NDSS

The following papers are currently accepted for NDSS 2020. Additional papers are under review and will be added when the reviews are completed. A draft version of the program is available at https://www.ndss-symposium.org/ndss-program/2020-program/. For a mapping of specific papers to sessions, please download this file.

A View from the Cockpit: Exploring Pilot Reactions to Attacks on Avionic Systems
Matthew Smith and Martin Strohmeier (University of Oxford); Jonathan Harman (unaffiliated); Vincent Lenders (Armasuisse); Ivan Martinovic (University of Oxford)

ABSynthe: Automatic Blackbox Side-channel Synthesis on Commodity Microarchitectures
Ben Gras, Michael Kurth, Cristiano Giuffrida, Herbert Bos, and Kaveh Razavi (Vrije Universiteit Amsterdam)

An Experimental Security Analysis of Relative Matching on a Genetic Genealogy Service
Peter Ney, Luis Ceze, and Tadayoshi Kohno (University of Washington)

Automated Cross-Platform Reverse Engineering of CAN Bus Commands from Mobile Apps
Haohuang Wen and Qingchuan Zhao (Ohio State University); Qi Alfred Chen (University of California, Irvine); Zhiqiang Lin (Ohio State University)

Automated Discovery of Cross-Plane Event-Based Vulnerabilities in Software-Defined Networking
Benjamin E. Ujcich (University of Illinois at Urbana-Champaign); Samuel Jero, Richard Skowyra, and Steven R. Gomez (MIT Lincoln Laboratory); Adam Bates and William H. Sanders (University of Illinois at Urbana-Champaign); Hamed Okhravi (MIT Lincoln Laboratory)

Babar: Runtime Provenance-Based Detector for Advanced Persistent Threats
Xueyuan Han (Harvard University); Thomas Pasquier (University of Bristol); Adam Bates (University of Illinois at Urbana-Champaign); James Mickens (Harvard University); Margo Seltzer (University of British Columbia)

BLAZE: Blazing Fast Privacy-Preserving Machine Learning
Arpita Patra and Ajith Suresh (Indian Institute of Science, Bangalore)

Bobtail: Improved Blockchain Security with Low-Variance Mining
George Bissias and Brian N. Levine (University of Massachusetts Amherst)

CDN Judo: Breaking the CDN DoS Protection with Itself
Run Guo, Weizhong Li, and Baojun Liu (Tsinghua University); Shuang Hao (University of Texas, Dallas); Haixin Duan, Jia Zhang, and Kaiwen Sheng (Tsinghua University); Jianjun Chen (ICSI, Berkeley); Ying Liu (Tsinghua University)

Complex Security Policy? A Longitudinal Analysis of Deployed Content Security Policies
Sebastian Roth (CISPA Helmholtz Center for Information Security); Timothy Barron (Stony Brook University); Stefano Calzavara (Università Ca’ Foscari Venezia); Nick Nikiforakis (Stony Brook University); Ben Stock (CISPA Helmholtz Center for Information Security)

Compliance Cautions: Investigating Security Issues Associated with U.S. Digital-Security Standards
Rock Stevens (University of Maryland); Josiah Dykstra and James Chapman (Independent security professional); Wendy Knox Everette (Leviathan Security Group); Garrett Bladow and Alexander Farmer (Independent security professional); Kevin Halliday and Michelle Mazurek (University of Maryland)

Cross-Origin State Inference (COSI) Attacks: Leaking Web Site States through XS-Leaks
Avinash Sudhodanan (IMDEA Software Institute); Soheil Khodayari (CISPA Helmholtz Center for Information Security); Juan Caballero (IMDEA Software Institute)

Decentralized Control: A Case Study of Russia
Reethika Ramesh (University of Michigan); Ramakrishnan Sundara Raman (University of Michgan); Matthew Bernhard (University of Michigan); Leonid Evdokimov (Independent); Victor Ongkowijaya (University of Michigan); Anne Edmundson (Independent); Muhammad Ikram and Roya Ensafi (University of Michigan)

Deceptive Previews: A Study of the Link Preview Trustworthiness in Social Platforms
Giada Martina Stivala (CISPA Helmholtz Center for Information Security); Giancarlo Pellegrino (Stanford University / CISPA Helmholtz Center for Information Security)

DefRec: Establishing Physical Function Virtualization to Disrupt Reconnaissance of Power Grids’ Cyber-Physical Infrastructures
Hui Lin and Jianing Zhuang (University of Nevada, Reno); Yih-Chun Hu (University of Illinois, Urbana-Champaign); Huayu Zhou (University of Nevada, Reno)

DESENSITIZATION: Privacy-Aware and Attack-Preserving Crash Report
Ren Ding, Hong Hu, Wen Xu, and Taesoo Kim (Georgia Tech)

Detecting Probe-resistant Proxies
Sergey Frolov (University of Colorado); Jack Wampler and Eric Wustrow (University of Colorado Boulder)

Dynamic Searchable Encryption with Small Client Storage
Ioannis Demertzis (University of Maryland); Javad Ghareh Chamani (Hong Kong University of Science and Technology & Sharif University of Technology); Dimitrios Papadopoulos (Hong Kong University of Science and Technology); Charalampos Papamanthou (University of Maryland)

EASI: Edge-Based Sender Identification on Resource-Constrained Platforms for Automotive Networks
Marcel Kneib (Robert Bosch GmbH); Oleg Schell (Bosch Engineering GmbH); Christopher Huth (Robert Bosch GmbH)

Encrypted DNS –> Privacy? A Traffic Analysis Perspective
Sandra Siby (EPFL); Marc Juarez (KU Leuven, ESAT/COSIC and iMinds); Narseo Vallina-Rodriguez (IMDEA Networks/ICSI); Claudia Diaz (KU Leuven); Carmela Troncoso (EPFL)

Et Tu Alexa? When Commodity WiFi Devices Turn into Adversarial Motion Sensors
Yanzi Zhu (UC Santa Barbara); Zhujun Xiao and Yuxin Chen (University of Chicago); Zhijing Li (UC Santa Barbara); Max Liu, Ben Y. Zhao, and Heather Zheng (University of Chicago)

Exploring the Privacy Threats of Browser Extension Fingerprinting
Soroush Karami, Panagiotis Ilia, Konstantinos Solomos, and Jason Polakis (University of Illinois at Chicago)

Fingerprinting Network Censorship Boxes at Global Scale
Ramakrishnan Sundara Raman and Adrian Stoll (University of Michigan); Jakub Dalek (Citizen Lab, University of Toronto); Armin Sarabi and Reethika Ramesh (University of Michigan); Will Scott (Oasis Labs); Roya Ensafi (University of Michigan)

FUSE: Finding File Upload Bugs via Penetration Testing
Taekjin Lee, Seongil Wi, Suyoung Lee, and Sooel Son (KAIST)

Heterogeneous Private Information Retrieval
Hamid Mozaffari and Amir Houmansadr (University of Massachusetts Amherst)

High-Fidelity Attack Investigation with Universal Provenance
Wajih Ul Hassan, Mohammad Ali Noureddine, Pubali Datta, and Adam Bates (University of Illinois Urbana-Champaign)

Hold the Door! Fingerprinting Your Car Key to Prevent Keyless Entry Car Theft
Kyungho Joo, Wonsuk Choi, and DongHoon Lee (Korea University)

HYPER-CUBE: High-Dimensional Hypervisor Fuzzing
Sergej Schumilo, Cornelius Aschermann, Ali Abbasi, Simon Wörner, and Thorsten Holz (Ruhr-Universität Bochum)

IMP4GT: IMPersonation Attacks in 4G NeTworks
David Rupprecht, Katharina Kohls, and Thorsten Holz (Ruhr University Bochum); Christina Poepper (New York University Abu Dhabi)

Into the Deep Web: Understanding E-commerce Fraud from Autonomous Chat with Cybercriminals
Peng Wang, Xiaojing Liao, Yue Qin, and XiaoFeng Wang (Indiana University Bloomington)

Let’s Revoke: Scalable Global Certificate Revocation
Trevor Smith, Luke Dickenson, and Kent Seamons (Brigham Young University)

Locally Differentially Private Frequency Estimation Exploiting Consistency
Tianhao Wang (Purdue University); Milan Lopuhaä-Zwakenberg (Eindhoven University of Technology); Zitao Li (Purdue University); Boris Skoric (Eindhoven University of Technology); Ninghui Li (Purdue University)

MACAO: A Maliciously-Secure and Client-Efficient Active ORAM Framework
Thang Hoang (University of South Florida); Jorge Guajardo (Robert Bosch Research and Technology Center); Attila Yavuz (University of South Florida)

Melting Pot of Origins: Compromising the Intermediary Web Services that Rehost Websites
Takuya Watanabe, Eitaro Shioji, and Mitsuaki Akiyama (NTT); Tatsuya Mori (Waseda University)

Metamorph: Injecting Inaudible Commands into Over-the-air Voice Controlled Systems
Tao Chen (City University of Hong Kong); Longfei Shangguan (Microsoft Cloud&AI); Zhenjiang Li (City University of Hong Kong); Kyle Jamieson (Princeton University)

Mind the Portability: A Warriors Guide through Realistic Profiled Side-channel Analysis
Shivam Bhasin (Temasek Laboratories @ Nanyang Technological University, Singapore); Anupam Chattopadhyay (Nanyang Technological University, Singapore); Annelie Heuser (CNRS, IRISA, France); Dirmanto Jap (Nanyang Technological University, Singapore); Stjepan Picek (TU Delft, The Netherlands); Ritu Ranjan Shrivastwa (Secure-IC, France)

NoJITsu: Locking Down JavaScript Engines
Taemin Park (University of California, Irvine); Karel Dhondt (imec-DistriNet, KU Leuven); David Gens and Yeoul Na (University of California, Irvine); Stijn Volckaert (imec-DistriNet, KU Leuven); Michael Franz (University of California, Irvine, USA)

OcuLock: Exploring Human Visual System for Authentication in Virtual Reality Head-mounted Display
Shiqing Luo and Anh Nguyen (Georgia State University); Chen Song (San Diego State University); Feng Lin (Zhejiang University); Wenyao Xu (SUNY Buffalo); Zhisheng Yan (Georgia State University)

On the Resilience of Biometric Authentication Systems against Random Inputs
Benjamin Zi Hao Zhao (University of New South Wales and Data61 CSIRO); Hassan Jameel Asghar and Mohamed Ali (Dali) Kaafar (Macquarie University and Data61 CSIRO)

On Using Application-Layer Middlebox Protocols for Peeking Behind NAT Gateways
Teemu Rytilahti and Thorsten Holz (Ruhr-University Bochum)

Optimal Defense Against Adversarial Distributions for Anomaly Detection with Differential Privacy
Jairo Giraldo (University of Texas at Dallas); Alvaro Cardenas (University of California Santa Cruz); Murat Kantarcioglu (University of Texas at Dallas); Jonathan Katz (University of Maryland)

Poseidon: Enabling Cost-efficient and Agile DDoS Defense with Programmable Switches
Menghao Zhang, Guanyu Li, Shicheng Wang, and Chang Liu (Tsinghua University); Ang Chen (Rice University); Hongxin Hu (Clemson University); Guofei Gu (Texas A&M University); Qi Li, Mingwei Xu, and Jianping Wu (Tsinghua University)

Post-Quantum Authentication in TLS 1.3: A Performance Study
Dimitrios Sikeridis (The University of New Mexico); Panos Kampanakis (Cisco Systems); Michael Devetsikiotis (The University of New Mexico)

Practical Traffic Analysis Attacks on Secure Messaging Applications
Alireza Bahramali, Amir Houmansadr, Ramin Soltani, Dennis Goeckel, and Don Towsley (UMass Amherst)

Prevalence and Impact of Low-Entropy Packing Schemes in the Malware Ecosystem
Alessandro Mantovani (EURECOM); Simone Aonzo (University of Genoa); Xabier Ugarte-Pedrero (Cisco Systems); Alessio Merlo (University of Genoa); Davide Balzarotti (EURECOM)

Proof of Spacetime: Efficiently Checking Continuous Data Availability
Giuseppe Ateniese (Stevens Institute of Technology); Long Chen (New Jersey Institute of Technology); Mohammard Etemad (Microsoft); Qiang Tang (New Jersey Institute of Technology)

ProtectIOn: Root-of-Trust for IO in Compromised Platforms
Aritra Dhar, Enis Ulqinaku, Kari Kostiainen, and Srdjan Capkun (ETH Zurich)

SAE: Secure Allegation Escrows
Venkat Arun (Massachusetts Institute of Technology); Aniket Kate (Purdue University); Deepak Garg and Peter Druschel (Max Planck Institute for Software Systems); Bobby Bhattacharjee (University of Maryland)

Sidestepping RPKI’s Deployment Barriers
Tomas Hlavacek (Fraunhofer SIT); Italo Cunha (Universidade Federal de Minas Gerais); Yossi Gilad (Hebrew University of Jerusalem); Amir Herzberg (University of Connecticut, USA); Ethan Katz-Bassett (Columbia University); Michael Schapira (Hebrew University of Jerusalem); Haya Shulman (Fraunhofer SIT)

Snappy: Fast On-chain Payments with Practical Collaterals
Vasilios Mavroudis (University College London); Karl Wüst, Aritra Dhar, Kari Kostiainen, and Srdjan Capkun (ETH Zurich)

SPEECHMINER: A Framework for Investigating and Measuring Speculative Execution Vulnerabilities
Yuan Xiao, Yinqian Zhang, and Radu Teodorescu (The Ohio State University)

Strong Authentication without Temper-Resistant Hardware and Application to Federated Identities
Zhenfeng Zhang (Trusted Computing and Information Assurance Laboratory, SKLCS, Institute of Software, Chinese Academy of Sciences); Yuchen Wang (Trusted Computing and Information Assurance Laboratory, Institute of Software, Chinese Academy of Sciences & University of Chinese Academy of Sciences); Kang Yang (State Key Laboratory of Cryptology)

SwarmProxy: Unblocking the Censored Web for the Masses
Milad Nasr, Hadi Zolfaghari, Amir Houmansadr, and Amirhossein Ghafari (University of Massachusetts Amherst)

SymTCP: Eluding Stateful Deep Packet Inspection with Automated Discrepancy Discovery
Zhongjie Wang, Shitong Zhu, Yue Cao, Zhiyun Qian, Chengyu Song, and Srikanth V. Krishnamurthy (University of California, Riverside); Tracy D. Braun and Kevin S. Chan (US Army Research Laboratory)

The Attack of the Clones Against Proof-of-Authority
Parinya Ekparinya (University of Sydney); Vincent Gramoli (University of Sydney and Data61, CSIRO); Guillaume Jourjon (Data61, CSIRO)

TKPERM: Cross-platform Permission Knowledge Transfer to Detect Overprivileged Third-party Applications
Faysal Hossain Shezan and Kaiming Cheng (University of Virginia); Zhen Zhang and Yinzhi Cao (Johns Hopkins University); Yuan Tian (University of Virginia)

Towards Plausible Graph Anonymization
Yang Zhang (CISPA Helmholtz Center for Information Security); Mathias Humbert (Swiss Data Science Center, ETH Zurich and EPFL); Bartlomiej Surma, Praveen Manoharan, Jilles Vreeken, and Michael Backes (CISPA Helmholtz Center for Information Security)

Trident: Efficient 4PC Framework for Privacy Preserving Machine Learning
Harsh Chaudhari (Indian Institute of Science, Bangalore India); Sai Rahul Rachuri (International Institute of Information Technology, Bangalore, India); Ajith Suresh (Indian Institute of Science, Bangalore, India)

UISCOPE: Accurate, Instrumentation-free, Deterministic and Visible Attack Investigation
Runqing Yang (Zhejiang University); Shiqing Ma (Rutgers University); Haitao Xu (Arizona State University); Xiangyu Zhang (Purdue University); Yan Chen (Northwestern University)

uRAI: Return Address Integrity for Embedded Systems
Naif Saleh Almakhdhub (Purdue University and King Saud University); Abraham A Clements (Sandia National Labs); Saurabh Bagchi (Purdue University); Mathias Payer (EPFL)

When Match Fields Do Not Need to Match: Buffered Packets Hijacking in SDN
Jiahao Cao (Tsinghua University; George Mason University); Renjie Xie (Tsinghua University); Kun Sun (George Mason University); Qi Li (Tsinghua University); Guofei Gu (Texas A&M University); Mingwei Xu (Tsinghua University)

Withdrawing the BGP Re-Routing Curtain: Understanding and Analyzing the Security Impact of BGP Poisoning through Real-World Measurements
Jared M. Smith, Kyle Birkeland, Tyler McDaniel, and Max Schuchard (University of Tennessee, Knoxville)

Zeria: A Metadata-Hiding and Oblivious File Sharing System
Weikeng Chen and Raluca Ada Popa (UC Berkeley)