NDSS

Programme Outline

Sunday, 18 February 2018

Time Session Location

8:00am – 7:00pm

Registration

Kon Tiki Foyer

8:30am – 5:30pm

Workshop on Binary Analysis Research

Rousseau

8:30am – 5:30pm

Workshop on Decentralized IoT Security and Standards

Toucan

8:30am – 5:30pm

Workshop on DNS Privacy

Cockatoo

8:30am – 5:30pm

Workshop on Usable Security

Macaw

10:00am – 10:30am

Morning Workshop Break

Kon Tiki Foyer

12:30pm – 1:30pm

Workshop Lunch

Kon Tiki Foyer

3:00pm – 3:30pm

Afternoon Workshop Break

Kon Tiki Foyer

6:00pm – 7:30pm

Workshop and Symposium Welcome Reception

Kon Tiki Foyer

Monday, 19 February 2018

Time Session Location

7:30am – 9:00am

Continental Breakfast

Kon Tiki Foyer

9:00am – 9:20am

Welcome and Opening Remarks

Kon Tiki Ballroom

9:20am – 10:30am

Keynote: Ari Juels – Beyond Smarts: Toward Correct, Private, Data-Rich Smart Contracts

Kon Tiki Ballroom

10:30am – 11:00am

Morning Break

Kon Tiki Foyer

11:00am – 12:20pm

Session 1A: IoT

Kon Tiki Ballroom

11:00am – 12:20pm

Session 1B: Attacks and Vulnerabilities

Aviary Ballroom

12:20pm – 2:00pm

Lunch

Beach

2:00pm – 3:20pm

Session 2A: Network Security/Cellular Networks

Kon Tiki Ballroom

2:00pm – 3:20pm

Session 2B: Crypto

Aviary Ballroom

3:20pm – 3:50pm

Afternoon Break

Kon Tiki Foyer

3:50pm – 5:30pm

Session 3A: Deep Learning and Adversarial ML

Kon Tiki Ballroom

3:50pm – 5:30pm

Session 3B: Authentication

Aviary Ballroom

6:00pm – 7:00pm

Student Travel Grant Meet and Greet

Kon Tiki Foyer

7:00pm – 9:00pm

Poster Session and Reception

Boardroom

Tuesday, 20 February 2018

Time Session Location

7:30am – 9:00am

Continental Breakfast

Kon Tiki Foyer

9:00am – 10:20am

Session 4A: Measurements

Kon Tiki Ballroom

9:00am – 10:20am

Session 4B: Software Attacks and Secure Architectures

Aviary Ballroom

10:20am – 10:45am

Morning Break

Kon Tiki Foyer

10:45am – 12:25pm

Session 5A: Software Security

Kon Tiki Ballroom

10:45am – 12:25pm

Session 5B: Privacy in Mobile

Aviary Ballroom

12:25pm – 2:00pm

Lunch

Beach

2:00pm – 3:20pm

Session 6A: Cloud

Kon Tiki Ballroom

2:00pm – 3:20pm

Session 6B: Privacy and De-Anonymization

Aviary Ballroom

3:20pm – 3:50pm

Afternoon Break

Kon Tiki Foyer

3:50pm – 5:10pm

Session 7A: Web Security

Kon Tiki Ballroom

3:50pm – 5:10pm

Session 7B: Audit Logs

Aviary Ballroom

5:15pm – 6:30pm

Social Hour

Kon Tiki Foyer

Wednesday, 21 February 2018

Time Session Location

7:30am – 9:00am

Continental Breakfast

Kon Tiki Foyer

9:00am – 9:15am

Closing Remarks

Kon Tiki Ballroom

9:15am – 10:15am

Closing Keynote: Parisa Tabriz – The Long Winding Road from Idea to Impact in Web Security

Kon Tiki Ballroom

10:15am – 10:45am

Morning Break

Kon Tiki Foyer

10:45am – 12:05pm

Session 8: Android

Kon Tiki Ballroom

12:05pm – 2:00pm

NDSS 25th Anniversary Awards Lunch

Aviary Ballroom

2:00pm – 3:20pm

Session 9: Blockchain and Smart Contracts

Kon Tiki Ballroom

3:20pm – 3:50pm

Afternoon Break

Kon Tiki Foyer

3:50pm – 5:10pm

Session 10: Social Networks and Anonymity

Kon Tiki Ballroom

4:50pm – 5:00pm

Closing Remarks

Kon Tiki Ballroom

Session Session Chair Location

Session 1A: IoT

IoTFuzzer: Discovering Memory Corruptions in IoT Through App-based Fuzzing.
Jiongyi Chen (The Chinese University of Hong Kong), Wenrui Diao (Jinan University), Qingchuan Zhao (University of Texas at Dallas), Chaoshun Zuo (University of Texas at Dallas), Zhiqiang Lin (University of Texas at Dallas), XiaoFeng Wang (Indiana University Bloomington), Wing Cheong Lau (The Chinese University of Hong Kong), Menghan Sun (The Chinese University of Hong Kong), Ronghai Yang (The Chinese University of Hong Kong), and Kehuan Zhang (The Chinese University of Hong Kong).

Fear and Logging in the Internet of Things.
Qi Wang (University of Illinois at Urbana-Champaign), Wajih Ul Hassan (University of Illinois at Urbana-Champaign), Adam Bates (University of Illinois at Urbana-Champaign), and Carl Gunter (University of Illinois at Urbana-Champaign).

Decentralized Action Integrity for Trigger-Action IoT Platforms.
Earlence Fernandes (University of Washington), Amir Rahmati (Samsung Research America and Stony Brook University), Jaeyeon Jung (Samsung), and Atul Prakash (University of Michigan).

What You Corrupt Is Not What You Crash: Challenges in Fuzzing Embedded Devices.
Marius Muench (EURECOM), Jan Stijohann (Siemens AG and Ulm University), Frank Kargl (Ulm University), Aurelien Francillon (EURECOM), and Davide Balzarotti (EURECOM).

Brendan Dolan-Gavitt

Kon Tiki Ballroom

Session 1B: Attacks and Vulnerabilities

Didn’t You Hear Me? – Towards More Successful Web Vulnerability Notifications.
Ben Stock (CISPA, Saarland University), Giancarlo Pellegrino (CISPA, Saarland University and Stanford University), Frank Li (UC Berkeley), Michael Backes (CISPA, Saarland University), and Christian Rossow (CISPA, Saarland University).

Exposing Congestion Attack on Emerging Connected Vehicle based Traffic Signal Control.
Qi Alfred Chen (University of Michigan), Yucheng Yin (University of Michigan), Yiheng Feng (University of Michigan), Z. Morley Mao (University of Michigan), and Henry X. Liu (University of Michigan).

Removing Secrets from Android’s TLS.
Jaeho Lee (Rice University) and Dan S. Wallach (Rice University).

rtCaptcha: A Real-Time CAPTCHA Based Liveness Detection System.
Erkam Uzun (Georgia Institute of Technology), Simon Pak Ho Chung (Georgia Institute of Technology), Irfan Essa (Georgia Institute of Technology), and Wenke Lee (Georgia Institute of Technology).

XiaoFeng Wang

Aviary Ballroom

Session 2A: Network Security/Cellular Networks

Automated Attack Discovery in TCP Congestion Control Using a Model-guided Approach.
Samuel Jero (Purdue University), Endadul Hoque (Florida International University), David Choffnes (Northeastern University), Alan Mislove (Northeastern University), and Cristina Nita-Rotaru (Northeastern University).

Preventing (Network) Time Travel with Chronos.
Omer Deutsch (Hebrew University of Jerusalem), Neta Rozen Schiff (Hebrew University of Jerusalem), Danny Dolev (Hebrew University of Jerusalem), and Michael Schapira (Hebrew University of Jerusalem).

LTEInspector: A Systematic Approach for Adversarial Testing of 4G LTE.
Syed Rafiul Hussain (Purdue University), Omar Chowdhury (The University of Iowa), Shagufta Mehnaz (Purdue University), and Elisa Bertino (Purdue University).

GUTI Reallocation Demystified: Cellular Location Tracking with Changing Temporary Identifier.
Byeongdo Hong (KAIST), Sangwook Bae (KAIST), and Yongdae Kim (KAIST).

Brad Reaves

Kon Tiki Ballroom

Session 2B: Crypto

Mind Your Keys? A Security Evaluation of Java Keystores.
Riccardo Focardi (Universita Ca’ Foscari and Cryptosense), Francesco Palmarini (Universita Ca’ Foscari and Yarix), Marco Squarcina (Universita Ca’ Foscari and Cryptosense), Graham Steel (Cryptosense), and Mauro Tempesta (Universita Ca’ Foscari).

A Security Analysis of Honeywords.
Ding Wang (Peking University), Haibo Cheng (Peking University), Ping Wang (Peking University), Jeff Yan (Linkoping University), and Xinyi Huang (Fujian Normal University).

Revisiting Private Stream Aggregation: Lattice-Based PSA.
Daniela Becker (Robert Bosch LLC), Jorge Guajardo (Robert Bosch LLC), and Karl-Heinz Zimmermann (Hamburg University of Technology).

ZeroTrace : Oblivious Memory Primitives from Intel SGX.
Sajin Sasy (University of Waterloo), Sergey Gorbunov (University of Waterloo), and Christopher W. Fletcher (Nvidia/UIUC).

Yinqian Zhang

Aviary Ballroom

Session 3A: Deep Learning and Adversarial ML

Automated Website Fingerprinting through Deep Learning.
Vera Rimmer (imec-DistriNet, KU Leuven), Davy Preuveneers (imec-DistriNet, KU Leuven), Marc Juarez (imec-COSIC, ESAT, KU Leuven), Tom Van Goethem (imec-DistriNet, KU Leuven), and Wouter Joosen (imec-DistriNet, KU Leuven).

VulDeePecker: A Deep Learning-Based System for Vulnerability Detection.
Zhen Li (Huazhong University of Science and Technology and Hebei University), Deqing Zou (Huazhong University of Science and Technology and Shenzhen Huazhong University), Shouhuai Xu (University of Texas at San Antonio), Xinyu Ou (Huazhong University of Science and Technology), Hai Jin (Huazhong University of Science and Technology), Sujuan Wang (Huazhong University of Science and Technology), Zhijun Deng (Huazhong University of Science and Technology), and Yuyi Zhong (Huazhong University of Science and Technology).

Kitsune: An Ensemble of Autoencoders for Online Network Intrusion Detection.
Yisroel Mirsky (Ben-Gurion University of the Negev), Tomer Doitshman (Ben-Gurion University of the Negev), Yuval Elovici (Ben-Gurion University of the Negev), and Asaf Shabtai (Ben-Gurion University of the Negev).

Feature Squeezing: Detecting Adversarial Examples in Deep Neural Networks.
Weilin Xu (University of Virginia), David Evans (University of Virginia), and Yanjun Qi (University of Virginia).

Trojaning Attack on Neural Networks.
Yingqi Liu (Purdue University), Shiqing Ma (Purdue University), Yousra Aafer (Purdue University), Wen-Chuan Lee (Purdue University), Juan Zhai (Nanjing University), Weihang Wang (Purdue University), and Xiangyu Zhang (Purdue University).

Chang Liu

Kon Tiki Ballroom

Session 3B: Authentication

Broken Fingers: On the Usage of the Fingerprint API in Android.
Antonio Bianchi (University of California, Santa Barbara), Yanick Fratantonio (University of California, Santa Barbara, EURECOM), Aravind Machiry (University of California, Santa Barbara), Christopher Kruegel (University of California, Santa Barbara), Giovanni Vigna (University of California, Santa Barbara), Simon Pak Ho Chung (Georgia Institute of Technology), and Wenke Lee (Georgia Institute of Technology).

K-means++ vs. Behavioral Biometrics: One Loop to Rule Them All.
Parimarjan Negi (Stanford University), Prafull Sharma (Stanford University), Vivek sanjay Jain (Stanford University), and Bahman Bahmani (Stanford University).

ABC: Enabling Smartphone Authentication with Built-in Camera.
Zhongjie Ba (University at Buffalo, State University of New York), Sixu Piao (University at Buffalo, State University of New York), Xinwen Fu (University of Central Florida), Dimitrios Koutsonikolas (University at Buffalo, State University of New York), Aziz Mohaisen (University of Central Florida), and Kui Ren (University at Buffalo, State University of New York).

Device Pairing at the Touch of an Electrode.
Marc Roeschlin (University of Oxford), Ivan Martinovic (University of Oxford), and Kasper B. Rasmussen (University of Oxford).

Face Flashing: a Secure Liveness Detection Protocol based on Light Reflections.
Di Tang (Chinese University of Hong Kong), Zhe Zhou (Fudan University), Yinqian Zhang (Ohio State University), and Kehuan Zhang (Chinese University of Hong Kong).

Adam Aviv

Aviary Ballroom

Session 4A: Measurements

A Large-scale Analysis of Content Modification by Open HTTP Proxies.
Giorgos Tsirantonakis (FORTH), Panagiotis Ilia (FORTH), Sotiris Ioannidis (FORTH), Elias Athanasopoulos (University of Cyprus), and Michalis Polychronakis (Stony Brook University).

Measuring and Disrupting Anti-Adblockers Using Differential Execution Analysis.
Shitong Zhu (University of California, Riverside), Xunchao Hu (Syracuse University), Zhiyun Qian (University of California, Riverside), Zubair Shafiq (University of Iowa), and Heng Yin (University of California, Riverside).

Towards Measuring the Effectiveness of Telephony Blacklists.
Sharbani Pandit (Georgia Institute of Technology), Roberto Perdisci (University of Georgia), Mustaque Ahamad (Georgia Institute of Technology), and Payas Gupta (Pindrop).

Things You May Not Know About Android (Un)Packers: A Systematic Study based on Whole-System Emulation.
Yue Duan (University of California, Riverside), Mu Zhang (Cornell University), Abhishek Vasisht Bhaskar (Grammatech. Inc.), Heng Yin (University of California, Riverside), Xiaorui Pan (Indiana University Bloomington), Tongxin Li (Peking University), Xueqiang Wang (Indiana University Bloomington), and XiaoFeng Wang (Indiana University Bloomington).

Xiaojing Liao

Kon Tiki Ballroom

Session 4B: Software Attacks and Secure Architectures

KeyDrown: Eliminating Software-Based Keystroke Timing Side-Channel Attacks.
Michael Schwarz (Graz University of Technology), Moritz Lipp (Graz University of Technology), Daniel Gruss (Graz University of Technology), Samuel Weiser (Graz University of Technology), Clementine Maurice (Univ. Rennes, CNRS, IRISA), Raphael Spreitzer (Graz University of Technology), and Stefan Mangard (Graz University of Technology).

Securing Real-Time Microcontroller Systems through Customized Memory View Switching.
Chung Hwan Kim (NEC Laboratories America), Taegyu Kim (Purdue University), Hongjun Choi (Purdue University), Zhongshu Gu (IBM T.J. Watson Research Center), Byoungyoung Lee (Purdue University), Xiangyu Zhang (Purdue University), and Dongyan Xu (Purdue University).

Automated Generation of Event-Oriented Exploits in Android Hybrid Apps.
Guangliang Yang (Texas A&M University), Jeff Huang (Texas A&M University), and Guofei Gu (Texas A&M University).

Tipped Off by Your Memory Allocator: Device-Wide User Activity Sequencing from Android Memory Images.
Rohit Bhatia (Purdue University), Brendan Saltaformaggio (Georgia Institute of Technology), Seung Jei Yang (The Affiliated Institute of ETRI), Aisha Ali-Gombe (Towson University), Xiangyu Zhang (Purdue University), Dongyan Xu (Purdue University), and Golden G. Richard III (Louisiana State University).

Zhou Li

Aviary Ballroom

Session 5A: Software Security

K-Miner: Uncovering Memory Corruption in Linux.
David Gens (CYSEC/Technische Universitat Darmstadt), Simon Schmitt (CYSEC/Technische Universitat Darmstadt), Lucas Davi (CYSEC/Technische Universitat Darmstadt), and Ahmad-Reza Sadeghi (CYSEC/Technische Universitat Darmstadt).

CFIXX: Object Type Integrity for C++.
Nathan Burow (Purdue University), Derrick McKee (Purdue University), Scott A. Carr (Purdue University), and Mathias Payer (Purdue University).

Back To The Epilogue: Evading Control Flow Guard via Unaligned Targets.
Andrea Biondo (University of Padua), Mauro Conti (University of Padua), and Daniele Lain (University of Padua).

Superset Disassembly: Statically Rewriting x86 Binaries Without Heuristics.
Erick Bauman (University of Texas at Dallas), Zhiqiang Lin (University of Texas at Dallas), and Kevin Hamlen (University of Texas at Dallas).

Enhancing Memory Error Detection for Large-Scale Applications and Fuzz Testing.
Wookhyun Han (KAIST), Byunggill Joe (KAIST), Byoungyoung Lee (Purdue University), Chengyu Song (University of California, Riverside), and Insik Shin (KAIST).

Long Lu

Kon Tiki Ballroom

Session 5B: Privacy in Mobile

Finding Clues for Your Secrets: Semantics-Driven, Learning-Based Privacy Discovery in Mobile Apps.
Yuhong Nan (Fudan University), Zhemin Yang (Fudan University and Shanghai Institute of Intelligent Electronics & Systems), Xiaofeng Wang (Indiana University Bloomington), Yuan Zhang (Fudan University), Donglai Zhu (Fudan University), and Min Yang (Fudan University and Shanghai Institute for Advanced Communication and Data Science).

Bug Fixes, Improvements, … and Privacy Leaks – A Longitudinal Study of PII Leaks Across Android App Versions.
Jingjing Ren (Northeastern University), Martina Lindorfer (UC Santa Barbara), Daniel J. Dubois (Northeastern University), Ashwin Rao (University of Helsinki), David Choffnes (Northeastern University), and Narseo Vallina-Rodriguez (IMDEA Networks Institute and ICSI).

Apps, Trackers, Privacy, and Regulators: A Global Study of the Mobile Tracking Ecosystem.
Abbas Razaghpanah (Stony Brook University), Rishab Nithyanand (Data & Society Research Institute), Narseo Vallina-Rodriguez (IMDEA Networks and ICSI), Srikanth Sundaresan (Princeton University), Mark Allman (ICSI), Christian Kreibich (Corelight and ICSI), and Phillipa Gill (University of Massachusetts Amherst).

OS-level Side Channels without Procfs: Exploring Cross-App Information Leakage on iOS.
Xiaokuan Zhang (The Ohio State University), Xueqiang Wang (Indiana University at Bloomington), Xiaolong Bai (Tsinghua University), Yinqian Zhang (The Ohio State University), and XiaoFeng Wang (Indiana University at Bloomington).

Knock Knock, Who’s There? Membership Inference on Aggregate Location Data.
Apostolos Pyrgelis (University College London), Carmela Troncoso (IMDEA Software Institute), and Emiliano De Cristofaro (University College London).

Dongyan Xu

Aviary Ballroom

Session 6A: Cloud

Reduced Cooling Redundancy: A New Security Vulnerability in a Hot Data Center.
Xing Gao (University of Delaware and College of William and Mary), Zhang Xu (College of William and Mary), Haining Wang (University of Delaware), Li Li (Ohio State University), and Xiaorui Wang (Ohio State University).

OBLIVIATE: A Data Oblivious Filesystem for Intel SGX.
Adil Ahmad (Purdue University), Kyungtae Kim (Purdue University), Muhammad Ihsanulhaq Sarfaraz (Purdue University), and Byoungyoung Lee (Purdue University).

Microarchitectural Minefields: 4K-Aliasing Covert Channel and Multi-Tenant Detection in Iaas Clouds.
Dean Sullivan (University of Florida), Orlando Arias (University of Central Florida), Travis Meade (University of Central Florida), and Yier Jin (University of Florida).

Cloud Strife: Mitigating the Security Risks of Domain-Validated Certificates.
Kevin Borgolte (UC Santa Barbara), Tobias Fiebig (TU Delft), Shuang Hao (UT Dallas), Christopher Kruegel (UC Santa Barbara), and Giovanni Vigna (UC Santa Barbara).

Tom Moyer

Kon Tiki Ballroom

Session 6B: Privacy and De-Anonymization

Consensual and Privacy-Preserving Sharing of Multi-Subject and Interdependent Data.
Alexandra-Mihaela Olteanu (EPFL and UNIL-HEC Lausanne), Kevin Huguenin (UNIL-HEC Lausanne), Italo Dacosta (EPFL), and Jean-Pierre Hubaux (EPFL).

When Coding Style Survives Compilation: De-anonymizing Programmers from Executable Binaries.
Aylin Caliskan (Princeton University), Fabian Yamaguchi (Shiftleft Inc), Edwin Dauber (Drexel University), Richard Harang (Sophos), Konrad Rieck (TU Braunschweig), Rachel Greenstadt (Drexel University), and Arvind Narayanan (Princeton University).

De-anonymization of Mobility Trajectories: Dissecting the Gaps between Theory and Practice.
Huandong Wang (Tsinghua University), Chen Gao (Tsinghua University), Yong Li (Tsinghua University), Gang Wang (Virginia Tech), Depeng Jin (Tsinghua University), and Jingbo Sun (China Telecom Beijing Research Institute).

Veil: Private Browsing Semantics Without Browser-side Assistance.
Frank Wang (MIT CSAIL), James Mickens (Harvard University), and Nickolai Zeldovich (MIT CSAIL).

Prateek Mittal

Aviary Ballroom

Session 7A: Web Security

Game of Missuggestions: Semantic Analysis of Search-Autocomplete Manipulations.
Peng Wang (Indiana University Bloomington), Xianghang Mi (Indiana University Bloomington), Xiaojing Liao (William and Mary), XiaoFeng Wang (Indiana University Bloomington), Kan Yuan (Indiana University Bloomington), Feng Qian (Indiana University Bloomington), and Raheem Beyah (Georgia Institute of Technology).

SYNODE: Understanding and Automatically Preventing Injection Attacks on NODE.JS.
Cristian-Alexandru Staicu (TU Darmstadt), Michael Pradel (TU Darmstadt), and Benjamin Livshits (Imperial College London).

JavaScript Zero: Real JavaScript and Zero Side-Channel Attacks.
Michael Schwarz (Graz University of Technology), Moritz Lipp (Graz University of Technology), and Daniel Gruss (Graz University of Technology).

Riding out DOMsday: Towards Detecting and Preventing DOM Cross-Site Scripting.
William Melicher (Carnegie Mellon University), Anupam Das (Carnegie Mellon University), Mahmood Sharif (Carnegie Mellon University), Lujo Bauer (Carnegie Mellon University), and Limin Jia (Carnegie Mellon University).

Adam Doupé

Kon Tiki Ballroom

Session 7B: Audit Logs

Towards Scalable Cluster Auditing through Grammatical Inference over Provenance Graphs.
Wajih Ul Hassan (University of Illinois at Urbana-Champaign), Mark Lemay (Boston University), Nuraini Aguse (University of Illinois at Urbana-Champaign), Adam Bates (University of Illinois at Urbana-Champaign), and Thomas Moyer (UNC at Charlotte).

MCI : Modeling-based Causality Inference in Audit Logging for Attack Investigation.
Yonghwi Kwon (Purdue University), Fei Wang (Purdue University), Weihang Wang (Purdue University), Kyu Hyung Lee (University of Georgia), Wen-Chuan Lee (Purdue University), Shiqing Ma (Purdue University), Xiangyu Zhang (Purdue University), Dongyan Xu (Purdue University), Somesh Jha (University of Wisconsin-Madison), Gabriela Ciocarlie (SRI International), Ashish Gehani (SRI International), and Vinod Yegneswaran (SRI International).

Towards a Timely Causality Analysis for Enterprise Security.
Yushan Liu (Princeton University), Mu Zhang (Cornell University), Ding Li (NEC Labs America), Kangkook Jee (NEC Labs America), Zhichun Li (NEC Labs America), Zhenyu Wu (NEC Labs America), Junghwan Rhee (NEC Labs America), and Prateek Mittal (Princeton University).

JSgraph: Enabling Reconstruction of Web Attacks via Efficient Tracking of Live In-Browser JavaScript Executions.
Bo Li (University of Georgia), Phani Vadrevu (University of Georgia), Kyu Hyung Lee (University of Georgia), and Roberto Perdisci (University of Georgia).

Adam Bates

Aviary Ballroom

Session 8: Android

AceDroid: Normalizing Diverse Android Access Control Checks for Inconsistency Detection.
Yousra Aafer (Purdue University), Jianjun Huang (Purdue University), Yi Sun (Purdue University), Xiangyu Zhang (Purdue University), Ninghui Li (Purdue University), and Chen Tian (Futurewei Technologies).

InstaGuard: Instantly Deployable Hot-patches for Vulnerable System Programs on Android.
Yaohui Chen (Northeastern University), Yuping Li (University of South Florida), Long Lu (Northeastern University), Yueh-Hsun Lin (JD Research Center), Hayawardh Vijayakumar (Samsung Research America), Zhi Wang (Florida State University), and Xinming Ou (University of South Florida).

BreakApp: Automated, Flexible Application Compartmentalization.
Nikos Vasilakis (University of Pennsylvania), Ben Karel (University of Pennsylvania), Nick Roessler (University of Pennsylvania), Nathan Dautenhahn (University of Pennsylvania), Andre DeHon (University of Pennsylvania), and Jonathan M. Smith (University of Pennsylvania).

Resolving the Predicament of Android Custom Permissions.
Guliz Seray Tuncay (University of Illinois at Urbana-Champaign), Soteris Demetriou (University of Illinois at Urbana-Champaign), Karan Ganju (University of Illinois at Urbana-Champaign), and Carl A. Gunter (University of Illinois at Urbana-Champaign).

Brendan Saltaformaggio

Kon Tiki Ballroom

Session 9: Blockchain and Smart Contracts

ZEUS: Analyzing Safety of Smart Contracts.
Sukrit Kalra (IBM Research), Seep Goel (IBM Research), Mohan Dhawan (IBM Research), and Subodh Sharma (IIT Delhi).

Chainspace: A Sharded Smart Contracts Platform.
Mustafa Al-Bassam (University College London), Alberto Sonnino (University College London), Shehar Bano (University College London), Dave Hrycyszyn (constructiveproof.com), and George Danezis (University College London).

Settling Payments Fast and Private: Efficient Decentralized Routing for Path-Based Transactions.
Stefanie Roos (University of Waterloo), Pedro Moreno-Sanchez (Purdue University), Aniket Kate (Purdue University), and Ian Goldberg (University of Waterloo).

TLS-N: Non-repudiation over TLS Enablign Ubiquitous Content Signing.
Hubert Ritzdorf (ETH Zurich), Karl Wust (ETH Zurich), Arthur Gervais (Imperial College London), Guillaume Felley (ETH Zurich), and Srdjan Capkun (ETH Zurich).

Aziz Mohaisen

Kon Tiki Ballroom

Session 10: Social Networks and Anonymity

Investigating Ad Transparency Mechanisms in Social Media: A Case Study of Facebooks Explanations.
Athanasios Andreou (EURECOM), Giridhari Venkatadri (Northeastern University), Oana Goga (Univ. Grenoble Alpes, CNRS, Inria, Grenoble INP, and LIG), Krishna P. Gummadi (Max Planck Institute for Software Systems), Patrick Loiseau (Univ. Grenoble Alpes, CNRS, Inria, Grenoble INP, LIG, and Max Planck Institute for Software Systems), and Alan Mislove (Northeastern University).

Inside Job: Applying Traffic Analysis to Measure Tor from Within.
Rob Jansen (U.S. Naval Research Laboratory), Marc Juarez (imec-COSIC KU Leuven), Rafa Galvez (imec-COSIC KU Leuven), Tariq Elahi (imec-COSIC KU Leuven), and Claudia Diaz (imec-KOSIC KU Leuven).

Smoke Screener or Straight Shooter: Detecting Elite Sybil Attacks in User-Review Social Networks.
Haizhong Zheng (Shanghai Jiao Tong University), Minhui Xue (NYU Shanghai), Hao Lu (Shanghai Jiao Tong University), Shuang Hao (University of Texas at Dallas), Haojin Zhu (Shanghai Jiao Tong University), Xiaohui Liang (University of Massachusetts Boston), and Keith Ross (NYU and NYU Shanghai).

Aniket Kate

Kon Tiki Ballroom