27thUsenixSecuritySymposium 2018 Aug. 15, 2018 to Aug. 17, 2018, Vancouver, Canada

Event Page


Tell us about missing data
Title Speakers Summary Topic Types
Q: Why Do Keynote Speakers Keep Suggesting That Improving Security Is Possible? A: Because Keynote Speakers Make Bad Life Decisions and Are Poor Role Models James Mickens Some people enter the technology industry to build newer, more exciting kinds of technology as ...
Fear the Reaper: Characterization and Fast Detection of Card Skimmers Nolen Scaife , Christian Traynor Payment card fraud results in billions of dollars in losses annually. Adversaries increasingly acquire card ...
BlackIoT: IoT Botnet of High Wattage Devices Can Disrupt the Power Grid Saleh Soltan , Prateek Poor We demonstrate that an Internet of Things (IoT) botnet of high wattage devices–such as air ...
Skill Squatting Attacks on Amazon Alexa Joshua Mason , Deepak Kumar , Eric Hennenfent , Riccardo Paccagnella , Paul Murley , Adam Bailey The proliferation of the Internet of Things has increased reliance on voice-controlled devices to perform ...
CommanderSong: A Systematic Approach for Practical Adversarial Voice Recognition Xiaofeng Wang , Kai Chen , Heqing Huang , Carl A. Gunter , Xuejing Yuan , Yuxuan Chen , Yue Zhao , Yunhui Long , Xiaokang Liu , Shengzhi Zhang The popularity of automatic speech recognition (ASR) systems, like Google Assistant, Cortana, brings in security ...
ACES: Automatic Compartments for Embedded Systems Abraham A Clements , Naif Saleh Almakhdhub , Saurabh Payer Securing the rapidly expanding Internet of Things (IoT) is critical. Many of these “things” are ...
IMIX: In-Process Memory Isolation EXtension Tommaso Frassetto , Patrick Jauernig , Christopher Sadeghi Memory-corruption attacks have been subject to extensive research in the latest decades. Researchers demonstrated sophisticated ...
HeapHopper: Bringing Bounded Model Checking to Heap Implementation Security Ruoyu Wang , Yan Shoshitaishvili , Antonio Bianchi , Moritz Eckert , Christopher Vigna Heap metadata attacks have become one of the primary ways in which attackers exploit memory ...
Guarder: A Tunable Secure Allocator Zhiqiang Lin , Sam Silvestro , Hongyu Liu , Tianyi Liu , Tongping Liu Due to the on-going threats posed by heap vulnerabilities, we design a novel secure allocator ...
Fp-Scanner: The Privacy Implications of Browser Fingerprint Inconsistencies Romain Rouvoy , Antoine Vastel , Pierre Laperdrix , Walter Rudametkin By exploiting the diversity of device and browser configurations, browser fingerprinting established itself as a ...
Who Left Open the Cookie Jar? A Comprehensive Evaluation of Third-Party Cookie Policies Gertjan Franken , Tom Joosen Nowadays, cookies are the most prominent mechanism to identify and authenticate users on the Internet. ...
Effective Detection of Multimedia Protocol Tunneling using Machine Learning Diogo Barradas , Nuno Rodrigues Multimedia protocol tunneling enables the creation of covert channels by modulating data into the input ...
Quack: Scalable Remote Measurement of Application-Layer Censorship Will Scott , Benjamin Vandersloot , Allison Mcdonald , J. Ensafi Remote censorship measurement tools can now detect DNS- and IP-based blocking at global scale. However, ...
Better managed than memorized? Studying the Impact of Managers on Password Strength and Reuse Sascha Fahl , Sanam Ghorbani Lyastani , Michael Schilling , Michael Bugiel Despite their well-known security problems, passwords are still the incumbent authentication method for virtually all ...
Forgetting of Passwords: Ecological Theory and Data Janne Lindqvist , Yulong Yang , Antti Oulasvirta , Xianyi Gao , Can Liu , Christos Mitropoulos We present an opportunistic study of the impact of a new password policy in a ...
The Rewards and Costs of Stronger Passwords in a University: Linking Password Lifetime to Strength M. angela Sasse , Simon Parkin , Ingolf Becker We present an opportunistic study of the impact of a new password policy in a ...
Rethinking Access Control and Authentication for the Home Internet of Things (IoT) Blase Ur , Markus Dürmuth , Earlence Fernandes , Maximilian Golla , Weijia He , Roshni Padhi , Jordan Ofek Computing is transitioning from single-user devices to the Internet of Things (IoT), in which multiple ...
ATtention Spanned: Comprehensive Vulnerability Analysis of AT Commands Within the Android Ecosystem Patrick Traynor , Hayawardh Vijayakumar , Kevin Butler , Michael Grace , Amir Rahmati , Lee Harrison , Grant Hernandez , Dave (jing) Tian , Joseph I. Choi , Vanessa Frost , Christie Ruales AT commands, originally designed in the early 80s for controlling modems, are still in use ...
Inception: System-Wide Security Testing of Real-World Embedded Systems Software Nassim Corteggiani , Giovanni Francillon Connected embedded systems are becoming widely deployed, and their security is a serious concern. Current ...
Acquisitional Rule-based Engine for Discovering Internet-of-Things Devices Haining Wang , Limin Sun , Qiang Li , Xuan Feng The rapidly increasing landscape of Internet-of-Thing (IoT) devices has introduced significant technical challenges for their ...
Cybersecurity: Is It about Business or Technology? Donna Dodson If recent events involving the security of information and operations have taught us anything, it ...
A Sense of Time for JavaScript and Node.js: First-Class Timeouts as a Cure for Event Handler Poisoning James C. Davis , Eric R. Williamson , Dongyoon Lee The software development community is adopting the Event-Driven Architecture (EDA) to provide scalable web services, ...
Freezing the Web: A Study of ReDoS Vulnerabilities in JavaScript-based Web Servers Cristian-alexandru Pradel Regular expression denial of service (ReDoS) is a class of algorithmic complexity attacks where matching ...
NAVEX: Precise and Scalable Exploit Generation for Dynamic Web Applications Birhanu Eshete , Rigel Gjomemo , Abeer Alhuzali , V.n. Venkatakrishnan Modern multi-tier web applications are composed of several dynamic features, which make their vulnerability analysis ...
Rampart: Protecting Web Applications from CPU-Exhaustion Denial-of-Service Attacks Christopher Kruegel , Giovanni Vigna , Wenke Lee , Shuang Hao , Wei Meng , Kevin Borgolte , Chenxiong Qian Denial-of-Service (DoS) attacks pose a severe threat to the availability of web applications. Traditionally, attackers ...
How Do Tor Users Interact With Onion Services? Nick Feamster , Philipp Winter , Anne Edmundson , Laura M. Roberts , Marshini Chetty , Agnieszka Dutkowska-żuk Onion services are anonymous network services that are exposed over the Tor network. In contrast ...
Towards Predicting Efficient and Anonymous Tor Circuits Matthew Wright , Jiang Ming , Armon Barton , Mohsen Imani The Tor anonymity system provides online privacy for millions of users, but it is slower ...
An Empirical Analysis of Anonymity in Zcash George Kappos , Haaroon Yousaf , Mary Meiklejohn Among the now numerous alternative cryptocurrencies derived from Bitcoin, Zcash is often touted as the ...
Rethinking Architectures and Abstraction for a World Where Security Improvements Matter More than Performance Gains Paul Kocher During the now-ended performance boom, microprocessor performance optimizations brought enormous economic benefits that vastly exceeded ...
Solving the Next Billion-People Privacy Problem Monica S. Lam Virtual assistants are poised to revolutionize the digital interface by providing us with a simple, ...
Unveiling and Quantifying Facebook Exploitation of Sensitive Personal Data for Advertising Purposes José González Cabañas , Ángel Cuevas , Rubén Cuevas The recent European General Data Protection Regulation (GDPR) restricts the processing and exploitation of some ...
Analysis of Privacy Protections in Fitness Tracking Social Networks -or- You can run, but can you hide? Adam Bates , Wajih Ul Hassan , Saad Hussain Mobile fitness tracking apps allow users to track their workouts and share them with friends ...
AttriGuard: A Practical Defense Against Attribute Inference Attacks via Adversarial Machine Learning Jinyuan Gong Users in various web and mobile applications are vulnerable to attribute inference attacks, in which ...
Polisis: Automated Analysis and Presentation of Privacy Policies Using Deep Learning Karl Aberer , Florian Schaub , Kang G. Shin , Hamza Harkous , Kassem Fawaz , Rémi Lebret Privacy policies are the primary channel through which companies inform users about their data collection ...
Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels Sebastian Schinzel , Juraj Somorovsky , Jörg Schwenk , Damian Poddebniak , Jens Müller , Christian Dresen , Fabian Ising , Simon Friedberger OpenPGP and S/MIME are the two prime standards for providing end-to-end security for emails. We ...
The Dangers of Key Reuse: Practical Attacks on IPsec IKE Jörg Schwenk , Martin Grothe , Dennis Felsch , Adam Czubak , Marcin Szymanek IPsec enables cryptographic protection of IP packets. It is commonly used to build VPNs (Virtual ...
One&Done: A Single-Decryption EM-Based Attack on OpenSSL’s Constant-Time Blinded RSA Monjur Alam , Haider Adnan Khan , Moumita Dey , Nishith Sinha , Robert Callan , Alenka Zajic , Milos Prvulovic Cryptographic implementations are a valuable target for address-based side-channel attacks and should, thus, be protected ...
DATA – Differential Address Trace Analysis: Finding Address-based Side-Channels in Binaries Georg Sigl , Raphael Spreitzer , Stefan Mangard , Andreas Zankl , Samuel Weiser , Katja Miller Cryptographic implementations are a valuable target for address-based side-channel attacks and should, thus, be protected ...
Analogy Cyber Security—From 0101 to Mixed Signals Wenyuan Xu , Zhejiang University With the rapid development of sensing technologies, an increasing number of devices rely on sensors ...
Chipmunk or Pepe? Using Acoustical Analysis to Detect Voice-Channel Fraud at Scale Vijay Balasubramaniyan As organizations are adding security layers to online interactions attackers are targeting the voice-channel to ...
The Battle for New York: A Case Study of Applied Digital Threat Modeling at the Enterprise Level Michelle l. Mazurek , Rock Stevens , Patrick Sweeney , Colin Ahern , Elissa M. Redmiles , Daniel Votipka Digital security professionals use threat modeling to assess and improve the security posture of an ...
SAQL: A Stream-based Query System for Real-Time Abnormal System Behavior Detection Prateek Mittal , Xusheng Xiao , Zhenyu Wu , Kangkook Jee , Zhichun Li , Chung Hwan Kim , Ding Li , Peng Gao , Sanjeev R. Kulkarni Recently, advanced cyber attacks, which consist of a sequence of steps that involve many vulnerabilities ...
Practical Accountability of Secret Processes Daniel Weitzner , Shafi Goldwasser , Jonathan Frankle , Sunoo Park , Daniel Shaar The US federal court system is exploring ways to improve the accountability of electronic surveillance, ...
DIZK: A Distributed Zero Knowledge Proof System Alessandro Chiesa , Raluca Ada Popa , Ion Stoica , Wenting Zheng , Howard Wu Recently there has been much academic and industrial interest in practical implementations of zero knowledge ...
NetHide: Secure and Practical Network Topology Obfuscation Roland Meier , Laurent Vechev , Petar Tsankov , Vincent Lenders Simple path tracing tools such as traceroute allow malicious users to infer network topologies remotely ...
Towards a Secure Zero-rating Framework with Three Parties Yinzhi Cao , Zhiheng Liu , Zhen Zhang , Zhaohan Xi , Shihao Jing , Humberto La Roche Zero-rating services provide users with free access to contracted or affiliated Content Providers (CPs), but ...
MoonShine: Optimizing OS Fuzzer Seed Selection with Trace Distillation Suman Jana , Shankara Pailoor , Andrew Aday OS fuzzers primarily test the system call interface between the OS kernel and user-level applications ...
QSYM : A Practical Concolic Execution Engine Tailored for Hybrid Fuzzing Taesoo Kim , Yeongjin Jang , Sangho Lee , Insu Yun , Meng Xu Recently, hybrid fuzzing has been proposed to address the limitations of fuzzing and concolic execution ...
Automatic Heap Layout Manipulation for Exploitation Sean Heelan , Tom Melham , Daniel Kroening Heap layout manipulation is integral to exploiting heap-based memory corruption vulnerabilities. In this paper we ...
FUZE: Towards Facilitating Exploit Generation for Kernel Use-After-Free Vulnerabilities Jun (Jim) Xu , Xinyu Xing , Wei Wu , Yueqi Chen , Xiaorui Zou Software vendors usually prioritize their bug remediation based on ease of their exploitation. However, accurately ...
The Secure Socket API: TLS as an Operating System Service Jordan Whitehead , Scott Heidbrink , Luke Dickinson , Mark O'neill , Nick Bonner , Tanner Perdue , Torstein Collett , Kent Zappala SSL/TLS libraries are notoriously hard for developers to use, leaving system administrators at the mercy ...
Return Of Bleichenbacher’s Oracle Threat (ROBOT) Juraj Somorovsky , Craig Young , Hanno Böck In 1998 Bleichenbacher presented an adaptive chosen-ciphertext attack on the RSA PKCS~#1~v1.5 padding scheme. The ...
Bamboozling Certificate Authorities with BGP Prateek Mittal , Jennifer Rexford , Yixin Sun , Anne Edmundson , Henry Birge-lee The Public Key Infrastructure (PKI) protects users from malicious man-in-the-middle attacks by having trusted Certificate ...
The Broken Shield: Measuring Revocation Effectiveness in the Windows Code-Signing PKI Tudor Dumitras , Christopher S. Gates , Bum Jun Kwon , Doowon Kim , Kristián Kozák Recent measurement studies have highlighted security threats against the code-signing public key infrastructure (PKI), such ...
Debloating Software through Piece-Wise Compilation and Loading Aravind Prakash , Lok Kwong Yan , Anh Quach Programs are bloated. Our study shows that only 5% of libc is used on average ...
From Patching Delays to Infection Symptoms: Using Risk Profiles for an Early Discovery of Vulnerabilities Exploited in the Wild Tudor Dumitras , Yang Liu , Mingyan Liu , Bo Li , Armin Sarabi , Chaowei Xiao At any given time there exist a large number of software vulnerabilities in our computing ...
Understanding the Reproducibility of Crowd-reported Security Vulnerabilities Bing Mao , Gang Wang , Xinyu Xing , Dongliang Mu , Alejandro Cuevas , Limin Yang , Hang Hu Today’s software systems are increasingly relying on the “power of the crowd” to identify new ...
Malicious Management Unit: Why Stopping Cache Attacks in Software is Harder Than You Think Cristiano Giuffrida , Stephan Van Schaik , Herbert Razavi Cache attacks have increasingly gained momentum in the security community. In such attacks, attacker-controlled code ...
Translation Leak-aside Buffer: Defeating Cache Side-channel Protections with TLB Attacks Kaveh Razavi , Ben Gras , Herbert Giuffrida To stop side channel attacks on CPU caches that have allowed attackers to leak secret ...
Meltdown: Reading Kernel Memory from User Space Paul Kocher , Daniel Genkin , Yuval Yarom , Anders Fogh , Daniel Gruss , Stefan Mangard , Moritz Lipp , Michael Schwarz , Mike Hamburg , Thomas Prescher , Werner Haas , Jann Horn The security of computer systems fundamentally relies on memory isolation, e.g., kernel address ranges are ...
Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution Raoul Strackx , Frank Piessens , Baris Kasikci , Daniel Genkin , Yuval Yarom , Ofir Weisse , Mark Silberstein , Thomas F. Wenisch , Jo Van Bulck , Marina Minkin Trusted execution environments, and particularly the Software Guard eXtensions (SGX) included in recent Intel x86 ...
Plug and Prey? Measuring the Commoditization of Cybercrime via Online Anonymous Markets Nicolas Christin , Samaneh Tajalizadehkhoob , Michel Van Eeten , Kyle Soska , Rolf Van Wegberg , Ugur Akyazi , Carlos Hernandez Ganan , Bram Klievink Researchers have observed the increasing commoditization of cybercrime, that is, the offering of capabilities, services, ...
Reading Thieves' Cant: Automatically Identifying and Understanding Dark Jargons from Cybercrime Marketplaces Kan Yuan , Haoran Lu , Xiaojing Wang Underground communication is invaluable for understanding cybercrimes. However, it is often obfuscated by the extensive ...
Schrödinger’s RAT: Profiling the Stakeholders in the Remote Access Trojan Ecosystem Damon Mccoy , Kirill Levchenko , Paul Pearce , Hitesh Dharmdasani , Brown Farinholt , Mohammad Rezaeirad Remote Access Trojans (RATs) are a class of malware that give an attacker direct, interactive ...
The aftermath of a crypto-ransomware attack at a large academic institution Leah Zhang-kennedy , Hala Assal , Jessica Rocheleau , Reham Mohamed , Khadija Chiasson In 2016, a large North American university was subject to a significant crypto-ransomware attack and ...
From Spam to Speech: Policing the Next Generation of "Unwanted Traffic" Amy X. Zhang , Ben Y. Zhao , Nick Sullivan , Emma Llansó Content platforms on today’s Internet are facing increased pressure to moderate the content that they ...
The Law and Economics of Bug Bounties Amit On Bug Bounties are one of the fastest growing, popular and cost-effective ways for companies to ...
We Still Don’t Have Secure Cross-Domain Requests: an Empirical Study of CORS Vern Paxson , Shuo Chen , Haixin Duan , Jian Jiang , Tao Wan , Min Yang , Jianjun Chen The default Same Origin Policy essentially restricts access of cross-origin network resources to be "write-only". ...
End-to-End Measurements of Email Spoofing Attacks Hang Wang Spear phishing has been a persistent threat to users and organizations, and yet email providers ...
Who Is Answering My Queries: Understanding and Characterizing Interception of the DNS Resolution Path Shuang Hao , Haixin Duan , Zhou Li , Ying Liu , Min Yang , Baojun Liu , Chaoyi Lu DNS queries from end users are handled by recursive DNS servers for scalability. For convenience, ...
End-Users Get Maneuvered: Empirical Analysis of Redirection Hijacking in Content Delivery Networks Angelos Stavrou , Haining Wang , Shuai Hao , Yubao Zhang The success of Content Delivery Networks (CDNs) relies on the mapping system that leverages dynamically ...
SAD THUG: Structural Anomaly Detection for Transmissions of High-value Information Using Graphics Jonathan P. Chapman The use of hidden communication methods by malware families skyrocketed in the last two years. ...
FANCI : Feature-based Automated NXDomain Classification and Intelligence Samuel Schüppen , Dominik Teubert , Patrick Meyer FANCI is a novel system for detecting infections with domain generation algorithm (DGA) based malware ...
An Empirical Study of Web Resource Manipulation in Real-world Mobile Applications Xiaofeng Wang , Long Lu , Haixin Duan , Yuan Zhang , Min Yang , Zhemin Yang , Xiaohan Zhang , Qianqian Mo , Hao Xia Mobile apps have become the main channel for accessing Web services. Both Android and iOS ...
Fast and Service-preserving Recovery from Malware Infections Using CRIU James Purtilo , Ashton Webster , Ryan Eckenrod Once a computer system has been infected with malware, restoring it to an uninfected state ...
The Second Crypto War—What's Different Now Susan Landau The First Crypto War were fought over end-to-end encryption for communications, and appeared largely over ...
Medical Device Cybersecurity through the FDA Lens Suzanne B. Schwartz Medical devices from insulin pumps to implantable cardiac pacemakers are becoming more interconnected, which can ...
The Guard's Dilemma: Efficient Code-Reuse Attacks Against Intel SGX Ahmad-reza Sadeghi , Lucas Davi , Mauro Conti , Tommaso Frassetto , Andrea Biondo Intel Software Guard Extensions (SGX) isolate security-critical code inside a protected memory area called enclave. ...
A Bad Dream: Subverting Trusted Platform Module While You Are Sleeping Seunghun Han , Wook Shin , Jun-hyeok Park , Hyoungchun Kim This paper reports two sorts of Trusted Platform Module (TPM) attacks regarding power management. The ...
Tackling runtime-based obfuscation in Android with TIRO Michelle Lie Obfuscation is used in malware to hide malicious activity from manual or automatic program analysis. ...
Discovering Flaws in Security-Focused Static Analysis Tools for Android using Systematic Mutation Adwait Nadkarni , Richard Bonett , Kaushal Kafle , Kevin Moran , Denys Poshyvanyk , William & Mary Mobile application security has been one of the major areas of security research in the ...
With Great Training Comes Great Vulnerability: Practical Attacks against Transfer Learning Bimal Viswanath , Bolun Wang , Yuanshun Yao , Haitao Zhao Transfer learning is a powerful approach that allows users to quickly build accurate deep-learning (Student) ...
When Does Machine Learning FAIL? Generalized Transferability for Evasion and Poisoning Attacks Tudor Dumitras , Octavian Suciu , Radu Marginean , Yigitcan Kaya , Hal Daume Iii Recent results suggest that attacks against supervised machine learning systems are quite effective, while defenses ...
teEther: Gnawing at Ethereum to Automatically Exploit Smart Contracts Saarland University , Johannes Rossow , Cispa , Saarland Informatics Campus Cryptocurrencies like Bitcoin not only provide a decentralized currency, but also provide a programmatic way ...
Enter the Hydra: Towards Principled Bug Bounties and Exploit-Resistant Smart Contracts Ari Juels , Florian Tramèr , Lorenz Breidenbach , Philip Daian Bug bounties are a popular tool to help prevent software exploits. Yet, they lack rigorous ...
Arbitrum: Scalable, private smart contracts Harry A. Kalodner , Steven Goldfeder , Xiaoqi Chen , S. Felten We present Arbitrum, a cryptocurrency system that supports smart contracts without the limitations of scalability ...
Erays: Reverse Engineering Ethereum's Opaque Smart Contracts Joshua Mason , Michael Bailey , Deepak Kumar , Andrew Miller , Yi Zhou , Surya Bakshi Interacting with Ethereum smart contracts can have potentially devastating financial consequences. In light of this, ...
DelegaTEE: Brokered Delegation Using Trusted Execution Environments Srdjan Capkun , Ari Juels , Andrew Miller , Sinisa Matetic , Moritz Schneider We introduce a new concept called brokered delegation. Brokered delegation allows users to flexibly delegate ...
Simple Password-Hardened Encryption Services Sherman Chow , Matteo Maffei , Manuel Reinert , Dominique Schröder , Russell Lai , Christoph Egger Passwords and access control remain the popular choice for protecting sensitive data stored online, despite ...
Security Namespace: Making Linux Security Frameworks Available to Containers David R. Safford , Trent Jaeger , Zhongshu Gu , Yuqiong Sun , Mimi Zohar , Dimitrios Pendarakis Lightweight virtualization (i.e., containers) offers a virtual host environment for applications without the need for ...
Shielding Software From Privileged Side-Channel Attacks John Criswell , Alan L. Cox , Sandhya Dwarkadas , Xiaowan Dong , Zhuojia Shen Commodity operating system (OS) kernels, such as Windows, Mac OS X, Linux, and FreeBSD, are ...
Vetting Single Sign-On SDK Implementations via Symbolic Reasoning Wing Cheong Lau , Ronghai Yang , Jiongyi Zhang Encouraged by the rapid adoption of Single Sign-On (SSO) technology in web services, mainstream identity ...
O Single Sign-Off, Where Art Thou? An Empirical Analysis of Single Sign-On Account Hijacking and Session Management on the Web Chris Kanich , Stephen Checkoway , Jason Polakis , Mohammad Ghasemisharif , Amrutha Ramesh Single Sign-On (SSO) allows users to effortlessly navigate the Web and obtain a personalized experience ...
WPSE: Fortifying Web Protocols via Browser-Side Security Monitoring Stefano Calzavara , Riccardo Focardi , Marco Squarcina , Matteo Maffei , Mauro Tempesta , Clara Schneidewind We present WPSE, a browser-side security monitor for web protocols designed to ensure compliance with ...
Man-in-the-Machine: Exploiting Ill-Secured Communication Inside the Computer Thanh Bui , Siddharth Prakash Rao , Markku Antikainen , Viswanathan Manihatty Bojan , Tuomas Aura Operating systems provide various inter-process communication (IPC) mechanisms. Software applications typically use IPC for communication ...
All Your GPS Are Belong To Us: Towards Stealthy Manipulation of Road Navigation Systems Haoyu Li , Gang Wang , Dong Wang , Yaling Yang , Kexiong (curtis) Zeng , Shinan Liu , Yuanchao Shu , Yanzhi Dou Mobile navigation services are used by billions of users around globe today. While GPS spoofing ...
Injected and Delivered: Fabricating Implicit Control over Actuation Systems by Spoofing Inertial Sensors Insup Lee , Zhiqiang Lin , Yazhou Tu , Xiali Hei Inertial sensors provide crucial feedback for control systems to determine motional status and make timely, ...
Modelling and Analysis of a Hierarchy of Distance Bounding Attacks Tom Chothia , Ben Smyth , Joeri De Ruiter We present an extension of the applied pi-calculus that can be used to model distance ...
Off-Path TCP Exploit: How Wireless Routers Can Jeopardize Your Secrets Zhiyun Qian , Weiteng Chen In this study, we discover a subtle yet serious timing side channel that exists in ...
Formal Security Analysis of Neural Networks using Symbolic Intervals Suman Jana , Junfeng Yang , Shiqi Wang , Kexin Pei , Justin Whitehouse Due to the increasing deployment of Deep Neural Networks (DNNs) in real-world security-critical domains including ...
Turning Your Weakness Into a Strength: Watermarking Deep Neural Networks by Backdooring Benny Pinkas , Carsten Baum , Yossi Adi , Moustapha Cisse , Joseph Keshet Deep Neural Networks have recently gained lots of success after enabling several breakthroughs in notoriously ...
A4NT: Author Attribute Anonymity by Adversarial Training of Neural Machine Translation Rakshith Shetty , Bernt Schiele , Mario Fritz Text-based analysis methods enable an adversary to reveal privacy relevant author attributes such as gender, ...
GAZELLE: A Low Latency Framework for Secure Neural Network Inference Vinod Vaikuntanathan , Chiraag Juvekar , Anantha Chandrakasan The growing popularity of cloud-based machine learning raises natural questions about the privacy guarantees that ...
FlowCog: Context-aware Semantics Extraction and Analysis of Information Flow Leaks in Android Apps Yan Chen , Yinzhi Cao , Xiang Pan , Xuechao Du , Boyuan He , Gan Fang Android apps having access to private information may be legitimate, depending on whether the app ...
Sensitive Information Tracking in Commodity IoT Patrick Mcdaniel , Gang Tan , A. Selcuk Uluagac , Amit Kumar Sikder , Hidayet Aksu , Z. Berkay Celik , Leonardo Babun Broadly defined as the Internet of Things (IoT), the growth of commodity devices that integrate ...
Enabling Refinable Cross-Host Attack Investigation with Efficient Data Flow Tagging and Tracking Taesoo Kim , Wenke Lee , Sangho Lee , Yang Ji , Mattia Fazzini , Joey Allen , Evan Downing , Alessandro Orso Investigating attacks across multiple hosts is challenging. The true dependencies between security-sensitive files, network endpoints, ...
Dependence-Preserving Data Compaction for Scalable Forensic Analysis R. Sekar , Scott d. Stoller , Md Nahid Hossain , Junao Wang Large organizations are increasingly targeted in long-running attack campaigns lasting months or years. When a ...