NDSS 2014 Feb. 23, 2014 to Feb. 26, 2014, San Diego,USA

Event Page


Tell us about missing data
Title Speakers Summary Topic Types
Keynote: Hacking the Human: The Science of Human Pentesting Perfected Christopher Hadnagy Chris has developed one of the web’s most successful security podcasts. The Social-Engineer.Org Podcast spends ...
On the Mismanagement and Maliciousness of Networks Michael Bailey , Zakir Durumeric , Jing Zhang , Manish Karir , Mingyan Liu We systematically explore the widely held, anecdotal belief that mismanaged networks are responsible for a ...
No Direction Home: The True Cost of Routing Around Decoys Vitaly Shmatikov , Amir Houmansadr , Edmund l. Wong Decoy routing systems circumvent censorship by relying on cooperating ISPs in the middle of the ...
Gaining Control of Cellular Traffic Accounting by Spurious TCP Retransmission Denis foo Kune , Yongdae Kim , Younghwan Go , Jongil Won , Eunyoung Jeong , Kyoungsoo Park In this work, we show two attacks on cellular data accounting systems where a user ...
CyberProbe: Towards Internet-Scale Active Detection of Malicious Servers Guofei Gu , Juan Caballero , M. zubair Rafique , Antonio Nappa , Zhaoyan Xu CyberProbe implements a novel active probing approach for detecting malicious servers and compromised hosts that ...
Amplification Hell: Revisiting Network Protocols for DDoS Abuse Christian Rossow We revisit 14 popular UDP-based protocols of network services, online games, P2P filesharing networks and ...
ROPecker: A Generic and Practical Approach For Defending Against ROP Attacks Xuhua Ding , Robert h. Deng , Zongwei Zhou , Yueqiang Cheng , Miao Yu ROPecker achieves both high detection accuracy and efficiency in ROP defense, without relying on source ...
A Trusted Safety Verifier for Process Controller Code Stephen Mclaughlin , Saman A. Zonouz , Devin Pohly , Patrick Drew Mcdaniel Attackers can leverage security vulnerabilities in control systems to make physical processes behave unsafely. We ...
AVATAR: A Framework to Support Dynamic Security Analysis of Embedded Systems’ Firmwares Davide Balzarotti , Jonas Zaddach , Aurélien Francillon , Luca Bruno In this paper we present AVATAR, a framework that enables complex dynamic analysis of embedded ...
SafeDispatch: Securing C++ Virtual Calls from Memory Corruption Attacks Dongseok Jang , Zachary Tatlock , Sorin Lerner We present SafeDispatch, a defense to prevent C++ vtable hijacking attacks that take over the ...
Hybrid-Bridge: Efficiently Bridging the Semantic-Gap in VMI via Decoupled Execution and Training Memoization Yangchun Fu , Zhiqiang Lin , Alireza Saberi Recent advances show that we can reuse the legacy binary code to bridge the semantic ...
Screenmilker: How to Milk Your Android Screen for Secrets Xiaofeng Wang , Xiaoyong Zhou , Chia-chi Lin , Hongyang Li Many third-party Android apps such as screenshot and USB tethering require access to critical system ...
AccelPrint: Imperfections of Accelerometers Make Smartphones Trackable Wenyuan Xu , Sanorita Dey , Nirupam Roy , Romit Roy Choudhury , Srihari Nelakuditi This paper shows that accelerometers on smartphones possess unique fingerprints, i.e., they respond differently to ...
Smartphones as Practical and Secure Location Verification Tokens for Payments Srdjan Capkun , Kari Kostiainen , Claudio Marforio , Nikolaos Karapanos , Claudio Soriente Trustworthy location statements from a smartphone trusted execution environment (TEE) enable secure second-factor authentication for ...
Breaking and Fixing Origin-Based Access Control in Hybrid Web/Mobile Application Frameworks Vitaly Shmatikov , Suman Jana , Martin Georgiev Hybrid application frameworks introduce new browser APIs that let Web applications access native resources on ...
Inside Job: Understanding and Mitigating the Threat of External Device Mis-Binding on Android Xiaofeng Wang , Xiaoyong Zhou , Carl Gunter , Muhammad Naveed , Soteris Demetriou We found that today’s Android design allows an app with a Bluetooth permission to gain ...
DSpin: Detecting Automatically Spun Content on the Web Geoffrey M. Voelker , Qing Zhang , David Y. Wang In a process known as spinning, spammers bypass duplicate spam detection by replacing words or ...
Toward Black-Box Detection of Logic Flaws in Web Applications Davide Balzarotti , Giancarlo Pellegrino In this paper we present a black-box testing technique to detect logic vulnerabilities in web ...
Macaroons: Cookies with Contextual Caveats for Decentralized Authorization in the Cloud Ulfar Erlingsson , Arnar Birgisson , Joe Politz , Ankur Taly , Michael Vrable , Mark Lentczner Macaroons are authorization credentials whose efficiency and ease-of-deployment equal that of Web cookies, thanks to ...
Detecting Logic Vulnerabilities in E-commerce Applications Fangqi Sun , Liang Xu , Zhendong Su This paper describes the first technique to statically detect logic vulnerabilities in e-commerce applications. It ...
Simulation of Built-in PHP Features for Precise Static Code Analysis Thorsten Holz , Johannes Dahse PHP is the most popular and diverse scripting language on the Web. We introduce a ...
Enhanced Certificate Transparency and End-to-End Encrypted Mail Mark D. Ryan We extend "certificate transparency" so that it efficiently handles certificate revocation. We show how this ...
Privacy through Pseudonymity in Mobile Telephony Systems Myrto Arapinis , Eike Ritter , Mark D. Ryan , Loretta Ilaria Mancini We show that real implementations of the pseudonym changing mechanism do not achieve the intended ...
Privacy-Preserving Distributed Stream Monitoring Arik Friedman , Izchak Sharfman , Daniel Keren , Assaf Schuster Continuous monitoring of distributed data streams is a difficult challenge in privacy research, since with ...
The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network Aaron Johnson , Rob Jansen , Florian Tschorsch , Björn Scheuermann We present a memory-based denial-of-service (DoS) attack that exploits Tor's flow control algorithm to remotely ... IncludeThinkstScapes
Selling off User Privacy at Auction Claude Castelluccia , Lukasz Olejnik , Minh-dung Tran This paper studies how personal data is exchanged by advertising companies via Real Time Bidding ...
The Tangled Web of Password Reuse Matthew Caesar , Xiaofeng Wang , Joseph Bonneau , Anupam Das , Nikita Borosiv We investigate how an attacker can leverage leaked passwords from one site to more easily ...
On Semantic Patterns of Passwords and their Security Impact Julie Thorpe , Rafael Veras , Christopher Collins We present the first framework for segmentation, semantic classification and generalization of passwords and demonstrate ...
From Very Weak to Very Strong: Analyzing Password-Strength Meters Mohammad Mannan , Xavier Carnavalet We analyze password-strength meters from 11 highly popular web services by reverse-engineering their functionality, and ...
Copker: Computing with Private Keys without RAM Jingqiang Lin , Jiwu Jing , Le Guan , Bo Luo We present Copker, the first work that exploits on-chip cache to implement the RSA cryptosystem ...
Practical Dynamic Searchable Encryption with Small Leakage Elaine Shi , Emil Stefanov , Charalampos Papamanthou We construct an encrypted search index data structure capable of searching large datasets in microseconds. ...
Decentralized Anonymous Credentials Matthew Green , Christina Garman , Ian Miers We propose a novel anonymous credential scheme that eliminates the need for trusted credential issuers. ...
Dynamic Searchable Encryption in Very-Large Databases: Data Structures and Implementation Michael Steiner , David Cash , Stanislaw Jarecki , Charanjit Jutla , Joseph Jaeger , Hugo Krawczyk , Marcel Rosu This paper give constructions of symmetric searchable encryption with scalable performance, enabling private searching on ...
Authentication Using Pulse-Response Biometrics Gene Tsudik , Ivan Martinovic , Kasper B. Rasmussen , Marc Roeschlin We propose a new biometric based on the human body's response to a square pulse ...
Hardening Persona – Improving Federated Web Login Dan S. Wallach , Michael Dietz Federated login protocols for the Web are intended to increase user security by reducing the ...
Two-Factor Authentication Resilient to Server Compromise Using Mix-Bandwidth Devices Nitesh Saxena , Stanislaw Jarecki , Maliheh Shirvanian , Naveen Nathan We present novel Two-Factor Authentication (TFA) protocols with improved resistance against online and offline attacks. ...
Leveraging USB to Establish Host Identity Using Commodity Devices Adam Bates , Hannah Pruse , Kevin Butler , Ryan Leonard , Daniel Lowd Determining a computer’s identity is critically important, but even hosts with trusted computing hardware can ...
PlaceAvoider: Steering First-Person Cameras away from Sensitive Spaces Apu Kapadia , Robert Templeman , Mohammed Korayem , David Crandall Wearable camera products (Glass, Autographer, and Narrative among others) will inevitably collect images in sensitive ...
Auditable Version Control Systems Bo Chen , Reza Curtmola We introduce Auditable Version Control Systems (AVCS), which are VCS systems designed to function under ...
Power Attack: An Increasing Threat to Data Centers Haining Wang , Zhang Xu , Zichen Xu , Xiaorui Wang Power oversubscription is becoming a trend for data centers to host more servers. However, it ... IncludeThinkstScapes
Scambaiter: Understanding Targeted Nigerian Scams on Craigslist Damon Mccoy , Markus Jakobsson , Elaine Shi , Youngsam Park , Jackie Jones To improve our understanding of Nigerian scammers’ tactics, we collect three months of data using ...
Botcoin: Monetizing Stolen Cycles Damon Mccoy , Sarah Meiklejohn , Kirill Levchenko , Stefan Savage , Nicholas Weaver , Chris Grier , Alex c. Snoeren , Danny Yuxing Huang , Hitesh Dharmdasani , Vacha Dave Botmasters have experimented with many different mechanisms for monetizing compromised user PCs over the years. ...
A Machine-learning Approach for Classifying and Categorizing Android Sources and Sinks Eric Bodden , Steven Arzt , Siegfried Rasthofer In this paper we propose SUSI, a novel machine-learning guided approach for identifying and categorizing ...
AirBag: Boosting Smartphone Resistance to Malware Infection Xuxian Jiang , Zhenkai Liang , Yajin Zhou , Chiachih Wu , Kunal Patel We present AirBag, a lightweight OS-level virtualization approach to enhance the popular Android platform and ...
SMV-Hunter: Large Scale, Automated Detection of SSL/TLS Man-in-the-Middle Vulnerabilities in Android Apps Latifur Khan , Zhiqiang Lin , David Sounthiraraj , Justin Sahs , Garrett Greenwood Many Android apps use SSL/TLS to transmit sensitive information securely. However, developers can override the ...
AppSealer: Automatic Generation of Vulnerability-Specific Patches for Preventing Component Hijacking Attacks in Android Applications Heng Yin , Mu Zhang Component hijacking is a class of Android application vulnerabilities, which can be exploited to exfiltrate ...
Execute This! Analyzing Unsafe and Malicious Dynamic Code Loading in Android Applications Christopher Kruegel , Giovanni Vigna , Sebastian Poeplau , Yanick Fratantonio , Antonio Bianchi Android allows applications to load additional code from external sources at runtime. We demonstrate that ...
Nazca: Detecting Malware Distribution in Large-Scale Networks Stanislav Miskovic , Ruben Torres , Sabyasachi Saha , Sj Lee , Marco Mellia , Giovanni Vigna , Luca Invernizzi , Christopher Kruegel In this paper, we look at the collective network traffic produced by thousands of clients, ...
Persistent Data-only Malware: Function Hooks without Code Claudia Eckert , Sebastian Vogl , Jonas Pfoh , Thomas Kittel In this paper, we show that persistent data-only malware is not only possible, but also ...
DREBIN: Effective and Explainable Detection of Android Malware in Your Pocket Konrad Rieck , Daniel Arp , Michael Spreitzenbarth , Malte Hübner , Hugo Gascon We propose Drebin, a lightweight method for detection of Android malware that operates directly on ...
Gyrus: A Framework for User-Intent Monitoring of Text-based Networked Applications Wenke Lee , Yeongjin Jang , Simon P. Chung , Bryan D. Payne We propose a security system called Gyrus that guarantees a system's network-behavior is consistent with ...
Neural Signatures of User-Centered Security: An fMRI Study of Phishing, and Malware Warnings Nitesh Saxena , Ajaya Neupane , Keya Kuruvilla , Michael Georgescu , Rajesh Kana We introduce a neuroscience-based methodology to investigate user-centered security. We present an fMRI study measuring ...
Web PKI: Closing the Gap between Guidelines and Practices Martìn Abadi , Yinglian Xie , Ted Wobber , Antoine Delignat-lavaud , Andrew Birrell , Ilya Mironov Recent instances of mis-issued certificates have raised concerns about certification authorities. We propose a PKI ...
Efficient Private File Retrieval by Combining ORAM and PIR Erik-oliver Blass , Travis Mayberry , Agnes Hui Chan Traditionally, there have been two cryptographic techniques for hiding a client's access pattern from an ...
Practical Known-Plaintext Attacks against Physical Layer Security in Wireless MIMO Systems Matthias Hollick , Matthias Schulz , Adrian Loch In contrast to cryptography, physical layer security lacks sound attack methodologies. For the latter domain, ...