Preliminary Programme Information

Sunday, 18 February 2018

8:30 am – 5:30 pm — Workshop on Binary Analysis Research (BAR)

8:30 am – 5:30 pm — Workshop on Decentralized IoT Security and Standards (DISS)

8:30 am – 5:30 pm — Workshop on DNS Privacy (DNSPRIV)

8:30 am – 5:30 pm — Workshop on Usable Security (USEC 2018)

6:00 pm – 7:30 pm — Welcome Reception


Monday, 19 February 2018

8:30 am – 5:30 pm  — Symposium

7:00 pm – 9:00 pm — Poster Reception


Tuesday, 20 February 2018

8:30 am – 5:30 pm  — Symposium

7:00 pm – 9:00 pm — Symposium Dinner


Wednesday, 21 February 2018

8:30 am – 5:30 pm  — Symposium



List of Accepted Papers

Consensual and Privacy-Preserving Sharing of Multi-Subject and Interdependent Data

Alexandra-Mihaela Olteanu (EPFL/UNIL-HEC Lausanne), Kevin Huguenin (UNIL-HEC Lausanne), Italo Dacosta (EPFL), Jean-Pierre Hubaux (EPFL)


Smoke Screener or Straight Shooter: Detecting Elite Sybil Attacks in User-Review Social Networks

Haizhong Zheng (Shanghai Jiao Tong University), Minhui Xue (New York University Shanghai), Hao Lu (Shanghai Jiao Tong University), Shuang Hao (University of Texas at Dallas), Haojin Zhu (Shanghai Jiao Tong University), Xiaohui Liang (University of Massachusetts Boston), Keith Ross (New York University and New York University Shanghai)


KeyDrown: Eliminating Software-Based Keystroke Timing Side-Channel Attacks

Michael Schwarz (Graz University of Technology), Moritz Lipp (Graz University of Technology), Daniel Gruss (Graz University of Technology), Samuel Weiser (Graz University of Technology), Clementine Maurice (Univ Rennes, CNRS, IRISA), Raphael Spreitzer (Graz University of Technology), Stefan Mangard (Graz University of Technology)


Game of Missuggestions: Semantic Analysis of Search-Autocomplete Manipulations

Peng Wang (Indiana University Bloomington), Xianghang Mi (Indiana University Bloomington), Xiaojing Liao (William and Mary), XiaoFeng Wang (Indiana University Bloomington), Kan Yuan (Indiana University Bloomington), Feng Qian (Indiana University Bloomington), Raheem Beyah (Georgia Institute of Technology)


Synode: Understanding and Automatically Preventing Injection Attacks on Node.js

Cristian-Alexandru Staicu (TU Darmstadt), Michael Pradel (TU Darmstadt), Benjamin Livshits (Imperial College London)


Device Pairing at the Touch of an Electrode

Marc Roeschlin (University of Oxford), Ivan Martinovic (University of Oxford), Kasper Bonne Rasmussen (University of Oxford)


Broken Fingers: On the Usage of the Fingerprint API in Android

Antonio Bianchi (University of California, Santa Barbara), Yanick Fratantoni (University of California, Santa Barbara), Machiry Aravind Kumar (University of California, Santa Barbara), Christopher Kruegel (University of California, Santa Barbara), Giovanni Vigna (University of California, Santa Barbara), Simon Pak Ho Chung (Georgia Institute of Technology), Wenke Lee (Georgia Institute of Technology)


ZEUS: Analyzing Safety of Smart Contracts

Sukrit Kalra (IBM Research, India), Seep Goel (IBM Research, India), Mohan Dhawan (IBM Research, India), Subodh Sharma (IIT Delhi)


Mind Your Keys? A Security Evaluation of Java Keystores

Riccardo Focardi (Ca’ Foscari University and Cryptosense), Francesco Palmarini (Ca’ Foscari University and Yarix), Marco Squarcina (Ca’ Foscari University and Cryptosense), Graham Steel (Cryptosense), Mauro Tempesta (Ca’ Foscari University)


Finding Clues for Your Secrets: Semantics-Driven, Learning-Based Privacy Discovery in Mobile Apps

Yuhong Nan (Fudan University), Zhemin Yang (Fudan University), Xiaofeng Wang (Indiana University Bloomington), Yuan Zhang (Fudan University), Donglai Zhu (Fudan University), Min Yang (Fudan University)


JavaScript Zero: Real JavaScript and Zero Side-Channel Attacks

Michael Schwarz (Graz University of Technology), Moritz Lipp (Graz University of Technology), Daniel Gruss (Graz University of Technology)


ABC: Enabling Smartphone Authentication with Built-in Camera

Zhongjie Ba (University at Buffalo, State University of New York), Sixu Piao (University at Buffalo, State University of New York), Xinwen Fu (University of Central Florida), Dimitrios Koutsonikolas (University at Buffalo, State University of New York), Aziz Mohaisen (University of Central Florida), Kui Ren (University at Buffalo, State University of New York), Aziz Mohaisen (SUNY Buffalo), Xinwen Fu (University of Massachusetts Lowell)


Automated Website Fingerprinting through Deep Learning

Vera Rimmer (imec-DistriNet, KU Leuven), Davy Preuveneers (imec-DistriNet, KU Leuven), Marc Juarez (imec-COSIC, ESAT, KU Leuven), Tom Van Goethem (imec-DistriNet, KU Leuven), Wouter Joosen (imec-DistriNet, KU Leuven)


Securing Real-Time Microcontroller Systems through Customized Memory View Switching

Chung Hwan Kim (NEC Laboratories America), Taegyu Kim (Purdue University), Hongjun Choi (Purdue University), Zhongshu Gu (IBM T.J. Watson Research Center), Byoungyoung Lee (Purdue University), Xiangyu Zhang (Purdue University), Dongyan Xu (Purdue University), Xiangyu Zhang (Purdue University), Dongyan Xu (Purdue University)


Automated Attack Discovery in TCP Congestion Control Using a Model-guided Approach

Samuel Jero (Purdue University), Endadul Hoque (Florida International University), David Choffnes (Northeastern University), Alan Mislove (Northeastern University), Cristina Nita-Rotaru (Northeastern University)


Veil: Private Browsing Semantics Without Browser-side Assistance

Frank Wang (MIT CSAIL), James Mickens (Harvard University), Nickolai Zeldovich (MIT CSAIL)


Decentralized Action Integrity for Trigger-Action IoT Platforms

Earlence Fernandes (University of Washington), Amir Rahmati (Stony Brook University), Jaeyeon Jung (Samsung), Atul Prakash (University of Michigan), Amir Rahmati (University of Michigan)


Revisiting Private Stream Aggregation: Lattice-Based PSA

Daniela Becker (Bosch Research and Technology Center North America), Jorge Guajardo (Bosch Research and Technology Center North America), Karl-Heinz Zimmermann (Hamburg University of Technology)


AceDroid: Normalizing Diverse Android Access Control Checks for Inconsistency Detection

Yousra Aafer (Purdue University), Jianjun Huang (Purdue University), Yi Sun (Purdue University), Xiangyu Zhang (Purdue University), Ninghui Li (Purdue University), Chen Tian (Futurewei Technologies)


InstaGuard: Instantly Deployable Hot-patches for Vulnerable System Programs on Android

Yaohui Chen (Northeastern University), Yuping Li (University of South Florida), Long Lu (Northeastern University), Yueh-Hsun Lin (JD Research Center), Hayawardh Vijayakumar (Samsung Research America), Zhi Wang (Florida State University), Xinming Ou (University of South Florida)


BreakApp: Automated, Flexible Application Compartmentalization

Nikos Vasilakis (University of Pennsylvania), Ben Karel (University of Pennsylvania), Nick Roessler (University of Pennsylvania), Nathan Dautenhahn (University of Pennsylvania), Andre DeHon (University of Pennsylvania), Jonathan M. Smith (University of Pennsylvania)


Towards Scalable Cluster Auditing through Grammatical Inference over Provenance Graphs

Wajih Ul Hassan (University of Illinois Urbana-Champaign), Mark Lemay (Boston University), Nuraini Aguse (University of Illinois Urbana-Champaign), Adam Bates (University of Illinois Urbana-Champaign), Thomas Moyer (University of North Carolina at Charlotte)


A Security Analysis of Honeywords

Ding Wang (Peking University), Haibo Cheng (Peking University), Ping Wang (Peking University), Jeff Yan (Lancaster University), Xinyi Huang (Fujian Normal University)


Bug Fixes, Improvements, … and Privacy Leaks – A Longitudinal Study of PII Leaks Across Android App Versions

Jingjing Ren (Northeastern University), Martina Lindorfer (UC Santa Barbara), Daniel J. Dubois (Northeastern University), Ashwin Rao (University of Helsinki), David Choffnes (Northeastern University), Narseo Vallina-Rodriguez (IMDEA Networks Institute/ICSI)


VulDeePecker: A Deep Learning-Based System for Vulnerability Detection

Zhen Li (Huazhong University of Science and Technology), Deqing Zou (Huazhong University of Science and Technology), Shouhuai Xu (University of Texas at San Antonio), Xinyu Ou (Huazhong University of Science and Technology), Hai Jin (Huazhong University of Science and Technology), Sujuan Wang (Huazhong University of Science and Technology), Zhijun Deng (Huazhong University of Science and Technology), Yuyi Zhong (Huazhong University of Science and Technology)


IoTFuzzer: Discovering Memory Corruptions in IoT Through App-based Fuzzing

Jiongyi Chen (The Chinese University of Hong Kong), Wenrui Diao (Jinan University), Qingchuan Zhao (University of Texas at Dallas), Chaoshun Zu (University of Texas at Dallas), Zhiqiang Lin (University of Texas at Dallas), XiaoFeng Wang (Indiana University Bloomington), Wing Cheong Lau (The Chinese University of Hong Kong), Menghan Sun (The Chinese University of Hong Kong), Ronghai Yang (The Chinese University of Hong Kong), Kehuan Zhang (The Chinese University of Hong Kong)


Reduced Cooling Redundancy: A New Security Vulnerability in a Hot Data Center

Xing Gao (College of William and Mary), Zhang Xu (College of William and Mary), Haining Wang (University of Delaware), Li Li (Ohio State University), Xiaorui Wang (Ohio State University)


What You Corrupt Is Not What You Crash: Challenges in Fuzzing Embedded Devices

Marius Muench (Eurecom), Jan Stijohann (Siemens), Frank Kargl (Ulm University), AurÃclien Francillon (Eurecom), Davide Balzarotti (Eurecom)


Didn’t You Hear Me? – Towards More Successful Web Vulnerability Notifications

Ben Stock (CISPA, Saarland University), Giancarlo Pellegrino (CISPA, Saarland University), Frank Li (UC Berkeley), Michael Backes (CISPA, Saarland University), Christian Rossow (CISPA, Saarland University)


Face Flashing: a Secure Liveness Detection Protocol based on Light Reflections

Di Tang (Chinese University of Hong Kong), Zhe Zhou (Fudan University), Yinqian Zhang (Ohio State University), Kehuan Zhang (Chinese University of Hong Kong)


Knock Knock, Who’s There? Membership Inference on Aggregate Location Data

Apostolos Pyrgelis (University College London), Carmela Troncoso (IMDEA Software Institute), Emiliano De Cristofaro (University College London)


Investigating Ad Transparency Mechanisms in Social Media: A Case Study of Facebook’s Explanations

Athanasios Andreou (EURECOM), Giridhari Venkatadri (Northeastern University), Oana Goga (Univ. Grenoble Alpes, CNRS, Inria, Grenoble INP, LIG and MPI-SWS), Krishna P. Gummadi (MPI-SWS), Patrick Loiseau (Univ. Grenoble Alpes, CNRS, Inria, Grenoble INP, LIG & MPI-SWS and EURECOM), Alan Mislove (Northeastern University), Giridhari Venkatadri (Northeastern University)


Feature Squeezing: Detecting Adversarial Examples in Deep Neural Networks

Weilin Xu (University of Virginia), David Evans (University of Virginia), Yanjun Qi (University of Virginia)


Kitsune: An Ensemble of Autoencoders for Online Network Intrusion Detection

Yisroel Mirsky (Ben-Gurion University of the Negev), Tomer Doitshman (Ben-Gurion University of the Negev), Yuval Elovici (Ben-Gurion University of the Negev), Asaf Shabtai (Ben-Gurion University of the Negev)


Resolving the Predicament of Android Custom Permissions

Guliz Seray Tuncay (University of Illinois at Urbana-Champaign), Soteris Demetriou (University of Illinois at Urbana-Champaign), Karan Ganju (University of Illinois at Urbana-Champaign), Carl A. Gunter (University of Illinois at Urbana-Champaign)


De-anonymization of Mobility Trajectories: Dissecting the Gaps between Theory and Practice

Huandong Wang (Tsinghua University), Chen Gao (Tsinghua University), Yong Li (Tsinghua University), Gang Wang (Virginia Tech), Depeng Jin (Tsinghua University), Jingbo Sun (China Telecom Beijing Research Institute)


Microarchitectural Minefields: 4K-Aliasing Covert Channel and Multi-Tenant Detection in Iaas Clouds

Dean Sullivan (University of Florida), Orlando Arias (University of Central Florida), Travis Meade (University of Central Florida), Yier Jin (University of Florida)


Exposing Congestion Attack on Emerging Connected Vehicle based Traffic Signal Control

Qi Alfred Chen (University of Michigan), Yucheng Yin (University of Michigan), Yiheng Feng (University of Michigan), Z. Morley Mao (University of Michigan), Henry X. Liu (University of Michigan)


Preventing (Network) Time Travel with Chronos

Omer Deutsch (Hebrew University of Jerusalem), Neta Rozen Schiff (Hebrew University of Jerusalem), Danny Dolev (Hebrew University of Jerusalem), Michael Schapira (Hebrew University of Jerusalem)


Automated Generation of Event-Oriented Exploits in Android Hybrid Apps

Guangliang Yang (Texas A&M University), Jeff Huang (Texas A&M University), Guofei Gu (Texas A&M University)


ZeroTrace : Oblivious Memory Primitives from Intel SGX

Sajin Sasy (University of Waterloo), Sergey Gorbunov (University of Waterloo), Christopher W. Fletcher (Nvidia)


Chainspace: A Sharded Smart Contracts Platform

Mustafa Al-Bassam (University College London), Alberto Sonnino (University College London), Shehar Bano (University College London), Dave Hrycyszyn (constructiveproof.com), George Danezis (University College London)


Towards Measuring the Effectiveness of Telephony Blacklists

Sharbani Pandit (Georgia Institute of Technology), Roberto Perdisci (University of Georgia, Georgia Institute of Technology), Mustaque Ahamad (Georgia Institute of Technology), Payas Gupta (Pindrop)


A Large-scale Analysis of Content Modification by Open HTTP Proxies

Giorgos Tsirantonakis (FORTH), Panagiotis Ilia (FORTH), Sotiris Ioannidis (FORTH), Elias Athanasopoulos (University of Cyprus), Michalis Polychronakis (Stony Brook University), Georgios Tsirantonakis (FORTH – HELLAS)


Settling Payments Fast and Private: Efficient Decentralized Routing for Path-Based Transactions

Stefanie Roos (University of Waterloo), Pedro Moreno-Sanchez (Purdue University), Aniket Kate (Purdue University), Ian Goldberg (University of Waterloo)


rtCaptcha: A Real-Time CAPTCHA Based Liveness Detection System

Erkam Uzun (Georgia Institute of Technology), Simon Pak Ho Chung (Georgia Institute of Technology), Irfan Essa (Georgia Institute of Technology), Wenke Lee (Georgia Institute of Technology)


Towards a Timely Causality Analysis for Enterprise Security

Yushan Liu (Princeton University), Mu Zhang (Cornell University), Ding Li (NEC Labs America), Kangkook Jee (NEC Labs America), Zhichun Li (NEC Labs America), Zhenyu Wu (NEC Labs America), Junghwan Rhee (NEC Labs America), Prateek Mittal (Princeton University)


OS-level Side Channels without Procfs: Exploring Cross-App Information Leakage on iOS

Xiaokuan Zhang (The Ohio State University), Xueqiang Wang (Indiana University at Bloomington), Xiaolong Bai (Tsinghua University), Yinqian Zhang (The Ohio State University), Xiaofeng Wang (Indiana University at Bloomington)


Inside Job: Applying Traffic Analysis to Measure Tor from Within

Rob Jansen (U.S. Naval Research Laboratory), Marc Juarez (KU Leuven), Rafael Galvez (KU Leuven), Tariq Elahi (KU Leuven), Claudia Diaz (KU Leuven)


TLS-N: Non-repudiation over TLS

Hubert Ritzdorf (ETH Zurich), Karl WÃst (ETH Zurich), Arthur Gervais (Imperial College London), Guillaume Felley (ETH Zurich), Srdjan Capkun (ETH Zurich), Arthur Gervais (ETH Zurich)


CFIXX: Object Type Integrity for C++ Virtual Dispatch

Nathan Burow (Purdue University), Derrick McKee (Purdue University), Scott A. Carr (Purdue University), Mathias Payer (Purdue University)


Fear and Logging in the Internet of Things

Qi Wang (University of Illinois Urbana-Champaign and UIUC), Wajih Ul Hassan (UIUC), Adam Bates (UIUC), Carl Gunter (UIUC)


OBLIVIATE: A Data Oblivious Filesystem for Intel SGX

Adil Ahmad (Purdue University), Kyungtae Kim (Purdue University), Muhammad Ihsanulhaq Sarfaraz (Purdue University), Byoungyoung Lee (Purdue University)


Trojaning Attack on Neural Networks

Yingqi Liu (Purdue University), Shiqing Ma (Purdue University), Yousra Aafer (Purdue University), Wen-Chuan Lee (Purdue University), Juan Zhai (Nanjing University), Weihang Wang (Purdue University), Xiangyu Zhang (Purdue University)


Things You May Not Know About Android (Un)Packers: A Systematic Study based on Whole-System Emulation

Yue Duan (University of California, Riverside), Mu Zhang (Cornell University), Abhishek Vasisht Bhaskar (Grammatech. Inc.), Heng Yin (University of California, Riverside), Xiaorui Pan (Indiana University Bloomington), Tongxin Li (Peking University), Xueqiang Wang   (Indiana University Bloomington), XiaoFeng Wang (Indiana University Bloomington)


Superset Disassembly: Statically Rewriting x86 Binaries Without Heuristics

Erick Bauman (University of Texas at Dallas), Zhiqiang Lin (University of Texas at Dallas), Kevin Hamlen (University of Texas at Dallas)


K-means++ vs. Behavioral Biometrics: One Loop to Rule Them All

Parimarjan Negi (Student, Stanford University), Prafull Sharma (Student, MIT University), Vivek Jain (Stanford University), Bahman Bahmani (Stanford University)


When Coding Style Survives Compilation: De-anonymizing Programmers from Executable Binaries

Aylin Caliskan (Princeton University), Fabian Yamaguchi (TU Braunschweig), Edwin Dauber (Drexel University), Richard Harang (Invincea), Konrad Rieck (TU Braunschweig), Rachel Greenstadt (Drexel University), Arvind Narayanan (Princeton University)


MCI : Modeling-based Causality Inference in Audit Logging for Attack Investigation

Yonghwi Kwon (Purdue University), Fei Wang (Purdue University), Weihang Wang (Purdue University), Kyu Hyung Lee (University of Georgia), Wen-Chuan Lee (Purdue University), Shiqing Ma (Purdue University), Xiangyu Zhang (Purdue University), Dongyan Xu (Purdue University), Somesh Jha (University of Wisconsin-Madison), Gabriela Ciocarlie (SRI International), Ashish Gehani (SRI International), Vinod Yegneswaran (SRI International)


Riding out DOMsday: Towards detecting and preventing DOM cross-site scripting

William Melicher (Carnegie Mellon University), Lujo Bauer (Carnegie Mellon University), Anupam Das (Carnegie Mellon University), Limin Jia (Carnegie Mellon University), Mahmood Sharif (Carnegie Mellon University)


Enhancing Memory Error Detection for Large-Scale Applications and Fuzz Testing

Wookhyun Han (KAIST), Byunggill Joe (KAIST), Byoungyoung Lee (Purdue University), Chengyu Song (University of California, Riverside), Insik Shin (KAIST), Wookhyun Han (KAIST)


LTEInspector: A Systematic Approach for Adversarial Testing of 4G LTE

Syed Rafiul Hussain (Purdue University), Omar Chowdhury (The University of Iowa), Shagufta Mehnaz (Purdue University), Elisa Bertino (Purdue University)


Back To The Epilogue: Evading Control Flow Guard via Unaligned Targets

Andrea Biondo (University of Padua), Mauro Conti (University of Padua), Daniele Lain (University of Padua)


JSgraph: Enabling Reconstruction of Web Attacks via Efficient Tracking of Live In-Browser JavaScript Executions

Bo Li (University of Georgia), Phani Vadrevu (University of Georgia), Kyu Hyung Lee (University of Georgia), Roberto Perdisci (University of Georgia)


“Tipped Off by Your Memory Allocator”: Device-Wide User Activity Sequencing from Android Memory Images

Rohit Bhatia (Purdue University), Brendan Saltaformaggio (Georgia Institute of Technology), Seung Jei Yang (The Affiliated Institute of ETRI), Aisha Ali-Gombe (Towson University), Xiangyu Zhang (Purdue University), Dongyan Xu (Purdue University), Golden G. Richard III (Louisiana State University), Rohit Bhatia (Purdue University), Golden Richard (University of New Orleans)


K-Miner: Uncovering Memory Corruption in Linux

David Gens (Technische Universität Darmstadt, Simon Schmitt (Technische Universität Darmstadt), Lucas Davi (Universität Duisburg-Essen), Ahmad-Reza Sadeghi (Technische Universität Darmstadt)


Cloud Strife: Mitigating the Security Risks of Domain-Validated Certificates

Kevin Borgolte (UC Santa Barbara), Tobias Fiebig (TU Delft), Shuang Hao (University of Texas at Dallas), Christopher Kruegel (UC Santa Barbara), Giovanni Vigna (UC Santa Barbara)


Measuring and Disrupting Anti-Adblockers Using Differential Execution Analysis

Shitong Zhu (University of California, Riverside), Xunchao Hu (Syracuse University), Zhiyun Qian (University of California, Riverside), Zubair Shafiq (University of Iowa), Heng Yin (University of California, Riverside)


GUTI Reallocation Demystified: Cellular Location Tracking with Changing Temporary Identifier

Byeongdo Hong (KAIST), Sangwook Bae (KAIST), Yongdae Kim (KAIST)


Apps, Trackers, Privacy, and Regulators: A Global Study of the Mobile Tracking Ecosystem

Abbas Razaghpanah (Stony Brook University), Rishab Nithyanand (Data & Society Research Institute), Narseo Vallina-Rodriguez (IMDEA Networks and ICSI), Srikanth Sundaresan (Princeton University), Mark Allman (ICSI), Christian Kreibich (Corelight and ICSI), Phillipa Gill (University of Massachusetts, Amherst), Rishab Nithyanand (Stony Brook University), Narseo Vallina-Rodriguez (ICSI)


Removing Secrets from Android’s TLS

Jaeho Lee (Rice University), Dan S. Wallach (Rice University)