NDSS Symposium 2015 Accepted Papers

Experts Are Not Infallible – The Need for Usable System Security

Matthew Smith

Liar Buyer Fraud, and How to Curb It

Markus Jakobsson, Hossein Siadati and Mayank Dhiman

NoPhish App Evaluation: Lab and Retention Study

Gamze Canova, Melanie Volkamer, Clemens Bergmann and Benjamin Reinheimer

Introducing Privacy Threats from Ad Libraries to Android Users Through Privacy Granules

Anand Paturi, Patrick Gage Kelley and Subhasish Mazumdar

Pitfalls of Shoulder Surfing Studies

Oliver Wiese and Volker Roth

A First Look at the Usability of Bitcoin Key Management

Shayan Eskandari, David Barrera, Elizabeth Stobert and Jeremy Clark

An Unattended Study of Users Performing Security Critical Tasks Under Adversarial Noise

Tyler Kaczmarek, Alfred Kobsa, Robert Sy and Gene Tsudik

Fixing Security Together: Leveraging trust relationships to improve security in organizations

Iacovos Kirlappos and Martina Angela Sasse

Usability and Security by Design: A Case Study in Research and Development

Shamal Faily, John Lyle, Ivan Fléchais and Andrew Simpson

Participatory Design for Security-Related User Interfaces

Susanne Weber, Marian Harbach and Matthew Smith

Exploring the Usability of CAPTCHAS on Smartphones: Comparisons and Recommendations

Gerardo Reynaga, Sonia Chiasson and Paul C. van Oorschot

Passwords Are Not Always Stronger on the Other Side of the Fence

Ijlal Loutfi and Audun Jøsang

Multiple-Password Interference in the GeoPass User Authentication Scheme

Mahdi Nasrullah Al-Ameen and Matthew Wright

Biometric Authentication on iPhone and Android: Usability, Perceptions, and Influences on Adoption

Chandrasekhar Bhagavatula, Blase Ur, Kevin Iacovino, Su Mon Kywey, Lorrie Faith Cranor and Marios Savvides

New Directions in Social Authentication

Sakshi Jain, Juan Lang, Neil Zhenqiang Gong, Dawn Song, Sreya Basuroy and Prateek Mittal

“They brought in the horrible key ring thing!” Analysing the Usability of Two-Factor Authentication in UK Online Banking

Kat Krol, Eleni Philippou, Emiliano De Cristofaro and M. Angela Sasse

Towards Practical Infrastructure for Decoy Routing

Sambuddho Chakravarty, Vinayak Naik, Hrishikesh B. Acharya and Chaitanya Singh Tanwar

Certificates-as-an-Insurance: Incentivizing Accountability in SSL/TLS

Stephanos Matsumoto and Raphael M. Reischuk

The Resilience of the Internet to Colluding Country Induced Connectivity Disruptions

Peter Mell, Richard Harang and Assane Gueye

Inter-Flow Consistency: Novel SDN Update Abstraction for Supporting Inter-Flow Constraints

Weijie Liu, Rakesh B. Bobba, Sibin Mohan and Roy H. Campbell

Towards Autonomic DDoS Mitigation using Software Defined Networking

Rishikesh Sahay, Gregory Blanc, Zonghua Zhang and Herve Debar

Classification of Quantum Repeater Attacks

 Shigeya Suzuki and Rodney Van Meter

Congestion Attacks to Autonomous Cars Using Vehicular Botnets

Mevlut Turker Garip, Mehmet Emre Gursoy, Peter Reiher and Mario Gerla

No More Gotos: Decompilation Using Pattern-Independent Control-Flow Structuring and Semantics-Preserving Transformations

Khaled Yakdan, Sebastian Eschweiler, Elmar Gerhards-Padilla and Matthew Smith

P2C: Understanding Output Data Files via On-the-Fly Transformation from Producer to Consumer Executions

Yonghwi Kwon, Fei Peng, Dohyeong Kim, Kyungtae Kim, Xiangyu Zhang, Dongyan Xu, Vinod Yegneswaran and John Qian

vfGuard: Strict Protection for Virtual Function Calls in COTS C++ Binaries

Aravind Prakashm Xunchao Hu and Heng Yin

Firmalice – Automatic Detection of Authentication Bypass Vulnerabilities in Binary Firmware

Yan Shoshitaishvili, Ruoyu Wang, Christophe Hauser, Christopher Kruegel and Giovanni Vigna

Poisoning Network Visibility in Software-Defined Networks: New Attacks and Countermeasures

Sungmin Hong, Lei Xu, Haopei Wang and Guofei Gu

Securing the Software-Defined Network Control Layer

Phillip Porras, Steven Cheung, Martin Fong, Keith Skinner and Vinod Yegneswaran

SPHINX: Detecting Security Attacks in Software-Defined Networks

Mohan Dhawan, Rishabh Poddar, Kshiteej Mahajan and Vijay Mann

Mind Your Blocks: On the Stealthiness of Malicious BGP Hijacks

Pierre-Antoine Vervier, Olivier Thonnard and Marc Dacier

Run-time Monitoring and Formal Analysis of Information Flows in Chromium

Lujo Bauer, Shaoying Cai, Limin Jia, Timothy Passaro, Michael Stroucken and Yuan Tian

Too LeJIT to Quit: Extending JIT Spraying to ARM

Wilson Lian, Hovav Shacham and Stefan Savage

Exploiting and Protecting Dynamic Code Generation

Chengyu Song, Chao Zhang, Tielei Wang, Wenke Lee and David Melski

The Devil is in the Constants: Bypassing Defenses in Browser JIT Engines

Michalis Athanasakis, Elias Athanasopoulos, Michalis Polychronakis, Georgios Portokalidis and Sotiris Ioannidis

Verified Contributive Channel Bindings for Compound Authentication

Karthikeyan Bhargavan, Antoine Delignat-Lavaud and Alfredo Pironti

Knock Yourself Out: Secure Authentication with Short Re-Usable Passwords

Benjamin Guldenring, Volker Roth and Lars Ries

Preventing Lunchtime Attacks: Fighting Insider Threats With Eye Movement Biometrics

Simon Eberz, Kasper B. Rasmussen, Vincent Lenders and Ivan Martinovic

ABY – A Framework for Efficient Mixed-Protocol Secure Two-Party Computation

Daniel Demmler, Thomas Schneider and Michael Zohner

Spaced Repetition and Mnemonics Enable Recall of Multiple Strong Passwords

Jeremiah Blocki, Saranga Komanduri, Lorrie Cranor and Anupam Datta

Integro: Leveraging Victim Prediction for Robust Fake Account Detection in OSNs

Yazan Boshmaf, Dionysios Logothetis, Georgos Siganos, Jorge Lería, Jose Lorenzo, Matei Ripeanu and Konstantin Beznosov

Efficient RAM and Control Flow in Verifiable Outsourced Computation

Riad S. Wahby, Srinath Setty, Zuocheng Ren, Andrew J. Blumberg and Michael Walfish

On Your Social Network De-anonymizablity: Quantification and Large Scale Evaluation with Seed Knowledge

Shouling Ji, Weiqing Li, Neil Zhenqiang Gong, Prateek Mittal and Raheem Beyah

Predicting Users’ Motivations behind Location Check-Ins and Utility Implications of Privacy Protection Mechanisms

Igor Bilogrevic, Kevin Huguenin, Stefan Mihaila, Reza Shokri and Jean-Pierre Hubaux

NSEC5: Provably Preventing DNSSEC Zone Enumeration

Sharon Goldberg, Moni Naor, Dimitrios Papadopoulos, Leonid Reyzin and Sachin Vasantand Asaf Ziv

Bloom Cookies: Web Search Personalization without User Tracking

Nitesh Mor, Oriana Riva, Suman Nath and John Kubiatowicz

Opaque Control-Flow Integrity

Vishwath Mohan, Per Larsen, Stefan Brunthaler, Kevin W. Hamlen and Michael Franz

Integrated Circuit (IC) Decamouflaging: Reverse Engineering Camouflaged ICs within Minutes

Mohamed El Massad, Siddarth Garg and Mahesh V. Tripunitara

Principled Sampling for Anomaly Detection

Brendan Juba, Christopher Musco, Fan Long, Stelios Sidiroglou-Douskos and Martin Rinard

Thwarting Cache Side-Channel Attacks Through Dynamic Software Diversity

Stephen Crane, Andrei Homescu, Stefan Brunthaler, Per Larsen and Michael Franz

Isomeron: Code Randomization Resilient to (Just-In-Time) Return-Oriented Programming

Lucas Davi, Christopher Liebchen, Ahmad-Reza Sadeghi, Kevin Z. Snow and Fabian Monrose

StackArmor: Comprehensive Protection from Stack-based Memory Error Vulnerabilities for Binaries

Xi Chen, Asia Slowinska, Dennis Andriesse, Herbert Bos and Cristiano Giuffrida

Preventing Use-after-free with Dangling Pointers Nullification

Byoungyoung Lee, Chengyu Song, Yeongjin Jang, Tielei Wang, Taesoo Kim, Long Lu and Wenke Lee

DEFY: A Deniable, Encrypted File System for Log-Structured Storage

Timothy M. Peters, Mark A. Gondree and Zachary N. J. Peterson

Checking More and Alerting Less: Detecting Privacy Leakages via Enhanced Data-flow Analysis and Peer Voting

Kangjie Lu, Zhichun Li, Vasileios P. Kemerlis, Zhenyu Wu, Long Lu, Cong Zheng, Zhiyun Qian, Wenke Lee and Guofie Jiang

Privacy Preserving Payments in Credit Networks: Enabling trust with privacy in online marketplaces

Pedro Moreno-Sanchez, Aniket Kate, Matteo Maffei and Kim Pecina

Gracewipe: Secure and Verifiable Deletion under Coercion

Lianying Zhao and Mohammad Mannan

Machine Learning Classification over Encrypted Data

Raphael Bost, Raluca Ada Popa, Stephen Tu and Shafi Goldwasser

EKHUNTER: A Counter-Offensive Toolkit for Exploit Kit Infiltration

Birhanu Eshete, Abeer Alhuzali, Maliheh Monshizadeh, Phillip Porras, V.N. Venkatakrishnan and Vinod Yegneswaran

FreeSentry: Protecting Against Use-After-Free Vulnerabilities Due to Dangling Pointers

Yves Younan

SeCReT: Secure Channel between Rich Execution Environment and Trusted Execution Environment

Jinsoo Jang, Sunjune Kong, Minsu Kim, Daegyeong Kim and Brent Byunghoon Kang

Phoneypot: Data-driven Understanding of Telephony Threats

Payas Gupta, Bharat Srinivasan, Vijay Balasubramaniyan and Mustaque Ahamad

VTint: Protecting Virtual Function Tables’ Integrity

Chao Zhang, Chengyu Songz, Kevin Zhijie Chen, Zhaofeng Cheny and Dawn Song

DeepDroid: Dynamically Enforcing Enterprise Policy on Android Devices

Xueqiang Wangy, Kun Sun, Yuewu Wang and Jiwu Jing

CopperDroid: Automatic Reconstruction of Android Malware Behaviors

Kimberly Tam, Salahuddin J. Khan, Aristide Fattoriy and Lorenzo Cavallaro

EdgeMiner: Automatically Detecting Implicit Control Flow Transitions through the Android Framework

Yinzhi Caox, Yanick Fratantonioy, Antonio Bianchiy, Manuel Egelez, Christopher Kruegely, Giovanni Vignay, Yan Chen

What’s in Your Dongle and Bank Account? Mandatory and Discretionary Protection of Android External Resources

Soteris Demetriou, Xiaoyong Zhou, Muhammad Naveed, Yeonjoon Lee, Kan Yuan, XiaoFeng Wang and Carl A Gunter

Information-Flow Analysis of Android Applications in DroidSafe

Michael I. Gordon, Deokhwan Kim, Jeff Perkins, Limei Gilhamy, Nguyen Nguyenz and Martin Rinard

I Do Not Know What You Visited Last Summer: Protecting Users from Third-party Web Tracking with TrackingFree Browser

Xiang Pan, Yinzhi Cao and Yan Chen

Upgrading HTTPS in Mid-Air: An Empirical Study of Strict Transport Security and Key Pinning

Michael Kranch and Joseph Bonneau

Seven Months’ Worth of Mistakes: A Longitudinal Study of Typosquatting Abuse

Pieter Agten, Wouter Joosen, Frank Piessensand and Nick Nikiforakis

Parking Sensors: Analyzing and Detecting Parked Domains

Thomas Vissers, Wouter Joosenand and Nick Nikiforakisy

Identifying Cross-origin Resource Status Using Application Cache

Sangho Lee, Hyungsub Kim and Jong Kim