NDSS 2018 Feb. 18, 2018 to Feb. 21, 2018, san diego,usa

Event Page


Tell us about missing data
Title Speakers Summary Topic Types
IoTFuzzer: Discovering Memory Corruptions in IoT Through App-based Fuzzing. Kehuan Zhang , Xiaofeng Wang , Zhiqiang Lin , Wing Cheong Lau , Wenrui Diao , Chaoshun Zuo , Ronghai Yang , Jiongyi Chen , Qingchuan Zhao , Menghan Sun With more IoT devices entering the consumer market, it becomes imperative to detect their security ...
Fear and Logging in the Internet of Things Qi Wang , Adam Bates , Carl A Gunter , Wajih Ul Hassan As the Internet of Things (IoT) continues to proliferate, diagnosing incorrect behavior within increasinglyautomated homes ...
Decentralized Action Integrity for Trigger-Action IoT Platforms. Atul Prakash , Jaeyeon Jung , Amir Rahmati , Earlence Fernandes Trigger-Action platforms are web-based systems that enable users to create automation rules by stitching together ...
What You Corrupt Is Not What You Crash: Challenges in Fuzzing Embedded Devices. Frank Kargl , Davide Balzarotti , Aurélien Francillon , Marius Muench , Jan Stijohann As networked embedded systems are becoming more ubiquitous, their security is becoming critical to our ...
Didn’t You Hear Me? – Towards More Successful Web Vulnerability Notifications. Michael Backes , Ben Stock , Frank h. Li , Christian Rossow , Giancarlo Pellegrino After treating the notification of vulnerable parties as mere side-notes in research, the security community ...
Exposing Congestion Attack on Emerging Connected Vehicle based Traffic Signal Control. Z. Morley Mao , Qi Alfred Chen , Yucheng Yin , Yiheng Feng , Henry X. Liu Connected vehicle (CV) technology will soon transform today’s transportation systems by connecting vehicles and the ...
Removing Secrets from Android’s TLS. Dan S. Wallach , Jaeho Lee Cryptographic libraries that implement Transport Layer Security (TLS) have a responsibility to delete cryptographic keys ...
rtCaptcha: A Real-Time CAPTCHA Based Liveness Detection System. Wenke Lee , Simon Chung , Erkam Uzun , Irfan Essa Facial/voice-based authentication is becoming increasingly popular (e.g., already adopted by MasterCard and AliPay), because it ...
Automated Attack Discovery in TCP Congestion Control Using a Model-guided Approach. Cristina Nita-rotaru , David r. Choffnes , Alan Mislove , Samuel Jero , Endadul Hoque One of the most important goals of TCP is to ensure fairness and prevent congestion ...
Preventing (Network) Time Travel with Chronos. Michael Schapira , Omer Deutsch , Neta Rozen Schiff , Danny Dolev The Network Time Protocol (NTP) synchronizes time across computer systems over the Internet. Unfortunately, NTP ...
LTEInspector: A Systematic Approach for Adversarial Testing of 4G LTE. Elisa Bertino , Syed Rafiul Hussain , Omar Chowdhury , Shagufta Mehnaz In this paper, we investigate the security and privacy of the three critical procedures of ...
GUTI Reallocation Demystified: Cellular Location Tracking with Changing Temporary Identifier. Yongdae Kim , Byeongdo Hong , Sangwook Bae To keep subscribers’ identity con dential, a cellular network operator must use a temporary identi ...
Mind Your Keys? A Security Evaluation of Java Keystores. Riccardo Focardi , Marco Squarcina , Graham Steel , Francesco Palmarini , Mauro Tempesta Cryptography is complex and variegate and requires to combine different algorithms and mechanisms in nontrivial ...
A Security Analysis of Honeywords. Xinyi Huang , Ding Wang , Ping Wang , Jeff Yan , Haibo Cheng Honeywords are decoy passwords associated with each user account, and they contribute a promising approach ...
Revisiting Private Stream Aggregation: Lattice-Based PSA. Jorge Guajardo , Daniela Becker , Karl-heinz Zimmermann In this age of massive data gathering for purposes of personalization, targeted ads, etc. there ...
ZeroTrace : Oblivious Memory Primitives from Intel SGX. Sergey Gorbunov , Christopher W. Fletcher , Sajin Sasy We are witnessing a confluence between applied cryptography and secure hardware systems in enabling secure ...
Automated Website Fingerprinting through Deep Learning. Wouter Joosen , Tom Van Goethem , Marc Juarez , Davy Preuveneers , Vera Rimmer Several studies have shown that the network traffic that is generated by a visit to ...
VulDeePecker: A Deep Learning-Based System for Vulnerability Detection. Shouhuai Xu , Zhen Li , Hai Jin , Deqing Zou , Xinyu Ou , Sujuan Wang , Zhijun Deng , Yuyi Zhong The automatic detection of software vulnerabilities is an important research problem. However, existing solutions to ...
Kitsune: An Ensemble of Autoencoders for Online Network Intrusion Detection. Yuval Elovici , Asaf Shabtai , Yisroel Mirsky , Tomer Doitshman Neural networks have become an increasingly popular solution for network intrusion detection systems (NIDS). Their ...
Feature Squeezing: Detecting Adversarial Examples in Deep Neural Networks. David Evans , Weilin Xu , Yanjun Qi Although deep neural networks (DNNs) have achieved great success in many tasks, they can often ...
Trojaning Attack on Neural Networks. Xiangyu Zhang , Yousra Aafer , Juan Zhai , Shiqing Ma , Yingqi Liu , Wen-chuan Lee , Weihang Wang With the fast spread of machine learning techniques, sharing and adopting public machine learning models ...
Broken Fingers: On the Usage of the Fingerprint API in Android. Christopher Kruegel , Giovanni Vigna , Wenke Lee , Simon Chung , Yanick Fratantonio , Antonio Bianchi , Aravind Machiry Smartphones are increasingly used for very important tasks such as mobile payments. Correspondingly, new technologies ...
K-means++ vs. Behavioral Biometrics: One Loop to Rule Them All. Parimarjan Negi , Prafull Sharma , Vivek Sanjay Jain , Bahman Bahmani Behavioral biometrics, a field that studies patterns in an individual’s unique behavior, has been researched ...
ABC: Enabling Smartphone Authentication with Built-in Camera. Kui Ren , Xinwen Fu , Aziz Mohaisen , Zhongjie Ba , Sixu Piao , Dimitrios Koutsonikolas Reliably identifying and authenticating smartphones is critical in our daily life since they are increasingly ...
Device Pairing at the Touch of an Electrode. Ivan Martinovic , Kasper B. Rasmussen , Marc Roeschlin Device pairing is the problem of having two devices securely establish a key that can ...
Face Flashing: a Secure Liveness Detection Protocol based on Light Reflections. Kehuan Zhang , Zhe Zhou , Yinqian Zhang , Di Tang Face authentication systems are becoming increasingly prevalent, especially with the rapid development of Deep Learning ...
A Large-scale Analysis of Content Modification by Open HTTP Proxies. Sotiris Ioannidis , Michalis Polychronakis , Elias Athanasopoulos , Panagiotis Ilia , Giorgos Tsirantonakis Open HTTP proxies offer a quick and convenient solution for routing web traffic towards a ...
Measuring and Disrupting Anti-Adblockers Using Differential Execution Analysis. Heng Yin , Zhiyun Qian , Xunchao Hu , Shitong Zhu , Zubair Shafiq Millions of people use adblockers to remove intrusive and malicious ads as well as protect ...
Towards Measuring the Effectiveness of Telephony Blacklists. Roberto Perdisci , Payas Gupta , Mustaque Ahamad , Sharbani Pandit The convergence of telephony with the Internet has led to numerous new attacks that make ...
Things You May Not Know About Android (Un)Packers: A Systematic Study based on Whole-System Emulation. Tongxin Li , Mu Zhang , Xueqiang Wang , Xiaofeng Wang , Yue Duan , Heng Yin , Abhishek Vasisht Bhaskar , Xiaorui Pan The prevalent usage of runtime packers has complicated Android malware analysis, as both legitimate and ...
KeyDrown: Eliminating Software-Based Keystroke Timing Side-Channel Attacks. Clémentine Maurice , Daniel Gruss , Raphael Spreitzer , Stefan Mangard , Moritz Lipp , Michael Schwarz , Samuel Weiser Besides cryptographic secrets, software-based sidechannel attacks also leak sensitive user input. The most accurate attacks ...
Securing Real-Time Microcontroller Systems through Customized Memory View Switching. Dongyan Xu , Byoungyoung Lee , Xiangyu Zhang , Zhongshu Gu , Taegyu Kim , Hongjun Choi , Chung Hwan Kim Real-time microcontrollers have been widely adopted in cyber-physical systems that require both real-time and security ...
Automated Generation of Event-Oriented Exploits in Android Hybrid Apps. Guofei Gu , Guangliang Yang , Jeff Huang Recently more and more Android apps integrate the embedded browser, known as “WebView”, to render ...
Tipped Off by Your Memory Allocator: Device-Wide User Activity Sequencing from Android Memory Images. Dongyan Xu , Golden Iii , Xiangyu Zhang , Brendan Saltaformaggio , Seung Jei Yang , Aisha Ali-gombe , Rohit Bhatia An essential forensic capability is to infer the sequence of actions performed by a suspect ...
K-Miner: Uncovering Memory Corruption in Linux. Ahmad-reza Sadeghi , Lucas Davi , David Gens , Simon Schmitt Operating system kernels are appealing attack targets: compromising the kernel usually allows attackers to bypass ...
CFIXX: Object Type Integrity for C++. Mathias Payer , Scott A. Carr , Nathan Burow , Derrick Mckee C++ relies on object type information for dynamic dispatch and casting. The association of type ...
Back To The Epilogue: Evading Control Flow Guard via Unaligned Targets. Mauro Conti , Daniele Lain , Andrea Biondo Attackers use memory corruption vulnerabilities to compromise systems by hijacking control flow towards attacker-controlled code. ...
Superset Disassembly: Statically Rewriting x86 Binaries Without Heuristics. Zhiqiang Lin , Kevin W. Hamlen , Erick Bauman Static binary rewriting is a core technology for many systems and security applications, including profiling, ...
Enhancing Memory Error Detection for Large-Scale Applications and Fuzz Testing. Byoungyoung Lee , Chengyu Song , Insik Shin , Wookhyun Han , Byunggill Joe Memory errors are one of the most common vulnerabilities for the popularity of memory unsafe ...
Finding Clues for Your Secrets: Semantics-Driven, Learning-Based Privacy Discovery in Mobile Apps. Xiaofeng Wang , Yuan Zhang , Yuhong Nan , Min Yang , Zhemin Yang , Donglai Zhu A long-standing challenge in analyzing information leaks within mobile apps is to automatically identify the ...
Bug Fixes, Improvements, … and Privacy Leaks – A Longitudinal Study of PII Leaks Across Android App Versions. Narseo Vallina-rodriguez , David r. Choffnes , Martina Lindorfer , Jingjing Ren , Daniel J. Dubois , Ashwin Rao Is mobile privacy getting better or worse over time? In this paper, we address this ...
Apps, Trackers, Privacy, and Regulators: A Global Study of the Mobile Tracking Ecosystem. Phillipa Gill , Christian Kreibich , Mark Allman , Narseo Vallina-rodriguez , Rishab Nithyanand , Srikanth Sundaresan , Abbas Razaghpanah Third-party services form an integral part of the mobile ecosystem: they ease application development and ...
OS-level Side Channels without Procfs: Exploring Cross-App Information Leakage on iOS. Xiaofeng Wang , Yinqian Zhang , Xueqiang Wang , Xiaolong Bai , Xiaokuan Zhang It has been demonstrated in numerous previous studies that Android and its underlying Linux operating ...
Knock Knock, Who’s There? Membership Inference on Aggregate Location Data. Carmela Troncoso , Emiliano de Cristofaro , Apostolos Pyrgelis Aggregate location data is often used to support smart services and applications, e.g., generating live ...
Reduced Cooling Redundancy: A New Security Vulnerability in a Hot Data Center. Haining Wang , Zhang Xu , Xiaorui Wang , Li Erran Li , Xing Gao Data centers have been growing rapidly in recent years to meet the surging demand of ...
OBLIVIATE: A Data Oblivious Filesystem for Intel SGX. Byoungyoung Lee , Kyungtae Kim , Adil Ahmad , Muhammad Ihsanulhaq Sarfaraz Intel SGX provides con dentiality and integrity of a program running within the con nes ...
Microarchitectural Minefields: 4K-Aliasing Covert Channel and Multi-Tenant Detection in Iaas Clouds. Yier Jin , Dean Sullivan , Orlando Arias , Travis Meade We introduce a new microarchitectural timing covert channel using the processor memory order buffer (MOB). ...
Cloud Strife: Mitigating the Security Risks of Domain-Validated Certificates. Christopher Kruegel , Giovanni Vigna , Shuang Hao , Tobias Fiebig , Kevin Borgolte Infrastructure-as-a-Service (IaaS), and more generally the “cloud,” like Amazon Web Services (AWS) or Microsoft Azure, ...
Consensual and Privacy-Preserving Sharing of Multi-Subject and Interdependent Data. Jean-pierre Hubaux , Italo Dacosta , Alexandra-mihaela Olteanu , Kévin Huguenin Individuals share increasing amounts of personal data online. This data often involves–or at least has ...
When Coding Style Survives Compilation: De-anonymizing Programmers from Executable Binaries. Rachel Greenstadt , Fabian "fabs" Yamaguchi , Konrad Rieck , Aylin Caliskan , Arvind Narayanan , Richard Harang , Edwin Dauber The ability to identify authors of computer programs based on their coding style is a ...
De-anonymization of Mobility Trajectories: Dissecting the Gaps between Theory and Practice. Gang Wang , Yong Li , Huandong Wang , Chen Gao , Depeng Jin , Jingbo Sun Human mobility trajectories are increasingly collected by ISPs to assist academic research and commercial applications. ...
Veil: Private Browsing Semantics Without Browser-side Assistance. Nickolai Zeldovich , James Mickens , Frank Zhigang Wang All popular web browsers offer a “private browsing mode.” After a private session terminates, the ...
Game of Missuggestions: Semantic Analysis of Search-Autocomplete Manipulations. Xiaofeng Wang , Peng Wang , Raheem Beyah , Kan Yuan , Xianghang Mi , Xiaojing Liao , Feng Qian As a new type of blackhat Search Engine Optimization (SEO), autocomplete manipulations are increasingly utilized ...
SYNODE: Understanding and Automatically Preventing Injection Attacks on NODE.JS. Benjamin Livshits , Cristian-alexandru Staicu , Michael Pradel The Node.js ecosystem has lead to the creation of many modern applications, such as serverside ...
JavaScript Zero: Real JavaScript and Zero Side-Channel Attacks. Daniel Gruss , Moritz Lipp , Michael Schwarz Modern web browsers are ubiquitously used by billions of users, connecting them to the world ...
Riding out DOMsday: Towards Detecting and Preventing DOM Cross-Site Scripting. Lujo Bauer , Limin Jia , William Melicher , Anupam Das , Mahmood Sharif Cross-site scripting (XSS) vulnerabilities are the most frequently reported web application vulnerability. As complex JavaScript ...
Towards Scalable Cluster Auditing through Grammatical Inference over Provenance Graphs. Adam Bates , Thomas Moyer , Wajih Ul Hassan , Mark Lemay , Nuraini Aguse Investigating the nature of system intrusions in large distributed systems remains a notoriously difficult challenge. ...
MCI : Modeling-based Causality Inference in Audit Logging for Attack Investigation. Somesh Jha , Dongyan Xu , Vinod Yegneswaran , Gabriela Ciocarlie , Xiangyu Zhang , Ashish Gehani , Yonghwi Kwon , Shiqing Ma , Kyu Hyung Lee , Fei Wang , Wen-chuan Lee , Weihang Wang In this paper, we develop a model based causality inference technique for audit logging that ...
Towards a Timely Causality Analysis for Enterprise Security. Prateek Mittal , Zhenyu Wu , Mu Zhang , Junghwan Rhee , Kangkook Jee , Zhichun Li , Yushan Liu , Ding Li The increasingly sophisticated Advanced Persistent Threat (APT) attacks have become a serious challenge for enterprise ...
JSgraph: Enabling Reconstruction of Web Attacks via Efficient Tracking of Live In-Browser JavaScript Executions. Roberto Perdisci , Bo Li , Phani Vadrevu , Kyu Hyung Lee In this paper, we propose JSgraph, a forensic engine that is able to efficiently record ...
AceDroid: Normalizing Diverse Android Access Control Checks for Inconsistency Detection. Xiangyu Zhang , Ninghui Li , Yousra Aafer , Chen Tian , Jianjun Huang , Yi Sun The Android framework has raised increased security concerns with regards to its access control enforcement. ...
InstaGuard: Instantly Deployable Hot-patches for Vulnerable System Programs on Android. Xinming Ou , Long Lu , Zhi Wang , Hayawardh Vijayakumar , Yuping Li , Yueh-hsun Lin , Yaohui Chen Hot-patches, easier to develop and faster to deploy than permanent patches, are used to timely ...
BreakApp: Automated, Flexible Application Compartmentalization. Jonathan M. Smith , Nathan Dautenhahn , Nikos Vasilakis , Ben Karel , Nick Roessler , Andre Dehon Developers of large-scale software systems may use third-party modules to reduce costs and accelerate release ...
Resolving the Predicament of Android Custom Permissions. Soteris Demetriou , Carl A. Gunter , Guliz Seray Tuncay , Karan Ganju Android leverages a set of system permissions to protect platform resources. At the same time, ...
ZEUS: Analyzing Safety of Smart Contracts. Mohan Dhawan , Sukrit Kalra , Seep Goel , Subodh Sharma A smart contract is hard to patch for bugs once it is deployed, irrespective of ...
Chainspace: A Sharded Smart Contracts Platform. George Danezis , Mustafa Al-bassam , Alberto Sonnino , Shehar Bano , Dave Hrycyszyn Chainspace is a decentralized infrastructure, known as a distributed ledger, that supports user defined smart ...
Settling Payments Fast and Private: Efficient Decentralized Routing for Path-Based Transactions. Ian Goldberg , Aniket Kate , Pedro Moreno-sanchez , Stefanie Roos Decentralized path-based transaction (PBT) networks maintain local payment channels between participants. Pairs of users leverage ...
TLS-N: Non-repudiation over TLS Enablign Ubiquitous Content Signing. Srdjan Capkun , Arthur Gervais , Hubert Ritzdorf , Karl Wust , Guillaume Felley An internet user wanting to share observed content is typically restricted to primitive techniques such ...
Investigating Ad Transparency Mechanisms in Social Media: A Case Study of Facebooks Explanations. Krishna P. Gummadi , Alan Mislove , Athanasios Andreou , Giridhari Venkatadri , Oana Goga , Patrick Loiseau Targeted advertising has been subject to many privacy complaints from both users and policy makers. ...
Inside Job: Applying Traffic Analysis to Measure Tor from Within. Claudia Diaz , Rob Jansen , Marc Juarez , Tariq Elahi , Rafa Galvez In this paper, we explore traffic analysis attacks on Tor that are conducted solely with ...
Smoke Screener or Straight Shooter: Detecting Elite Sybil Attacks in User-Review Social Networks. Shuang Hao , Keith W. Ross , Haizhong Zheng , Minhui Xue , Hao Lu , Haojin Zhu , Xiaohui Liang Popular User-Review Social Networks (URSNs)— such as Dianping, Yelp, and Amazon—are often the targets of ...