Search Icon
2023 Program

NDSS 2021 Accepted Papers

The following papers are currently accepted for NDSS 2021:

Summer Cycle

All the Numbers are US: Large-scale Abuse of Contact Discovery in Mobile Messengers
Christoph Hagen (University of Würzburg); Christian Weinert (TU Darmstadt); Christoph Sendner and Alexandra Dmitrienko (University of Würzburg); Thomas Schneider (TU Darmstadt)

As Strong As Its Weakest Link: How to Break Blockchain DApps at RPC Service
Kai Li, Jiaqi Chen, Xianghong Liu, and Yuzhe Tang (Syracuse University); XiaoFeng Wang (Indiana University Bloomington); Xiapu Luo (The Hong Kong Polytechnic University)

Awakening the Web’s Sleeper Agents: Misusing Service Workers for Privacy Leakage
Soroush Karami, Panagiotis Ilia, and Jason Polakis (University of Illinois at Chicago)

Bringing Balance to the Force: Dynamic Analysis of the Android Application Framework
Abdallah Dawoud and Sven Bugiel (CISPA Helmholtz Center for Information Security)

C$^2$SR: Cybercrime Scene Reconstruction for Post-mortem Forensic Analysis
Yonghwi Kwon (University of Virginia); Weihang Wang (University at Buffalo, SUNY); Jinho Jung (Georgia Institute of Technology); Kyu Hyung Lee (University of Georgia); Roberto Perdisci (University of Georgia and Georgia Tech)

Deceptive Deletions for Protecting Withdrawn Posts on Social Media Platforms
Mohsen Minaei (Visa Research); S Chandra Mouli (Purdue University); Mainack Mondal (IIT Kharagpur); Bruno Ribeiro and Aniket Kate (Purdue University)

DOVE: A Data-Oblivious Virtual Environment
Hyun Bin Lee (University of Illinois at Urbana-Champaign); Tushar Jois (Johns Hopkins University); Christopher Fletcher and Carl A. Gunter (University of Illinois at Urbana-Champaign)

Evading Voltage-Based Intrusion Detection on Automotive CAN
Rohit Bhatia (Purdue University); Vireshwar Kumar (Indian Institute of Technology Delhi); Khaled Serag and Z. Berkay Celik (Purdue University); Mathias Payer (EPFL); Dongyan Xu (Purdue University)

Forward and Backward Private Conjunctive Searchable Symmetric Encryption
Sikhar Patranabis (ETH Zurich); Debdeep Mukhopadhyay (IIT Kharagpur)

From WHOIS to WHOWAS: A Large-Scale Measurement Study of Domain Registration Privacy under the GDPR
Chaoyi Lu (Tsinghua University; Beijing National Research Center for Information Science and Technology); Baojun Liu (Tsinghua University; Beijing National Research Center for Information Science and Technology; Qi An Xin Group); Yiming Zhang (Tsinghua University; Beijing National Research Center for Information Science and Technology); Zhou Li (University of California, Irvine); Fenglu Zhang (Tsinghua University); Haixin Duan (Tsinghua University; Qi An Xin Group); Ying Liu (Tsinghua University); Joann Qiongna Chen (University of California, Irvine); Jinjin Liang and Zaifeng Zhang (360 Netlab); Shuang Hao (University of Texas at Dallas); Min Yang (Fudan University)

Hey Alexa, is this Skill Safe?: Taking a Closer Look at the Alexa Skill Ecosystem
Christopher Lentzsch (Ruhr-Universität Bochum); Sheel Jayesh Shah (North Carolina State University); Benjamin Andow (Google); Martin Degeling (Ruhr-Universität Bochum); Anupam Das and William Enck (North Carolina State University)

Let’s Stride Blindfolded in a Forest: Sublinear Multi-Client Decision Trees Evaluation
Jack P. K. Ma and Raymond K. H. Tai (The Chinese University of Hong Kong); Yongjun Zhao (Nanyang Technological University); Sherman S.M. Chow (The Chinese University of Hong Kong)

More than a Fair Share: Network Data Remanence Attacks against Secret Sharing-based Schemes
Leila Rashidi (University of Calgary); Daniel Kostecki (Northeastern University); Alexander James (University of Calgary); Anthony Peterson (Northeastern University); Majid Ghaderi (University of Calgary); Samuel Jero (MIT Lincoln Laboratory); Cristina Nita-Rotaru (Northeastern University); Hamed Okhravi (MIT Lincoln Laboratory); Reihaneh Safavi-Naini (University of Calgary)

Obfuscated Access and Search Patterns in Searchable Encryption
Zhiwei Shang and Simon Oya (University of Waterloo); Andreas Peter (University of Twente); Florian Kerschbaum (University of Waterloo)

Peerlock: Flexsealing BGP
Tyler McDaniel, Jared M. Smith, and Max Schuchard (University of Tennessee, Knoxville)

POP and PUSH: Demystifying and Defending against (Mach) Port-oriented Programming
Min Zheng and Xiaolong Bai (Orion Security Lab, Alibaba Group); Yajin Zhou (Zhejiang University); Chao Zhang (Institute for Network Science and Cyberspace of Tsinghua University); Fuping Qu (Orion Security Lab, Alibaba Group)

Processing Dangerous Paths – On Security and Privacy of the Portable Document Format
Jens Müller, Dominik Noss, Christian Mainka, Vladislav Mladenov, and Jörg Schwenk (Ruhr University Bochum)

Reining in the Web’s Inconsistencies with Site Policy
Stefano Calzavara (Università Ca’ Foscari Venezia); Tobias Urban (Institute for Internet Security, Westphalian University of Applied Sciences and Ruhr University Bochum); Dennis Tatang (Ruhr University Bochum); Marius Steffens and Ben Stock (CISPA Helmholtz Center for Information Security)

Rosita: Towards Automatic Elimination of Power-Analysis Leakage in Ciphers
Madura A. Shelton (University of Adelaide); Niels Samwel and Lejla Batina (Radboud University); Francesco Regazzoni (University of Amsterdam and ALaRI – USI); Markus Wagner (University of Adelaide); Yuval Yarom (University of Adelaide and Data61)

Screen Gleaning: A Screen Reading TEMPEST Attack on Mobile Devices Exploiting an Electromagnetic Side Channel
Zhuoran Liu (Radboud university); Niels Samwel, Léo Weissbart, Zhengyu Zhao, Dirk Lauret, Lejla Batina, and Martha Larson (Radboud University)

The Abuser Inside Apps: Finding the Culprit Committing Mobile Ad Fraud
Joongyum Kim, Jung-hwan Park, and Sooel Son (KAIST)

Towards Measuring Supply Chain Attacks on Package Managers for Interpreted Languages
Ruian Duan, Omar Alrawi, Ranjita Pai Kasturi, Ryan Elder, Brendan Saltaformaggio, and Wenke Lee (Georgia Institute of Technology)

XDA: Accurate, Robust Disassembly with Transfer Learning
Kexin Pei (Columbia University); Jonas Guan (University of Toronto); David Williams-King, Junfeng Yang, and Suman Jana (Columbia University)

Zoom on the Keystrokes: Exploiting Video Calls for Keystroke Inference Attacks
Mohd Sabra (University of Texas at San Antonio); Anindya Maiti (University of Oklahoma); Murtuza Jadliwala (University of Texas at San Antonio)

Fall Cycle

A Devil of a Time: How Vulnerable is NTP to Malicious Timeservers?
Yarin Perry, Neta Rozen-Schiff, and Michael Schapira (Hebrew University of Jerusalem)

A Formal Analysis of the FIDO UAF Protocol
Haonan Feng, Hui Li, and Xuesong Pan (Beijing University of Posts and Telecommunications, Beijing, China); Ziming Zhao (University at Buffalo)

ALchemist: Fusing Application and Audit Logs for Precise Attack Provenance without Instrumentation
Le Yu (Purdue University); Shiqing Ma (Rutgers University); Zhuo Zhang, Guanhong Tao, Xiangyu Zhang, and Dongyan Xu (Purdue University); Vincent E. Urias and Han Wei Lin (Sandia National Laboratories); Gabriela Ciocarlie (SRI); Vinod Yegneswaran (SRI International); Ashish Gehani (SRI)

BaseSpec: Comparative Analysis of Baseband Software and Cellular Specifications for L3 Protocols
Eunsoo Kim, Dongkwan Kim, CheolJun Park, Insu Yun, and Yongdae Kim (KAIST)

Bitcontracts: Supporting Smart Contracts in Legacy Blockchains
Karl Wüst, Loris Diana, and Kari Kostiainen (ETH Zurich); Ghassan Karame (NEC Laboratories Europe GmbH); Sinisa Matetic and Srdjan Capkun (ETH Zurich)

CHANCEL: Efficient Multi-client Isolation Under Adversarial Programs
Adil Ahmad (Purdue University); Juhee Kim (Seoul National University); Jaebaek Seo (Google); Insik Shin (KAIST); Pedro Fonseca (Purdue University); Byoungyoung Lee (Seoul National University)

CV-Inspector: Towards Automating Detection of Adblock Circumvention
Hieu Le (University of California, Irvine); Athina Markopoulou (University of California, Irvine); Zubair Shafiq (University of California, Davis)

Data Poisoning Attacks to Deep Learning Based Recommender Systems
Hai Huang and Jiaming Mu (Tsinghua University); Neil Zhenqiang Gong (Duke University); Qi Li (Tsinghua University); Bin Liu (IBM); Mingwei Xu (Tsinghua University)

Detecting Kernel Memory Leaks in Specialized Modules with Ownership Reasoning
Navid Emamdoost, Qiushi Wu, Kangjie Lu, and Stephen McCamant (University of Minnesota)

Differential Training: A Generic Framework to Reduce Label Noises for Android Malware Detection
Jiayun Xu (School of Information Systems, Singapore Management University, Singapore); Yingjiu Li (University of Oregon); Robert H. Deng (School of Information Systems, Singapore Management University, Singapore)

Does Every Second Count? Time-based Evolution of Malware Behavior in Sandboxes
Alexander Küchler (Fraunhofer AISEC); Alessandro Mantovani (EURECOM); Yufei Han and Leyla Bilge (NortonLifeLock Research Group); Davide Balzarotti (EURECOM)

EarArray: Defending against DolphinAttack via Acoustic Attenuation
Guoming Zhang, Xiaoyu Ji, and Xinfeng Li (Zhejiang University); Gang Qu (University of Maryland); Wenyuan Xu (Zhejing University)

Emilia: Catching Iago in Legacy Code
Rongzhen Cui (University of Toronto); Lianying Zhao (Carleton University); David Lie (University of Toronto)

FARE: Enabling Fine-grained Attack Categorization under Low-quality Labeled Data
Junjie Liang and Wenbo Guo (The Pennsylvania State University); Tongbo Luo (JD.com); Vasant Honavar (Pennsylvania State University); Gang Wang (University of Illinois at Urbana-Champaign); Xinyu Xing (Pennsylvania State University)

Favocado: Fuzzing Binding Code of JavaScript Engines Using Semantically Correct Test Cases
Sung Ta Dinh and Haehyun Cho (Arizona State University); Kyle Martin (North Carolina State University); Adam Oest (PayPal, Inc.); Yihui Zeng (Arizona State University); Alexandros Kapravelos (North Carolina State University); Tiffany Bao, Ruoyu “Fish” Wang, Yan Shoshitaishvili, and Adam Doupe (Arizona State University); Gail-Joon Ahn (Arizona State University and Samsung Research)

FlowLens: Enabling Efficient Flow Classification for ML-based Network Security Applications
Diogo Barradas, Nuno Santos, and Luis Rodrigues (INESC-ID, Instituto Superior Técnico, Universidade de Lisboa); Salvatore Signorello (Faculdade de Ciências, Universidade de Lisboa); Fernando Ramos and André Madeira (INESC-ID, Instituto Superior Técnico, Universidade de Lisboa)

FLTrust: Byzantine-robust Federated Learning via Trust Bootstrapping
Xiaoyu Cao (Duke University); Minghong Fang and Jia Liu (The Ohio State University); Neil Zhenqiang Gong (Duke University)

From Library Portability to Para-rehosting: Natively Executing Open-source Microcontroller OSs on Commodity Hardware
Wenqiang Li (Institute of Information Engineering, Chinese Academy of Sciences and University of Kansas); Le Guan (University of Georgia); Jingqiang Lin (University of Science and Technology of China); Jiameng Shi (University of Georgia); Fengjun Li (University of Kansas)

GALA: Greedy ComputAtion for Linear Algebra in Privacy-Preserved Neural Networks
Qiao Zhang (Old Dominion University); Chunsheng Xin and Hongyi Wu (Old Dominion University, Norfolk, VA 23529, USA)

HERA: Hotpatching of Embedded Real-time Applications
Christian Niesler, Sebastian Surminski, and Lucas Davi (University of Duisburg-Essen)

Hunting the Haunter — Efficient Relational Symbolic Execution for Spectre with HauntedRelSE
Lesly-Ann Daniel and Sébastien Bardin (CEA, List, France); Tamara Rezk (Inria, France)

Improving Signal’s Sealed Sender
Ian Martiny (University of Colorado); Gabriel Kaptchuk (Boston University); Adam Aviv (The George Washington University); Dan Roche (U.S. Naval Avademy); Eric Wustrow (University of Colorado Boulder)

IoTSafe: Enforcing Safety and Security Policy with Real IoT Physical Interaction Discovery
Wenbo Ding (Clemson University); Hongxin Hu (University at Buffalo); Long Cheng (Clemson University)

KUBO: Precise and Scalable Detection of User-triggerable Undefined Behavior Bugs in OS Kernel
Changming Liu (Northeastern University); Yaohui Chen (Facebook, Inc.); Long Lu (Northeastern University)

Manipulating the Byzantine: Optimizing Model Poisoning Attacks and Defenses for Federated Learning
Virat Shejwalkar and Amir Houmansadr (UMass Amherst)

MINOS: A Lightweight Real-Time Cryptojacking Detection System
Faraz Naseem, Ahmet Aris, Leonardo Babun, Selcuk Uluagac, and Ege Tekiner (Florida International University)

Mondrian: Comprehensive Inter-domain Network Zoning Architecture
Jonghoon Kwon and Hähni Claude (ETH Zürich); Patrick Bamert (Zürcher Kantonalbank); Adrian Perrig (ETH Zürich)

NetPlier: Probabilistic Network Protocol Reverse Engineering from Message Traces
Yapeng Ye, Zhuo Zhang, Fei Wang, Xiangyu Zhang, and Dongyan Xu (Purdue University)

OblivSketch: Oblivious Network Measurement as a Cloud Service
Shangqi Lai, Xingliang YUAN, and Joseph Liu (Monash University); Xun Yi (RMIT University); Qi Li (Tsinghua University); Dongxi Liu (Data61, CSIRO); Nepal Surya (Data61 CSIRO Australia)

On the Insecurity of SMS One-Time Password Messages against Local Attackers in Modern Mobile Devices
Zeyu Lei and Yuhong Nan (Purdue University); Yanick Fratantonio (EURECOM); Antonio Bianchi (Purdue University)

PFirewall: Semantics-Aware Customizable Data Flow Control for Home Automation Systems
Haotian Chi (Temple University); Qiang Zeng (University of South Carolina); Xiaojiang Du (Temple University); Lannan Luo (University of South Carolina)

PGFUZZ: Policy-Guided Fuzzing for Robotic Vehicles
Hyungsub Kim, Muslum Ozgur Ozmen, Antonio Bianchi, Z. Berkay Celik, and Dongyan Xu (Purdue University)

PHOENIX: Device-Centric Cellular Network Protocol Monitoring using Runtime Verification
Mitziu Echeverria, Zeeshan Ahmed, Bincheng Wang, and M. Fareed Arif (The University of Iowa); Syed Rafiul Hussain (Pennsylvania State University); Omar Chowdhury (The University of Iowa)

POSEIDON: Privacy-Preserving Federated Neural Network Learning
Sinem Sav, Apostolos Pyrgelis, Juan Ramón Troncoso-Pastoriza, David Froelicher, Jean-Philippe Bossuat, Joao André Gomes de Sá E Sousa, and Jean-Pierre Hubaux (EPFL)

Practical Blind Membership Inference Attack via Differential Comparisons
Bo Hui, Yuchen Yang, and Haolin Yuan (Johns Hopkins University); Philippe Burlina (The Johns Hopkins University Applied Physics Laboratory); Neil Zhenqiang Gong (Duke University); Yinzhi Cao (Johns Hopkins University)

Practical Non-Interactive Searchable Encryption with Forward and Backward Privacy
Shi-Feng Sun, Ron Steinfeld, and Shangqi Lai (Monash University, Australia); Xingliang YUAN (Monash University); Amin Sakzad and Joseph Liu (Monash University, Australia); ‪Surya Nepal‬ (Data61 CSIRO, Australia); Dawu Gu (Shanghai Jiao Tong University, China)

Preventing and Detecting State Inference Attacks on Android
Andrea Possemato (EURECOM / IDEMIA); Dario Nisi and Yanick Fratantonio (EURECOM)

PrivacyFlash Pro: Automating Privacy Policy Generation for Mobile Apps
Sebastian Zimmeck, Rafael Goldstein, and David Baraka (Wesleyan University)

ProPoS: A Probabilistic Proof-of-Stake Protocol
Daniel Reijsbergen, Pawel Szalachowski, Junming Ke, Zengpeng Li, and Jianying Zhou (Singapore University of Technology and Design)

QPEP: An Actionable Approach to Secure and Performant Broadband From Geostationary Orbit
James Pavur (Oxford University); Martin Strohmeier and Vincent Lenders (armasuisse); Ivan Martinovic (Oxford University)

RandRunner: Distributed Randomness from Trapdoor VDFs with Strong Uniqueness
Philipp Schindler, Aljosha Judmayer, and Markus Hittmeir (SBA Research); Nicholas Stifter (SBA Research, TU Wien); Edgar Weippl (Universität Wien)

Refining Indirect Call Targets at the Binary Level
Sun Hyoung Kim (Penn State); Cong Sun (Xidian University); Dongrui Zeng and Gang Tan (Penn State)

Reinforcement Learning-based Hierarchical Seed Scheduling for Greybox Fuzzing
Jinghan Wang, Chengyu Song, and Heng Yin (University of California, Riverside)

ROV++: Improved Deployable Defense against BGP Hijacking
Reynaldo Morillo, Justin Furuness, Cameron Morris, James Breslin, Amir Herzberg, and Bing Wang (University of Connecticut)

SerialDetector: Principled and Practical Exploration of Object Injection Vulnerabilities for the Web
Mikhail Shcherbakov and Musard Balliu (KTH Royal Institute of Technology)

Shadow Attacks: Hiding and Replacing Content in Signed PDFs
Christian Mainka, Vladislav Mladenov, and Simon Rohlmann

SpecTaint: Speculative Taint Analysis for Discovering Spectre Gadgets
Zhenxiao Qi (UC Riverside); Qian Feng (Baidu USA); Yueqiang Cheng (Baidu Security); Mengjia Yan (UIUC); Peng Li (Baidu X-Lab); Heng Yin (UC Riverside); Tao Wei (Baidu X-Lab)

SquirRL: Automating Attack Analysis on Blockchain Incentive Mechanisms with Deep Reinforcement Learning
Charlie Hou (CMU, IC3); Mingxun Zhou (Peking University); Yan Ji and Phil Daian (Cornell Tech, IC3); Florian Tramèr (Stanford University); Giulia Fanti (CMU, IC3); Ari Juels (Cornell Tech, IC3)

SymQEMU: Compilation-based symbolic execution for binaries
Sebastian Poeplau (EURECOM and Code Intelligence); Aurélien Francillon (EURECOM)

Tales of Favicons and Caches: Persistent Tracking in Modern Browsers
Konstantinos Solomos, John Kristoff, Chris Kanich, and Jason Polakis (University of Illinois at Chicago)

TASE: Reducing Latency of Symbolic Execution with Transactional Memory
Adam Humphries (University of North Carolina); Kartik Cating-Subramanian (University of Colorado); Michael K. Reiter (Duke University)

The Bluetooth CYBORG: Analysis of the Full Human-Machine Passkey Entry AKE Protocol
Michael Troncoso and Britta Hale (Naval Postgraduate School)

To Err.Is Human: Characterizing the Threat of Unintended URLs in Social Media
Beliz Kaleli (Boston University); Brian Kondracki (Stony Brook University); Manuel Egele (Boston University); Nick Nikiforakis (Stony Brook University); Gianluca Stringhini (Boston University)

Towards Understanding and Detecting Cyberbullying in Real-world Images
Nishant Vishwamitra and Hongxin Hu (University at Buffalo); Feng Luo and Long Cheng (Clemson University)

Trust the Crowd: Wireless Witnessing to Detect Attacks on ADS-B-Based Air-Traffic Surveillance
Kai Jansen (Ruhr University Bochum); Liang Niu and Nian Xue (New York University Abu Dhabi); Ivan Martinovic (University of Oxford); Christina Pöpper (New York University Abu Dhabi)

Understanding and Detecting International Revenue Share Fraud
Merve Sahin (SAP Security Research); Aurélien Francillon (EURECOM)

Understanding the Growth and Security Considerations of ECS
Athanasios Kountouras, Panagiotis Kintis, Athanasios Avgetidis, Thomas Papastergiou, and Charles Lever (Georgia Institute of Technology); Michalis Polychronakis (Stony Brook University); Manos Antonakakis (Georgia Institute of Technology)

Understanding Worldwide Private Information Collection on Android
Yun Shen and Pierre-Antoine Vervier (NortonLifeLock Research Group); Gianluca Stringhini (Boston University)

WATSON: Abstracting Behaviors from Audit Logs via Aggregation of Contextual Semantics
Jun Zeng (National University of Singapore); Zheng Leong Chua (Independent Researcher); Kaihang Ji and Zhenkai Liang (National University of Singapore); Jian Mao (Beihang University)

Who’s Hosting the Block Party? Studying Third-Party Blockage of CSP and SRI
Marius Steffens (CISPA Helmholtz Center for Information Security); Marius Musch and Martin Johns (TU Braunschweig); Ben Stock (CISPA Helmholtz Center for Information Security)

WINNIE : Fuzzing Windows Applications with Harness Synthesis and Fast Cloning
Jinho Jung and Stephen Tong (Georgia Institute of Technology); Hong Hu (Pennsylvania State University); Jungwon Lim, Yonghwi Jin, and Taesoo Kim (Georgia Institute of Technology)

Your Phone is My Proxy: Detecting and Understanding Mobile Proxy Networks
Xianghang Mi (University at Buffalo); Siyuan Tang, Zhengyi Li, and Xiaojing Liao (Indiana University Bloomington); Feng Qian (University of Minnesota – Twin Cities); XiaoFeng Wang (Indiana University Bloomington)

Доверя́й, но проверя́й: SFI safety for native-compiled Wasm
Evan Johnson, David Thien, and Yousef Alhessi (University of California San Diego); Shravan Narayan (University Of California San Diego); Fraser Brown (Stanford University); Sorin Lerner (University of California San Diego); Tyler McMullen (Fastly Labs); Stefan Savage and Deian Stefan (University of California San Diego)