziska Roesner) [PDF] [Paper] [Artifact]
Deemon: Detecting CSRF with Dynamic Analysis and Property Graphs (Giancarlo Pellegrino, Martin Johns, Simon Koch, Michael Backes, Christian Rossow) [PDF] [Paper]

4H: Formal Verification, Thursday, 9:00-10:30am (Session chair: Dinghao Wu)

A Comprehensive Symbolic Analysis of TLS 1.3 (Cas Cremers, Marko Horvat, Jonathan Hoyland, Sam Scott, Thyla van der Merwe) [PDF] [Paper] [Artifact]
HACL*: A Verified Modern Cryptographic Library (Jean-Karim Zinzindohoué, Karthikeyan Bhargavan, Jonathan Protzenko, Benjamin Beurdouche) [PDF] [Paper] [Artifact]
Jasmin: High-Assurance and High-Speed Cryptography (José Bacelar Almeida, Manuel Barbosa, Gilles Barthe, Arthur Blot, Benjamin Grégoire, Vincent Laporte, Tiago Oliveira, Hugo Pacheco, Benedikt Schmidt, Pierre-Yves Strub) [PDF] [Artifact]

1I: Post-Quantum, Thursday, 11:00am-12:30pm (Session chair: Fengwei Zhang)

Post-Quantum Zero-Knowledge and Signatures from Symmetric-Key Primitives (Melissa Chase, David Derler, Steven Goldfeder, Claudio Orlandi, Sebastian Ramacher, Christian Rechberger, Daniel Slamanig, Greg Zaverucha) [PDF]
To BLISS-B or not to be - Attacking strongSwan's Implementation of Post-Quantum Signatures (Peter Pessl, Leon Groot Bruinderink, Yuval Yarom) [PDF] [Paper]
Side-Channel Attacks on BLISS Lattice-Based Signatures: Exploiting Branch Tracing Against strongSwan and Electromagnetic Emanations in Microcontrollers (Thomas Espitau, Pierre-Alain Fouque, Benoït Gérard, Mehdi Tibouchi) [PDF] [Paper] [Artifact]

2I: Information Flow, Thursday, 11:00am-12:30pm (Session chair: Heng Yin)

Nonmalleable Information Flow Control (Ethan Cecchetti, Andrew Myers, Owen Arden) [PDF] [Paper]
Cryptographically Secure Information Flow Control on Key-Value Stores (Lucas Waye, Pablo Buiras, Owen Arden, Alejandro Russo, Stephen Chong) [PDF] [Paper]
Object Flow Integrity (Wenhao Wang, Xiaoyang Xu, Kevin Hamlen) [PDF]

3I: Personal Privacy, Thursday, 11:00am-12:30pm (Session chair: David Kotz)

BBA+: Improving the Security and Applicability of Privacy-Preserving Point Collection (Gunnar Hartung, Max Hoffmann, Matthias Nagel, Andy Rupp) [PDF]
walk2friends: Inferring Social Links from Mobility Profiles (Michael Backes, Mathias Humbert, Jun Pang, Yang Zhang) [PDF] [Paper] [Artifact]
Back to the drawing board: Revisiting the design of optimal location privacy-preserving mechanisms (Simon Oya, Carmela Troncoso, Fernando Pérez-González) [PDF] [Paper]

4I: Verifying Crypto, Thursday, 11:00am-12:30pm (Session chair: Micah Sherr)

Certified Verification of Algebraic Properties on Low-Level Mathematical Constructs in Cryptographic Programs (Ming-Hsien Tsai, Bow-Yaw Wang, Bo-Yin Yang) [PDF]
A Fast and Verified Software Stack for Secure Function Evaluation (José Bacelar Almeida, Manuel Barbosa, Gilles Barthe, François Dupressoir, Benjamin Grégoire, Vincent Laporte, Vitor Pereira) [PDF] [Paper] [Artifact]
Verified Correctness and Security of mbedTLS HMAC-DRBG (Katherine Q. Ye, Matthew Green, Naphat Sanguansin, Lennart Beringer, Adam Petcher, Andrew W. Appel) [PDF] [Paper] [Artifact]

5I: Communication Privacy, Thursday, 11:00am-12:30pm (Session chair: Matthew Wright)

How Unique is Your .onion? An Analysis of the Fingerprintability of Tor Onion Services (Rebekah Overdorf, Marc Juarez, Gunes Acar, Rachel Greenstadt, Claudia Diaz) [PDF] [Paper] [Artifact]
The Waterfall of Liberty: Decoy Routing Circumvention that Resists Routing Attacks (Milad Nasr, Hadi Zolfaghari, Amir Houmansadr) [PDF] [Artifact]
Compressive Traffic Analysis: A New Paradigm for Scalable Traffic Analysis (Milad Nasr, Amir Houmansadr, Arya Mazumdar) [PDF] [Paper]

1J: Outsourcing, Thursday, 2:00-3:30pm (Session chair: Daniel Genkin)

Full accounting for verifiable outsourcing (Riad S. Wahby, Ye Ji, Andrew J. Blumberg, abhi shelat, Justin Thaler, Michael Walfish, Thomas Wies) [PDF] [Paper]
Ligero: Lightweight Sublinear Arguments Without a Trusted Setup (Scott Ames, Carmit Hazay, Yuval Ishai, Muthuramakrishnan Venkitasubramaniam) [PDF]
Homomorphic Secret Sharing: Optimizations and Applications (Elette Boyle, Geoffroy Couteau, Niv Gilboa, Yuval Ishai, Michele Orru) [PDF] [Artifact]

2J: Fun with Fuzzing, Thursday, 2:00-3:30pm (Session chair: Byoungyoung Lee)

DIFUZE: Interface Aware Fuzzing for Kernel Drivers (Jake Corina, Aravind Machiry, Christopher Salls, Yan Shoshitaishvili, Shuang Hao, Christopher Kruegel, Giovanni Vigna) [PDF] [Artifact]
SemFuzz: Semantics-based Automatic Generation of Proof-of-Concept Exploits (Wei You, Peiyuan Zong, Kai Chen, XiaoFeng Wang, Xiaojing Liao, Pan Bian, Bin Liang) [PDF]
SlowFuzz: Automated Domain-Independent Detection of Algorithmic Complexity Vulnerabilities (Theofilos Petsios, Jason Zhao, Angelos D. Keromytis, Suman Jana) [PDF] [Paper]

3J: Problematic Patches, Thursday, 2:00-3:30pm (Session chair: Xinyu Xing)

Checking Open-Source License Violation and 1-day Security Risk at Large Scale (Ruian Duan, Ashish Bijlani, Meng Xu, Taesoo Kim, Wenke Lee) [PDF]
Keep me Updated: An Empirical Study of Third-Party Library Updatability on Android (Erik Derr, Sven Bugiel, Sascha Fahl, Yasemin Acar, Michael Backes) [PDF] [Paper] [Artifact]
A Large-Scale Empirical Study of Security Patches (Frank Li, Vern Paxson) [PDF]

4J: Flash Security, Thursday, 2:00-3:30pm (Session chair: Taesoo Kim)

DEFTL: Implementing Plausibly Deniable Encryption in Flash Translation Layer (Shijie Jia, Luning Xia, Bo Chen, Peng Liu) [PDF]
FlashGuard: Leveraging Intrinsic Flash Properties to Defend Against Encryption Ransomware (Jian Huang, Jun Xu, Xinyu Xing, Peng Liu, Moinuddin K. Qureshi) [PDF]
FirmUSB: Vetting USB Device Firmware using Domain Informed Symbolic Execution (Grant Hernandez, Farhaan Fowze, Dave (Jing) Tian, Tuba Yavuz, Kevin Butler) [PDF] [Paper]

1K: Secure Computation, Thursday, 4:00-5:30pm (Session chair: Stefan Katzenbeisser)

TinyOLE: Efficient Actively Secure Two-Party Computation from Oblivious Linear Function Evaluation (Nico Döttling, Satrajit Ghosh, Jesper Buus Nielsen, Tobias Nilges, Roberto Trifiletti) [PDF]
Distributed Measurement with Private Set-Union Cardinality (Ellis Fenske, Akshaya Mani, Aaron Johnson, Micah Sherr) [PDF]
Efficient Public Trace-and-Revoke from Standard Assumptions (Shweta Agrawal, Sanjay Bhattacherjee, Duong Hieu Phan, Damien Stehle, Shota Yamada) [PDF] [Paper]

2K: Fuzzing Finer and Faster, Thursday, 4:00-5:30pm (Session chair: Wil Robertson)

Designing New Operating Primitives to Improve Fuzzing Performance (Wen Xu, Sanidhya Kashyap, Changwoo Min, Taesoo Kim) [PDF]
Directed Greybox Fuzzing (Marcel Böhme, Van-Thuan Pham, Manh-Dung Nguyen, Abhik Roychoudhury) [PDF] [Paper] [Artifact]
IMF: Inferred Model-based Fuzzer (HyungSeok Han, Sang Kil Cha) [PDF] [Artifact]

3K: Program Analysis, Thursday, 4:00-5:30pm (Session chair: Wenke Lee)

PtrSplit: Supporting general pointers in automatic program partitioning (Shen Liu, Gang Tan, Trent Jaeger) [PDF]
HexType: Efficient Detection of Type Confusion Errors for C++ (Yuseok Jeon, Priyam Biswas, Scott Carr, Byoungyoung Lee, Mathias Payer) [PDF]
FreeGuard: A Faster Secure Heap Allocator (Sam Silvestro, Hongyu Liu, Corey Crosser, Zhiqiang Lin, Tongping Liu) [PDF] [Artifact]

4K: Secure Enclaves, Thursday, 4:00-5:30pm (Session chair: Alex Malozemoff)

JITGuard: Hardening Just-in-time Compilers with SGX (Tommaso Frassetto, David Gens, Christopher Liebchen, Ahmad-Reza Sadeghi) [PDF] [Paper]
Leaky Cauldron on the Dark Land: Understanding Memory Side-Channel Hazards in SGX (Wenhao Wang, Guoxing Chen, Xiaorui Pan, Yinqian Zhang, XiaoFeng Wang, Vincent Bindschaedler, Haixu Tang, Carl A. Gunter) [PDF]
A Formal Foundation for Secure Remote Execution of Enclaves (Pramod Subramanyan, Rohit Sinha, Ilia Lebedev, Srinivas Devadas, Sanjit Seshia) [PDF] [Paper] [Artifact]