CCS 2017 - Accepted Papers (original) (raw)

The following papers have been accepted to the 24th ACM Conference on Computer and Communications Security (151 papers accepted out of 836 submissions). All papers are available using the [PDF] link. (If the author also posted an open version of the paper, it is available using the [Paper] link.)

DUPLO: Unifying Cut-and-Choose for Garbled Circuits [PDF] [Paper] [Artifact] (A1)

Vladimir Kolesnikov, Jesper Buus Nielsen, Mike Rosulek, Ni Trieu, Roberto Trifiletti

Authenticated Garbling and Efficient Maliciously Secure Two-Party Computation [PDF] [Paper] [Artifact] (A1) ★

Xiao Wang, Samuel Ranellucci, Jonathan Katz

Global-Scale Secure Multiparty Computation [PDF] [Paper] [Artifact] (A1)

Xiao Wang, Samuel Ranellucci, Jonathan Katz

Hearing Your Voice Is Not Enough: An Articulatory Gesture Based Liveness Detection for Voice Authentication [PDF] (A2)

Linghan Zhang, Sheng Tan, Jie Yang

VibWrite: Towards Finger-input Authentication on Ubiquitous Surfaces via Physical Vibration [PDF] (A2)

Jian Liu, Chen Wang, Yingying Chen, Nitesh Saxena

Presence Attestation: The Missing Link In Dynamic Trust Bootstrapping [PDF] (A2)

Zhangkai Zhang, Xuhua Ding, Gene Tsudik, Jinhua Cui, Zhoujun Li

DolphinAttack: Inaudible Voice Commands [PDF] [Paper] (A3) ★

Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang, Taimin Zhang, Wenyuan Xu

Evading Classifiers by Morphing in the Dark [PDF] (A3)

Hung Dang, Yue Huang, Ee-Chien Chang

MagNet: a Two-Pronged Defense against Adversarial Examples [PDF] [Paper] (A3)

Dongyu Meng, Hao Chen

Hindsight: Understanding the Evolution of UI Vulnerabilities in Mobile Browsers [PDF] (A4)

Meng Luo, Oleksii Starov, Nima Honarmand, Nick Nikiforakis

Deterministic Browser [PDF] [Paper] [Artifact] (A4)

Yinzhi Cao, Zhanhao Chen, Song Li, Shujiang Wu

Most Websites Don’t Need to Vibrate: A Cost-Benefit Approach to Improving Browser Security [PDF] [Paper] (A4)

Peter Snyder, Cynthia Taylor, Chris Kanich

Be Selfish and Avoid Dilemmas: Fork After Withholding (FAW) Attacks on Bitcoin [PDF] [Paper] (A5)

Yujin Kwon, Dohyun Kim, Yunmok Son, Eugene Vasserman, Yongdae Kim

Betrayal, Distrust, and Rationality: Smart Counter-Collusion Contracts for Verifiable Cloud Computing [PDF] [Paper] [Artifact] (A5)

Changyu Dong, Yilei Wang, Amjad Aldweesh, Patrick McCorry, Aad van Moorsel

Zero-Knowledge Contingent Payments Revisited: Attacks and Payments for Services [PDF] [Paper] [Artifact] (A5)

Matteo Campanelli, Rosario Gennaro, Steven Goldfeder, Luca Nizzardo

Pool: Scalable On-Demand Secure Computation Service Against Malicious Adversaries [PDF] [Paper] [Artifact] (B1)

Ruiyu Zhu, Yan Huang, Darion Cassel

A Framework for Constructing Fast MPC over Arithmetic Circuits with Malicious Adversaries and an Honest-Majority [PDF] [Paper] (B1)

Yehuda Lindell, Ariel Nof

Efficient, Constant-Round and Actively Secure MPC: Beyond the Three-Party Case [PDF] [Paper] (B1)

Nishanth Chandran, Juan Garay, Payman Mohassel, Satyanarayana Vusirikala

Let’s go in for a closer look: Observing passwords in their natural habitat [PDF] (B2)

Sarah Pearman, Jeremy Thomas, Pardis Emami Naeini, Hana Habib, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, Serge Egelman, Alain Forget

Why Do Developers Get Password Storage Wrong? A Qualitative Usability Study [PDF] [Paper] (B2)

Alena Naiakshina, Anastasia Danilova, Christian Tiefenau, Marco Herzog, Sergej Dechand, Matthew Smith

The TypTop System: Personalized Typo-tolerant Password Checking [PDF] [Paper] [Artifact] (B2)

Rahul Chatterjee, Joanne Woodage, Yuval Pnueli, Anusha Chowdhury, Thomas Ristenpart

Rise of the HaCRS: Augmenting Autonomous Cyber Reasoning Systems with Human Assistance [PDF] (B3)

Yan Shoshitaishvili, Michael Weissbacher, Lukas Dresel, Christopher Salls, Ruoyu Wang, Christopher Kruegel, Giovanni Vigna

Neural Network-based Graph Embedding for Cross-Platform Binary Code Similarity Detection [PDF] [Paper] (B3)

Xiaojun Xu, Chang Liu, Qian Feng, Heng Yin, Le Song, Dawn Song

RAIN: Refinable Attack Investigation with On-demand Inter-Process Information Flow Tracking [PDF] (B3)

Yang Ji, Sangho Lee, Evan Downing, Weiren Wang, Mattia Fazzini, Taesoo Kim, Alessandro Orso, Wenke Lee

Synthesis of Probabilistic Privacy Enforcement [PDF] [Artifact] (B4)

Martin Kucera, Petar Tsankov, Timon Gehr, Marco Guarnieri, Martin Vechev

A Type System for Privacy Properties [PDF] [Paper] [Artifact] (B4)

Véronique Cortier, Niklas Grimm, Joseph Lallemand, Matteo Maffei

Generating Synthetic Decentralized Social Graphs with Local Differential Privacy [PDF] (B4)

Zhan Qin, Yin Yang, Ting Yu, Xiaokui Xiao, Issa Khalil, Kui Ren

Revive: Rebalancing Off-Blockchain Payment Networks [PDF] [Artifact] (B5)

Rami Khalil, Arthur Gervais

Concurrency and Privacy with Payment-Channel Networks [PDF] [Paper] (B5)

Giulio Malavolta, Pedro Moreno-Sanchez, Aniket Kate, Matteo Maffei, Srivatsan Ravi

Bolt: Anonymous Payment Channels for Decentralized Currencies [PDF] (B5)

Matthew Green, Ian Miers

S3ORAM: A Computation-Efficient and Constant Client Bandwidth Blowup ORAM with Shamir Secret Sharing [PDF] [Paper] [Artifact] (C1)

Thang Hoang, Ceyhun D. Ozkaptan, Attila A. Yavuz, Jorge Guajardo, Tam Nguyen

Deterministic, Stash-Free Write-Only ORAM [PDF] [Paper] [Artifact] (C1)

Daniel S. Roche, Adam J. Aviv, Seung Geol Choi, Travis Mayberry

Scaling ORAM for Secure Computation [PDF] [Paper] [Artifact] (C1) ★

Jack Doerner, abhi shelat

Don’t Let One Rotten Apple Spoil the Whole Barrel: Towards Automated Detection of Shadowed Domains [PDF] (C2)

Daiping Liu, Zhou Li, Kun Du, Haining Wang, Baojun Liu, Haixin Duan

Herding Vulnerable Cats: A Statistical Approach to Disentangle Joint Responsibility for Web Security in Shared Hosting [PDF] [Paper] (C2)

Samaneh Tajalizadehkhoob, Tom van Goethem, Maciej Korczyński, Arman Noroozian, Rainer Böhme, Tyler Moore, Wouter Joosen, Michel van Eeten

Hiding in Plain Sight: A Longitudinal Study of Combosquatting Abuse [PDF] [Paper] (C2)

Panagiotis Kintis, Najmeh Miramirkhani, Charles Lever, Yizheng Chen, Rosa Romero-Gómez, Nikolaos Pitropakis, Nick Nikiforakis, Manos Antonakakis

Machine Learning Models that Remember Too Much [PDF] (C3)

Congzheng Song, Thomas Ristenpart, Vitaly Shmatikov

Deep Models Under the GAN: Information Leakage from Collaborative Deep Learning [PDF] [Paper] (C3)

Briland Hitaj, Giuseppe Ateniese, Fernando Perez-Cruz

Oblivious Neural Network Predictions via MiniONN transformations [PDF] [Paper] (C3)

Jian Liu, Mika Juuti, Yao Lu, N. Asokan

Verifying Security Policies in Multi-agent Workflows with Loops [PDF] [Paper] [Artifact] (C4)

Bernd Finkbeiner, Christian Müller, Helmut Seidl, Eugen Zalinescu

Attribute-Based Encryption in the Generic Group Model: Automated Proofs and New Constructions [PDF] (C4)

Miguel Ambrona, Gilles Barthe, Romain Gay, Hoeteck Wee

FAME: Fast Attribute-based Message Encryption [PDF] [Paper] [Artifact] (C4)

Shashank Agrawal, Melissa Chase

Practical UC-Secure Delegatable Credentials with Attributes and Their Application to Blockchain [PDF] (C5)

Jan Camenisch, Manu Drijvers, Maria Dubovitskaya

Solidus: Confidential Distributed Ledger Transactions via PVORM [PDF] [Paper] (C5)

Ethan Cecchetti, Fan Zhang, Yan Ji, Ahmed Kosba, Ari Juels, Elaine Shi

Fairness in an Unfair World: Fair Multiparty Computation from Public Bulletin Boards [PDF] (C5)

Arka Rai Choudhuri, Matthew Green, Abhishek Jain, Gabriel Kaptchuk, Ian Miers

5Gen-C: Multi-input Functional Encryption and Program Obfuscation for Arithmetic Circuits [PDF] [Artifact] (D1)

Brent Carmer, Alex J. Malozemoff, Mariana Raykova

Iron: Functional Encryption using Intel SGX [PDF] [Paper] (D1) ★

Ben Fisch, Dhinakaran Vinayagamurthy, Dan Boneh, Sergey Gorbunov

Implementing BP-Obfuscation Using Graph-Induced Encoding [PDF] [Paper] (D1)

Shai Halevi, Tzipora Halevi, Victor Shoup, Noah Stephens-Davidowitz

AUTHSCOPE: Towards Automatic Discovery of Vulnerable Access Control in Online Services [PDF] (D2)

Chaoshun Zuo, Qingchuan Zhao, Zhiqiang Lin

Mass Discovery of Android Traffic Imprints through Instantiated Partial Execution [PDF] (D2)

Yi Chen, Wei You, Yeonjoon Lee, Kai Chen, XiaoFeng Wang, Wei Zou

Unleashing the Walking Dead: Understanding Cross-App Remote Infections on Mobile WebViews [PDF] (D2)

Tongxin Li, Xueqiang Wang, Mingming Zha, Kai Chen, XiaoFeng Wang, Luyi Xing, Xiaolong Bai, Nan Zhang, Xinhui Han

May the Fourth Be With You: A Microarchitectural Side Channel Attack on Several Real-World Applications of Curve25519 [PDF] [Paper] (D3)

Daniel Genkin, Luke Valenta, Yuval Yarom

Stacco: Differentially Analyzing Side-Channel Traces for Detecting SSL/TLS Vulnerabilities in Secure Enclaves [PDF] [Paper] (D3)

Yuan Xiao, Mengyuan Li, Sanchuan Chen, Yinqian Zhang

Precise Detection of Side-Channel Vulnerabilities using Quantitative Cartesian Hoare Logic [PDF] (D3)

Jia Chen, Yu Feng, Isil Dillig

Better Than Advertised: Improved Collision-Resistance Guarantees for MD-Based Hash Functions [PDF] (D4)

Mihir Bellare, Joseph Jaeger, Julia Len

Generic Semantic Security against a Kleptographic Adversary [PDF] (D4)

Alexander Russell, Qiang Tang, Moti Yung, Hong-Sheng Zhou

Defending Against Key Exfiltration: Efficiency Improvements for Big-Key Cryptography via Large-Alphabet Subkey Prediction [PDF] (D4)

Mihir Bellare, Wei Dai

Client-side Name Collision Vulnerability in the New gTLD Era: A Systematic Study [PDF] [Paper] (D5)

Qi Alfred Chen, Matthew Thomas, Eric Osterweil, Yulong Cao, Jie You, Z. Morley Mao

The Wolf of Name Street: Hijacking Domains Through Their Nameservers [PDF] [Paper] (D5)

Thomas Vissers, Timothy Barron, Tom Van Goethem, Wouter Joosen, Nick Nikiforakis

Faulds: A Non-Parametric Iterative Classifier for Internet-Wide OS Fingerprinting [PDF] [Paper] (D5)

Zain Shamsi, Daren B.H. Cline, Dmitri Loguinov

T/Key: Second-Factor Authentication From Secure Hash Chains [PDF] [Paper] (E1)

Dmitry Kogan, Nathan Manohar, Dan Boneh

Practical Graphs for Optimal Side-Channel Resistant Memory-Hard Functions [PDF] [Paper] [Artifact] (E1)

Joel Alwen, Jeremiah Blocki, Ben Harsha

Better Bounds for Block Cipher Modes of Operation via Nonce-Based Key Derivation [PDF] [Paper] (E1) ★

Shay Gueron, Yehuda Lindell

The ART of App Compartmentalization: Compiler-based Library Privilege Separation on Stock Android [PDF] (E2)

Jie Huang, Oliver Schranz, Sven Bugiel, Michael Backes

Vulnerable Implicit Service: A Revisit [PDF] (E2)

Lingguang Lei, Yi He, Kun Sun, Jiwu Jing, Yuewu Wang, Qi Li, Jian Weng

A Stitch in Time: Supporting Android Developers in Writing Secure Code [PDF] (E2)

Duc Cuong Nguyen, Dominik Wermke, Yasemin Acar, Michael Backes, Charles Weir, Sascha Fahl

Exploiting a Thermal Side Channel for Power Attacks in Multi-Tenant Data Centers [PDF] (E3)

Mohammad A. Islam, Shaolei Ren, Adam Wierman

Watch Me, but Don’t Touch Me! Contactless Control Flow Monitoring via Electromagnetic Emanations [PDF] [Paper] (E3)

Yi Han, Sriharsha Etigowni, Hua Liu, Saman Zonouz, Athina Petropulu

Viden: Attacker Identification on In-Vehicle Networks [PDF] [Paper] (E3)

Kyong-Tak Cho, Kang G. Shin

Practical Attacks Against Graph-based Clustering [PDF] [Paper] (E4)

Yizheng Chen, Yacin Nadji, Athanasios Kountouras, Fabian Monrose, Roberto Perdisci, Manos Antonakakis, Nikolaos Vasiloglou

Automated Crowdturfing Attacks and Defenses in Online Review Systems [PDF] [Paper] (E4)

Yuanshun Yao, Bimal Viswanath, Jenna Cryan, Haitao Zheng, Ben Y. Zhao

POISED: Spotting Twitter Spam Off the Beaten Paths [PDF] [Paper] (E4)

Shirin Nilizadeh, François Labrèche, Alireza Sadighian, Ali Zand, José Fernandez, Christopher Kruegel, Gianluca Stringhini, Giovanni Vigna

Practical Secure Aggregation for Privacy-Preserving Machine Learning [PDF] [Paper] (E5)

Keith Bonawitz, Vladimir Ivanov, Ben Kreuter, Antonio Marcedone, H. Brendan McMahan, Sarvar Patel, Daniel Ramage, Aaron Segal, Karn Seth

Use Privacy in Data-Driven Systems: Theory and Experiments with Machine Learnt Programs [PDF] [Paper] [Artifact] (E5)

Anupam Datta, Matthew Fredrikson, Gihyuk Ko, Piotr Mardziel, Shayak Sen

SGX-BigMatrix: A Practical Encrypted Data Analytic Framework With Trusted Processors [PDF] (E5)

Fahad Shaon, Murat Kantarcioglu, Zhiqiang Lin, Latifur Khan

Malicious-Secure Private Set Intersection via Dual Execution [PDF] [Paper] [Artifact] (F1)

Peter Rindal, Mike Rosulek

Fast Private Set Intersection from Homomorphic Encryption [PDF] [Paper] (F1)

Hao Chen, Kim Laine, Peter Rindal

Practical Multi-party Private Set Intersection from Symmetric-Key Techniques [PDF] [Paper] [Artifact] (F1)

Vladimir Kolesnikov, Naor Matania, Benny Pinkas, Mike Rosulek, Ni Trieu

Detecting Structurally Anomalous Logins Within Enterprise Networks [PDF] (F2)

Hossein Siadati, Nasir Memon

DeepLog: Anomaly Detection and Diagnosis from System Logs through Deep Learning [PDF] (F2)

Min Du, Feifei Li, Guineng Zheng, Vivek Srikumar

Predicting the Risk of Cyber Incidents [PDF] (F2)

Leyla Bilge, Yufei Han, Matteo Dell’Amico

Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2 [PDF] [Paper] (F3) ★

Mathy Vanhoef, Frank Piessens

CCCP: Closed Caption Crypto Phones to Resist MITM Attacks, Human Errors and Click-Through [PDF] (F3)

Maliheh Shirvanian, Nitesh Saxena

No-Match Attacks and Robust Partnering Definitions — Defining Trivial Attacks for Security Protocols is Not Trivial [PDF] [Paper] (F3)

Yong Li, Sven Schäge

Querying for Queries: Indexes of Queries for Efficient and Expressive IT-PIR [PDF] [Paper] (F4)

Syed Mahbub Hafiz, Ryan Henry

PeGaSus: Data-Adaptive Differentially Private Stream Processing [PDF] (F4)

Yan Chen, Ashwin Machanavajjhala, Michael Hay, Gerome Miklau

Composing Differential Privacy and Secure Computation: A case study on scaling private record linkage [PDF] [Paper] (F4)

Xi He, Ashwin Machanavajjhala, Cheryl Flynn, Divesh Srivastava

Where the Wild Warnings Are: Root Causes of Chrome HTTPS Certificate Errors [PDF] (F5)

Mustafa Emre Acer, Emily Stark, Adrienne Porter Felt, Sascha Fahl, Radhika Bhargava, Bhanu Dev, Matt Braithwaite, Ryan Sleevi, Parisa Tabriz

Data breaches, phishing, or malware? Understanding the risks of stolen credentials [PDF] (F5)

Kurt Thomas, Frank Li, Ali Zand, Jake Barrett, Juri Ranieri, Luca Invernizzi, Yarik Markov, Oxana Comanescu, Vijay Eranti, Angelika Moscicki, Dan Margolis, Vern Paxson, Elie Bursztein

Certified Malware: Measuring Breaches of Trust in the Windows Code-Signing PKI [PDF] (F5)

Doowon Kim, Bum Jun Kwon, Tudor Dumitraş

Forward Secure Dynamic Searchable Symmetric Encryption with Efficient Updates [PDF] (G1)

Kee Sung Kim, Minkyu Kim, Dongsoo Lee, Je Hong Park, Woo-Hwan Kim

Forward and Backward Private Searchable Encryption from Constrained Cryptographic Primitives [PDF] [Paper] [Artifact] (G1)

Raphael Bost, Brice Minaud, Olga Ohrimenko

Economic Factors of Vulnerability Trade and Exploitation: Empirical evidence from a prominent Russian cybercrime market [PDF] [Paper] (G2)

Luca Allodi

Quantifying the Pressure of Legal Risks on Third-party Vulnerability Research [PDF] [Paper] [Artifact] (G2)

Alexander Gamero-Garrido, Stefan Savage, Kirill Levchenko, Alex C. Snoeren

Identity-Based Format-Preserving Encryption [PDF] (G3)

Mihir Bellare, Viet Tung Hoang

Standardizing Bad Cryptographic Practice - A teardown of the IEEE standard for protecting electronic-design intellectual property [PDF] (G3)

Animesh Chhotaray, Adib Nahiyan, Thomas Shrimpton, Domenic J Forte, Mark Tehranipoor

New Techniques for Structural Batch Verification in Bilinear Groups with Applications to Groth-Sahai Proofs [PDF] [Paper] (G4)

Gottfried Herold, Max Hoffmann, Michael Klooß , Carla Ràfols, Andy Rupp

Practical Quantum-Safe Voting from Lattices [PDF] (G4)

Rafael del Pino, Vadim Lyubashevsky, Gregory Neven, Gregor Seiler

A Touch of Evil: High-Assurance Cryptographic Hardware from Untrusted Components [PDF] [Paper] [Artifact] (G5)

Vasilios Mavroudis, Andrea Cerulli, Petr Svenda, Dan Cvrcek, Dusan Klinec, George Danezis

Provably-Secure Logic Locking: From Theory To Practice [PDF] (G5)

Muhammad Yasin, Abhrajit Sengupta, Mohammed Thari Nabeel, Mohammed Ashraf, Jeyavijayan (JV) Rajendran, Ozgur Sinanoglu

The Return of Coppersmith’s Attack: Practical Factorization of Widely Used RSA Moduli [PDF] [Artifact] (H1) ★

Matus Nemec, Marek Sys, Petr Svenda, Dusan Klinec, Vashek Matyas

Algorithm Substitution Attacks from a Steganographic Perspective [PDF] [Paper] (H1)

Sebastian Berndt, Maciej Liskiewicz

On the Power of Optical Contactless Probing: Attacking Bitstream Encryption of FPGAs [PDF] [Paper] (H1) ★

Shahin Tajik, Heiko Lohrke, Jean-Pierre Seifert, Christian Boit

The Dynamics of Innocent Flesh on the Bone: Code Reuse Ten Years Later [PDF] [Paper] [Artifact] (H2)

Victor van der Veen, Dennis Andriesse, Manolis Stamatogiannakis, Xi Chen, Herbert Bos, Cristiano Giuffrida

Capturing Malware Propagations with Code Injections and Code-Reuse attacks [PDF] (H2)

David Korczynski, Heng Yin

Code-reuse attacks for the Web: Breaking Cross-Site Scripting Mitigations via Script Gadgets [PDF] (H2)

Sebastian Lekies, Krzysztof Kotowicz, Samuel Groß , Eduardo Vela, Martin Johns

Tail Attacks on Web Applications [PDF] (H3)

Huasong Shan, Qingyang Wang, Calton Pu

Rewriting History: Changing the Archived Web from the Present [PDF] [Paper] [Artifact] (H3)

Ada Lerner, Tadayoshi Kohno, Franziska Roesner

Deemon: Detecting CSRF with Dynamic Analysis and Property Graphs [PDF] [Paper] (H3)

Giancarlo Pellegrino, Martin Johns, Simon Koch, Michael Backes, Christian Rossow

A Comprehensive Symbolic Analysis of TLS 1.3 [PDF] [Paper] [Artifact] (H4)

Cas Cremers, Marko Horvat, Jonathan Hoyland, Sam Scott, Thyla van der Merwe

HACL*: A Verified Modern Cryptographic Library [PDF] [Paper] [Artifact] (H4)

Jean-Karim Zinzindohoué, Karthikeyan Bhargavan, Jonathan Protzenko, Benjamin Beurdouche

Jasmin: High-Assurance and High-Speed Cryptography [PDF] [Artifact] (H4)

José Bacelar Almeida, Manuel Barbosa, Gilles Barthe, Arthur Blot, Benjamin Grégoire, Vincent Laporte, Tiago Oliveira, Hugo Pacheco, Benedikt Schmidt, Pierre-Yves Strub

Post-Quantum Zero-Knowledge and Signatures from Symmetric-Key Primitives [PDF] (I1)

Melissa Chase, David Derler, Steven Goldfeder, Claudio Orlandi, Sebastian Ramacher, Christian Rechberger, Daniel Slamanig, Greg Zaverucha

To BLISS-B or not to be - Attacking strongSwan’s Implementation of Post-Quantum Signatures [PDF] [Paper] (I1)

Peter Pessl, Leon Groot Bruinderink, Yuval Yarom

Side-Channel Attacks on BLISS Lattice-Based Signatures: Exploiting Branch Tracing Against strongSwan and Electromagnetic Emanations in Microcontrollers [PDF] [Paper] [Artifact] (I1)

Thomas Espitau, Pierre-Alain Fouque, Benoït Gérard, Mehdi Tibouchi

Nonmalleable Information Flow Control [PDF] [Paper] (I2) ★

Ethan Cecchetti, Andrew Myers, Owen Arden

Cryptographically Secure Information Flow Control on Key-Value Stores [PDF] [Paper] (I2)

Lucas Waye, Pablo Buiras, Owen Arden, Alejandro Russo, Stephen Chong

Object Flow Integrity [PDF] (I2)

Wenhao Wang, Xiaoyang Xu, Kevin Hamlen

BBA+: Improving the Security and Applicability of Privacy-Preserving Point Collection [PDF] (I3)

Gunnar Hartung, Max Hoffmann, Matthias Nagel, Andy Rupp

walk2friends: Inferring Social Links from Mobility Profiles [PDF] [Paper] [Artifact] (I3)

Michael Backes, Mathias Humbert, Jun Pang, Yang Zhang

Back to the drawing board: Revisiting the design of optimal location privacy-preserving mechanisms [PDF] [Paper] (I3)

Simon Oya, Carmela Troncoso, Fernando Pérez-González

Certified Verification of Algebraic Properties on Low-Level Mathematical Constructs in Cryptographic Programs [PDF] (I4)

Ming-Hsien Tsai, Bow-Yaw Wang, Bo-Yin Yang

A Fast and Verified Software Stack for Secure Function Evaluation [PDF] [Paper] [Artifact] (I4)

José Bacelar Almeida, Manuel Barbosa, Gilles Barthe, François Dupressoir, Benjamin Grégoire, Vincent Laporte, Vitor Pereira

Verified Correctness and Security of mbedTLS HMAC-DRBG [PDF] [Paper] [Artifact] (I4)

Katherine Q. Ye, Matthew Green, Naphat Sanguansin, Lennart Beringer, Adam Petcher, Andrew W. Appel

How Unique is Your .onion? An Analysis of the Fingerprintability of Tor Onion Services [PDF] [Paper] [Artifact] (I5) ★

Rebekah Overdorf, Marc Juarez, Gunes Acar, Rachel Greenstadt, Claudia Diaz

The Waterfall of Liberty: Decoy Routing Circumvention that Resists Routing Attacks [PDF] [Artifact] (I5)

Milad Nasr, Hadi Zolfaghari, Amir Houmansadr

Compressive Traffic Analysis: A New Paradigm for Scalable Traffic Analysis [PDF] [Paper] (I5)

Milad Nasr, Amir Houmansadr, Arya Mazumdar

Full accounting for verifiable outsourcing [PDF] [Paper] (J1)

Riad S. Wahby, Ye Ji, Andrew J. Blumberg, abhi shelat, Justin Thaler, Michael Walfish, Thomas Wies

Ligero: Lightweight Sublinear Arguments Without a Trusted Setup [PDF] (J1)

Scott Ames, Carmit Hazay, Yuval Ishai, Muthuramakrishnan Venkitasubramaniam

Homomorphic Secret Sharing: Optimizations and Applications [PDF] [Artifact] (J1)

Elette Boyle, Geoffroy Couteau, Niv Gilboa, Yuval Ishai, Michele Orru

DIFUZE: Interface Aware Fuzzing for Kernel Drivers [PDF] [Artifact] (J2)

Jake Corina, Aravind Machiry, Christopher Salls, Yan Shoshitaishvili, Shuang Hao, Christopher Kruegel, Giovanni Vigna

SemFuzz: Semantics-based Automatic Generation of Proof-of-Concept Exploits [PDF] (J2)

Wei You, Peiyuan Zong, Kai Chen, XiaoFeng Wang, Xiaojing Liao, Pan Bian, Bin Liang

SlowFuzz: Automated Domain-Independent Detection of Algorithmic Complexity Vulnerabilities [PDF] [Paper] (J2)

Theofilos Petsios, Jason Zhao, Angelos D. Keromytis, Suman Jana

Checking Open-Source License Violation and 1-day Security Risk at Large Scale [PDF] (J3)

Ruian Duan, Ashish Bijlani, Meng Xu, Taesoo Kim, Wenke Lee

Keep me Updated: An Empirical Study of Third-Party Library Updatability on Android [PDF] [Paper] [Artifact] (J3)

Erik Derr, Sven Bugiel, Sascha Fahl, Yasemin Acar, Michael Backes

A Large-Scale Empirical Study of Security Patches [PDF] (J3)

Frank Li, Vern Paxson

DEFTL: Implementing Plausibly Deniable Encryption in Flash Translation Layer [PDF] (J4)

Shijie Jia, Luning Xia, Bo Chen, Peng Liu

FlashGuard: Leveraging Intrinsic Flash Properties to Defend Against Encryption Ransomware [PDF] (J4)

Jian Huang, Jun Xu, Xinyu Xing, Peng Liu, Moinuddin K. Qureshi

FirmUSB: Vetting USB Device Firmware using Domain Informed Symbolic Execution [PDF] [Paper] (J4)

Grant Hernandez, Farhaan Fowze, Dave (Jing) Tian, Tuba Yavuz, Kevin Butler

TinyOLE: Efficient Actively Secure Two-Party Computation from Oblivious Linear Function Evaluation [PDF] (K1)

Nico Döttling, Satrajit Ghosh, Jesper Buus Nielsen, Tobias Nilges, Roberto Trifiletti

Distributed Measurement with Private Set-Union Cardinality [PDF] (K1)

Ellis Fenske, Akshaya Mani, Aaron Johnson, Micah Sherr

Efficient Public Trace-and-Revoke from Standard Assumptions [PDF] [Paper] (K1)

Shweta Agrawal, Sanjay Bhattacherjee, Duong Hieu Phan, Damien Stehle, Shota Yamada

Designing New Operating Primitives to Improve Fuzzing Performance [PDF] (K2)

Wen Xu, Sanidhya Kashyap, Changwoo Min, Taesoo Kim

Directed Greybox Fuzzing [PDF] [Paper] [Artifact] (K2)

Marcel Böhme, Van-Thuan Pham, Manh-Dung Nguyen, Abhik Roychoudhury

IMF: Inferred Model-based Fuzzer [PDF] [Artifact] (K2)

HyungSeok Han, Sang Kil Cha

PtrSplit: Supporting general pointers in automatic program partitioning [PDF] (K3)

Shen Liu, Gang Tan, Trent Jaeger

HexType: Efficient Detection of Type Confusion Errors for C++ [PDF] (K3)

Yuseok Jeon, Priyam Biswas, Scott Carr, Byoungyoung Lee, Mathias Payer

FreeGuard: A Faster Secure Heap Allocator [PDF] [Artifact] (K3)

Sam Silvestro, Hongyu Liu, Corey Crosser, Zhiqiang Lin, Tongping Liu

JITGuard: Hardening Just-in-time Compilers with SGX [PDF] [Paper] (K4)

Tommaso Frassetto, David Gens, Christopher Liebchen, Ahmad-Reza Sadeghi

Leaky Cauldron on the Dark Land: Understanding Memory Side-Channel Hazards in SGX [PDF] (K4)

Wenhao Wang, Guoxing Chen, Xiaorui Pan, Yinqian Zhang, XiaoFeng Wang, Vincent Bindschaedler, Haixu Tang, Carl A. Gunter

A Formal Foundation for Secure Remote Execution of Enclaves [PDF] [Paper] [Artifact] (K4) ★

Pramod Subramanyan, Rohit Sinha, Ilia Lebedev, Srinivas Devadas, Sanjit Seshia