| Title |
Speakers |
Summary |
Topic Types |
| Opening Remarks and Awards |
Jaeyeon Jung
|
N/A |
|
| Inherent Cyber Insecurity and Our National Security: Surviving on a Diet of Poisoned Fruit |
Richard J. Danzig
|
Cyber systems are a security paradox. Even as they grant unprecedented powers, they also make ... |
|
| Post-Mortem of a Zombie: Conficker Cleanup After Six Years |
Hadi Asghari
,
Michel Van Eeten
,
Michael Ciere
|
N/A |
|
| Mo(bile) Money, Mo(bile) Problems: Analysis of Branchless Banking Applications in the Developing World |
Patrick Traynor
,
Adam Bates
,
Bradley Reaves
,
Nolen Scaife
,
Kevin R.b. Butler
|
N/A |
|
| Measuring the Longitudinal Evolution of the Online Anonymous Marketplace Ecosystem |
Nicolas Christin
,
Kyle Soska
|
N/A |
|
| Under-Constrained Symbolic Execution: Correctness Checking for Real Code |
Dawson Engler
,
David A. Ramos
|
N/A |
|
| TaintPipe: Pipelined Symbolic Taint Analysis |
Peng Liu
,
Dinghao Wu
,
Jun Wang
,
Jiang Ming
,
Gaoyao Xiao
|
N/A |
|
| Type Casting Verification: Stopping an Emerging Attack Vector |
Taesoo Kim
,
Wenke Lee
,
Byoungyoung Lee
,
Chengyu Song
|
N/A |
|
| Machine vs. Machine: Lessons from the First Year of Cyber Grand Challenge |
Mike Walker
|
In 2014 DARPA launched the Cyber Grand Challenge: a competition that seeks to create automatic ... |
|
| All Your Biases Belong to Us: Breaking RC4 in WPA-TKIP and TLS |
Frank Piessens
,
Mathy Vanhoef
|
N/A |
|
| Attacks Only Get Better: Password Recovery Attacks Against RC4 in TLS |
Kenneth g. Paterson
,
Christina Garman
,
Thyla Merwe
|
N/A |
|
| Eclipse Attacks on Bitcoin’s Peer-to-Peer Network |
Sharon Goldberg
,
Ethan Heilman
,
Alison Kendler
,
Aviv Zohar
|
N/A |
|
| Compiler-instrumented, Dynamic Secret-Redaction of Legacy Processes for Attacker Deception |
Kevin W. Hamlen
,
Frederico Araujo
|
N/A |
|
| Control-Flow Bending: On the Effectiveness of Control-Flow Integrity |
Mathias Payer
,
David A. Wagner
,
Thomas R. Gross
,
Antonio Barresi
,
Nicolas Carlini
|
N/A |
|
| Automatic Generation of Data-Oriented Exploits |
Zhenkai Liang
,
Prateek Saxena
,
Zheng Leong Chua
,
Hong Hu
,
Sendroiu Adrian
|
N/A |
|
| Transforming Innovative Security Concepts into Disruptive Security Companies |
Rick Gordon
|
Security operations people worldwide continue to be overwhelmed by global malicious actors who enjoy an ... |
|
| Protocol State Fuzzing of TLS Implementations |
Erik Poll
,
Joeri De Ruiter
|
N/A |
|
| Verified Correctness and Security of OpenSSL HMAC |
Andrew W. Appel
,
Lennart Beringer
,
Adam Petcher
,
Katherine Q. Ye
|
N/A |
|
| Not-Quite-So-Broken TLS: Lessons in Re-Engineering a Security Protocol Specification and Implementation |
Hannes Mehnert
,
Anil Madhavapeddy
,
David Kaloper-meršinjak
,
Peter Sewell
|
N/A |
|
| To Pin or Not to Pin—Helping App Developers Bullet Proof Their TLS Connections |
Matthew Smith
,
Sascha Fahl
,
Marten Oltrogge
,
Yasemin Acar
,
Sergej Dechand
|
N/A |
|
| De-anonymizing Programmers via Code Stylometry |
Rachel Greenstadt
,
Fabian "fabs" Yamaguchi
,
Arvind Narayanan
,
Richard Harang
,
Aylin Caliskan-islam
,
Andrew Liu
,
Clare Voss
|
N/A |
|
| RAPTOR: Routing Attacks on Privacy in Tor |
Prateek Mittal
,
Jennifer Rexford
,
Mung Chiang
,
Yixin Sun
,
Anne Edmundson
,
Laurent Vanbever
,
Oscar Li
|
N/A |
|
| Circuit Fingerprinting Attacks: Passive Deanonymization of Tor Hidden Services |
Marc Dacier
,
David Lazar
,
Albert Kwon
,
Mashael Alsabah
,
Srinivas Devadas
|
N/A |
|
| SecGraph: A Uniform and Open-source Evaluation System for Graph Data Anonymization and De-anonymization |
Prateek Mittal
,
Xin Hu
,
Raheem Beyah
,
Shouling Ji
,
Weiqing Li
|
N/A |
|
| Conducting Usable Security Studies: It's Complicated |
Lorrie Faith Cranor
|
User studies are critical to understanding how users perceive and interact with security and privacy ... |
|
| Dismantling Megamos Crypto: Wirelessly Lockpicking a Vehicle Immobilizer |
Roel Verdult
,
Flavio D. Garcia
,
Baris Ege
|
N/A |
|
| Trustworthy Whole-System Provenance for the Linux Kernel |
Adam Bates
,
Thomas Moyer
,
Kevin R.b. Butler
,
Dave (jing) Tian
|
N/A |
|
| Securing Self-Virtualizing Ethernet Devices |
Dan Tsafrir
,
Muli Ben-yehuda
,
Igor Smolyar
|
N/A |
|
| EASEAndroid: Automatic Policy Analysis and Refinement for Security Enhanced Android via Large-Scale Semi-Supervised Learning |
William Enck
,
Peng Ning
,
Wu Zhou
,
Xinwen Zhang
,
Ruowen Wang
,
Douglas Reeves
,
Dingbang Xu
,
Ahmed M. Azab
|
N/A |
|
| Marionette: A Programmable Network Traffic Obfuscation System |
Thomas Shrimpton
,
Kevin P. Dyer
,
Scott E. Coull
|
N/A |
|
| CONIKS: Bringing Key Transparency to End Users |
Michael J. Freedman
,
Edward W. Felten
,
Joseph Bonneau
,
Aaron Blankstein
,
Marcela S. Melara
|
N/A |
|
| Investigating the Computer Security Practices and Needs of Journalists |
Franziska Roesner
,
Susan E. Mcgregor
,
Polina Charters
,
Tobin Holliday
|
N/A |
|
| Why Johnny and Janie Can’t Code Safely: Bringing Software Assurance to the Masses |
Bart Miller
|
While we’re all furiously working on new techniques to automate the finding of weaknesses and ... |
|
| Constants Count: Practical Improvements to Oblivious RAM |
Elaine Shi
,
Marten van Dijk
,
Christopher Fletcher
,
Ling Ren
,
Emil Stefanov
,
Albert Kwon
,
Srinivas Devadas
|
N/A |
|
| Raccoon: Closing Digital Side-Channels through Obfuscated Execution |
Ashay Rane
,
Calvin Lin
,
Mohit Tiwari
|
N/A |
|
| M2R: Enabling Stronger Privacy in MapReduce Computation |
Prateek Saxena
,
Ee-chien Chang
,
Tien Dinh
,
Beng Chin Ooi
,
Chunwang Zhang
|
N/A |
|
| Measuring Real-World Accuracies and Biases in Modeling Password Guessability |
Lorrie Faith Cranor
,
Lujo Bauer
,
Nicolas Christin
,
Blase Ur
,
Saranga Komanduri
,
Michelle l. Mazurek
,
Sean M. Segreti
,
Darya Kurilova
,
William Shay
|
N/A |
|
| Sound-Proof: Usable Two-Factor Authentication Based on Ambient Sound |
Srdjan Capkun
,
Claudio Marforio
,
Nikolaos Karapanos
,
Claudio Soriente
|
N/A |
|
| Android Permissions Remystified: A Field Study on Contextual Integrity |
David A. Wagner
,
Serge Egelman
,
Konstantin Beznosov
,
Primal Wijesekera
,
Arjun Baokar
,
Ashkan Hosseini
|
N/A |
|
| Preventing Security Bugs through Software Design |
Christoph Kern
|
Many security bugs, such as Cross-Site-Scripting (XSS), SQL injection, buffer overruns, etc, are in isolation ... |
|
| Phasing: Private Set Intersection Using Permutation-based Hashing |
Benny Pinkas
,
Thomas Schneider
,
Gil Segev
,
Michael Zohner
|
N/A |
|
| Faster Secure Computation through Automatic Parallelization |
Stefan Katzenbeisser
,
Niklas Buescher
|
N/A |
|
| The Pythia PRF Service |
Ari Juels
,
Thomas Ristenpart
,
Adam Everspaugh
,
Rahul Chaterjee
,
Samuel Scott
|
N/A |
|
| EVILCOHORT: Detecting Communities of Malicious Accounts on Online Services |
Christopher Kruegel
,
Giovanni Vigna
,
Manuel Egele
,
Gianluca Stringhini
,
Gregoire Jacob
,
Pierre Mourlanne
|
N/A |
|
| Trends and Lessons from Three Years Fighting Malicious Extensions |
Niels Provos
,
Moheeb Abu Rajab
,
Panayiotis Mavrommatis
,
Jean-philippe Gravel
,
Kurt Thomas
,
Nav Jagpal
,
Eric Dingle
|
N/A |
|
| Meerkat: Detecting Website Defacements through Image-based Object Recognition |
Christopher Kruegel
,
Giovanni Vigna
,
Kevin Borgolte
|
N/A |
|
| Using Formal Methods to Eliminate Exploitable Bugs |
Kathleen Fisher
|
For decades, formal methods have offered the promise of software that doesn’t have exploitable bugs. ... |
|
| Recognizing Functions in Binaries with Neural Networks |
Dawn Song
,
Reza Moazzezi
,
Eui Shin
|
N/A |
|
| Reassembleable Disassembling |
Pei Wang
,
Dinghao Wu
,
Shuai Wang
|
N/A |
|
| How the ELF Ruined Christmas |
Christopher Kruegel
,
Giovanni Vigna
,
Yan Shoshitaishvili
,
Alessandro Di Federico
,
Amat Cama
|
N/A |
|
| Panel on Research Ethics |
Niels Provos
,
Stuart E. Schechter
,
Michael Bailey
,
Erin Kenneally
|
N/A |
|
| Perspectives on Securing Cyberspace |
Deborah A. Frincke
|
Cybersecurity research within the National Security Agency/Central Security Service Research Directorate is a complex, mission-driven ... |
|
| Finding Unknown Malice in 10 Seconds: Mass Vetting for New Threats at the Google-Play Scale |
Xiaofeng Wang
,
Peng Liu
,
Kai Chen
,
Nan Zhang
,
Peng Wang
,
Heqing Huang
,
Yeonjoon Lee
,
Wei Zou
|
N/A |
|
| You Shouldn’t Collect My Secrets: Thwarting Sensitive Keystroke Leakage in Mobile IME Apps |
Zhiqiang Lin
,
Haibo Chen
,
Haibing Guan
,
Binyu Zang
,
Jin Chen
,
Erick Bauman
|
N/A |
|
| Boxify: Full-fledged App Sandboxing for Stock Android |
Michael Backes
,
Sven Bugiel
,
Philipp von Styp-rekowsky
,
Christian Hammer
,
Oliver Schranz
|
N/A |
|
| Cookies Lack Integrity: Real-World Implications |
Nicholas Weaver
,
Shuo Chen
,
Haixin Duan
,
Jinjin Liang
,
Jian Jiang
,
Xiaofeng Zheng
,
Tao Wan
|
N/A |
|
| The Unexpected Dangers of Dynamic JavaScript |
Martin Johns
,
Ben Stock
,
Sebastian Lekies
,
Martin Wentzel
|
N/A |
|
| ZigZag: Automatically Hardening Web Applications Against Client-side Validation Vulnerabilities |
Christopher Kruegel
,
Giovanni Vigna
,
William Robertson
,
Engin Kirda
,
Michael Weissbacher
|
N/A |
|
| Anatomization and Protection of Mobile Apps’ Location Privacy Threats |
Kang G. Shin
,
Kassem Fawaz
,
Huan Feng
|
N/A |
|
| LinkDroid: Reducing Unregulated Aggregation of App Usage Behaviors |
Kang G. Shin
,
Kassem Fawaz
,
Huan Feng
|
N/A |
|
| PowerSpy: Location Tracking Using Mobile Device Power Analysis |
Dan Boneh
,
Gabi Nakibly
,
Yan Michalevsky
,
Aaron Schulman
,
Gunaa Arumugam Veerapandian
|
N/A |
|
| In the Compression Hornet’s Nest: A Security Study of Data Compression in Network Services |
Davide Balzarotti
,
Neeraj Suri
,
Giancarlo Pellegrino
,
Stefan Winter
|
N/A |
|
| Bohatei: Flexible and Elastic DDoS Defense |
Vyas Sekar
,
Michael Bailey
,
Seyed K. Fayaz
,
Yoshiaki Tobioka
|
N/A |
|
| Boxed Out: Blocking Cellular Interconnect Bypass Fraud at the Network Edge |
Patrick Traynor
,
Henry Carter
,
Adam Bates
,
Ethan Shernan
,
Bradley Reaves
|
N/A |
|
| GSMem: Data Exfiltration from Air-Gapped Computers over GSM Frequencies |
Yuval Elovici
,
Mordechai Guri
,
Gabi Kedma
,
Assaf Kachlon
,
Ofer Hasson
,
Yisroel Mirsky
|
N/A |
|
| Thermal Covert Channels on Multi-core Platforms |
Srdjan Capkun
,
Ramya Jayaram Masti
,
Aanjhan Ranganathan
,
Devendra Rai
,
Christian Müller
,
Lothar Thiele
|
N/A |
|
| Rocking Drones with Intentional Sound Noise on Gyroscopic Sensors |
Yongdae Kim
,
Yunmok Son
,
Hocheol Shin
,
Dongkwan Kim
,
Youngseok Park
,
Juhwan Noh
,
Kibum Choi
,
Jungwoo Choi
|
N/A |
|
| Cache Template Attacks: Automating Attacks on Inclusive Last-Level Caches |
Daniel Gruss
,
Raphael Spreitzer
,
Stefan Mangard
|
N/A |
|
| A Placement Vulnerability Study in Multi-Tenant Public Clouds |
Thomas Ristenpart
,
Venkatanathan Varadarajan
,
Michael M. Swift
,
Yinqian Zhang
|
N/A |
|
| A Measurement Study on Co-residence Threat inside the Cloud |
Haining Wang
,
Zhenyu Wu
,
Zhang Xu
|
N/A |
|
| Towards Discovering and Understanding Task Hijacking in Android |
Peng Liu
,
Yulong Zhang
,
Tao Wei
,
Hui Xue
,
Chuangang Ren
|
N/A |
|
| Cashtags: Protecting the Input and Display of Sensitive Data |
Peter L. Reiher
,
Michael Mitchell
,
An-i Andy Wang
|
N/A |
|
| SUPOR: Precise and Scalable Sensitive User Input Detection for Android Apps |
Xusheng Xiao
,
Kangjie Lu
,
Xiangyu Zhang
,
Zhenyu Wu
,
Guofei Jiang
,
Zhichun Li
,
Jianjun Huang
|
N/A |
|
| UIPicker: User-Input Privacy Identification in Mobile Applications |
Xiaofeng Wang
,
Guofei Gu
,
Yuhong Nan
,
Min Yang
,
Zhemin Yang
,
Shunfan Zhou
|
N/A |
|
| Cloudy with a Chance of Breach: Forecasting Cyber Security Incidents |
Michael Bailey
,
Yang Liu
,
Jing Zhang
,
Manish Karir
,
Mingyan Liu
,
Parinaz Naghizadeh
,
Armin Sarabi
|
N/A |
|
| WebWitness: Investigating, Categorizing, and Mitigating Malware Download Paths |
Manos Antonakakis
,
Roberto Perdisci
,
Terry Nelms
,
Mustaque Ahamad
|
N/A |
|
| Vulnerability Disclosure in the Age of Social Media: Exploiting Twitter for Predicting Real-World Exploits |
Tudor Dumitras
,
Carl Sabottke
,
Octavian Suciu
|
N/A |
|
