NDSS Symposium 2016 Accepted Papers

Transcript Collision Attacks: Breaking Authentication in TLS, IKE and SSH

Karthikeyan Bhargavan and Gaetan Leurent

TLS in the Wild: An Internet-wide Analysis of TLS-based Protocols for Electronic Communication

Ralph Holz, Johanna Amann, Olivier Mehani, Mohamed Ali Kaafar and Matthias Wachs

Killed by Proxy: Analyzing Client-end TLS Interception Software

Xavier de Carné de Carnavalet and Mohammad Mannan

SIBRA: Scalable Internet Bandwidth Reservation Architecture

Cristina Basescu, Raphael M. Reischuk, Pawel Szalachowski, Adrian Perrig, Yao Zhang, Hsu-Chun Hsiao, Ayumu Kubota and Jumpei Urakawa

Don’t Forget to Lock the Back Door! A Characterization of IPv6 Network Security Policy

Jakub Czyz, Matthew Luckie, Mark Allman and Michael Bailey 

Attacking the Network Time Protocol

Aanchal Malhotra, Isaac E. Cohen, Erik Brakke and Sharon Goldberg

SPIFFY: Inducing Cost-Detectability Tradeoffs for Persistent Link-Flooding Attacks

Min Suk Kang, Virgil D. Gligor and Vyas Sekar

CrossFire: An Analysis of Firefox Extension-Reuse Vulnerabilities

Ahmet Buyukkayhan, Kaan Onarlioglu, William Robertson and Engin Kirda 

It’s Free for a Reason: Exploring the Ecosystem of Free Live Streaming Services

M. Zubair Rafique, Tom Van Goethem, Wouter Joosen, Christophe Huygens and Nick Nikiforakis

Attack Patterns for Black-Box Security Testing of Multi-Party Web Applications

Avinash Sudhodanan, Alessandro Armando, Roberto Carbone and Luca Compagna 

Are these Ads Safe: Detecting Hidden Attacks through the Mobile App-Web Interfaces

Vaibhav Rastogi, Rui Shao, Yan Chen, Xiang Pan, Shihong Zou and Ryan Riley

Enabling Practical Software-defined Networking Security Applications with OFX

John Sonchack, Jonathan M. Smith, Adam J. Aviv and Eric Keller 

Forwarding-Loop Attacks in Content Delivery Networks

Jianjun Chen,  Xiaofeng Zheng, Haixin Duan and Jinjin Liang, Jian Jiang, Kang Li, Tao Wan and Vern Paxson

CDN-on-Demand:  An affordable DDoS Defense via Untrusted Clouds

Yossi Gilad, Amir Herzberg, Michael Sudkovitch and Michael Goberman

Towards SDN-Defined Programmable BYOD (Bring Your Own Device) Security

Sungmin Hong, Robert Baykov, Lei Xu, Srinath Nadimpalli and Guofei Gu

Centrally Banked Cryptocurrencies

George Danezis and Sarah Meiklejohn

Equihash: Asymmetric Proof-of-Work Based on the Generalized Birthday Problem

Alex Biryukov and Dmitry Khovratovich

A Simple Generic Attack on Text Captchas

Haichang Gao, Jeff Yan, Fang Cao, Zhengya Zhang, Lei Lei, Mengyun Tang, Ping Zhang, Xin Zhou, Xuqin Wang and Jiawei Li

You are a Game Bot!: Uncovering Game Bots in MMORPGs via Self-similarity in the Wild

Eunjo Lee, Jiyoung Woo, Hyoungshick Kim, Aziz Mohaisen and Huy Kang Kim

Tracking Mobile Web Users Through Motion Sensors: Attacks and Defenses

Anupam Das, Nikita Borisov and Matthew Caesar 

The Price of Free: Privacy Leakage in Personalized Mobile In-Apps Ads

Wei Meng, Ren Ding, Simon P. Chung, Steven Han and Wenke Lee

What Mobile Ads Know About Mobile Users

Sooel Son, Daehyeok Kim and Vitaly Shmatikov

Free for All! Assessing User Data Exposure to Advertising Libraries on Android

Soteris Demetriou, Whitney Merrill, Wei Yang, Aston Zhang and Carl A. Gunter 

Practical Attacks Against Privacy and Availability in 4G/LTE Mobile Communication Systems

Altaf Shaik, Jean-Pierre Seifert, Ravishankar Borgaonkar, N. Asokan and Valtteri Niemi

Towards Automated Dynamic Analysis for Linux-based Embedded Firmware

Daming D. Chen, Maverick Woo and David Brumley and Manuel Egele 

discovRE: Efficient Cross-Architecture Identification of Bugs in Binary Code

Sebastian Eschweiler and Khaled Yakdan and Elmar Gerhards-Padilla

Driller: Augmenting Fuzzing Through Selective Symbolic Execution

Nick Stephens, John Grosen, Christopher Salls, Andrew Dutcher, Ruoyu Wang, Jacopo Corbetta, Yan Shoshitaishvili, Christopher Kruegel and Giovanni Vigna

VTrust: Regaining Trust on Virtual Calls

Chao Zhang and Dawn Song, Scott A. Carr and Mathias Payer, Tongxin Li and Yu Ding and Chengyu Song

Protecting C++ Dynamic Dispatch Through VTable Interleaving

Dimitar Bounov, Rami Gökhan Kıcı and Sorin Lerner

ProTracer: Towards Practical Provenance Tracing by Alternating Between Logging and Tainting

Shiqing Ma, Xiangyu Zhang and Dongyan Xu

Who’s in Control of Your Control System? Device Fingerprinting for Cyber-Physical Systems

David Formby, Preethi Srinivasan, Andrew Leonard, Jonathan Rogers and Raheem Beyah

SKEE: A lightweight Secure Kernel-level Execution Environment for ARM

Ahmed Azab, Kirk Swidowski, Rohan Bhutkar, Jia Ma, Wenbo Shen, Ruowen Wang and Peng Ning 

OpenSGX: An Open Platform for SGX Research

Prerit Jain, Soham Desai, Ming-Wei Shih and Taesoo Kim, Seongmin Kim, JaeHyuk Lee, Changho Choi, Youjung Shin, Brent Byunghoon Kang and Dongsu Han 

Efficient Private Statistics with Succinct Sketches

Luca Melis, George Danezis and Emiliano De Cristofaro 

Dependence Makes You Vulnerable: Differential Privacy Under Dependent Tuples

Changchang Liu and Prateek Mittal and Supriyo Chakraborty

Privacy-Preserving Shortest Path Computation

David J. Wu, Joe Zimmerman, Jérémy Planul and John C. Mitchell 

LinkMirage: Enabling Privacy-preserving Analytics on Social Relationships

Changchang Liu and Prateek Mittal 

Do You See What I See? Differential Treatment of Anonymous Users

Sheharbano Khattak, David Fifield, Sadia Afroz and Mobin Javed, Srikanth Sundaresan and Damon McCoy, Vern Paxson and Steven J. Murdoch

Measuring and Mitigating AS-level Adversaries Against Tor

Rishab Nithyanand, Oleksii Starov and Phillipa Gill, Adva Zair and Michael Schapira

Website Fingerprinting at Internet Scale

Andriy Panchenko, Fabian Lanze, Jan Pennekamp and Thomas Engel, Andreas Zinnen, Martin Henze and Klaus Wehrle 

Extract Me If You Can: Abusing PDF Parsers in Malware Detectors

Curtis Carmony, Xunchao Hu, Heng Yin and Abhishek Vasisht and Mu Zhang 

Automatically Evading Classifiers: A Case Study on PDF Malware Classifiers

Weilin Xu, Yanjun Qi and David Evans

Cache, Trigger, Impersonate:  Enabling Context-Sensitive Honeyclient Analysis On-the-Wire

Teryl Taylor, Kevin Z. Snow, Nathan Otterness and Fabian Monrose

LO-PHI: Low-Observable Physical Host Instrumentation for Malware Analysis

Chad Spensky, Hongyi Hu and Kevin Leach

When a Tree Falls:  Using Diversity in Ensemble Classifiers to Identify Evasion in Malware Detectors

Charles Smutz and Angelos Stavrou 

Kratos: Discovering Inconsistent Security Policy Enforcement in the Android Framework

Yuru Shao, Qi Alfred Chen and Z. Morley Mao, Jason Ott and Zhiyun Qian

How to Make ASLR Win the Clone Wars: Runtime Re-Randomization

Kangjie Lu and Wenke Lee, Stefan Nürnberger and Michael Backes

Leakage-Resilient Layout Randomization for Mobile Devices

Kjell Braden, Lucas Davi, Christopher Liebchen, Ahmad-Reza Sadeghi, Stephen Crane, Michael Franz and Per Larsen

Enabling Client-Side Crash-Resistance to Overcome Diversification and Information Hiding

Robert Gawlik, Benjamin Kollenda, Philipp Koppe, Behrad Garmany and Thorsten Holz

Enforcing Kernel Security Invariants with Data Flow Integrity

Chengyu Song, Byoungyoung Lee, Kangjie Lu, William Harris, Taesoo Kim and Wenke Lee 

Going Native: Using a Large-Scale Analysis of Android Apps to Create a Practical Native-Code Sandboxing Policy

Vitor Afonso and Paulo de Geus, Antonio Bianchi, Yanick Fratantonio, Christopher Kruegel, Giovanni Vigna, Adam Doupe and Mario Polino

Life after App Uninstallation: Are the Data Still Alive? Data Residue Attacks on Android

Xiao Zhang, Kailiang Ying, Yousra Aafer, Zhenshen Qiu and Wenliang Du

FLEXDROID: Enforcing In-App Privilege Separation in Android

Jaebaek Seo, Daehyeok Kim, Donghyun Cho, Insik Shin and Taesoo Kim

IntelliDroid: A Targeted Input Generator for the Dynamic Analysis of Android Malware

Michelle Y. Wong and David Lie

Harvesting Runtime Values in Android Applications That Feature Anti-Analysis Techniques

Siegfried Rasthofer, Steven Arzt, Marc Miltenberger and Eric Bodden 

Automatic Forgery of Cryptographically Consistent Messages to Identify Security Vulnerabilities in Mobile Services

Chaoshun Zuo, Wubing Wang, Zhiqiang Lin and Rui Wang

Differentially Private Password Frequency Lists

Jeremiah Blocki, Anupam Datta and Joseph Bonneau 

Who Are You? A Statistical Approach to Measuring User Authenticity

David Freeman, Sakshi Jain, Markus Duermuth, Battista Biggio and Giorgio Giacinto

Pitfalls in Designing Zero-Effort Deauthentication: Opportunistic Human Observation Attacks

Otto Huhta, Swapnil Udar, Mika Juuti, Prakash Shrestha, Nitesh Saxena and N. Asokan

VISIBLE: Video-Assisted Keystroke Inference from Tablet Backside Motion

Jingchao Sun, Xiaocong, Yimin Chen, Jinxue Zhang, Yanchao Zhang and Rui Zhang