NDSS 2020 Accepted Papers

The following papers are currently accepted for NDSS 2020. The final version of the program is available at https://www.ndss-symposium.org/ndss-program/2020-program/.

A Practical Approach for Taking Down Avalanche Botnets Under Real-World Constraints

Victor Le Pochat, Tim Van hamme, Sourena Maroofi, Tom Van Goethem, Davy Preuveneers, Andrzej Duda, Wouter Joosen, and Maciej Korczyński

A View from the Cockpit: Exploring Pilot Reactions to Attacks on Avionic Systems

Matthew Smith and Martin Strohmeier (University of Oxford); Jonathan Harman (unaffiliated); Vincent Lenders (armasuisse Science and Technology); Ivan Martinovic (University of Oxford)

ABSynthe: Automatic Blackbox Side-channel Synthesis on Commodity Microarchitectures

Ben Gras, Cristiano Giuffrida, Michael Kurth, Herbert Bos, and Kaveh Razavi

Adversarial Classification Under Differential Privacy

Jairo Giraldo, Alvaro Cardenas, Murat Kantarcioglu, Jonathan Katz

Are You Going to Answer That? Measuring User Responses to Anti-Robocall Application Indicators

Imani N. Sherman, Jasmine D. Bowers, Keith McNamara Jr., Juan E. Gilbert, Jaime Ruiz, and Patrick Traynor

Automated Cross-Platform Reverse Engineering of CAN Bus Commands From Mobile Apps

Haohuang Wen and Qingchuan Zhao; Qi Alfred Chen ; Zhiqiang Lin

Automated Discovery of Cross-Plane Event-Based Vulnerabilities in Software-Defined Networking

Benjamin E. Ujcich, Samuel Jero, Richard Skowyra, and Steven R. Gomez, Adam Bates and William H. Sanders, Hamed Okhravi

BLAG: Improving the Accuracy of Blacklists

Sivaramakrishnan Ramanathan and Jelena Mirkovic, Minlan Yu

BLAZE: Blazing Fast Privacy-Preserving Machine Learning

Arpita Patra and Ajith Suresh

Bobtail: Improved Blockchain Security with Low-Variance Mining

George Bissias and Brian N. Levine

Broken Metre: Attacking Resource Metering in EVM

Daniel Perez, Benjamin Livshits

Carnus: Exploring the Privacy Threats of Browser Extension Fingerprinting

Soroush Karami, Panagiotis Ilia, Konstantinos Solomos, and Jason Polakis

CDN Judo: Breaking the CDN DoS Protection with Itself

Run Guo, Weizhong Li, and Baojun Liu, Shuang Hao, Jia Zhang, Haixin Duan, and Kaiwen Sheng, Jianjun Chen, Ying Liu

CloudLeak: Large-Scale Deep Learning Models Stealing Through Adversarial Examples

Honggang Yu, Kaichen Yang, Teng Zhang, Yun-Yun Tsai, Tsung-Yi Ho, Yier Jin

Complex Security Policy? A Longitudinal Analysis of Deployed Content Security Policies

Sebastian Roth, Timothy Barron, Stefano Calzavara, Nick Nikiforakis, Ben Stock

Compliance Cautions: Investigating Security Issues Associated with U.S. Digital-Security Standards

Rock Stevens, Josiah Dykstra, Wendy Knox Everette, James Chapman, Garrett Bladow, Alexander Farmer, Kevin Halliday and Michelle L. Mazurek

ConTExT: A Generic Approach for Mitigating Spectre

Michael Schwarz, Moritz Lipp, Claudio Canella, Robert Schilling, Florian Kargl and Daniel Gruss

Cross-Origin State Inference (COSI) Attacks: Leaking Web Site States through XS-Leaks

Avinash Sudhodanan, Soheil Khodayari, and Juan Caballero

Custos: Practical Tamper-Evident Auditing of Operating Systems Using Trusted Execution

Riccardo Paccagnella, Pubali Datta, Wajih Ul Hassan, Adam Bates, Christopher W. Fletcher, Andrew Miller, and Dave Tian

Data-Driven Debugging for Functional Side Channels

Saeid Tizpaz-Niari, Pavol Černý, and Ashutosh Trivedi

Decentralized Control: A Case Study of Russia

Reethika Ramesh, Ram Sundara Raman, Matthew Bernhard, Victor Ongkowijaya, Leonid Evdokimov, Anne Edmundson, Steven Sprecher, Muhammad Ikram, and Roya Ensafi

Deceptive Previews: A Study of the Link Preview Trustworthiness in Social Platforms

Giada Stivala and Giancarlo Pellegrino

DeepBinDiff: Learning Program-Wide Code Representations for Binary Diffing

Yue Duan, Xuezixiang Li, Jinghan Wang, and Heng Yin

DefRec: Establishing Physical Function Virtualization to Disrupt Reconnaissance of Power Grids’ Cyber-Physical Infrastructures

Hui Lin, Jianing Zhuang, Yih-Chun Hu, and Huayu Zhou

DESENSITIZATION: Privacy-Aware and Attack-Preserving Crash Report

Ren Ding, Hong Hu, Wen Xu, and Taesoo Kim

Designing a Better Browser for Tor with BLAST

Tao Wang

Detecting Probe-resistant Proxies

Sergey Frolov, Jack Wampler, and Eric Wustrow

DISCO: Sidestepping RPKI’s Deployment Barriers

Tomas Hlavacek, Italo Cunha, Yossi Gilad, Amir Herzberg, Ethan Katz-Bassett, Michael Schapira, and Haya Shulman

Dynamic Searchable Encryption with Small Client Storage

Ioannis Demertzis, Javad Ghareh Chamani, Dimitrios Papadopoulos, and Charalampos Papamanthou

EASI: Edge-Based Sender Identification on Resource-Constrained Platforms for Automotive Networks

Marcel Kneib, Oleg Schell, and Christopher Huth

Encrypted DNS –> Privacy? A Traffic Analysis Perspective

Sandra Siby, Marc Juarez, Claudia Diaz, Narseo Vallina-Rodriguez, and Carmela Troncoso

Et Tu Alexa? When Commodity WiFi Devices Turn into Adversarial Motion Sensors

Yanzi Zhu, Zhujun Xiao, Yuxin Chen, Zhijing Li, Max Liu, Ben Y. Zhao, and Heather Zheng

Finding Safety in Numbers with Secure Allegation Escrows

Venkat Arun, Aniket Kate, Deepak Garg, Peter Druschel, and Bobby Bhattacharjee

FlowPrint: Semi-Supervised Mobile-App Fingerprinting on Encrypted Network Traffic

Thijs van Ede, Riccardo Bortolameotti, Andrea Continella, Jingjing Ren and Daniel J. Dubois, Martina Lindorfer, David Choffnes, Maarten van Steen and Andreas Peter

FUSE: Finding File Upload Bugs via Penetration Testing

Taekjin Lee, Seongil Wi, Suyoung Lee, and Sooel Son

Genotype Extraction and False Relative Attacks: Security Risks to Third-Party Genetic Genealogy Services Beyond Identity Inference

Peter Ney, Luis Ceze, and Tadayoshi Kohno

Heterogeneous Private Information Retrieval

Hamid Mozaffari and Amir Houmansadr

HFL: Hybrid Fuzzing on the Linux Kernel

Kyungtae Kim, Dae R. Jeong, Chung Hwan Kim, Yeongjin Jang, Insik Shin, Byoungyoung Lee

Hold the Door! Fingerprinting Your Car Key to Prevent Keyless Entry Car Theft

Kyungho Joo, Wonsuk Choi, and Dong Hoon Lee

HotFuzz: Discovering Algorithmic Denial-of-Service Vulnerabilities Through Guided Micro-Fuzzing

William Blair, Andrea Mambretti, Sajjad Arshad, Michael Weissbacher, William Robertson, Engin Kirda, and Manuel Egele

HYPER-CUBE: High-Dimensional Hypervisor Fuzzing

Sergej Schumilo, Cornelius Aschermann, Ali Abbasi, Simon Wörner, and Thorsten Holz

IMP4GT: IMPersonation Attacks in 4G NeTworks

David Rupprecht, Katharina Kohls, Thorsten Holz, and Christina Poepper

Into the Deep Web: Understanding E-commerce Fraud from Autonomous Chat with Cybercriminals

Peng Wang, Xiaojing Liao, Yue Qin, and XiaoFeng Wang

Learning-based Practical Smartphone Eavesdropping with Built-in Accelerometer

Zhongjie Ba, Tianhang Zheng, Xinyu Zhang, Zhan Qin, Baochun Li, Xue Liu, and Kui Ren

Let’s Revoke: Scalable Global Certificate Revocation

Trevor Smith, Luke Dickenson, and Kent Seamons

Locally Differentially Private Frequency Estimation with Consistency

Tianhao Wang, Milan Lopuhaä-Zwakenberg, Zitao Li, Boris Skoric, and Ninghui Li

MACAO: A Maliciously-Secure and Client-Efficient Active ORAM Framework

Thang Hoang, Jorge Guajardo, and Attila Yavuz

MassBrowser: Unblocking the Censored Web for the Masses, by the Masses

Milad Nasr, Hadi Zolfaghari, Amir Houmansadr, and Amirhossein Ghafari

Measuring the Deployment of Network Censorship Filters at Global Scale

Ram Sundara Raman, Adrian Stoll, Jakub Dalek, Reethika Ramesh, Will Scott, and Roya Ensafi

Melting Pot of Origins: Compromising the Intermediary Web Services that Rehost Websites

Takuya Watanabe, Eitaro Shioji, Mitsuaki Akiyama, and Tatsuya Mori

Metal: A Metadata-Hiding File-Sharing System

Weikeng Chen and Raluca Ada Popa

Metamorph: Injecting Inaudible Commands into Over-the-air Voice Controlled Systems

Tao Chen, Longfei Shangguan, Zhenjiang Li, and Kyle Jamieson

Mind the Portability: A Warriors Guide through Realistic Profiled Side-channel Analysis

Shivam Bhasin, Anupam Chattopadhyay, Annelie Heuser, Dirmanto Jap, Stjepan Picek, and Ritu Ranjan Shrivastwa

NoJITsu: Locking Down JavaScript Engines

Taemin Park, Karel Dhondt, David Gens, Yeoul Na, Stijn Volckaert, and Michael Franz

Not All Coverage Measurements Are Equal: Fuzzing by Coverage Accounting for Input Prioritization

Yanhao Wang, Xiangkun Jia, Yuwei Liu, Kyle Zeng, Tiffany Bao, Dinghao Wu, and Purui Su

OcuLock: Exploring Human Visual System for Authentication in Virtual Reality Head-mounted Display

Shiqing Luo, Anh Nguyen, Chen Song, Feng Lin, Wenyao Xu, and Zhisheng Yan

OmegaLog: High-Fidelity Attack Investigation via Transparent Multi-layer Log Analysis

Wajih Ul Hassan, Mohammad A. Noureddine, Pubali Datta, and Adam Bates

On the Resilience of Biometric Authentication Systems against Random Inputs

Benjamin Zi Hao Zhao, Hassan Jameel Asghar and Mohamed Ali Kaafar

On Using Application-Layer Middlebox Protocols for Peeking Behind NAT Gateways

Teemu Rytilahti and Thorsten Holz

Packet-Level Signatures for Smart Home Devices

Rahmadi Trimananda, Janus Varmarken, Athina Markopoulou, and Brian Demsky

PhantomCache: Obfuscating Cache Conflicts with Localized Randomization

Qinhan Tan, Zhihua Zeng, Kai Bu, and Kui Ren

Poseidon: Mitigating Volumetric DDoS Attacks with Programmable Switches

Menghao Zhang, Guanyu Li, Shicheng Wang, Chang Liu, Ang Chen, Hongxin Hu, Guofei Gu, Qi Li, Mingwei Xu, and Jianping Wu

Post-Quantum Authentication in TLS 1.3: A Performance Study

Dimitrios Sikeridis, Panos Kampanakis, and Michael Devetsikiotis

Practical Traffic Analysis Attacks on Secure Messaging Applications

Alireza Bahramali, Amir Houmansadr, Ramin Soltani, Dennis Goeckel, and Don Towsley

Precisely Characterizing Security Impact in a Flood of Patches via Symbolic Rule Comparison

Qiushi Wu, Yang He, Stephen McCamant, and Kangjie Lu

Prevalence and Impact of Low-Entropy Packing Schemes in the Malware Ecosystem

Alessandro Mantovani, Simone Aonzo, Xabier Ugarte-Pedrero, Alessio Merlo, and Davide Balzarotti

Proof of Storage-Time: Efficiently Checking Continuous Data Availability

Giuseppe Ateniese, Long Chen, Mohammard Etemad, and Qiang Tang

ProtectIOn: Root-of-Trust for IO in Compromised Platforms

Aritra Dhar, Enis Ulqinaku, Kari Kostiainen, and Srdjan Capkun

Revisiting Leakage Abuse Attacks

Laura Blackstone, Seny Kamara, and Tarik Moataz

Secure Sublinear Time Differentially Private Median Computation

Jonas Böhler, and Florian Kerschbaum

Snappy: Fast On-chain Payments with Practical Collaterals

Vasilios Mavroudis, Karl Wüst, Aritra Dhar, Kari Kostiainen, and Srdjan Capkun

SODA: A Generic Online Detection Framework for Smart Contracts

Ting Chen, Rong Cao, Ting Li, Xiapu Luo, Guofei Gu, Yufei Zhang, Zhou Liao, Hang Zhu, Gang Chen, Zheyuan He, Yuxing Tang, Xiaodong Lin, and Xiaosong Zhang

SPEECHMINER: A Framework for Investigating and Measuring Speculative Execution Vulnerabilities

Yuan Xiao, Yinqian Zhang, and Radu Teodorescu

Strong Authentication without Temper-Resistant Hardware and Application to Federated Identities

Zhenfeng Zhang, Yuchen Wang, and Kang Yang

SurfingAttack: Interactive Hidden Attack on Voice Assistants Using Ultrasonic Guided Waves

Qiben Yan, Kehai Liu, Qin Zhou, Hanqing Guo, and Ning Zhang

SVLAN: Secure & Scalable Network Virtualization

Jonghoon Kwon, Taeho Lee, Claude Hähni, and Adrian Perrig

SymTCP: Eluding Stateful Deep Packet Inspection with Automated Discrepancy Discovery

Zhongjie Wang, Shitong Zhu, Yue Cao, Zhiyun Qian, Chengyu Song, Srikanth V. Krishnamurthy, Kevin S. Chan and Tracy D. Braun

The Attack of the Clones Against Proof-of-Authority

Parinya Ekparinya, Vincent Gramoli, and Guillaume Jourjon

TKPERM: Cross-platform Permission Knowledge Transfer to Detect Overprivileged Third-party Applications

Faysal Hossain Shezan,Kaiming Cheng, Zhen Zhang, Yinzhi Cao, and Yuan Tian

Towards Plausible Graph Anonymization

Yang Zhang, Mathias Humbert, Bartlomiej Surma, Praveen Manoharan, Jilles Vreeken, and Michael Backes

Trident: Efficient 4PC Framework for Privacy Preserving Machine Learning

Harsh Chaudhari, Rahul Rachuri, and Ajith Suresh

UISCOPE: Accurate, Instrumentation-free, and Visible Attack Investigation for GUI Applications

Runqing Yang, Shiqing Ma, Haitao Xu, Xiangyu Zhang, and Yan Chen

Unicorn: Runtime Provenance-Based Detector for Advanced Persistent Threats

Xueyuan Han, Thomas Pasquier, Adam Bates, James Mickens, and Margo Seltzer

µRAI: Securing Embedded Systems with Return Address Integrity

Naif Saleh Almakhdhub, Abraham A. Clements, Saurabh Bagchi, and Mathias Payer

When Malware is Packin’ Heat; Limits of Machine Learning Classifiers Based on Static Analysis Features

Hojjat Aghakhani, Fabio Gritti, Francesco Mecca, Martina Lindorfer, Stefano Ortolani, Davide Balzarotti, Giovanni Vigna, and Christopher Kruegel

When Match Fields Do Not Need to Match: Buffered Packets Hijacking in SDN

Jiahao Cao, Renjie Xie, Kun Sun, Qi Li, Guofei Gu, and Mingwei Xu

Withdrawing the BGP Re-Routing Curtain: Understanding the Security Impact of BGP Poisoning through Real-World Measurements

Jared M. Smith, Kyle Birkeland, Tyler McDaniel, and Max Schuchard

You Are What You Do: Hunting Stealthy Malware via Data Provenance Analysis

Qi Wang, Wajih Ul Hassan, Ding Li, Kangkook Jee, Xiao Yu, Kexuan Zou, Junghwan Rhee, Zhengzhang Chen, Wei Cheng, Carl A. Gunter, and Haifeng Chen