List of accepted papers for NDSS 2017

Indiscreet Logs: Diffie-Hellman Backdoors in TLS

(Kristen Dorey, Nicholas Chang-Fong, Aleksander Essex)

On the Safety and Efficiency of Virtual Firewall Elasticity Control

(Juan Deng, Hongda Li, Hongxin Hu, Kuang-Ching Wang, Gail-Joon Ahn, Siming Zhao, Wonkyu Han)

Fake Co-visitation Injection Attacks to Recommender Systems

(Guolei Yang, Neil Zhenqiang Gong, Ying Cai)

KEH-Gait: Towards a Mobile Healthcare User Authentication System by Kinetic Energy Harvesting

(Weitao Xu, Guohao Lan, Qi Lin, Sara Khalifa, Neil Bergmann, Mahbub Hassan, Wen Hu)

Dynamic Virtual Address Range Adjustment for Intra-Level Privilege Separation on ARM

(Yeongpil Cho, Donghyun Kwon, Hayoon Yi, Yunheung Paek)

Automated Analysis of Privacy Requirements for Mobile Apps

(Sebastian Zimmeck, Ziqi Wang, Lieyong Zou, Roger Iyengar, Bin Liu, Florian Schaub, Shomir Wilson, Norman Sadeh, Steven M. Bellovin, Joel Reidenberg)

SGX-Shield: Enabling Address Space Layout Randomization for SGX Programs

(Jaebaek Seo, Byoungyoung Lee, Seongmin Kim, Ming-Wei Shih, Insik Shin, Dongsu Han, Taesoo Kim)

ContexIoT: Towards Providing Contextual Integrity to Appified IoT Platforms

(Yunhan Jack Jia, Qi Alfred Chen, Shiqi Wang, Amir Rahmati, Earlence Fernandes, Z. Morley Mao, Atul Prakash)

Constant Round Maliciously Secure 2PC with Function-independent Preprocessing using LEGO

(Jesper Buus Nielsen, Thomas Schneider, Roberto Trifiletti)

A Large-scale Analysis of the Mnemonic Password Advice

(Johannes Kiesel, Benno Stein, Stefan Lucks)

TumbleBit: An Untrusted Bitcoin-Compatible Anonymous Payment Hub

(Ethan Heilman, Leen Alshenibr, Foteini Baldimtsi, Alessandra Scafuro, Sharon Goldberg)

Fast Actively Secure OT Extension for Short Secrets

(Arpita Patra, Pratik Sarkar, Ajith Suresh)

Show Me the Money! Finding Flawed Implementations of Third-party In-app Payment in Android Apps

(Wenbo Yang, Juanru Li, Hui Liu, Qing Wang, Yueheng Zhang, Yuanyuan Zhang, Dawu Gu)

MARX: Uncovering Class Hierarchies in C++ Programs

(Andre Pawlowski, Moritz Contag, Victor van der Veen, Chris Ouwehand, Thorsten Holz, Herbert Bos, Elias Athanasopoulos, Cristiano Giuffrida)

Pushing the Communication Barrier in Secure Computation using Lookup Tables

(Ghada Dessouky, Farinaz Koushanfar, Ahmad-Reza Sadeghi, Thomas Schneider, Shaza Zeitouni, Michael Zohner)

FBS-Radar: Uncovering Fake Base Stations at Scale in the Wild

(Zhenhua Li, Weiwei Wang, Christo Wilson, Jian Chen, Chen Qian, Taeho Jung, Lan Zhang, Kebin Liu, Xiangyang Li, Yunhao Liu)

Enabling Reconstruction of Attacks on Users via Efficient Browsing Snapshots

(Phani Vadrevu, Jienan Liu, Bo Li, Babak Rahbarinia, Kyu Hyung Lee, Roberto Perdisci)

A Call to ARMs: Understanding the Costs and Benefits of JIT Spraying Mitigations

(Wilson Lian, Hovav Shacham, Stefan Savage)

Using Fully Homomorphic Encryption for Statistical Analysis of Categorical, Ordinal and Numerical Data

(Wen-jie Lu, Shohei Kawasaki, Jun Sakuma)

Are We There Yet? On RPKI’s Deployment and Security

(Yossi Gilad, Avichai Cohen, Amir Herzberg, Michael Schapira, Haya Shulman)

Cracking Android Pattern Lock in Five Attempts

(Guixin Ye, Zhanyong Tang, Dingyi Fang, Xiaojiang Chen, Kwang In Kim, Ben Taylor, Zheng Wang)

Internet-scale Probing of CPS: Inference, Characterization and Orchestration Analysis

(Claude Fachkha, Elias Bou-Harb, Anastasis Keliris, Nasir Memon, Mustaque Ahamad)

(Cross-)Browser Fingerprinting via OS and Hardware Level Features

(Yinzhi Cao, Song Li, Erik Wijmans)

WireGuard: Next Generation Kernel Network Tunnel

(Jason A. Donenfeld)

Dial One for Scam: A Large-Scale Analysis of Technical Support Scams

(Najmeh Miramirkhani, Oleksii Starov, Nick Nikiforakis)

Measuring small subgroup attacks against Diffie-Hellman

(Luke Valenta, David Adrian, Antonio Sanso, Shaanan Cohney, Joshua Fried, Marcella Hastings, J. Alex Halderman, Nadia Heninger)

SafeInit: Comprehensive and Practical Mitigation of Uninitialized Read Vulnerabilities

(Alyssa Milburn, Herbert Bos, Cristiano Giuffrida)

ObliviSync: Practical Oblivious File Backup and Synchronization

(Adam J. Aviv, Seung Geol Choi, Travis Mayberry, Daniel S. Roche)

T-SGX: Eradicating Controlled-Channel Attacks Against Enclave Programs

(Ming-Wei Shih, Sangho Lee, Taesoo Kim, Marcus Peinado)

An Evil Copy: How the Loader Betrays You

(Xinyang Ge, Mathias Payer, Trent Jaeger)

PSI: Precise Security Instrumentation for Enterprise Networks

(Tianlong Yu, Seyed K. Fayaz, Michael Collins, Vyas Sekar, Srinivasan Seshan)

Catching Worms, Trojan Horses and PUPs: Unsupervised Detection of Silent Delivery Campaigns

(Bum Jun Kwon, Virinchi Srinivas, Amol Deshpande, Tudor Dumitras)

Dachshund: Digging for and Securing (Non-)Blinded Constants in JIT Code

(Giorgi Maisuradze, Michael Backes, Christian Rossow)

Ramblr: Making Reassembly Great Again

(Ruoyu Wang, Yan Shoshitaishvili, Antonio Bianchi, Aravind Machiry, John Grosen, Paul Grosen, Christopher Kruegel, Giovanni Vigna)

BOOMERANG: Exploiting the Semantic Gap in Trusted Execution Environments

(Aravind Machiry, Eric Gustafson, Chad Spensky, Christopher Salls, Nick Stephens, Ruoyu Wang, Antonio Bianchi, Yung Ryn Choe, Christopher Kruegel, Giovanni Vigna)

Dynamic Differential Location Privacy with Personalized Error Bounds

(Lei Yu, Ling Liu, Calton Pu)

A Broad View of the Ecosystem of Socially Engineered Exploit Documents

(Stevens Le Blond, Cedric Gilbert, Utkarsh Upadhyay, Manuel Gomez Rodriguez, David Choffnes)

Dark Hazard: Learning-based, Large-Scale Discovery of Hidden Sensitive Operations in Android Apps

(Xiaorui Pan, Xueqiang Wang, Yue Duan, XiaoFeng Wang, Heng Yin)

ASLR on the Line: Practical Cache Attacks on the MMU

(Ben Gras, Kaveh Razavi, Erik Bosman, Herbert Bos, Cristiano Giuffrida)

Stack Bounds Protection with Low Fat Pointers

(Gregory J. Duck, Roland H.C. Yap, Lorenzo Cavallaro)

Towards Implicit Visual Memory-Based Authentication

(Claude Castelluccia, Markus Duermuth, Maximilian Golla, Fatma Imamoglu)

Hello from the Other Side: SSH over Robust Cache Covert Channels in the Cloud

(Clementine Maurice, Manuel Weber, Michael Schwarz, Lukas Giner, Daniel Gruss, Carlo Alberto Boano, Stefan Mangard, Kay Rœmer)

Avoiding The Man on the Wire: Improving Tor’s Security with Trust-Aware Path Selection

(Aaron Johnson, Rob Jansen, Aaron D. Jaggard, Joan Feigenbaum Paul Syverson)

The Effect of DNS on Tor’s Anonymity

(Benjamin Greschbach, Tobias Pulls, Laura M. Roberts, Philipp Winter, Nick Feamster)

Hey, My Malware Knows Physics! Attacking PLCs with Physical Model Aware Rootkit

(Luis Garcia, Ferdinand Brasser, Mehmet H. Cintuglu, Ahmad-Reza Sadeghi, Osama Mohammed, Saman A. Zonouz)

Wi-Fly?: Detecting Privacy Invasion Attacks by Consumer Drones

(Simon Birnbach, Richard Baker, Ivan Martinovic)

Dissecting Tor Bridges: a Security Evaluation of their Private and Public Infrastructures

(Srdjan Matic, Carmela Troncoso, Juan Caballero)

HOP: Hardware makes Obfuscation Practical

(Kartik Nayak, Christopher Fletcher, Ling Ren, Nishanth Chandran, Satya Lokam, Elaine Shi, Vipul Goyal)

MaMaDroid: Detecting Android Malware by Building Markov Chains of Behavioral Models

(Enrico Mariconti, Lucky Onwuzurike, Panagiotis Andriotis, Emiliano De Cristofaro, Gordon Ross, Gianluca Stringhini)

TenantGuard: Scalable Runtime Verification of Cloud-Wide VM-Level Network Isolation

(Yushun Wang, Taous Madi, Suryadipta Majumdar, Yosr Jarraya, Amir Alimohammadifar, Makan Pourzandi, Lingyu Wang, Mourad Debbabi)

Automated Synthesis of Semantic Malware Signatures using Maximum Satisfiability

(Yu Feng, Osbert Bastani, Ruben Martins, Isil Dillig, Saswat Anand)

Unleashing Use-Before-Initialization Vulnerabilities in the Linux Kernel Using Targeted Stack Spraying

(Kangjie Lu, Marie-Therese Walter, David Pfaff, Stefan Nuernberger, Wenke Lee, Michael Backes)

IO-DSSE: Scaling Dynamic Searchable Encryption to Millions of Indexes By Improving Locality

(Ian Miers, Payman Mohassel)

VUzzer: Application-aware Evolutionary Fuzzing

(Sanjay Rawat, Vivek Jain, Ashish Kumar, Lucian Cojocar, Cristiano Giuffrida, Herbert Bos)

Broken Hearted: How To Attack ECG Biometrics

(Simon Eberz, Nicola Paoletti, Marc Roeschlin, Andrea Patane, marta Kwiatkowska, Ivan Martinovic)

HisTorε: Differentially Private and Robust Statistics Collection for Tor

(Akshaya Mani, Micah Sherr)

Thou Shalt Not Depend on Me: Analysing the Use of Outdated JavaScript Libraries on the Web

(Tobias Lauinger, Abdelberi Chaabane, Sajjad Arshad, William Robertson, Christo Wilson, Engin Kirda)

P2P Mixing and Unlinkable Bitcoin Transactions

(Tim Ruffing, Pedro Moreno-Sanchez, Aniket Kate)

PT-Rand: Practical Mitigation of Data-only Attacks against Page Tables

(Lucas Davi, David Gens, Christopher Liebchen, Ahmad-Reza Sadeghi)

SilentWhispers: Enforcing Security and Privacy in Decentralized Credit Networks

(Giulio Malavolta, Pedro Moreno-Sanchez, Aniket Kate, Matteo Maffei)

Deconstructing Xen

(Lei Shi, Yuming Wu, Yubin Xia, Nathan Dautenhahn, Haibo Chen, Binyu Zang, Haibing Guan, Jinming Li)

The Security Impact of HTTPS Interception

(Zakir Durumeric, Zane Ma, Drew Springall, Richard Barnes, Nick Sullivan, Elie Bursztein, Michael Bailey, J. Alex Halderman, Vern Paxson)

DELTA: A Security Assessment Framework for Software-Defined Networks

(Seungsoo Lee, Changhoon Yoon, Chanhee Lee, Seungwon Shin, Vinod Yegneswaran, Phillip Porras)

Obfuscation-Resilient Privacy Leak Detection for Mobile Apps Through Differential Analysis

(Andrea Continella, Yanick Fratantonio, Martina Lindorfer, Alessandro Puccetti, Ali Zand, Christopher Kruegel, Giovanni Vigna)

A2C: Self Destructing Exploit Executions via Input Perturbation

(Yonghwi Kwon, Brendan Saltaformaggio, I Luk Kim, Kyu Hyung Lee, Xiangyu Zhang, Dongyan Xu)

Address Oblivious Code Reuse: On the Effectiveness of Leakage Resilient Diversity

(Robert Rudd, Richard Skowyra, David Bigelow, Veer Dedhia, Thomas Hobson, Stephen Crane, Christopher Liebchen, Per Larsen, Lucas Davi, Michael Franz, Ahmad-Reza Sadeghi, Hamed Okhravi)

Panoply: Low-TCB Linux Applications With SGX Enclaves

(Shweta Shinde, Dat Le Tien, Shruti Tople, Prateek Saxena)

WindowGuard: Systematic Protection of GUI Security in Android

(Chuangang Ren, Peng Liu, Sencun Zhu)