ACM Conference on Computer and Communications Security

CCS 2017 - Accepted Papers

The following papers have been accepted to the 24th ACM Conference on Computer and Communications Security (151 papers accepted out of 836 submissions).

Available Papers · Artifacts · List By Authors · Institutions

(Alphabetical by Paper Title)

5Gen-C: Multi-input Functional Encryption and Program Obfuscation for Arithmetic Circuits [Artifact]Brent Carmer, Alex J. Malozemoff, Mariana Raykova
A Comprehensive Symbolic Analysis of TLS 1.3 [Paper] [Artifact]Cas Cremers, Marko Horvat, Jonathan Hoyland, Sam Scott, Thyla van der Merwe
A Fast and Verified Software Stack for Secure Function Evaluation [Paper] [Artifact]José Bacelar Almeida, Manuel Barbosa, Gilles Barthe, François Dupressoir, Benjamin Grégoire, Vincent Laporte, Vitor Pereira
A Formal Foundation for Secure Remote Execution of Enclaves [Paper] [Artifact]Pramod Subramanyan, Rohit Sinha, Ilia Lebedev, Srinivas Devadas, Sanjit Seshia
A Framework for Constructing Fast MPC over Arithmetic Circuits with Malicious Adversaries and an Honest-MajorityYehuda Lindell, Ariel Nof
A Large-Scale Empirical Study of Security PatchesFrank Li, Vern Paxson
A Practical Encrypted Data Analytic Framework With Trusted ProcessorsFahad Shaon, Murat Kantarcioglu, Zhiqiang Lin, Latifur Khan
A Stitch in Time: Supporting Android Developers in Writing Secure CodeDuc Cuong Nguyen, Dominik Wermke, Yasemin Acar, Michael Backes, Charles Weir, Sascha Fahl
A Touch of Evil: High-Assurance Cryptographic Hardware from Untrusted Components [Artifact]Vasilios Mavroudis, Andrea Cerulli, Petr Svenda, Dan Cvrcek, Dusan Klinec, George Danezis
A Type System for Privacy Properties [Paper] [Artifact]Véronique Cortier, Niklas Grimm, Joseph Lallemand, Matteo Maffei
AUTHSCOPE: Towards Automatic Discovery of Vulnerable Access Control in Online ServicesChaoshun Zuo, Qingchuan Zhao, Zhiqiang Lin
Algorithm Substitution Attacks from a Steganographic Perspective [Paper]Sebastian Berndt, Maciej Liskiewicz
Attribute-Based Encryption in the Generic Group Model: Automated Proofs and New ConstructionsMiguel Ambrona, Gilles Barthe, Romain Gay, Hoeteck Wee
Authenticated Garbling and Efficient Maliciously Secure Two-Party Computation [Paper] [Artifact]Xiao Wang, Samuel Ranellucci, Jonathan Katz
Automated Crowdturfing Attacks and Defenses in Online Review Systems [Paper]Yuanshun Yao, Bimal Viswanath, Jenna Cryan, Haitao Zheng, Ben Y. Zhao
BBA+: Improving the Security and Applicability of Privacy-Preserving Point CollectionGunnar Hartung, Max Hoffmann, Matthias Nagel, Andy Rupp
Back to the drawing board: Revisiting the design of optimal location privacy-preserving mechanisms [Paper]Simon Oya, Carmela Troncoso, Fernando Pérez-González
Be Selfish and Avoid Dilemmas: Fork After Withholding (FAW) Attacks on Bitcoin [Paper]Yujin Kwon, Dohyun Kim, Yunmok Son, Eugene Vasserman, Yongdae Kim
Betrayal, Distrust, and Rationality: Smart Counter-Collusion Contracts for Verifiable Cloud Computing [Paper] [Artifact]Changyu Dong, Yilei Wang, Amjad Aldweesh, Patrick McCorry, Aad van Moorsel
Better Bounds for Block Cipher Modes of Operation via Nonce-Based Key Derivation [Paper]Shay Gueron, Yehuda Lindell
Better Than Advertised: Improved Collision-Resistance Guarantees for MD-Based Hash FunctionsMihir Bellare, Joseph Jaeger, Julia Len
Bolt: Anonymous Payment Channels for Decentralized CurrenciesMatthew Green, Ian Miers
CCCP: Closed Caption Crypto Phones to Resist MITM Attacks, Human Errors and Click-ThroughMaliheh Shirvanian, Nitesh Saxena
Capturing Malware Propagations with Code Injections and Code-Reuse attacksDavid Korczynski, Heng Yin
Certified Malware: Measuring Breaches of Trust in the Windows Code-Signing PKIDoowon Kim, Bum Jun Kwon, Tudor Dumitraş 
Certified Verification of Algebraic Properties on Low-Level Mathematical Constructs in Cryptographic ProgramsMing-Hsien Tsai, Bow-Yaw Wang, Bo-Yin Yang
Checking Open-Source License Violation and 1-day Security Risk at Large ScaleRuian Duan, Ashish Bijlani, Meng Xu, Taesoo Kim, Wenke Lee
Client-side Name Collision Vulnerability in the New gTLD Era: A Systematic StudyQi Alfred Chen, Matthew Thomas, Eric Osterweil, Yulong Cao, Jie You, Z. Morley Mao
Code-reuse attacks for the Web: Breaking Cross-Site Scripting Mitigations via Script GadgetsSebastian Lekies, Krzysztof Kotowicz, Samuel Groß , Eduardo Vela, Martin Johns
Composing Differential Privacy and Secure Computation: A case study on scaling private record linkage [Paper]Xi He, Ashwin Machanavajjhala, Cheryl Flynn, Divesh Srivastava
Compressive Traffic Analysis: A New Paradigm for Scalable Traffic Analysis [Paper]Milad Nasr, Amir Houmansadr, Arya Mazumdar
Concurrency and Privacy with Payment-Channel Networks [Paper]Giulio Malavolta, Pedro Moreno-Sanchez, Aniket Kate, Matteo Maffei, Srivatsan Ravi
Cryptographically Secure Information Flow Control on Key-Value Stores [Paper]Lucas Waye, Pablo Buiras, Owen Arden, Alejandro Russo, Stephen Chong
DEFTL: Implementing Plausibly Deniable Encryption in Flash Translation LayerShijie Jia, Luning Xia, Bo Chen, Peng Liu
DIFUZE:Interface Aware Fuzzing for Kernel Drivers [Artifact]Jake Corina, Aravind Machiry, Christopher Salls, Yan Shoshitaishvili, Shuang Hao, Christopher Kruegel, Giovanni Vigna
DUPLO: Unifying Cut-and-Choose for Garbled Circuits [Paper] [Artifact]Vladimir Kolesnikov, Jesper Buus Nielsen, Mike Rosulek, Ni Trieu, Roberto Trifiletti
Data breaches, phishing, or malware? Understanding the risks of stolen credentialsKurt Thomas, Frank Li, Ali Zand, Jake Barrett, Juri Ranieri, Luca Invernizzi, Yarik Markov, Oxana Comanescu, Vijay Eranti, Angelika Moscicki, Dan Margolis, Vern Paxson, Elie Bursztein
Deemon: Detecting CSRF with Dynamic Analysis and Property Graphs [Paper]Giancarlo Pellegrino, Martin Johns, Simon Koch, Michael Backes, Christian Rossow
Deep Models Under the GAN: Information Leakage from Collaborative Deep Learning [Paper]Briland Hitaj, Giuseppe Ateniese, Fernando Perez-Cruz
DeepLog: Anomaly Detection and Diagnosis from System Logs through Deep LearningMin Du, Feifei Li, Guineng Zheng, Vivek Srikumar
Defending Against Key Exfiltration: Efficiency Improvements for Big-Key Cryptography via Large-Alphabet Subkey PredictionMihir Bellare, Wei Dai
Designing New Operating Primitives to Improve Fuzzing PerformanceWen Xu, Sanidhya Kashyap, Changwoo Min, Taesoo Kim
Detecting Structurally Anomalous Logins Within Enterprise NetworksHossein Siadati, Nasir Memon
Deterministic Browser [Paper] [Artifact]Yinzhi Cao, Zhanhao Chen, Song Li, Shujiang Wu
Deterministic, Stash-Free Write-Only ORAM [Paper] [Artifact]Daniel S. Roche, Adam J. Aviv, Seung Geol Choi, Travis Mayberry
Directed Greybox Fuzzing [Paper] [Artifact]Marcel Böhme, Van-Thuan Pham, Manh-Dung Nguyen, Abhik Roychoudhury
Distributed Measurement with Private Set-Union CardinalityEllis Fenske, Akshaya Mani, Aaron Johnson, Micah Sherr
DolphinAttack: Inaudible Voice Commands [Paper]Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang, Taimin Zhang, Wenyuan Xu
Don’t Let One Rotten Apple Spoil the Whole Barrel: Towards Automated Detection of Shadowed DomainsDaiping Liu, Zhou Li, Kun Du, Haining Wang, Baojun Liu, Haixin Duan
Economic Factors of Vulnerability Trade and Exploitation: Empirical evidence from a prominent Russian cybercrime market [Paper]Luca Allodi
Efficient Public Trace-and-Revoke from Standard Assumptions [Paper]Shweta Agrawal, Sanjay Bhattacherjee, Duong Hieu Phan, Damien Stehle, Shota Yamada
Efficient, Constant-Round and Actively Secure MPC: Beyond the Three-Party Case [Paper]Nishanth Chandran, Juan Garay, Payman Mohassel, Satyanarayana Vusirikala
Evading Classifiers by Morphing in the DarkHung Dang, Yue Huang, Ee-Chien Chang
Exploiting a Thermal Side Channel for Power Attacks in Multi-Tenant Data CentersMohammad A. Islam, Shaolei Ren, Adam Wierman
FAME: Fast Attribute-based Message Encryption [Paper] [Artifact]Shashank Agrawal, Melissa Chase
Fairness in an Unfair World: Fair Multiparty Computation from Public Bulletin BoardsArka Rai Choudhuri, Matthew Green, Abhishek Jain, Gabriel Kaptchuk, Ian Miers
Fast Private Set Intersection from Homomorphic Encryption [Paper]Hao Chen, Kim Laine, Peter Rindal
Faulds: A Non-Parametric Iterative Classifier for Internet-Wide OS Fingerprinting [Paper]Zain Shamsi, Daren B.H. Cline, Dmitri Loguinov
FirmUSB: Vetting USB Device Firmware using Domain Informed Symbolic Execution [Paper]Grant Hernandez, Farhaan Fowze, Dave (Jing) Tian, Tuba Yavuz, Kevin Butler
FlashGuard: Leveraging Intrinsic Flash Properties to Defend Against Encryption RansomwareJian Huang, Jun Xu, Xinyu Xing, Peng Liu, Moinuddin K. Qureshi
Forward Secure Dynamic Searchable Symmetric Encryption with Efficient UpdatesKee Sung Kim, Minkyu Kim, Dongsoo Lee, Je Hong Park, Woo-Hwan Kim
Forward and Backward Private Searchable Encryption from Constrained Cryptographic Primitives [Paper] [Artifact]Raphael Bost, Brice Minaud, Olga Ohrimenko
FreeGuard: A Faster Secure Heap Allocator [Artifact]Sam Silvestro, Hongyu Liu, Corey Crosser, Zhiqiang Lin, Tongping Liu
Full accounting for verifiable outsourcing [Paper]Riad S. Wahby, Ye Ji, Andrew J. Blumberg, abhi shelat, Justin Thaler, Michael Walfish, Thomas Wies
Generating Synthetic Decentralized Social Graphs with Local Differential PrivacyZhan Qin, Yin Yang, Ting Yu, Xiaokui Xiao, Issa Khalil, Kui Ren
Generic Semantic Security against a Kleptographic AdversaryAlexander Russell, Qiang Tang, Moti Yung, Hong-Sheng Zhou
Global-Scale Secure Multiparty Computation [Paper] [Artifact]Xiao Wang, Samuel Ranellucci, Jonathan Katz
HACL*: A Verified Modern Cryptographic Library [Paper] [Artifact]Jean-Karim Zinzindohoué and Karthikeyan Bhargavan, Jonathan Protzenko, Benjamin Beurdouche
Hearing Your Voice Is Not Enough: An Articulatory Gesture Based Liveness Detection for Voice AuthenticationLinghan Zhang, Sheng Tan, Jie Yang
Herding Vulnerable Cats: A Statistical Approach to Disentangle Joint Responsibility for Web Security in Shared Hosting [Paper]Samaneh Tajalizadehkhoob, Tom van Goethem, Maciej Korczyński, Arman Noroozian, Rainer Böhme, Tyler Moore, Wouter Joosen, Michel van Eeten
HexType: Efficient Detection of Type Confusion Errors for C++Yuseok Jeon, Priyam Biswas, Scott Carr, Byoungyoung Lee, Mathias Payer
Hiding in Plain Sight: A Longitudinal Study of Combosquatting Abuse [Paper]Panagiotis Kintis, Najmeh Miramirkhani, Charles Lever, Yizheng Chen, Rosa Romero-Gómez, Nikolaos Pitropakis, Nick Nikiforakis, Manos Antonakakis
Hindsight: Understanding the Evolution of UI Vulnerabilities in Mobile BrowsersMeng Luo, Oleksii Starov, Nima Honarmand, Nick Nikiforakis
Homomorphic Secret Sharing: Optimizations and Applications [Artifact]Elette Boyle, Geoffroy Couteau, Niv Gilboa, Yuval Ishai, Michele Orru
How Unique is Your .onion? An Analysis of the Fingerprintability of Tor Onion Services [Artifact]Rebekah Overdorf, Marc Juarez, Gunes Acar, Rachel Greenstadt, Claudia Diaz
IMF: Inferred Model-based Fuzzer [Artifact]HyungSeok Han, Sang Kil Cha
Identity-Based Format-Preserving EncryptionMihir Bellare, Viet Tung Hoang
Implementing BP-Obfuscation Using Graph-Induced Encoding [Paper]Shai Halevi, Tzipora Halevi, Victor Shoup, Noah Stephens-Davidowitz
Iron: Functional Encryption using Intel SGX [Paper]Ben Fisch, Dhinakaran Vinayagamurthy, Dan Boneh, Sergey Gorbunov
JITGuard: Hardening Just-in-time Compilers with SGX [Paper]Tommaso Frassetto, David Gens, Christopher Liebchen, Ahmad-Reza Sadeghi
Jasmin: High-Assurance and High-Speed Cryptography [Artifact]José Bacelar Almeida, Manuel Barbosa, Gilles Barthe, Arthur Blot, Benjamin Grégoire, Vincent Laporte, Tiago Oliveira, Hugo Pacheco, Benedikt Schmidt, Pierre-Yves Strub
Keep me Updated: An Empirical Study of Third-Party Library Updatability on Android [Paper] [Artifact]Erik Derr, Sven Bugiel, Sascha Fahl, Yasemin Acar, Michael Backes
Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2Mathy Vanhoef, Frank Piessens
Leaky Cauldron on the Dark Land: Understanding Memory Side-Channel Hazards in SGXWenhao Wang, Guoxing Chen, Xiaorui Pan, Yinqian Zhang, XiaoFeng Wang, Vincent Bindschaedler, Haixu Tang, Carl A. Gunter
Let’s go in for a closer look: Observing passwords in their natural habitatSarah Pearman, Jeremy Thomas, Pardis Emami Naeini, Hana Habib, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, Serge Egelman, Alain Forget
Ligero: Lightweight Sublinear Arguments Without a Trusted SetupScott Ames, Carmit Hazay, Yuval Ishai, Muthuramakrishnan Venkitasubramaniam
Machine Learning Models that Remember Too MuchCongzheng Song, Thomas Ristenpart, Vitaly Shmatikov
MagNet: a Two-Pronged Defense against Adversarial Examples [Paper]Dongyu Meng, Hao Chen
Malicious-Secure Private Set Intersection via Dual Execution [Paper] [Artifact]Peter Rindal, Mike Rosulek
Mass Discovery of Android Traffic Imprints through Instantiated Partial ExecutionYi Chen, Wei You, Yeonjoon Lee, Kai Chen, XiaoFeng Wang, Wei Zou
May the Fourth Be With You: A Microarchitectural Side Channel Attack on Several Real-World Applications of Curve25519 [Paper]Daniel Genkin, Luke Valenta, Yuval Yarom
Most Websites Don’t Need to Vibrate: A Cost-Benefit Approach to Improving Browser Security [Paper]Peter Snyder, Cynthia Taylor, Chris Kanich
Neural Network-based Graph Embedding for Cross-Platform Binary Code Similarity Detection [Paper]Xiaojun Xu, Chang Liu, Qian Feng, Heng Yin, Le Song, Dawn Song
New Techniques for Structural Batch Verification in Bilinear Groups with Applications to Groth-Sahai Proofs [Paper]Gottfried Herold, Max Hoffmann, Michael Klooß , Carla Ràfols, Andy Rupp
No-Match Attacks and Robust Partnering Definitions – Defining Trivial Attacks for Security Protocols is Not Trivial [Paper]Yong Li, Sven Schäge
Nonmalleable Information Flow ControlEthan Cecchetti, Andrew Myers, Owen Arden
Object Flow IntegrityWenhao Wang, Xiaoyang Xu, Kevin Hamlen
Oblivious Neural Network Predictions via MiniONN transformations [Paper]Jian Liu, Mika Juuti, Yao Lu, N. Asokan
On the Power of Optical Contactless Probing: Attacking Bitstream Encryption of FPGAs [Paper]Shahin Tajik, Heiko Lohrke, Jean-Pierre Seifert, Christian Boit
POISED: Spotting Twitter Spam Off the Beaten PathsShirin Nilizadeh, François Labrèche, Alireza Sadighian, Ali Zand, José Fernandez, Christopher Kruegel, Gianluca Stringhini, Giovanni Vigna
PeGaSus: Data-Adaptive Differentially Private Stream ProcessingYan Chen, Ashwin Machanavajjhala, Michael Hay, Gerome Miklau
Pool: Scalable On-Demand Secure Computation Service Against Malicious AdversariesRuiyu Zhu, Yan Huang, Darion Cassel
Post-Quantum Zero-Knowledge and Signatures from Symmetric-Key PrimitivesMelissa Chase, David Derler, Steven Goldfeder, Claudio Orlandi, Sebastian Ramacher, Christian Rechberger, Daniel Slamanig, Greg Zaverucha
Practical Attacks Against Graph-based Clustering [Paper]Yizheng Chen, Yacin Nadji, Athanasios Kountouras, Fabian Monrose, Roberto Perdisci, Manos Antonakakis, Nikolaos Vasiloglou
Practical Graphs for Optimal Side-Channel Resistant Memory-Hard Functions [Paper] [Artifact]Joel Alwen, Jeremiah Blocki, Ben Harsha
Practical Multi-party Private Set Intersection from Symmetric-Key Techniques [Paper] [Artifact]Vladimir Kolesnikov, Naor Matania, Benny Pinkas, Mike Rosulek, Ni Trieu
Practical Quantum-Safe Voting from LatticesRafael del Pino, Vadim Lyubashevsky, Gregory Neven, Gregor Seiler
Practical Secure Aggregation for Privacy-Preserving Machine Learning [Paper]Keith Bonawitz, Vladimir Ivanov, Ben Kreuter, Antonio Marcedone, H. Brendan McMahan, Sarvar Patel, Daniel Ramage, Aaron Segal, Karn Seth
Practical UC-Secure Delegatable Credentials with Attributes and Their Application to BlockchainJan Camenisch, Manu Drijvers, Maria Dubovitskaya
Precise Detection of Side-Channel Vulnerabilities using Quantitative Cartesian Hoare LogicJia Chen, Yu Feng, Isil Dillig
Predicting the Risk of Cyber IncidentsLeyla Bilge, Yufei Han, Matteo Dell’Amico
Presence Attestation: The Missing Link In Dynamic Trust BootstrappingZhangkai Zhang, Xuhua Ding, Gene Tsudik, Jinhua Cui, Zhoujun Li
Provably-Secure Logic Locking: From Theory To PracticeMuhammad Yasin, Abhrajit Sengupta, Mohammed Thari Nabeel, Mohammed Ashraf, Jeyavijayan (JV) Rajendran, Ozgur Sinanoglu
PtrSplit: Supporting general pointers in automatic program partitioningShen Liu, Gang Tan, Trent Jaeger
Quantifying the Pressure of Legal Risks on Third-party Vulnerability Research [Paper] [Artifact]Alexander Gamero-Garrido, Stefan Savage, Kirill Levchenko, Alex C. Snoeren
Querying for Queries: Indexes of Queries for Efficient and Expressive IT-PIR [Paper]Syed Mahbub Hafiz, Ryan Henry
RAIN: Refinable Attack Investigation with On-demand Inter-Process Information Flow TrackingYang Ji, Sangho Lee, Evan Downing, Weiren Wang, Mattia Fazzini, Taesoo Kim, Alessandro Orso, Wenke Lee
Revive: Rebalancing Off-Blockchain Payment Networks [Artifact]Rami Khalil, Arthur Gervais
Rewriting History: Changing the Archived Web from the Present [Artifact]Ada Lerner, Tadayoshi Kohno, Franziska Roesner
Rise of the HaCRS: Augmenting Autonomous Cyber Reasoning Systems with Human AssistanceYan Shoshitaishvili, Michael Weissbacher, Lukas Dresel, Christopher Salls, Ruoyu Wang, Christopher Kruegel, Giovanni Vigna
S3ORAM: A Computation-Efficient and Constant Client Bandwidth Blowup ORAM with Shamir Secret Sharing [Paper] [Artifact]Thang Hoang, Ceyhun D. Ozkaptan, Attila A. Yavuz, Jorge Guajardo, Tam Nguyen
Scaling ORAM for Secure Computation [Paper] [Artifact]Jack Doerner, abhi shelat
SemFuzz: Semantics-based Automatic Generation of Proof-of-Concept ExploitsWei You, Peiyuan Zong, Kai Chen, XiaoFeng Wang, Xiaojing Liao, Pan Bian, Bin Liang
Side-Channel Attacks on BLISS Lattice-Based Signatures: Exploiting Branch Tracing Against strongSwan and Electromagnetic Emanations in Microcontrollers [Paper] [Artifact]Thomas Espitau, Pierre-Alain Fouque, Benoït Gérard, Mehdi Tibouchi
SlowFuzz: Automated Domain-Independent Detection of Algorithmic Complexity Vulnerabilities [Paper]Theofilos Petsios, Jason Zhao, Angelos D. Keromytis, Suman Jana
Solidus: Confidential Distributed Ledger Transactions via PVORM [Paper]Ethan Cecchetti, Fan Zhang, Yan Ji, Ahmed Kosba, Ari Juels, Elaine Shi
Stacco: Differentially Analyzing Side-Channel Traces for Detecting SSL/TLS Vulnerabilities in Secure Enclaves [Paper]Yuan Xiao, Mengyuan Li, Sanchuan Chen, Yinqian Zhang
Standardizing Bad Cryptographic Practice - A teardown of the IEEE standard for protecting electronic-design intellectual propertyAnimesh Chhotaray, Adib Nahiyan, Thomas Shrimpton, Domenic J Forte, Mark Tehranipoor
Synthesis of Probabilistic Privacy Enforcement [Artifact]Martin Kucera, Petar Tsankov, Timon Gehr, Marco Guarnieri, Martin Vechev
T/Key: Second-Factor Authentication From Secure Hash Chains [Paper]Dmitry Kogan, Nathan Manohar, Dan Boneh
Tail Attacks on Web ApplicationsHuasong Shan, Qingyang Wang, Calton Pu
The ART of App Compartmentalization: Compiler-based Library Privilege Separation on Stock AndroidJie Huang, Oliver Schranz, Sven Bugiel, Michael Backes
The Dynamics of Innocent Flesh on the Bone: Code Reuse Ten Years Later [Paper] [Artifact]Victor van der Veen, Dennis Andriesse, Manolis Stamatogiannakis, Xi Chen, Herbert Bos, Cristiano Giuffrida
The Return of Coppersmith’s Attack: Practical Factorization of Widely Used RSA Moduli [Artifact]Matus Nemec, Marek Sys, Petr Svenda, Dusan Klinec, Vashek Matyas
The TypTop System: Personalized Typo-tolerant Password Checking [Paper] [Artifact]Rahul Chatterjee, Joanne Woodage, Yuval Pnueli, Anusha Chowdhury, Thomas Ristenpart
The Waterfall of Liberty: Decoy Routing Circumvention that Resists Routing AttacksMilad Nasr, Hadi Zolfaghari, Amir Houmansadr
The Wolf of Name Street: Hijacking Domains Through Their Nameservers [Paper]Thomas Vissers, Timothy Barron, Tom Van Goethem, Wouter Joosen, Nick Nikiforakis
TinyOLE: Efficient Actively Secure Two-Party Computation from Oblivious Linear Function EvaluationNico Döttling, Satrajit Ghosh, Jesper Buus Nielsen, Tobias Nilges, Roberto Trifiletti
To BLISS-B or not to be - Attacking strongSwan’s Implementation of Post-Quantum Signatures [Paper]Peter Pessl, Leon Groot Bruinderink, Yuval Yarom
Unleashing the Walking Dead: Understanding Cross-App Remote Infections on Mobile WebViewsTongxin Li, Xueqiang Wang, Mingming Zha, Kai Chen, XiaoFeng Wang, Luyi Xing, Xiaolong Bai, Nan Zhang, Xinhui Han
Use Privacy in Data-Driven Systems: Theory and Experiments with Machine Learnt Programs [Paper] [Artifact]Anupam Datta, Matthew Fredrikson, Gihyuk Ko, Piotr Mardziel, Shayak Sen
Verified Correctness and Security of mbedTLS HMAC-DRBG [Paper] [Artifact]Katherine Q. Ye, Matthew Green, Naphat Sanguansin, Lennart Beringer, Adam Petcher, Andrew W. Appel
Verifying Security Policies in Multi-agent Workflows with Loops [Paper] [Artifact]Bernd Finkbeiner, Christian Müller, Helmut Seidl, Eugen Zalinescu
VibWrite: Towards Finger-input Authentication on Ubiquitous Surfaces via Physical VibrationJian Liu, Chen Wang, Yingying Chen, Nitesh Saxena
Viden: Attacker Identification on In-Vehicle Networks [Paper]Kyong-Tak Cho, Kang G. Shin
Vulnerable Implicit Service: A RevisitLingguang Lei, Yi He, Kun Sun, Jiwu Jing, Yuewu Wang, Qi Li, Jian Weng
Watch Me, but Don’t Touch Me! Contactless Control Flow Monitoring via Electromagnetic Emanations [Paper]Yi Han, Sriharsha Etigowni, Hua Liu, Saman Zonouz, Athina Petropulu
Where the Wild Warnings Are: Root Causes of Chrome HTTPS Certificate ErrorsMustafa Emre Acer, Emily Stark, Adrienne Porter Felt, Sascha Fahl, Radhika Bhargava, Bhanu Dev, Matt Braithwaite, Ryan Sleevi, Parisa Tabriz
Why Do Developers Get Password Storage Wrong? A Qualitative Usability Study [Paper]Alena Naiakshina, Anastasia Danilova, Christian Tiefenau, Marco Herzog, Sergej Dechand, Matthew Smith
Zero-Knowledge Contingent Payments Revisited: Attacks and Payments for Services [Paper] [Artifact]Matteo Campanelli, Rosario Gennaro, Steven Goldfeder, Luca Nizzardo
walk2friends: Inferring Social Links from Mobility Profiles [Paper] [Artifact]Michael Backes, Mathias Humbert, Jun Pang, Yang Zhang