NDSS Symposium 2018 Accepted Papers

The NDSS 2018 Program was constructed from the following list of accepted papers. The papers on the list are ordered by submission number, and some of the papers are subject to shepherding.

IoTFuzzer: Discovering Memory Corruptions in IoT Through App-based Fuzzing

Jiongyi Chen, Wenrui Diao, Qingchuan Zhao, Chaoshun Zuo, Zhiqiang Lin, XiaoFeng Wang, Wing Cheong Lau, Menghan Sun, Ronghai Yang and Kehuan Zhang

Fear and Logging in the Internet of Things

Qi Wang, Wajih Ul Hassan, Adam Bates and Carl Gunter

Decentralized Action Integrity for Trigger-Action IoT Platforms

Earlence Fernandes, Amir Rahmati, Jaeyeon Jung and Atul Prakash 

What You Corrupt Is Not What You Crash: Challenges in Fuzzing Embedded Devices

Marius Muench, Jan Stijohann, Frank Kargl, Aurelien Francillon and Davide Balzarotti

Didn’t You Hear Me? – Towards More Successful Web Vulnerability Notifications

Ben Stock, Giancarlo Pellegrino, Frank Li, Michael Backes and Christian Rossow 

Exposing Congestion Attack on Emerging Connected Vehicle based Traffic Signal Control

Qi Alfred Chen, Yucheng Yin, Yiheng Feng, Z. Morley Mao and Henry X. Liu

Removing Secrets from Android’s TLS

Jaeho Lee and Dan S. Wallach

rtCaptcha: A Real-Time CAPTCHA Based Liveness Detection System

Erkam Uzun, Simon Pak Ho Chung, Irfan Essa and Wenke Lee

Automated Attack Discovery in TCP Congestion Control Using a Model-guided Approach

Samuel Jero, Endadul Hoque, David Choffnes, Alan Mislove and Cristina Nita-Rotaru

Preventing (Network) Time Travel with Chronos

Omer Deutsch, Neta Rozen Schiff, Danny Dolev and Michael Schapira

LTEInspector: A Systematic Approach for Adversarial Testing of 4G LTE

Syed Rafiul Hussain, Omar Chowdhury, Shagufta Mehnaz and Elisa Bertino

GUTI Reallocation Demystified: Cellular Location Tracking with Changing Temporary Identifier.

Byeongdo Hong, Sangwook Bae and Yongdae Kim

Mind Your Keys? A Security Evaluation of Java Keystores

Riccardo Focardi, Francesco Palmarini, Marco Squarcina, Graham Steel and Mauro Tempesta

A Security Analysis of Honeywords

Ding Wang, Haibo Cheng, Ping Wang, Jeff Yan and Xinyi Huang

Revisiting Private Stream Aggregation: Lattice-Based PSA

Daniela Becker, Jorge Guajardo and Karl-Heinz Zimmermann

ZeroTrace : Oblivious Memory Primitives from Intel SGX

Sajin Sasy, Sergey Gorbunov and Christopher W. Fletcher

Automated Website Fingerprinting through Deep Learning

Vera Rimmer, Davy Preuveneers, Marc Juarez, Tom Van Goethem and Wouter Joosen 

VulDeePecker: A Deep Learning-Based System for Vulnerability Detection

Zhen Li, Deqing Zou, Shouhuai Xu, Xinyu Ou, Hai Jin, Sujuan Wang, Zhijun Deng and Yuyi Zhong

Kitsune: An Ensemble of Autoencoders for Online Network Intrusion Detection

Yisroel Mirsky, Tomer Doitshman, Yuval Elovici and Asaf Shabtai

Feature Squeezing: Detecting Adversarial Examples in Deep Neural Networks

Weilin Xu, David Evans and Yanjun Qi

Trojaning Attack on Neural Networks

Yingqi Liu, Shiqing Ma, Yousra Aafer, Wen-Chuan Lee, Juan Zhai, Weihang Wang and Xiangyu Zhang 

Broken Fingers: On the Usage of the Fingerprint API in Android

Antonio Bianchi, Yanick Fratantonio, Aravind Machiry, Christopher Kruegel, Giovanni Vigna, Simon Pak Ho Chung and Wenke Lee

K-means++ vs. Behavioral Biometrics: One Loop to Rule Them All

Parimarjan Negi, Prafull Sharma, Vivek sanjay Jain and Bahman Bahmani

ABC: Enabling Smartphone Authentication with Built-in Camera

Zhongjie Ba, Sixu Piao, Xinwen Fu, Dimitrios Koutsonikolas, Aziz Mohaisen and Kui Ren

Device Pairing at the Touch of an Electrode

Marc Roeschlin, Ivan Martinovic and Kasper B. Rasmussen

Face Flashing: a Secure Liveness Detection Protocol based on Light Reflections

Di Tang, Zhe Zhou, Yinqian Zhang and Kehuan Zhang

A Large-scale Analysis of Content Modification by Open HTTP Proxies

Giorgos Tsirantonakis, Panagiotis Ilia, Sotiris Ioannidis, Elias Athanasopoulos and Michalis Polychronakis 

Measuring and Disrupting Anti-Adblockers Using Differential Execution Analysis

Shitong Zhu, Xunchao Hu, Zhiyun Qian, Zubair Shafiq and Heng Yin

Towards Measuring the Effectiveness of Telephony Blacklists

Sharbani Pandit, Roberto Perdisci, Mustaque Ahamad and Payas Gupta

Things You May Not Know About Android (Un)Packers: A Systematic Study based on Whole-System Emulation

Yue Duan, Mu Zhang, Abhishek Vasisht Bhaskar, Heng Yin, Xiaorui Pan, Tongxin Li, Xueqiang Wang and XiaoFeng Wang

KeyDrown: Eliminating Software-Based Keystroke Timing Side-Channel Attacks

Michael Schwarz, Moritz Lipp, Daniel Gruss, Samuel Weiser, Clementine Maurice, Raphael Spreitzer and Stefan Mangard

Securing Real-Time Microcontroller Systems through Customized Memory View Switching

Chung Hwan Kim, Taegyu Kim, Hongjun Choi, Zhongshu Gu, Byoungyoung Lee, Xiangyu Zhang and Dongyan Xu

Automated Generation of Event-Oriented Exploits in Android Hybrid Apps

Guangliang Yang, Jeff Huang and Guofei Gu

Tipped Off by Your Memory Allocator: Device-Wide User Activity Sequencing from Android Memory Images

Rohit Bhatia, Brendan Saltaformaggio, Seung Jei Yang, Aisha Ali-Gombe, Xiangyu Zhang, Dongyan Xu and Golden G. Richard III 

K-Miner: Uncovering Memory Corruption in Linux

David Gens, Simon Schmitt, Lucas Davi and Ahmad-Reza Sadeghi

CFIXX: Object Type Integrity for C++

Nathan Burow, Derrick McKee, Scott A. Carr and Mathias Payer 

Back To The Epilogue: Evading Control Flow Guard via Unaligned Targets

Andrea Biondo, Mauro Conti and Daniele Lain

Superset Disassembly: Statically Rewriting x86 Binaries Without Heuristics

Erick Bauman, Zhiqiang Lin and Kevin Hamlen

Enhancing Memory Error Detection for Large-Scale Applications and Fuzz Testing

Wookhyun Han, Byunggill Joe, Byoungyoung Lee, Chengyu Song and Insik Shin

Finding Clues for Your Secrets: Semantics-Driven, Learning-Based Privacy Discovery in Mobile Apps

Yuhong Nan, Zhemin Yang, Xiaofeng Wang, Yuan Zhang, Donglai Zhu and Min Yang

Bug Fixes, Improvements, … and Privacy Leaks – A Longitudinal Study of PII Leaks Across Android App Versions

Jingjing Ren, Martina Lindorfer, Daniel J. Dubois, Ashwin Rao, David Choffnes and Narseo Vallina-Rodriguez

Apps, Trackers, Privacy, and Regulators: A Global Study of the Mobile Tracking Ecosystem

Abbas Razaghpanah, Rishab Nithyanand, Narseo Vallina-Rodriguez, Srikanth Sundaresan, Mark Allman, Christian Kreibich and Phillipa Gill 

OS-level Side Channels without Procfs: Exploring Cross-App Information Leakage on iOS

Xiaokuan Zhang, Xueqiang Wang, Xiaolong Bai, Yinqian Zhang and XiaoFeng Wang

Knock Knock, Who’s There? Membership Inference on Aggregate Location Data

Apostolos Pyrgelis, Carmela Troncoso and Emiliano De Cristofaro 

Reduced Cooling Redundancy: A New Security Vulnerability in a Hot Data Center

Xing Gao, Zhang Xu, Haining Wang, Li Li and Xiaorui Wang

OBLIVIATE: A Data Oblivious Filesystem for Intel SGX

Adil Ahmad, Kyungtae Kim, Muhammad Ihsanulhaq Sarfaraz and Byoungyoung Lee

Microarchitectural Minefields: 4K-Aliasing Covert Channel and Multi-Tenant Detection in Iaas Clouds

Dean Sullivan, Orlando Arias, Travis Meade and Yier Jin

Cloud Strife: Mitigating the Security Risks of Domain-Validated Certificates

Kevin Borgolte, Tobias Fiebig, Shuang Hao, Christopher Kruegel and Giovanni Vigna

Consensual and Privacy-Preserving Sharing of Multi-Subject and Interdependent Data

Alexandra-Mihaela Olteanu, Kevin Huguenin, Italo Dacosta and Jean-Pierre Hubaux

When Coding Style Survives Compilation: De-anonymizing Programmers from Executable Binaries

Aylin Caliskan, Fabian Yamaguchi, Edwin Dauber, Richard Harang, Konrad Rieck, Rachel Greenstadt and Arvind Narayanan

De-anonymization of Mobility Trajectories: Dissecting the Gaps between Theory and Practice

Huandong Wang, Chen Gao, Yong Li, Gang Wang, Depeng Jin and Jingbo Sun

Veil: Private Browsing Semantics Without Browser-side Assistance

Frank Wang, James Mickens and Nickolai Zeldovich

Game of Missuggestions: Semantic Analysis of Search-Autocomplete Manipulations

Peng Wang, Xianghang Mi, Xiaojing Liao, XiaoFeng Wang, Kan Yuan, Feng Qian and Raheem Beyah

SYNODE: Understanding and Automatically Preventing Injection Attacks on NODE.JS.

Cristian-Alexandru Staicu, Michael Pradel and Benjamin Livshits 

JavaScript Zero: Real JavaScript and Zero Side-Channel Attacks

Michael Schwarz, Moritz Lipp and Daniel Gruss

Riding out DOMsday: Towards Detecting and Preventing DOM Cross-Site Scripting

William Melicher, Anupam Das, Mahmood Sharif, Lujo Bauer and Limin Jia 

Towards Scalable Cluster Auditing through Grammatical Inference over Provenance Graphs

Wajih Ul Hassan, Mark Lemay, Nuraini Aguse, Adam Bates and Thomas Moyer

MCI: Modeling-based Causality Inference in Audit Logging for Attack Investigation

Yonghwi Kwon, Fei Wang, Weihang Wang, Kyu Hyung Lee, Wen-Chuan Lee, Shiqing Ma, Xiangyu Zhang, Dongyan Xu, Somesh Jha, Gabriela Ciocarlie, Ashish Gehani and Vinod Yegneswaran

Towards a Timely Causality Analysis for Enterprise Security

Yushan Liu, Mu Zhang, Ding Li, Kangkook Jee, Zhichun Li, Zhenyu Wu, Junghwan Rhee and Prateek Mittal

JSgraph: Enabling Reconstruction of Web Attacks via Efficient Tracking of Live In-Browser JavaScript Executions

Bo Li, Phani Vadrevu, Kyu Hyung Lee and Roberto Perdisci 

AceDroid: Normalizing Diverse Android Access Control Checks for Inconsistency Detection

Yousra Aafer, Jianjun Huang, Yi Sun, Xiangyu Zhang, Ninghui Li and Chen Tian

InstaGuard: Instantly Deployable Hot-patches for Vulnerable System Programs on Android

Yaohui Chen, Yuping Li, Long Lu, Yueh-Hsun Lin, Hayawardh Vijayakumar, Zhi Wang and Xinming Ou 

BreakApp: Automated, Flexible Application Compartmentalization

Nikos Vasilakis, Ben Karel, Nick Roessler, Nathan Dautenhahn, Andre DeHon and Jonathan M. Smith

Resolving the Predicament of Android Custom Permissions

Guliz Seray Tuncay, Soteris Demetriou, Karan Ganju and Carl A. Gunter

ZEUS: Analyzing Safety of Smart Contracts

Sukrit Kalra, Seep Goel, Mohan Dhawan and Subodh Sharma

Chainspace: A Sharded Smart Contracts Platform

Mustafa Al-Bassam, Alberto Sonnino, Shehar Bano, Dave Hrycyszyn and George Danezis

Settling Payments Fast and Private: Efficient Decentralized Routing for Path-Based Transactions

Stefanie Roos, Pedro Moreno-Sanchez, Aniket Kate and Ian Goldberg

TLS-N: Non-repudiation over TLS Enablign Ubiquitous Content Signing

Hubert Ritzdorf, Karl Wust, Arthur Gervais, Guillaume Felley and Srdjan Capkun

Investigating Ad Transparency Mechanisms in Social Media: A Case Study of Facebooks Explanations

Athanasios Andreou, Giridhari Venkatadri, Oana Goga, Krishna P. Gummadi, Patrick Loiseau and Alan Mislove 

Inside Job: Applying Traffic Analysis to Measure Tor from Within

Rob Jansen, Marc Juarez, Rafa Galvez, Tariq Elahi and Claudia Diaz

Smoke Screener or Straight Shooter: Detecting Elite Sybil Attacks in User-Review Social Networks

Haizhong Zheng, Minhui Xue, Hao Lu, Shuang Hao, Haojin Zhu, Xiaohui Liang and Keith Ross