NDSS

The following papers are currently accepted for NDSS 2020. The final version of the program is available at https://www.ndss-symposium.org/ndss-program/2020-program/.

A Practical Approach for Taking Down Avalanche Botnets Under Real-World Constraints
Victor Le Pochat and Tim Van hamme (imec-DistriNet, KU Leuven); Sourena Maroofi (Univ. Grenoble Alpes, CNRS, Grenoble INP, LIG); Tom Van Goethem and Davy Preuveneers (imec-DistriNet, KU Leuven); Andrzej Duda (Univ. Grenoble Alpes, CNRS, Grenoble INP, LIG); Wouter Joosen (imec-DistriNet, KU Leuven); Maciej Korczyński (Univ. Grenoble Alpes, CNRS, Grenoble INP, LIG)

A View from the Cockpit: Exploring Pilot Reactions to Attacks on Avionic Systems
Matthew Smith and Martin Strohmeier (University of Oxford); Jonathan Harman (unaffiliated); Vincent Lenders (armasuisse Science and Technology); Ivan Martinovic (University of Oxford)

ABSynthe: Automatic Blackbox Side-channel Synthesis on Commodity Microarchitectures
Ben Gras (Vrije Universiteit Amsterdam, Intel Corporation); Cristiano Giuffrida, Michael Kurth, Herbert Bos, and Kaveh Razavi (Vrije Universiteit Amsterdam)

Adversarial Classification Under Differential Privacy
Jairo Giraldo (University of Utah); Alvaro Cardenas (UC Santa Cruz); Murat Kantarcioglu (UT Dallas); Jonathan Katz (George Mason University)

Are You Going to Answer That? Measuring User Responses to Anti-Robocall Application Indicators
Imani N. Sherman, Jasmine D. Bowers, Keith McNamara Jr., Juan E. Gilbert, Jaime Ruiz, and Patrick Traynor (University of Florida)

Automated Cross-Platform Reverse Engineering of CAN Bus Commands From Mobile Apps
Haohuang Wen and Qingchuan Zhao (The Ohio State University); Qi Alfred Chen (University of California, Irvine); Zhiqiang Lin (The Ohio State University)

Automated Discovery of Cross-Plane Event-Based Vulnerabilities in Software-Defined Networking
Benjamin E. Ujcich (University of Illinois at Urbana-Champaign); Samuel Jero, Richard Skowyra, and Steven R. Gomez (MIT Lincoln Laboratory); Adam Bates and William H. Sanders (University of Illinois at Urbana-Champaign); Hamed Okhravi (MIT Lincoln Laboratory)

BLAG: Improving the Accuracy of Blacklists
Sivaramakrishnan Ramanathan and Jelena Mirkovic (University of Southern California/Information Sciences Institute); Minlan Yu (Harvard University)

BLAZE: Blazing Fast Privacy-Preserving Machine Learning
Arpita Patra and Ajith Suresh (Indian Institute of Science, Bangalore)

Bobtail: Improved Blockchain Security with Low-Variance Mining
George Bissias and Brian N. Levine (University of Massachusetts Amherst)

Broken Metre: Attacking Resource Metering in EVM
Daniel Perez (Imperial College London); Benjamin Livshits (Imperial College London, UCL Centre for Blockchain Technologies, and Brave Software)

Carnus: Exploring the Privacy Threats of Browser Extension Fingerprinting
Soroush Karami, Panagiotis Ilia, Konstantinos Solomos, and Jason Polakis (University of Illinois at Chicago)

CDN Judo: Breaking the CDN DoS Protection with Itself
Run Guo, Weizhong Li, and Baojun Liu (Tsinghua University); Shuang Hao (University of Texas at Dallas); Jia Zhang, Haixin Duan, and Kaiwen Sheng (Tsinghua University); Jianjun Chen (ICSI); Ying Liu (Tsinghua University)

CloudLeak: Large-Scale Deep Learning Models Stealing Through Adversarial Examples
Honggang Yu and Kaichen Yang (University of Florida); Teng Zhang (University of Central Florida); Yun-Yun Tsai and Tsung-Yi Ho (National Tsing Hua University); Yier Jin (University of Florida)

Complex Security Policy? A Longitudinal Analysis of Deployed Content Security Policies
Sebastian Roth (CISPA Helmholtz Center for Information Security); Timothy Barron (Stony Brook University); Stefano Calzavara (Università Ca’ Foscari Venezia); Nick Nikiforakis (Stony Brook University); Ben Stock (CISPA Helmholtz Center for Information Security)

Compliance Cautions: Investigating Security Issues Associated with U.S. Digital-Security Standards
Rock Stevens (University of Maryland); Josiah Dykstra (Independent Security Researcher); Wendy Knox Everette (Leviathan Security Group); James Chapman (Independent Security Researcher); Garrett Bladow (Dragos); Alexander Farmer (Independent Security Researcher); Kevin Halliday and Michelle L. Mazurek (University of Maryland)

ConTExT: A Generic Approach for Mitigating Spectre
Michael Schwarz, Moritz Lipp, and Claudio Canella (Graz University of Technology); Robert Schilling (Graz University of Technology and Know-Center GmbH); Florian Kargl and Daniel Gruss (Graz University of Technology)

Cross-Origin State Inference (COSI) Attacks: Leaking Web Site States through XS-Leaks
Avinash Sudhodanan (IMDEA Software Institute); Soheil Khodayari (CISPA Helmholtz Center for Information Security); Juan Caballero (IMDEA Software Institute)

Custos: Practical Tamper-Evident Auditing of Operating Systems Using Trusted Execution
Riccardo Paccagnella, Pubali Datta, Wajih Ul Hassan, Adam Bates, Christopher W. Fletcher, and Andrew Miller (University of Illinois at Urbana-Champaign); Dave Tian (Purdue University)

Data-Driven Debugging for Functional Side Channels
Saeid Tizpaz-Niari (University of Colorado Boulder); Pavol Černý (TU Wien); Ashutosh Trivedi (University of Colorado Boulder)

Decentralized Control: A Case Study of Russia
Reethika Ramesh (University of Michigan); Ram Sundara Raman (University of Michgan); Matthew Bernhard and Victor Ongkowijaya (University of Michigan); Leonid Evdokimov and Anne Edmundson (Independent); Steven Sprecher (University of Michigan); Muhammad Ikram (Macquarie University); Roya Ensafi (University of Michigan)

Deceptive Previews: A Study of the Link Preview Trustworthiness in Social Platforms
Giada Stivala and Giancarlo Pellegrino (CISPA Helmholtz Center for Information Security)

DeepBinDiff: Learning Program-Wide Code Representations for Binary Diffing
Yue Duan (Cornell University); Xuezixiang Li, Jinghan Wang, and Heng Yin (UC Riverside)

DefRec: Establishing Physical Function Virtualization to Disrupt Reconnaissance of Power Grids’ Cyber-Physical Infrastructures
Hui Lin and Jianing Zhuang (University of Nevada, Reno); Yih-Chun Hu (University of Illinois, Urbana-Champaign); Huayu Zhou (University of Nevada, Reno)

DESENSITIZATION: Privacy-Aware and Attack-Preserving Crash Report
Ren Ding, Hong Hu, Wen Xu, and Taesoo Kim (Georgia Institute of Technology)

Designing a Better Browser for Tor with BLAST
Tao Wang (Hong Kong University of Science and Technology)

Detecting Probe-resistant Proxies
Sergey Frolov, Jack Wampler, and Eric Wustrow (University of Colorado Boulder)

DISCO: Sidestepping RPKI’s Deployment Barriers
Tomas Hlavacek (Fraunhofer SIT); Italo Cunha (Universidade Federal de Minas Gerais); Yossi Gilad (Hebrew University of Jerusalem); Amir Herzberg (University of Connecticut); Ethan Katz-Bassett (Columbia University); Michael Schapira (Hebrew University of Jerusalem); Haya Shulman (Fraunhofer SIT)

Dynamic Searchable Encryption with Small Client Storage
Ioannis Demertzis (University of Maryland); Javad Ghareh Chamani (Hong Kong University of Science and Technology & Sharif University of Technology); Dimitrios Papadopoulos (Hong Kong University of Science and Technology); Charalampos Papamanthou (University of Maryland)

EASI: Edge-Based Sender Identification on Resource-Constrained Platforms for Automotive Networks
Marcel Kneib (Robert Bosch GmbH); Oleg Schell (Bosch Engineering GmbH); Christopher Huth (Robert Bosch GmbH)

Encrypted DNS –> Privacy? A Traffic Analysis Perspective
Sandra Siby (EPFL); Marc Juarez (University of Southern California); Claudia Diaz (imec-COSIC KU Leuven); Narseo Vallina-Rodriguez (IMDEA Networks Institute); Carmela Troncoso (EPFL)

Et Tu Alexa? When Commodity WiFi Devices Turn into Adversarial Motion Sensors
Yanzi Zhu (UC Santa Barbara); Zhujun Xiao and Yuxin Chen (University of Chicago); Zhijing Li (UC Santa Barbara); Max Liu, Ben Y. Zhao, and Heather Zheng (University of Chicago)

Finding Safety in Numbers with Secure Allegation Escrows
Venkat Arun (Massachusetts Institute of Technology); Aniket Kate (Purdue University); Deepak Garg and Peter Druschel (Max Planck Institute for Software Systems); Bobby Bhattacharjee (University of Maryland)

FlowPrint: Semi-Supervised Mobile-App Fingerprinting on Encrypted Network Traffic
Thijs van Ede (University of Twente); Riccardo Bortolameotti (Bitdefender); Andrea Continella (UC Santa Barbara); Jingjing Ren and Daniel J. Dubois (Northeastern University); Martina Lindorfer (TU Wien); David Choffnes (Northeastern University); Maarten van Steen and Andreas Peter (University of Twente)

FUSE: Finding File Upload Bugs via Penetration Testing
Taekjin Lee (KAIST, ETRI); Seongil Wi, Suyoung Lee, and Sooel Son (KAIST)

Genotype Extraction and False Relative Attacks: Security Risks to Third-Party Genetic Genealogy Services Beyond Identity Inference
Peter Ney, Luis Ceze, and Tadayoshi Kohno (University of Washington)

Heterogeneous Private Information Retrieval
Hamid Mozaffari and Amir Houmansadr (University of Massachusetts Amherst)

HFL: Hybrid Fuzzing on the Linux Kernel
Kyungtae Kim (Purdue University); Dae R. Jeong (KAIST); Chung Hwan Kim (NEC Labs America); Yeongjin Jang (Oregon State University); Insik Shin (KAIST); Byoungyoung Lee (Seoul National University)

Hold the Door! Fingerprinting Your Car Key to Prevent Keyless Entry Car Theft
Kyungho Joo, Wonsuk Choi, and Dong Hoon Lee (Korea University)

HotFuzz: Discovering Algorithmic Denial-of-Service Vulnerabilities Through Guided Micro-Fuzzing
William Blair (Boston University); Andrea Mambretti, Sajjad Arshad, Michael Weissbacher, William Robertson, and Engin Kirda (Northeastern University); Manuel Egele (Boston University)

HYPER-CUBE: High-Dimensional Hypervisor Fuzzing
Sergej Schumilo, Cornelius Aschermann, Ali Abbasi, Simon Wörner, and Thorsten Holz (Ruhr-Universität Bochum)

IMP4GT: IMPersonation Attacks in 4G NeTworks
David Rupprecht, Katharina Kohls, and Thorsten Holz (Ruhr University Bochum); Christina Poepper (NYU Abu Dhabi)

Into the Deep Web: Understanding E-commerce Fraud from Autonomous Chat with Cybercriminals
Peng Wang, Xiaojing Liao, Yue Qin, and XiaoFeng Wang (Indiana University Bloomington)

Learning-based Practical Smartphone Eavesdropping with Built-in Accelerometer
Zhongjie Ba (Zhejiang University and McGill University); Tianhang Zheng (University of Toronto); Xinyu Zhang and Zhan Qin (Zhejiang University); Baochun Li (University of Toronto); Xue Liu (McGill University); Kui Ren (Zhejiang University)

Let’s Revoke: Scalable Global Certificate Revocation
Trevor Smith, Luke Dickenson, and Kent Seamons (Brigham Young University)

Locally Differentially Private Frequency Estimation with Consistency
Tianhao Wang (Purdue University); Milan Lopuhaä-Zwakenberg (Eindhoven University of Technology); Zitao Li (Purdue University); Boris Skoric (Eindhoven University of Technology); Ninghui Li (Purdue University)

MACAO: A Maliciously-Secure and Client-Efficient Active ORAM Framework
Thang Hoang (University of South Florida); Jorge Guajardo (Robert Bosch Research and Technology Center); Attila Yavuz (University of South Florida)

MassBrowser: Unblocking the Censored Web for the Masses, by the Masses
Milad Nasr, Hadi Zolfaghari, Amir Houmansadr, and Amirhossein Ghafari (University of Massachusetts Amherst)

Measuring the Deployment of Network Censorship Filters at Global Scale
Ram Sundara Raman and Adrian Stoll (University of Michigan); Jakub Dalek (Citizen Lab, University of Toronto); Armin Sarabi and Reethika Ramesh (University of Michigan); Will Scott (Independent); Roya Ensafi (University of Michigan)

Melting Pot of Origins: Compromising the Intermediary Web Services that Rehost Websites
Takuya Watanabe, Eitaro Shioji, and Mitsuaki Akiyama (NTT); Tatsuya Mori (Waseda University, NICT, and RIKEN AIP)

Metal: A Metadata-Hiding File-Sharing System
Weikeng Chen and Raluca Ada Popa (UC Berkeley)

Metamorph: Injecting Inaudible Commands into Over-the-air Voice Controlled Systems
Tao Chen (City University of Hong Kong); Longfei Shangguan (Microsoft); Zhenjiang Li (City University of Hong Kong); Kyle Jamieson (Princeton University)

Mind the Portability: A Warriors Guide through Realistic Profiled Side-channel Analysis
Shivam Bhasin and Anupam Chattopadhyay (Nanyang Technological University); Annelie Heuser (Univ Rennes, Inria, CNRS, IRISA); Dirmanto Jap (Nanyang Technological University); Stjepan Picek (Delft University of Technology); Ritu Ranjan Shrivastwa (Secure-IC)

NoJITsu: Locking Down JavaScript Engines
Taemin Park (University of California, Irvine); Karel Dhondt (imec-DistriNet, KU Leuven); David Gens and Yeoul Na (University of California, Irvine); Stijn Volckaert (imec-DistriNet, KU Leuven); Michael Franz (University of California, Irvine, USA)

Not All Coverage Measurements Are Equal: Fuzzing by Coverage Accounting for Input Prioritization
Yanhao Wang (Institute of Software, Chinese Academy of Sciences); Xiangkun Jia (Pennsylvania State University); Yuwei Liu (Institute of Software, Chinese Academy of Sciences); Kyle Zeng and Tiffany Bao (Arizona State University); Dinghao Wu (Pennsylvania State University); Purui Su (Institute of Software, Chinese Academy of Sciences)

OcuLock: Exploring Human Visual System for Authentication in Virtual Reality Head-mounted Display
Shiqing Luo and Anh Nguyen (Georgia State University); Chen Song (San Diego State University); Feng Lin (Zhejiang University); Wenyao Xu (SUNY Buffalo); Zhisheng Yan (Georgia State University)

OmegaLog: High-Fidelity Attack Investigation via Transparent Multi-layer Log Analysis
Wajih Ul Hassan, Mohammad A. Noureddine, Pubali Datta, and Adam Bates (University of Illinois Urbana-Champaign)

On the Resilience of Biometric Authentication Systems against Random Inputs
Benjamin Zi Hao Zhao (University of New South Wales and Data61 CSIRO); Hassan Jameel Asghar and Mohamed Ali Kaafar (Macquarie University and Data61 CSIRO)

On Using Application-Layer Middlebox Protocols for Peeking Behind NAT Gateways
Teemu Rytilahti and Thorsten Holz (Ruhr University Bochum)

Packet-Level Signatures for Smart Home Devices
Rahmadi Trimananda, Janus Varmarken, Athina Markopoulou, and Brian Demsky (University of California, Irvine)

PhantomCache: Obfuscating Cache Conflicts with Localized Randomization
Qinhan Tan, Zhihua Zeng, Kai Bu, and Kui Ren (Zhejiang University)

Poseidon: Mitigating Volumetric DDoS Attacks with Programmable Switches
Menghao Zhang, Guanyu Li, Shicheng Wang, and Chang Liu (Tsinghua University); Ang Chen (Rice University); Hongxin Hu (Clemson University); Guofei Gu (Texas A&M University); Qi Li, Mingwei Xu, and Jianping Wu (Tsinghua University)

Post-Quantum Authentication in TLS 1.3: A Performance Study
Dimitrios Sikeridis (The University of New Mexico); Panos Kampanakis (Cisco Systems); Michael Devetsikiotis (The University of New Mexico)

Practical Traffic Analysis Attacks on Secure Messaging Applications
Alireza Bahramali, Amir Houmansadr, Ramin Soltani, Dennis Goeckel, and Don Towsley (University of Massachusetts Amherst)

Precisely Characterizing Security Impact in a Flood of Patches via Symbolic Rule Comparison
Qiushi Wu, Yang He, Stephen McCamant, and Kangjie Lu (University of Minnesota)

Prevalence and Impact of Low-Entropy Packing Schemes in the Malware Ecosystem
Alessandro Mantovani (EURECOM); Simone Aonzo (University of Genoa); Xabier Ugarte-Pedrero (Cisco Systems); Alessio Merlo (University of Genoa); Davide Balzarotti (EURECOM)

Proof of Storage-Time: Efficiently Checking Continuous Data Availability
Giuseppe Ateniese (Stevens Institute of Technology); Long Chen (New Jersey Institute of Technology); Mohammard Etemad (Stevens Institute of Technology); Qiang Tang (New Jersey Institute of Technology)

ProtectIOn: Root-of-Trust for IO in Compromised Platforms
Aritra Dhar, Enis Ulqinaku, Kari Kostiainen, and Srdjan Capkun (ETH Zurich)

Revisiting Leakage Abuse Attacks
Laura Blackstone, Seny Kamara, and Tarik Moataz (Brown University)

Secure Sublinear Time Differentially Private Median Computation
Jonas Böhler (SAP Security Research); Florian Kerschbaum (University of Waterloo)

Snappy: Fast On-chain Payments with Practical Collaterals
Vasilios Mavroudis (University College London); Karl Wüst, Aritra Dhar, Kari Kostiainen, and Srdjan Capkun (ETH Zurich)

SODA: A Generic Online Detection Framework for Smart Contracts
Ting Chen, Rong Cao, and Ting Li (University of Electronic Science and Technology of China); Xiapu Luo (The Hong Kong Polytechnic University); Guofei Gu (Texas A&M University); Yufei Zhang, Zhou Liao, and Hang Zhu (University of Electronic Science and Technology of China); Gang Chen (Chengdu Kongdi Technology Inc.); Zheyuan He and Yuxing Tang (University of Electronic Science and Technology of China); Xiaodong Lin (University of Guelph); Xiaosong Zhang (University of Electronic Science and Technology of China)

SPEECHMINER: A Framework for Investigating and Measuring Speculative Execution Vulnerabilities
Yuan Xiao, Yinqian Zhang, and Radu Teodorescu (The Ohio State University)

Strong Authentication without Temper-Resistant Hardware and Application to Federated Identities
Zhenfeng Zhang (Chinese Academy of Sciences, University of Chinese Academy of Sciences, and The Joint Academy of Blockchain Innovation); Yuchen Wang (Chinese Academy of Sciences and University of Chinese Academy of Sciences); Kang Yang (State Key Laboratory of Cryptology)

SurfingAttack: Interactive Hidden Attack on Voice Assistants Using Ultrasonic Guided Waves
Qiben Yan (Michigan State University); Kehai Liu (Chinese Academy of Sciences); Qin Zhou (University of Nebraska-Lincoln); Hanqing Guo (Michigan State University); Ning Zhang (Washington University in St. Louis)

SVLAN: Secure & Scalable Network Virtualization
Jonghoon Kwon, Taeho Lee, Claude Hähni, and Adrian Perrig (ETH)

SymTCP: Eluding Stateful Deep Packet Inspection with Automated Discrepancy Discovery
Zhongjie Wang, Shitong Zhu, Yue Cao, Zhiyun Qian, Chengyu Song, and Srikanth V. Krishnamurthy (University of California, Riverside); Kevin S. Chan and Tracy D. Braun (U.S. Army Research Lab)

The Attack of the Clones Against Proof-of-Authority
Parinya Ekparinya (University of Sydney); Vincent Gramoli (University of Sydney and CSIRO-Data61); Guillaume Jourjon (CSIRO-Data61)

TKPERM: Cross-platform Permission Knowledge Transfer to Detect Overprivileged Third-party Applications
Faysal Hossain Shezan and Kaiming Cheng (University of Virginia); Zhen Zhang and Yinzhi Cao (Johns Hopkins University); Yuan Tian (University of Virginia)

Towards Plausible Graph Anonymization
Yang Zhang (CISPA Helmholtz Center for Information Security); Mathias Humbert (armasuisse Science and Technology); Bartlomiej Surma, Praveen Manoharan, Jilles Vreeken, and Michael Backes (CISPA Helmholtz Center for Information Security)

Trident: Efficient 4PC Framework for Privacy Preserving Machine Learning
Harsh Chaudhari (Indian Institute of Science, Bangalore); Rahul Rachuri (Aarhus University, Denmark); Ajith Suresh (Indian Institute of Science, Bangalore)

UISCOPE: Accurate, Instrumentation-free, and Visible Attack Investigation for GUI Applications
Runqing Yang (Zhejiang University); Shiqing Ma (Rutgers University); Haitao Xu (Arizona State University); Xiangyu Zhang (Purdue University); Yan Chen (Northwestern University)

Unicorn: Runtime Provenance-Based Detector for Advanced Persistent Threats
Xueyuan Han (Harvard University); Thomas Pasquier (University of Bristol); Adam Bates (University of Illinois at Urbana-Champaign); James Mickens (Harvard University); Margo Seltzer (University of British Columbia)

uRAI: Securing Embedded Systems with Return Address Integrity
Naif Saleh Almakhdhub (Purdue University and King Saud University); Abraham A. Clements (Sandia National Laboratories); Saurabh Bagchi (Purdue University); Mathias Payer (EPFL)

When Malware is Packin’ Heat; Limits of Machine Learning Classifiers Based on Static Analysis Features
Hojjat Aghakhani and Fabio Gritti (University of California, Santa Barbara); Francesco Mecca (Università degli Studi di Torino); Martina Lindorfer (TU Wien); Stefano Ortolani (Lastline Inc.); Davide Balzarotti (Eurecom); Giovanni Vigna and Christopher Kruegel (University of California, Santa Barbara)

When Match Fields Do Not Need to Match: Buffered Packets Hijacking in SDN
Jiahao Cao (Tsinghua University; George Mason University); Renjie Xie (Tsinghua University); Kun Sun (George Mason University); Qi Li (Tsinghua University); Guofei Gu (Texas A&M University); Mingwei Xu (Tsinghua University)

Withdrawing the BGP Re-Routing Curtain: Understanding the Security Impact of BGP Poisoning through Real-World Measurements
Jared M. Smith, Kyle Birkeland, Tyler McDaniel, and Max Schuchard (University of Tennessee, Knoxville)

You Are What You Do: Hunting Stealthy Malware via Data Provenance Analysis
Qi Wang and Wajih Ul Hassan (University of Illinois Urbana-Champaign); Ding Li (NEC Laboratories America, Inc.); Kangkook Jee (University of Texas at Dallas); Xiao Yu (NEC Laboratories America, Inc.); Kexuan Zou (University Of Illinois Urbana-Champaign); Junghwan Rhee, Zhengzhang Chen, and Wei Cheng (NEC Laboratories America, Inc.); Carl A. Gunter (University of Illinois Urbana-Champaign); Haifeng Chen (NEC Laboratories America, Inc.)