ACM Conference on Computer and Communications Security

CCS 2017 - Available Papers

The following 24th ACM Conference on Computer and Communications Security papers are now available.

All Papers · List By Authors · Institutions

(Alphabetical by Paper Title)

A Comprehensive Symbolic Analysis of TLS 1.3 [Paper] [Artifact]Cas Cremers, Marko Horvat, Jonathan Hoyland, Sam Scott, Thyla van der Merwe
A Fast and Verified Software Stack for Secure Function Evaluation [Paper] [Artifact]José Bacelar Almeida, Manuel Barbosa, Gilles Barthe, François Dupressoir, Benjamin Grégoire, Vincent Laporte, Vitor Pereira
A Formal Foundation for Secure Remote Execution of Enclaves [Paper] [Artifact]Pramod Subramanyan, Rohit Sinha, Ilia Lebedev, Srinivas Devadas, Sanjit Seshia
A Type System for Privacy Properties [Paper] [Artifact]Véronique Cortier, Niklas Grimm, Joseph Lallemand, Matteo Maffei
Algorithm Substitution Attacks from a Steganographic Perspective [Paper]Sebastian Berndt, Maciej Liskiewicz
Authenticated Garbling and Efficient Maliciously Secure Two-Party Computation [Paper] [Artifact]Xiao Wang, Samuel Ranellucci, Jonathan Katz
Automated Crowdturfing Attacks and Defenses in Online Review Systems [Paper]Yuanshun Yao, Bimal Viswanath, Jenna Cryan, Haitao Zheng, Ben Y. Zhao
Back to the drawing board: Revisiting the design of optimal location privacy-preserving mechanisms [Paper]Simon Oya, Carmela Troncoso, Fernando Pérez-González
Be Selfish and Avoid Dilemmas: Fork After Withholding (FAW) Attacks on Bitcoin [Paper]Yujin Kwon, Dohyun Kim, Yunmok Son, Eugene Vasserman, Yongdae Kim
Betrayal, Distrust, and Rationality: Smart Counter-Collusion Contracts for Verifiable Cloud Computing [Paper] [Artifact]Changyu Dong, Yilei Wang, Amjad Aldweesh, Patrick McCorry, Aad van Moorsel
Better Bounds for Block Cipher Modes of Operation via Nonce-Based Key Derivation [Paper]Shay Gueron, Yehuda Lindell
Composing Differential Privacy and Secure Computation: A case study on scaling private record linkage [Paper]Xi He, Ashwin Machanavajjhala, Cheryl Flynn, Divesh Srivastava
Compressive Traffic Analysis: A New Paradigm for Scalable Traffic Analysis [Paper]Milad Nasr, Amir Houmansadr, Arya Mazumdar
Concurrency and Privacy with Payment-Channel Networks [Paper]Giulio Malavolta, Pedro Moreno-Sanchez, Aniket Kate, Matteo Maffei, Srivatsan Ravi
Cryptographically Secure Information Flow Control on Key-Value Stores [Paper]Lucas Waye, Pablo Buiras, Owen Arden, Alejandro Russo, Stephen Chong
DUPLO: Unifying Cut-and-Choose for Garbled Circuits [Paper] [Artifact]Vladimir Kolesnikov, Jesper Buus Nielsen, Mike Rosulek, Ni Trieu, Roberto Trifiletti
Deemon: Detecting CSRF with Dynamic Analysis and Property Graphs [Paper]Giancarlo Pellegrino, Martin Johns, Simon Koch, Michael Backes, Christian Rossow
Deep Models Under the GAN: Information Leakage from Collaborative Deep Learning [Paper]Briland Hitaj, Giuseppe Ateniese, Fernando Perez-Cruz
Deterministic Browser [Paper] [Artifact]Yinzhi Cao, Zhanhao Chen, Song Li, Shujiang Wu
Deterministic, Stash-Free Write-Only ORAM [Paper] [Artifact]Daniel S. Roche, Adam J. Aviv, Seung Geol Choi, Travis Mayberry
Directed Greybox Fuzzing [Paper] [Artifact]Marcel Böhme, Van-Thuan Pham, Manh-Dung Nguyen, Abhik Roychoudhury
DolphinAttack: Inaudible Voice Commands [Paper]Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang, Taimin Zhang, Wenyuan Xu
Economic Factors of Vulnerability Trade and Exploitation: Empirical evidence from a prominent Russian cybercrime market [Paper]Luca Allodi
Efficient Public Trace-and-Revoke from Standard Assumptions [Paper]Shweta Agrawal, Sanjay Bhattacherjee, Duong Hieu Phan, Damien Stehle, Shota Yamada
Efficient, Constant-Round and Actively Secure MPC: Beyond the Three-Party Case [Paper]Nishanth Chandran, Juan Garay, Payman Mohassel, Satyanarayana Vusirikala
FAME: Fast Attribute-based Message Encryption [Paper] [Artifact]Shashank Agrawal, Melissa Chase
Fast Private Set Intersection from Homomorphic Encryption [Paper]Hao Chen, Kim Laine, Peter Rindal
Faulds: A Non-Parametric Iterative Classifier for Internet-Wide OS Fingerprinting [Paper]Zain Shamsi, Daren B.H. Cline, Dmitri Loguinov
FirmUSB: Vetting USB Device Firmware using Domain Informed Symbolic Execution [Paper]Grant Hernandez, Farhaan Fowze, Dave (Jing) Tian, Tuba Yavuz, Kevin Butler
Forward and Backward Private Searchable Encryption from Constrained Cryptographic Primitives [Paper] [Artifact]Raphael Bost, Brice Minaud, Olga Ohrimenko
Full accounting for verifiable outsourcing [Paper]Riad S. Wahby, Ye Ji, Andrew J. Blumberg, abhi shelat, Justin Thaler, Michael Walfish, Thomas Wies
Global-Scale Secure Multiparty Computation [Paper] [Artifact]Xiao Wang, Samuel Ranellucci, Jonathan Katz
HACL*: A Verified Modern Cryptographic Library [Paper] [Artifact]Jean-Karim Zinzindohoué and Karthikeyan Bhargavan, Jonathan Protzenko, Benjamin Beurdouche
Herding Vulnerable Cats: A Statistical Approach to Disentangle Joint Responsibility for Web Security in Shared Hosting [Paper]Samaneh Tajalizadehkhoob, Tom van Goethem, Maciej Korczyński, Arman Noroozian, Rainer Böhme, Tyler Moore, Wouter Joosen, Michel van Eeten
Hiding in Plain Sight: A Longitudinal Study of Combosquatting Abuse [Paper]Panagiotis Kintis, Najmeh Miramirkhani, Charles Lever, Yizheng Chen, Rosa Romero-Gómez, Nikolaos Pitropakis, Nick Nikiforakis, Manos Antonakakis
Implementing BP-Obfuscation Using Graph-Induced Encoding [Paper]Shai Halevi, Tzipora Halevi, Victor Shoup, Noah Stephens-Davidowitz
Iron: Functional Encryption using Intel SGX [Paper]Ben Fisch, Dhinakaran Vinayagamurthy, Dan Boneh, Sergey Gorbunov
JITGuard: Hardening Just-in-time Compilers with SGX [Paper]Tommaso Frassetto, David Gens, Christopher Liebchen, Ahmad-Reza Sadeghi
Keep me Updated: An Empirical Study of Third-Party Library Updatability on Android [Paper] [Artifact]Erik Derr, Sven Bugiel, Sascha Fahl, Yasemin Acar, Michael Backes
MagNet: a Two-Pronged Defense against Adversarial Examples [Paper]Dongyu Meng, Hao Chen
Malicious-Secure Private Set Intersection via Dual Execution [Paper] [Artifact]Peter Rindal, Mike Rosulek
May the Fourth Be With You: A Microarchitectural Side Channel Attack on Several Real-World Applications of Curve25519 [Paper]Daniel Genkin, Luke Valenta, Yuval Yarom
Most Websites Don't Need to Vibrate: A Cost-Benefit Approach to Improving Browser Security [Paper]Peter Snyder, Cynthia Taylor, Chris Kanich
Neural Network-based Graph Embedding for Cross-Platform Binary Code Similarity Detection [Paper]Xiaojun Xu, Chang Liu, Qian Feng, Heng Yin, Le Song, Dawn Song
New Techniques for Structural Batch Verification in Bilinear Groups with Applications to Groth-Sahai Proofs [Paper]Gottfried Herold, Max Hoffmann, Michael Klooß , Carla Ràfols, Andy Rupp
No-Match Attacks and Robust Partnering Definitions -- Defining Trivial Attacks for Security Protocols is Not Trivial [Paper]Yong Li, Sven Schäge
Oblivious Neural Network Predictions via MiniONN transformations [Paper]Jian Liu, Mika Juuti, Yao Lu, N. Asokan
On the Power of Optical Contactless Probing: Attacking Bitstream Encryption of FPGAs [Paper]Shahin Tajik, Heiko Lohrke, Jean-Pierre Seifert, Christian Boit
Practical Attacks Against Graph-based Clustering [Paper]Yizheng Chen, Yacin Nadji, Athanasios Kountouras, Fabian Monrose, Roberto Perdisci, Manos Antonakakis, Nikolaos Vasiloglou
Practical Graphs for Optimal Side-Channel Resistant Memory-Hard Functions [Paper] [Artifact]Joel Alwen, Jeremiah Blocki, Ben Harsha
Practical Multi-party Private Set Intersection from Symmetric-Key Techniques [Paper] [Artifact]Vladimir Kolesnikov, Naor Matania, Benny Pinkas, Mike Rosulek, Ni Trieu
Practical Secure Aggregation for Privacy-Preserving Machine Learning [Paper]Keith Bonawitz, Vladimir Ivanov, Ben Kreuter, Antonio Marcedone, H. Brendan McMahan, Sarvar Patel, Daniel Ramage, Aaron Segal, Karn Seth
Quantifying the Pressure of Legal Risks on Third-party Vulnerability Research [Paper] [Artifact]Alexander Gamero-Garrido, Stefan Savage, Kirill Levchenko, Alex C. Snoeren
Querying for Queries: Indexes of Queries for Efficient and Expressive IT-PIR [Paper]Syed Mahbub Hafiz, Ryan Henry
S3ORAM: A Computation-Efficient and Constant Client Bandwidth Blowup ORAM with Shamir Secret Sharing [Paper] [Artifact]Thang Hoang, Ceyhun D. Ozkaptan, Attila A. Yavuz, Jorge Guajardo, Tam Nguyen
Scaling ORAM for Secure Computation [Paper] [Artifact]Jack Doerner, abhi shelat
Side-Channel Attacks on BLISS Lattice-Based Signatures: Exploiting Branch Tracing Against strongSwan and Electromagnetic Emanations in Microcontrollers [Paper] [Artifact]Thomas Espitau, Pierre-Alain Fouque, Benoït Gérard, Mehdi Tibouchi
SlowFuzz: Automated Domain-Independent Detection of Algorithmic Complexity Vulnerabilities [Paper]Theofilos Petsios, Jason Zhao, Angelos D. Keromytis, Suman Jana
Solidus: Confidential Distributed Ledger Transactions via PVORM [Paper]Ethan Cecchetti, Fan Zhang, Yan Ji, Ahmed Kosba, Ari Juels, Elaine Shi
Stacco: Differentially Analyzing Side-Channel Traces for Detecting SSL/TLS Vulnerabilities in Secure Enclaves [Paper]Yuan Xiao, Mengyuan Li, Sanchuan Chen, Yinqian Zhang
T/Key: Second-Factor Authentication From Secure Hash Chains [Paper]Dmitry Kogan, Nathan Manohar, Dan Boneh
The Dynamics of Innocent Flesh on the Bone: Code Reuse Ten Years Later [Paper] [Artifact]Victor van der Veen, Dennis Andriesse, Manolis Stamatogiannakis, Xi Chen, Herbert Bos, Cristiano Giuffrida
The TypTop System: Personalized Typo-tolerant Password Checking [Paper] [Artifact]Rahul Chatterjee, Joanne Woodage, Yuval Pnueli, Anusha Chowdhury, Thomas Ristenpart
The Wolf of Name Street: Hijacking Domains Through Their Nameservers [Paper]Thomas Vissers, Timothy Barron, Tom Van Goethem, Wouter Joosen, Nick Nikiforakis
To BLISS-B or not to be - Attacking strongSwan's Implementation of Post-Quantum Signatures [Paper]Peter Pessl, Leon Groot Bruinderink, Yuval Yarom
Use Privacy in Data-Driven Systems: Theory and Experiments with Machine Learnt Programs [Paper] [Artifact]Anupam Datta, Matthew Fredrikson, Gihyuk Ko, Piotr Mardziel, Shayak Sen
Verified Correctness and Security of mbedTLS HMAC-DRBG [Paper] [Artifact]Katherine Q. Ye, Matthew Green, Naphat Sanguansin, Lennart Beringer, Adam Petcher, Andrew W. Appel
Verifying Security Policies in Multi-agent Workflows with Loops [Paper] [Artifact]Bernd Finkbeiner, Christian Müller, Helmut Seidl, Eugen Zalinescu
Viden: Attacker Identification on In-Vehicle Networks [Paper]Kyong-Tak Cho, Kang G. Shin
Watch Me, but Don't Touch Me! Contactless Control Flow Monitoring via Electromagnetic Emanations [Paper]Yi Han, Sriharsha Etigowni, Hua Liu, Saman Zonouz, Athina Petropulu
Why Do Developers Get Password Storage Wrong? A Qualitative Usability Study [Paper]Alena Naiakshina, Anastasia Danilova, Christian Tiefenau, Marco Herzog, Sergej Dechand, Matthew Smith
Zero-Knowledge Contingent Payments Revisited: Attacks and Payments for Services [Paper] [Artifact]Matteo Campanelli, Rosario Gennaro, Steven Goldfeder, Luca Nizzardo
walk2friends: Inferring Social Links from Mobility Profiles [Paper] [Artifact]Michael Backes, Mathias Humbert, Jun Pang, Yang Zhang

73 open papers