ACM Conference on Computer and Communications Security

CCS 2017 - Available Papers

The following 24th ACM Conference on Computer and Communications Security papers are now available.

All Papers · List By Authors · Institutions

(Ordered by Conference Session)

DUPLO: Unifying Cut-and-Choose for Garbled Circuits [PDF] [Paper] [Artifact] (A1)Vladimir Kolesnikov, Jesper Buus Nielsen, Mike Rosulek, Ni Trieu, Roberto Trifiletti
Authenticated Garbling and Efficient Maliciously Secure Two-Party Computation [PDF] [Paper] [Artifact] (A1) Xiao Wang, Samuel Ranellucci, Jonathan Katz
Global-Scale Secure Multiparty Computation [PDF] [Paper] [Artifact] (A1)Xiao Wang, Samuel Ranellucci, Jonathan Katz
DolphinAttack: Inaudible Voice Commands [PDF] [Paper] (A3) Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang, Taimin Zhang, Wenyuan Xu
MagNet: a Two-Pronged Defense against Adversarial Examples [PDF] [Paper] (A3)Dongyu Meng, Hao Chen
Deterministic Browser [PDF] [Paper] [Artifact] (A4)Yinzhi Cao, Zhanhao Chen, Song Li, Shujiang Wu
Most Websites Don't Need to Vibrate: A Cost-Benefit Approach to Improving Browser Security [PDF] [Paper] (A4)Peter Snyder, Cynthia Taylor, Chris Kanich
Be Selfish and Avoid Dilemmas: Fork After Withholding (FAW) Attacks on Bitcoin [PDF] [Paper] (A5)Yujin Kwon, Dohyun Kim, Yunmok Son, Eugene Vasserman, Yongdae Kim
Betrayal, Distrust, and Rationality: Smart Counter-Collusion Contracts for Verifiable Cloud Computing [PDF] [Paper] [Artifact] (A5)Changyu Dong, Yilei Wang, Amjad Aldweesh, Patrick McCorry, Aad van Moorsel
Zero-Knowledge Contingent Payments Revisited: Attacks and Payments for Services [PDF] [Paper] [Artifact] (A5)Matteo Campanelli, Rosario Gennaro, Steven Goldfeder, Luca Nizzardo
Pool: Scalable On-Demand Secure Computation Service Against Malicious Adversaries [PDF] [Paper] [Artifact] (B1)Ruiyu Zhu, Yan Huang, Darion Cassel
A Framework for Constructing Fast MPC over Arithmetic Circuits with Malicious Adversaries and an Honest-Majority [PDF] [Paper] (B1)Yehuda Lindell, Ariel Nof
Efficient, Constant-Round and Actively Secure MPC: Beyond the Three-Party Case [PDF] [Paper] (B1)Nishanth Chandran, Juan Garay, Payman Mohassel, Satyanarayana Vusirikala
Why Do Developers Get Password Storage Wrong? A Qualitative Usability Study [PDF] [Paper] (B2)Alena Naiakshina, Anastasia Danilova, Christian Tiefenau, Marco Herzog, Sergej Dechand, Matthew Smith
The TypTop System: Personalized Typo-tolerant Password Checking [PDF] [Paper] [Artifact] (B2)Rahul Chatterjee, Joanne Woodage, Yuval Pnueli, Anusha Chowdhury, Thomas Ristenpart
Neural Network-based Graph Embedding for Cross-Platform Binary Code Similarity Detection [PDF] [Paper] (B3)Xiaojun Xu, Chang Liu, Qian Feng, Heng Yin, Le Song, Dawn Song
A Type System for Privacy Properties [PDF] [Paper] [Artifact] (B4)Véronique Cortier, Niklas Grimm, Joseph Lallemand, Matteo Maffei
Concurrency and Privacy with Payment-Channel Networks [PDF] [Paper] (B5)Giulio Malavolta, Pedro Moreno-Sanchez, Aniket Kate, Matteo Maffei, Srivatsan Ravi
S3ORAM: A Computation-Efficient and Constant Client Bandwidth Blowup ORAM with Shamir Secret Sharing [PDF] [Paper] [Artifact] (C1)Thang Hoang, Ceyhun D. Ozkaptan, Attila A. Yavuz, Jorge Guajardo, Tam Nguyen
Deterministic, Stash-Free Write-Only ORAM [PDF] [Paper] [Artifact] (C1)Daniel S. Roche, Adam J. Aviv, Seung Geol Choi, Travis Mayberry
Scaling ORAM for Secure Computation [PDF] [Paper] [Artifact] (C1) Jack Doerner, abhi shelat
Herding Vulnerable Cats: A Statistical Approach to Disentangle Joint Responsibility for Web Security in Shared Hosting [PDF] [Paper] (C2)Samaneh Tajalizadehkhoob, Tom van Goethem, Maciej Korczyński, Arman Noroozian, Rainer Böhme, Tyler Moore, Wouter Joosen, Michel van Eeten
Hiding in Plain Sight: A Longitudinal Study of Combosquatting Abuse [PDF] [Paper] (C2)Panagiotis Kintis, Najmeh Miramirkhani, Charles Lever, Yizheng Chen, Rosa Romero-Gómez, Nikolaos Pitropakis, Nick Nikiforakis, Manos Antonakakis
Deep Models Under the GAN: Information Leakage from Collaborative Deep Learning [PDF] [Paper] (C3)Briland Hitaj, Giuseppe Ateniese, Fernando Perez-Cruz
Oblivious Neural Network Predictions via MiniONN transformations [PDF] [Paper] (C3)Jian Liu, Mika Juuti, Yao Lu, N. Asokan
Verifying Security Policies in Multi-agent Workflows with Loops [PDF] [Paper] [Artifact] (C4)Bernd Finkbeiner, Christian Müller, Helmut Seidl, Eugen Zalinescu
FAME: Fast Attribute-based Message Encryption [PDF] [Paper] [Artifact] (C4)Shashank Agrawal, Melissa Chase
Solidus: Confidential Distributed Ledger Transactions via PVORM [PDF] [Paper] (C5)Ethan Cecchetti, Fan Zhang, Yan Ji, Ahmed Kosba, Ari Juels, Elaine Shi
Iron: Functional Encryption using Intel SGX [PDF] [Paper] (D1) Ben Fisch, Dhinakaran Vinayagamurthy, Dan Boneh, Sergey Gorbunov
Implementing BP-Obfuscation Using Graph-Induced Encoding [PDF] [Paper] (D1)Shai Halevi, Tzipora Halevi, Victor Shoup, Noah Stephens-Davidowitz
May the Fourth Be With You: A Microarchitectural Side Channel Attack on Several Real-World Applications of Curve25519 [PDF] [Paper] (D3)Daniel Genkin, Luke Valenta, Yuval Yarom
Stacco: Differentially Analyzing Side-Channel Traces for Detecting SSL/TLS Vulnerabilities in Secure Enclaves [PDF] [Paper] (D3)Yuan Xiao, Mengyuan Li, Sanchuan Chen, Yinqian Zhang
Client-side Name Collision Vulnerability in the New gTLD Era: A Systematic Study [PDF] [Paper] (D5)Qi Alfred Chen, Matthew Thomas, Eric Osterweil, Yulong Cao, Jie You, Z. Morley Mao
The Wolf of Name Street: Hijacking Domains Through Their Nameservers [PDF] [Paper] (D5)Thomas Vissers, Timothy Barron, Tom Van Goethem, Wouter Joosen, Nick Nikiforakis
Faulds: A Non-Parametric Iterative Classifier for Internet-Wide OS Fingerprinting [PDF] [Paper] (D5)Zain Shamsi, Daren B.H. Cline, Dmitri Loguinov
T/Key: Second-Factor Authentication From Secure Hash Chains [PDF] [Paper] (E1)Dmitry Kogan, Nathan Manohar, Dan Boneh
Practical Graphs for Optimal Side-Channel Resistant Memory-Hard Functions [PDF] [Paper] [Artifact] (E1)Joel Alwen, Jeremiah Blocki, Ben Harsha
Better Bounds for Block Cipher Modes of Operation via Nonce-Based Key Derivation [PDF] [Paper] (E1) Shay Gueron, Yehuda Lindell
Watch Me, but Don't Touch Me! Contactless Control Flow Monitoring via Electromagnetic Emanations [PDF] [Paper] (E3)Yi Han, Sriharsha Etigowni, Hua Liu, Saman Zonouz, Athina Petropulu
Viden: Attacker Identification on In-Vehicle Networks [PDF] [Paper] (E3)Kyong-Tak Cho, Kang G. Shin
Practical Attacks Against Graph-based Clustering [PDF] [Paper] (E4)Yizheng Chen, Yacin Nadji, Athanasios Kountouras, Fabian Monrose, Roberto Perdisci, Manos Antonakakis, Nikolaos Vasiloglou
Automated Crowdturfing Attacks and Defenses in Online Review Systems [PDF] [Paper] (E4)Yuanshun Yao, Bimal Viswanath, Jenna Cryan, Haitao Zheng, Ben Y. Zhao
POISED: Spotting Twitter Spam Off the Beaten Paths [PDF] [Paper] (E4)Shirin Nilizadeh, François Labrèche, Alireza Sadighian, Ali Zand, José Fernandez, Christopher Kruegel, Gianluca Stringhini, Giovanni Vigna
Practical Secure Aggregation for Privacy-Preserving Machine Learning [PDF] [Paper] (E5)Keith Bonawitz, Vladimir Ivanov, Ben Kreuter, Antonio Marcedone, H. Brendan McMahan, Sarvar Patel, Daniel Ramage, Aaron Segal, Karn Seth
Use Privacy in Data-Driven Systems: Theory and Experiments with Machine Learnt Programs [PDF] [Paper] [Artifact] (E5)Anupam Datta, Matthew Fredrikson, Gihyuk Ko, Piotr Mardziel, Shayak Sen
Malicious-Secure Private Set Intersection via Dual Execution [PDF] [Paper] [Artifact] (F1)Peter Rindal, Mike Rosulek
Fast Private Set Intersection from Homomorphic Encryption [PDF] [Paper] (F1)Hao Chen, Kim Laine, Peter Rindal
Practical Multi-party Private Set Intersection from Symmetric-Key Techniques [PDF] [Paper] [Artifact] (F1)Vladimir Kolesnikov, Naor Matania, Benny Pinkas, Mike Rosulek, Ni Trieu
Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2 [PDF] [Paper] (F3) Mathy Vanhoef, Frank Piessens
No-Match Attacks and Robust Partnering Definitions — Defining Trivial Attacks for Security Protocols is Not Trivial [PDF] [Paper] (F3)Yong Li, Sven Schäge
Querying for Queries: Indexes of Queries for Efficient and Expressive IT-PIR [PDF] [Paper] (F4)Syed Mahbub Hafiz, Ryan Henry
Composing Differential Privacy and Secure Computation: A case study on scaling private record linkage [PDF] [Paper] (F4)Xi He, Ashwin Machanavajjhala, Cheryl Flynn, Divesh Srivastava
Forward and Backward Private Searchable Encryption from Constrained Cryptographic Primitives [PDF] [Paper] [Artifact] (G1)Raphael Bost, Brice Minaud, Olga Ohrimenko
Economic Factors of Vulnerability Trade and Exploitation: Empirical evidence from a prominent Russian cybercrime market [PDF] [Paper] (G2)Luca Allodi
Quantifying the Pressure of Legal Risks on Third-party Vulnerability Research [PDF] [Paper] [Artifact] (G2)Alexander Gamero-Garrido, Stefan Savage, Kirill Levchenko, Alex C. Snoeren
New Techniques for Structural Batch Verification in Bilinear Groups with Applications to Groth-Sahai Proofs [PDF] [Paper] (G4)Gottfried Herold, Max Hoffmann, Michael Klooß , Carla Ràfols, Andy Rupp
A Touch of Evil: High-Assurance Cryptographic Hardware from Untrusted Components [PDF] [Paper] [Artifact] (G5)Vasilios Mavroudis, Andrea Cerulli, Petr Svenda, Dan Cvrcek, Dusan Klinec, George Danezis
Algorithm Substitution Attacks from a Steganographic Perspective [PDF] [Paper] (H1)Sebastian Berndt, Maciej Liskiewicz
On the Power of Optical Contactless Probing: Attacking Bitstream Encryption of FPGAs [PDF] [Paper] (H1) Shahin Tajik, Heiko Lohrke, Jean-Pierre Seifert, Christian Boit
The Dynamics of Innocent Flesh on the Bone: Code Reuse Ten Years Later [PDF] [Paper] [Artifact] (H2)Victor van der Veen, Dennis Andriesse, Manolis Stamatogiannakis, Xi Chen, Herbert Bos, Cristiano Giuffrida
Rewriting History: Changing the Archived Web from the Present [PDF] [Paper] [Artifact] (H3)Ada Lerner, Tadayoshi Kohno, Franziska Roesner
Deemon: Detecting CSRF with Dynamic Analysis and Property Graphs [PDF] [Paper] (H3)Giancarlo Pellegrino, Martin Johns, Simon Koch, Michael Backes, Christian Rossow
A Comprehensive Symbolic Analysis of TLS 1.3 [PDF] [Paper] [Artifact] (H4)Cas Cremers, Marko Horvat, Jonathan Hoyland, Sam Scott, Thyla van der Merwe
HACL*: A Verified Modern Cryptographic Library [PDF] [Paper] [Artifact] (H4)Jean-Karim Zinzindohoué, Karthikeyan Bhargavan, Jonathan Protzenko, Benjamin Beurdouche
To BLISS-B or not to be - Attacking strongSwan's Implementation of Post-Quantum Signatures [PDF] [Paper] (I1)Peter Pessl, Leon Groot Bruinderink, Yuval Yarom
Side-Channel Attacks on BLISS Lattice-Based Signatures: Exploiting Branch Tracing Against strongSwan and Electromagnetic Emanations in Microcontrollers [PDF] [Paper] [Artifact] (I1)Thomas Espitau, Pierre-Alain Fouque, Benoït Gérard, Mehdi Tibouchi
Nonmalleable Information Flow Control [PDF] [Paper] (I2) Ethan Cecchetti, Andrew Myers, Owen Arden
Cryptographically Secure Information Flow Control on Key-Value Stores [PDF] [Paper] (I2)Lucas Waye, Pablo Buiras, Owen Arden, Alejandro Russo, Stephen Chong
walk2friends: Inferring Social Links from Mobility Profiles [PDF] [Paper] [Artifact] (I3)Michael Backes, Mathias Humbert, Jun Pang, Yang Zhang
Back to the drawing board: Revisiting the design of optimal location privacy-preserving mechanisms [PDF] [Paper] (I3)Simon Oya, Carmela Troncoso, Fernando Pérez-González
A Fast and Verified Software Stack for Secure Function Evaluation [PDF] [Paper] [Artifact] (I4)José Bacelar Almeida, Manuel Barbosa, Gilles Barthe, François Dupressoir, Benjamin Grégoire, Vincent Laporte, Vitor Pereira
Verified Correctness and Security of mbedTLS HMAC-DRBG [PDF] [Paper] [Artifact] (I4)Katherine Q. Ye, Matthew Green, Naphat Sanguansin, Lennart Beringer, Adam Petcher, Andrew W. Appel
How Unique is Your .onion? An Analysis of the Fingerprintability of Tor Onion Services [PDF] [Paper] [Artifact] (I5) Rebekah Overdorf, Marc Juarez, Gunes Acar, Rachel Greenstadt, Claudia Diaz
Compressive Traffic Analysis: A New Paradigm for Scalable Traffic Analysis [PDF] [Paper] (I5)Milad Nasr, Amir Houmansadr, Arya Mazumdar
Full accounting for verifiable outsourcing [PDF] [Paper] (J1)Riad S. Wahby, Ye Ji, Andrew J. Blumberg, abhi shelat, Justin Thaler, Michael Walfish, Thomas Wies
SlowFuzz: Automated Domain-Independent Detection of Algorithmic Complexity Vulnerabilities [PDF] [Paper] (J2)Theofilos Petsios, Jason Zhao, Angelos D. Keromytis, Suman Jana
Keep me Updated: An Empirical Study of Third-Party Library Updatability on Android [PDF] [Paper] [Artifact] (J3)Erik Derr, Sven Bugiel, Sascha Fahl, Yasemin Acar, Michael Backes
FirmUSB: Vetting USB Device Firmware using Domain Informed Symbolic Execution [PDF] [Paper] (J4)Grant Hernandez, Farhaan Fowze, Dave (Jing) Tian, Tuba Yavuz, Kevin Butler
Efficient Public Trace-and-Revoke from Standard Assumptions [PDF] [Paper] (K1)Shweta Agrawal, Sanjay Bhattacherjee, Duong Hieu Phan, Damien Stehle, Shota Yamada
Directed Greybox Fuzzing [PDF] [Paper] [Artifact] (K2)Marcel Böhme, Van-Thuan Pham, Manh-Dung Nguyen, Abhik Roychoudhury
JITGuard: Hardening Just-in-time Compilers with SGX [PDF] [Paper] (K4)Tommaso Frassetto, David Gens, Christopher Liebchen, Ahmad-Reza Sadeghi
A Formal Foundation for Secure Remote Execution of Enclaves [PDF] [Paper] [Artifact] (K4) Pramod Subramanyan, Rohit Sinha, Ilia Lebedev, Srinivas Devadas, Sanjit Seshia

82 open papers