NDSS Symposium 2014 Accepted Papers

On the Mismanagement and Maliciousness of Networks

Jing Zhang, Zakir Durumeric, Michael Bailey, Manish Karir and Mingyan Liu

No Direction Home: The True Cost of Routing Around Decoys

Amir Houmansadr, Edmund L. Wong and Vitaly Shmatikov

Gaining Control of Cellular Traffic Accounting by Spurious TCP Retransmission

Younghwan Go, EunYoung Jeong, Jongil Won, Yongdae Kim, Denis Foo Kune and KyoungSoo Park

CyberProbe: Towards Internet-Scale Active Detection of Malicious Servers

Antonio Nappa, Zhaoyan Xu, M. Zubair Rafique, Juan Caballero and Guofei Gu

Amplification Hell: Revisiting Network Protocols for DDoS Abuse

Christian Rossow

ROPecker: A Generic and Practical Approach for Defending Against ROP Attacks

Yueqiang Cheng, Zongwei Zhou, Miao Yu, Xuhua Ding and Robert H. Deng

A Trusted Safety Verifier for Process Controller Code

Stephen McLaughlin, Saman Zonouz, Devin Pohly and Patrick McDaniel

Avatar: A Framework to Support Dynamic Security Analysis of Embedded Systems’ Firmwares

Jonas Zaddach, Luca Bruno, Aurelien Francillon and Davide Balzarotti

SAFEDISPATCH: Securing C++ Virtual Calls from Memory Corruption Attacks

Dongseok Jang, Zachary Tatlock and Sorin Lerner

HYBRID-BRIDGE: Efficiently Bridging the Semantic Gap in Virtual Machine Introspection via Decoupled Execution and Training Memoization

Alireza Saberi, Yangchun Fu and Zhiqiang Lin

Screenmilker: How to Milk Your Android Screen for Secrets

Chia-Chi Lin, Hongyang Li, Xiaoyong Zhou and XiaoFeng Wang

AccelPrint: Imperfections of Accelerometers Make Smartphones Trackable

Sanorita Dey, Nirupam Roy, Wenyuan Xu, Romit Roy Choudhury and Srihari Nelakuditi

Smartphones as Practical and Secure Location Verification Tokens for Payments

Claudio Marforio, Nikolaos Karapanos, Claudio Soriente, Kari Kostiainen and Srdjan Capkun

Breaking and Fixing Origin-Based Access Control in Hybrid Web/Mobile Application Frameworks

Martin Georgiev, Suman Jana and Vitaly Shmatikov

Inside Job: Understanding and Mitigating the Threat of External Device Mis-Bonding on Android

Muhammad Naveed, Xiaoyong Zhou, Soteris Demetriou, XiaoFeng Wang and Carl A Gunter

DSpin: Detecting Automatically Spun Content on the Web

Qing Zhang, David Y. Wang and Geoffrey M. Voelker

Toward Black-Box Detection of Logic Flaws in Web Applications

Giancarlo Pellegrino and Davide Balzarotti

Macaroons: Cookies with Contextual Caveats for Decentralized Authorization in the Cloud

Arnar Birgisson, Joe Gibbs Politz, Ulfar Erlingsson, Ankur Taly, Michael Vrable and Mark Lentczner

Detecting Logic Vulnerabilities in E-Commerce Applications

Fangqi Sun, Liang Xu and Zhendong Su

Simulation of Built-in PHP Features for Precise Static Code Analysis

Johannes Dahse and Thorsten Holz

Enhanced Certificate Transparency and End-to-end Encrypted Mail

Mark D. Ryan

Privacy through Pseudonymity in Mobile Telephony Systems

Myrto Arapinis, Loretta Ilaria Mancini, Eike Ritter and Mark Ryan

Privacy-Preserving Distributed Stream Monitoring

Arik Friedman, Izchak Sharfman, Daniel Keren and Assaf Schuster

The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network

Rob Jansen, Florian Tschorsch, Aaron Johnson and Bjorn Scheuermann

Selling Off Privacy at Auction

Lukasz Olejnik, Minh-Dung Tran and Claude Castelluccia

The Tangled Web of Password Reuse

Anupam Das, Joseph Bonneau, Matthew Caesar, Nikita Borisov and XiaoFeng Wang

On the Semantic Patterns of Passwords and their Security Impact

Rafael Veras, Christopher Collins and Julie Thorpe

From Very Weak to Very Strong: Analyzing Password-Strength Meters

Xavier de Carné de Carnavalet and Mohammad Mannan

Copker: Computing with Private Keys without RAM

Le Guan, Jingqiang Lin, Bo Luo and Jiwu Jing

Practical Dynamic Searchable Encryption with Small Leakage

Emil Stefanov, Charalampos Papamanthou and Elaine Shi

Decentralized Anonymous Credentials

Christina Garman, Matthew Green and Ian Miers

Dynamic Searchable Encryption in Very-Large Databases: Data Structures and Implementation

David Cash, Joseph Jaeger, Stanislaw Jarecki, Charanjit Jutla, Hugo Krawczyk, Marcel-Catalin Ros and Michael Steiner

Authentication Using Pulse-Response Biometrics

Kasper B. Rasmussen, Marc Roeschlin, Ivan Martinovic and Gene Tsudik

Hardening Persona – Improving Federated Web Login

Michael Dietz and Dan S. Wallach

Two-Factor Authentication Resilient to Server Compromise Using Mix-Bandwidth Devices

Maliheh Shirvanian, Stanislaw Jarecki, Nitesh Saxena and Naveen Nathan

Leveraging USB to Establish Host Identity Using Commodity Devices

Adam Bates, Ryan Leonard, Hannah Pruse, Daniel Lowd and Kevin R. B. Butler

PlaceAvoider: Steering First-Person Cameras away from Sensitive Spaces

Robert Templeman, Mohammed Korayem, David Crandall and Apu Kapadia

Auditable Version Control Systems

Bo Chen and Reza Curtmola

Power Attack: An Increasing Threat to Data Centers

Zhang Xu, Haining Wang, Zichen Xu and Xiaorui Wang

Scambaiter: Understanding Targeted Nigerian Scams on Craigslist

Youngsam Park, Jackie Jones, Damon McCoy, Elaine Shi and Markus Jakobsson

Botcoin: Monetizing Stolen Cycles

Danny Yuxing Huang, Hitesh Dharmdasani, Sarah Meiklejohn, Vacha Dave, Chris Grier, Damon McCoy, Stefan Savage, Nicholas Weaver, Alex C. Snoeren and Kirill Levchenko

A Machine-learning Approach for Classifying and Categorizing Android Sources and Sinks

Siegfried Rasthofer, Steven Arzt and Eric Bodden

AirBag: Boosting Smartphone Resistance to Malware Infection

Chiachih Wu, Yajin Zhou, Kunal Patel, Zhenkai Liang and Xuxian Jiang

SMV-HUNTER: Large Scale, Automated Detection of SSL/TLS Man-in-the-Middle Vulnerabilities in Android Apps

David Sounthiraraj, Justin Sahs, Garret Greenwood, Zhiqiang Lin and Latifur Khan

AppSealer: Automatic Generation of Vulnerability-Specific Patches for Preventing Component Hijacking Attacks in Android Applications

Mu Zhang and Heng Yin

Execute This! Analyzing Unsafe and Malicious Dynamic Code Loading in Android Applications

Sebastian Poeplau, Yanick Fratantonio, Antonio Bianchi, Christopher Kruegel and Giovanni Vigna

Nazca: Detecting Malware Distribution in Large-Scale Networks

Luca Invernizzi, Stanislav Miskovic, Ruben Torres, Christopher Kruegel, Sabyasachi Saha, Giovanni Vigna, Sung-Ju Lee and Marco Mellia

Persistent Data-only Malware: Function Hooks without Code

Sebastian Vogl, Jonas Pfoh, Thomas Kittel and Claudia Eckert Technische Universitat Munchen

Drebin: Effective and Explainable Detection of Android Malware in Your Pocket

Daniel Arp, Michael Spreitzenbarth, Malte Hubner, Hugo Gascon and Konrad Rieck

Gyrus: A Framework for User-Intent Monitoring of Text-Based Networked Applications

Yeongjin Jang, Simon P. Chung, Bryan D. Payne and Wenke Lee

Neural Signatures of User-Centered Security: An fMRI Study of Phishing, and Malware Warnings

Ajaya Neupane, Nitesh Saxena, Keya Kuruvilla, Michael Georgescu and Rajesh Kana

Web PKI: Closing the Gap between Guidelines and Practices

Antoine Delignat-Lavaud, Mart ́ın Abadi, Andrew Birrell, Ilya Mironov, Ted Wobber and Yinglian Xie

Efficient Private File Retrieval by Combining ORAM and PIR

Travis Mayberry, Erik-Oliver Blass and Agnes Hui Chan

Practical Known-Plaintext Attacks against Physical Layer Security in Wireless MIMO Systems

Matthias Schulz, Adrian Loch and Matthias Hollick

Practical Issues with TLS Client Certificate Authentication

Arnis Parsovs

Let SDN Be Your Eyes: Secure Forensics in Data Center Networks

Adam Bates, Kevin Butler, Andreas Haeberlen, Micah Sherr and Wenchao Zhou

Towards a Richer Set of Services in Software-Defined Networks

Roberto Bifulco and Ghassan Karame

A Tradeoff between Caching Efficiency and Data Protection for Video Services in CCN

Eunsang Cho, Jongho Shin, Jaeyoung Choi, Ted Taekyoung Kwon and Yanghee Choi

Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking

Cesar Ghali, Gene Tsudik and Ersin Uzun

Cellpot: A Concept for Next Generation Cellular Network Honeypots

Ravishankar Borgaonkar, Steffen Liebergeld and Matthias Lange

Zero-Communication Seed Establishment for Anti-Jamming Techniques

Kim Pecina, Esfandiar Mohammadi and Christina Popper

Even Rockets Cannot Make Pigs Fly Sustainably: Can BGP be Secured with BGPsec?

Qi Li, Yih-Chun Hu and Xinwen Zhang

Communication Pattern Monitoring: Improving the Utility of Anomaly Detection for Industrial Control Systems

Man-Ki Yoon and Gabriela Ciocarlie

Should I Protect You? Understanding Developers’ Behavior to Privacy-Preserving APIs

Shubham Jain and Janne Lindqvist

The Privacy and Security Behaviors of Smartphone App Developers

Rebecca Balebako, Abigail Marsh, Jialiu Lin, Jason Hong and Lorrie Faith Cranor

Is Your Inseam a Biometric? A Case Study on the Role of Usability Studies in Developing Public Policy

Rebecca Balebako, Rich Shay and Lorrie Faith Cranor

Learning from “Shadow Security”: Why understanding non-compliance provides the basis for effective security

Iacovos Kirlappos, Simon Parkin and Angela Sasse

A Comparative Usability Study of Two-Factor Authentication

Emiliano De Cristofaro, Honglu Du, Julien Freudiger and Greg Norcie

Beyond Access Control: Managing Online Privacy via Exposure

Mainack Mondal, Peter Druschel, Krishna P. Gummadi and Alan Mislove

Spiny CACTOS: OSN users attitudes and perceptions towards cryptographic access control tools

Ero Balsa, Laura Brandimarte, Alessandro Acquisti, Claudia Diaz and Seda Gürses

Dynamic Cognitive Game CAPTCHA Usability and Detection of Streaming-Enabled Farming

Manar Mohamed, Song Gao, Nitesh Saxena and Chengcui Zhang

A Field Study of Run-Time Location Access Disclosures on Android Smartphones

Huiqing Fu, Yulong Yang, Nileema Shingte, Janne Lindqvist and Marco Gruteser

Survey on the Fate of Digital Footprints after Death

Carsten Grimm and Sonia Chiasson

An Exploratory Ethnographic Study of Issues and Concerns with Whole Genome Sequencing

Emiliano De Cristofaro

On a Scale from 1 to 10, How Private Are You? Scoring Facebook Privacy Settings

Tehila Minkus and Nasir Memon

Why Johnny Can’t Blow The Whistle: Identifying and Reducing Usability Issues in Anonymity Systems

Greg Norcie, Jim Blythe, Kelly Caine and L Jean Camp

Introducing Precautionary Behavior by Temporal Diversion of Voter Attention from Casting to Verifying their Vote

Jurlind Budurushi, Marcel Woide and Melanie Volkamer

Voter, What Message Will Motivate You To Verify Your Vote?

M. Maina Olembo, Karen Renaud, Steffen Bartsch and Melanie Volkamer