ACM Conference on Computer and Communications Security

CCS 2017 - Accepted Papers

The following papers have been accepted to the 24th ACM Conference on Computer and Communications Security (151 papers accepted out of 836 submissions).

List By Authors · Institutions

(Alphabetical by Paper Title)

5Gen-C: Multi-input Functional Encryption and Program Obfuscation for Arithmetic CircuitsBrent Carmer (Oregon State University), Alex J. Malozemoff (Galois), Mariana Raykova (Yale University)
A Comprehensive Symbolic Analysis of TLS 1.3Cas Cremers (University of Oxford), Marko Horvat (The Max Planck Institute For Software Systems), Jonathan Hoyland (Royal Holloway, University of London), Sam Scott (Royal Holloway, University of London), Thyla van der Merwe (Royal Holloway, University of London)
A Fast and Verified Software Stack for Secure Function EvaluationJosé Bacelar Almeida (HASLab – INESC TEC / Universidade do Minho), Manuel Barbosa (HASLab – INESC TEC / DCC FC Universidade do Porto), Gilles Barthe (IMDEA Software Institute), François Dupressoir (University of Surrey), Benjamin Grégoire (INRIA Sophia-Antipolis), Vincent Laporte (IMDEA Software Institute), Vitor Pereira (HASLab – INESC TEC / DCC FC Universidade do Porto)
A Formal Foundation for Secure Remote Execution of EnclavesPramod Subramanyan (University of California, Berkeley), Rohit Sinha (University of California, Berkeley), Ilia Lebedev (Massachusetts Institute of Technology), Srinivas Devadas (Massachusetts Institute of Technology), Sanjit Seshia (University of California, Berkeley)
A Framework for Constructing Fast MPC over Arithmetic Circuits with Malicious Adversaries and an Honest-MajorityYehuda Lindell (Bar-Ilan University), Ariel Nof (Bar-Ilan University)
A Large-Scale Empirical Study of Security PatchesFrank Li (University of California, Berkeley), Vern Paxson (University of California, Berkeley)
A Practical Encrypted Data Analytic Framework With Trusted ProcessorsFahad Shaon (University of Texas at Dallas), Murat Kantarcioglu (University of Texas at Dallas), Zhiqiang Lin (University of Texas at Dallas), Latifur Khan (University of Texas at Dallas)
A Stitch in Time: Supporting Android Developers in Writing Secure CodeDuc Cuong Nguyen (CISPA, Saarland University), Dominik Wermke (Leibniz University Hannover), Yasemin Acar (Leibniz University Hannover), Michael Backes (CISPA, Saarland University), Charles Weir (Security Lancaster, Lancaster University), Sascha Fahl (Leibniz University Hannover)
A Touch of Evil: High-Assurance Cryptographic Hardware from Untrusted ComponentsVasilios Mavroudis (University College London), Andrea Cerulli (University College London), Petr Svenda (Masaryk University), Dan Cvrcek (EnigmaBridge), Dusan Klinec (EnigmaBridge), George Danezis (University College London)
A type system for privacy propertiesVéronique Cortier (Loria, CNRS / Inria), Niklas Grimm (TU Wien), Joseph Lallemand (Loria, CNRS / Inria), Matteo Maffei (TU Wien)
AUTHSCOPE: Towards Automatic Discovery of Vulnerable Access Control in Online ServicesChaoshun Zuo (University of Texas at Dallas), Qingchuan Zhao (University of Texas at Dallas), Zhiqiang Lin (University of Texas at Dallas)
Algorithm Substitution Attacks from a Steganographic PerspectiveSebastian Berndt (University of Luebeck), Maciej Liskiewicz (University of Luebeck)
Attribute-Based Encryption in the Generic Group Model: Automated Proofs and New ConstructionsMiguel Ambrona (IMDEA Software Institute / Universidad Politécnica de Madrid), Gilles Barthe (IMDEA Software Institute), Romain Gay (ENS, Paris), Hoeteck Wee (ENS, Paris)
Authenticated Garbling and Efficient Maliciously Secure Two-Party ComputationXiao Wang (University of Maryland), Samuel Ranellucci (University of Maryland / George Mason University), Jonathan Katz (University of Maryland)
Automated Crowdturfing Attacks and Defenses in Online Review SystemsYuanshun Yao (University of Chicago), Bimal Viswanath (University of Chicago), Jenna Cryan (University of Chicago), Haitao Zheng (University of Chicago), Ben Y. Zhao (University of Chicago)
BBA+: Improving the Security and Applicability of Privacy-Preserving Point CollectionGunnar Hartung (Karlsruhe Institute of Technology), Max Hoffmann (Ruhr-Universität Bochum), Matthias Nagel (Karlsruhe Institute of Technology), Andy Rupp (Karlsruhe Institute of Technology)
Back to the drawing board: Revisiting the design of optimal location privacy-preserving mechanismsSimon Oya (University of Vigo), Carmela Troncoso (IMDEA Software Institute), Fernando Pérez-González (University of Vigo)
Be Selfish and Avoid Dilemmas: Fork After Withholding (FAW) Attacks on BitcoinYujin Kwon (KAIST), Dohyun Kim (KAIST), Yunmok Son (KAIST), Eugene Vasserman (Kansas State University), Yongdae Kim (KAIST)
Betrayal, Distrust, and Rationality: Smart Counter-Collusion Contracts for Verifiable Cloud ComputingChangyu Dong (Newcastle University), Yilei Wang (Newcastle University), Amjad Aldweesh (Newcastle University), Patrick McCorry (Newcastle University), Aad van Moorsel (Newcastle University)
Better Bounds for Block Cipher Modes of Operation via Nonce-Based Key DerivationShay Gueron (Haifa University / AWS), Yehuda Lindell (Bar-Ilan University)
Better Than Advertised: Improved Security Guarantees for MD-Based Hash FunctionsMihir Bellare (University of California, San Diego), Joseph Jaeger (University of California, San Diego), Julia Len (University of California, San Diego)
Bolt: Anonymous Payment Channels for Decentralized CurrenciesMatthew Green (Johns Hopkins University), Ian Miers (Johns Hopkins University)
CCCP: Closed Caption Crypto Phones to Resist MITM Attacks, Human Errors and Click-ThroughMaliheh Shirvanian (University of Alabama at Birmingham), Nitesh Saxena (University of Alabama at Birmingham)
Capturing Malware Propagations with Code Injections and Code-Reuse attacksDavid Korczynski (University of Oxford), Heng Yin (University of California, Riverside)
Certified Malware: Measuring Breaches of Trust in the Windows Code-Signing PKIDoowon Kim (University of Maryland), Bum Jun Kwon (University of Maryland), Tudor Dumitraş  (University of Maryland)
Certified Verification of Algebraic Properties on Low-Level Mathematical Constructs in Cryptographic ProgramsMing-Hsien Tsai (Academia Sinica), Bow-Yaw Wang (Academia Sinica), Bo-Yin Yang (Academia Sinica)
Checking Open-Source License Violation and 1-day Security Risk at Large ScaleRuian Duan (Georgia Institute of Technology), Ashish Bijlani (Georgia Institute of Technology), Meng Xu (Georgia Institute of Technology), Taesoo Kim (Georgia Institute of Technology), Wenke Lee (Georgia Institute of Technology)
Client-side Name Collision Vulnerability in the New gTLD Era: A Systematic StudyQi Alfred Chen (University of Michigan), Matthew Thomas (Verisign Labs), Eric Osterweil (Verisign Labs), Yulong Cao (University of Michigan), Jie You (University of Michigan), Z. Morley Mao (University of Michigan)
Code-reuse attacks for the Web: Breaking Cross-Site Scripting Mitigations via Script GadgetsSebastian Lekies (Google), Krzysztof Kotowicz (Google), Samuel Groß  (SAP SE), Eduardo Vela (Google), Martin Johns (SAP SE)
Composing Differential Privacy and Secure Computation: A case study on scaling private record linkageXi He (Duke University), Ashwin Machanavajjhala (Duke University), Cheryl Flynn (AT&T Labs-Research), Divesh Srivastava (AT&T Labs-Research)
Compressive Traffic Analysis: A New Paradigm for Scalable Traffic AnalysisMilad Nasr (University of Massachusetts Amherst), Amir Houmansadr (University of Massachusetts Amherst), Arya Mazumdar (University of Massachusetts Amherst)
Concurrency and Privacy with Payment-Channel NetworksGiulio Malavolta (Friedrich-Alexander University Erlangen Nuernberg), Pedro Moreno-Sanchez (Purdue University), Aniket Kate (Purdue University), Matteo Maffei (TU Wien), Srivatsan Ravi (University of Southern California)
Cryptographically Secure Information Flow Control on Key-Value StoresLucas Waye (Harvard University), Pablo Buiras (Harvard University), Owen Arden (University of California, Santa Cruz), Alejandro Russo (Chalmers University of Technology), Stephen Chong (Harvard University)
DEFTL: Implementing Plausibly Deniable Encryption in Flash Translation LayerShijie Jia (Chinese Academy of Sciences, Institute of Information Engineering), Luning Xia (Chinese Academy of Sciences, Institute of Information Engineering), Bo Chen (Michigan Technological University), Peng Liu (The Pennsylvania State University, College of Information Sciences and Technology)
DIFUZE:Interface Aware Fuzzing for Kernel DriversJake Corina (University of California, Santa Barbara), Aravind Machiry (University of California, Santa Barbara), Christopher Salls (University of California, Santa Barbara), Yan Shoshitaishvili (University of California, Santa Barbara), Shuang Hao (University of Texas at Dallas / University of California, Santa Barbara), Christopher Kruegel (University of California, Santa Barbara), Giovanni Vigna (University of California, Santa Barbara)
DUPLO: Unifying Cut-and-Choose for Garbled CircuitsVladimir Kolesnikov (Bell Labs), Jesper Buus Nielsen (Aarhus University), Mike Rosulek (Oregon State University), Ni Trieu (Oregon State University), Roberto Trifiletti (Aarhus University)
Data breaches, phishing, or malware? Understanding the risks of stolen credentialsKurt Thomas (Google), Frank Li (University of California, Berkeley), Ali Zand (Google), Jake Barrett (Google), Juri Ranieri (Google), Eric Severance (Google), Luca Invernizzi (Google), Yarik Markov (Google), Oxana Comanescu (Google), Vijay Eranti (Google), Angelika Moscicki (Google), Dan Margolis (Google), Vern Paxson (University of California, Berkeley), Elie Bursztein (Google)
Deemon: Detecting CSRF with Dynamic Analysis and Property GraphsGiancarlo Pellegrino (CISPA, Saarland University), Martin Johns (SAP SE), Simon Koch (CISPA, Saarland University), Michael Backes (CISPA, Saarland University), Christian Rossow (CISPA, Saarland University)
Deep Models Under the GAN: Information Leakage from Collaborative Deep LearningBriland Hitaj (Stevens Institute of Technology), Giuseppe Ateniese (Stevens Institute of Technology), Fernando Perez-Cruz (Stevens Institute of Technology)
DeepLog: Anomaly Detection and Diagnosis from System Logs through Deep LearningMin Du (University of Utah), Feifei Li (University of Utah), Guineng Zheng (University of Utah), Vivek Srikumar (University of Utah)
Defending Against Key Exfiltration: Efficiency Improvements for Big-Key Cryptography via Large-Alphabet Subkey PredictionMihir Bellare (University of California, San Diego), Wei Dai (University of California, San Diego)
Designing New Operating Primitives to Improve Fuzzing PerformanceWen Xu (Georgia Institute of Technology), Sanidhya Kashyap (Georgia Institute of Technology), Changwoo Min (Georgia Institute of Technology), Taesoo Kim (Georgia Institute of Technology)
Detecting Structurally Anomalous Logins Within Enterprise NetworksHossein Siadati (New York University), Nasir Memon (New York University)
Deterministic BrowserYinzhi Cao (Lehigh University), Zhanhao Chen (Lehigh University), Song Li (Lehigh University), Shujiang Wu (Lehigh University)
Deterministic, Stash-Free Write-Only ORAMDaniel S. Roche (United States Naval Academy), Adam J. Aviv (United States Naval Academy), Seung Geol Choi (United States Naval Academy), Travis Mayberry (United States Naval Academy)
Directed Greybox FuzzingMarcel Böhme (National University of Singapore), Van-Thuan Pham (National University of Singapore), Manh-Dung Nguyen (National University of Singapore), Abhik Roychoudhury (National University of Singapore)
Distributed Measurement with Private Set-Union CardinalityEllis Fenske (Tulane University), Akshaya Mani (Georgetown University), Aaron Johnson (U.S. Naval Research Lab), Micah Sherr (Georgetown University)
DolphinAttack: Inaudible Voice CommandsGuoming Zhang (Zhejiang University), Chen Yan (Zhejiang University), Xiaoyu Ji (Zhejiang University), Tianchen Zhang (Zhejiang University), Taimin Zhang (Zhejiang University), Wenyuan Xu (Zhejiang University)
Don’t Let One Rotten Apple Spoil the Whole Barrel: Towards Automated Detection of Shadowed DomainsDaiping Liu (University of Delaware), Zhou Li (ACM Member), Kun Du (Tsinghua University), Haining Wang (University of Delaware), Baojun Liu (Tsinghua University), Haixin Duan (Tsinghua University)
Economic Factors of Vulnerability Trade and Exploitation: Empirical evidence from a prominent Russian cybercrime marketLuca Allodi (Eindhoven University of Technology)
Efficient Public Trace-and-Revoke from Standard AssumptionsShweta Agrawal (IIT Madras), Sanjay Bhattacherjee (Turing Lab, ASU, ISI Kolkata), Duong Hieu Phan (XLIM (U. Limoges, CNRS), France), Damien Stehle (ENS Lyon, Laboratoire LIP (U. Lyon, CNRS, ENSL, INRIA, UCBL)), Shota Yamada (National Institute of Advanced Industrial Science and Technology (AIST), Japan)
Efficient, Constant-Round and Actively Secure MPC: Beyond the Three-Party CaseNishanth Chandran (Microsoft Research India), Juan Garay (Texas A&M University), Payman Mohassel (Visa Research), Satyanarayana Vusirikala (Microsoft Research India)
Evading Classifiers by Morphing in the DarkHung Dang (National University of Singapore), Yue Huang (National University of Singapore), Ee-Chien Chang (National University of Singapore)
Exploiting a Thermal Side Channel for Power Attacks in Multi-Tenant Data CentersMohammad A. Islam (University of California, Riverside), Shaolei Ren (University of California, Riverside), Adam Wierman (California Institute of Technology)
FAME: Fast Attribute-based Message EncryptionShashank Agrawal (Visa Research), Melissa Chase (Microsoft Research)
Fairness in an Unfair World: Fair Multiparty Computation from public Bulletin BoardsArka Rai Choudhuri (Johns Hopkins University), Matthew Green (Johns Hopkins University), Abhishek Jain (Johns Hopkins University), Gabriel Kaptchuk (Johns Hopkins University), Ian Miers (Johns Hopkins University)
Fast Private Set Intersection from Homomorphic EncryptionHao Chen (Microsoft Research), Kim Laine (Microsoft Research), Peter Rindal (Oregon State University)
Faulds: A Non-Parametric Iterative Classifier for Internet-Wide OS FingerprintingZain Shamsi (Texas A&M University), Daren B.H. Cline (Texas A&M University), Dmitri Loguinov (Texas A&M University)
FirmUSB: Vetting USB Device Firmware using Domain Informed Symbolic ExecutionGrant Hernandez (University of Florida), Farhaan Fowze (University of Florida), Dave (Jing) Tian (University of Florida), Tuba Yavuz (University of Florida), Kevin Butler (University of Florida)
FlashGuard: Leveraging Intrinsic Flash Properties to Defend Against Encryption RansomwareJian Huang (Georgia Institute of Technology), Jun Xu (The Pennsylvania State University), Xingyu Xing (The Pennsylvania State University), Peng Liu (The Pennsylvania State University), Moinuddin K. Qureshi (Georgia Institute of Technology)
Forward Secure Dynamic Searchable Symmetric Encryption with Efficient UpdatesKee Sung Kim (Electronics and Telecommunications Research Institute), Minkyu Kim (Electronics and Telecommunications Research Institute), Dongsoo Lee (Electronics and Telecommunications Research Institute), Je Hong Park (Electronics and Telecommunications Research Institute), Woo-Hwan Kim (Electronics and Telecommunications Research Institute)
FreeGuard: A Faster Secure Heap AllocatorSam Silvestro (University of Texas at San Antonio), Hongyu Liu (University of Texas at San Antonio), Corey Crosser (University of Texas at San Antonio), Zhiqiang Lin (University of Texas at Dallas), Tongping Liu (University of Texas at San Antonio)
Full accounting for verifiable outsourcingRiad S. Wahby (Stanford University), Ye Ji (New York University), Andrew J. Blumberg (University of Texas at Austin), abhi shelat (Northeastern University), Justin Thaler (Georgetown University), Michael Walfish (New York University), Thomas Wies (New York University)
Generating Synthetic Decentralized Social Graphs with Local Differential PrivacyZhan Qin (State University of New York at Buffalo), Yin Yang (College of Science and Engineering, Hamad Bin Khalifa University), Ting Yu (Qatar Computing Research Institute, Hamad Bin Khalifa University), Xiaokui Xiao (Nanyang Technological University), Issa Khalil (Qatar Computing Research Institute, Hamad Bin Khalifa University), Kui Ren (State University of New York at Buffalo)
Generic Semantic Security against a Kleptographic AdversaryAlexander Russell (University of Connecticut), Qiang Tang (New Jersey Institute of Technology), Moti Yung (Snap, Inc. / Columbia University), Hong-Sheng Zhou (Virginia Commonwealth University)
Global-Scale Secure Multiparty ComputationXiao Wang (University of Maryland), Samuel Ranellucci (University of Maryland / George Mason University), Jonathan Katz (University of Maryland)
Gomora: Efficient Type Safety for C++Yuseok Jeon (Purdue University), Priyam Biswas (Purdue University), Scott Carr (Purdue University), Byoungyoung Lee (Purdue University), Mathias Payer (Purdue University)
HACL*: A Verified Modern Cryptographic LibraryJean-Karim Zinzindohoué and Karthikeyan Bhargavan (Inria Paris), Jonathan Protzenko (Microsoft Research), Benjamin Beurdouche (Inria Paris)
Hearing Your Voice Is Not Enough: An Articulatory Gesture Based Liveness Detection for Voice AuthenticationLinghan Zhang (Florida State University), Sheng Tan (Florida State University), Jie Yang (Florida State University)
Herding Vulnerable Cats: A Statistical Approach to Disentangle Joint Responsibility for Web Security in Shared HostingSamaneh Tajalizadehkhoob (Delft University of Technology), Tom van Goethem (KU Leuven, imec-DistriNet), Maciej Korczyński (Delft University of Technology), Arman Noroozian (Delft University of Technology), Rainer Böhme (Innsbruck University), Tyler Moore (The University of Tulsa), Wouter Joosen (KU Leuven, imec-DistriNet), Michel van Eeten (Delft University of Technology)
Hiding in Plain Sight: A Longitudinal Study of Combosquatting AbusePanagiotis Kintis (Georgia Institute of Technology), Najmeh Miramirkhani (Stony Brook University), Charles Lever (Georgia Institute of Technology), Yizheng Chen (Georgia Institute of Technology), Rosa Romero-Gómez (Georgia Institute of Technology), Nikolaos Pitropakis (London South Bank University), Nick Nikiforakis (Stony Brook University), Manos Antonakakis (Georgia Institute of Technology)
Hindsight: Understanding the Evolution of UI Vulnerabilities in Mobile BrowsersMeng Luo (Stony Brook University), Oleksii Starov (Stony Brook University), Nima Honarmand (Stony Brook University), Nick Nikiforakis (Stony Brook University)
Homomorphic Secret Sharing: Optimizations and ApplicationsElette Boyle (IDC Herzliya), Geoffroy Couteau (ENS, Paris), Niv Gilboa (Ben Gurion University), Yuval Ishai (Technion / University of California, Los Angeles), Michele Orru (ENS, Paris)
How Unique is Your .onion? An Analysis of the Fingerprintability of Tor Onion ServicesRebekah Overdorf (Drexel University), Marc Juarez (KU Leuven), Gunes Acar (KU Leuven), Rachel Greenstadt (Drexel University), Claudia Diaz (KU Leuven)
IMF: Inferred Model-based FuzzerHyungSeok Han (KAIST), Sang Kil Cha (KAIST)
Identity-Based Format-Preserving EncryptionMihir Bellare (University of California, San Diego), Viet Tung Hoang (Florida State University)
Implementing BP-Obfuscation Using Graph-Induced EncodingShai Halevi (IBM), Tzipora Halevi (IBM), Victor Shoup (IBM and New York University), Noah Stephens-Davidowitz (New York University)
Iron: Functional Encryption using Intel SGXBen A. Fisch (Stanford University), Dhinakaran Vinayagamurthy (University of Waterloo), Dan Boneh (Stanford University), Sergey Gorbunov (University of Waterloo)
JITGuard: Hardening Just-in-time Compilers with SGXTommaso Frassetto (Technische Universität Darmstadt), David Gens (Technische Universität Darmstadt), Christopher Liebchen (Technische Universität Darmstadt), Ahmad-Reza Sadeghi (Technische Universität Darmstadt)
Jasmin: High-Assurance and High-Speed CryptographyJosé Bacelar Almeida (HASLab – INESC TEC / Universidade do Minho), Manuel Barbosa (HASLab – INESC TEC / DCC FC Universidade do Porto), Gilles Barthe (IMDEA Software Institute), Arthur Blot (ENS Lyon), Benjamin Grégoire (Inria), Vincent Laporte (IMDEA Software Institute), Tiago Oliveira (HASLab – INESC TEC / Universidade do Minho), Hugo Pacheco (HASLab – INESC TEC / Universidade do Minho), Benedikt Schmidt (IMDEA Software Institute), Pierre-Yves Strub (Ecole Polytechnique)
Keep me updated: An Empirical Study of Third-Party Library Updatability on AndroidErik Derr (CISPA, Saarland University), Sven Bugiel (CISPA, Saarland University), Sascha Fahl (Leibniz University Hannover), Yasemin Acar (Leibniz University Hannover), Michael Backes (CISPA, Saarland University)
Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2Mathy Vanhoef (KU Leuven, imec-DistriNet), Frank Piessens (KU Leuven, imec-DistriNet)
Leaky Cauldron on the Dark Land: Understanding Memory Side-Channel Hazards in SGXWenhao Wang (Indiana University), Guoxing Chen (The Ohio State University), Xiaorui Pan (Indiana University), Yinqian Zhang (The Ohio State University), Xiaofeng Wang (Indiana University), Vincent Bindschaedler (University of Illinois at Urbana-Champaign), Haixu Tang (Indiana University), Carl A. Gunter (University of Illinois at Urbana-Champaign)
Let’s go in for a closer look: Observing passwords in their natural habitatSarah Pearman (Carnegie Mellon University), Jeremy Thomas (Carnegie Mellon University), Pardis Emami Naeini (Carnegie Mellon University), Hana Habib (Carnegie Mellon University), Lujo Bauer (Carnegie Mellon University), Nicolas Christin (Carnegie Mellon University), Lorrie Faith Cranor (Carnegie Mellon University), Serge Egelman (University of California, Berkeley), Alain Forget (Google)
Ligero: Lightweight Sublinear Arguments Without a Trusted SetupScott Ames (University of Rochester), Carmit Hazay (Bar-Ilan University), Yuval Ishai (Technion / University of California, Los Angeles), Muthuramakrishnan Venkitasubramaniam (University of Rochester)
Machine Learning Models that Remember Too MuchCongzheng Song (Cornell University), Thomas Ristenpart (Cornell Tech), Vitaly Shmatikov (Cornell Tech)
MagNet: a Two-Pronged Defense against Adversarial ExamplesDongyu Meng (ShanghaiTech University), Hao Chen (University of California, Davis)
Malicious-Secure Private Set Intersection via Dual ExecutionPeter Rindal (Oregon State University), Mike Rosulek (Oregon State University)
Mass Discovery of Android Traffic Imprints through Instantiated Partial ExecutionYi Chen (University of Chinese Academy of Sciences), Wei You (Indiana University), Yeonjoon Lee (Indiana University), Kai Chen (University of Chinese Academy of Sciences), Xiaofeng Wang (Indiana University), Wei Zou (University of Chinese Academy of Sciences)
May the Fourth Be With You: A Microarchitectural Side Channel Attack on Real-World Applications of Curve25519Daniel Genkin (University of Pennsylvania / University of Maryland), Luke Valenta (University of Pennsylvania), Yuval Yarom (University of Adelaide / Data61)
Most Websites Don’t Need to Vibrate: A Cost-Benefit Approach to Improving Browser SecurityPeter Snyder (University of Illinois at Chicago), Cynthia Taylor (University of Illinois at Chicago), Chris Kanich (University of Illinois at Chicago)
Neural Network-based Graph Embedding for Cross-Platform Binary Code Similarity DetectionXiaojun Xu (Shanghai Jiao Tong University), Chang Liu (University of California, Berkeley), Qian Feng (Samsung Research America), Heng Yin (University of California, Riverside), Le Song (Georgia Institute of Technology), Dawn Song (University of California, Berkeley)
New Techniques for Structural Batch Verification in Bilinear Groups with Applications to Groth-Sahai ProofsGottfried Herold (ENS Lyon), Max Hoffmann (Ruhr-Universität Bochum), Michael Klooß  (Karlsruhe Institute of Technology), Carla Ràfols (UPF Barcelona), Andy Rupp (Karlsruhe Institute of Technology)
No-Match Attacks and Robust Partnering Definitions – Defining Trivial Attacks for Security Protocols is Not TrivialYong Li (Huawei Technologies Düsseldorf), Sven Schäge (Ruhr-Universität Bochum)
Nonmalleable Information Flow ControlEthan Cecchetti (Cornell University), Andrew Myers (Cornell University), Owen Arden (University of California, Santa Cruz)
Object Flow IntegrityWenhao Wang (University of Texas at Dallas), Xiaoyang Xu (University of Texas at Dallas), Kevin Hamlen (University of Texas at Dallas)
Oblivious Neural Network Predictions via MiniONN transformationsJian Liu (Aalto University), Mika Juuti (Aalto University), Yao Lu (Aalto University), N. Asokan (Aalto University)
On the Power of Optical Contactless Probing: Attacking Bitstream Encryption of FPGAsShahin Tajik (Technische Universität Berlin), Heiko Lohrke (Technische Universität Berlin), Jean-Pierre Seifert (Technische Universität Berlin), Christian Boit (Technische Universität Berlin)
POISED: Spotting Twitter Spam Off the Beaten PathsShirin Nilizadeh (University of California, Santa Barbara), François Labrèche (École Polytechnique de Montréal), Alireza Sadighian (École Polytechnique de Montréal), Ali Zand (University of California, Santa Barbara), José Fernandez (École Polytechnique de Montréal), Gianluca Stringhini (University College London), Giovanni Vigna (University of California, Santa Barbara), Christopher Kruegel (University of California, Santa Barbara)
PeGaSus: Data-Adaptive Differentially Private Stream ProcessingYan Chen (Duke University), Ashwin Machanavajjhala (Duke University), Michael Hay (Colgate University), Gerome Miklau (University of Massachusetts Amherst)
Pool: Scalable On-Demand Secure Computation Service Against Malicious AdversariesRuiyu Zhu (Indiana University), Yan Huang (Indiana University)
Post-Quantum Zero-Knowledge and Signatures from Symmetric-Key PrimitivesMelissa Chase (Microsoft Research), David Derler (Graz University of Technology), Steven Goldfeder (Princeton University), Claudio Orlandi (Aarhus University), Sebastian Ramacher (Graz University of Technology), Christian Rechberger (Graz University of Technology / Denmark Technical University), Daniel Slamanig (AIT Austrian Institute of Technology), Greg Zaverucha (Microsoft Research)
Practical Attacks Against Graph-based ClusteringYizheng Chen (Georgia Institute of Technology), Yacin Nadji (Georgia Institute of Technology), Athanasios Kountouras (Georgia Institute of Technology), Fabian Monrose (University of North Carolina at Chapel Hill), Roberto Perdisci (University of Georgia), Manos Antonakakis (Georgia Institute of Technology), Nikolaos Vasiloglou (Symantec)
Practical Graphs for Optimal Side-Channel Resistant Memory-Hard FunctionsJoel Alwen (IST Austria), Jeremiah Blocki (Purdue University), Ben Harsha (Purdue University)
Practical Multi-party Private Set Intersection from Symmetric-Key TechniquesVladimir Kolesnikov (Bell Labs), Naor Matania (Bar-Ilan University), Benny Pinkas (Bar-Ilan University), Mike Rosulek (Oregon State University), Ni Trieu (Oregon State University)
Practical Quantum-Safe Voting from LatticesRafael del Pino (IBM Research - Zürich), Vadim Lyubashevsky (IBM Research - Zürich), Gregory Neven (IBM Research - Zürich), Gregor Seiler (IBM Research - Zürich)
Practical Secure Aggregation for Privacy-Preserving Machine LearningKeith Bonawitz (Google), Vladimir Ivanov (Google), Ben Kreuter (Google), Antonio Marcedone (Cornell University), H. Brendan McMahan (Google), Sarvar Patel (Google), Daniel Ramage (Google), Aaron Segal (Google), Karn Seth (Google)
Practical UC-Secure Delegatable Credentials with Attributes and Their Application to BlockchainJan Camenisch (IBM Research - Zürich), Manu Drijvers (IBM Research - Zürich / ETH Zürich), Maria Dubovitskaya (IBM Research - Zürich)
Precise Detection of Side-Channel Vulnerabilities using Quantitative Cartesian Hoare LogicJia Chen (University of Texas at Austin), Yu Feng (University of Texas at Austin), Isil Dillig (University of Texas at Austin)
Predicting the Risk of Cyber IncidentsLeyla Bilge (Symantec Research Labs), Yufei Han (Symantec Research Labs), Matteo Dell’Amico (Symantec Research Labs)
Presence Attestation: The Missing Link In Dynamic Trust BootstrappingZhangkai Zhang (Beihang University), Xuhua Ding (Singapore Management University), Gene Tsudik (University of California, Irvine), Jinhua Cui (Singapore Management University), Zhoujun Li (Beihang University)
Provably-Secure Logic Locking: From Theory To PracticeMuhammad Yasin (New York University), Abhrajit Sengupta (New York University), Mohammed Thari Nabeel (New York University), Mohammed Ashraf (New York University), Jeyavijayan (JV) Rajendran (University of Texas at Dallas), Ozgur Sinanoglu (New York University)
PtrSplit: Supporting general pointers in automatic program partitioningShen Liu (The Pennsylvania State University), Gang Tan (The Pennsylvania State University), Trent Jaeger (The Pennsylvania State University)
Quantifying the Pressure of Legal Risks on Third-party Vulnerability ResearchAlexander Gamero-Garrido (University of California, San Diego), Stefan Savage (University of California, San Diego), Kirill Levchenko (University of California, San Diego), Alex C. Snoeren (University of California, San Diego)
Querying for Queries: Indexes of Queries for Efficient and Expressive IT-PIRSyed Mahbub Hafiz (Indiana University), Ryan Henry (Indiana University)
RAIN: Refinable Attack Investigation with On-demand Inter-Process Information Flow TrackingYang Ji (Georgia Institute of Technology), Sangho Lee (Georgia Institute of Technology), Evan Downing (Georgia Institute of Technology), Weiren Wang (Georgia Institute of Technology), Mattia Fazzini (Georgia Institute of Technology), Taesoo Kim (Georgia Institute of Technology), Alessandro Orso (Georgia Institute of Technology), Wenke Lee (Georgia Institute of Technology)
Reducing Searchable Encryption Leakage using Constrained Cryptographic PrimitivesRaphael Bost (Direction Générale de l’Armement - Maitrise de l’Information / IRISA / Université de Rennes 1), Brice Minaud (Royal Holloway, University of London), Olga Ohrimenko (Microsoft Research, Cambridge)
Return of the Coppersmith’s Attack: Practical Factorization of Widely Used RSA ModuliMatus Nemec (Masaryk University / Ca’ Foscari University of Venice), Marek Sys (Masaryk University), Petr Svenda (Masaryk University), Dusan Klinec (Masaryk University / EnigmaBridge), Vashek Matyas (Masaryk University)
Revive: Rebalancing Off-Blockchain Payment NetworksRamy Khalil (ETH Zürich), Arthur Gervais (ETH Zürich)
Rewriting History: Changing the Archived Web from the PresentAda Lerner (Wellesley College), Tadayoshi Kohno (University of Washington), Franziska Roesner (University of Washington)
Rise of the HaCRS: Augmenting Autonomous Cyber Reasoning Systems with Human AssistanceYan Shoshitaishvili (University of California, Santa Barbara), Michael Weissbacher (Northeastern University), Lukas Dresel (University of California, Santa Barbara), Christopher Salls (University of California, Santa Barbara), Ruoyu Wang (University of California, Santa Barbara), Christopher Kruegel (University of California, Santa Barbara), Giovanni Vigna (University of California, Santa Barbara)
S3ORAM: A Computation-Efficient and Constant Client Bandwidth Blowup ORAM with Shamir Secret SharingThang Hoang (Oregon State University), Ceyhun D. Ozkaptan (Oregon State University), Attila A. Yavuz (Oregon State University), Jorge Guajardo (Robert Bosch Research and Technology Center), Tam Nguyen (Oregon State University)
Scaling ORAM for Secure ComputationJack Doerner (Northeastern University), abhi shelat (Northeastern University)
SemFuzz: Semantics-based Automatic Generation of Proof-of-Concept ExploitsWei You (Indiana University), Peiyuan Zong (Chinese Academy of Sciences, Institute of Information Engineering), Kai Chen (Chinese Academy of Sciences, Institute of Information Engineering), Xiaofeng Wang (Indiana University), Xiaojing Liao (William and Mary), Pan Bian (Renmin University of China), Bin Liang (Renmin University of China)
Side-Channel Attacks on BLISS Lattice-Based Signatures: Exploiting Branch Tracing Against strongSwan and Electromagnetic Emanations in MicrocontrollersThomas Espitau (UPMC), Pierre-Alain Fouque (Université de Rennes 1), Benoït Gérard (DGA.MI), Mehdi Tibouchi (NTT Secure Platform Laboratories)
SlowFuzz: Automated Domain-Independent Detection of Algorithmic Complexity VulnerabilitiesTheofilos Petsios (Columbia University), Jason Zhao (Columbia University), Angelos D. Keromytis (Columbia University), Suman Jana (Columbia University)
Solidus: Confidential Distributed Ledger Transactions via PVORMEthan Cecchetti (Cornell University), Fan Zhang (Cornell University), Yan Ji (Shanghai Jiao Tong University), Ahmed Kosba (University of Maryland), Ari Juels (Cornell Tech, Jacobs Institute), Elaine Shi (Cornell University)
Stacco: Differentially Analyzing Side-Channel Traces for Detecting SSL/TLS Vulnerabilities in Secure EnclavesYuan Xiao (The Ohio State University), Mengyuan Li (The Ohio State University), Sanchuan Chen (The Ohio State University), Yinqian Zhang (The Ohio State University)
Standardizing Bad Cryptographic Practice - A teardown of the IEEE standard for protecting electronic-design intellectual propertyAnimesh Chhotaray (University of Florida), Adib Nahiyan (University of Florida), Thomas Shrimpton (University of Florida), Domenic J Forte (University of Florida), Mark Tehranipoor (University of Florida)
Synthesis of Probabilistic Privacy EnforcementMartin Kucera (ETH Zürich), Petar Tsankov (ETH Zürich), Timon Gehr (ETH Zürich), Marco Guarnieri (ETH Zürich), Martin Vechev (ETH Zürich)
T/Key: Second-Factor Authentication From Secure Hash ChainsDan Boneh (Stanford University), Dmitry Kogan (Stanford University), Nathan Manohar (Stanford University)
Tail Attacks on Web ApplicationsHuasong Shan (Louisiana State University, Computer Science and Engineering Division), Qingyang Wang (Louisiana State University, Computer Science and Engineering Division), Calton Pu (Georgia Institute of Technology)
The ART of App Compartmentalization: Compiler-based Library Privilege Separation on Stock AndroidJie Huang (CISPA, Saarland University), Oliver Schranz (CISPA, Saarland University), Sven Bugiel (CISPA, Saarland University), Michael Backes (CISPA, Saarland University)
The Dynamics of Innocent Flesh on the Bone: Code Reuse Ten Years LaterVictor van der Veen (Vrije Universiteit Amsterdam), Dennis Andriesse (Vrije Universiteit Amsterdam), Manolis Stamatogiannakis (Vrije Universiteit Amsterdam), Xi Chen (Vrije Universiteit Amsterdam), Herbert Bos (Vrije Universiteit Amsterdam), Cristiano Giuffrida (Vrije Universiteit Amsterdam)
The TypTop System: Personalized Typo-tolerant Password CheckingRahul Chatterjee (Cornell Tech), Joanne Woodage (Royal Holloway, University of London), Yuval Pnueli (Technion - Israel Institute of Technology), Anusha Chowdhury (Cornell University), Thomas Ristenpart (Cornell Tech)
The Waterfall of Liberty: Decoy Routing Circumvention that Resists Routing AttacksMilad Nasr (University of Massachusetts Amherst), Hadi Zolfaghari (University of Massachusetts Amherst), Amir Houmansadr (University of Massachusetts Amherst)
The Wolf of Name Street: Hijacking Domains Through Their NameserversThomas Vissers (KU Leuven, imec-DistriNet), Timothy Barron (Stony Brook University), Tom Van Goethem (KU Leuven, imec-DistriNet), Wouter Joosen (KU Leuven, imec-DistriNet), Nick Nikiforakis (Stony Brook University)
TinyOLE: Efficient Actively Secure Two-Party Computation from Oblivious Linear Function EvaluationNico Döttling (University of California, Berkeley), Satrajit Ghosh (Aarhus University), Jesper Buus Nielsen (Aarhus University), Tobias Nilges (Aarhus University), Roberto Trifiletti (Aarhus University)
To BLISS-B or not to be - Attacking strongSwan’s Implementation of Post-Quantum SignaturesPeter Pessl (Graz University of Technology), Leon Groot Bruinderink (Technische Universiteit Eindhoven), Yuval Yarom (University of Adelaide / Data61)
Unleashing the Walking Dead: Understanding Cross-App Remote Infections on Mobile WebViewsTongxin Li (Peking University), Xueqiang Wang (Indiana University), Mingming Zha (Chinese Academy of Sciences), Kai Chen (Chinese Academy of Sciences), XiaoFeng Wang (Indiana University), Luyi Xing (Indiana University), Xiaolong Bai (Tsinghua University), Nan Zhang (Indiana University), Xinhui Han (Peking University)
Use Privacy in Data-Driven Systems: Theory and Experiments with Machine Learnt ProgramsAnupam Datta (Carnegie Mellon University), Matthew Fredrikson (Carnegie Mellon University), Gihyuk Ko (Carnegie Mellon University), Piotr Mardziel (Carnegie Mellon University), Shayak Sen (Carnegie Mellon University)
Verified Correctness and Security of mbedTLS HMAC-DRBGKatherine Q. Ye (Princeton University / Carnegie Mellon University), Matthew Green (Johns Hopkins University), Naphat Sanguansin (Princeton University), Lennart Beringer (Princeton University), Adam Petcher (Oracle), Andrew W. Appel (Princeton University)
Verifying Security Policies in Multi-agent Workflows with LoopsBernd Finkbeiner (CISPA, Saarland University), Christian Müller (Technische Universität München), Helmut Seidl (Technische Universität München), Eugen Zalinescu (Technische Universität München)
VibWrite: Towards Finger-input Authentication on Ubiquitous Surfaces via Physical VibrationJian Liu (Stevens Institute of Technology), Chen Wang (Stevens Institute of Technology), Yingying Chen (Stevens Institute of Technology), Nitesh Saxena (University of Alabama at Birmingham)
Viden: Attacker Identification on In-Vehicle NetworksKyong-Tak Cho (University of Michigan), Kang G. Shin (University of Michigan)
Vulnerable Implicit Service: A RevisitLingguang Lei (Chinese Academy of Sciences, Institute of Information Engineering / George Mason University), Yi He (Tsinghua University), Kun Sun (George Mason University), Jiwu Jing (Chinese Academy of Sciences, Institute of Information Engineering), Yuewu Wang (Chinese Academy of Sciences, Institute of Information Engineering), Qi Li (Tsinghua University), Jian Weng (Jinan University)
Watch Me, but Don’t Touch Me! Contactless Control Flow Monitoring via Electromagnetic EmanationsYi Han (Rutgers University), Sriharsha Etigowni (Rutgers University), Hua Liu (Rutgers University), Saman Zonouz (Rutgers University), Athina Petropulu (Rutgers University)
Where the Wild Warnings Are: Root Causes of Chrome HTTPS Certificate ErrorsMustafa Emre Acer (Google), Emily Stark (Google), Adrienne Porter Felt (Google), Sascha Fahl (Leibniz University Hannover), Radhika Bhargava (Purdue University), Bhanu Dev (unaffiliated), Matt Braithwaite (Google), Ryan Sleevi (Google), Parisa Tabriz (Google)
Why Do Developers Get Password Storage Wrong? A Qualitative Usability StudyAlena Naiakshina (University of Bonn), Anastasia Danilova (University of Bonn), Christian Tiefenau (University of Bonn), Marco Herzog (University of Bonn), Sergej Dechand (University of Bonn), Matthew Smith (University of Bonn)
Zero-Knowledge Contingent Payments Revisited: Attacks and Payments for ServicesMatteo Campanelli (City College of New York), Rosario Gennaro (City College of New York), Steven Goldfeder (Princeton University), Luca Nizzardo (IMDEA Software Institute and Universidad Politécnica de Madrid)
walk2friends: Inferring Social Links from Mobility ProfilesMichael Backes (CISPA, Saarland University), Mathias Humbert (Swiss Data Science Center, ETH/EPFL), Jun Pang (University of Luxembourg), Yang Zhang (CISPA, Saarland University)