| Title |
Speakers |
Summary |
Topic Types |
| Q: Why Do Keynote Speakers Keep Suggesting That Improving Security Is Possible? A: Because Keynote Speakers Make Bad Life Decisions and Are Poor Role Models |
James Mickens
|
Some people enter the technology industry to build newer, more exciting kinds of technology as ... |
|
| Fear the Reaper: Characterization and Fast Detection of Card Skimmers |
Nolen Scaife
,
Christian Traynor
|
Payment card fraud results in billions of dollars in losses annually. Adversaries increasingly acquire card ... |
|
| BlackIoT: IoT Botnet of High Wattage Devices Can Disrupt the Power Grid |
Saleh Soltan
,
Prateek Poor
|
We demonstrate that an Internet of Things (IoT) botnet of high wattage devices–such as air ... |
|
| Skill Squatting Attacks on Amazon Alexa |
Joshua Mason
,
Deepak Kumar
,
Eric Hennenfent
,
Riccardo Paccagnella
,
Paul Murley
,
Adam Bailey
|
The proliferation of the Internet of Things has increased reliance on voice-controlled devices to perform ... |
|
| CommanderSong: A Systematic Approach for Practical Adversarial Voice Recognition |
Xiaofeng Wang
,
Kai Chen
,
Heqing Huang
,
Carl A. Gunter
,
Xuejing Yuan
,
Yuxuan Chen
,
Yue Zhao
,
Yunhui Long
,
Xiaokang Liu
,
Shengzhi Zhang
|
The popularity of automatic speech recognition (ASR) systems, like Google Assistant, Cortana, brings in security ... |
|
| ACES: Automatic Compartments for Embedded Systems |
Abraham A Clements
,
Naif Saleh Almakhdhub
,
Saurabh Payer
|
Securing the rapidly expanding Internet of Things (IoT) is critical. Many of these “things” are ... |
|
| IMIX: In-Process Memory Isolation EXtension |
Tommaso Frassetto
,
Patrick Jauernig
,
Christopher Sadeghi
|
Memory-corruption attacks have been subject to extensive research in the latest decades. Researchers demonstrated sophisticated ... |
|
| HeapHopper: Bringing Bounded Model Checking to Heap Implementation Security |
Ruoyu Wang
,
Yan Shoshitaishvili
,
Antonio Bianchi
,
Moritz Eckert
,
Christopher Vigna
|
Heap metadata attacks have become one of the primary ways in which attackers exploit memory ... |
|
| Guarder: A Tunable Secure Allocator |
Zhiqiang Lin
,
Sam Silvestro
,
Hongyu Liu
,
Tianyi Liu
,
Tongping Liu
|
Due to the on-going threats posed by heap vulnerabilities, we design a novel secure allocator ... |
|
| Fp-Scanner: The Privacy Implications of Browser Fingerprint Inconsistencies |
Romain Rouvoy
,
Antoine Vastel
,
Pierre Laperdrix
,
Walter Rudametkin
|
By exploiting the diversity of device and browser configurations, browser fingerprinting established itself as a ... |
|
| Who Left Open the Cookie Jar? A Comprehensive Evaluation of Third-Party Cookie Policies |
Gertjan Franken
,
Tom Joosen
|
Nowadays, cookies are the most prominent mechanism to identify and authenticate users on the Internet. ... |
|
| Effective Detection of Multimedia Protocol Tunneling using Machine Learning |
Diogo Barradas
,
Nuno Rodrigues
|
Multimedia protocol tunneling enables the creation of covert channels by modulating data into the input ... |
|
| Quack: Scalable Remote Measurement of Application-Layer Censorship |
Will Scott
,
Benjamin Vandersloot
,
Allison Mcdonald
,
J. Ensafi
|
Remote censorship measurement tools can now detect DNS- and IP-based blocking at global scale. However, ... |
|
| Better managed than memorized? Studying the Impact of Managers on Password Strength and Reuse |
Sascha Fahl
,
Sanam Ghorbani Lyastani
,
Michael Schilling
,
Michael Bugiel
|
Despite their well-known security problems, passwords are still the incumbent authentication method for virtually all ... |
|
| Forgetting of Passwords: Ecological Theory and Data |
Janne Lindqvist
,
Yulong Yang
,
Antti Oulasvirta
,
Xianyi Gao
,
Can Liu
,
Christos Mitropoulos
|
We present an opportunistic study of the impact of a new password policy in a ... |
|
| The Rewards and Costs of Stronger Passwords in a University: Linking Password Lifetime to Strength |
M. angela Sasse
,
Simon Parkin
,
Ingolf Becker
|
We present an opportunistic study of the impact of a new password policy in a ... |
|
| Rethinking Access Control and Authentication for the Home Internet of Things (IoT) |
Blase Ur
,
Markus Dürmuth
,
Earlence Fernandes
,
Maximilian Golla
,
Weijia He
,
Roshni Padhi
,
Jordan Ofek
|
Computing is transitioning from single-user devices to the Internet of Things (IoT), in which multiple ... |
|
| ATtention Spanned: Comprehensive Vulnerability Analysis of AT Commands Within the Android Ecosystem |
Patrick Traynor
,
Hayawardh Vijayakumar
,
Kevin Butler
,
Michael Grace
,
Amir Rahmati
,
Lee Harrison
,
Grant Hernandez
,
Dave (jing) Tian
,
Joseph I. Choi
,
Vanessa Frost
,
Christie Ruales
|
AT commands, originally designed in the early 80s for controlling modems, are still in use ... |
|
| Inception: System-Wide Security Testing of Real-World Embedded Systems Software |
Nassim Corteggiani
,
Giovanni Francillon
|
Connected embedded systems are becoming widely deployed, and their security is a serious concern. Current ... |
|
| Acquisitional Rule-based Engine for Discovering Internet-of-Things Devices |
Haining Wang
,
Limin Sun
,
Qiang Li
,
Xuan Feng
|
The rapidly increasing landscape of Internet-of-Thing (IoT) devices has introduced significant technical challenges for their ... |
|
| Cybersecurity: Is It about Business or Technology? |
Donna Dodson
|
If recent events involving the security of information and operations have taught us anything, it ... |
|
| A Sense of Time for JavaScript and Node.js: First-Class Timeouts as a Cure for Event Handler Poisoning |
James C. Davis
,
Eric R. Williamson
,
Dongyoon Lee
|
The software development community is adopting the Event-Driven Architecture (EDA) to provide scalable web services, ... |
|
| Freezing the Web: A Study of ReDoS Vulnerabilities in JavaScript-based Web Servers |
Cristian-alexandru Pradel
|
Regular expression denial of service (ReDoS) is a class of algorithmic complexity attacks where matching ... |
|
| NAVEX: Precise and Scalable Exploit Generation for Dynamic Web Applications |
Birhanu Eshete
,
Rigel Gjomemo
,
Abeer Alhuzali
,
V.n. Venkatakrishnan
|
Modern multi-tier web applications are composed of several dynamic features, which make their vulnerability analysis ... |
|
| Rampart: Protecting Web Applications from CPU-Exhaustion Denial-of-Service Attacks |
Christopher Kruegel
,
Giovanni Vigna
,
Wenke Lee
,
Shuang Hao
,
Wei Meng
,
Kevin Borgolte
,
Chenxiong Qian
|
Denial-of-Service (DoS) attacks pose a severe threat to the availability of web applications. Traditionally, attackers ... |
|
| How Do Tor Users Interact With Onion Services? |
Nick Feamster
,
Philipp Winter
,
Anne Edmundson
,
Laura M. Roberts
,
Marshini Chetty
,
Agnieszka Dutkowska-żuk
|
Onion services are anonymous network services that are exposed over the Tor network. In contrast ... |
|
| Towards Predicting Efficient and Anonymous Tor Circuits |
Matthew Wright
,
Jiang Ming
,
Armon Barton
,
Mohsen Imani
|
The Tor anonymity system provides online privacy for millions of users, but it is slower ... |
|
| An Empirical Analysis of Anonymity in Zcash |
George Kappos
,
Haaroon Yousaf
,
Mary Meiklejohn
|
Among the now numerous alternative cryptocurrencies derived from Bitcoin, Zcash is often touted as the ... |
|
| Rethinking Architectures and Abstraction for a World Where Security Improvements Matter More than Performance Gains |
Paul Kocher
|
During the now-ended performance boom, microprocessor performance optimizations brought enormous economic benefits that vastly exceeded ... |
|
| Solving the Next Billion-People Privacy Problem |
Monica S. Lam
|
Virtual assistants are poised to revolutionize the digital interface by providing us with a simple, ... |
|
| Unveiling and Quantifying Facebook Exploitation of Sensitive Personal Data for Advertising Purposes |
José González Cabañas
,
Ángel Cuevas
,
Rubén Cuevas
|
The recent European General Data Protection Regulation (GDPR) restricts the processing and exploitation of some ... |
|
| Analysis of Privacy Protections in Fitness Tracking Social Networks -or- You can run, but can you hide? |
Adam Bates
,
Wajih Ul Hassan
,
Saad Hussain
|
Mobile fitness tracking apps allow users to track their workouts and share them with friends ... |
|
| AttriGuard: A Practical Defense Against Attribute Inference Attacks via Adversarial Machine Learning |
Jinyuan Gong
|
Users in various web and mobile applications are vulnerable to attribute inference attacks, in which ... |
|
| Polisis: Automated Analysis and Presentation of Privacy Policies Using Deep Learning |
Karl Aberer
,
Florian Schaub
,
Kang G. Shin
,
Hamza Harkous
,
Kassem Fawaz
,
Rémi Lebret
|
Privacy policies are the primary channel through which companies inform users about their data collection ... |
|
| Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels |
Sebastian Schinzel
,
Juraj Somorovsky
,
Jörg Schwenk
,
Damian Poddebniak
,
Jens Müller
,
Christian Dresen
,
Fabian Ising
,
Simon Friedberger
|
OpenPGP and S/MIME are the two prime standards for providing end-to-end security for emails. We ... |
|
| The Dangers of Key Reuse: Practical Attacks on IPsec IKE |
Jörg Schwenk
,
Martin Grothe
,
Dennis Felsch
,
Adam Czubak
,
Marcin Szymanek
|
IPsec enables cryptographic protection of IP packets. It is commonly used to build VPNs (Virtual ... |
|
| One&Done: A Single-Decryption EM-Based Attack on OpenSSL’s Constant-Time Blinded RSA |
Monjur Alam
,
Haider Adnan Khan
,
Moumita Dey
,
Nishith Sinha
,
Robert Callan
,
Alenka Zajic
,
Milos Prvulovic
|
Cryptographic implementations are a valuable target for address-based side-channel attacks and should, thus, be protected ... |
|
| DATA – Differential Address Trace Analysis: Finding Address-based Side-Channels in Binaries |
Georg Sigl
,
Raphael Spreitzer
,
Stefan Mangard
,
Andreas Zankl
,
Samuel Weiser
,
Katja Miller
|
Cryptographic implementations are a valuable target for address-based side-channel attacks and should, thus, be protected ... |
|
| Analogy Cyber Security—From 0101 to Mixed Signals |
Wenyuan Xu
,
Zhejiang University
|
With the rapid development of sensing technologies, an increasing number of devices rely on sensors ... |
|
| Chipmunk or Pepe? Using Acoustical Analysis to Detect Voice-Channel Fraud at Scale |
Vijay Balasubramaniyan
|
As organizations are adding security layers to online interactions attackers are targeting the voice-channel to ... |
|
| The Battle for New York: A Case Study of Applied Digital Threat Modeling at the Enterprise Level |
Michelle l. Mazurek
,
Rock Stevens
,
Patrick Sweeney
,
Colin Ahern
,
Elissa M. Redmiles
,
Daniel Votipka
|
Digital security professionals use threat modeling to assess and improve the security posture of an ... |
|
| SAQL: A Stream-based Query System for Real-Time Abnormal System Behavior Detection |
Prateek Mittal
,
Xusheng Xiao
,
Zhenyu Wu
,
Kangkook Jee
,
Zhichun Li
,
Chung Hwan Kim
,
Ding Li
,
Peng Gao
,
Sanjeev R. Kulkarni
|
Recently, advanced cyber attacks, which consist of a sequence of steps that involve many vulnerabilities ... |
|
| Practical Accountability of Secret Processes |
Daniel Weitzner
,
Shafi Goldwasser
,
Jonathan Frankle
,
Sunoo Park
,
Daniel Shaar
|
The US federal court system is exploring ways to improve the accountability of electronic surveillance, ... |
|
| DIZK: A Distributed Zero Knowledge Proof System |
Alessandro Chiesa
,
Raluca Ada Popa
,
Ion Stoica
,
Wenting Zheng
,
Howard Wu
|
Recently there has been much academic and industrial interest in practical implementations of zero knowledge ... |
|
| NetHide: Secure and Practical Network Topology Obfuscation |
Vincent Lenders
,
Petar Tsankov
,
Roland Meier
,
Laurent Vechev
|
Simple path tracing tools such as traceroute allow malicious users to infer network topologies remotely ... |
|
| Towards a Secure Zero-rating Framework with Three Parties |
Yinzhi Cao
,
Zhiheng Liu
,
Zhen Zhang
,
Zhaohan Xi
,
Shihao Jing
,
Humberto La Roche
|
Zero-rating services provide users with free access to contracted or affiliated Content Providers (CPs), but ... |
|
| MoonShine: Optimizing OS Fuzzer Seed Selection with Trace Distillation |
Suman Jana
,
Shankara Pailoor
,
Andrew Aday
|
OS fuzzers primarily test the system call interface between the OS kernel and user-level applications ... |
|
| QSYM : A Practical Concolic Execution Engine Tailored for Hybrid Fuzzing |
Taesoo Kim
,
Yeongjin Jang
,
Sangho Lee
,
Insu Yun
,
Meng Xu
|
Recently, hybrid fuzzing has been proposed to address the limitations of fuzzing and concolic execution ... |
|
| Automatic Heap Layout Manipulation for Exploitation |
Sean Heelan
,
Tom Melham
,
Daniel Kroening
|
Heap layout manipulation is integral to exploiting heap-based memory corruption vulnerabilities. In this paper we ... |
|
| FUZE: Towards Facilitating Exploit Generation for Kernel Use-After-Free Vulnerabilities |
Jun (Jim) Xu
,
Xinyu Xing
,
Wei Wu
,
Yueqi Chen
,
Xiaorui Zou
|
Software vendors usually prioritize their bug remediation based on ease of their exploitation. However, accurately ... |
|
| The Secure Socket API: TLS as an Operating System Service |
Jordan Whitehead
,
Scott Heidbrink
,
Luke Dickinson
,
Mark O'neill
,
Nick Bonner
,
Tanner Perdue
,
Torstein Collett
,
Kent Zappala
|
SSL/TLS libraries are notoriously hard for developers to use, leaving system administrators at the mercy ... |
|
| Return Of Bleichenbacher’s Oracle Threat (ROBOT) |
Juraj Somorovsky
,
Craig Young
,
Hanno Böck
|
In 1998 Bleichenbacher presented an adaptive chosen-ciphertext attack on the RSA PKCS~#1~v1.5 padding scheme. The ... |
|
| Bamboozling Certificate Authorities with BGP |
Prateek Mittal
,
Jennifer Rexford
,
Yixin Sun
,
Anne Edmundson
,
Henry Birge-lee
|
The Public Key Infrastructure (PKI) protects users from malicious man-in-the-middle attacks by having trusted Certificate ... |
|
| The Broken Shield: Measuring Revocation Effectiveness in the Windows Code-Signing PKI |
Tudor Dumitras
,
Christopher S. Gates
,
Bum Jun Kwon
,
Doowon Kim
,
Kristián Kozák
|
Recent measurement studies have highlighted security threats against the code-signing public key infrastructure (PKI), such ... |
|
| Debloating Software through Piece-Wise Compilation and Loading |
Aravind Prakash
,
Lok Kwong Yan
,
Anh Quach
|
Programs are bloated. Our study shows that only 5% of libc is used on average ... |
|
| From Patching Delays to Infection Symptoms: Using Risk Profiles for an Early Discovery of Vulnerabilities Exploited in the Wild |
Tudor Dumitras
,
Yang Liu
,
Mingyan Liu
,
Bo Li
,
Armin Sarabi
,
Chaowei Xiao
|
At any given time there exist a large number of software vulnerabilities in our computing ... |
|
| Understanding the Reproducibility of Crowd-reported Security Vulnerabilities |
Bing Mao
,
Gang Wang
,
Xinyu Xing
,
Dongliang Mu
,
Alejandro Cuevas
,
Limin Yang
,
Hang Hu
|
Today’s software systems are increasingly relying on the “power of the crowd” to identify new ... |
|
| Malicious Management Unit: Why Stopping Cache Attacks in Software is Harder Than You Think |
Cristiano Giuffrida
,
Stephan Van Schaik
,
Herbert Razavi
|
Cache attacks have increasingly gained momentum in the security community. In such attacks, attacker-controlled code ... |
|
| Translation Leak-aside Buffer: Defeating Cache Side-channel Protections with TLB Attacks |
Kaveh Razavi
,
Ben Gras
,
Herbert Giuffrida
|
To stop side channel attacks on CPU caches that have allowed attackers to leak secret ... |
|
| Meltdown: Reading Kernel Memory from User Space |
Paul Kocher
,
Daniel Genkin
,
Yuval Yarom
,
Anders Fogh
,
Daniel Gruss
,
Stefan Mangard
,
Moritz Lipp
,
Michael Schwarz
,
Mike Hamburg
,
Thomas Prescher
,
Werner Haas
,
Jann Horn
|
The security of computer systems fundamentally relies on memory isolation, e.g., kernel address ranges are ... |
|
| Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution |
Raoul Strackx
,
Frank Piessens
,
Baris Kasikci
,
Daniel Genkin
,
Yuval Yarom
,
Ofir Weisse
,
Mark Silberstein
,
Thomas F. Wenisch
,
Jo Van Bulck
,
Marina Minkin
|
Trusted execution environments, and particularly the Software Guard eXtensions (SGX) included in recent Intel x86 ... |
|
| Plug and Prey? Measuring the Commoditization of Cybercrime via Online Anonymous Markets |
Nicolas Christin
,
Samaneh Tajalizadehkhoob
,
Michel Van Eeten
,
Kyle Soska
,
Rolf Van Wegberg
,
Ugur Akyazi
,
Carlos Hernandez Ganan
,
Bram Klievink
|
Researchers have observed the increasing commoditization of cybercrime, that is, the offering of capabilities, services, ... |
|
| Reading Thieves' Cant: Automatically Identifying and Understanding Dark Jargons from Cybercrime Marketplaces |
Kan Yuan
,
Haoran Lu
,
Xiaojing Wang
|
Underground communication is invaluable for understanding cybercrimes. However, it is often obfuscated by the extensive ... |
|
| Schrödinger’s RAT: Profiling the Stakeholders in the Remote Access Trojan Ecosystem |
Damon Mccoy
,
Kirill Levchenko
,
Paul Pearce
,
Hitesh Dharmdasani
,
Brown Farinholt
,
Mohammad Rezaeirad
|
Remote Access Trojans (RATs) are a class of malware that give an attacker direct, interactive ... |
|
| The aftermath of a crypto-ransomware attack at a large academic institution |
Leah Zhang-kennedy
,
Hala Assal
,
Jessica Rocheleau
,
Reham Mohamed
,
Khadija Chiasson
|
In 2016, a large North American university was subject to a significant crypto-ransomware attack and ... |
|
| From Spam to Speech: Policing the Next Generation of "Unwanted Traffic" |
Amy X. Zhang
,
Ben Y. Zhao
,
Nick Sullivan
,
Emma Llansó
|
Content platforms on today’s Internet are facing increased pressure to moderate the content that they ... |
|
| The Law and Economics of Bug Bounties |
Amit On
|
Bug Bounties are one of the fastest growing, popular and cost-effective ways for companies to ... |
|
| We Still Don’t Have Secure Cross-Domain Requests: an Empirical Study of CORS |
Vern Paxson
,
Shuo Chen
,
Haixin Duan
,
Jian Jiang
,
Tao Wan
,
Min Yang
,
Jianjun Chen
|
The default Same Origin Policy essentially restricts access of cross-origin network resources to be "write-only". ... |
|
| End-to-End Measurements of Email Spoofing Attacks |
Hang Wang
|
Spear phishing has been a persistent threat to users and organizations, and yet email providers ... |
|
| Who Is Answering My Queries: Understanding and Characterizing Interception of the DNS Resolution Path |
Shuang Hao
,
Haixin Duan
,
Zhou Li
,
Ying Liu
,
Min Yang
,
Baojun Liu
,
Chaoyi Lu
|
DNS queries from end users are handled by recursive DNS servers for scalability. For convenience, ... |
|
| End-Users Get Maneuvered: Empirical Analysis of Redirection Hijacking in Content Delivery Networks |
Angelos Stavrou
,
Haining Wang
,
Shuai Hao
,
Yubao Zhang
|
The success of Content Delivery Networks (CDNs) relies on the mapping system that leverages dynamically ... |
|
| SAD THUG: Structural Anomaly Detection for Transmissions of High-value Information Using Graphics |
Jonathan P. Chapman
|
The use of hidden communication methods by malware families skyrocketed in the last two years. ... |
|
| FANCI : Feature-based Automated NXDomain Classification and Intelligence |
Samuel Schüppen
,
Dominik Teubert
,
Patrick Meyer
|
FANCI is a novel system for detecting infections with domain generation algorithm (DGA) based malware ... |
|
| An Empirical Study of Web Resource Manipulation in Real-world Mobile Applications |
Xiaofeng Wang
,
Long Lu
,
Haixin Duan
,
Yuan Zhang
,
Min Yang
,
Zhemin Yang
,
Xiaohan Zhang
,
Qianqian Mo
,
Hao Xia
|
Mobile apps have become the main channel for accessing Web services. Both Android and iOS ... |
|
| Fast and Service-preserving Recovery from Malware Infections Using CRIU |
James Purtilo
,
Ashton Webster
,
Ryan Eckenrod
|
Once a computer system has been infected with malware, restoring it to an uninfected state ... |
|
| The Second Crypto War—What's Different Now |
Susan Landau
|
The First Crypto War were fought over end-to-end encryption for communications, and appeared largely over ... |
|
| Medical Device Cybersecurity through the FDA Lens |
Suzanne B. Schwartz
|
Medical devices from insulin pumps to implantable cardiac pacemakers are becoming more interconnected, which can ... |
|
| The Guard's Dilemma: Efficient Code-Reuse Attacks Against Intel SGX |
Ahmad-reza Sadeghi
,
Lucas Davi
,
Mauro Conti
,
Tommaso Frassetto
,
Andrea Biondo
|
Intel Software Guard Extensions (SGX) isolate security-critical code inside a protected memory area called enclave. ... |
|
| A Bad Dream: Subverting Trusted Platform Module While You Are Sleeping |
Seunghun Han
,
Wook Shin
,
Jun-hyeok Park
,
Hyoungchun Kim
|
This paper reports two sorts of Trusted Platform Module (TPM) attacks regarding power management. The ... |
|
| Tackling runtime-based obfuscation in Android with TIRO |
Michelle Lie
|
Obfuscation is used in malware to hide malicious activity from manual or automatic program analysis. ... |
|
| Discovering Flaws in Security-Focused Static Analysis Tools for Android using Systematic Mutation |
Adwait Nadkarni
,
Richard Bonett
,
Kaushal Kafle
,
Kevin Moran
,
Denys Poshyvanyk
,
William & Mary
|
Mobile application security has been one of the major areas of security research in the ... |
|
| With Great Training Comes Great Vulnerability: Practical Attacks against Transfer Learning |
Bimal Viswanath
,
Bolun Wang
,
Yuanshun Yao
,
Haitao Zhao
|
Transfer learning is a powerful approach that allows users to quickly build accurate deep-learning (Student) ... |
|
| When Does Machine Learning FAIL? Generalized Transferability for Evasion and Poisoning Attacks |
Tudor Dumitras
,
Octavian Suciu
,
Radu Marginean
,
Yigitcan Kaya
,
Hal Daume Iii
|
Recent results suggest that attacks against supervised machine learning systems are quite effective, while defenses ... |
|
| teEther: Gnawing at Ethereum to Automatically Exploit Smart Contracts |
Saarland University
,
Johannes Rossow
,
Cispa
,
Saarland Informatics Campus
|
Cryptocurrencies like Bitcoin not only provide a decentralized currency, but also provide a programmatic way ... |
|
| Enter the Hydra: Towards Principled Bug Bounties and Exploit-Resistant Smart Contracts |
Ari Juels
,
Florian Tramèr
,
Lorenz Breidenbach
,
Philip Daian
|
Bug bounties are a popular tool to help prevent software exploits. Yet, they lack rigorous ... |
|
| Arbitrum: Scalable, private smart contracts |
Harry A. Kalodner
,
Steven Goldfeder
,
Xiaoqi Chen
,
S. Felten
|
We present Arbitrum, a cryptocurrency system that supports smart contracts without the limitations of scalability ... |
|
| Erays: Reverse Engineering Ethereum's Opaque Smart Contracts |
Joshua Mason
,
Michael Bailey
,
Deepak Kumar
,
Andrew Miller
,
Yi Zhou
,
Surya Bakshi
|
Interacting with Ethereum smart contracts can have potentially devastating financial consequences. In light of this, ... |
|
| DelegaTEE: Brokered Delegation Using Trusted Execution Environments |
Srdjan Capkun
,
Ari Juels
,
Andrew Miller
,
Sinisa Matetic
,
Moritz Schneider
|
We introduce a new concept called brokered delegation. Brokered delegation allows users to flexibly delegate ... |
|
| Simple Password-Hardened Encryption Services |
Sherman Chow
,
Matteo Maffei
,
Manuel Reinert
,
Dominique Schröder
,
Russell Lai
,
Christoph Egger
|
Passwords and access control remain the popular choice for protecting sensitive data stored online, despite ... |
|
| Security Namespace: Making Linux Security Frameworks Available to Containers |
David R. Safford
,
Trent Jaeger
,
Zhongshu Gu
,
Yuqiong Sun
,
Mimi Zohar
,
Dimitrios Pendarakis
|
Lightweight virtualization (i.e., containers) offers a virtual host environment for applications without the need for ... |
|
| Shielding Software From Privileged Side-Channel Attacks |
John Criswell
,
Alan L. Cox
,
Sandhya Dwarkadas
,
Xiaowan Dong
,
Zhuojia Shen
|
Commodity operating system (OS) kernels, such as Windows, Mac OS X, Linux, and FreeBSD, are ... |
|
| Vetting Single Sign-On SDK Implementations via Symbolic Reasoning |
Wing Cheong Lau
,
Ronghai Yang
,
Jiongyi Zhang
|
Encouraged by the rapid adoption of Single Sign-On (SSO) technology in web services, mainstream identity ... |
|
| O Single Sign-Off, Where Art Thou? An Empirical Analysis of Single Sign-On Account Hijacking and Session Management on the Web |
Chris Kanich
,
Stephen Checkoway
,
Jason Polakis
,
Mohammad Ghasemisharif
,
Amrutha Ramesh
|
Single Sign-On (SSO) allows users to effortlessly navigate the Web and obtain a personalized experience ... |
|
| WPSE: Fortifying Web Protocols via Browser-Side Security Monitoring |
Stefano Calzavara
,
Riccardo Focardi
,
Marco Squarcina
,
Matteo Maffei
,
Mauro Tempesta
,
Clara Schneidewind
|
We present WPSE, a browser-side security monitor for web protocols designed to ensure compliance with ... |
|
| Man-in-the-Machine: Exploiting Ill-Secured Communication Inside the Computer |
Thanh Bui
,
Siddharth Prakash Rao
,
Markku Antikainen
,
Viswanathan Manihatty Bojan
,
Tuomas Aura
|
Operating systems provide various inter-process communication (IPC) mechanisms. Software applications typically use IPC for communication ... |
|
| All Your GPS Are Belong To Us: Towards Stealthy Manipulation of Road Navigation Systems |
Haoyu Li
,
Gang Wang
,
Dong Wang
,
Yaling Yang
,
Kexiong (curtis) Zeng
,
Shinan Liu
,
Yuanchao Shu
,
Yanzhi Dou
|
Mobile navigation services are used by billions of users around globe today. While GPS spoofing ... |
|
| Injected and Delivered: Fabricating Implicit Control over Actuation Systems by Spoofing Inertial Sensors |
Insup Lee
,
Zhiqiang Lin
,
Yazhou Tu
,
Xiali Hei
|
Inertial sensors provide crucial feedback for control systems to determine motional status and make timely, ... |
|
| Modelling and Analysis of a Hierarchy of Distance Bounding Attacks |
Tom Chothia
,
Ben Smyth
,
Joeri De Ruiter
|
We present an extension of the applied pi-calculus that can be used to model distance ... |
|
| Off-Path TCP Exploit: How Wireless Routers Can Jeopardize Your Secrets |
Zhiyun Qian
,
Weiteng Chen
|
In this study, we discover a subtle yet serious timing side channel that exists in ... |
|
| Formal Security Analysis of Neural Networks using Symbolic Intervals |
Suman Jana
,
Junfeng Yang
,
Shiqi Wang
,
Kexin Pei
,
Justin Whitehouse
|
Due to the increasing deployment of Deep Neural Networks (DNNs) in real-world security-critical domains including ... |
|
| Turning Your Weakness Into a Strength: Watermarking Deep Neural Networks by Backdooring |
Benny Pinkas
,
Carsten Baum
,
Yossi Adi
,
Moustapha Cisse
,
Joseph Keshet
|
Deep Neural Networks have recently gained lots of success after enabling several breakthroughs in notoriously ... |
|
| A4NT: Author Attribute Anonymity by Adversarial Training of Neural Machine Translation |
Rakshith Shetty
,
Bernt Schiele
,
Mario Fritz
|
Text-based analysis methods enable an adversary to reveal privacy relevant author attributes such as gender, ... |
|
| GAZELLE: A Low Latency Framework for Secure Neural Network Inference |
Vinod Vaikuntanathan
,
Chiraag Juvekar
,
Anantha Chandrakasan
|
The growing popularity of cloud-based machine learning raises natural questions about the privacy guarantees that ... |
|
| FlowCog: Context-aware Semantics Extraction and Analysis of Information Flow Leaks in Android Apps |
Yan Chen
,
Yinzhi Cao
,
Xiang Pan
,
Xuechao Du
,
Boyuan He
,
Gan Fang
|
Android apps having access to private information may be legitimate, depending on whether the app ... |
|
| Sensitive Information Tracking in Commodity IoT |
Patrick Mcdaniel
,
Gang Tan
,
A. Selcuk Uluagac
,
Amit Kumar Sikder
,
Hidayet Aksu
,
Z. Berkay Celik
,
Leonardo Babun
|
Broadly defined as the Internet of Things (IoT), the growth of commodity devices that integrate ... |
|
| Enabling Refinable Cross-Host Attack Investigation with Efficient Data Flow Tagging and Tracking |
Taesoo Kim
,
Wenke Lee
,
Sangho Lee
,
Yang Ji
,
Mattia Fazzini
,
Joey Allen
,
Evan Downing
,
Alessandro Orso
|
Investigating attacks across multiple hosts is challenging. The true dependencies between security-sensitive files, network endpoints, ... |
|
| Dependence-Preserving Data Compaction for Scalable Forensic Analysis |
R. Sekar
,
Scott d. Stoller
,
Md Nahid Hossain
,
Junao Wang
|
Large organizations are increasingly targeted in long-running attack campaigns lasting months or years. When a ... |
|
