NDSS 2015 Feb. 8, 2015 to Feb. 11, 2015, san diego,usa

Event Page


Tell us about missing data
Title Speakers Summary Topic Types
Identifying Cross-origin Resource Status Using Application Cache Sangho Lee , Hyungsub Kim , Jong Kim HTML5 Application Cache (AppCache) allows web applications to cache their same- and cross-origin resources in ...
Parking Sensors: Analyzing and Detecting Parked Domains Wouter Joosen , Nick Nikiforakis , Thomas Vissers A parked domain is a domain which has no content other than automatically computed advertising ...
Seven Months' Worth of Mistakes: A Longitudinal Study of Typosquatting Abuse Pieter Agten , Frank Piessens , Wouter Joosen , Nick Nikiforakis Typosquatting, defined as the act of registering in bad faith a domain name likely to ...
Upgrading HTTPS in mid-air: An empirical study of strict transport security and key pinning Joseph Bonneau , Michael Kranch We have conducted the first in-depth empirical study of two important new web security features, ... IncludeThinkstScapes
I Do Not Know What You Visited Last Summer: Protecting users from stateful third-party web tracking with TrackingFree browser Yan Chen , Yinzhi Cao , Xiang Pan Stateful third-party web tracking has drawn the attention of public media given its popularity among ...
Information Flow Analysis of Android Applications in DroidSafe Martin Rinard , Michael I. Gordon , Deokhwan Kim , Jeff Perkins , Limei Gilham , Nguyen Nguyen We present DroidSafe, a static information flow analysis tool that reports potential leaks of sensitive ...
What's in Your Dongle and Bank Account? Mandatory and Discretionary Protection of Android External Resources Xiaofeng Wang , Xiaoyong Zhou , Muhammad Naveed , Soteris Demetriou , Kan Yuan , Yeonjoon Lee , Carl A. Gunter The pervasiveness of security-critical external re- sources (e.g accessories, online services) poses new challenges to ...
EdgeMiner: Automatically Detecting Implicit Control Flow Transitions through the Android Framework Christopher Kruegel , Giovanni Vigna , Yan Chen , Manuel Egele , Yanick Fratantonio , Antonio Bianchi , Yinzhi Cao A wealth of recent research proposes static data flow analysis for the security analysis of ...
CopperDroid: Automatic Reconstruction of Android Malware Behaviors N/a Today mobile devices and their application marketplaces drive the entire economy of the mobile landscape. ...
DeepDroid: Dynamically Enforcing Enterprise Policy on Android Devices Jiwu Jing , Kun Sun , Yuewu Wang , Xueqiang Wang It is becoming a global trend for company employees to bring their own mobile devices ...
VTint: Protecting Virtual Function Tables' Integrity Dawn Song , Chengyu Song , Chao Zhang , Zhaofeng Chen , Kevin Zhijie Chen Since researchers have proposed lots of defenses to protect control data (e.g., return addresses saved ...
Phoneypot: Data-driven Understanding of Telephony Threats Payas Gupta , Mustaque Ahamad , Vijay Balasubramaniyan , Bharat Srinivasan Cyber criminals are increasingly using robocalling, voice phishing and caller-id spoofing to craft attacks that ...
SeCReT: Secure Channel between Rich Execution Environment and Trusted Execution Environment Brent ByungHoon Kang , Minsu Kim , Daegyeong Kim , Jinsoo Jang , Sunjune Kong ARM TrustZone, which provides a Trusted Execution Environment (TEE), normally plays a role in keeping ...
FreeSentry: protecting against use-after-free vulnerabilities due to dangling pointers Yves Younan Use-after-free vulnerabilities have become an important class of security problems due to the existence of ...
EKHunter: A Counter-Offensive Toolkit for Exploit Kit Infiltration Phillip Porras , Vinod Yegneswaran , Birhanu Eshete , Maliheh Monshizadeh , Abeer Alhuzali , V.n. Venkatakrishnan The emergence of exploit kits is one of the most important developments in modern cybercrime. ...
Machine Learning Classification over Encrypted Data Raluca Ada Popa , Shafi Goldwasser , Stephen Tu , Raphael Bost Machine learning classification is used in numerous settings nowadays, such as medical or genomics predictions, ...
Gracewipe: Secure and Verifiable Deletion under Coercion Mohammad Mannan , Lianying Zhao For users in possession of password-protected encrypted data in persistent storage (i.e., 'data at rest'), ...
Privacy Preserving Payments in Credit Networks: Enabling trust with privacy in online marketplaces Aniket Kate , Pedro Moreno-sanchez , Matteo Maffei , Kim Pecina A credit network models trust between agents in a distributed environment and enables payments between ...
Checking More and Alerting Less: Detecting Privacy Leakages via Enhanced Data-flow Analysis and Peer Voting Wenke Lee , Long Lu , Zhiyun Qian , Vasileios p. Kemerlis , Kangjie Lu , Zhenyu Wu , Guofei Jiang , Zhichun Li , Cong Zheng Serious concerns have been raised about stealthy disclosures of private user data in smartphone apps, ...
DEFY: A Deniable, Encrypted File System for Log-Structured Storage Zachary Peterson , Timothy M. Peters , Mark A. Gondree While solutions for file system encryption can prevent an adversary from determining the contents of ...
Preventing Use-after-free with Dangling Pointers Nullification Taesoo Kim , Wenke Lee , Long Lu , Byoungyoung Lee , Chengyu Song , Tielei Wang , Yeongjin Jang Many system components and network applications are written in the unsafe C/C++ languages, and there ...
StackArmor: Comprehensive Protection From Stack-based Memory Error Vulnerabilities for Binaries Herbert Bos , Asia Slowinska , Cristiano Giuffrida , Dennis Andriesse , Xi Chen StackArmor is a comprehensive protection technique for stack-based memory error vulnerabilities in binaries. It relies ...
Isomeron: Code Randomization Resilient to (Just-In-Time) Return-Oriented Programming Fabian Monrose , Ahmad-reza Sadeghi , Christopher Liebchen , Lucas Davi , Kevin Z. Snow Until recently, it was widely believed that code randomization (such as fine-grained ASLR) can effectively ...
Thwarting Cache Side-Channel Attacks Through Dynamic Software Diversity Stephen Crane , Andrei Homescu , Stefan Brunthaler , Per Larsen , Michael Franz We explore software diversity as a defense against side-channel attacks by dynamically and systematically randomizing ...
Principled Sampling for Anomaly Detection Martin Rinard , Brendan Juba , Fan Long , Christopher Musco , Stelios Sidiroglou-douskos We present a technique and implemented system, Cassandra, for obtaining probabilistic bounds on false positive ...
Integrated Circuit (IC) Decamouflaging: Reverse Engineering Camouflaged ICs within Minutes Mahesh v. Tripunitara , Siddharth Garg , Mohamed El Massad Circuit camouflaging is a recently proposed defense mechanism to protect digital integrated circuits (ICs) from ...
Opaque Control-Flow Integrity Kevin W. Hamlen , Stefan Brunthaler , Per Larsen , Michael Franz , Vishwath Mohan A new binary software randomization and Control-Flow Integrity (CFI) enforcement system is presented, which is ...
Bloom Cookies: Web Search Personalization without User Tracking Oriana Riva , Suman Nath , Nitesh Mor , John Kubiatowicz We propose Bloom cookies that encode a user's profile in a compact and privacy-preserving way, ...
NSEC5: Provably Preventing DNSSEC Zone Enumeration Sharon Goldberg , Leonid Reyzin , Moni Naor , Dimitrios Papadopoulos , Sachin Vasant , Asaf Ziv This paper uses cryptographic techniques to study the problem of zone enumeration in DNSSEC. DNSSEC ...
Predicting Users' Motivations behind Location Check-Ins and Utility Implications of Privacy Protection Mechanisms Jean-pierre Hubaux , Kévin Huguenin , Reza Shokri , Igor Bilogrevic , Stefan Mihaila Location check-ins contain both geographical and semantic information about the visited venues, in the form ...
On Your Social Network De-anonymizablity: Quantification and Large Scale Evaluation with Seed Knowledge Prateek Mittal , Raheem Beyah , Shouling Ji , Weiqing Li , Neil Z. Gong In this paper, we conduct the first comprehensive quantification on the perfect de-anonymizability and partial ...
Efficient RAM and control flow in verifiable outsourced computation Andrew j. Blumberg , Zuocheng Ren , Michael Walfish , Srinath Setty , Riad Wahby Recent work on proof-based verifiable computation has resulted in built systems that employ tools from ...
Integro: Leveraging Victim Prediction for Robust Fake Account Detection in OSNs Konstantin Beznosov , Yazan Boshmaf , Matei Ripeanu , Dionysios Logothetis , Georgos Siganos , Jorge Rodriguez Leria , Jose Lorenzo Detecting fake accounts in online social networks (OSNs) protects OSN operators and their users from ...
Spaced Repetition and Mnemonics Enable Recall of Multiple Strong Passwords Lorrie Faith Cranor , Anupam Datta , Saranga Komanduri , Jeremiah Blocki We report on a user study that provides evidence that spaced repetition and a specific ...
ABY - A Framework for Efficient Mixed-Protocol Secure Two-Party Computation Thomas Schneider , Michael Zohner , Daniel Demmler Secure computation enables multiple mutually distrusting parties to jointly evaluate functions on their private inputs ...
Preventing Lunchtime Attacks: Fighting Insider Threats With Eye Movement Biometrics Vincent Lenders , Ivan Martinovic , Kasper B. Rasmussen , Simon Eberz We introduce a novel biometric based on distinctive eye movement patterns. The biometric consists of ...
Knock Yourself Out: Secure Authentication with Short Re-Usable Passwords Benjamin Guldenring , Volker Roth , Lars Ries We present Knock Yourself Out (KYO), a password generator that enables secure authentication against a ...
Verified Contributive Channel Bindings for Compound Authentication Karthikeyan Bhargavan , Alfredo Pironti , Antoine Delignat-lavaud Compound authentication protocols, such as EAP in IKEv2 or SASL over TLS, bind application-level authentication ...
The Devil is in the Constants: Bypassing Defenses in Browser JIT Engines Sotiris Ioannidis , Michalis Polychronakis , Georgios Portokalidis , Elias Athanasopoulos , Michalis Athanasakis Return-oriented programming (ROP) has become the dominant form of vulnerability exploitation in both user and ...
Exploiting and Protecting Dynamic Code Generation Wenke Lee , Chengyu Song , Chao Zhang , Tielei Wang , David Melski Many mechanisms have been proposed and deployed to prevent exploits against software vulnerabilities. One of ...
Too LeJIT to Quit: Extending JIT Spraying to ARM Hovav Shacham , Stefan Savage , Wilson Lian In the face of widespread DEP and ASLR deployment, JIT spraying brings together the best ...
Run-time Monitoring and Formal Analysis of Information Flows in Chromium Lujo Bauer , Limin Jia , Shaoying Cai , Timothy Passaro , Yuan Tian , Michael Stroucken Web browsers are a key enabler of a wide range of online services, from shopping ...
Mind Your Blocks: On the Stealthiness of Malicious BGP Hijacks Olivier Thonnard , Marc Dacier , Pierre-antoine Vervier Some recent research presented evidence of blocks of IP addresses being stolen by BGP hijackers ...
SPHINX: Detecting Security Attacks in Software-Defined Networks Mohan Dhawan , Rishabh Poddar , Kshiteej Mahajan , Vijay Mann Software-defined networks (SDNs) allow greater control over network entities by centralizing the control plane, but ...
Securing the Software Defined Network Control Layer Phillip Porras , Vinod Yegneswaran , Martin Fong , Steven Cheung , Keith Skinner Software-defined networks (SDNs) pose both an opportunity and challenge to the network security community. The ...
Poisoning Network Visibility in Software-Defined Networks: New Attacks and Countermeasures Guofei Gu , Lei Xu , Sungmin Hong , Haopei Wang Software-Defined Networking (SDN) is a new networking paradigm that grants a controller and its applications ...
Firmalice - Automatic Detection of Authentication Bypass Vulnerabilities in Binary Firmware Christopher Kruegel , Giovanni Vigna , Yan Shoshitaishvili , Fish Wang , Christophe Hauser Embedded devices have become ubiquitous, and they are used in a range of privacy-sensitive and ...
vfGuard: Strict Protection for Virtual Function Calls in COTS C++ Binaries Heng Yin , Aravind Prakash , Xunchao Hu Control flow integrity is an important security property that needs to be enforced to prevent ...
P2C: Understanding Output Data Files via On-the-Fly Transformation from Producer to Consumer Executions Dongyan Xu , Vinod Yegneswaran , Xiangyu Zhang , John Qian , Fei Peng , Yonghwi Kwon , Dohyeong Kim , Kyungtae Kim In cyber attack analysis, it is often highly desirable to understand the meaning of an ...