ACSAC 2020 Dec. 7, 2020 to Dec. 11, 2020, Virtual, Virtual

Event Page


Tell us about missing data
Title Speakers Summary Topic Types
Distinguished Practitioner Keynote: When Security Meets Compatibility When Compatibility https://www.acsac.org/2020/files/web/when_security_meets_compatibility_acsac_2020_.pdfOver the past decade, HTTPS adoption has risen dramatically. The Web PKI has shifted seismically, ...
Panel: Cybersecurity Research Challenges and Opportunities in 5G and Next Generation Cellular Networks Ehab Al-shaer , Alex Sprintson , Wayne Phoel , Sumit Roy , Vincent Sritapan 5G and Next G technologies for broadband cellular networks promise to bring increases in bandwidth, ...
The Tangled Genealogy of IoT Malware Emanuele Balzarotti The recent emergence of consumer off-the-shelf embedded (IoT) devices and the rise of large-scale IoT ...
Spotlight: Malware Lead Generation at Scale Fabian Bursztein Malware is one of the key threats to online security today, with applications ranging from ...
App-Agnostic Post-Execution Semantic Analysis of Android In-Memory Forensics Artifacts Aisha Iii Over the last decade, userland memory forensics techniques and algorithms have gained popularity among practitioners, ...
AVClass2: Massive Malware Tag Extraction from AV Labels Silvia Caballero Tags can be used by malware repositories and analysis services to enable searches for samples ...
Advanced Windows Methods on Malware Detection and Family Classification Dima Teo Application Programming Interfaces (APIs) are still considered the standard accessible data source and core wok ...
Betrayed by the Guardian: Security and Privacy Risks of Parental Control Solutions Suzan Youssef For parents of young children and adolescents, the digital age has introduced many new challenges, ...
Talek: Private Group Messaging with Hidden Access Patterns Raymond Parno Talek is a private group messaging system that sends messages through potentially untrustworthy servers, while ...
Towards a Practical Differentially Private Collaborative Phone Blacklisting System Ucci Ahamad Spam phone calls have been rapidly growing from nuisance to an increasingly effective scam delivery ...
Towards Realistic Membership Inferences: The Case of Survey Data Luke Bindschaedler We consider the problem of membership inference attacks on aggregate survey data through the use ...
Quantifying measurement quality and load distribution in Tor Andre Kounev Tor is a widely used anonymization network. Traffic is routed over different relay nodes to ...
NITRD Panel: Homomorphic Encryption: Clever Idea, But Can We Make It Practical? Heidi Sofia , Josh Baron , Kurt Rohloff Fully homomorphic encryption promises computation directly with encrypted data, which would solve one of the ...
SAIBERSOC: Synthetic Attack Injection to Benchmark and Evaluate the Performance of Security Operation Centers Martin Allodi n this paper we introduce SAIBERSOC, a tool and methodology enabling security researchers and operators ...
Measurements of the Most Significant Software Security Weaknesses Carlos Gueye In this work, we provide a metric to calculate the most significant software security weaknesses ...
This is Why We Can’t Cache Nice Things: Lightning-Fast Threat Hunting using Suspicion-Based Hierarchical Storage Wajih Bates Recent advances in the causality analysis can accelerate incident response time but only after a ...
CDL: Classified Distributed Learning for Detecting Security Attacks in Containerized Applications Yuhang Gu Containers have been widely adopted in production computing environments for its efficiency and low isolation ...
On the Forensic Validity of Approximated Audit Logs Noor Bates Auditing is an increasingly essential tool for the defense of computing systems, but the unwieldy ...
More Than Just Good Passwords? A Study on Usability and Security Perceptions of Risk-based Authentication Stephan Iacono Risk-based Authentication (RBA) is an adaptive security measure to strengthen password-based authentication. RBA monitors additional ...
Double Patterns: A Usable Solution to Increase the Security of Android Unlock Patterns Tim Aviv Android unlock patterns remain quite common. Our study, as well as others, finds that roughly ...
Understanding User Perceptions of Security and Privacy for Group Chat: A Survey of Users in the US and UK Sean Ruoti Secure messaging tools are an integral part of modern society. While there is a significant ...
Widely Reused and Shared, Infrequently Updated, and Sometimes Inherited: A Holistic View of PIN Authentication in Digital Lives and Beyond Hassan Kuber Personal Identification Numbers (PINs) are widely used as an access control mechanism for digital assets ...
Up2Dep: Android Tool Support to Fix Insecure Code Dependencies Duc Bugiel Third-party libraries, especially outdated versions, can introduce and multiply security & privacy related issues to ...
NITRD Panel: CMMC: Raising the Bar on Cybersecurity Maturity Stacy Bostjanick , Regan Edens , Katie Stewart The Cybersecurity Maturity Model Certification is the US Department of Defense nascent methodology to assess ...
On the Feasibility of Automating Stock Market Manipulation Carter Lee This work presents the first findings and analysis on the feasibility of using botnets to ...
Dragonblood is Still Leaking: Practical Cache-based Side-Channel in the Wild Daniel Mohamed Recently, the Dragonblood attacks have attracted new interests on the security of WPA-3 implementation and ...
DeepSIM: GPS Spoofing Detection on UAVs using Satellite Imagery Matching Nian Poepper Unmanned Aerial Vehicles (UAVs), better known as drones, have significantly advanced fields such as aerial ...
Certified Copy? Understanding Security Risks of Wi-Fi Hotspot based Android Data Clone Services Siqi Bertino Wi-Fi hotspot-based data clone services are increasingly used by Android users to transfer their user ...
DPIFuzz: A Differential Fuzzing Framework to Detect DPI Elusion Strategies for QUIC Gaganjeet Rossow QUIC is an emerging transport protocol that has the potential to replace TCP in the ...
A Flexible Framework for Expediting Bug Finding by Leveraging Past (Mis-)Behavior to Discover New Bugs Sanjeev Monrose Among various fuzzing approaches, coverage-guided grey-box fuzzing is perhaps the most prominent, due to its ...
Cupid: Automatic Fuzzer Selection for Collaborative Fuzzing Emre Holz Combining the strength of individual fuzzing methods is an appealing idea to find software bugs ...
Probabilistic Naming of Functions in Stripped Binaries James Kinder Debugging symbols in binary executables carry the names of functions and global variables. When present, ...
Guide Me to Exploit: Assisted ROP Exploit Generation for ActionScript Virtual Machine Fadi Choi Automatic exploit generation (AEG) is the challenge of determining the exploitability of a given vulnerability ...
Practical Fine-Grained Binary Code Randomization Soumyakant Sekar Despite its promise against code reuse attacks, fine-grained code randomization has not been deployed widely ...
Sponsored Talk: Memory corruption attacks in the Spectre era Alexandra Sandulescu The prevalence of memory corruption bugs in the past decades resulted in numerous defenses, such ...
Faulty Point Unit: ABI Poisoning Attacks on Intel SGX Fritz Piessens This paper analyzes a previously overlooked attack surface that allows unprivileged adversaries to impact supposedly ...
Reboot-Oriented IoT: Life Cycle Management in Trusted Execution Environment for Disposable IoT devices Kuniyasu Mannan Many IoT devices are geographically distributed without human administrators, which are maintained by a remote ...
RusTEE: Developing Memory-Safe ARM TrustZone Applications Shengye He In the past decade, Trusted Execution Environment (TEE) provided by ARM TrustZone is becoming one ...
HeapExpo: Pinpointing Promoted Pointers to Prevent Use-After-Free Vulnerabilities Zekun Dolan-gavitt Use-after-free (UAF) vulnerabilities, in which dangling pointers remain after memory is released, remain a persistent ...
Constrained Concealment Attacks against Reconstruction-based Anomaly Detectors in Industrial Control Systems Alessandro Tippenhauer Recently, reconstruction-based anomaly detection was proposed as an effective technique to detect attacks in dynamic ...
Workflow Integration Alleviates Identity and Access Management in Serverless Computing Arnav Bates As serverless computing continues to revolutionize the design and deployment of web services, it has ...
Privacy-Preserving Production Process Parameter Exchange Jan Wehrle Nowadays, collaborations between industrial companies always go hand in hand with trust issues, i.e., exchanging ...
Efficient Oblivious Substring Search via Architectural Support Nicholas Pelosi Performing private and efficient searches over encrypted outsourced data enables a flourishing growth of cloud ...
SERENIoT: Distributed Network Security Policy Management and Enforcement for Smart Homes Corentin Barrera Network traffic whitelisting has emerged as a dominant approach for securing consumer IoT devices. However, ...
Panel: Diversity & Inclusion in the Cybersecurity Research Community Chenxi Wang , Diana L. Burley , Mary F. Theofanos , Ada Lerner The research community has been concerned with diversity for years, and researchers have been encouraged ...
Effect of Security Controls on Patching Window: A Causal Inference based Approach Aditya Le-khac In many organisations there are up to 15 security controls that help defenders accurately identify ...
NoSQL Breakdown: A Large-scale Analysis of Misconfigured NoSQL Services Dario Zanero In the last years, NoSQL databases have grown in popularity due to their easy-to-deploy, reliable, ...
GuardSpark++: Fine-Grained Purpose-Aware Access Control for Secure Data Sharing and Analysis in Spark Tao Meng With the development of computing and communication technologies, extremely large amount of data has been ...
Understanding Promotion-as-a-Service on GitHub Kun Yang As the world’s leading software development platform, GitHub has become a social networking site for ...
Query-Efficient Black-Box Attack Against Sequence-Based Malware Classifiers Ishai Rokach In this paper, we present a generic, query-efficient black-box attack against API call-based machine learning ...
FPSelect: Low-Cost Browser Fingerprints for Mitigating Dictionary Attacks against Web Authentication Mechanisms Nampoina Guelvouit Browser fingerprinting consists into collecting attributes from a web browser. Hundreds of attributes have been ...
Security Study of Service Worker Cross-Site Scripting Phakpoom Gu Nowadays, modern websites are utilizing service workers to provide users with app-like functionalities such as ...
CAPS: Smoothly Transitioning to a More Resilient Web PKI Stephanos Parno Many recent proposals to increase the resilience of the Web PKI against misbehaving CAs face ...
dStyle-GAN: Generative Adversarial Network based on Writing and Photography Styles for Drug Identification in Darknet Markets Yiming Shao Despite the persistent effort by law enforcement, illicit drug trafficking in darknet markets has shown ...
Session Key Distribution Made Practical for CAN and CAN-FD Message Authentication Yang Hou Automotive communication networks, represented by CAN bus, are acclaimed for realizing real-time communication between resource-limited ...
Sponsored Talk: Unleashing Cyber Reasoning: DARPA Transparent Computing Threat Hunting Retrospective Xiaokui Shu In 2015, DARPA launched the Transparent Computing program to furtherour understanding and push the limits ...
Case Study: Anchoring Trust in a Totally Open Platform Elaine Wilson N/A
Incident Response Planning for Election Cybersecurity: Designing a Workshop for County Clerks Tom Bruhn N/A
Summarizing Intrusion Alerts to Attack Models for Higher-Ed SOC Shanchieh (jay) Yang , Ryan Kiser , Emily Adams , And Scott Orr N/A
LeakyPick: IoT Audio Spy Detector Richard Sadeghi Manufacturers of smart home Internet of Things (IoT) devices are increasingly adding voice assistant and ...
IvoriWatch: Exploring Transparent Integrity Verification of Remote User Input Leveraging Wearables Prakash Saxena Several sensitive operations, such as financial transactions, email construction, configurations of safety-critical devices (e.g., medical ...
Verify&Revive: Secure Detection and Recovery of Compromised Low-end Embedded Devices Mahmoud Crispo Tiny and specialized computing platforms, so-called embedded or Internet of Things (IoT) devices, are increasingly ...
FirmAE: Towards Large-Scale Emulation of IoT Firmware for Dynamic Analysis Mingeun Kim One approach to assess the security of embedded IoT devices is applying dynamic analysis such ...
Device-agnostic Firmware Execution is Possible: A Concolic Execution Approach for Peripheral Emulation Chen Liu With the rapid proliferation of IoT devices, our cyberspace is nowadays dominated by billions of ...
Set It and Forget It! Turnkey ECC for Instant Integration Dmitry Ustinov Historically, Elliptic Curve Cryptography (ECC) is an active field of applied cryptography where recent focus ...
Practical Over-Threshold Multi-Party Private Set Intersection Rasoul Blass Over-Threshold Multi-Party Private Set Intersection (OT-MP-PSI) is the problem where several parties, each holding a ...
Secure and Verifiable Inference in Deep Neural Networks Guowen Deng Outsourced inference service has enormously promoted the popularity of deep learning, and helped users to ...
ZeroAUDIT Aman Fu Consider the problem of auditing an investment fund. This usually involves inspecting each transaction in ...
Policy-based Chameleon Hash for Blockchain Rewriting with Black-box Accountability Yangguang Zhou Policy-based chameleon hash is a useful primitive for blockchain rewriting. It allows a party to ...
Cong Wang None
Imperio: Robust Over-the-Air Adversarial Examples for Automatic Speech Recognition Systems Lea Kolossa Automatic speech recognition (ASR) systems can be fooled via targeted adversarial examples, which induce the ...
Measuring the Effectiveness of Privacy Policies for Voice Assistant Applications Song Deng Voice Assistants (VA) such as Amazon Alexa and Google Assistant are quickly and seamlessly integrating ...
Voicefox: Leveraging Inbuilt Transcription to Enhance the Security of Machine-Human Speaker Verification against Voice Synthesis Attacks Maliheh Anand In this paper, we propose Voicefox, a defense against the threat of automated voice synthesis ...
VibLive: A Continuous Liveness Detection for Secure Voice User Interface in IoT Environment Linghan Yang The voice user interface (VUI) has been progressively used to authenticate users to numerous devices ...
Februus: Input Purification Defense Against Trojan Attacks onDeep Neural Network Systems Bao Ranasinghe We propose Februus; a new idea to neutralize highly potent and insidious Trojan attacks on ...
NoiseScope: Detecting Deepfake Images in a Blind Setting Jiameng Viswanath Recent advances in Generative Adversarial Networks (GANs) have significantly improved the quality of synthetic images ...
StegoNet: Turn Deep Neural Network into a Stegomalware Tao Li Deep Neural Networks (DNNs) are now presenting human-level performance on many real-world applications, and DNN-based ...
SEEF-ALDR: A Speaker Embedding Enhancement Framework via Adversarial Learning based Disentangled Representation Jianwei Zhang Speaker verification, as a biometric authentication mechanism, has been widely used due to the pervasiveness ...
Attacking Graph-Based Classification without Changing Existing Connections Xuening Zeng In recent years, with the rapid development of machine learning in various domains, more and ...
BoF: Sharing Cybersecurity Experimentation Artifacts to Accelerate Progress Terry Mirkovic , Laura Balenson , Timothy Yardley The sharing of repeatable, reproducible, and reusable artifacts in cybersecurity experimentation can greatly enhance one’s ...