NDSS Symposium 2017 Accepted Papers

Indiscreet Logs: Diffie-Hellman Backdoors in TLS

Kristen Dorey, Nicholas Chang-Fong and Aleksander Essex

On the Safety and Efficiency of Virtual Firewall Elasticity Control

Juan Deng, Hongda Li, Hongxin Hu, Kuang-Ching Wang, Gail-Joon Ahn, Siming Zhao and Wonkyu Han

Fake Co-visitation Injection Attacks to Recommender Systems

Guolei Yang, Neil Zhenqiang Gong and Ying Cai

KEH-Gait: Towards a Mobile Healthcare User Authentication System by Kinetic Energy Harvesting

Weitao Xu, Guohao Lan, Qi Lin, Sara Khalifa, Neil Bergmann, Mahbub Hassan and Wen Hu

Dynamic Virtual Address Range Adjustment for Intra-Level Privilege Separation on ARM

Yeongpil Cho, Donghyun Kwon, Hayoon Yi and Yunheung Paek

Automated Analysis of Privacy Requirements for Mobile Apps

Sebastian Zimmeck, Ziqi Wang, Lieyong Zou, Roger Iyengar, Bin Liu, Florian Schaub, Shomir Wilson, Norman Sadeh, Steven M. Bellovin and Joel Reidenberg

SGX-Shield: Enabling Address Space Layout Randomization for SGX Programs

Jaebaek Seo, Byoungyoung Lee, Seongmin Kim, Ming-Wei Shih, Insik Shin, Dongsu Han and Taesoo Kim

ContexIoT: Towards Providing Contextual Integrity to Appified IoT Platforms

Yunhan Jack Jia, Qi Alfred Chen, Shiqi Wang, Amir Rahmati, Earlence Fernandes, Z. Morley Mao and Atul Prakash

Constant Round Maliciously Secure 2PC with Function-independent Preprocessing using LEGO

Jesper Buus Nielsen, Thomas Schneider and Roberto Trifiletti

A Large-scale Analysis of the Mnemonic Password Advice

Johannes Kiesel, Benno Stein and Stefan Lucks

TumbleBit: An Untrusted Bitcoin-Compatible Anonymous Payment Hub

Ethan Heilman, Leen Alshenibr, Foteini Baldimtsi, Alessandra Scafuro and Sharon Goldberg

Fast Actively Secure OT Extension for Short Secrets

Arpita Patra, Pratik Sarkar and Ajith Suresh

Show Me the Money! Finding Flawed Implementations of Third-party In-app Payment in Android Apps

Wenbo Yang, Juanru Li, Hui Liu, Qing Wang, Yueheng Zhang, Yuanyuan Zhang and Dawu Gu

MARX: Uncovering Class Hierarchies in C++ Programs

Andre Pawlowski, Moritz Contag, Victor van der Veen, Chris Ouwehand, Thorsten Holz, Herbert Bos, Elias Athanasopoulos and Cristiano Giuffrida

Pushing the Communication Barrier in Secure Computation using Lookup Tables

Ghada Dessouky, Farinaz Koushanfar, Ahmad-Reza Sadeghi, Thomas Schneider, Shaza Zeitouni and Michael Zohner

FBS-Radar: Uncovering Fake Base Stations at Scale in the Wild

Zhenhua Li, Weiwei Wang, Christo Wilson, Jian Chen, Chen Qian, Taeho Jung, Lan Zhang, Kebin Liu, Xiangyang Li and Yunhao Liu

Enabling Reconstruction of Attacks on Users via Efficient Browsing Snapshots

Phani Vadrevu, Jienan Liu, Bo Li, Babak Rahbarinia, Kyu Hyung Lee and Roberto Perdisci

A Call to ARMs: Understanding the Costs and Benefits of JIT Spraying Mitigations

Wilson Lian, Hovav Shacham and Stefan Savage

Using Fully Homomorphic Encryption for Statistical Analysis of Categorical, Ordinal and Numerical Data

Wen-jie Lu, Shohei Kawasaki and Jun Sakuma

Are We There Yet? On RPKI’s Deployment and Security

Yossi Gilad, Avichai Cohen, Amir Herzberg, Michael Schapira and Haya Shulman

Cracking Android Pattern Lock in Five Attempts

Guixin Ye, Zhanyong Tang, Dingyi Fang, Xiaojiang Chen, Kwang In Kim, Ben Taylor and Zheng Wang

Internet-scale Probing of CPS: Inference, Characterization and Orchestration Analysis

Claude Fachkha, Elias Bou-Harb, Anastasis Keliris, Nasir Memon and Mustaque Ahamad

(Cross-)Browser Fingerprinting via OS and Hardware Level Features

Yinzhi Cao, Song Li and Erik Wijmans

WireGuard: Next Generation Kernel Network Tunnel

Jason A. Donenfeld

Dial One for Scam: A Large-Scale Analysis of Technical Support Scams

Najmeh Miramirkhani, Oleksii Starov and Nick Nikiforakis

Measuring small subgroup attacks against Diffie-Hellman

Luke Valenta, David Adrian, Antonio Sanso, Shaanan Cohney, Joshua Fried, Marcella Hastings, J. Alex Halderman and Nadia Heninger

SafeInit: Comprehensive and Practical Mitigation of Uninitialized Read Vulnerabilities

Alyssa Milburn, Herbert Bos and Cristiano Giuffrida

ObliviSync: Practical Oblivious File Backup and Synchronization

Adam J. Aviv, Seung Geol Choi, Travis Mayberry and Daniel S. Roche

T-SGX: Eradicating Controlled-Channel Attacks Against Enclave Programs

Ming-Wei Shih, Sangho Lee, Taesoo Kim and Marcus Peinado

An Evil Copy: How the Loader Betrays You

Xinyang Ge, Mathias Payer and Trent Jaeger

PSI: Precise Security Instrumentation for Enterprise Networks

Tianlong Yu, Seyed K. Fayaz, Michael Collins, Vyas Sekar and Srinivasan Seshan

Catching Worms, Trojan Horses and PUPs: Unsupervised Detection of Silent Delivery Campaigns

Bum Jun Kwon, Virinchi Srinivas, Amol Deshpande and Tudor Dumitras

Dachshund: Digging for and Securing (Non-)Blinded Constants in JIT Code

Giorgi Maisuradze, Michael Backes and Christian Rossow

Ramblr: Making Reassembly Great Again

Ruoyu Wang, Yan Shoshitaishvili, Antonio Bianchi, Aravind Machiry, John Grosen, Paul Grosen, Christopher Kruegel and Giovanni Vigna

BOOMERANG: Exploiting the Semantic Gap in Trusted Execution Environments

Aravind Machiry, Eric Gustafson, Chad Spensky, Christopher Salls, Nick Stephens, Ruoyu Wang, Antonio Bianchi, Yung Ryn Choe, Christopher Kruegel and Giovanni Vigna

Dynamic Differential Location Privacy with Personalized Error Bounds

Lei Yu, Ling Liu and Calton Pu

A Broad View of the Ecosystem of Socially Engineered Exploit Documents

Stevens Le Blond, Cedric Gilbert, Utkarsh Upadhyay, Manuel Gomez Rodriguez and David Choffnes

Dark Hazard: Learning-based, Large-Scale Discovery of Hidden Sensitive Operations in Android Apps

Xiaorui Pan, Xueqiang Wang, Yue Duan, XiaoFeng Wang and Heng Yin

ASLR on the Line: Practical Cache Attacks on the MMU

Ben Gras, Kaveh Razavi, Erik Bosman, Herbert Bos and Cristiano Giuffrida

Stack Bounds Protection with Low Fat Pointers

Gregory J. Duck, Roland H.C. Yap and Lorenzo Cavallaro

Towards Implicit Visual Memory-Based Authentication

Claude Castelluccia, Markus Duermuth, Maximilian Golla and Fatma Imamoglu

Hello from the Other Side: SSH over Robust Cache Covert Channels in the Cloud

Clementine Maurice, Manuel Weber, Michael Schwarz, Lukas Giner, Daniel Gruss, Carlo Alberto Boano, Stefan Mangard and Kay Rœmer

Avoiding The Man on the Wire: Improving Tor’s Security with Trust-Aware Path Selection

Aaron Johnson, Rob Jansen, Aaron D. Jaggard, Joan Feigenbaum and Paul Syverson

The Effect of DNS on Tor’s Anonymity

Benjamin Greschbach, Tobias Pulls, Laura M. Roberts, Philipp Winter and Nick Feamster

Hey, My Malware Knows Physics! Attacking PLCs with Physical Model Aware Rootkit

Luis Garcia, Ferdinand Brasser, Mehmet H. Cintuglu, Ahmad-Reza Sadeghi, Osama Mohammed and Saman A. Zonouz

Wi-Fly?: Detecting Privacy Invasion Attacks by Consumer Drones

Simon Birnbach, Richard Baker and Ivan Martinovic

Dissecting Tor Bridges: a Security Evaluation of their Private and Public Infrastructures

Srdjan Matic, Carmela Troncoso and Juan Caballero

HOP: Hardware makes Obfuscation Practical

Kartik Nayak, Christopher Fletcher, Ling Ren, Nishanth Chandran, Satya Lokam, Elaine Shi and Vipul Goyal

MaMaDroid: Detecting Android Malware by Building Markov Chains of Behavioral Models

Enrico Mariconti, Lucky Onwuzurike, Panagiotis Andriotis, Emiliano De Cristofaro, Gordon Ross and Gianluca Stringhini

TenantGuard: Scalable Runtime Verification of Cloud-Wide VM-Level Network Isolation

Yushun Wang, Taous Madi, Suryadipta Majumdar, Yosr Jarraya, Amir Alimohammadifar, Makan Pourzandi, Lingyu Wang and Mourad Debbabi

Automated Synthesis of Semantic Malware Signatures using Maximum Satisfiability

Yu Feng, Osbert Bastani, Ruben Martins, Isil Dillig and Saswat Anand

Unleashing Use-Before-Initialization Vulnerabilities in the Linux Kernel Using Targeted Stack Spraying

Kangjie Lu, Marie-Therese Walter, David Pfaff, Stefan Nuernberger, Wenke Lee and Michael Backes

IO-DSSE: Scaling Dynamic Searchable Encryption to Millions of Indexes By Improving Locality

Ian Miers and Payman Mohassel

VUzzer: Application-aware Evolutionary Fuzzing

Sanjay Rawat, Vivek Jain, Ashish Kumar, Lucian Cojocar, Cristiano Giuffrida and Herbert Bos

Broken Hearted: How To Attack ECG Biometrics

Simon Eberz, Nicola Paoletti, Marc Roeschlin, Andrea Patane, Marta Kwiatkowska and Ivan Martinovic

HisTorε: Differentially Private and Robust Statistics Collection for Tor

Akshaya Mani and Micah Sherr

Thou Shalt Not Depend on Me: Analysing the Use of Outdated JavaScript Libraries on the Web

Tobias Lauinger, Abdelberi Chaabane, Sajjad Arshad, William Robertson, Christo Wilson and Engin Kirda

P2P Mixing and Unlinkable Bitcoin Transactions

Tim Ruffing, Pedro Moreno-Sanchez and Aniket Kate

PT-Rand: Practical Mitigation of Data-only Attacks against Page Tables

Lucas Davi, David Gens, Christopher Liebchen and Ahmad-Reza Sadeghi

SilentWhispers: Enforcing Security and Privacy in Decentralized Credit Networks

Giulio Malavolta, Pedro Moreno-Sanchez, Aniket Kate and Matteo Maffei

Deconstructing Xen

Lei Shi, Yuming Wu, Yubin Xia, Nathan Dautenhahn, Haibo Chen, Binyu Zang, Haibing Guan and Jinming Li

The Security Impact of HTTPS Interception

Zakir Durumeric, Zane Ma, Drew Springall, Richard Barnes, Nick Sullivan, Elie Bursztein, Michael Bailey, J. Alex Halderman and Vern Paxson

DELTA: A Security Assessment Framework for Software-Defined Networks

Seungsoo Lee, Changhoon Yoon, Chanhee Lee, Seungwon Shin, Vinod Yegneswaran and Phillip Porras

Obfuscation-Resilient Privacy Leak Detection for Mobile Apps Through Differential Analysis

Andrea Continella, Yanick Fratantonio, Martina Lindorfer, Alessandro Puccetti, Ali Zand, Christopher Kruegel and Giovanni Vigna

A2C: Self Destructing Exploit Executions via Input Perturbation

Yonghwi Kwon, Brendan Saltaformaggio, I Luk Kim, Kyu Hyung Lee, Xiangyu Zhang and Dongyan Xu

Address Oblivious Code Reuse: On the Effectiveness of Leakage Resilient Diversity

Robert Rudd, Richard Skowyra, David Bigelow, Veer Dedhia, Thomas Hobson, Stephen Crane, Christopher Liebchen, Per Larsen, Lucas Davi, Michael Franz, Ahmad-Reza Sadeghi and Hamed Okhravi

Panoply: Low-TCB Linux Applications With SGX Enclaves

Shweta Shinde, Dat Le Tien, Shruti Tople and Prateek Saxena

WindowGuard: Systematic Protection of GUI Security in Android

Chuangang Ren, Peng Liu and Sencun Zhu