Title |
Speakers |
Summary |
Topic Types |
Keynote: On Subverting Trust |
Matthew Daniel Green
|
N/A |
|
Transcript Collision Attacks: Breaking Authentication in TLS, IKE and SSH |
Karthikeyan Bhargavan
,
Gaetan Leurent
|
In response to high-profile attacks that exploit hash function collisions, software vendors have started to ... |
|
TLS in the Wild: An Internet-wide Analysis of TLS-based Protocols for Electronic Communication |
Mohamed Ali Kaafar
,
Ralph ( rholz ) Holz
,
Olivier Mehani
,
Johanna Amann
,
Matthias Wachs
|
Email and chat still constitute the majority of electronic communication on the Internet. The standardisation ... |
|
Killed by Proxy: Analyzing Client-end TLS Interception Software |
Mohammad Mannan
,
Xavier Carnavalet
|
To filter SSL/TLS-protected traffic, some antivirus and parental-control applications interpose a TLS proxy in the ... |
|
SIBRA: Scalable Internet Bandwidth Reservation Architecture |
Adrian Perrig
,
Hsu-chun Hsiao
,
Ayumu Kubota
,
Cristina Basescu
,
Pawel Szalachowski
,
Raphael M. Reischuk
,
Yao Zhang
,
Jumpei Urakawa
|
This paper proposes a Scalable Internet Bandwidth Reservation Architecture (SIBRA) as a new approach against ... |
|
Don't Forget to Lock the Back Door! A Characterization of IPv6 Network Security Policy |
Mark Allman
,
Michael Bailey
,
Jakub Czyz
,
Matthew Luckie
|
There is growing operational awareness of the challenges in securely operating IPv6 networks. Through a ... |
|
Attacking the Network Time Protocol |
Sharon Goldberg
,
Aanchal Malhotra
,
Isaac E. Cohen
,
Erik Brakke
|
We explore the risk that network attackers can exploit unauthenticated Network Time Protocol (NTP) traffic ... |
|
SPIFFY: Inducing Cost-Detectability Tradeoffs for Persistent Link-Flooding Attacks |
Vyas Sekar
,
Min Suk Kang
,
Virgil D. Gligor
|
We have recently witnessed the real life demonstration of link-flooding attacks - DDoS attacks that ... |
|
CrossFire: An Analysis of Firefox Extension-Reuse Vulnterabilities |
William Robertson
,
Engin Kirda
,
Kaan Onarlioglu
,
Ahmet Buyukkayhan
|
Extension architectures of popular web browsers have been carefully studied by the research community; however, ... |
|
It's Free for a Reason: Exploring the Ecosystem of Free Live Streaming Services |
Christophe Huygens
,
Wouter Joosen
,
Nick Nikiforakis
,
M. zubair Rafique
,
Tom Van Goethem
|
Recent years have seen extensive growth of services enabling free broadcasts of live streams on ... |
|
Attack Patterns for Black-Box Security Testing of Multi-Party Web Applications |
Luca Compagna
,
Alessandro Armando
,
Roberto Carbone
,
Avinash Sudhodanan
|
The advent of Software-as-a-Service (SaaS) has led to the development of multi-party web applications (MPWAs). ... |
|
Are these Ads Safe: Detecting Hidden Attacks through the Mobile App-Web Interfaces |
Yan Chen
,
Shihong Zou
,
Vaibhav Rastogi
,
Xiang Pan
,
Rui Shao
,
Ryan Riley
|
Mobile users are increasingly becoming targets of malware infections and scams. Some platforms, such as ... |
|
Enabling Practical Software-defined Networking Security Applications with OFX |
Adam J. Aviv
,
Jonathan M. Smith
,
Eric Keller
,
John Sonchack
|
Software Defined Networks (SDNs) are an appealing platform for network security applications. However, existing approaches ... |
|
Forwarding-Loop Attacks in Content Delivery Networks |
Vern Paxson
,
Haixin Duan
,
Jinjin Liang
,
Jian Jiang
,
Kang Li
,
Xiaofeng Zheng
,
Tao Wan
,
Jianjun Chen
|
We describe how malicious customers can attack the availability of Content Delivery Networks (CDNs) by ... |
|
CDN-on-Demand: An affordable DDoS Defense via Untrusted Clouds |
Amir Herzberg
,
Yossi Gilad
,
Michael Sudkovitch
,
Michael Goberman
|
We present CDN-on-Demand, a software-based defense that administrators of small to medium websites install to ... |
|
Towards SDN-Defined Programmable BYOD (Bring Your Own Device) Security |
Guofei Gu
,
Lei Xu
,
Robert Baykov
,
Sungmin Hong
,
Srinath Nadimpalli
|
An emerging trend in corporate network administration is BYOD (bring your own device). Although with ... |
|
Centrally Banked Cryptocurrencies |
George Danezis
,
Sarah Meiklejohn
|
Current cryptocurrencies, starting with Bitcoin, build a decentralized blockchain-based transaction ledger, maintained through proofs-of-work that ... |
|
Equihash: Asymmetric Proof-of-Work Based on the Generalized Birthday Problem |
Dmitry Khovratovich
,
Alex Biryukov
|
The proof-of-work is a central concept in modern cryptocurrencies and denial-of-service protection tools, but the ... |
|
A Simple Generic Attack on Text Captchas |
Hyoungshick Kim
,
Aziz Mohaisen
,
Eunjo Lee
,
Jiyoung Woo
,
Huy Kang Kim
|
Text-based Captchas have been widely deployed across the Internet to defend against undesirable or malicious ... |
|
Tracking Mobile Web Users Through Motion Sensors: Attacks and Defenses |
Matthew Caesar
,
Nikita Borisov
,
Anupam Das
|
Modern smartphones contain motion sensors, such as accelerometers and gyroscopes. These sensors have many useful ... |
|
The Price of Free: Privacy Leakage in Personalized Mobile In-Apps Ads |
Wenke Lee
,
Wei Meng
,
Simon P. Chung
,
Ren Ding
,
Steven Han
|
In-app advertising is an essential part to the ecosystem of free mobile applications. On the ... |
|
What Mobile Ads Know About Mobile Users |
Vitaly Shmatikov
,
Daehyeok Kim
,
Sooel Son
|
We analyze the software stack of popular mobile advertising libraries and investigate how they protect ... |
|
Free for All! Assessing User Data Exposure to Advertising Libraries on Android |
Wei Yang
,
Soteris Demetriou
,
Carl A. Gunter
,
Whitney Merrill
,
Aston Zhang
|
Many studies have focused on detecting and measuring the security and privacy risks associated with ... |
|
Practical Attacks Against Privacy and Availability in 4G/LTE Mobile Communication Systems |
Ravishankar Borgaonkar
,
N. Asokan
,
Jean-pierre Seifert
,
Valtteri Niemi
,
Altaf Shaik
|
Mobile communication systems are now an essential part of life throughout the world. Fourth generation ... |
|
Towards Automated Dynamic Analysis for Linux-based Embedded Firmware |
David Brumley
,
Manuel Egele
,
Maverick Woo
,
Daming D. Chen
|
Commercial-off-the-shelf (COTS) network-enabled embedded devices are usually controlled by vendor firmware to perform integral functions ... |
|
discovRE: Efficient Cross-Architecture Identification of Bugs in Binary Code |
Sebastian Eschweiler
,
Elmar Gerhards-padilla
,
Khaled Yakdan
|
The identification of security-critical vulnerabilities is a key for protecting computer systems. Being able to ... |
|
Driller: Augmenting Fuzzing Through Selective Symbolic Execution |
Christopher Kruegel
,
Giovanni Vigna
,
Ruoyu Wang
,
Yan Shoshitaishvili
,
Jacopo Corbetta
,
Nick Stephens
,
John Grosen
,
Christopher Salls
,
Andrew Dutcher
|
Memory corruption vulnerabilities are an ever-present risk in software, which attackers can exploit to obtain ... |
|
VTrust: Regaining Trust on Virtual Calls |
Mathias Payer
,
Dawn Song
,
Chengyu Song
,
Chao Zhang
,
Tongxin Li
,
Scott A. Carr
,
Yu Ding
|
Virtual function calls are one of the most popular control-flow hijack attack targets. Compilers use ... |
|
Protecting C++ Dynamic Dispatch Through VTable Interleaving |
Sorin Lerner
,
Dimitar Bounov
,
Rami Gökhan Kıcı
|
With new defenses against traditional control-flow attacks like stack buffer overflows, attackers are increasingly using ... |
|
ProTracer: Towards Practical Provenance Tracing by Alternating Between Logging and Tainting |
Dongyan Xu
,
Xiangyu Zhang
,
Shiqing Ma
|
Provenance tracing is a very important approach to Advanced Persistent Threat (APT) attack detection and ... |
|
Who's in Control of Your Control System? Device Fingerprinting for Cyber-Physical Systems |
Raheem Beyah
,
David Formby
,
Preethi Srinivasan
,
Andrew Leonard
,
Jonathan Rogers
|
Industrial control system (ICS) networks used in critical infrastructures such as the power grid present ... |
|
SKEE: A lightweight Secure Kernel-level Execution Environment for ARM |
Ahmed Azab
,
Peng Ning
,
Kirk Swidowski
,
Ruowen Wang
,
Rohan Bhutkar
,
Jia Ma
,
Wenbo Shen
|
Previous research on kernel monitoring and protection widely relies on higher privileged system components, such ... |
|
OpenSGX: An Open Platform for SGX Research |
Taesoo Kim
,
Brent ByungHoon Kang
,
Dongsu Han
,
Ming-wei Shih
,
Prerit Jain
,
Soham Desai
,
Seongmin Kim
,
Jaehyuk Lee
,
Changho Choi
,
Youjung Shin
|
Hardware technologies for trusted computing, or trusted execution environments (TEEs), have rapidly matured over the ... |
|
Efficient Private Statistics with Succinct Sketches |
George Danezis
,
Emiliano de Cristofaro
,
Luca Melis
|
In our digital society, the large-scale collection of contextual information is often essential to gather ... |
|
Dependence Makes You Vulnberable: Differential Privacy Under Dependent Tuples |
Prateek Mittal
,
Supriyo Chakraborty
,
Changchang Liu
|
Differential privacy (DP) is a widely accepted mathematical framework for protecting data privacy. Simply stated, ... |
|
Privacy-Preserving Shortest Path Computation |
Joe Zimmerman
,
John C. Mitchell
,
David J. Wu
,
Jérémy Planul
|
Navigation is one of the most popular cloud computing services. But in virtually all cloud-based ... |
|
LinkMirage: Enabling Privacy-preserving Analytics on Social Relationships |
Prateek Mittal
,
Changchang Liu
|
Social relationships present a critical foundation for many real-world applications. However, both users and online ... |
|
Do You See What I See? Differential Treatment of Anonymous Users |
David Fifield
,
Damon Mccoy
,
Steven J. Murdoch
,
Vern Paxson
,
Sadia Afroz
,
Sheharbano Khattak
,
Mobin Javed
,
Srikanth Sundaresan
|
The utility of anonymous communication is undermined by a growing number of websites treating users ... |
|
Measuring and Mitigating AS-level Adversaries Against Tor |
Phillipa Gill
,
Michael Schapira
,
Rishab Nithyanand
,
Oleksii Starov
,
Adva Zair
|
The popularity of Tor as an anonymity system has made it a popular target for ... |
|
Website Fingerprinting at Internet Scale |
Martin Henze
,
Klaus Wehrle
,
Thomas Engel
,
Fabian Lanze
,
Andriy Panchenko
,
Jan Pennekamp
,
Andreas Zinnen
|
The website fingerprinting attack aims to identify the content (i.e., a webpage accessed by a ... |
|
Extract Me If You Can: Abusing PDF Parsers in Malware Detectors |
Heng Yin
,
Mu Zhang
,
Xunchao Hu
,
Curtis Carmony
,
Abhishek Vasisht
|
Owing to the popularity of the PDF format and the continued exploitation of Adobe Reader, ... |
|
Automatically Evading Classifiers: A Case Study on PDF Malware Classifiers |
David Evans
,
Weilin Xu
,
Yanjun Qi
|
Machine learning is widely used to develop classifiers for security tasks. However, the robustness of ... |
|
Cache, Trigger, Impersonate: Enabling Context-Sensitive Honeyclient Analysis On-the-Wire |
Fabian Monrose
,
Kevin Z. Snow
,
Teryl Taylor
,
Nathan Otterness
|
Today's sophisticated web exploit kits use polymorphic techniques to obfuscate each attack instance, making content-based ... |
|
LO-PHI: Low-Observable Physical Host Instrumentation for Malware Analysis |
Hongyi Hu
,
Chad Spensky
,
Kevin Leach
|
Dynamic-analysis techniques have become the linchpins of modern malware analysis. However, software-based methods have been ... |
|
When a Tree Falls: Using Diversity in Ensemble Classifiers to Identify Evasion in Malware Detectors |
Angelos Stavrou
,
Charles Smutz
|
Machine learning classifiers are a vital component of modern malware and intrusion detection systems. However, ... |
|
Kratos: Discovering Inconsistent Security Policy Enforcement in the Android Framework |
Z. Morley Mao
,
Zhiyun Qian
,
Qi Alfred Chen
,
Yuru Shao
,
Jason Ott
|
The Android framework utilizes a permission-based security model, which is essentially a variation of the ... |
|
How to Make ASLR Win the Clone Wars: Runtime Re-Randomization |
Wenke Lee
,
Michael Backes
,
Stefan Nurnberger
,
Kangjie Lu
|
Existing techniques for memory randomization such as the widely explored Address Space Layout Randomization (ASLR) ... |
|
Leakage-Resilient Layout Randomization for Mobile Devices |
Ahmad-reza Sadeghi
,
Christopher Liebchen
,
Lucas Davi
,
Stephen Crane
,
Per Larsen
,
Michael Franz
,
Kjell Braden
|
Attack techniques based on code reuse continue to enable real-world exploits bypassing all current mitigations. ... |
|
Enabling Client-Side Crash-Resistance to Overcome Diversification and Information Hiding |
Thorsten Holz
,
Behrad Garmany
,
Robert Gawlik
,
Benjamin Kollenda
,
Philipp Koppe
|
It is a well-known issue that attack primitives which exploit memory corruption vulnerabilities can abuse ... |
|
Enforcing Kernel Security Invariants with Data Flow Integrity |
Taesoo Kim
,
Wenke Lee
,
Byoungyoung Lee
,
Chengyu Song
,
Kangjie Lu
,
William Harris
|
The operation system kernel is the foundation of the whole system and is often the ... |
|
Going Native: Using a Large-Scale Analysis of Android Apps to Create a Practical Native-Code Sandboxing Policy |
Wenliang Du
,
Xiao Zhang
,
Yousra Aafer
,
Kailiang Ying
,
Zhenshen Qiu
|
Current static analysis techniques for Android applications operate at the Java level - that is, ... |
|
FLEXDROID: Enforcing In-App Privilege Separation in Android |
Taesoo Kim
,
Daehyeok Kim
,
Jaebaek Seo
,
Donghyun Shin
|
Mobile applications are increasingly integrating third-party libraries to provide various features, such as advertising, analytics, ... |
|
IntelliDroid: A Targeted Input Generator for the Dynamic Analysis of Android Malware |
David Lie
,
Michelle Y. Wong
|
While dynamic malware analysis methods generally provide better precision than purely static methods, they have ... |
|
Harvesting Runtime Values in Android Applications That Feature Anti-Analysis Techniques |
Eric Bodden
,
Steven Arzt
,
Siegfried Rasthofer
,
Marc Miltenberger
|
It is generally challenging to tell apart malware from benign applications. To make this decision, ... |
|
Automatic Forgery of Cryptographically Consistent Messages to Identify Security Vulnerabilities in Mobile Services |
Rui Wang
,
Zhiqiang Lin
,
Chaoshun Zuo
,
Wubing Wang
|
Most smartphone apps today require access to remote services, and many of them also require ... |
|
Differentially Private Password Frequency Lists |
Anupam Datta
,
Joseph Bonneau
,
Jeremiah Blocki
|
Given a dataset of user-chosen passwords, the frequency list reveals the frequency of each unique ... |
|
Who Are You? A Statistical Approach to Measuring User Authenticity |
Giorgio Giacinto
,
Sakshi Jain
,
David Freeman
,
Markus Duermuth
,
Battista Biggio
|
Passwords are used for user authentication by almost every Internet service today, despite a number ... |
|
Pitfalls in Designing Zero-Effort Deauthentication: Opportunistic Human Observation Attacks |
Nitesh Saxena
,
N. Asokan
,
Swapnil Udar
,
Otto Huhta
,
Mika Juuti
,
Prakash Shrestha
|
Deauthentication is an important component of any authentication system. The widespread use of computing devices ... |
|