Title |
Speakers |
Summary |
Topic Types |
Studying user-facing threats in security & privacy |
Sunny Consolvo
|
N/A |
|
What you get is what you C: Controlling side effects in mainstream C compilers |
Ross Anderson
,
David Chisnall
,
Laurent Simon
|
Security engineers have been fighting with C compilers for years. A careful programmer would test ... |
|
COVERN: A Logic for Compositional Verification of Information Flow Control |
Toby Murray
,
Robert Sison
,
Kai Engelhardt
|
Shared memory concurrency is pervasive in modern programming, including in systems that must protect highly ... |
|
Mining ABAC Rules from Sparse Logs |
David Basin
,
Carlos Cotrini
,
Thilo Weghorn
|
Different methods have been proposed to mine attribute-based access control (ABAC) rules from logs. In ... |
|
I Spy with My Little Eye: Analysis and Detection of Spying Browser Extensions |
Liang Feng Zhang
,
Ponnurangam Kumaraguru
,
Bimal Viswanath
,
Anupama Aggarwal
,
Saravana Kumar
,
Ayush Shah
|
In this work, we take a step towards understanding and defending against spying browser extensions. ... |
|
Dissecting Privacy Risks in Biomedical Data |
Michael Backes
,
Yang Zhang
,
Mathias Humbert
,
Pascal Berrang
,
Irina Lehmann
,
Roland Eils
|
The decreasing costs of molecular profiling has fueled the biomedical research community with a plethora ... |
|
Formally Reasoning about the Cost and Efficacy of Securing the Email Infrastructure |
Michael Backes
,
Giancarlo Pellegrino
,
Milivoj Simeonovski
,
Patrick Speicher
,
Marcel Steinmetz
,
Robert Künnemann
,
Jörg Hoffmann
|
Security in the Internet has historically been added post-hoc, leaving services like email, which, after ... |
|
Language-Independent Synthesis of Firewall Policies |
Riccardo Focardi
,
Pierpaolo Degano
,
Mauro Tempesta
,
Chiara Bodei
,
Letterio Galletta
,
Lorenzo Veronese
|
Configuring and maintaining a firewall configuration is notoriously hard. Policies are written in low-level, platform-specific ... |
|
The Real First Class? Inferring Confidential Corporate Mergers and Government Relations from Air Traffic Communication |
Matthew Smith
,
Vincent Lenders
,
Ivan Martinovic
,
Martin Strohmeier
|
This paper exploits publicly available aircraft meta data in conjunction with unfiltered air traffic communication ... |
|
Masters of Time: An Overview of the NTP Ecosystem |
Thorsten Holz
,
Teemu Rytilahti
,
Dennis Tatang
,
Janosch Köpper
|
The Network Time Protocol (NTP) is currently the most commonly used approach to keeping the ... |
|
TARANET: Traffic-Analysis Resistant Anonymity at the NETwork layer |
George Danezis
,
Carmela Troncoso
,
Adrian Perrig
,
David Barrera
,
Chen Chen
,
Daniele E. Asoni
|
Modern low-latency anonymity systems, no matter whether constructed as an overlay or implemented at the ... |
|
ERASER: Your Data Won’t Be Back |
William Robertson
,
Engin Kirda
,
Kaan Onarlioglu
|
Secure deletion of data from non-volatile storage is a well-recognized problem. While numerous solutions have ... |
|
Security Risks in Asynchronous Web Servers: When Performance Optimizations Amplify the Impact of Data-oriented Attacks |
Fabian Monrose
,
Manos Antonakakis
,
Michalis Polychronakis
,
Kevin Snow
,
Panagiotis Kintis
,
Micah Morton
,
Jan Werner
|
Over the past decade, many innovations have been achieved with respect to improving the responsiveness ... |
|
Have your PI and Eat it Too: Practical Security on a Low-cost Ubiquitous Computing Platform |
Amit Vasudevan
,
Sagar Chaki
|
Robust security on a commodity low-cost and popular computing platform is a worthy goal for ... |
|
Get in Line: Ongoing Co-Presence Verification of a Vehicle Formation Based on Driving Trajectories |
N. Asokan
,
Ivan Martinovic
,
Mika Juuti
,
Christian Vaas
|
Intelligent transportation systems and the advent of smart cities have created a renewed research interest ... |
|
Sponge-Based Control-Flow Protection for IoT Devices |
Thomas Unterluggauer
,
Stefan Mangard
,
Mario Werner
,
David Schaffenrath
|
Embedded devices in the Internet of Things (IoT) face a wide variety of security challenges. ... |
|
Position-independent Code Reuse: On the Effectiveness of ASLR in the Absence of Information Disclosure |
Thorsten Holz
,
Herbert Bos
,
Georgios Portokalidis
,
Cristiano Giuffrida
,
Enes Göktaş
,
Benjamin Kollenda
,
Philipp Koppe
,
Erik Bosman
|
Address-space layout randomization is a well-established defense against code-reuse attacks. However, it can be completely ... |
|
Probabilistic Obfuscation through Covert Channels |
Saumya K. Debray
,
Babak Yadegari
,
Christian Collberg
,
Jon Stephens
,
Carlos Scheidegger
|
This paper presents a program obfuscation framework that uses covert channels through the program’s execution ... |
|
Understanding User Tradeoffs for Search in Encrypted Communication |
Michelle l. Mazurek
,
Wei Bai
,
Ciara Lynton
,
Charalampos (babis) Papamanthou
|
End-to-end message encryption is the only way to achieve absolute message privacy. However, searching over ... |
|
Short Double- and N-Times-Authentication-Preventing Signatures from ECDSA and More |
Daniel Slamanig
,
David Derler
,
Sebastian Ramacher
|
Double-authentication-preventing signatures (DAPS) are signatures designed with the aim that signing two messages with an ... |
|
Crypto Crumple Zones: Enabling Limited Access without Mass Surveillance |
Charles P. Wright
,
Mayank Varia
|
Governments around the world are demanding more access to encrypted data, but it has been ... |
|
Online Synthesis of Adaptive Side-Channel Attacks Based On Noisy Observations |
Lucas Bang
,
Nicolas Rosner
,
Tevfik Bultan
|
We present an automated technique for synthesizing adaptive attacks to extract information from program functions ... |
|
User Blocking Considered Harmful? An Attacker-controllable Side Channel to Identify Social Accounts |
Takuya Watanabe
,
Tatsuya Mori
,
Mitsuaki Akiyama
,
Eitaro Shioji
,
Keito Sasaoka
,
Takeshi Yagi
|
This paper presents a practical side-channel attack that identifies the social web service account of ... |
|
Attacking Deterministic Signature Schemes using Fault Attacks |
Sebastian Schinzel
,
Juraj Somorovsky
,
Damian Poddebniak
,
Paul Rösler
,
Manfred Lochter
|
Many digital signature schemes rely on random numbers that are unique and non-predictable per signature. ... |
|
Establishing a Guide to the Cyber Security Body of Knowledge (CyBOK) |
N/a
|
A new, multi-partner effort is underway to develop a cyber security body of knowledge (http://www.cybok.org). ... |
|
CRYSTALS - Kyber: a CCA-secure module-lattice-based KEM |
Vadim Lybashevsky
,
Tancrède Lepoint
,
John M. Schanck
,
Eike Kiltz
,
Joppe w. Bos
,
Peter Schwabe
,
Damien Stehlé
,
Leo Ducas
|
Rapid advances in quantum computing, together with the announcement by the National Institute of Standards ... |
|
Just In Time Hashing |
Jeremiah Blocki
,
Benjamin Harsha
|
In the past few years billions of user passwords have been exposed to the threat ... |
|
In search of CurveSwap: Measuring elliptic curve implementations in the wild |
Nadia Heninger
,
Nick Sullivan
,
Luke Valenta
,
Antonio Sanso
|
We survey elliptic curve implementations from several vantage points. We perform internet-wide scans for TLS ... |
|
SoK: Security and Privacy in Machine Learning |
Patrick Mcdaniel
,
Arunesh Sinha
,
Nicolas Papernot
,
Michael P. Wellman
|
Advances in machine learning (ML) in recent years have enabled a dizzying array of applications ... |
|
From password policies to adversarial machine learning, it's all about the user. |
Lujo Bauer
|
N/A |
|
More is Less: On the End-to-End Security of Group Chats in Signal, WhatsApp, and Threema |
Jörg Schwenk
,
Christian Mainka
,
Paul Rösler
|
Secure instant messaging is utilized in two variants: one-to-one communication and group communication. While the ... |
|
A formal analysis of the Neuchâtel e-voting protocol |
Veronique Cortier
,
David Galindo
,
Mathieu Turuani
|
Remote electronic voting is used in several countries for legally binding elections. Unlike academic voting ... |
|
On Composability of Game-based Password Authenticated Key Exchange |
Jean Lancrenon
,
Marjan Skrobot
|
It is standard practice that the secret key derived from an execution of a Password ... |
|
ChainSmith: Automatically Learning the Semantics of Malicious Campaigns by Mining Threat Intelligence Reports |
Tudor Dumitras
,
Ziyun Zhu
|
Modern cyber attacks consist of a series of steps and are generally part of larger ... |
|
DeepRefiner: Multi-layer Android Malware Detection System Applying Deep Neural Networks |
Robert h. Deng
,
Kai Chen
,
Yingjiu Li
,
Ke Xu
|
As malicious behaviors vary significantly across mobile malware, it is challenging to detect malware both ... |
|
Forgotten Siblings: Unifying Attacks on Machine Learning and Digital Watermarking |
Konrad Rieck
,
Daniel Arp
,
Erwin Quiring
|
Machine learning is increasingly used in security-critical applications, such as autonomous driving, face recognition, and ... |
|