NDSS 2020 Accepted Papers
The following papers are currently accepted for NDSS 2020. The final version of the program is available at https://www.ndss-symposium.org/ndss-program/2020-program/.
A Practical Approach for Taking Down Avalanche Botnets Under Real-World Constraints
Victor Le Pochat, Tim Van hamme, Sourena Maroofi, Tom Van Goethem, Davy Preuveneers, Andrzej Duda, Wouter Joosen, and Maciej Korczyński
A View from the Cockpit: Exploring Pilot Reactions to Attacks on Avionic Systems
Matthew Smith and Martin Strohmeier (University of Oxford); Jonathan Harman (unaffiliated); Vincent Lenders (armasuisse Science and Technology); Ivan Martinovic (University of Oxford)
ABSynthe: Automatic Blackbox Side-channel Synthesis on Commodity Microarchitectures
Ben Gras, Cristiano Giuffrida, Michael Kurth, Herbert Bos, and Kaveh Razavi
Adversarial Classification Under Differential Privacy
Jairo Giraldo, Alvaro Cardenas, Murat Kantarcioglu, Jonathan Katz
Are You Going to Answer That? Measuring User Responses to Anti-Robocall Application Indicators
Imani N. Sherman, Jasmine D. Bowers, Keith McNamara Jr., Juan E. Gilbert, Jaime Ruiz, and Patrick Traynor
Automated Cross-Platform Reverse Engineering of CAN Bus Commands From Mobile Apps
Haohuang Wen and Qingchuan Zhao; Qi Alfred Chen ; Zhiqiang Lin
Automated Discovery of Cross-Plane Event-Based Vulnerabilities in Software-Defined Networking
Benjamin E. Ujcich, Samuel Jero, Richard Skowyra, and Steven R. Gomez, Adam Bates and William H. Sanders, Hamed Okhravi
BLAG: Improving the Accuracy of Blacklists
Sivaramakrishnan Ramanathan and Jelena Mirkovic, Minlan Yu
BLAZE: Blazing Fast Privacy-Preserving Machine Learning
Arpita Patra and Ajith Suresh
Bobtail: Improved Blockchain Security with Low-Variance Mining
George Bissias and Brian N. Levine
Broken Metre: Attacking Resource Metering in EVM
Daniel Perez, Benjamin Livshits
Carnus: Exploring the Privacy Threats of Browser Extension Fingerprinting
Soroush Karami, Panagiotis Ilia, Konstantinos Solomos, and Jason Polakis
CDN Judo: Breaking the CDN DoS Protection with Itself
Run Guo, Weizhong Li, and Baojun Liu, Shuang Hao, Jia Zhang, Haixin Duan, and Kaiwen Sheng, Jianjun Chen, Ying Liu
CloudLeak: Large-Scale Deep Learning Models Stealing Through Adversarial Examples
Honggang Yu, Kaichen Yang, Teng Zhang, Yun-Yun Tsai, Tsung-Yi Ho, Yier Jin
Complex Security Policy? A Longitudinal Analysis of Deployed Content Security Policies
Sebastian Roth, Timothy Barron, Stefano Calzavara, Nick Nikiforakis, Ben Stock
Compliance Cautions: Investigating Security Issues Associated with U.S. Digital-Security Standards
Rock Stevens, Josiah Dykstra, Wendy Knox Everette, James Chapman, Garrett Bladow, Alexander Farmer, Kevin Halliday and Michelle L. Mazurek
ConTExT: A Generic Approach for Mitigating Spectre
Michael Schwarz, Moritz Lipp, Claudio Canella, Robert Schilling, Florian Kargl and Daniel Gruss
Cross-Origin State Inference (COSI) Attacks: Leaking Web Site States through XS-Leaks
Avinash Sudhodanan, Soheil Khodayari, and Juan Caballero
Custos: Practical Tamper-Evident Auditing of Operating Systems Using Trusted Execution
Riccardo Paccagnella, Pubali Datta, Wajih Ul Hassan, Adam Bates, Christopher W. Fletcher, Andrew Miller, and Dave Tian
Data-Driven Debugging for Functional Side Channels
Saeid Tizpaz-Niari, Pavol Černý, and Ashutosh Trivedi
Decentralized Control: A Case Study of Russia
Reethika Ramesh, Ram Sundara Raman, Matthew Bernhard, Victor Ongkowijaya, Leonid Evdokimov, Anne Edmundson, Steven Sprecher, Muhammad Ikram, and Roya Ensafi
Deceptive Previews: A Study of the Link Preview Trustworthiness in Social Platforms
Giada Stivala and Giancarlo Pellegrino
DeepBinDiff: Learning Program-Wide Code Representations for Binary Diffing
Yue Duan, Xuezixiang Li, Jinghan Wang, and Heng Yin
DefRec: Establishing Physical Function Virtualization to Disrupt Reconnaissance of Power Grids’ Cyber-Physical Infrastructures
Hui Lin, Jianing Zhuang, Yih-Chun Hu, and Huayu Zhou
DESENSITIZATION: Privacy-Aware and Attack-Preserving Crash Report
Ren Ding, Hong Hu, Wen Xu, and Taesoo Kim
Designing a Better Browser for Tor with BLAST
Tao Wang
Detecting Probe-resistant Proxies
Sergey Frolov, Jack Wampler, and Eric Wustrow
DISCO: Sidestepping RPKI’s Deployment Barriers
Tomas Hlavacek, Italo Cunha, Yossi Gilad, Amir Herzberg, Ethan Katz-Bassett, Michael Schapira, and Haya Shulman
Dynamic Searchable Encryption with Small Client Storage
Ioannis Demertzis, Javad Ghareh Chamani, Dimitrios Papadopoulos, and Charalampos Papamanthou
EASI: Edge-Based Sender Identification on Resource-Constrained Platforms for Automotive Networks
Marcel Kneib, Oleg Schell, and Christopher Huth
Encrypted DNS –> Privacy? A Traffic Analysis Perspective
Sandra Siby, Marc Juarez, Claudia Diaz, Narseo Vallina-Rodriguez, and Carmela Troncoso
Et Tu Alexa? When Commodity WiFi Devices Turn into Adversarial Motion Sensors
Yanzi Zhu, Zhujun Xiao, Yuxin Chen, Zhijing Li, Max Liu, Ben Y. Zhao, and Heather Zheng
Finding Safety in Numbers with Secure Allegation Escrows
Venkat Arun, Aniket Kate, Deepak Garg, Peter Druschel, and Bobby Bhattacharjee
FlowPrint: Semi-Supervised Mobile-App Fingerprinting on Encrypted Network Traffic
Thijs van Ede, Riccardo Bortolameotti, Andrea Continella, Jingjing Ren and Daniel J. Dubois, Martina Lindorfer, David Choffnes, Maarten van Steen and Andreas Peter
FUSE: Finding File Upload Bugs via Penetration Testing
Taekjin Lee, Seongil Wi, Suyoung Lee, and Sooel Son
Genotype Extraction and False Relative Attacks: Security Risks to Third-Party Genetic Genealogy Services Beyond Identity Inference
Peter Ney, Luis Ceze, and Tadayoshi Kohno
Heterogeneous Private Information Retrieval
Hamid Mozaffari and Amir Houmansadr
HFL: Hybrid Fuzzing on the Linux Kernel
Kyungtae Kim, Dae R. Jeong, Chung Hwan Kim, Yeongjin Jang, Insik Shin, Byoungyoung Lee
Hold the Door! Fingerprinting Your Car Key to Prevent Keyless Entry Car Theft
Kyungho Joo, Wonsuk Choi, and Dong Hoon Lee
HotFuzz: Discovering Algorithmic Denial-of-Service Vulnerabilities Through Guided Micro-Fuzzing
William Blair, Andrea Mambretti, Sajjad Arshad, Michael Weissbacher, William Robertson, Engin Kirda, and Manuel Egele
HYPER-CUBE: High-Dimensional Hypervisor Fuzzing
Sergej Schumilo, Cornelius Aschermann, Ali Abbasi, Simon Wörner, and Thorsten Holz
IMP4GT: IMPersonation Attacks in 4G NeTworks
David Rupprecht, Katharina Kohls, Thorsten Holz, and Christina Poepper
Into the Deep Web: Understanding E-commerce Fraud from Autonomous Chat with Cybercriminals
Peng Wang, Xiaojing Liao, Yue Qin, and XiaoFeng Wang
Learning-based Practical Smartphone Eavesdropping with Built-in Accelerometer
Zhongjie Ba, Tianhang Zheng, Xinyu Zhang, Zhan Qin, Baochun Li, Xue Liu, and Kui Ren
Let’s Revoke: Scalable Global Certificate Revocation
Trevor Smith, Luke Dickenson, and Kent Seamons
Locally Differentially Private Frequency Estimation with Consistency
Tianhao Wang, Milan Lopuhaä-Zwakenberg, Zitao Li, Boris Skoric, and Ninghui Li
MACAO: A Maliciously-Secure and Client-Efficient Active ORAM Framework
Thang Hoang, Jorge Guajardo, and Attila Yavuz
MassBrowser: Unblocking the Censored Web for the Masses, by the Masses
Milad Nasr, Hadi Zolfaghari, Amir Houmansadr, and Amirhossein Ghafari
Measuring the Deployment of Network Censorship Filters at Global Scale
Ram Sundara Raman, Adrian Stoll, Jakub Dalek, Reethika Ramesh, Will Scott, and Roya Ensafi
Melting Pot of Origins: Compromising the Intermediary Web Services that Rehost Websites
Takuya Watanabe, Eitaro Shioji, Mitsuaki Akiyama, and Tatsuya Mori
Metal: A Metadata-Hiding File-Sharing System
Weikeng Chen and Raluca Ada Popa
Metamorph: Injecting Inaudible Commands into Over-the-air Voice Controlled Systems
Tao Chen, Longfei Shangguan, Zhenjiang Li, and Kyle Jamieson
Mind the Portability: A Warriors Guide through Realistic Profiled Side-channel Analysis
Shivam Bhasin, Anupam Chattopadhyay, Annelie Heuser, Dirmanto Jap, Stjepan Picek, and Ritu Ranjan Shrivastwa
NoJITsu: Locking Down JavaScript Engines
Taemin Park, Karel Dhondt, David Gens, Yeoul Na, Stijn Volckaert, and Michael Franz
Not All Coverage Measurements Are Equal: Fuzzing by Coverage Accounting for Input Prioritization
Yanhao Wang, Xiangkun Jia, Yuwei Liu, Kyle Zeng, Tiffany Bao, Dinghao Wu, and Purui Su
OcuLock: Exploring Human Visual System for Authentication in Virtual Reality Head-mounted Display
Shiqing Luo, Anh Nguyen, Chen Song, Feng Lin, Wenyao Xu, and Zhisheng Yan
OmegaLog: High-Fidelity Attack Investigation via Transparent Multi-layer Log Analysis
Wajih Ul Hassan, Mohammad A. Noureddine, Pubali Datta, and Adam Bates
On the Resilience of Biometric Authentication Systems against Random Inputs
Benjamin Zi Hao Zhao, Hassan Jameel Asghar and Mohamed Ali Kaafar
On Using Application-Layer Middlebox Protocols for Peeking Behind NAT Gateways
Teemu Rytilahti and Thorsten Holz
Packet-Level Signatures for Smart Home Devices
Rahmadi Trimananda, Janus Varmarken, Athina Markopoulou, and Brian Demsky
PhantomCache: Obfuscating Cache Conflicts with Localized Randomization
Qinhan Tan, Zhihua Zeng, Kai Bu, and Kui Ren
Poseidon: Mitigating Volumetric DDoS Attacks with Programmable Switches
Menghao Zhang, Guanyu Li, Shicheng Wang, Chang Liu, Ang Chen, Hongxin Hu, Guofei Gu, Qi Li, Mingwei Xu, and Jianping Wu
Post-Quantum Authentication in TLS 1.3: A Performance Study
Dimitrios Sikeridis, Panos Kampanakis, and Michael Devetsikiotis
Practical Traffic Analysis Attacks on Secure Messaging Applications
Alireza Bahramali, Amir Houmansadr, Ramin Soltani, Dennis Goeckel, and Don Towsley
Precisely Characterizing Security Impact in a Flood of Patches via Symbolic Rule Comparison
Qiushi Wu, Yang He, Stephen McCamant, and Kangjie Lu
Prevalence and Impact of Low-Entropy Packing Schemes in the Malware Ecosystem
Alessandro Mantovani, Simone Aonzo, Xabier Ugarte-Pedrero, Alessio Merlo, and Davide Balzarotti
Proof of Storage-Time: Efficiently Checking Continuous Data Availability
Giuseppe Ateniese, Long Chen, Mohammard Etemad, and Qiang Tang
ProtectIOn: Root-of-Trust for IO in Compromised Platforms
Aritra Dhar, Enis Ulqinaku, Kari Kostiainen, and Srdjan Capkun
Revisiting Leakage Abuse Attacks
Laura Blackstone, Seny Kamara, and Tarik Moataz
Secure Sublinear Time Differentially Private Median Computation
Jonas Böhler, and Florian Kerschbaum
Snappy: Fast On-chain Payments with Practical Collaterals
Vasilios Mavroudis, Karl Wüst, Aritra Dhar, Kari Kostiainen, and Srdjan Capkun
SODA: A Generic Online Detection Framework for Smart Contracts
Ting Chen, Rong Cao, Ting Li, Xiapu Luo, Guofei Gu, Yufei Zhang, Zhou Liao, Hang Zhu, Gang Chen, Zheyuan He, Yuxing Tang, Xiaodong Lin, and Xiaosong Zhang
SPEECHMINER: A Framework for Investigating and Measuring Speculative Execution Vulnerabilities
Yuan Xiao, Yinqian Zhang, and Radu Teodorescu
Strong Authentication without Temper-Resistant Hardware and Application to Federated Identities
Zhenfeng Zhang, Yuchen Wang, and Kang Yang
SurfingAttack: Interactive Hidden Attack on Voice Assistants Using Ultrasonic Guided Waves
Qiben Yan, Kehai Liu, Qin Zhou, Hanqing Guo, and Ning Zhang
SVLAN: Secure & Scalable Network Virtualization
Jonghoon Kwon, Taeho Lee, Claude Hähni, and Adrian Perrig
SymTCP: Eluding Stateful Deep Packet Inspection with Automated Discrepancy Discovery
Zhongjie Wang, Shitong Zhu, Yue Cao, Zhiyun Qian, Chengyu Song, Srikanth V. Krishnamurthy, Kevin S. Chan and Tracy D. Braun
The Attack of the Clones Against Proof-of-Authority
Parinya Ekparinya, Vincent Gramoli, and Guillaume Jourjon
TKPERM: Cross-platform Permission Knowledge Transfer to Detect Overprivileged Third-party Applications
Faysal Hossain Shezan,Kaiming Cheng, Zhen Zhang, Yinzhi Cao, and Yuan Tian
Towards Plausible Graph Anonymization
Yang Zhang, Mathias Humbert, Bartlomiej Surma, Praveen Manoharan, Jilles Vreeken, and Michael Backes
Trident: Efficient 4PC Framework for Privacy Preserving Machine Learning
Harsh Chaudhari, Rahul Rachuri, and Ajith Suresh
UISCOPE: Accurate, Instrumentation-free, and Visible Attack Investigation for GUI Applications
Runqing Yang, Shiqing Ma, Haitao Xu, Xiangyu Zhang, and Yan Chen
Unicorn: Runtime Provenance-Based Detector for Advanced Persistent Threats
Xueyuan Han, Thomas Pasquier, Adam Bates, James Mickens, and Margo Seltzer
µRAI: Securing Embedded Systems with Return Address Integrity
Naif Saleh Almakhdhub, Abraham A. Clements, Saurabh Bagchi, and Mathias Payer
When Malware is Packin’ Heat; Limits of Machine Learning Classifiers Based on Static Analysis Features
Hojjat Aghakhani, Fabio Gritti, Francesco Mecca, Martina Lindorfer, Stefano Ortolani, Davide Balzarotti, Giovanni Vigna, and Christopher Kruegel
When Match Fields Do Not Need to Match: Buffered Packets Hijacking in SDN
Jiahao Cao, Renjie Xie, Kun Sun, Qi Li, Guofei Gu, and Mingwei Xu
Withdrawing the BGP Re-Routing Curtain: Understanding the Security Impact of BGP Poisoning through Real-World Measurements
Jared M. Smith, Kyle Birkeland, Tyler McDaniel, and Max Schuchard
You Are What You Do: Hunting Stealthy Malware via Data Provenance Analysis
Qi Wang, Wajih Ul Hassan, Ding Li, Kangkook Jee, Xiao Yu, Kexuan Zou, Junghwan Rhee, Zhengzhang Chen, Wei Cheng, Carl A. Gunter, and Haifeng Chen