NDSS

The NDSS 2019 Programme will be constructed from the following list of accepted papers. The papers on the list are ordered by submission number, and some of the papers are subject to shepherding.

Don’t Trust The Locals: Investigating the Prevalence of Persistent Client-Side Cross-Site Scripting in the Wild
Marius Steffens and Christian Rossow (CISPA Helmholtz Center i.G.); Martin Johns (TU Braunschweig); Ben Stock (CISPA Helmholtz Center i.G.)

Countering Malicious Processes with Process-DNS Association
Suphannee Sivakorn (Columbia University); Kangkook Jee (NEC Labs America); Yixin Sun (Princeton University); Lauri Kort-Parn (Cyber Defense Institute); Zhichun Li, Cristian Lumezanu, Lu-An Tang, and Ding Li (NEC Labs America)

A Treasury System for Cryptocurrencies: Enabling Better Collaborative Intelligence
Bingsheng Zhang (Lancaster University); Roman Oliynykov (IOHK Ltd.); Hamed Balogun (Lancaster University)

The Unexpected Danger of UX Features: A Case of Sensitive Data Leakage of Drivers in Ride-Hailing Services
Qingchuan Zhao and Chaoshun Zuo (The Ohio State University); Giancarlo Pellegrino (CISPA, Saarland University; Stanford University); Zhiqiang Lin (The Ohio State University)

Cybercriminal Minds: An investigative study of cryptocurrency abuses in the Dark Web
Seunghyeon Lee, Changhoon Yoon, Heedo Kang, Yeonkeun Kim, Yongdae Kim, Dongsu Han, Sooel Son, and Seungwon Shin (KAIST)

Giving State to the Stateless: Augmenting Trustworthy Computation with Ledgers
Gabriel Kaptchuk and Matthew Green (Johns Hopkins University); Ian Miers (Cornell Tech)

Data Oblivious ISA Extensions for Side Channel-Resistant and High Performance Computing
Jiyong Yu and Lucas Hsiung (UIUC); Mohamad El’Hajj (EPFL); Christopher Fletcher (UIUC)

MBeacon: Privacy-Preserving Beacons for DNA Methylation Data
Inken Hagestedt and Yang Zhang (CISPA, Saarland University); Mathias Humbert (Swiss Data Science Center, ETH Zurich/EPFL); Pascal Berrang (CISPA, Saarland University); Haixu Tang and Xiaofeng Wang (Indiana University Bloomington); Michael Backes (CISPA Helmholtz Center i.G.)

Fine-Grained and Controlled Rewriting in Blockchains: Chameleon-Hashing Gone Attribute-Based
David Derler (DFINITY); Kai Samelin (TÜV Rheinland i-sec GmbH); Daniel Slamanig and Christoph Striecks (AIT Austrian Institute of Technology)

TIMBER-V: Tag-Isolated Memory Bringing Fine-grained Enclaves to RISC-V
Samuel Weiser and Mario Werner (Graz University of Technology); Ferdinand Brasser (Technische Universität Darmstadt); Maja Malenko and Stefan Mangard (Graz University of Technology); Ahmad-Reza Sadeghi (Technische Universität Darmstadt)

Master of Web Puppets: Abusing Web Browsers for Persistent and Stealthy Computation
Panagiotis Papadopoulos (FORTH-ICS, Greece); Panagiotis Ilia (FORTH-ICS); Michalis Polychronakis (Stony Brook University, USA); Evangelos Markatos, Sotiris Ioannidis, and Giorgos Vasiliadis (FORTH-ICS, Greece)

UWB with Pulse Reordering: Securing Ranging against Relay and Physical-Layer Attacks
Mridula Singh, Patrick Leu, and Srdjan Capkun (ETH Zurich, Switzerland)

ML-Leaks: Model and Data Independent Membership Inference Attacks and Defenses on Machine Learning Models
Ahmed Salem and Yang Zhang (CISPA, Saarland University); Mathias Humbert (Swiss Data Science Center, ETH Zurich/EPFL); Pascal Berrang (CISPA, Saarland University); Mario Fritz and Michael Backes (CISPA Helmholtz Center i.G.)

Distinguishing Attacks from Legitimate Authentication Traffic at Scale
Cormac Herley (Microsoft); Stuart Schechter (Unaffiliated)

Automating Patching of Vulnerable Open-Source Software Versions in Application Binaries
Ruian Duan, Ashish Bijlani, Yang Ji, and Omar Alrawi (Georgia Institute of Technology); Yiyuan Xiong (Peking University); Moses Ike, Brendan Saltaformaggio, and Wenke Lee (Georgia Institute of Technology)

TextBugger: Generating Adversarial Text Against Real-world Applications
Jinfeng Li, Shouling Ji, and Tianyu Du (Zhejiang University); Bo Li (University of California, Berkeley); Ting Wang (Lehigh University)

YODA: Enabling computationally intensive contracts on blockchains with Byzantine and Selfish nodes
Sourav Das, Vinay Joseph Ribeiro, and Abhijeet Anand (Department of Computer Science and Engineering, Indian Institute of Technology Delhi)

Time Does Not Heal All Wounds: A Longitudinal Analysis of Security-Mechanism Support in Mobile Browsers
Meng Luo, Pierre Laperdrix, Nima Honarmand, and Nick Nikiforakis (Stony Brook University)

Please Forget Where I Was Last Summer: The Privacy Risks of Public Location (Meta)Data
Kostas Drakonakis, Panagiotis Ilia, and Sotiris Ioannidis (FORTH, Greece); Jason Polakis (University of Illinois at Chicago, USA)

JavaScript Template Attacks: Automatically Inferring Host Information for Targeted Exploits
Michael Schwarz, Florian Lackner, and Daniel Gruss (Graz University of Technology)

Establishing Software Root of Trust Unconditionally
Virgil Gligor (Carnegie Mellon University); Maverick Woo (unaffiliated)

Understanding Open Ports in Android Applications: Discovery, Diagnosis, and Security Assessment
Daoyuan Wu and Debin Gao (Singapore Management University); Rocky K. C. Chang (The Hong Kong Polytechnic University); En He (China Electronic Technology Cyber Security Co., Ltd.); Eric K. T. Cheng (The Hong Kong Polytechnic University); Robert H. Deng (Singapore Management University)

PeriScope: An Effective Probing and Fuzzing Framework for the Hardware-OS Boundary
Dokyung Song (University of California, Irvine); Felicitas Hetzelt (Technical University of Berlin); Dipanjan Das and Chad Spensky (University of California, Santa Barbara); Yeoul Na (University of California, Irvine); Stijn Volckaert (University of California, Irvine and KU Leuven); Giovanni Vigna and Christopher Kruegel (University of California, Santa Barbara); Jean-Pierre Seifert (Technical University of Berlin); Michael Franz (University of California, Irvine)

Total Recall: Persistence of Password in Android
Jaeho Lee, Ang Chen, and Dan S. Wallach (Rice University)

DNS Cache-Based User Tracking
Amit Klein and Benny Pinkas (Bar Ilan University)

Thunderclap: Exploiting the Attack Surface of Operating-System IOMMU Protection with DMA from Malicious Peripherals
A. Theodore Markettos and Colin Rothwell (University of Cambridge); Brett F. Gutstein (Rice University); Allison Pearce (University of Cambridge); Peter G. Neumann (SRI International); Simon W. Moore and Robert N. M. Watson (University of Cambridge)

TEE-aided Write Protection Against Privileged Data Tampering
Lianying Zhao and Mohammad Mannan (Concordia University)

Stealthy Adversarial Perturbations Against Real-Time Video Classification Systems
Shasha Li, Ajaya Neupane, Sujoy Paul, Chengyu Song, Srikanth V. Krishnamurthy, and Amit K. Roy Chowdhury (University of California Riverside); Ananthram Swami (United States Army Research Laboratory)

The Crux of Voice (In)Security: A Brain Study of Speaker Legitimacy Detection
Ajaya Neupane (University of California Riverside); Nitesh Saxena (University of Alabama at Birmingham); Leanne Hirshfield and Sarah Elaine Bratt (Syracuse University)

Statistical Privacy for Streaming Traffic
Xiaokuan Zhang and Jihun Hamm (The Ohio State University); Michael K. Reiter (University of North Carolina at Chapel Hill); Yinqian Zhang (The Ohio State University)

Unveiling your keystrokes: A Cache-based Side-channel Attack on Graphics Libraries
Daimeng Wang, Ajaya Neupane, Zhiyun Qian, Nael Abu-Ghazaleh, and Srikanth V. Krishnamurthy (University of California Riverside); Edward J. M. Colbert (Virgnia Tech); Paul Yu (U.S. Army Research Lab (ARL))

Graph-based Security and Privacy Analytics via Collective Classification with Joint Weight Learning and Propagation
Binghui Wang, Jinyuan Jia, and Neil Zhenqiang Gong (Iowa State University)

Cracking Wall of Confinement: Understanding and Analyzing Malicious Domain Takedowns
Eihal Alowaisheq (Indiana University, King Saud University); Peng Wang (Indiana University); Sumayah Alrwais (King Saud University); Xiaojin Leo and Xaiofeng Wang (Indiana University); Tasneem Alowaisheq (Indiana University, King Saud University); XiangHang Mi and Siyuan Tang (Indiana University); Baojun Liu (unaffiliated)

SABRE: Protecting Bitcoin against Routing Attacks
Maria Apostolaki, Gian Marti, Jan Müller, and Laurent Vanbever (ETH Zurich)

CodeAlchemist: Semantics-Aware Code Generation to Find Vulnerabilities in JavaScript Engines
HyungSeok Han, DongHyeon Oh, and Sang Kil Cha (KAIST)

A Systematic Framework to Generate Invariants for Anomaly Detection in Industrial Control Systems
Cheng Feng (Imperial College London); Venkata Reddy Palleti (Singapore University of Technology and Design); Deeph Chana (Imperial College London); Aditya Mathur (Singapore University of Technology and Design)

ICSREF: A Framework for Automated Reverse Engineering of Industrial Control Systems Binaries
Anastasis Keliris (NYU); Michail Maniatakos (NYU Abu Dhabi)

Coconut: Threshold Issuance Selective Disclosure Credentials with Applications to Distributed Ledgers
Alberto Sonnino, Mustafa Al-Bassam, Shehar Bano, Sarah Meiklejohn, and George Danezis (University College London (UCL))

A First Look into the Facebook Advertising Ecosystem
Athanasios Andreou (EURECOM); Márcio Silva and Fabrício Benevenuto (UFMG); Oana Goga (Univ. Grenoble Alpes, CNRS, Grenoble INP, LIG); Patrick Loiseau (Univ. Grenoble Alpes, CNRS, Inria, Grenoble INP, LIG & MPI-SWS); Alan Mislove (Northeastern University)

Adversarial Attacks Against Automatic Speech Recognition Systems via Psychoacoustic Hiding
Lea Schönherr, Katharina Kohls, Steffen Zeiler, Thorsten Holz, and Dorothea Kolossa (Ruhr University Bochum)

Latex Gloves: Protecting Browser Extensions from Probing and Revelation Attacks
Alexander Sjösten, Steven Van Acker, Pablo Picazo-Sanchez, and Andrei Sabelfeld (Chalmers University of Technology)

Vault: Fast Bootstrapping for Cryptocurrencies
Derek Leung, Adam Suhl, Yossi Gilad, and Nickolai Zeldovich (MIT CSAIL)

rORAM: Efficient Range ORAM with O(log2 N) Locality
Anrin Chakraborti (Stony Brook University); Adam J. Aviv, Seung Geol Choi, Travis Mayberry, and Daniel S. Roche (United States Naval Academy); Radu Sion (Stony Brook University)

IoTGuard: Dynamic Enforcement of Security and Safety Policy in Commodity IoT
Z. Berkay Celik, Gang Tan, and Patrick McDaniel (Penn State University)

Ginseng: Keeping Secrets in Registers When You Distrust the Operating System
Min Hong Yun and Lin Zhong (Rice University)

Privacy-preserving Multi-hop Locks for Blockchain Scalability and Interoperability
Giulio Malavolta (Friedrich-Alexander University Erlangen-Nürnberg); Pedro Moreno Sanchez (Purdue University); Clara Schneidewind and Matteo Maffei (TU Wien); Aniket Kate (Purdue University)

Constructing an Adversary Solver for Equihash
Xiaofei Bai, Jian Gao, Chenglong Hu, and Liang Zhang (School of Computer Science, Fudan University)

One Engine To Serve’em All: Inferring Taint Rules Without Architectural Semantics
Zheng Leong Chua (National University of Singapore); Yanhao Wang (TCA/SKLCS, Institute of Software, Chinese Academy of Sciences); Teodora Baluta, Prateek Saxena, and Zhenkai Liang (National University of Singapore); Purui Su (TCA/SKLCS, Institute of Software, Chinese Academy of Sciences)

NoDoze: Combatting Threat Alert Fatigue with Automated Provenance Triage
Wajih Ul Hassan (NEC Laboratories America, Inc.; University of Illinois at Urbana-Champaign); Shengjian Guo (Virginia Tech); Ding Li, Zhengzhang Chen, Kangkook Jee, and Zhichun Li (NEC Laboratories America, Inc.); Adam Bates (University of Illinois at Urbana-Champaign)

How to end password reuse on the web
Ke Coby Wang and Michael K. Reiter (UNC Chapel Hill)

Robust Performance Metrics for Authentication Systems
Shridatt Sugrim (Rutgers Universty); Can Liu, Meghan McLean, and Janne Lindqvist (Rutgers University)

Practical Hidden Voice Attacks against Speech and Speaker Recognition Systems
Hadi Abdullah, Washington Garcia, Christian Peeters, Patrick Traynor, Kevin Butler, and Joseph Wilson (University of Florida)

Nearby Threats: Reversing, Analyzing, and Attacking Google’s “Nearby Connections” on Android
Daniele Antonioli (Singapore University of Technology and Design (SUTD)); Nils Ole Tippenhauer (CISPA); Kasper B. Rasmussen (University of Oxford)

REDQUEEN: Fuzzing with Input-to-State Correspondence
Cornelius Aschermann, Sergej Schumilo, Tim Blazytko, Robert Gawlik, and Thorsten Holz (Ruhr-Universität Bochum)

We Value Your Privacy … Now Take Some Cookies: Measuring the GDPR’s Impact on Web Privacy
Martin Degeling, Christine Utz, Christopher Lentzsch, and Henry Hosseini (Ruhr-Universität Bochum); Florian Schaub (University of Michigan); Thorsten Holz (Ruhr-Universität Bochum)

Rigging Research Results by Manipulating Top Websites Rankings
Victor Le Pochat and Tom Van Goethem (imec-DistriNet, KU Leuven); Samaneh Tajalizadehkhoob (Delft University of Technology); Maciej Korczynski (Grenoble Institute of Technology); Wouter Joosen (imec-DistriNet, KU Leuven)

Quantity vs. Quality: Evaluating User Interest Profiles Using Ad Preference Managers
Muhammad Ahmad Bashir (Northeastern University); Umar Farooq and Maryam Shahid (LUMS Pakistan); Christo Wilson (Northeastern University); Muhammad Fareed Zaffar (LUMS Pakistan)

Component-Based Formal Analysis of 5G-AKA: Channel Assumptions and Session Confusion
Cas Cremers (CISPA Helmholtz Center i.G., Saarbrücken); Martin Dehnel-Wild (University of Oxford)

DroidCap: OS Support for Capability-based Permissions in Android
Abdallah Dawoud (CISPA, Saarland University); Sven Bugiel (CISPA Helmholtz Center i.G.)

On the Challenges of Geographical Avoidance for Tor
Katharina Kohls, Kai Jansen, David Rupprecht, and Thorsten Holz (Ruhr-University Bochum); Christina Pöpper (New York University Abu Dhabi)

ExSpectre: Hiding Malware in Speculative Execution
Jack Wampler, Ian Martiny, and Eric Wustrow (University of Colorado Boulder)

ConcurORAM: High-Throughput Stateless Parallel Multi-Client ORAM
Anrin Chakraborti and Radu Sion (Stony Brook University)

NAUTILUS: Fishing for Deep Bugs with Grammars
Cornelius Aschermann (Ruhr-Universität Bochum); Tommaso Frassetto (Technische Universität Darmstadt); Thorsten Holz (Ruhr-Universität Bochum); Patrick Jauernig and Ahmad-Reza Sadeghi (Technische Universität Darmstadt); Daniel Teuchert (Ruhr-Universität Bochum)

Seth: Protecting Existing Smart Contracts Against Re-Entrancy Attacks
Michael Rodler (University of Duisburg-Essen); Wenting Li and Ghassan Karame (NEC Laboratories, Germany); Lucas Davi (University of Duisburg-Essen)

NIC: Detecting Adversarial Samples with Neural Network Invariant Checking
Shiqing Ma, Yingqi Liu, Guanhong Tao, Wen-Chuan Lee, and Xiangyu Zhang (Purdue University)

How Bad Can It Git? Characterizing Secret Leakage in Public GitHub Repositories
Michael Meli (North Carolina State University); Matthew McNiece (Cisco Systems and North Carolina State University); Bradley Reaves (North Carolina State University)

DIAT: Data Integrity Attestation for Resilient Collaboration of Autonomous Systems
Tigist Abera, Raad Bahmani, Ferdinand Brasser, Ahmad Ibrahim, and Ahmad-Reza Sadeghi (Technische Universität Darmstadt); Matthias Schunter (Intel Labs)

Analyzing Semantic Correctness using Symbolic Execution: A Case Study on PKCS#1 v1.5 Signature Verification
Sze Yiu Chau (Purdue University); Moosa Yahyazadeh and Omar Chowdhury (The University of Iowa); Aniket Kate and Ninghui Li (Purdue University)

Balancing Image Privacy and Usability with Thumbnail-Preserving Encryption
Kimia Tajik and Akshith Gunasekharan (Oregon State University); Rhea Dutta (Cornell University); Brandon Ellis, Rakesh B. Bobba, and Mike Rosulek (Oregon State University); Charles V. Wright and Wu-Chi Feng (Portland State University)

Cleaning Up the Internet of Evil Things: Real-World Evidence on ISP and Consumer Efforts to Remove Mirai
Orcun Cetin, Carlos Ganan, and Lisette Altena (Delft University of Technology); Daisuke Inoue and Takahiro Kasama (National Institute of Information and Communications Technology); Kazuki Tamiya, Ying Tie, and Katsunari Yoshioka (Yokohama National University); Michel van Eeten (Delft University of Technology)

Privacy Attacks to the 4G and 5G Cellular Paging Protocols Using Side Channel Information
Syed Rafiul Hussain (Purdue University); Mitziu Echeverria and Omar Chowdhury (University of Iowa); Ninghui Li and Elisa Bertino (Purdue University)

Digital Healthcare-Associated Infection Analysis of a Major Multi-Campus Hospital System
Luis Vargas, Logan Blue, Vanessa Frost, Christopher Patton, Nolen Scaife, Kevin Butler, and Patrick Traynor (University of Florida)

SANCTUARY: ARMing TrustZone with User-space Enclaves
Ferdinand Brasser, David Gens, Patrick Jauernig, Ahmad-Reza Sadeghi, and Emmanuel Stapf (Technische Universität Darmstadt)

RFDIDS: Radio Frequency-based Distributed Intrusion Detection System for the Power Grid
Tohid Shekari, Christian Bayens, Morris Cohen, Lukas Graber, and Raheem Beyah (ECE, Georgia Tech)

BadBluetooth: Breaking Android Security Mechanisms via Malicious Bluetooth Peripherals
Fenghao Xu (The Chinese University of Hong Kong); Wenrui Diao (Jinan University); Zhou Li (IEEE Member); Jiongyi Chen and Kehuan Zhang (The Chinese University of Hong Kong)

Measurement and Analysis of Hajime, a Peer-to-peer IoT Botnet
Stephen Herwig, Katura Harvey, George Hughey, Richard Roberts, and Dave Levin (University of Maryland)

Neural Machine Translation Inspired Binary Code Similarity Comparison beyond Function Pairs
Fei Zuo, Xiaopeng Li, and Zhexin Zhang (University of South Carolina); Patrick Young (Temple University); Lannan Luo and Qiang Zeng (University of South Carolina)

Enemy At the Gateways: Censorship-Resilient Proxy Distribution Using Game Theory
Milad Nasr (University of Massachusetts Amherst); Sadegh Farhang (Pennsylvania State University); Amir Houmansadr (University of Massachusetts Amherst); Jens Grossklags (Technical University of Munich)

Send Hardest Problems My Way: Probabilistic Path Prioritization for Hybrid Fuzzing
Lei Zhao (Wuhan University); Yue Duan and Heng Yin (University of California, Riverside); Jifeng Xuan (Wuhan University)

The use of TLS in Censorship Circumvention
Sergey Frolov and Eric Wustrow (University of Colorado Boulder)

OBFSCURO: A Commodity Obfuscation Engine on Intel SGX
Adil Ahmad (Purdue); Byunggill Joe (KAIST); Yuan Xiao and Yinqian Zhang (Ohio State University); Insik Shin (KAIST); Byoungyoung Lee (Purdue/SNU)

Mind your Own Business: A Longitudinal Study of Threats and Vulnerabilities in Enterprises
Platon Kotzias (IMDEA Software Institute, Universidad Politécnica de Madrid); Leyla Bilge and Pierre-Antoine Vervier (Symantec Research Labs); Juan Caballero (IMDEA Software Institute)

Life after Speech Recognition: Fuzzing Semantic Misinterpretation for Voice Assistant Applications
Yangyong Zhang, Lei Xu, Abner Mendoza, Guangliang Yang, Phakpoom Chinprutthiwong, and Guofei Gu (TAMU)

Neuro-Symbolic Execution: Augmenting Symbolic Execution with Neural Constraints
Shiqi Shen, Shweta Shinde, Soundarya Ramesh, Prateek Saxena, and Abhik Roychoudhury (National University of Singapore)

Private Continual Release of Real-Valued Data Streams
Victor Perrier (Data61, CSIRO and ISAE-SUPAERO); Hassan Jameel Asghar and Dali Kaafar (Macquarie University and Data61, CSIRO)

Profit: Detecting and Quantifying Side Channels in Networked Applications
Nicolás Rosner and Ismet Burak Kadron (University of California, Santa Barbara); Lucas Bang (Harvey Mudd College); Tevfik Bultan (University of California, Santa Barbara)

CRCount: Pointer Invalidation with Reference Counting to Mitigate Use-after-free in Legacy C/C++
Jangseop Shin, Donghyun Kwon, and Jiwon Seo (Seoul National University and Inter-University Semiconductor Research Center); Yeongpil Cho (Soongsil University); Yunheung Paek (Seoul National University and Inter-University Semiconductor Research Center)

Oligo-Snoop: A Non-Invasive Side Channel Attack Against DNA Synthesis Machines
Sina Faezi, Sujit Rokka Chhetri, Arnav Vaibhav Malawade, and John Charles Chaput (University of California, Irvine); William Grover and Philip Brisk (University of California, Riverside); Mohammad Abdullah Al Faruque (University of California, Irvine)

maTLS: How to Make TLS middlebox-aware?
Hyunwoo Lee (Seoul National University); Zachary Smith (University of Luxembourg); Junghwan Lim, Gyeongjae Choi, and Selin Chun (Seoul National University); Taejoong Chung (Rochester Institute of Technology); Taekyoung Ted Kwon (Seoul National University)