SIEEEEuropeanSymposiumS&P 2018 April 24, 2018 to April 26, 2018, London, United Kingdom

Event Page


Tell us about missing data
Title Speakers Summary Topic Types
Studying user-facing threats in security & privacy Sunny Consolvo N/A
What you get is what you C: Controlling side effects in mainstream C compilers Ross Anderson , David Chisnall , Laurent Simon Security engineers have been fighting with C compilers for years. A careful programmer would test ...
COVERN: A Logic for Compositional Verification of Information Flow Control Toby Murray , Robert Sison , Kai Engelhardt Shared memory concurrency is pervasive in modern programming, including in systems that must protect highly ...
Mining ABAC Rules from Sparse Logs David Basin , Carlos Cotrini , Thilo Weghorn Different methods have been proposed to mine attribute-based access control (ABAC) rules from logs. In ...
I Spy with My Little Eye: Analysis and Detection of Spying Browser Extensions Liang Feng Zhang , Ponnurangam Kumaraguru , Bimal Viswanath , Anupama Aggarwal , Saravana Kumar , Ayush Shah In this work, we take a step towards understanding and defending against spying browser extensions. ...
Dissecting Privacy Risks in Biomedical Data Michael Backes , Yang Zhang , Mathias Humbert , Pascal Berrang , Irina Lehmann , Roland Eils The decreasing costs of molecular profiling has fueled the biomedical research community with a plethora ...
Formally Reasoning about the Cost and Efficacy of Securing the Email Infrastructure Michael Backes , Giancarlo Pellegrino , Milivoj Simeonovski , Patrick Speicher , Marcel Steinmetz , Robert Künnemann , Jörg Hoffmann Security in the Internet has historically been added post-hoc, leaving services like email, which, after ...
Language-Independent Synthesis of Firewall Policies Riccardo Focardi , Pierpaolo Degano , Mauro Tempesta , Chiara Bodei , Letterio Galletta , Lorenzo Veronese Configuring and maintaining a firewall configuration is notoriously hard. Policies are written in low-level, platform-specific ...
The Real First Class? Inferring Confidential Corporate Mergers and Government Relations from Air Traffic Communication Matthew Smith , Vincent Lenders , Ivan Martinovic , Martin Strohmeier This paper exploits publicly available aircraft meta data in conjunction with unfiltered air traffic communication ...
Masters of Time: An Overview of the NTP Ecosystem Thorsten Holz , Teemu Rytilahti , Dennis Tatang , Janosch Köpper The Network Time Protocol (NTP) is currently the most commonly used approach to keeping the ...
TARANET: Traffic-Analysis Resistant Anonymity at the NETwork layer George Danezis , Carmela Troncoso , Adrian Perrig , David Barrera , Chen Chen , Daniele E. Asoni Modern low-latency anonymity systems, no matter whether constructed as an overlay or implemented at the ...
ERASER: Your Data Won’t Be Back William Robertson , Engin Kirda , Kaan Onarlioglu Secure deletion of data from non-volatile storage is a well-recognized problem. While numerous solutions have ...
Security Risks in Asynchronous Web Servers: When Performance Optimizations Amplify the Impact of Data-oriented Attacks Fabian Monrose , Manos Antonakakis , Michalis Polychronakis , Kevin Snow , Panagiotis Kintis , Micah Morton , Jan Werner Over the past decade, many innovations have been achieved with respect to improving the responsiveness ...
Have your PI and Eat it Too: Practical Security on a Low-cost Ubiquitous Computing Platform Amit Vasudevan , Sagar Chaki Robust security on a commodity low-cost and popular computing platform is a worthy goal for ...
Get in Line: Ongoing Co-Presence Verification of a Vehicle Formation Based on Driving Trajectories N. Asokan , Ivan Martinovic , Mika Juuti , Christian Vaas Intelligent transportation systems and the advent of smart cities have created a renewed research interest ...
Sponge-Based Control-Flow Protection for IoT Devices Thomas Unterluggauer , Stefan Mangard , Mario Werner , David Schaffenrath Embedded devices in the Internet of Things (IoT) face a wide variety of security challenges. ...
Position-independent Code Reuse: On the Effectiveness of ASLR in the Absence of Information Disclosure Thorsten Holz , Herbert Bos , Georgios Portokalidis , Cristiano Giuffrida , Enes Göktaş , Benjamin Kollenda , Philipp Koppe , Erik Bosman Address-space layout randomization is a well-established defense against code-reuse attacks. However, it can be completely ...
Probabilistic Obfuscation through Covert Channels Saumya K. Debray , Babak Yadegari , Christian Collberg , Jon Stephens , Carlos Scheidegger This paper presents a program obfuscation framework that uses covert channels through the program’s execution ...
Understanding User Tradeoffs for Search in Encrypted Communication Michelle l. Mazurek , Wei Bai , Ciara Lynton , Charalampos (babis) Papamanthou End-to-end message encryption is the only way to achieve absolute message privacy. However, searching over ...
Short Double- and N-Times-Authentication-Preventing Signatures from ECDSA and More Daniel Slamanig , David Derler , Sebastian Ramacher Double-authentication-preventing signatures (DAPS) are signatures designed with the aim that signing two messages with an ...
Crypto Crumple Zones: Enabling Limited Access without Mass Surveillance Charles P. Wright , Mayank Varia Governments around the world are demanding more access to encrypted data, but it has been ...
Online Synthesis of Adaptive Side-Channel Attacks Based On Noisy Observations Lucas Bang , Nicolas Rosner , Tevfik Bultan We present an automated technique for synthesizing adaptive attacks to extract information from program functions ...
User Blocking Considered Harmful? An Attacker-controllable Side Channel to Identify Social Accounts Takuya Watanabe , Tatsuya Mori , Mitsuaki Akiyama , Eitaro Shioji , Keito Sasaoka , Takeshi Yagi This paper presents a practical side-channel attack that identifies the social web service account of ...
Attacking Deterministic Signature Schemes using Fault Attacks Sebastian Schinzel , Juraj Somorovsky , Damian Poddebniak , Paul Rösler , Manfred Lochter Many digital signature schemes rely on random numbers that are unique and non-predictable per signature. ...
Establishing a Guide to the Cyber Security Body of Knowledge (CyBOK) N/a A new, multi-partner effort is underway to develop a cyber security body of knowledge (http://www.cybok.org). ...
CRYSTALS - Kyber: a CCA-secure module-lattice-based KEM Peter Schwabe , Eike Kiltz , Joppe w. Bos , Damien Stehlé , Tancrède Lepoint , Leo Ducas , John M. Schanck , Vadim Lybashevsky Rapid advances in quantum computing, together with the announcement by the National Institute of Standards ...
Just In Time Hashing Jeremiah Blocki , Benjamin Harsha In the past few years billions of user passwords have been exposed to the threat ...
In search of CurveSwap: Measuring elliptic curve implementations in the wild Nadia Heninger , Nick Sullivan , Luke Valenta , Antonio Sanso We survey elliptic curve implementations from several vantage points. We perform internet-wide scans for TLS ...
SoK: Security and Privacy in Machine Learning Patrick Mcdaniel , Arunesh Sinha , Nicolas Papernot , Michael P. Wellman Advances in machine learning (ML) in recent years have enabled a dizzying array of applications ...
From password policies to adversarial machine learning, it's all about the user. Lujo Bauer N/A
More is Less: On the End-to-End Security of Group Chats in Signal, WhatsApp, and Threema Jörg Schwenk , Christian Mainka , Paul Rösler Secure instant messaging is utilized in two variants: one-to-one communication and group communication. While the ...
A formal analysis of the Neuchâtel e-voting protocol Veronique Cortier , David Galindo , Mathieu Turuani Remote electronic voting is used in several countries for legally binding elections. Unlike academic voting ...
On Composability of Game-based Password Authenticated Key Exchange Marjan Skrobot , Jean Lancrenon It is standard practice that the secret key derived from an execution of a Password ...
ChainSmith: Automatically Learning the Semantics of Malicious Campaigns by Mining Threat Intelligence Reports Tudor Dumitras , Ziyun Zhu Modern cyber attacks consist of a series of steps and are generally part of larger ...
DeepRefiner: Multi-layer Android Malware Detection System Applying Deep Neural Networks Robert h. Deng , Kai Chen , Yingjiu Li , Ke Xu As malicious behaviors vary significantly across mobile malware, it is challenging to detect malware both ...
Forgotten Siblings: Unifying Attacks on Machine Learning and Digital Watermarking Konrad Rieck , Daniel Arp , Erwin Quiring Machine learning is increasingly used in security-critical applications, such as autonomous driving, face recognition, and ...