IEEEEuroS&P 2019 June 17, 2019 to June 19, 2019, Stockholm, Sweden

Event Page


Tell us about missing data
Title Speakers Summary Topic Types
False Sense of Security: A Study on the Effectivity of Jailbreak Detection in Banking Apps Konrad Rieck , Christian Wressnegger , Ansgar Kellner , Micha Horlboge More and more people rely on mobile devices for banking transactions or two-factor authentication (2FA), ...
Up-To-Crash: Evaluating Third-Party Library Updatability on Android Michael Backes , Sven Bugiel , Jie Huang , Nataniel Borges Buggy and flawed third-party libraries increase their host app's attack surface and put the users' ...
Challenges in Designing Exploit Mitigations for Deeply Embedded Systems Thorsten Holz , Sandro Etalle , Ali Abbasi , Jos Wetzels Memory corruption vulnerabilities have been around for decades and rank among the most prevalent vulnerabilities ...
DroidEvolver: Self-Evolving Android Malware Detection System Robert h. Deng , Kai Chen , Yingjiu Li , Ke Xu , Jiayun Xu Given the frequent changes in the Android framework and the continuous evolution of Android malware, ...
Programming with Flow-Limited Authorization: Coarser is Better Stephen Chong , Mathias Vorreiter Pedersen Applications that handle sensitive information need to express and reason about the trust relationships between ...
Information-Flow Control for Database-backed Applications Andrei Sabelfeld , Musard Balliu , David Basin , Marco Guarnieri , Daniel Schoepe Securing database-backed applications requires tracking information across the program and the database together, since securing ...
Steroids for DOPed Applications: A Compiler for Automated Data-Oriented Programming Thorsten Holz , Jannik Pewny , Philipp Koppe The wide-spread adoption of system defenses such as the randomization of code, stack, and heap ...
A Symbolic Analysis of ECC-based Direct Anonymous Attestation Liqun Chen , Steve Schneider , Ralf Sasse , Jorden Whitefield , Helen Treharne , Steve Wesemeyer Direct Anonymous Attestation (DAA) is a cryptographic scheme that provides Trusted Platform Module (TPM)-backed anonymous ...
Stealing Intel Secrets from SGX Enclaves via Speculative Execution Zhiqiang Lin , Yinqian Zhang , Yuan Xiao , Guoxing Chen , Sanchuan Chen , Ten H. Lai Speculative execution vulnerabilities in microarchitecture processors have raised concerns about the security of Intel SGX. ...
ReplicaTEE: Enabling Seamless Replication of SGX Enclaves in the Cloud Claudio Soriente , Ghassan O. Karame , Wenting Li , Sergey Fedorov With the proliferation of Trusted Execution Environments (TEEs) such as Intel SGX, a number of ...
Adaptive Call-site Sensitive Control Flow Integrity Zhi Wang , Yueqiang Cheng , Yajin Zhou , Mustakimur Khandaker , Abu Naser , Wenqing Liu Low-level languages like C/C++ are widely used in various applications for their performance and flexibility. ...
Deanonymization and linkability of cryptocurrency transactions based on network analysis Alex Biryukov , Sergei Tikhomirov Bitcoin, introduced in 2008 and launched in 2009, is the first digital currency which solved ...
Ekiden: A Platform for Confidentiality-Preserving, Trustworthy, and Performant Smart Contracts Noah Johnson , Dawn Song , Ari Juels , Fan Zhang , Andrew Miller , Warren He , Raymond Cheng , Jernej Kos , Nicholas Hynes Smart contracts are applications that execute on blockchains. Today they manage billions of dollars in ...
Understanding eWhoring Alice Hutchings , Sergio Pastrana In this paper, we describe a new type of online fraud, referred to as 'eWhoring' ...
Keynote: Smashing the stack for fun and nonprofit Melanie Rieback Radically Open Security is the world’s first non-profit computer security consultancy company. With core principles ...
Key-Insulated and Privacy-Preserving Signature Scheme with Publicly Derived Public Key Huaxiong Wang , Duncan s. Wong , Guomin Yang , Khoa Nguyen , Zhen Hua Liu Since the introduction of Bitcoin in 2008, cryptocurrency has been undergoing a quick and explosive ...
A Mechanised Cryptographic Proof of the WireGuard Virtual Private Network Protocol Karthikeyan Bhargavan , Bruno Blanchet , Benjamin Lipp WireGuard is a free and open source Virtual Private Network (VPN) that aims to replace ...
The Case of Adversarial Inputs for Secure Similarity Approximation Protocols Petros Efstathopoulos , Evgenios M. Kornaropoulos Computing similarity between high-dimensional data is a fundamental problem in data mining and information retrieval, ...
A Practical Attestation Protocol for Autonomous Embedded Systems Stefan Katzenbeisser , Florian Kohnhäuser , Niklas Büscher With the recent advent of the Internet of Things (IoT), embedded devices increasingly operate collaboratively ...
SAID: Reshaping Signal into an Identity-Based Asynchronous Messaging Protocol with Authenticated Ratcheting Pierre-alain Fouque , Cristina Onete , Olivier Blazy , Xavier Bultel , Angèle Bossuat , Elena Pagnin As messaging applications are becoming increasingly popular, it is of utmost importance to analyze their ...
SoK: Benchmarking Flaws in Systems Security Herbert Bos , Cristiano Giuffrida , Dennis Andriesse , Gernot Heiser , Erik Kouwe Properly benchmarking a system is a difficult and intricate task. Unfortunately, even a seemingly innocuous ...
Tell Me You Fixed It: Evaluating Vulnerability Notifications via Quarantine Networks Samaneh Tajalizadehkhoob , Carlos Gañán , Michel Van Eeten , Orçun Çetin , Lisette Altena Mechanisms for large-scale vulnerability notifications have been confronted with disappointing remediation rates. It has proven ...
Discovering Correlations: A Formal Definition of Causal Dependency Among Heterogeneous Events Charles Xosanavongsa , Eric Totel , Olivier Bettan In order to supervise the security of a large infrastructure, the administrator deploys multiple sensors ...
Noise Explorer: Fully Automated Modeling and Verification for Arbitrary Noise Protocols Karthikeyan Bhargavan , Nadim Kobeissi , Georgio Nicolas The Noise Protocol Framework, introduced recently, allows for the design and construction of secure channel ...
IFAL: Issue First Activate Later Certificates for V2X Flavio D. Garcia , Eric Verheul , Christopher Hicks This paper presents IFAL, a provably secure and privacy conscious scheme for Vehicle-to-Vehicle and Vehicle-to-Infrastructure ...
Degenerate fault attacks on elliptic curve parameters in OpenSSL Mehdi Tibouchi , Akira Takahashi In this paper, we describe several practically exploitable fault attacks against OpenSSL's implementation of elliptic ...
On Aggregation of Information in Timing Attacks Boris Köpf , Itsaka Rakotonirina A key question for characterizing a system's vulnerability against timing attacks is whether or not ...
In Encryption we don't Trust: The Effect of End-To-End Encryption to the Masses on User Perception Matthew Smith , Sergej Dechand , Alena Naiakshina , Anastasia Danilova With WhatsApp's adoption of the Signal Protocol as its default, end-to-end encryption by the masses ...
Rethinking Location Privacy for Unknown Mobility Behaviors Carmela Troncoso , Fernando Perez-gonzalez , Simon Oya Location Privacy-Preserving Mechanisms (LPPMs) in the literature largely consider that users' data is available for ...
Revisiting User Privacy for Certificate Transparency Daniel Kales , Sebastian Ramacher , Olamide Omolola Public key infrastructure (PKI) based on certificate authorities is one of the cornerstones of secure ...
PILOT: Practical Privacy-Preserving Indoor Localization using OuTsourcing Thomas Schneider , Zheng Yang , Kimmo Järvinen , Helena Leppäkoski , Elena-simona Lohan , Philipp Richter , Oleksandr Tkachenko In the last decade, we observed a constantly growing number of Location-Based Services (LBSs) used ...
The 5G-AKA Authentication Protocol Privacy Adrien Koutsos We study the 5G-AKA authentication protocol described in the 5G mobile communication standards. This version ...
Towards Understanding Limitations of Pixel Discretization Against Adversarial Attacks Somesh Jha , Vaibhav Rastogi , Jiefeng Chen , Xi Wu , Yingyu Liang Wide adoption of artificial neural networks in various domains has led to an increasing interest ...
EzPC: Programmable and Efficient Secure Two-Party Computation for Machine Learning Rahul Sharma , Divya Gupta , Aseem Rastogi , Nishanth Chandran , Shardul Tripathi We present EZPC, a secure two-party computation (2PC) framework that generates efficient 2PC protocols from ...
PRADA: Protecting Against DNN Model Stealing Attacks N. Asokan , Mika Juuti , Sebastian Szyller , Samuel Marchal Machine learning (ML) applications are increasingly prevalent. Protecting the confidentiality of ML models becomes paramount ...
Mitch: A Machine Learning Approach to the Black-Box Detection of CSRF Vulnerabilities Stefano Calzavara , Riccardo Focardi , Gabriele Tolomei , Mauro Conti , Alvise Rabitti Cross-Site Request Forgery (CSRF) is one of the oldest and simplest attacks on the Web, ...
Domain Impersonation is Feasible: A Study of CA Domain Validation Vulnerabilities Lorenz Schwittmann , Matthäus Wander , Torben Weis Web security relies on the assumption that certificate authorities (CAs) issue certificates to rightful domain ...
TraffickStop: Detecting and Measuring Illicit Traffic Monetization Through Large-scale DNS Analysis Xiaofeng Wang , Shuang Hao , Haixin Duan , Kai Chen , Yaoqi Jia , Sumayah Alrwais , Zhou Li , Ying Liu , Yiming Zhang , Baojun Liu , Chaoyi Lu , Peiyuan Zong , Zaifeng Zhang Illicit traffic monetization is a type of Internet fraud that hijacks users' web requests and ...
Using Guessed Passwords to Thwart Online Guessing Stuart E. Schechter , Cormac Herley , Yuan Tian Practitioners who seek to defend password-protected resources from online guessing attacks will find a shortage ...
MALPITY: Automatic Identification and Exploitation of Tarpit Vulnerabilities in Malware Christian Rossow , Sebastian Walla Law enforcement agencies regularly take down botnets as the ultimate defense against global malware operations. ...
Private votes on untrusted platforms: models, attacks and provable scheme Constantin Catalin Dragan , Steve Kremer , Sergiu Bursuc Modern e-voting systems deploy cryptographic protocols on a complex infrastructure involving different computing platforms and ...
Is your vote overheard? A new scalable side-channel attack against paper voting Jan Willemson , Kristjan Krips , Sebastian Värv In an ongoing discussion comparing the security properties of electronic and paper voting, decreased privacy ...
Improving Automated Symbolic Analysis of Ballot Secrecy for E-voting Protocols: A Method Based on Sufficient Conditions Cas Cremers , Lucca Hirschi We advance the state-of-the-art in automated symbolic analysis of ballot secrecy for e-voting protocols by ...