Title |
Speakers |
Summary |
Topic Types |
Opening Remarks and Awards |
Stefan Savage
,
Thorsten Holz
|
N/A |
|
Keynote Address |
Thorsten Holz
|
N/A |
|
Crashing Drones and Hijacked Cameras: CyberTrust Meets CyberPhysical |
Jeannette M. Wing
|
Cyber-physical systems are engineered systems that require tight conjoining of and coordination between the computational ... |
|
Flip Feng Shui: Hammering a Needle in the Software Stack |
Bart Preneel
,
Kaveh Razavi
,
Erik Bosman
,
Ben Gras
,
Cristiano Bos
|
N/A |
|
One Bit Flips, One Cloud Flops: Cross-VM Row Hammer Attacks and Privilege Escalation |
Yinqian Zhang
,
Yuan Xiao
,
Xiaokuan Zhang
,
Radu Teodorescu
|
N/A |
|
PIkit: A New Kernel-Independent Processor-Interconnect Rootkit |
Yongdae Kim
,
Hyunwoo Choi
,
Wonjun Song
,
John Kim
,
Junhong Kim
,
Eunsoo Kim
|
N/A |
|
Verifying Constant-Time Implementations |
Manuel Barbosa
,
Gilles Barthe
,
François Dupressoir
,
José Bacelar Almeida
,
Michael Emmi
|
N/A |
|
Secure, Precise, and Fast Floating-Point Operations on x86 Processors |
Ashay Rane
,
Calvin Lin
,
Mohit Tiwari
|
N/A |
|
überSpark: Enforcing Verifiable Object Abstractions for Automated Compositional Security Analysis of a Hypervisor |
Limin Jia
,
Anupam Datta
,
Amit Vasudevan
,
Petros Maniatis
,
Sagar Chaki
|
N/A |
|
Undermining Information Hiding (and What to Do about It) |
Herbert Bos
,
Georgios Portokalidis
,
Elias Athanasopoulos
,
Cristiano Giuffrida
,
Enes Göktaş
,
Robert Gawlik
,
Benjamin Kollenda
|
N/A |
|
Poking Holes in Information Hiding |
Herbert Bos
,
Elias Athanasopoulos
,
Cristiano Giuffrida
,
Angelos Oikonomopoulos
|
N/A |
|
What Cannot Be Read, Cannot Be Leveraged? Revisiting Assumptions of JIT-ROP Defenses |
Michael Backes
,
Christian Rossow
,
Giorgi Maisuradze
|
N/A |
|
zxcvbn: Low-Budget Password Strength Estimation |
Daniel Lowe Wheeler
|
N/A |
|
Fast, Lean, and Accurate: Modeling Password Guessability Using Neural Networks |
Lorrie Faith Cranor
,
Lujo Bauer
,
Nicolas Christin
,
Blase Ur
,
Saranga Komanduri
,
William Melicher
,
Sean M. Segreti
|
N/A |
|
An Empirical Study of Textual Key-Fingerprint Representations |
Matthew Smith
,
Sascha Fahl
,
Dominik Schürmann
,
Yasemin Acar
,
Sergej Dechand
,
Karoline Busse
|
N/A |
|
Making HTTPS the Default in the World's Largest Bureaucracy |
Eric Mill
|
The US government is in the process of requiring secure connections to its public web ... |
|
Off-Path TCP Exploits: Global Rate Limit Considered Dangerous |
Zhiyun Qian
,
Srikanth V. Krishnamurthy
,
Yue Cao
,
Zhongjie Wang
,
Tuan Dao
,
Lisa M. Marvel
|
N/A |
|
Website-Targeted False Content Injection by Network Operators |
Gabi Nakibly
,
Jaime Schcolnik
,
Yossi Rubin
|
N/A |
|
The Ever-Changing Labyrinth: A Large-Scale Analysis of Wildcard DNS Powered Blackhat SEO |
Kehuan Zhang
,
Haixin Duan
,
Zhou Li
,
Kun Du
,
Hao Yang
|
N/A |
|
A Comprehensive Measurement Study of Domain Generating Malware |
Daniel Plohmann
,
Elmar Gerhards-padilla
,
Khaled Yakdan
,
Michael Klatt
,
Johannes Bader
|
N/A |
|
Enhancing Bitcoin Security and Performance with Strong Consistency via Collective Signing |
Bryan Ford
,
Philipp Jovanovic
,
Eleftherios Kokoris Kogias
,
Nicolas Gailly
,
Ismail Khoffi
,
Linus Gasser
|
N/A |
|
Faster Malicious 2-Party Secure Computation with Online/Offline Dual Execution |
Mike Rosulek
,
Peter Rindal
|
N/A |
|
Egalitarian Computing |
Alex Biryukov
,
Dmitry Khovratovich
|
N/A |
|
Post-quantum Key Exchange—A New Hope |
Peter Schwabe
,
Leo Ducas
,
Thomas Pöppelmann
,
Erdem Alkim
|
N/A |
|
When Governments Attack: Malware Targeting Activists, Lawyers, and Journalists |
Eva Galperin
|
Targeted malware campaigns against activists, lawyers, and journalists are becoming extremely commonplace. These attacks range ... |
|
Automatically Detecting Error Handling Bugs Using Error Specifications |
Suman Jana
,
Yuan Kang
,
Samuel Roth
,
Baishakhi Ray
|
N/A |
|
APISan: Sanitizing API Usages through Semantic Cross-Checking |
Taesoo Kim
,
Yeongjin Jang
,
Xujie Si
,
Changwoo Min
,
Insu Yun
,
Mayur Naik
|
N/A |
|
On Omitting Commits and Committing Omissions: Preventing Git Metadata Tampering That (Re)introduces Software Vulnerabilities |
Reza Curtmola
,
Justin Cappos
,
Anil Kumar Ammula
,
Santiago Torres-arias
|
N/A |
|
Defending against Malicious Peripherals with Cinch |
Andrew j. Blumberg
,
Joshua b. Leners
,
Michael Walfish
,
Sebastian Angel
,
Riad S. Wahby
,
Max Howald
,
Michael Spilo
,
Zhen Sun
|
N/A |
|
Making USB Great Again with USBFILTER |
Patrick Traynor
,
Adam Bates
,
Kevin Butler
,
Dave Tian
,
Nolen Scaife
|
N/A |
|
Micro-Virtualization Memory Tracing to Detect and Prevent Spraying Attacks |
Davide Balzarotti
,
Mariano Graziano
,
Andrea Lanzi
,
Stefano Cristalli
,
Mattia Pagnozzi
|
N/A |
|
The Moral Character of Cryptographic Work |
Phillip Rogaway
|
Cryptography rearranges power: it configures who can do what, from what. This makes cryptography an ... |
|
Request and Conquer: Exposing Cross-Origin Resource Size |
Frank Piessens
,
Wouter Joosen
,
Mathy Vanhoef
,
Tom Van Goethem
|
N/A |
|
Trusted Browsers for Uncertain Times |
Hovav Shacham
,
David Kohlbrenner
|
N/A |
|
Tracing Information Flows Between Ad Exchanges Using Retargeted Ads |
William Robertson
,
Christo Wilson
,
Muhammad Ahmad Bashir
,
Sajjad Arshad
|
N/A |
|
Virtual U: Defeating Face Liveness Detection by Building Virtual Models from Your Public Photos |
Fabian Monrose
,
Jan-michael Frahm
,
Yi Xu
,
True Price
|
N/A |
|
Hidden Voice Commands |
Micah Sherr
,
David A. Wagner
,
Wenchao Zhou
,
Nicholas Carlini
,
Tavish Vaidya
,
Yuankai Zhang
,
Clay Shields
,
Pratyush Mishra
|
N/A |
|
FlowFence: Practical Data Protection for Emerging IoT Application Frameworks |
Atul Prakash
,
Amir Rahmati
,
Mauro Conti
,
Earlence Fernandes
,
Justin Paupore
,
Daniel Simionato
|
N/A |
|
Privacy and Threat in Practice: Mobile Messaging by Low-Income New Yorkers |
Ame Elliot
|
Is a theoretically-secure system any good if it doesn’t address users’ real-world threat models? Is ... |
|
ARMageddon: Cache Attacks on Mobile Devices |
Clémentine Maurice
,
Daniel Gruss
,
Raphael Spreitzer
,
Stefan Mangard
,
Moritz Lipp
|
N/A |
|
DRAMA: Exploiting DRAM Addressing for Cross-CPU Attacks |
Clémentine Maurice
,
Daniel Gruss
,
Stefan Mangard
,
Peter Pessl
,
Michael Schwarz
|
N/A |
|
An In-Depth Analysis of Disassembly on Full-Scale x86/x64 Binaries |
Herbert Bos
,
Victor Veen
,
Asia Slowinska
,
Dennis Andriesse
,
Xi Chen
|
N/A |
|
Stealing Machine Learning Models via Prediction APIs |
Ari Juels
,
Michael K. Reiter
,
Thomas Ristenpart
,
Fan Zhang
,
Florian Tramèr
|
N/A |
|
Oblivious Multi-Party Machine Learning on Trusted Processors |
Manuel Costa
,
Cedric Fournet
,
Felix Schuster
,
Kapil Vaswani
,
Olga Ohrimenko
,
Aastha Mehta
,
Nowozin
|
N/A |
|
Thoth: Comprehensive Policy Compliance in Data Retrieval Systems |
Deepak Garg
,
Peter Druschel
,
Anjo Vahldiek-oberwagner
,
Eslam Elnikety
,
Aastha Mehta
|
N/A |
|
The Unfalsifiability of Security Claims |
Cormac Herley
|
There is an inherent asymmetry in computer security: things can be declared insecure by observation, ... |
|
Dancing on the Lip of the Volcano: Chosen Ciphertext Attacks on Apple iMessage |
Matthew Green
,
Christina Garman
,
Ian Miers
,
Michael Rushanan
,
Gabriel Kaptchuk
|
N/A |
|
Predicting, Decrypting, and Abusing WPA2/802.11 Group Keys |
Mathy Vanhoef
,
Frank Piessens
|
N/A |
|
DROWN: Breaking TLS Using SSLv2 |
Sebastian Schinzel
,
J. Alex Halderman
,
Nadia Heninger
,
Christof Paar
,
Juraj Somorovsky
,
David Adrian
,
Emilia Kasper
,
Shaanan Cohney
,
Nimrod Aviram
,
Maik Dankel
,
Jens Steube
,
Luke Valenta
,
Viktor Dukhovni
,
Susanne Engels
,
Yuval Shavitt
|
N/A |
|
All Your Queries Are Belong to Us: The Power of File-Injection Attacks on Searchable Encryption |
Jonathan Katz
,
Charalampos Papamanthou
,
Yupeng Zhang
|
N/A |
|
Investigating Commercial Pay-Per-Install and the Distribution of Unwanted Software |
Elie Bursztein
,
Damon Mccoy
,
Niels Provos
,
Lucas Ballard
,
Moheeb Abu Rajab
,
Panayiotis Mavrommatis
,
Kurt Thomas
,
Jean-michel Picod
,
Robert Shield
,
Juan Manuel Crespo
,
Nav Jagpal
,
Ryan Rasti
,
Cait Phillips
,
Marc-andré Decoste
,
Chris Sharp
,
Fabio Tirelo
,
Ali Tofigh
,
Marc-antoine Courteau
|
N/A |
|
Measuring PUP Prevalence and PUP Distribution through Pay-Per-Install Services |
Juan Caballero
,
Leyla Bilge
,
Platon Kotzias
|
N/A |
|
UNVEIL: A Large-Scale, Automated Approach to Detecting Ransomware |
Collin Mulliner
,
William Robertson
,
Engin Kirda
,
Sajjad Arshad
,
Amin Kharaz
|
N/A |
|
Towards Measuring and Mitigating Social Engineering Software Download Attacks |
Manos Antonakakis
,
Roberto Perdisci
,
Terry Nelms
,
Mustaque Ahamad
|
N/A |
|
Teaching Computer Security: Thoughts from the Field |
Tadayoshi Kohno
,
David Evans
,
Zachary Peterson
,
Colleen Lewis
|
Many researchers and engineers first learn about computer security in a classroom. In this interactive ... |
|
Specification Mining for Intrusion Detection in Networked Control Systems |
Emmanuele Zambon
,
Frank Kargl
,
Robin Sommer
,
Johanna Amann
,
Marco Caselli
|
N/A |
|
Optimized Invariant Representation of Network Traffic for Detecting Unseen Malware Variants |
Karel Bartos
,
Michal Sofka
,
Vojtech Franc
|
N/A |
|
Authenticated Network Time Synchronization |
Douglas Stebila
,
Greg Zaverucha
,
Benjamin Dowling
|
N/A |
|
fTPM: A Software-Only Implementation of a TPM Chip |
Stefan Saroiu
,
Himanshu Raj
,
Alec Wolman
,
Paul England
,
Ronald Aigner
,
Jeremiah Cox
,
Chris Fenner
,
Kinshuman Kinshumann
,
Jork Loeser
,
Dennis Mattoon
,
Magnus Nystrom
,
David Robinson
,
Rob Spiger
,
Stefan Thom
,
David Wooten
|
N/A |
|
Sanctum: Minimal Hardware Extensions for Strong Software Isolation |
Victor Costan
,
Srinivas Devadas
,
Ilia Lebedev
|
N/A |
|
Ariadne: A Minimal Approach to State Continuity |
Raoul Strackx
,
Frank Piessens
|
N/A |
|
Finding and Fixing Security Bugs in Flash |
Natalie Silvanovich
|
Over the past couple of years, Adobe Flash has been repeatedly targeted by attackers in ... |
|
The Million-Key Question—Investigating the Origins of RSA Public Keys |
Vashek Matyas
,
Petr Svenda
,
Matúš Nemec
,
Peter Sekan
,
Rudolf Kvašňovský
,
David Formánek
,
David Komárek
|
N/A |
|
Fingerprinting Electronic Control Units for Vehicle Intrusion Detection |
Kang G. Shin
,
Kyong-tak Cho
|
N/A |
|
Lock It and Still Lose It —on the (In)Security of Automotive Remote Keyless Entry Systems |
Timo Kasper
,
Flavio D. Garcia
,
David Oswald
,
Pierre Pavlidès
|
N/A |
|
OblivP2P: An Oblivious Peer-to-Peer Content Sharing System |
Prateek Saxena
,
Tarik Moataz
,
Yaoqi Jia
,
Shruti Tople
|
N/A |
|
AuthLoop: End-to-End Cryptographic Authentication for Telephony over Voice Channels |
Patrick Traynor
,
Bradley Reaves
|
N/A |
|
You Are Who You Know and How You Behave: Attribute Inference Attacks via Users' Social Friends and Behaviors |
Bin Liu
,
Neil Zhenqiang Gong
|
N/A |
|
Report from the Field: A CDN's Role in Repelling Attacks against Banking Industry Web Sites |
Bruce Maggs
|
This talk describes several types of attacks aimed at content delivery networks (CDNs) and their ... |
|
Internet Jones and the Raiders of the Lost Trackers: An Archaeological Study of Web Tracking from 1996 to 2016 |
Tadayoshi Kohno
,
Franziska Roesner
,
Adam Lerner
,
Anna Kornfeld Simpson
|
N/A |
|
Hey, You Have a Problem: On the Feasibility of Large-Scale Web Vulnerability Notification |
Martin Johns
,
Michael Backes
,
Ben Stock
,
Christian Rossow
,
Giancarlo Pellegrino
|
N/A |
|
You've Got Vulnerability: Exploring Effective Vulnerability Notifications |
Damon Mccoy
,
Stefan Savage
,
Vern Paxson
,
Frank h. Li
,
Michael Bailey
,
Zakir Durumeric
,
Mohammad Karami
,
Jakub Czyz
|
N/A |
|
Mirror: Enabling Proofs of Data Replication and Retrievability in the Cloud |
Frederik Armknecht
,
Ghassan O. Karame
,
Jens-matthias Bohli
,
Ludovic Barman
|
N/A |
|
ZKBoo: Faster Zero-Knowledge for Boolean Circuits |
Claudio Orlandi
,
Irene Giacomelli
,
Jesper Madsen
|
N/A |
|
The Cut-and-Choose Game and Its Application to Cryptographic Protocols |
Jonathan Katz
,
Yan Huang
,
Abhi Shelat
,
Ruiyu Zhu
|
N/A |
|
AMD x86 Memory Encryption Technologies |
David Kaplan
|
This talk will introduce the audience to two new x86 ISA features developed by AMD ... |
|
On Demystifying the Android Application Framework: Re-Visiting Android Permission Specification Analysis |
Patrick Mcdaniel
,
Michael Backes
,
Sven Bugiel
,
Damien Octeau
,
Erik Derr
,
Sebastian Weisgerber
|
N/A |
|
Practical DIFC Enforcement on Android |
Somesh Jha
,
William Enck
,
Adwait Nadkarni
,
Benjamin Andow
|
N/A |
|
Screen after Previous Screens: Spatial-Temporal Recreation of Android App Displays from Memory Images |
Dongyan Xu
,
Golden Iii
,
Xiangyu Zhang
,
Brendan Saltaformaggio
,
Rohit Bhatia
|
N/A |
|
Harvesting Inconsistent Security Configurations in Custom Android ROMs via Differential Analysis |
Wenliang Du
,
Xiao Zhang
,
Yousra Aafer
|
N/A |
|
Identifying and Characterizing Sybils in the Tor Network |
Roya Ensafi
,
Nick Feamster
,
Philipp Winter
,
Karsten Loesing
|
N/A |
|
k-fingerprinting: A Robust Scalable Website Fingerprinting Technique |
Jamie Hayes
,
George Danezis
|
N/A |
|
Protecting Privacy of BLE Device Users |
Kang G. Shin
,
Kassem Fawaz
,
Kyu-han Kim
|
N/A |
|
Privacy in Epigenetics: Temporal Linkability of MicroRNA Expression Profiles |
Michael Backes
,
Mathias Humbert
,
Pascal Berrang
,
Anna Hecksteden
,
Andreas Keller
,
Tim Meyer
|
N/A |
|