NDSS 2016 Feb. 21, 2016 to Feb. 24, 2016, california,usa

Event Page


Tell us about missing data
Title Speakers Summary Topic Types
Keynote: On Subverting Trust Matthew Daniel Green N/A
Transcript Collision Attacks: Breaking Authentication in TLS, IKE and SSH Karthikeyan Bhargavan , Gaetan Leurent In response to high-profile attacks that exploit hash function collisions, software vendors have started to ...
TLS in the Wild: An Internet-wide Analysis of TLS-based Protocols for Electronic Communication Mohamed Ali Kaafar , Ralph ( rholz ) Holz , Olivier Mehani , Johanna Amann , Matthias Wachs Email and chat still constitute the majority of electronic communication on the Internet. The standardisation ...
Killed by Proxy: Analyzing Client-end TLS Interception Software Mohammad Mannan , Xavier Carnavalet To filter SSL/TLS-protected traffic, some antivirus and parental-control applications interpose a TLS proxy in the ...
SIBRA: Scalable Internet Bandwidth Reservation Architecture Adrian Perrig , Hsu-chun Hsiao , Ayumu Kubota , Cristina Basescu , Pawel Szalachowski , Raphael M. Reischuk , Yao Zhang , Jumpei Urakawa This paper proposes a Scalable Internet Bandwidth Reservation Architecture (SIBRA) as a new approach against ...
Don't Forget to Lock the Back Door! A Characterization of IPv6 Network Security Policy Mark Allman , Michael Bailey , Jakub Czyz , Matthew Luckie There is growing operational awareness of the challenges in securely operating IPv6 networks. Through a ...
Attacking the Network Time Protocol Sharon Goldberg , Aanchal Malhotra , Isaac E. Cohen , Erik Brakke We explore the risk that network attackers can exploit unauthenticated Network Time Protocol (NTP) traffic ...
SPIFFY: Inducing Cost-Detectability Tradeoffs for Persistent Link-Flooding Attacks Vyas Sekar , Min Suk Kang , Virgil D. Gligor We have recently witnessed the real life demonstration of link-flooding attacks - DDoS attacks that ...
CrossFire: An Analysis of Firefox Extension-Reuse Vulnterabilities William Robertson , Engin Kirda , Kaan Onarlioglu , Ahmet Buyukkayhan Extension architectures of popular web browsers have been carefully studied by the research community; however, ...
It's Free for a Reason: Exploring the Ecosystem of Free Live Streaming Services Christophe Huygens , Wouter Joosen , Nick Nikiforakis , M. zubair Rafique , Tom Van Goethem Recent years have seen extensive growth of services enabling free broadcasts of live streams on ...
Attack Patterns for Black-Box Security Testing of Multi-Party Web Applications Luca Compagna , Alessandro Armando , Roberto Carbone , Avinash Sudhodanan The advent of Software-as-a-Service (SaaS) has led to the development of multi-party web applications (MPWAs). ...
Are these Ads Safe: Detecting Hidden Attacks through the Mobile App-Web Interfaces Yan Chen , Shihong Zou , Vaibhav Rastogi , Xiang Pan , Rui Shao , Ryan Riley Mobile users are increasingly becoming targets of malware infections and scams. Some platforms, such as ...
Enabling Practical Software-defined Networking Security Applications with OFX Adam J. Aviv , Jonathan M. Smith , Eric Keller , John Sonchack Software Defined Networks (SDNs) are an appealing platform for network security applications. However, existing approaches ...
Forwarding-Loop Attacks in Content Delivery Networks Vern Paxson , Haixin Duan , Jinjin Liang , Jian Jiang , Kang Li , Xiaofeng Zheng , Tao Wan , Jianjun Chen We describe how malicious customers can attack the availability of Content Delivery Networks (CDNs) by ...
CDN-on-Demand: An affordable DDoS Defense via Untrusted Clouds Amir Herzberg , Yossi Gilad , Michael Sudkovitch , Michael Goberman We present CDN-on-Demand, a software-based defense that administrators of small to medium websites install to ...
Towards SDN-Defined Programmable BYOD (Bring Your Own Device) Security Guofei Gu , Lei Xu , Robert Baykov , Sungmin Hong , Srinath Nadimpalli An emerging trend in corporate network administration is BYOD (bring your own device). Although with ...
Centrally Banked Cryptocurrencies George Danezis , Sarah Meiklejohn Current cryptocurrencies, starting with Bitcoin, build a decentralized blockchain-based transaction ledger, maintained through proofs-of-work that ...
Equihash: Asymmetric Proof-of-Work Based on the Generalized Birthday Problem Alex Biryukov , Dmitry Khovratovich The proof-of-work is a central concept in modern cryptocurrencies and denial-of-service protection tools, but the ...
A Simple Generic Attack on Text Captchas Hyoungshick Kim , Aziz Mohaisen , Eunjo Lee , Jiyoung Woo , Huy Kang Kim Text-based Captchas have been widely deployed across the Internet to defend against undesirable or malicious ...
Tracking Mobile Web Users Through Motion Sensors: Attacks and Defenses Matthew Caesar , Nikita Borisov , Anupam Das Modern smartphones contain motion sensors, such as accelerometers and gyroscopes. These sensors have many useful ...
The Price of Free: Privacy Leakage in Personalized Mobile In-Apps Ads Wenke Lee , Wei Meng , Simon P. Chung , Ren Ding , Steven Han In-app advertising is an essential part to the ecosystem of free mobile applications. On the ...
What Mobile Ads Know About Mobile Users Vitaly Shmatikov , Daehyeok Kim , Sooel Son We analyze the software stack of popular mobile advertising libraries and investigate how they protect ...
Free for All! Assessing User Data Exposure to Advertising Libraries on Android Wei Yang , Soteris Demetriou , Carl A. Gunter , Whitney Merrill , Aston Zhang Many studies have focused on detecting and measuring the security and privacy risks associated with ...
Practical Attacks Against Privacy and Availability in 4G/LTE Mobile Communication Systems Ravishankar Borgaonkar , N. Asokan , Jean-pierre Seifert , Valtteri Niemi , Altaf Shaik Mobile communication systems are now an essential part of life throughout the world. Fourth generation ...
Towards Automated Dynamic Analysis for Linux-based Embedded Firmware David Brumley , Manuel Egele , Maverick Woo , Daming D. Chen Commercial-off-the-shelf (COTS) network-enabled embedded devices are usually controlled by vendor firmware to perform integral functions ...
discovRE: Efficient Cross-Architecture Identification of Bugs in Binary Code Sebastian Eschweiler , Elmar Gerhards-padilla , Khaled Yakdan The identification of security-critical vulnerabilities is a key for protecting computer systems. Being able to ...
Driller: Augmenting Fuzzing Through Selective Symbolic Execution Christopher Kruegel , Giovanni Vigna , Ruoyu Wang , Yan Shoshitaishvili , Jacopo Corbetta , Nick Stephens , John Grosen , Christopher Salls , Andrew Dutcher Memory corruption vulnerabilities are an ever-present risk in software, which attackers can exploit to obtain ...
VTrust: Regaining Trust on Virtual Calls Mathias Payer , Dawn Song , Chengyu Song , Chao Zhang , Tongxin Li , Scott A. Carr , Yu Ding Virtual function calls are one of the most popular control-flow hijack attack targets. Compilers use ...
Protecting C++ Dynamic Dispatch Through VTable Interleaving Sorin Lerner , Dimitar Bounov , Rami Gökhan Kıcı With new defenses against traditional control-flow attacks like stack buffer overflows, attackers are increasingly using ...
ProTracer: Towards Practical Provenance Tracing by Alternating Between Logging and Tainting Dongyan Xu , Xiangyu Zhang , Shiqing Ma Provenance tracing is a very important approach to Advanced Persistent Threat (APT) attack detection and ...
Who's in Control of Your Control System? Device Fingerprinting for Cyber-Physical Systems Raheem Beyah , David Formby , Preethi Srinivasan , Andrew Leonard , Jonathan Rogers Industrial control system (ICS) networks used in critical infrastructures such as the power grid present ...
SKEE: A lightweight Secure Kernel-level Execution Environment for ARM Ahmed Azab , Peng Ning , Kirk Swidowski , Ruowen Wang , Rohan Bhutkar , Jia Ma , Wenbo Shen Previous research on kernel monitoring and protection widely relies on higher privileged system components, such ...
OpenSGX: An Open Platform for SGX Research Taesoo Kim , Brent ByungHoon Kang , Dongsu Han , Ming-wei Shih , Prerit Jain , Soham Desai , Seongmin Kim , Jaehyuk Lee , Changho Choi , Youjung Shin Hardware technologies for trusted computing, or trusted execution environments (TEEs), have rapidly matured over the ...
Efficient Private Statistics with Succinct Sketches George Danezis , Emiliano de Cristofaro , Luca Melis In our digital society, the large-scale collection of contextual information is often essential to gather ...
Dependence Makes You Vulnberable: Differential Privacy Under Dependent Tuples Prateek Mittal , Supriyo Chakraborty , Changchang Liu Differential privacy (DP) is a widely accepted mathematical framework for protecting data privacy. Simply stated, ...
Privacy-Preserving Shortest Path Computation Joe Zimmerman , John C. Mitchell , David J. Wu , Jérémy Planul Navigation is one of the most popular cloud computing services. But in virtually all cloud-based ...
LinkMirage: Enabling Privacy-preserving Analytics on Social Relationships Prateek Mittal , Changchang Liu Social relationships present a critical foundation for many real-world applications. However, both users and online ...
Do You See What I See? Differential Treatment of Anonymous Users David Fifield , Damon Mccoy , Steven J. Murdoch , Vern Paxson , Sadia Afroz , Sheharbano Khattak , Mobin Javed , Srikanth Sundaresan The utility of anonymous communication is undermined by a growing number of websites treating users ...
Measuring and Mitigating AS-level Adversaries Against Tor Phillipa Gill , Michael Schapira , Rishab Nithyanand , Oleksii Starov , Adva Zair The popularity of Tor as an anonymity system has made it a popular target for ...
Website Fingerprinting at Internet Scale Martin Henze , Klaus Wehrle , Thomas Engel , Fabian Lanze , Andriy Panchenko , Jan Pennekamp , Andreas Zinnen The website fingerprinting attack aims to identify the content (i.e., a webpage accessed by a ...
Extract Me If You Can: Abusing PDF Parsers in Malware Detectors Heng Yin , Mu Zhang , Xunchao Hu , Curtis Carmony , Abhishek Vasisht Owing to the popularity of the PDF format and the continued exploitation of Adobe Reader, ...
Automatically Evading Classifiers: A Case Study on PDF Malware Classifiers David Evans , Weilin Xu , Yanjun Qi Machine learning is widely used to develop classifiers for security tasks. However, the robustness of ...
Cache, Trigger, Impersonate: Enabling Context-Sensitive Honeyclient Analysis On-the-Wire Fabian Monrose , Kevin Z. Snow , Teryl Taylor , Nathan Otterness Today's sophisticated web exploit kits use polymorphic techniques to obfuscate each attack instance, making content-based ...
LO-PHI: Low-Observable Physical Host Instrumentation for Malware Analysis Hongyi Hu , Chad Spensky , Kevin Leach Dynamic-analysis techniques have become the linchpins of modern malware analysis. However, software-based methods have been ...
When a Tree Falls: Using Diversity in Ensemble Classifiers to Identify Evasion in Malware Detectors Angelos Stavrou , Charles Smutz Machine learning classifiers are a vital component of modern malware and intrusion detection systems. However, ...
Kratos: Discovering Inconsistent Security Policy Enforcement in the Android Framework Z. Morley Mao , Zhiyun Qian , Qi Alfred Chen , Yuru Shao , Jason Ott The Android framework utilizes a permission-based security model, which is essentially a variation of the ...
How to Make ASLR Win the Clone Wars: Runtime Re-Randomization Wenke Lee , Michael Backes , Stefan Nurnberger , Kangjie Lu Existing techniques for memory randomization such as the widely explored Address Space Layout Randomization (ASLR) ...
Leakage-Resilient Layout Randomization for Mobile Devices Ahmad-reza Sadeghi , Christopher Liebchen , Lucas Davi , Stephen Crane , Per Larsen , Michael Franz , Kjell Braden Attack techniques based on code reuse continue to enable real-world exploits bypassing all current mitigations. ...
Enabling Client-Side Crash-Resistance to Overcome Diversification and Information Hiding Thorsten Holz , Behrad Garmany , Robert Gawlik , Benjamin Kollenda , Philipp Koppe It is a well-known issue that attack primitives which exploit memory corruption vulnerabilities can abuse ...
Enforcing Kernel Security Invariants with Data Flow Integrity Taesoo Kim , Wenke Lee , Byoungyoung Lee , Chengyu Song , Kangjie Lu , William Harris The operation system kernel is the foundation of the whole system and is often the ...
Going Native: Using a Large-Scale Analysis of Android Apps to Create a Practical Native-Code Sandboxing Policy Wenliang Du , Xiao Zhang , Yousra Aafer , Kailiang Ying , Zhenshen Qiu Current static analysis techniques for Android applications operate at the Java level - that is, ...
FLEXDROID: Enforcing In-App Privilege Separation in Android Taesoo Kim , Daehyeok Kim , Jaebaek Seo , Donghyun Shin Mobile applications are increasingly integrating third-party libraries to provide various features, such as advertising, analytics, ...
IntelliDroid: A Targeted Input Generator for the Dynamic Analysis of Android Malware David Lie , Michelle Y. Wong While dynamic malware analysis methods generally provide better precision than purely static methods, they have ...
Harvesting Runtime Values in Android Applications That Feature Anti-Analysis Techniques Eric Bodden , Steven Arzt , Siegfried Rasthofer , Marc Miltenberger It is generally challenging to tell apart malware from benign applications. To make this decision, ...
Automatic Forgery of Cryptographically Consistent Messages to Identify Security Vulnerabilities in Mobile Services Rui Wang , Zhiqiang Lin , Chaoshun Zuo , Wubing Wang Most smartphone apps today require access to remote services, and many of them also require ...
Differentially Private Password Frequency Lists Anupam Datta , Joseph Bonneau , Jeremiah Blocki Given a dataset of user-chosen passwords, the frequency list reveals the frequency of each unique ...
Who Are You? A Statistical Approach to Measuring User Authenticity Giorgio Giacinto , Sakshi Jain , David Freeman , Markus Duermuth , Battista Biggio Passwords are used for user authentication by almost every Internet service today, despite a number ...
Pitfalls in Designing Zero-Effort Deauthentication: Opportunistic Human Observation Attacks Nitesh Saxena , N. Asokan , Swapnil Udar , Otto Huhta , Mika Juuti , Prakash Shrestha Deauthentication is an important component of any authentication system. The widespread use of computing devices ...