|
Computational Soundness for Dalvik Bytecode
|
|
|
Strong Non-Interference and Type-Directed Higher-Order Masking
|
|
|
ECDSA Key Extraction from Mobile Devices via Nonintrusive Physical Side Channels
|
Daniel Genkin
|
|
Using Reflexive Eye Movements for Fast Challenge-Response Authentication
|
|
|
Practical Detection of Entropy Loss in Pseudo-Random Number Generators
|
|
|
POSTER: Fingerprinting Tor Hidden Services
|
|
|
An Empirical Study of Mnemonic Sentence-based Password Generation Strategies
|
|
|
POSTER: Mapping the Landscape of Large-Scale Vulnerability Notifications
|
Ben Stock
|
|
On the Security and Usability of Segment-based Visual Cryptographic Authentication Protocols
|
|
|
MERS: Statistical Test Generation for Side-Channel Analysis based Trojan Detection
|
|
|
GAME OF DECOYS: Optimal Decoy Routing Through Game Theory
|
|
|
PIPSEA: A Practical IPsec Gateway on Embedded APUs
|
|
|
When CSI Meets Public WiFi: Inferring Your Mobile Phone Password via WiFi Signals
|
|
|
PREDATOR: Proactive Recognition and Elimination of Domain Abuse at Time-Of-Registration
|
Shuang Hao
|
|
Making Smart Contracts Smarter
|
|
|
My Smartphone Knows What You Print: Exploring Smartphone-based Side-channel Attacks Against 3D Printers
|
|
|
Efficient Batched Oblivious PRF with Applications to Private Set Intersection
|
|
|
Attribute-based Key Exchange with General Policies
|
|
|
SFADiff: Automated Evasion Attacks and Fingerprinting Using Black-box Differential Automata Learning
|
George Argyros
|
|
MPC-Friendly Symmetric Key Primitives
|
|
|
Content Security Problems?: Evaluating the Effectiveness of Content Security Policy in the Wild
|
Stefano Calzavara
|
|
MEMS Gyroscopes as Physical Unclonable Functions
|
|
|
Introduction to Credit Networks: Security, Privacy, and Applications
|
|
|
Sixth Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM 2016)
|
Long Lu
|
|
UniSan: Proactive Kernel Memory Initialization to Eliminate Data Leakages
|
Kangjie Lu
|
|
WISCS'16: The 3rd ACM Workshop on Information Sharing and Collaborative Security
|
|
|
Systematic Fuzzing and Testing of TLS Libraries
|
Juraj Somorovsky
|
|
Acing the IOC Game: Toward Automatic Discovery and Analysis of Open-Source Cyber Threat Intelligence
|
Xiaojing Liao
|
|
POSTER: Identifying Dynamic Data Structures in Malware
|
|
|
Membership Privacy in MicroRNA-based Studies
|
|
|
Call Me Back!: Attacks on System Server and System Apps in Android through Synchronous Callback
|
|
|
Attacking OpenSSL Implementation of ECDSA with a Few Signatures
|
|
|
A Software Approach to Defeating Side Channels in Last-Level Caches
|
|
|
Android ION Hazard: the Curse of Customizable Memory Management System
|
|
|
Online Tracking: A 1-million-site Measurement and Analysis
|
|
|
Second Workshop on Cyber-Physical Systems Security and PrivaCy (CPS-SPC'16)
|
|
|
Message-Recovery Attacks on Feistel-Based Format Preserving Encryption
|
|
|
Limiting the Impact of Stealthy Attacks on Industrial Control Systems
|
|
|
PhishEye: Live Monitoring of Sandboxed Phishing Kits
|
|
|
CCSW'16: 8th ACM Cloud Computing Security Workshop
|
|
|
SandScout: Automatic Detection of Flaws in iOS Sandbox Profiles
|
Luke Deshotels
|
|
Mix&Slice: Efficient Access Revocation in the Cloud
|
|
|
POSTER: (Semi)-Supervised Machine Learning Approaches for Network Security in High-Dimensional Network Data
|
|
|
MIST 2016: 8th International Workshop on Managing Insider Security Threats
|
|
|
Differential Privacy as a Mutual Information Constraint
|
|
|
MTD 2016: Third ACM Workshop on Moving Target Defense
|
Peng Liu
|
|
Town Crier: An Authenticated Data Feed for Smart Contracts
|
|
|
Error Handling of In-vehicle Networks Makes Them Vulnerable
|
|
|
POSTER: Weighing in eHealth Security
|
|
|
DEMO: Starving Permission-Hungry Android Apps Using SecuRank
|
|
|
POSTER: DataLair: A Storage Block Device with Plausible Deniability
|
|
|
Accessorize to a Crime: Real and Stealthy Attacks on State-of-the-Art Face Recognition
|
|
|
Theory of Implementation Security Workshop (TIs 2016)
|
|
|
Sixth International Workshop on Trustworthy Embedded Devices (TrustED 2016)
|
|
|
On the Security of Cracking-Resistant Password Vaults
|
|
|
Enforcing Least Privilege Memory Views for Multithreaded Applications
|
|
|
POSTER: Security Enhanced Administrative Role Based Access Control Models
|
|
|
POPE: Partial Order Preserving Encoding
|
|
|
What Else is Revealed by Order-Revealing Encryption?
|
|
|
The Honey Badger of BFT Protocols
|
|
|
"The Web/Local" Boundary Is Fuzzy: A Security Study of Chrome's Process-based Sandboxing
|
Yaoqi Jia
|
|
POSTER: RIA: an Audition-based Method to Protect the Runtime Integrity of MapReduce Applications
|
|
|
DEMO: Integrating MPC in Big Data Workflows
|
|
|
Reliable Third-Party Library Detection in Android and its Security Applications
|
|
|
Transparency Overlays and Applications
|
|
|
On the Security and Scalability of Bitcoin's Blockchain
|
|
|
CREDAL: Towards Locating a Memory Corruption Vulnerability with Your Core Dump
|
|
|
Safe Serializable Secure Scheduling: Transactions and the Trade-Off Between Security and Consistency
|
|
|
Frodo: Take off the Ring! Practical, Quantum-Secure Key Exchange from LWE
|
|
|
POSTER: Improved Markov Strength Meters for Passwords
|
|
|
Drammer: Deterministic Rowhammer Attacks on Mobile Platforms
|
Victor van der Veen
|
|
Stemming Downlink Leakage from Training Sequences in Multi-User MIMO Networks
|
|
|
Alternative Implementations of Secure Real Numbers
|
|
|
POSTER: VUDEC: A Framework for Vulnerability Management in Decentralized Communication Networks
|
|
|
POSTER: DroidShield: Protecting User Applications from Normal World Access
|
|
|
ProvUSB: Block-level Provenance-Based Data Protection for USB Storage Devices
|
|
|
POSTER: I Don't Want That Content! On the Risks of Exploiting Bitcoin's Blockchain as a Content Store
|
|
|
TaintART: A Practical Multi-level Information-Flow Tracking System for Android RunTime
|
Mingshen Sun
|
|
Scalable Graph-based Bug Search for Firmware Images
|
|
|
SafeConfig'16: Testing and Evaluation for Active and Resilient Cyber Systems
|
|
|
CSP Is Dead, Long Live CSP! On the Insecurity of Whitelists and the Future of Content Security Policy
|
Lukas Weichselbaum
|
|
Privacy and Security in the Genomic Era
|
|
|
5Gen: A Framework for Prototyping Applications Using Multilinear Maps and Matrix Branching Programs
|
|
|
All Your DNS Records Point to Us: Understanding the Security Threats of Dangling DNS Records
|
Daiping Liu
|
|
POSTER: Locally Virtualized Environment for Mitigating Ransomware Threat
|
|
|
Hash First, Argue Later: Adaptive Verifiable Computations on Outsourced Data
|
|
|
Return-Oriented Flush-Reload Side Channels on ARM and Their Implications for Android Devices
|
Xiaokuan Zhang
|
|
DEMO: High-Throughput Secure Three-Party Computation of Kerberos Ticket Generation
|
|
|
On the Security and Performance of Proof of Work Blockchains
|
|
|
POSTER: An Educational Network Protocol for Covert Channel Analysis Using Patterns
|
Steffen Wendzel
|
|
POSTER: Toward Automating the Generation of Malware Analysis Reports Using the Sandbox Logs
|
|
|
A Protocol for Privately Reporting Ad Impressions at Scale
|
Matthew Green
|
|
SmartWalk: Enhancing Social Network Security via Adaptive Random Walks
|
|
|
Λολ: Functional Lattice Cryptography
|
|
|
POSTER: Phishing Website Detection with a Multiphase Framework to Find Visual Similarity
|
|
|
POSTER: ConcurORAM: High-Throughput Parallel Multi-Client ORAM
|
|
|
Breaking Kernel Address Space Layout Randomization with Intel TSX
|
Yeongjin Jang
|
|
Hypnoguard: Protecting Secrets across Sleep-wake Cycles
|
|
|
Leave Your Phone at the Door: Side Channels that Reveal Factory Floor Secrets
|
|
|
MiddlePolice: Toward Enforcing Destination-Defined Policies in the Middle of the Internet
|
|
|
Instant and Robust Authentication and Key Agreement among Mobile Devices
|
|
|
Safely Measuring Tor
|
|
|
POSTER: Attack on Non-Linear Physical Unclonable Function
|
|
|
15th Workshop on Privacy in the Electronic Society (WPES 2016)
|
|
|
Twice the Bits, Twice the Trouble: Vulnerabilities Induced by Migrating to 64-Bit Platforms
|
|
|
EpicRec: Towards Practical Differentially Private Framework for Personalized Recommendation
|
|
|
POSTER: Static ROP Chain Detection Based on Hidden Markov Model Considering ROP Chain Integrity
|
|
|
Optimizing Semi-Honest Secure Multiparty Computation for the Internet
|
|
|
Identity-Concealed Authenticated Encryption and Key Exchange
|
|
|
POSTER: Towards Highly Interactive Honeypots for Industrial Control Systems
|
Stephan Lau
|
|
9th International Workshop on Artificial Intelligence and Security: AISec 2016
|
|
|
On the Provable Security of (EC)DSA Signatures
|
|
|
Practical Non-Malleable Codes from l-more Extractable Hash Functions
|
Aggelos Kiayias
|
|
Targeted Online Password Guessing: An Underestimated Threat
|
|
|
DEMO: OffPAD - Offline Personal Authenticating Device with Applications in Hospitals and e-Banking
|
|
|
DEMO: Easy Deployment of a Secure Internet Architecture for the 21st Century: How hard can it be to build a secure Internet?
|
|
|
Order-Revealing Encryption: New Constructions, Applications, and Lower Bounds
|
|
|
The Ring of Gyges: Investigating the Future of Criminal Smart Contracts
|
|
|
A Secure Sharding Protocol For Open Blockchains
|
|
|
Coverage-based Greybox Fuzzing as Markov Chain
|
|
|
How I Learned to be Secure: a Census-Representative Survey of Security Advice Sources and Behavior
|
|
|
A Comprehensive Formal Security Analysis of OAuth 2.0
|
|
|
Practical Anonymous Password Authentication and TLS with Anonymous Client Authentication
|
|
|
A Surfeit of SSH Cipher Suites
|
|
|
Garbling Gadgets for Boolean and Arithmetic Circuits
|
|
|
POSTER: Towards Privacy-Preserving Biometric Identification in Cloud Computing
|
|
|
POSTER: A Keyless Efficient Algorithm for Data Protection by Means of Fragmentation
|
|
|
Prefetch Side-Channel Attacks: Bypassing SMAP and Kernel ASLR
|
Daniel Gruss
|
|
Improvements to Secure Computation with Penalties
|
|
|
A Systematic Analysis of the Juniper Dual EC Incident
|
Stephen Checkoway
|
|
POSTER: Accuracy vs. Time Cost: Detecting Android Malware through Pareto Ensemble Pruning
|
|
|
An In-Depth Study of More Than Ten Years of Java Exploitation
|
|
|
Over-The-Top Bypass: Study of a Recent Telephony Fraud
|
|
|
The Misuse of Android Unix Domain Sockets and Security Implications
|
|
|
Security on Wheels: Security and Privacy for Vehicular Communication Systems
|
|
|
Slitheen: Perfectly Imitated Decoy Routing through Traffic Replacement
|
|
|
Function Secret Sharing: Improvements and Extensions
|
|
|
POSTER: Re-Thinking Risks and Rewards for Trusted Third Parties
|
Jan-Ole Malchow
|
|
BeleniosRF: A Non-interactive Receipt-Free Electronic Voting Scheme
|
|
|
New Security Threats Caused by IMS-based SMS Service in 4G LTE Networks
|
|
|
The Sounds of the Phones: Dangers of Zero-Effort Second Factor Login based on Ambient Audio
|
|
|
On the Practical (In-)Security of 64-bit Block Ciphers: Collision Attacks on HTTP over TLS and OpenVPN
|
Karthikeyan Bhargavan
|
|
Amortizing Secure Computation with Penalties
|
|
|
SANA: Secure and Scalable Aggregate Network Attestation
|
|
|
POSTER: Privacy Enhanced Secure Location Verification
|
|
|
Advanced Probabilistic Couplings for Differential Privacy
|
|
|
Cybersecurity, Nuclear Security, Alan Turing, and Illogical Logic
|
|
|
Chainsaw: Chained Automated Workflow-based Exploit Generation
|
|
|
On the Instability of Bitcoin Without the Block Reward
|
|
|
Build It, Break It, Fix It: Contesting Secure Development
|
Andrew Ruef
|
|
Identifying the Scan and Attack Infrastructures Behind Amplification DDoS Attacks
|
|
|
POSTER: Towards Exposing Internet of Things: A Roadmap
|
|
|
PLAS'16: ACM SIGPLAN 11th Workshop on Programming Languages and Analysis for Security
|
|
|
∑oφo?: Forward Secure Searchable Encryption
|
|
|
Private Circuits III: Hardware Trojan-Resilience via Testing Amplification
|
|
|
Program Anomaly Detection: Methodology and Practices
|
|
|
POSTER: KXRay: Introspecting the Kernel for Rootkit Timing Footprints
|
|
|
Differentially Private Bayesian Programming
|
|
|
Adversarial Data Mining: Big Data Meets Cyber Security
|
|
|
FeatureSmith: Automatically Engineering Features for Malware Detection by Mining the Security Literature
|
|
|
POSTER: Efficient Cross-User Chunk-Level Client-Side Data Deduplication with Symmetrically Encrypted Two-Party Interactions
|
|
|
Lurking Malice in the Cloud: Understanding and Detecting Cloud Repository as a Malicious Service
|
Xiaojing Liao
|
|
A Unilateral-to-Mutual Authentication Compiler for Key Exchange (with Applications to Client Authentication in TLS 1.3)
|
|
|
Practical Censorship Evasion Leveraging Content Delivery Networks
|
|
|
C-FLAT: Control-Flow Attestation for Embedded Systems Software
|
|
|
POSTER: Insights of Antivirus Relationships when Detecting Android Malware: A Data Analytics Approach
|
|
|
Secure Stable Matching at Scale
|
|
|
VoiceLive: A Phoneme Localization based Liveness Detection for Voice Authentication on Smartphones
|
|
|
Draco: A System for Uniform and Fine-grained Access Control for Web Code on Android
|
|
|
DPSense: Differentially Private Crowdsourced Spectrum Sensing
|
|
|
POSTER: The ART of App Compartmentalization
|
|
|
On Code Execution Tracking via Power Side-Channel
|
|
|
Host of Troubles: Multiple Host Ambiguities in HTTP Implementations
|
Jianjun Chen
|
|
High-Throughput Semi-Honest Secure Three-Party Computation with an Honest Majority
|
|
|
Heavy Hitter Estimation over Set-Valued Data with Local Differential Privacy
|
|
|
Breaking Web Applications Built On Top of Encrypted Data
|
|
|
Protecting Insecure Communications with Topology-aware Network Tunnels
|
|
|
Condensed Cryptographic Currencies Crash Course (C5)
|
|
|
The Shadow Nemesis: Inference Attacks on Efficiently Deployable, Efficiently Searchable Encryption
|
|
|
MASCOT: Faster Malicious Arithmetic Secure Computation with Oblivious Transfer
|
|
|
Covert Channels through Random Number Generator: Mechanisms, Capacity Estimation and Mitigations
|
|
|
Statistical Deobfuscation of Android Applications
|
|
|
"Make Sure DSA Signing Exponentiations Really are Constant-Time"
|
Cesar Pereida García
|
|
POSTER: A Behavioural Authentication System for Mobile Users
|
|
|
TypeSan: Practical Type Confusion Detection
|
|
|
POSTER: Towards Collaboratively Supporting Decision Makers in Choosing Suitable Authentication Schemes
|
|
|
POSTER: WiPING: Wi-Fi signal-based PIN Guessing attack
|
|
|
Deep Learning with Differential Privacy
|
|
|
2nd International Workshop on Software Protection: SPRO 2016
|
|
|
AUDACIOUS: User-Driven Access Control with Unmodified Operating Systems
|
|
|
High Fidelity Data Reduction for Big Data Security Dependency Analyses
|
|
|
iLock: Immediate and Automatic Locking of Mobile Devices against Data Theft
|
|
|
Efficient Cryptographic Password Hardening Services from Partially Oblivious Commitments
|
|
|
Generic Attacks on Secure Outsourced Databases
|
|
|
CSPAutoGen: Black-box Enforcement of Content Security Policy upon Real-world Websites
|
|
|
Measurement and Analysis of Private Key Sharing in the HTTPS Ecosystem
|
|