CCS 2017 - Papers on Web security and privacy

Web security and privacy

Tail Attacks on Web Applications

Huasong Shan (Louisiana State University, Computer Science and Engineering Division), Qingyang Wang (Louisiana State University, Computer Science and Engineering Division), Calton Pu (Georgia Institute of Technology)

[PDF]
Session: 3H

Let’s go in for a closer look: Observing passwords in their natural habitat

Sarah Pearman (Carnegie Mellon University), Jeremy Thomas (Carnegie Mellon University), Pardis Emami Naeini (Carnegie Mellon University), Hana Habib (Carnegie Mellon University), Lujo Bauer (Carnegie Mellon University), Nicolas Christin (Carnegie Mellon University), Lorrie Faith Cranor (Carnegie Mellon University), Serge Egelman (University of California, Berkeley), Alain Forget (Google)

[PDF]
Session: 2B

Hindsight: Understanding the Evolution of UI Vulnerabilities in Mobile Browsers

Meng Luo (Stony Brook University), Oleksii Starov (Stony Brook University), Nima Honarmand (Stony Brook University), Nick Nikiforakis (Stony Brook University)

[PDF]
Session: 4A

How Unique is Your .onion? An Analysis of the Fingerprintability of Tor Onion Services

Rebekah Overdorf (Drexel University), Marc Juarez (KU Leuven), Gunes Acar (KU Leuven), Rachel Greenstadt (Drexel University), Claudia Diaz (KU Leuven)

★ (Award Finalist)
[PDF]
[Paper]
[Artifact]
Session: 5I

Where the Wild Warnings Are: Root Causes of Chrome HTTPS Certificate Errors

Mustafa Emre Acer (Google), Emily Stark (Google), Adrienne Porter Felt (Google), Sascha Fahl (Leibniz University Hannover), Radhika Bhargava (Purdue University), Bhanu Dev (International Institute of Information Technology Hyderabad), Matt Braithwaite (Google), Ryan Sleevi (Google), Parisa Tabriz (Google)

[PDF]
Session: 5F

Querying for Queries: Indexes of Queries for Efficient and Expressive IT-PIR

Syed Mahbub Hafiz (Indiana University), Ryan Henry (Indiana University)

[PDF]
[Paper]
Session: 4F

A Comprehensive Symbolic Analysis of TLS 1.3

Cas Cremers (University of Oxford), Marko Horvat (The Max Planck Institute For Software Systems), Jonathan Hoyland (Royal Holloway, University of London), Sam Scott (Royal Holloway, University of London), Thyla van der Merwe (Royal Holloway, University of London)

[PDF]
[Paper]
[Artifact]
Session: 4H

Herding Vulnerable Cats: A Statistical Approach to Disentangle Joint Responsibility for Web Security in Shared Hosting

Samaneh Tajalizadehkhoob (Delft University of Technology), Tom van Goethem (KU Leuven, imec-DistriNet), Maciej Korczyński (Delft University of Technology), Arman Noroozian (Delft University of Technology), Rainer Böhme (Innsbruck University), Tyler Moore (The University of Tulsa), Wouter Joosen (KU Leuven, imec-DistriNet), Michel van Eeten (Delft University of Technology)

[PDF]
[Paper]
Session: 2C

The Wolf of Name Street: Hijacking Domains Through Their Nameservers

Thomas Vissers (KU Leuven, imec-DistriNet), Timothy Barron (Stony Brook University), Tom Van Goethem (KU Leuven, imec-DistriNet), Wouter Joosen (KU Leuven, imec-DistriNet), Nick Nikiforakis (Stony Brook University)

[PDF]
[Paper]
Session: 5D

Automated Crowdturfing Attacks and Defenses in Online Review Systems

Yuanshun Yao (University of Chicago), Bimal Viswanath (University of Chicago), Jenna Cryan (University of Chicago), Haitao Zheng (University of Chicago), Ben Y. Zhao (University of Chicago)

[PDF]
[Paper]
Session: 4E

Deterministic Browser

Yinzhi Cao (Lehigh University), Zhanhao Chen (Lehigh University), Song Li (Lehigh University), Shujiang Wu (Lehigh University)

[PDF]
[Paper]
[Artifact]
Session: 4A

Rewriting History: Changing the Archived Web from the Present

Ada Lerner (Wellesley College), Tadayoshi Kohno (University of Washington), Franziska Roesner (University of Washington)

[PDF]
[Paper]
[Artifact]
Session: 3H

Data breaches, phishing, or malware? Understanding the risks of stolen credentials

Kurt Thomas (Google), Frank Li (University of California, Berkeley), Ali Zand (Google), Jake Barrett (Google), Juri Ranieri (Google), Luca Invernizzi (Google), Yarik Markov (Google), Oxana Comanescu (Google), Vijay Eranti (Google), Angelika Moscicki (Google), Dan Margolis (Google), Vern Paxson (University of California, Berkeley), Elie Bursztein (Google)

[PDF]
Session: 5F

Deemon: Detecting CSRF with Dynamic Analysis and Property Graphs

Giancarlo Pellegrino (CISPA, Saarland University), Martin Johns (SAP SE), Simon Koch (CISPA, Saarland University), Michael Backes (CISPA, Saarland University), Christian Rossow (CISPA, Saarland University)

[PDF]
[Paper]
Session: 3H

Most Websites Don’t Need to Vibrate: A Cost-Benefit Approach to Improving Browser Security

Peter Snyder (University of Illinois at Chicago), Cynthia Taylor (University of Illinois at Chicago), Chris Kanich (University of Illinois at Chicago)

[PDF]
[Paper]
Session: 4A

The TypTop System: Personalized Typo-tolerant Password Checking

Rahul Chatterjee (Cornell Tech), Joanne Woodage (Royal Holloway, University of London), Yuval Pnueli (Technion - Israel Institute of Technology), Anusha Chowdhury (Cornell University), Thomas Ristenpart (Cornell Tech)

[PDF]
[Paper]
[Artifact]
Session: 2B

Code-reuse attacks for the Web: Breaking Cross-Site Scripting Mitigations via Script Gadgets

Sebastian Lekies (Google), Krzysztof Kotowicz (Google), Samuel Groß (SAP SE), Eduardo Vela (Google), Martin Johns (SAP SE)

[PDF]
Session: 2H