ACSAC2019 2019 Dec. 9, 2019 to Dec. 13, 2019, San Juan, Puerto Rico

Event Page


Tell us about missing data
Title Speakers Summary Topic Types
Panel: Disinformation and Other Harmful Messaging: Can Technology Tame the Beast It Created? Mary Ellen Zurko , Christopher Sherr N/A
Proof of Aliveness Marten van Dijk , Zheng Yang , Jianying Zhou , Chenglu Jin In 2017, malware Triton was discovered in a petrol plant in Saudi Arabia, and it ...
Co-Evaluation of Pattern Matching Algorithms on IoT Devices with Embedded GPUs Magnus Almgren , Marina Papatriantafilou , Charalampos Stylianopoulos , Simon Kindstrom , Olaf Landsiedel Pattern matching is an important building block for many security applications, including Network Intrusion Detection ...
Aegis: A Context-aware Security Framework for Smart Home Systems A. Selcuk Uluagac , Amit Kumar Sikder , Hidayet Aksu , Leonardo Babun Our everyday lives are expanding fast with the introduction of new Smart Home Systems (SHSs). ...
Defeating Hidden Audio Channel Attacks on Voice Assistants via Audio-Induced Surface Vibrations Nitesh Saxena , Jian Liu , Chen Wang , S Abhishek Anand , Payton R. Walker , Yingying (jennifer) Chen Voice access technologies are widely adopted in mobile devices and voice assistant systems as a ...
TF-BIV: Transparent and Fine-grained Binary Integrity Verification in the Cloud Jingqiang Lin , Le Guan , Bo Luo , Quanwei Cai , Fangjie Jiang , Ziqiang Ma With the emergence of virtualization technologies, various services have been migrated to the cloud. Beyond ...
Nibbler: Debloating Binary Shared Libraries Georgios Portokalidis , Vasileios p. Kemerlis , David Williams-king , Ioannis Agadakos , Di Jin Developers today have access to an arsenal of toolkits and libraries for rapid application prototyping. ...
Function Boundary Detection in Stripped Binaries Jim Song Automated cyber defense tools require the ability to analyze binary applications, detect vulnerabilities and automatically ...
VPS: Excavating High-Level C++ Constructs from Low-Level Binaries to Protect Dynamic Dispatching Thorsten Holz , Herbert Bos , Victor Veen , Cristiano Giuffrida , Dennis Andriesse , Andre Pawlowski , Erik Kouwe Polymorphism and inheritance make C++ suitable for writing complex software, but significantly increase the attack ...
STRIP: A Defence Against Trojan Attacks on Deep Neural Networks Chang Xu , Garrison Gao , Derui Wang , Shiping Chen , Damith C. Ranasinghe , Nepal Surya Recent trojan attacks on deep neural network (DNN) models are one insidious variant of data ...
How to Prove Your Model Belongs to You: A Blind-Watermark based Framework to Protect Intellectual Property of DNN Yang Zhang , Zheng Li , Shanqing Guo , Chengyu Hu Deep learning techniques have made tremendous progress in a variety of challenging tasks, such as ...
D2NN: A Fine-Grained Dual Modular Redundancy Framework for Deep Neural Networks Min Li , Bo Luo , Qiang Xu , Yu Li , Yannan Liu , Ye Tian Deep Neural Networks (DNNs) have attracted mainstream adoption in various application domains. Their reliability and ...
Model Inversion Attacks Against Collaborative Inference Ruby b. Lee , Tianwei Zhang , Zecheng He The prevalence of deep learning has drawn attention to the privacy protection of sensitive data. ...
Systematic Comparison of Symbolic Execution Systems: Intermediate Representation and its Generation Sebastian Francillon Symbolic execution has become a popular technique for software testing and vulnerability detection. Most implementations ...
How to Kill Symbolic Deobfuscation for Free (or: Unleashing the Potential of Path-Oriented Protections) Jean-yves Marion , Sébastien Bardin , Richard Bonichon , Mathilde Ollivier Code obfuscation is a major tool for protecting software intellectual property from attacks such as ...
Sleak: Automating Address Space Layout Derandomization Christopher Kruegel , Giovanni Vigna , Ruoyu Wang , Yan Shoshitaishvili , Christophe Hauser , Jayakrishna Menon We present a novel approach to automatically recover information about the address space layout of ...
SIP Shaker: Software Integrity Protection Composition Sebastian Banescu , Mohsen Ahmadvand , Dennis Fischer Man-At-The-End (MATE) attackers are almighty adversaries against whom there exists no silver-bullet countermeasure. To raise ...
NITRD Panel: Federal Cybersecurity R&D Strategic Plan Jeremy Epstein , Raymond Brown , Wei-shinn Ku N/A
Defeating the PCAP Problem: Making a Mountain into a Molehill Leigh Metcalf N/A
“Operation CWAL”: The Dying Art of Product Penetration Testing Daniel Nguyen , Daniel Ladron , And Adrian Pirvu N/A
Detecting organized eCommerce fraud using scalable categorical clustering Sebastian Szyller , Samuel Marchal Online retail, eCommerce, frequently falls victim to fraud conducted by malicious customers (fraudsters) who obtain ...
SIMPLE: Single-Frame based Physical Layer Identification for Intrusion Detection and Prevention on In-Vehicle Networks Ryan Gerdes , Ming Li , Mahsa Foruhandeh , Yanmao Man , Thidapat Chantam The Controller Area Network (CAN) is a bus standard commonly used in the automotive industry ...
Improving Intrusion Detectors by Crook-sourcing Latifur Khan , Kevin W. Hamlen , Frederico Araujo , Gbadebo Ayoade , Khaled Al-naami , Yang Gao Conventional cyber defenses typically respond to detected attacks by rejecting them as quickly and decisively ...
JStap: A Static Pre-Filter for Malicious JavaScript Detection Michael Backes , Ben Stock , Aurore Fass Given the success of the Web platform, attackers have abused its main programming language, namely ...
Koinonia: Verifiable E-Voting with Long-term Privacy Huian Li , Xukai Zou , Ninghui Li , Tianhao Wang , Sze Yiu Chau , Huangyi Ge , Victor E Gonsalves Despite years of research, many existing e-voting systems do not adequately protect voting privacy. In ...
Whisper: A Unilateral Defense Against VoIP Traffic Re-Identification Attacks Micah Sherr , Tavish Vaidya , Tim Walsh Encrypted voice-over-IP (VoIP) communication often uses variable bit rate (VBR) codecs to achieve good audio ...
Privacy Preserving Substring Search Protocol with Polylogarithmic Communication Cost Alessandro Barenghi , Gerardo Pelosi , Nicholas Mainardi The problem of efficiently searching into outsourced encrypted data, while providing strong privacy guarantees, is ...
Revisiting Utility Metrics for Location Privacy-Preserving Mechanisms Amir Houmansadr , Virat Shejwalkar , Hossein Pishro-nik , Dennis Goeckel The literature has extensively studied various location privacy-preserving mechanisms (LPPMs) in order to improve the ...
Distinguished Practitioner Keynote: Why Your Tech Transition Will Probably Fail (And Why You Should Do It Anyway) Patrick Traynor The world has never been more interconnected, nor have our systems been less capable of ...
Panel: Framing the Ransomware Problem Michael Ekstrom , Peter Wong , José L. Quiñones-borrero Is ransomware an information availability problem, an information integrity problem, or a people problem? Following ...
Detecting (Absent) App-to-app Authentication on Cross-device Short-distance Channels Danilo Bruschi , Long Lu , Andrea Lanzi , Stefano Cristalli Short-distance or near-field communication is increasingly used by mobile apps for interacting or exchanging data ...
An Empirical Study of the SMS One-Time Password Authentication in Android Apps Robert h. Deng , Elisa Bertino , Yang Liu , Juanru Li , Surya Nepal , Zhuo Ma , Siqi Ma , Runhan Feng , Diethelm Ostry , Sanjay Jha A great quantity of user passwords nowadays has been leaked through security breaches of user ...
Challenge-Response Behavioral Mobile Authentication: A Comparative Study of Graphical Patterns and Cognitive Games Nitesh Saxena , Manar Mohamed , Prakash Shrestha The most researched behavioral biometrics for mobile device authentication involves the use of touch gestures ...
AppVeto: Mobile Application Self-Defense through Resource Access Veto Mohammad Mannan , Urs Hengartner , Amr Youssef , Tousif Osman Modern mobile operating systems such as Android and Apple iOS allow apps to access various ...
Progressive Processing of System Behavioral Query Xusheng Xiao , Chung Hwan Kim , Ding Li , Jiaping Gui , Haifeng Chen System monitoring has recently emerged as an effective way to analyze and counter advanced cyber ...
SecDATAVIEW: A Secure Big Data Workflow Management System for Heterogeneous Computing Environments Ping Yang , Heming Cui , Fengwei Zhang , Saeid Mofrad , Ishtiaq Ahmed , Shiyong Lu Big data workflow management systems (BDWFMSs) have recently emerged as popular platforms to perform large-scale ...
Mining Least Privilege Attribute Based Access Control Policies Chuan Yue , Matthew Sanders Creating effective access control policies is a significant challenge to many organizations. Over-privilege increases security ...
MalRank: A Measure of Maliciousness in SIEM-based Knowledge Graphs Christoph Meinel , Pejman Najafi , Alexander Muehle , Wenzel Puenter , Feng Cheng In this paper, we formulate threat detection in SIEM environments as a large-scale graph inference ...
NITRD Panel: Making AI Forget You Yinzhi Cao , Raymond Brown , Wei-shinn Ku , Saurabh Shintre N/A
CUBISMO: Decloaking Server-side Malware via Cubist Program Analysis Anh Nguyen-tuong , Yonghwi Kwon , Abbas Naderi-afooshteh , Mandana Bagheri-marzijarani , Jack W. Davidson Malware written in dynamic languages such as PHP routinely employ anti-analysis techniques such as obfuscation ...
Neurlux: Dynamic Malware Analysis Without Feature Engineering Christopher Kruegel , Giovanni Vigna , Christopher Salls , Chani Jindal , Hojjat Aghakhani , Keith Long Malware detection plays a vital role in computer security. Modern machine learning approaches have been ...
A Game of "Cut and Mouse": Bypassing Antivirus by Simulating User Inputs Gabriele Lenzini , Daniele Sgandurra , Ziya Alper Genç Most users and companies heavily rely on anti-virus (AV) software to protect their digital assets, ...
My Script Engines Know What You Did In The Dark: Converting Engines into Script API Tracers Kanta Matsuura , Makoto Iwamura , Toshinori Usui , Yuto Otsuki , Yuhei Kawakoya , Jun Miyoshi Malicious scripts have been crucial attack vectors in recent attacks such as malware spam (malspam) ...
BakingTimer: Privacy Analysis of Server-Side Request Processing Time Davide Balzarotti , Igor Santos , Iskander Sanchez-rola Cookies were originally introduced as a way to provide state awareness to websites, and are ...
PDoT: Private DNS-over-TLS with TEE Support Yoshimichi Nakatsuka , Uc Paverd , Andrew.paverd@ieee.org; Gene Tsudik Security and privacy of the Internet Domain Name System (DNS)have been longstanding concerns. Recently, there ...
Casino Royale: A Deep Exploration of Illegal Online Gambling Shuang Hao , Haining Wang , Haixin Duan , Zhou Li , Kun Du , Hao Yang , Yubao Zhang , Mingxuan Liu , Yazhou Shi , Xiaodong Su , Guang Liu , Zhifeng Geng , Jianping Wu The popularity of online gambling could bring negative social impact, and many countries ban or ...
Leveraging Locality of Reference for Certificate Revocation Kent Seamons , Luke Dickinson , Trevor Smith X.509 certificate revocation defends against man-in-the-middle attacks involving a compromised certificate. Certificate revocation strategies face ...
Hype or hope? Machine learning based security analytics for web applications Lei Ding , Xiaoyong Yuan , And Salem N/A
Applying the Guilt By Association Principle to Threat Detection with Sparsely Labeled Data Kevin Roundy N/A
JEX: A Straightforward, Portable and Scalable Framework for Automatic Exploit Generation for Java Mohammadreza Ashouri N/A
Opening Pandora's Box through ATFuzzer: Dynamic Analysis of AT Interface for Android Smartphones Elisa Bertino , Syed Rafiul Hussain , Omar Chowdhury , Imtiaz Karim , Fabrizio Cicala This paper focuses on checking the correctness and robustness of the AT command interface exposed ...
SRFuzzer: An Automatic Fuzzing Framework for Physical SOHO Router Devices to Discover Multi-Type Vulnerabilities Chao Zhang , Yu Zhang , Chen Wang , Wei Huo , Kunpeng Jian , Ji Shi , Haoliang Lu , Longquan Liu , Dandan Sun , Baoxu Liu SOHO (small office/home office) routers provide services for end devices to connect to the Internet, ...
Premadoma: An Operational Solution for DNS Registries to Prevent Malicious Domain Registrations Lieven Desmet , Wouter Joosen , Thomas Vissers , Jan Spooren , Peter Janssen DNS is one of the most essential components of the Internet, mapping domain names to ...
Coordinated Dataflow Protection for Ultra-High Bandwidth Science Networks Vinod Yegneswaran , Phil Porras , Samir R. Das , Vasudevan Nagendra The Science DMZ (SDMZ) is a special purpose network architecture proposed by ESnet (Energy Sciences ...
Analyzing Control Flow Integrity with LLVM-CFI Gang Tan , Jens Grossklags , Claudia Eckert , Zhiqiang Lin , Paul Muntean , Matthias Neumayer Control-flow hijacking attacks are used to perform malicious computations. Current solutions for assessing the attack ...
Mitigating Data Leakage by Protecting Memory-resident Sensitive Data Fabian Monrose , Michalis Polychronakis , Tapti Palit Gaining reliable arbitrary code execution through the exploitation of memory corruption vulnerabilities is becoming increasingly ...
FRAMER: A Tagged-Pointer Capability System with Memory Safety Applications Periklis Akritidis , Myoung Jin Nam , David J Greaves Security mechanisms for systems programming languages, such as fine-grained memory protection for C/C++, authorize operations ...
FuzzBuilder: Automated building greybox fuzzing environment for C/C++ library Huy Kang Kim , Joonun Jang Fuzzing is an effective method to find bugs in software. Many security communities are interested ...
The Chatty-Sensor: A Provably-covert Channel in Cyber Physical Systems Amir Herzberg , Yehonatan Kfir Cyber physical systems (CPS) typically contain multiple control loops, where the controllers use actuators to ...
HDMI-WALK: Attacking HDMI Distribution Networks via Consumer Electronic Control Protocol Selcuk Uluagac , Kemal Akkaya , Leonardo Babun , Luis Rondon The High Definition Multimedia Interface (HDMI) is the backbone and the de-facto standard for Audio/Video ...
Out of Control: Stealthy Attacks Against Robotic Vehicles Protected by Control-based Techniques Karthik Pattabiraman , Pritam Dash , Mehdi Karimibiuki Robotic vehicles (RVs) are cyber-physical systems that operate in the physical world under the control ...
WooKey: Designing a Trusted and Efficient USB Device Mathieu Renard , Ryad Benadjila , Arnauld Michelizza , Philippe Thierry , Philippe Trebuchet The work presented in this paper takes place in the design initiatives that have emerged ...
EIGER: Automated IOC Generation for Accurate and Interpretable Endpoint Malware Detection Tatsuya Mori , Makoto Iwamura , Yuto Otsuki , Yuhei Kawakoya , Yuma Kurogome , Syogo Hayashi , Koushik Sen EIGER: Automated IOC Generation for Accurate and Interpretable Endpoint Malware Detection
Your Hashed IP Address: Ubuntu - Perspectives on Transparency Tools for Online Advertising Thorsten Holz , Norbert Pohlmann , Tobias Urban , Martin Degeling Ad personalization has been criticized in the past for invading privacy, lack of transparency, and ...
Will You Trust This TLS Certificate? Perceptions of People Working in IT Vashek Matyas , Martin Ukrop , Lydia Kraus , Heider Wahsheh Flawed TLS certificates are not uncommon on the Internet. While they signal a potential issue, ...
I Know What You Did Last Login: Inconsistent Messages Tell Existence of a Target's Account to Insiders Takuya Watanabe , Mitsuaki Akiyama , Eitaro Shioji , Ayako Akiyama Hasegawa Account security to protect user accounts against sensitive data breaches is a major mission for ...
Speculator: A Tool to Analyze Speculative Execution Attacks and Mitigations William Robertson , Engin Kirda , Matthias Neugschwandtner , Anil Kurmus , Alessandro Sorniotti , Andrea Mambretti Speculative execution attacks exploit vulnerabilities at a CPU's microarchitectural level, which, until recently, remained hidden ...
Survivor: A Fine-Grained Intrusion Response and Recovery Approach for Commodity Operating Systems Guillaume Hiet , Ronny Chevalier , David Plaquin , Chris Dalton Despite the deployment of preventive security mechanisms to protect the assets and computing platforms of ...
Robust Keystroke Transcription from the Acoustic Side-Channel Scott Tenaglia , David Slater , Scott Novotney , Jessica Moore , Sean Morgan The acoustic emanations from keyboards provide a side-channel attack from which an attacker can recover ...
DR.SGX: Automated and Adjustable Side-Channel Protection for SGX using Data Location Randomization Srdjan Capkun , Kari Kostiainen , Ahmad-reza Sadeghi , Alexandra Dmitrienko , Tommaso Frassetto , Ferdinand Brasser Recent research has demonstrated that Intel's SGX is vulnerable to software-based side-channel attacks. In a ...