ACM Conference on Computer and Communications Security

CCS 2017 - Papers on Software security

Topics · Papers

Software security

Economic Factors of Vulnerability Trade and Exploitation: Empirical evidence from a prominent Russian cybercrime market
Luca Allodi (Eindhoven University of Technology)
The Return of Coppersmith’s Attack: Practical Factorization of Widely Used RSA Moduli
Matus Nemec (Masaryk University / Ca’ Foscari University of Venice), Marek Sys (Masaryk University), Petr Svenda (Masaryk University), Dusan Klinec (Masaryk University / EnigmaBridge), Vashek Matyas (Masaryk University)
(Award Finalist)
Session: 1H
The Dynamics of Innocent Flesh on the Bone: Code Reuse Ten Years Later
Victor van der Veen (Vrije Universiteit Amsterdam), Dennis Andriesse (Vrije Universiteit Amsterdam), Manolis Stamatogiannakis (Vrije Universiteit Amsterdam), Xi Chen (Vrije Universiteit Amsterdam / Microsoft), Herbert Bos (Vrije Universiteit Amsterdam), Cristiano Giuffrida (Vrije Universiteit Amsterdam)
May the Fourth Be With You: A Microarchitectural Side Channel Attack on Several Real-World Applications of Curve25519
Daniel Genkin (University of Pennsylvania / University of Maryland), Luke Valenta (University of Pennsylvania), Yuval Yarom (University of Adelaide / Data61)
JITGuard: Hardening Just-in-time Compilers with SGX
Tommaso Frassetto (Technische Universität Darmstadt), David Gens (Technische Universität Darmstadt), Christopher Liebchen (Technische Universität Darmstadt), Ahmad-Reza Sadeghi (Technische Universität Darmstadt)
Designing New Operating Primitives to Improve Fuzzing Performance
Wen Xu (Georgia Institute of Technology), Sanidhya Kashyap (Georgia Institute of Technology), Changwoo Min (Georgia Institute of Technology), Taesoo Kim (Georgia Institute of Technology)
Session: 2K
Checking Open-Source License Violation and 1-day Security Risk at Large Scale
Ruian Duan (Georgia Institute of Technology), Ashish Bijlani (Georgia Institute of Technology), Meng Xu (Georgia Institute of Technology), Taesoo Kim (Georgia Institute of Technology), Wenke Lee (Georgia Institute of Technology)
Session: 3J
PtrSplit: Supporting general pointers in automatic program partitioning
Shen Liu (The Pennsylvania State University), Gang Tan (The Pennsylvania State University), Trent Jaeger (The Pennsylvania State University)
Session: 3K
DIFUZE: Interface Aware Fuzzing for Kernel Drivers
Jake Corina (University of California, Santa Barbara), Aravind Machiry (University of California, Santa Barbara), Christopher Salls (University of California, Santa Barbara), Yan Shoshitaishvili (Arizona State University), Shuang Hao (University of Texas at Dallas), Christopher Kruegel (University of California, Santa Barbara), Giovanni Vigna (University of California, Santa Barbara)
Synthesis of Probabilistic Privacy Enforcement
Martin Kucera (ETH Zürich), Petar Tsankov (ETH Zürich), Timon Gehr (ETH Zürich), Marco Guarnieri (ETH Zürich), Martin Vechev (ETH Zürich)
Client-side Name Collision Vulnerability in the New gTLD Era: A Systematic Study
Qi Alfred Chen (University of Michigan), Matthew Thomas (Verisign Labs), Eric Osterweil (Verisign Labs), Yulong Cao (University of Michigan), Jie You (University of Michigan), Z. Morley Mao (University of Michigan)
Rise of the HaCRS: Augmenting Autonomous Cyber Reasoning Systems with Human Assistance
Yan Shoshitaishvili (Arizona State University), Michael Weissbacher (Northeastern University), Lukas Dresel (University of California, Santa Barbara), Christopher Salls (University of California, Santa Barbara), Ruoyu Wang (University of California, Santa Barbara), Christopher Kruegel (University of California, Santa Barbara), Giovanni Vigna (University of California, Santa Barbara)
Session: 3B
Directed Greybox Fuzzing
Marcel Böhme (National University of Singapore), Van-Thuan Pham (National University of Singapore), Manh-Dung Nguyen (National University of Singapore), Abhik Roychoudhury (National University of Singapore)
To BLISS-B or not to be - Attacking strongSwan’s Implementation of Post-Quantum Signatures
Peter Pessl (Graz University of Technology), Leon Groot Bruinderink (Technische Universiteit Eindhoven), Yuval Yarom (University of Adelaide / Data61)
FlashGuard: Leveraging Intrinsic Flash Properties to Defend Against Encryption Ransomware
Jian Huang (Georgia Institute of Technology), Jun Xu (The Pennsylvania State University), Xinyu Xing (The Pennsylvania State University), Peng Liu (The Pennsylvania State University), Moinuddin K. Qureshi (Georgia Institute of Technology)
Session: 4J
HACL*: A Verified Modern Cryptographic Library
Jean-Karim Zinzindohoué (Inria Paris), Karthikeyan Bhargavan (Inria Paris), Jonathan Protzenko (Microsoft Research), Benjamin Beurdouche (Inria Paris)
HexType: Efficient Detection of Type Confusion Errors for C++
Yuseok Jeon (Purdue University), Priyam Biswas (Purdue University), Scott Carr (Purdue University), Byoungyoung Lee (Purdue University), Mathias Payer (Purdue University)
Session: 3K
Watch Me, but Don’t Touch Me! Contactless Control Flow Monitoring via Electromagnetic Emanations
Yi Han (Rutgers University), Sriharsha Etigowni (Rutgers University), Hua Liu (Rutgers University), Saman Zonouz (Rutgers University), Athina Petropulu (Rutgers University)
SemFuzz: Semantics-based Automatic Generation of Proof-of-Concept Exploits
Wei You (Indiana University), Peiyuan Zong (Chinese Academy of Sciences, Institute of Information Engineering), Kai Chen (Chinese Academy of Sciences, Institute of Information Engineering), XiaoFeng Wang (Indiana University), Xiaojing Liao (William and Mary), Pan Bian (Renmin University of China), Bin Liang (Renmin University of China)
Session: 2J
Capturing Malware Propagations with Code Injections and Code-Reuse attacks
David Korczynski (University of Oxford), Heng Yin (University of California, Riverside)
Session: 2H
FreeGuard: A Faster Secure Heap Allocator
Sam Silvestro (University of Texas at San Antonio), Hongyu Liu (University of Texas at San Antonio), Corey Crosser (University of Texas at San Antonio), Zhiqiang Lin (University of Texas at Dallas), Tongping Liu (University of Texas at San Antonio)
Deemon: Detecting CSRF with Dynamic Analysis and Property Graphs
Giancarlo Pellegrino (CISPA, Saarland University), Martin Johns (SAP SE), Simon Koch (CISPA, Saarland University), Michael Backes (CISPA, Saarland University), Christian Rossow (CISPA, Saarland University)
Most Websites Don’t Need to Vibrate: A Cost-Benefit Approach to Improving Browser Security
Peter Snyder (University of Illinois at Chicago), Cynthia Taylor (University of Illinois at Chicago), Chris Kanich (University of Illinois at Chicago)
Verified Correctness and Security of mbedTLS HMAC-DRBG
Katherine Q. Ye (Princeton University / Carnegie Mellon University), Matthew Green (Johns Hopkins University), Naphat Sanguansin (Princeton University), Lennart Beringer (Princeton University), Adam Petcher (Oracle), Andrew W. Appel (Princeton University)
Unleashing the Walking Dead: Understanding Cross-App Remote Infections on Mobile WebViews
Tongxin Li (Peking University), Xueqiang Wang (Indiana University), Mingming Zha (Chinese Academy of Sciences), Kai Chen (Chinese Academy of Sciences), XiaoFeng Wang (Indiana University), Luyi Xing (Indiana University), Xiaolong Bai (Tsinghua University), Nan Zhang (Indiana University), Xinhui Han (Peking University)
Session: 2D
Side-Channel Attacks on BLISS Lattice-Based Signatures: Exploiting Branch Tracing Against strongSwan and Electromagnetic Emanations in Microcontrollers
Thomas Espitau (UPMC), Pierre-Alain Fouque (Université de Rennes 1), Benoït Gérard (DGA.MI), Mehdi Tibouchi (NTT Secure Platform Laboratories)
FirmUSB: Vetting USB Device Firmware using Domain Informed Symbolic Execution
Grant Hernandez (University of Florida), Farhaan Fowze (University of Florida), Dave (Jing) Tian (University of Florida), Tuba Yavuz (University of Florida), Kevin Butler (University of Florida)
Precise Detection of Side-Channel Vulnerabilities using Quantitative Cartesian Hoare Logic
Jia Chen (University of Texas at Austin), Yu Feng (University of Texas at Austin), Isil Dillig (University of Texas at Austin)
Session: 3D
A Large-Scale Empirical Study of Security Patches
Frank Li (University of California, Berkeley), Vern Paxson (University of California, Berkeley)
Session: 3J
SlowFuzz: Automated Domain-Independent Detection of Algorithmic Complexity Vulnerabilities
Theofilos Petsios (Columbia University), Jason Zhao (Columbia University), Angelos D. Keromytis (Columbia University), Suman Jana (Columbia University)
IMF: Inferred Model-based Fuzzer
HyungSeok Han (KAIST), Sang Kil Cha (KAIST)