| Title |
Speakers |
Summary |
Topic Types |
| Panel: Disinformation and Other Harmful Messaging: Can Technology Tame the Beast It Created? |
Mary Ellen Zurko
,
Christopher Sherr
|
N/A |
|
| Proof of Aliveness |
Marten van Dijk
,
Zheng Yang
,
Jianying Zhou
,
Chenglu Jin
|
In 2017, malware Triton was discovered in a petrol plant in Saudi Arabia, and it ... |
|
| Co-Evaluation of Pattern Matching Algorithms on IoT Devices with Embedded GPUs |
Magnus Almgren
,
Marina Papatriantafilou
,
Charalampos Stylianopoulos
,
Simon Kindstrom
,
Olaf Landsiedel
|
Pattern matching is an important building block for many security applications, including Network Intrusion Detection ... |
|
| Aegis: A Context-aware Security Framework for Smart Home Systems |
A. Selcuk Uluagac
,
Amit Kumar Sikder
,
Hidayet Aksu
,
Leonardo Babun
|
Our everyday lives are expanding fast with the introduction of new Smart Home Systems (SHSs). ... |
|
| Defeating Hidden Audio Channel Attacks on Voice Assistants via Audio-Induced Surface Vibrations |
Nitesh Saxena
,
Jian Liu
,
Chen Wang
,
S Abhishek Anand
,
Payton R. Walker
,
Yingying (jennifer) Chen
|
Voice access technologies are widely adopted in mobile devices and voice assistant systems as a ... |
|
| TF-BIV: Transparent and Fine-grained Binary Integrity Verification in the Cloud |
Jingqiang Lin
,
Le Guan
,
Bo Luo
,
Quanwei Cai
,
Fangjie Jiang
,
Ziqiang Ma
|
With the emergence of virtualization technologies, various services have been migrated to the cloud. Beyond ... |
|
| Nibbler: Debloating Binary Shared Libraries |
Georgios Portokalidis
,
Vasileios p. Kemerlis
,
David Williams-king
,
Ioannis Agadakos
,
Di Jin
|
Developers today have access to an arsenal of toolkits and libraries for rapid application prototyping. ... |
|
| Function Boundary Detection in Stripped Binaries |
Jim Song
|
Automated cyber defense tools require the ability to analyze binary applications, detect vulnerabilities and automatically ... |
|
| VPS: Excavating High-Level C++ Constructs from Low-Level Binaries to Protect Dynamic Dispatching |
Thorsten Holz
,
Herbert Bos
,
Victor Veen
,
Cristiano Giuffrida
,
Dennis Andriesse
,
Andre Pawlowski
,
Erik Kouwe
|
Polymorphism and inheritance make C++ suitable for writing complex software, but significantly increase the attack ... |
|
| STRIP: A Defence Against Trojan Attacks on Deep Neural Networks |
Chang Xu
,
Garrison Gao
,
Derui Wang
,
Shiping Chen
,
Damith C. Ranasinghe
,
Nepal Surya
|
Recent trojan attacks on deep neural network (DNN) models are one insidious variant of data ... |
|
| How to Prove Your Model Belongs to You: A Blind-Watermark based Framework to Protect Intellectual Property of DNN |
Yang Zhang
,
Zheng Li
,
Shanqing Guo
,
Chengyu Hu
|
Deep learning techniques have made tremendous progress in a variety of challenging tasks, such as ... |
|
| D2NN: A Fine-Grained Dual Modular Redundancy Framework for Deep Neural Networks |
Min Li
,
Bo Luo
,
Qiang Xu
,
Yu Li
,
Yannan Liu
,
Ye Tian
|
Deep Neural Networks (DNNs) have attracted mainstream adoption in various application domains. Their reliability and ... |
|
| Model Inversion Attacks Against Collaborative Inference |
Ruby b. Lee
,
Tianwei Zhang
,
Zecheng He
|
The prevalence of deep learning has drawn attention to the privacy protection of sensitive data. ... |
|
| Systematic Comparison of Symbolic Execution Systems: Intermediate Representation and its Generation |
Sebastian Francillon
|
Symbolic execution has become a popular technique for software testing and vulnerability detection. Most implementations ... |
|
| How to Kill Symbolic Deobfuscation for Free (or: Unleashing the Potential of Path-Oriented Protections) |
Jean-yves Marion
,
Sébastien Bardin
,
Richard Bonichon
,
Mathilde Ollivier
|
Code obfuscation is a major tool for protecting software intellectual property from attacks such as ... |
|
| Sleak: Automating Address Space Layout Derandomization |
Christopher Kruegel
,
Giovanni Vigna
,
Ruoyu Wang
,
Yan Shoshitaishvili
,
Christophe Hauser
,
Jayakrishna Menon
|
We present a novel approach to automatically recover information about the address space layout of ... |
|
| SIP Shaker: Software Integrity Protection Composition |
Sebastian Banescu
,
Mohsen Ahmadvand
,
Dennis Fischer
|
Man-At-The-End (MATE) attackers are almighty adversaries against whom there exists no silver-bullet countermeasure. To raise ... |
|
| NITRD Panel: Federal Cybersecurity R&D Strategic Plan |
Jeremy Epstein
,
Raymond Brown
,
Wei-shinn Ku
|
N/A |
|
| Defeating the PCAP Problem: Making a Mountain into a Molehill |
Leigh Metcalf
|
N/A |
|
| “Operation CWAL”: The Dying Art of Product Penetration Testing |
Daniel Nguyen
,
Daniel Ladron
,
And Adrian Pirvu
|
N/A |
|
| Detecting organized eCommerce fraud using scalable categorical clustering |
Sebastian Szyller
,
Samuel Marchal
|
Online retail, eCommerce, frequently falls victim to fraud conducted by malicious customers (fraudsters) who obtain ... |
|
| SIMPLE: Single-Frame based Physical Layer Identification for Intrusion Detection and Prevention on In-Vehicle Networks |
Ryan Gerdes
,
Ming Li
,
Mahsa Foruhandeh
,
Yanmao Man
,
Thidapat Chantam
|
The Controller Area Network (CAN) is a bus standard commonly used in the automotive industry ... |
|
| Improving Intrusion Detectors by Crook-sourcing |
Latifur Khan
,
Kevin W. Hamlen
,
Frederico Araujo
,
Gbadebo Ayoade
,
Khaled Al-naami
,
Yang Gao
|
Conventional cyber defenses typically respond to detected attacks by rejecting them as quickly and decisively ... |
|
| JStap: A Static Pre-Filter for Malicious JavaScript Detection |
Michael Backes
,
Ben Stock
,
Aurore Fass
|
Given the success of the Web platform, attackers have abused its main programming language, namely ... |
|
| Koinonia: Verifiable E-Voting with Long-term Privacy |
Huian Li
,
Xukai Zou
,
Ninghui Li
,
Tianhao Wang
,
Sze Yiu Chau
,
Huangyi Ge
,
Victor E Gonsalves
|
Despite years of research, many existing e-voting systems do not adequately protect voting privacy. In ... |
|
| Whisper: A Unilateral Defense Against VoIP Traffic Re-Identification Attacks |
Micah Sherr
,
Tavish Vaidya
,
Tim Walsh
|
Encrypted voice-over-IP (VoIP) communication often uses variable bit rate (VBR) codecs to achieve good audio ... |
|
| Privacy Preserving Substring Search Protocol with Polylogarithmic Communication Cost |
Alessandro Barenghi
,
Gerardo Pelosi
,
Nicholas Mainardi
|
The problem of efficiently searching into outsourced encrypted data, while providing strong privacy guarantees, is ... |
|
| Revisiting Utility Metrics for Location Privacy-Preserving Mechanisms |
Amir Houmansadr
,
Virat Shejwalkar
,
Hossein Pishro-nik
,
Dennis Goeckel
|
The literature has extensively studied various location privacy-preserving mechanisms (LPPMs) in order to improve the ... |
|
| Distinguished Practitioner Keynote: Why Your Tech Transition Will Probably Fail (And Why You Should Do It Anyway) |
Patrick Traynor
|
The world has never been more interconnected, nor have our systems been less capable of ... |
|
| Panel: Framing the Ransomware Problem |
Michael Ekstrom
,
Peter Wong
,
José L. Quiñones-borrero
|
Is ransomware an information availability problem, an information integrity problem, or a people problem? Following ... |
|
| Detecting (Absent) App-to-app Authentication on Cross-device Short-distance Channels |
Danilo Bruschi
,
Long Lu
,
Andrea Lanzi
,
Stefano Cristalli
|
Short-distance or near-field communication is increasingly used by mobile apps for interacting or exchanging data ... |
|
| An Empirical Study of the SMS One-Time Password Authentication in Android Apps |
Robert h. Deng
,
Elisa Bertino
,
Yang Liu
,
Juanru Li
,
Surya Nepal
,
Zhuo Ma
,
Siqi Ma
,
Runhan Feng
,
Diethelm Ostry
,
Sanjay Jha
|
A great quantity of user passwords nowadays has been leaked through security breaches of user ... |
|
| Challenge-Response Behavioral Mobile Authentication: A Comparative Study of Graphical Patterns and Cognitive Games |
Nitesh Saxena
,
Manar Mohamed
,
Prakash Shrestha
|
The most researched behavioral biometrics for mobile device authentication involves the use of touch gestures ... |
|
| AppVeto: Mobile Application Self-Defense through Resource Access Veto |
Mohammad Mannan
,
Urs Hengartner
,
Amr Youssef
,
Tousif Osman
|
Modern mobile operating systems such as Android and Apple iOS allow apps to access various ... |
|
| Progressive Processing of System Behavioral Query |
Xusheng Xiao
,
Chung Hwan Kim
,
Ding Li
,
Jiaping Gui
,
Haifeng Chen
|
System monitoring has recently emerged as an effective way to analyze and counter advanced cyber ... |
|
| SecDATAVIEW: A Secure Big Data Workflow Management System for Heterogeneous Computing Environments |
Ping Yang
,
Heming Cui
,
Fengwei Zhang
,
Saeid Mofrad
,
Ishtiaq Ahmed
,
Shiyong Lu
|
Big data workflow management systems (BDWFMSs) have recently emerged as popular platforms to perform large-scale ... |
|
| Mining Least Privilege Attribute Based Access Control Policies |
Chuan Yue
,
Matthew Sanders
|
Creating effective access control policies is a significant challenge to many organizations. Over-privilege increases security ... |
|
| MalRank: A Measure of Maliciousness in SIEM-based Knowledge Graphs |
Christoph Meinel
,
Pejman Najafi
,
Alexander Muehle
,
Wenzel Puenter
,
Feng Cheng
|
In this paper, we formulate threat detection in SIEM environments as a large-scale graph inference ... |
|
| NITRD Panel: Making AI Forget You |
Yinzhi Cao
,
Raymond Brown
,
Wei-shinn Ku
,
Saurabh Shintre
|
N/A |
|
| CUBISMO: Decloaking Server-side Malware via Cubist Program Analysis |
Anh Nguyen-tuong
,
Yonghwi Kwon
,
Abbas Naderi-afooshteh
,
Mandana Bagheri-marzijarani
,
Jack W. Davidson
|
Malware written in dynamic languages such as PHP routinely employ anti-analysis techniques such as obfuscation ... |
|
| Neurlux: Dynamic Malware Analysis Without Feature Engineering |
Christopher Kruegel
,
Giovanni Vigna
,
Christopher Salls
,
Chani Jindal
,
Hojjat Aghakhani
,
Keith Long
|
Malware detection plays a vital role in computer security. Modern machine learning approaches have been ... |
|
| A Game of "Cut and Mouse": Bypassing Antivirus by Simulating User Inputs |
Gabriele Lenzini
,
Daniele Sgandurra
,
Ziya Alper Genç
|
Most users and companies heavily rely on anti-virus (AV) software to protect their digital assets, ... |
|
| My Script Engines Know What You Did In The Dark: Converting Engines into Script API Tracers |
Kanta Matsuura
,
Makoto Iwamura
,
Toshinori Usui
,
Yuto Otsuki
,
Yuhei Kawakoya
,
Jun Miyoshi
|
Malicious scripts have been crucial attack vectors in recent attacks such as malware spam (malspam) ... |
|
| BakingTimer: Privacy Analysis of Server-Side Request Processing Time |
Davide Balzarotti
,
Igor Santos
,
Iskander Sanchez-rola
|
Cookies were originally introduced as a way to provide state awareness to websites, and are ... |
|
| PDoT: Private DNS-over-TLS with TEE Support |
Yoshimichi Nakatsuka
,
Uc Paverd
,
Andrew.paverd@ieee.org; Gene Tsudik
|
Security and privacy of the Internet Domain Name System (DNS)have been longstanding concerns. Recently, there ... |
|
| Casino Royale: A Deep Exploration of Illegal Online Gambling |
Shuang Hao
,
Haining Wang
,
Haixin Duan
,
Zhou Li
,
Kun Du
,
Hao Yang
,
Yubao Zhang
,
Mingxuan Liu
,
Yazhou Shi
,
Xiaodong Su
,
Guang Liu
,
Zhifeng Geng
,
Jianping Wu
|
The popularity of online gambling could bring negative social impact, and many countries ban or ... |
|
| Leveraging Locality of Reference for Certificate Revocation |
Kent Seamons
,
Luke Dickinson
,
Trevor Smith
|
X.509 certificate revocation defends against man-in-the-middle attacks involving a compromised certificate. Certificate revocation strategies face ... |
|
| Hype or hope? Machine learning based security analytics for web applications |
Lei Ding
,
Xiaoyong Yuan
,
And Salem
|
N/A |
|
| Applying the Guilt By Association Principle to Threat Detection with Sparsely Labeled Data |
Kevin Roundy
|
N/A |
|
| JEX: A Straightforward, Portable and Scalable Framework for Automatic Exploit Generation for Java |
Mohammadreza Ashouri
|
N/A |
|
| Opening Pandora's Box through ATFuzzer: Dynamic Analysis of AT Interface for Android Smartphones |
Elisa Bertino
,
Syed Rafiul Hussain
,
Omar Chowdhury
,
Imtiaz Karim
,
Fabrizio Cicala
|
This paper focuses on checking the correctness and robustness of the AT command interface exposed ... |
|
| SRFuzzer: An Automatic Fuzzing Framework for Physical SOHO Router Devices to Discover Multi-Type Vulnerabilities |
Chao Zhang
,
Yu Zhang
,
Chen Wang
,
Wei Huo
,
Kunpeng Jian
,
Ji Shi
,
Haoliang Lu
,
Longquan Liu
,
Dandan Sun
,
Baoxu Liu
|
SOHO (small office/home office) routers provide services for end devices to connect to the Internet, ... |
|
| Premadoma: An Operational Solution for DNS Registries to Prevent Malicious Domain Registrations |
Lieven Desmet
,
Wouter Joosen
,
Thomas Vissers
,
Jan Spooren
,
Peter Janssen
|
DNS is one of the most essential components of the Internet, mapping domain names to ... |
|
| Coordinated Dataflow Protection for Ultra-High Bandwidth Science Networks |
Vinod Yegneswaran
,
Phil Porras
,
Samir R. Das
,
Vasudevan Nagendra
|
The Science DMZ (SDMZ) is a special purpose network architecture proposed by ESnet (Energy Sciences ... |
|
| Analyzing Control Flow Integrity with LLVM-CFI |
Gang Tan
,
Jens Grossklags
,
Claudia Eckert
,
Zhiqiang Lin
,
Paul Muntean
,
Matthias Neumayer
|
Control-flow hijacking attacks are used to perform malicious computations. Current solutions for assessing the attack ... |
|
| Mitigating Data Leakage by Protecting Memory-resident Sensitive Data |
Fabian Monrose
,
Michalis Polychronakis
,
Tapti Palit
|
Gaining reliable arbitrary code execution through the exploitation of memory corruption vulnerabilities is becoming increasingly ... |
|
| FRAMER: A Tagged-Pointer Capability System with Memory Safety Applications |
Periklis Akritidis
,
Myoung Jin Nam
,
David J Greaves
|
Security mechanisms for systems programming languages, such as fine-grained memory protection for C/C++, authorize operations ... |
|
| FuzzBuilder: Automated building greybox fuzzing environment for C/C++ library |
Huy Kang Kim
,
Joonun Jang
|
Fuzzing is an effective method to find bugs in software. Many security communities are interested ... |
|
| The Chatty-Sensor: A Provably-covert Channel in Cyber Physical Systems |
Amir Herzberg
,
Yehonatan Kfir
|
Cyber physical systems (CPS) typically contain multiple control loops, where the controllers use actuators to ... |
|
| HDMI-WALK: Attacking HDMI Distribution Networks via Consumer Electronic Control Protocol |
Selcuk Uluagac
,
Kemal Akkaya
,
Leonardo Babun
,
Luis Rondon
|
The High Definition Multimedia Interface (HDMI) is the backbone and the de-facto standard for Audio/Video ... |
|
| Out of Control: Stealthy Attacks Against Robotic Vehicles Protected by Control-based Techniques |
Karthik Pattabiraman
,
Pritam Dash
,
Mehdi Karimibiuki
|
Robotic vehicles (RVs) are cyber-physical systems that operate in the physical world under the control ... |
|
| WooKey: Designing a Trusted and Efficient USB Device |
Mathieu Renard
,
Ryad Benadjila
,
Arnauld Michelizza
,
Philippe Thierry
,
Philippe Trebuchet
|
The work presented in this paper takes place in the design initiatives that have emerged ... |
|
| EIGER: Automated IOC Generation for Accurate and Interpretable Endpoint Malware Detection |
Tatsuya Mori
,
Makoto Iwamura
,
Yuto Otsuki
,
Yuhei Kawakoya
,
Yuma Kurogome
,
Syogo Hayashi
,
Koushik Sen
|
EIGER: Automated IOC Generation for Accurate and Interpretable Endpoint Malware Detection |
|
| Your Hashed IP Address: Ubuntu - Perspectives on Transparency Tools for Online Advertising |
Thorsten Holz
,
Norbert Pohlmann
,
Tobias Urban
,
Martin Degeling
|
Ad personalization has been criticized in the past for invading privacy, lack of transparency, and ... |
|
| Will You Trust This TLS Certificate? Perceptions of People Working in IT |
Vashek Matyas
,
Martin Ukrop
,
Lydia Kraus
,
Heider Wahsheh
|
Flawed TLS certificates are not uncommon on the Internet. While they signal a potential issue, ... |
|
| I Know What You Did Last Login: Inconsistent Messages Tell Existence of a Target's Account to Insiders |
Takuya Watanabe
,
Mitsuaki Akiyama
,
Eitaro Shioji
,
Ayako Akiyama Hasegawa
|
Account security to protect user accounts against sensitive data breaches is a major mission for ... |
|
| Speculator: A Tool to Analyze Speculative Execution Attacks and Mitigations |
William Robertson
,
Engin Kirda
,
Matthias Neugschwandtner
,
Anil Kurmus
,
Alessandro Sorniotti
,
Andrea Mambretti
|
Speculative execution attacks exploit vulnerabilities at a CPU's microarchitectural level, which, until recently, remained hidden ... |
|
| Survivor: A Fine-Grained Intrusion Response and Recovery Approach for Commodity Operating Systems |
Guillaume Hiet
,
Ronny Chevalier
,
David Plaquin
,
Chris Dalton
|
Despite the deployment of preventive security mechanisms to protect the assets and computing platforms of ... |
|
| Robust Keystroke Transcription from the Acoustic Side-Channel |
Scott Tenaglia
,
David Slater
,
Scott Novotney
,
Jessica Moore
,
Sean Morgan
|
The acoustic emanations from keyboards provide a side-channel attack from which an attacker can recover ... |
|
| DR.SGX: Automated and Adjustable Side-Channel Protection for SGX using Data Location Randomization |
Srdjan Capkun
,
Kari Kostiainen
,
Ahmad-reza Sadeghi
,
Alexandra Dmitrienko
,
Tommaso Frassetto
,
Ferdinand Brasser
|
Recent research has demonstrated that Intel's SGX is vulnerable to software-based side-channel attacks. In a ... |
|
