Topics · Papers
Software security
Economic Factors of Vulnerability Trade and Exploitation: Empirical evidence from a prominent Russian cybercrime marketLuca Allodi (Eindhoven University of Technology)
The Return of Coppersmith’s Attack: Practical Factorization of Widely Used RSA ModuliMatus Nemec (Masaryk University / Ca’ Foscari University of Venice), Marek Sys (Masaryk University), Petr Svenda (Masaryk University), Dusan Klinec (Masaryk University / EnigmaBridge), Vashek Matyas (Masaryk University)
The Dynamics of Innocent Flesh on the Bone: Code Reuse Ten Years LaterVictor van der Veen (Vrije Universiteit Amsterdam), Dennis Andriesse (Vrije Universiteit Amsterdam), Manolis Stamatogiannakis (Vrije Universiteit Amsterdam), Xi Chen (Vrije Universiteit Amsterdam / Microsoft), Herbert Bos (Vrije Universiteit Amsterdam), Cristiano Giuffrida (Vrije Universiteit Amsterdam)
May the Fourth Be With You: A Microarchitectural Side Channel Attack on Several Real-World Applications of Curve25519Daniel Genkin (University of Pennsylvania / University of Maryland), Luke Valenta (University of Pennsylvania), Yuval Yarom (University of Adelaide / Data61)
JITGuard: Hardening Just-in-time Compilers with SGXTommaso Frassetto (Technische Universität Darmstadt), David Gens (Technische Universität Darmstadt), Christopher Liebchen (Technische Universität Darmstadt), Ahmad-Reza Sadeghi (Technische Universität Darmstadt)
Designing New Operating Primitives to Improve Fuzzing PerformanceWen Xu (Georgia Institute of Technology), Sanidhya Kashyap (Georgia Institute of Technology), Changwoo Min (Georgia Institute of Technology), Taesoo Kim (Georgia Institute of Technology)
Checking Open-Source License Violation and 1-day Security Risk at Large ScaleRuian Duan (Georgia Institute of Technology), Ashish Bijlani (Georgia Institute of Technology), Meng Xu (Georgia Institute of Technology), Taesoo Kim (Georgia Institute of Technology), Wenke Lee (Georgia Institute of Technology)
PtrSplit: Supporting general pointers in automatic program partitioningShen Liu (The Pennsylvania State University), Gang Tan (The Pennsylvania State University), Trent Jaeger (The Pennsylvania State University)
DIFUZE: Interface Aware Fuzzing for Kernel DriversJake Corina (University of California, Santa Barbara), Aravind Machiry (University of California, Santa Barbara), Christopher Salls (University of California, Santa Barbara), Yan Shoshitaishvili (Arizona State University), Shuang Hao (University of Texas at Dallas), Christopher Kruegel (University of California, Santa Barbara), Giovanni Vigna (University of California, Santa Barbara)
Synthesis of Probabilistic Privacy EnforcementMartin Kucera (ETH Zürich), Petar Tsankov (ETH Zürich), Timon Gehr (ETH Zürich), Marco Guarnieri (ETH Zürich), Martin Vechev (ETH Zürich)
Client-side Name Collision Vulnerability in the New gTLD Era: A Systematic StudyQi Alfred Chen (University of Michigan), Matthew Thomas (Verisign Labs), Eric Osterweil (Verisign Labs), Yulong Cao (University of Michigan), Jie You (University of Michigan), Z. Morley Mao (University of Michigan)
Rise of the HaCRS: Augmenting Autonomous Cyber Reasoning Systems with Human AssistanceYan Shoshitaishvili (Arizona State University), Michael Weissbacher (Northeastern University), Lukas Dresel (University of California, Santa Barbara), Christopher Salls (University of California, Santa Barbara), Ruoyu Wang (University of California, Santa Barbara), Christopher Kruegel (University of California, Santa Barbara), Giovanni Vigna (University of California, Santa Barbara)
Directed Greybox FuzzingMarcel Böhme (National University of Singapore), Van-Thuan Pham (National University of Singapore), Manh-Dung Nguyen (National University of Singapore), Abhik Roychoudhury (National University of Singapore)
To BLISS-B or not to be - Attacking strongSwan’s Implementation of Post-Quantum SignaturesPeter Pessl (Graz University of Technology), Leon Groot Bruinderink (Technische Universiteit Eindhoven), Yuval Yarom (University of Adelaide / Data61)
FlashGuard: Leveraging Intrinsic Flash Properties to Defend Against Encryption RansomwareJian Huang (Georgia Institute of Technology), Jun Xu (The Pennsylvania State University), Xinyu Xing (The Pennsylvania State University), Peng Liu (The Pennsylvania State University), Moinuddin K. Qureshi (Georgia Institute of Technology)
HACL*: A Verified Modern Cryptographic LibraryJean-Karim Zinzindohoué (Inria Paris), Karthikeyan Bhargavan (Inria Paris), Jonathan Protzenko (Microsoft Research), Benjamin Beurdouche (Inria Paris)
HexType: Efficient Detection of Type Confusion Errors for C++Yuseok Jeon (Purdue University), Priyam Biswas (Purdue University), Scott Carr (Purdue University), Byoungyoung Lee (Purdue University), Mathias Payer (Purdue University)
Watch Me, but Don’t Touch Me! Contactless Control Flow Monitoring via Electromagnetic EmanationsYi Han (Rutgers University), Sriharsha Etigowni (Rutgers University), Hua Liu (Rutgers University), Saman Zonouz (Rutgers University), Athina Petropulu (Rutgers University)
SemFuzz: Semantics-based Automatic Generation of Proof-of-Concept ExploitsWei You (Indiana University), Peiyuan Zong (Chinese Academy of Sciences, Institute of Information Engineering), Kai Chen (Chinese Academy of Sciences, Institute of Information Engineering), XiaoFeng Wang (Indiana University), Xiaojing Liao (William and Mary), Pan Bian (Renmin University of China), Bin Liang (Renmin University of China)
Capturing Malware Propagations with Code Injections and Code-Reuse attacksDavid Korczynski (University of Oxford), Heng Yin (University of California, Riverside)
FreeGuard: A Faster Secure Heap AllocatorSam Silvestro (University of Texas at San Antonio), Hongyu Liu (University of Texas at San Antonio), Corey Crosser (University of Texas at San Antonio), Zhiqiang Lin (University of Texas at Dallas), Tongping Liu (University of Texas at San Antonio)
Deemon: Detecting CSRF with Dynamic Analysis and Property GraphsGiancarlo Pellegrino (CISPA, Saarland University), Martin Johns (SAP SE), Simon Koch (CISPA, Saarland University), Michael Backes (CISPA, Saarland University), Christian Rossow (CISPA, Saarland University)
Most Websites Don’t Need to Vibrate: A Cost-Benefit Approach to Improving Browser SecurityPeter Snyder (University of Illinois at Chicago), Cynthia Taylor (University of Illinois at Chicago), Chris Kanich (University of Illinois at Chicago)
Verified Correctness and Security of mbedTLS HMAC-DRBGKatherine Q. Ye (Princeton University / Carnegie Mellon University), Matthew Green (Johns Hopkins University), Naphat Sanguansin (Princeton University), Lennart Beringer (Princeton University), Adam Petcher (Oracle), Andrew W. Appel (Princeton University)
Unleashing the Walking Dead: Understanding Cross-App Remote Infections on Mobile WebViewsTongxin Li (Peking University), Xueqiang Wang (Indiana University), Mingming Zha (Chinese Academy of Sciences), Kai Chen (Chinese Academy of Sciences), XiaoFeng Wang (Indiana University), Luyi Xing (Indiana University), Xiaolong Bai (Tsinghua University), Nan Zhang (Indiana University), Xinhui Han (Peking University)
Side-Channel Attacks on BLISS Lattice-Based Signatures: Exploiting Branch Tracing Against strongSwan and Electromagnetic Emanations in MicrocontrollersThomas Espitau (UPMC), Pierre-Alain Fouque (Université de Rennes 1), Benoït Gérard (DGA.MI), Mehdi Tibouchi (NTT Secure Platform Laboratories)
FirmUSB: Vetting USB Device Firmware using Domain Informed Symbolic ExecutionGrant Hernandez (University of Florida), Farhaan Fowze (University of Florida), Dave (Jing) Tian (University of Florida), Tuba Yavuz (University of Florida), Kevin Butler (University of Florida)
Precise Detection of Side-Channel Vulnerabilities using Quantitative Cartesian Hoare LogicJia Chen (University of Texas at Austin), Yu Feng (University of Texas at Austin), Isil Dillig (University of Texas at Austin)
A Large-Scale Empirical Study of Security PatchesFrank Li (University of California, Berkeley), Vern Paxson (University of California, Berkeley)
SlowFuzz: Automated Domain-Independent Detection of Algorithmic Complexity VulnerabilitiesTheofilos Petsios (Columbia University), Jason Zhao (Columbia University), Angelos D. Keromytis (Columbia University), Suman Jana (Columbia University)
IMF: Inferred Model-based FuzzerHyungSeok Han (KAIST), Sang Kil Cha (KAIST)