Accepted Papers

(Un)informed Consent: Studying GDPR Consent Notices in the Field Christine Utz (Ruhr-Universität Bochum); Martin Degeling (Ruhr-Universität Bochum); Sascha Fahl (Ruhr-Universität Bochum); Florian Schaub (University of Michigan); Thorsten Holz (Ruhr-Universität Bochum);
“I don’t see why I would ever want to use it”: Analyzing the Usability of Popular Smartphone Password Managers Sunyoung Seiler-Hwang (University of Mannheim);Patricia Arias-Cabarcos (University of Mannheim);Andrés Marín (University Carlos III of Madrid);Florina Almenares (University Carlos III of Madrid);Daniel Díaz-Sánchez (University Carlos III of Madrid);Christian Becker (University of Mannheim);
1 Trillion Dollar Refund – How To Spoof PDF Signatures Vladislav Mladenov (Ruhr University Bochum, Chair for Network and Data Security); Christian Mainka (Ruhr University Bochum, Chair for Network and Data Security); Karsten Meyer zu Selhausen (Hackmanit GmbH); Martin Grothe (Ruhr University Bochum, Chair for Network and Data Security); Jörg Schwenk (Ruhr University Bochum, Chair for Network and Data Security);
28 Blinks Later: Tackling Practical Challenges of Eye Movement Biometrics Simon Eberz (University of Oxford); Giulio Lovisotto (University of Oxford); Kasper Rasmussen (University of Oxford); Vincent Lenders (Armasuisse); Ivan Martinovic (University of Oxford);
5GReasoner: A Property-Directed Security and Privacy Analysis Framework for 5G Cellular Network Protocol Syed Rafiul Hussain (Purdue University); Mitziu Echeverria (University of Iowa); Imtiaz Karim (Purdue University); Omar Chowdhury (The University of Iowa); Elisa Bertino (Purdue University);
A Formal Treatment of Deterministic Wallets Poulami Das (Technische Universität Darmstadt, Germany); Sebastian Faust (Technische Universität Darmstadt, Germany); Julian Loss (Ruhr-Universität Bochum, Germany);
A High-Assurance Evaluator for Machine-Checked Secure Multiparty Computation Vitor Pereira (INESC TEC & DCC FC Universidade do Porto); Karim Eldefrawy (SRI International);
A Machine-Checked Proof of Security for AWS Key Management Service José Bacelar Almeida (University of Minho and INESC TEC); Manuel Barbosa (University of Porto (FCUP) and INESC TEC); Gilles Barthe (MPI-SP and IMDEA Software Institute); Matthew Campagna (Amazon Web Services); Ernie Cohen (Amazon Web Services); Benjamin Gregoire (INRIA Sophia Antipolis); Vitor Pereira (University of Porto (FCUP) and INESC TEC); Bernardo Portela (University of Porto (FCUP) and INESC TEC); Pierre-Yves Strub (École Polytechnique); Serdar Tasiran (Amazon Web Services);
A Tale of Two Worlds: Assessing the Vulnerability of Enclave Shielding Runtimes Jo Van Bulck (imec-DistriNet, KU Leuven, Belgium); David Oswald (School of Computer Science, University of Birmingham, UK); Eduard Marin (School of Computer Science, University of Birmingham, UK); Abdulla Aldoseri (School of Computer Science, University of Birmingham, UK); Flavio D. Garcia (School of Computer Science, University of Birmingham, UK); Frank Piessens (imec-DistriNet, KU Leuven, Belgium);
A Usability Evaluation of Let’s Encrypt and Certbot – Usable Security Done Right? Christian Tiefenau (University of Bonn); Emanuel von Zezschwitz (University of Bonn, Fraunhofer FKIE); Maximilian Häring (Fraunhofer FKIE); Katharina Krombholz (CISPA Helmholtz Center for Information Security); Matthew Smith (University of Bonn, Fraunhofer FKIE);
ABS: Scanning Neural Networks for Back-doors by Artificial Brain Stimulation Yingqi Liu (Purdue University); Wen-Chuan Lee (Purdue University); Guanhong Tao (Purdue University); Shiqing Ma (Purdue University); Yousra Aafer (Purdue University); Xiangyu Zhang (Purdue University);
Adversarial Sensor Attack on LiDAR-based Perception in Autonomous Driving Yulong Cao (University of Michigan); Chaowei Xiao (University of Michigan); Benjamin Cyr (University of Michigan); Yimeng Zhou (University of Michigan); Won Park (University of Michigan); Sara Rampazzi (University of Michigan); Qi Alfred Chen (University of California, Irvine); Kevin Fu (University of Michigan); Z. Morley Mao (University of Michigan);
AdVersarial: Perceptual Ad Blocking meets Adversarial Machine Learning Florian Tramèr (Stanford University); Pascal Dupré (CISPA); Gili Rusak (Stanford); Giancarlo Pellegrino (Stanford University, CISPA); Dan Boneh (Stanford University);
An In-depth Look Into SDN Topology Discovery Mechanisms: Novel Attacks and Practical Countermeasures Eduard Marin (University of Birmingham); Nicola Bucciol (University of Padua); Mauro Conti (University of Padua);
Analyzing Subgraph Statistics from Extended Local Views with Decentralized Differential Privacy Haipei Sun (Qatar Computing Research Institute); Xiaokui Xiao (National University of Singapore); Issa Khalil (Qatar Computing Research Institute (QCRI), HBKU); Yin Yang (College of Science and Engineering, Hamad Bin Khalifa University); Zhan Qin (ZheJiang University); Hui (Wendy) Wang (Stevens Institute of Technology); Ting Yu (Qatar Computing Research Institute);
Are These Pairing Elements Correct? Automated Verification and Applications Susan Hohenberger (Johns Hopkins University); Satyanarayana Vusirikala (University of Texas at Austin);
Atomic Multi-Channel Updates with Constant Collateral in Bitcoin-Compatible Payment-Channel Networks Christoph Egger (Friedrich-Alexander-Universität Erlangen-Nürnberg); Pedro Moreno-Sanchez (TU Wien); Matteo Maffei (TU Wien);
Attacking Graph-based Classification via Manipulating the Graph Structure Binghui Wang (Duke University); Neil Zhenqiang Gong (Duke University);
Automatic Fingerprinting of Vulnerable BLE IoT Devices with Static UUIDs from Mobile Apps Chaoshun Zuo (Ohio State University); Haohuang Wen (Ohio State University); Zhiqiang Lin (Ohio State University); Yinqian Zhang (Ohio State University);
Balance: Dynamic Adjustment of Cryptocurrency Deposits Dominik Harz (Imperial College London); Lewis Gudgeon (Imperial College London); Arthur Gervais (Imperial College London); William J. Knottenbelt (Imperial College London);
Binary Control-Flow Trimming Masoud Ghaffarinia (University of Texas at Dallas); Kevin Hamlen (University of Texas at Dallas);
Certificate Transparency in the Wild: Exploring the Reliability of Monitors Bingyu Li (Institute of Information Engineering, CAS); Jingqiang Lin (Institute of Information Engineering, CAS); Fengjun Li (The University of Kansas, Lawrence, USA); Qiongxiao Wang (Institute of Information Engineering, CAS); Qi Li (Tsinghua University, China); Jiwu Jing (Institute of Information Engineering, CAS); Congli Wang (Institute of Information Engineering, CAS);
Charting the Attack Surface of Trigger-Action IoT Platforms Qi Wang (University of Illinois at Urbana-Champaign); Pubali Datta (University of Illinois at Urbana-Champaign); Wei Yang (The University of Texas at Dallas); Si Liu (University of Illinois at Urbana-Champaign); Carl Gunter (University of Illinois at Urbana-Champaign); Adam Bates (University of Illinois at Urbana-Champaign);
CHURP: Dynamic-Committee Proactive Secret Sharing Sai Krishna Deepak Maram (Cornell Tech); Fan Zhang (Cornell Tech); Lun Wang (UC Berkeley); Andrew Low (UC Berkeley); Yupeng Zhang (UC Berkeley and Texas A&M); Ari Juels (Jacobs Institute, Cornell Tech); Dawn Song (UC Berkeley);
Conjure: Summoning Proxies from Unused Address Space Sergey Frolov (University of Colorado Boulder); Jack Wampler (University of Colorado Boulder); Sze Chuen Tan (UIUC); J. Alex Halderman (University of Michigan); Nikita Borisov (UIUC); Eric Wustrow (University of Colorado Boulder); J. Alex Halderman (University of Michigan);
CryptoGuard: High Precision Detection of Cryptographic Vulnerabilities in Massive-sized Java Projects Sazzadur Rahaman (Department of Computer Science, Virginia Tech); Ya Xiao (Department of Computer Science, Virginia Tech); Sharmin Afrose (Department of Computer Science, Virginia Tech); Fahad Shaon (Department of Computer Science, The University of Texas at Dallas); Ke Tian (Department of Computer Science, Virginia Tech); Miles Frantz (Department of Computer Science, Virginia Tech); Murat Kantarcioglu (Department of Computer Science, The University of Texas at Dallas); Danfeng (Daphne) Yao (Department of Computer Science, Virginia Tech);
DeepIntent: Deep Icon-Behavior Learning for Detecting Intention-Behavior Discrepancy in Mobile Apps Shengqu Xi (Nanjing University); Shao Yang (Case Western Reserve University); Xusheng Xiao (Case Western Reserve University); Yuan Yao (Nanjing University); Yayuan Xiong (Nanjing University); Fengyuan Xu (National Key Lab for Novel Software Technology, Nanjing University); Haoyu Wang (Beijing University of Posts and Telecommunications); Peng Gao (University of California, Berkeley); Zhuotao Liu (University of Illinois at Urbana-Champaign); Feng Xu (Nanjing University); Jian Lu (Nanjing University);
DeMiCPU: Device Fingerprinting with Magnetic Signals Radiated by CPU Yushi Cheng (Zhejiang University); Xiaoyu Ji (Zhejiang University); Juchuan Zhang (Zhejiang University); Wenyuan Xu (Zhejiang University); Yi-Chao Chen (University of Texas at Austin);
Detecting Fake Accounts in Online Social Networks at the Time of Registrations Dong Yuan (Tsinghua University); Yuanli Miao (Tsinghua University); Neil Zhenqiang Gong (Duke University); Zheng Yang(Tsinghua University); Qi Li (Tsinghua University); Dawn Song (UC Berkeley); Qian Wang (Wuhan University); Xiao Liang (Tencent);
Different is Good: Detecting the Use of Uninitialized Variables through Differential Replay Mengchen Cao (Orion Security Lab, Alibaba Group); Xiantong Hou (Orion Security Lab, Alibaba Group); Tao Wang (Orion Security Lab, Alibaba Group); Hunter Qu (Orion Security Lab, Alibaba Group); Yajin Zhou (Zhejiang University); Xiaolong Bai (Orion Security Lab, Alibaba Group); Fuwei Wang (Orion Security Lab, Alibaba Group);
Differentially Private Nonparametric Hypothesis Testing Simon Couch (Reed College); Zeki Kazan (Reed College); Kaiyan Shi (Reed College); Andrew Bray (Reed College); Adam Groce (Reed College);
Distributed Vector-OLE: Improved Constructions and Implementation Adrià Gascón (The Alan Turing Institute / University of Warwick); Mariana Raykova (Google); Leonie Reichert (Humboldt-Universität zu Berlin); Phillipp Schoppmann (Humboldt-Universität zu Berlin);
Effective and Light-Weight Deobfuscation and Semantic-Aware Attack Detection for PowerShell Scripts Zhenyuan LI (Zhejiang University); Qi Alfred Chen (University of California, Irvine); Chunlin Xiong (Zhejiang University); Yan Chen (Northwestern University); Tiantian Zhu (Zhejiang University of Technology); Hai Yang (MagicShield Inc);
Efficient MPC via Program Analysis: A Framework for Efficient Optimal Mixing Muhammad Ishaq (University of Edinburgh);Ana Milanova (Rensselaer Polytechnic Institute);Vassilis Zikas (University of Edinburgh);
Efficient Multi-Key Homomorphic Encryption with Packed Ciphertexts with Application to Oblivious Neural Network Inference Hao Chen (MIcrosoft Research); Wei Dai (Microsoft Research); Miran Kim (University of Texas, Health Science Center at Houston); Yongsoo Song (Microsoft Research);
Efficient Publicly Verifiable 2PC over a Blockchain with Applications to Financially-Secure Computations Ruiyu Zhu (Indiana University Bloomington); Changchang Ding (Indiana University Bloomington); Yan Huang (Indiana University Bloomington);
Efficient Two-Round OT Extension and Silent Non-Interactive Secure Computation Elette Boyle (IDC Herzliya); Geoffroy Couteau (Karlsruhe Institute of Technology); Niv Gilboa (Ben-Gurion University of the Negev); Yuval Ishai (Technion); Lisa Kohl (Karlsruhe Institute of Technology); Peter Rindal (Visa Research); Peter Scholl (Aarhus University);
Efficient Verifiable Secret Sharing with Share Recovery in BFT Protocols Soumya Basu (Cornell University, IC3, VMWare Research); Alin Tomescu (MIT, VMWare Research); Ittai Abraham (VMware Research); Dahlia Malkhi (VMWare); Mike Reiter (UNC, VMWare Research); Emin Gün Sirer (Cornell, IC3);
Efficient Zero-Knowledge Arguments in the Discrete Log Setting, Revisited Michael Klooß (Karlsruhe Institute of Technology); Max Hoffmann (Ruhr University Bochum); Andy Rupp (Karlsruhe Institute of Technology);
Encrypted Databases: New Volume Attacks against Range Queries Zichen Gui (University of Bristol); Oliver Johnson (University of Bristol); Bogdan Warinschi (University of Bristol);
Endemic Oblivious Transfer Peter Rindal (Visa Research); Daniel Masny (Visa Research);
Erlay: Efficient Transaction Relay for Bitcoin Gleb Naumenko (University of British Columbia);Gregory Maxwell (Independent);Pieter Wuille (Blockstream);Alexandra (Sasha) Fedorova (University of British Columbia);Ivan Beschastnikh (University of British Columbia);
Exploiting Symmetries when Proving Equivalence Properties for Security Protocols Vincent Cheval (INRIA Nancy – Grand Est);Steve Kremer (INRIA Nancy – Grand Est);Itsaka Rakotonirina (INRIA Nancy – Grand Est);
Fallout: Leaking Data on Meltdown-resistant CPUs Claudio Canella (Graz University of Technology); Daniel Genkin (University of Michigan); Lukas Giner (Graz University of Technology); Daniel Gruss (Graz University of Technology); Moritz Lipp (Graz University of Technology); Marina Minkin (University of Michigan); Daniel Moghimi (Worcester Polytechnic Institute); Frank Piessens (KU Leuven); Michael Schwarz (Graz University of Technology); Berk Sunar (Worcester Polytechnic Institute); Jo Van Bulck (KU Leuven); Yuval Yarom (University of Adelaide and Data61)
Fast Actively Secure Five-Party Computation with Security Beyond Abort Megha Byali (Indian Institute of Science, Bangalore); Carmit Hazay (Bar-Ilan University, Israel); Arpita Patra (Indian Institute of Science, Bangalore); Swati Singla (Indian Institute of Science, Bangalore);
Five Years of the Right to be Forgotten Kurt Thomas (Google); Theo Bertram (Google); Elie Bursztein (Google); Stephanie Caro (Google); Hubert Chao (Google); Rutledge Chin Feman (Google); Peter Fleischer (Google); Albin Gustafsson (Google); Jess Hemerly (Google); Chris Hibbert (Google); Luca Invernizzi (Google); Lanah Kammourieh Donnelly (Google); Jason Ketover (Google); Jay Laefer (Google); Paul Nicholas (Google); Yuan Niu (Google); Harjinder Obhi (Google); David Price (Google); Andrew Strait (Google); Al Verney (Google);
Flexible Byzantine Fault Tolerance Dahlia Malkhi (VMware Research); Kartik Nayak (VMware Research); Ling Ren (VMware Research);
GALACTICS: Gaussian Sampling for Lattice-Based Constant-Time Implementation of Cryptographic Signatures, Revisited Gilles Barthe (MPI-SP and IMDEA Software Institute);Sonia Belaïd (CryptoExperts);Thomas Espitau (Sorbonne Université);Pierre-Alain Fouque (Univ Rennes);Mélissa Ross (ENS and Thalès);Mehdi Tibouchi (NTT Corporation);
Geneva: Evolving Censorship Evasion Strategies Kevin Bock (University of Maryland); George Hughey (University of Maryland); Xiao Qiang (UC Berkeley); Dave Levin (University of Maryland);
Gollum: Modular and Greybox Exploit Generation for Heap Overflows in Interpreters Sean Heelan (University of Oxford); Daniel Kroening (University of Oxford); Tom Melham (University of Oxford);
Hardware-Backed Heist Keegan Ryan (NCC Group); Keegan Ryan (NCC Group);
HideNoSeek: Camouflaging Malicious JavaScript in Benign ASTs Aurore Fass (CISPA Helmholtz Center for Information Security);Michael Backes (CISPA Helmholtz Center for Information Security);Ben Stock (CISPA Helmholtz Center for Information Security);
HoneyBadgerMPC and AsynchroMix: Practical Asynchronous MPC and its Application to Anonymous Communication Donghang Lu (Purdue University); Thomas Yurek (UIUC); Samarth Kulshreshtha (UIUC); Rahul Govind (UIUC); Aniket Kate (Purdue University); Andrew Miller (UIUC);
Houdini’s Escape: Breaking the Resource Rein of Linux Control Groups Xing Gao (University of Memphis); Zhongshu Gu (IBM Research); Zhengfa Li (Independent Researcher); Hani Jamjoom (IBM Research); Cong Wang (Old Dominion University);
How to (not) share a password: Privacy preserving protocols for finding heavy hitters with adversarial behavior Moni Naor (Weizmann Institue);Benny Pinkas (Bar Ilan University);Eyal Ronen (Tel Aviv University, KU Leuven);
How to accurately and privately identify anomalies Hafiz Asif (Rutgers University); Periklis Papakonstantinou (Rutgers University); Jaideep Vaidya (Rutgers University);
HyperService: Interoperability and Programmability across Heterogeneous Blockchains Zhuotao Liu (UIUC & Google); Yangxi Xiang (Beijing University of Posts and Telecommunications); Jian Shi (Case Western Reserve University); Peng Gao (University of California, Berkeley); Haoyu Wang (Beijing University of Posts and Telecommunications); Xusheng Xiao (Case Western Reserve University); Bihan Wen (Nanyang Technological University); Yih-Chun Hu (UIUC);
Insecure Until Proven Updated: Analyzing AMD SEV’s Remote Attestation Robert Buhren (Technische Universität Berlin); Christian Werling (Hasso Plattner Institute, Potsdam); Jean-Pierre Seifert(Technische Universität Berlin)
Intriguer: Field-Level Constraint Solving for Hybrid Fuzzing Mingi Cho (Yonsei University);Seoyoung Kim (Yonsei University);Taekyoung Kwon (Yonsei University);
Just the Tip of the Iceberg: Internet-Scale Exploitation of Routers for Cryptojacking H.L.J. Bijmans (Delft University of Technology);T.M. Booij (Delft University of Technology);C. Doerr (Delft University of Technology);
Latent Backdoor Attacks on Deep Neural Networks Yuanshun Yao (University of Chicago); Huiying Li (University of Chicago); Haitao Zheng (University of Chicago); Ben Y. Zhao (University of Chicago);
Learning to Fuzz from Symbolic Execution with Application to Smart Contracts Jingxuan He (ETH Zurich); Mislav Balunovic (ETH Zurich); Nodar Ambroladze (ETH Zurich); Petar Tsankov (ETH Zurich); Martin Vechev (ETH Zurich);
LegoSNARK: Modular Design and Composition of Succinct Zero-Knowledge Proofs Matteo Campanelli (IMDEA Software Institute, Madrid, Spain); Dario Fiore (IMDEA Software Institute, Madrid, Spain); Anaïs Querol (IMDEA Software Institute, Madrid, and Universidad Politecnica de Madrid, Spain);
Let’s Encrypt: An Automated Certificate Authority to Encrypt the Entire Web Josh Aas (Let’s Encrypt); Richard Barnes (Cisco); Benton Case (Stanford University); Zakir Durumeric (Stanford University); Peter Eckersley (Electronic Frontier Foundation); Alan Flores-López (Stanford University); J. Alex Halderman (University of Michigan); Jacob Hoffman-Andrews (Electronic Frontier Foundation); James Kasten (University of Michigan); Eric Rescorla (Mozilla); Seth Schoen (Electronic Frontier Foundation); Brad Warren (Electronic Frontier Foundation);
LevioSA: Lightweight Secure Arithmetic Computation Carmit Hazay (Bar-Ilan University); Yuval Ishai (Technion); Antonio Marcedone (Cornell-Tech); Muthu Venkitasubramaniam (University of Rochester);
LibreCAN: Automated CAN Message Translator Mert D. Pesé (University of Michigan, Ann Arbor); Troy Stacer (University of Michigan, Ann Arbor); C. Andrés Campos (University of Michigan, Ann Arbor); Eric Newberry (University of Michigan, Ann Arbor); Dongyao Chen (University of Michigan, Ann Arbor); Kang G. Shin (University of Michigan, Ann Arbor);
Lifelong Anomaly Detection Through Unlearning Min Du (University of California Berkeley);Zhi Chen (University of California Berkeley);Chang Liu (Citadel Securities);Rajvardhan Oak (University of California Berkeley);Dawn Song (University of California Berkeley)
LightBox: Full-stack Protected Stateful Middlebox at Lightning Speed Huayi DUAN (City University of Hong Kong); Cong Wang (City University of Hong Kong); Xingliang Yuan (Monash University); Yajin Zhou (Zhejiang University); Qian Wang (Wuhan University); Kui Ren (Zhejiang University);
Log2vec: A Heterogeneous Graph Embedding Based Approach for Detecting Cyber Threats within Enterprise Fucheng Liu (Institute of Information Engineering, Chinese Academy of Science);Yu Wen (Institute of Information Engineering, Chinese Academy of Sciences);Dongxue Zhang (Institute of Information Engineering, Chinese Academy of Science);Xihe Jiang (Institute of Information Engineering, Chinese Academy of Science);Xinyu Xing (The Pennsylvania State University);Dan Meng (Institute of Information Engineering, Chinese Academy of Science);
Machine-Checked Proofs for Cryptographic Standards José Bacelar Almeida (Universidade do Minho & INESC-TEC); Cécile Baritel-Ruet (Université Côte d’Azur & Inria Sophia-Antipolis); Manuel Barbosa (Universidade do Porto & INESC-TEC); Gilles Barthe (MPI-SP & IMDEA Software Institute); François Dupressoir (University of Surrey & University of Bristol); Benjamin Grégoire (Inria Sophia-Antipolis); Vincent Laporte (Inria); Tiago Oliveira (Universidade do Porto & INESC-TEC & FCUP); Alley Stoughton (Boston University); Pierre-Yves Strub (École Polytechnique);
Make Some ROOM for the Zeros: Data Sparsity in Secure Distributed Machine Learning Phillipp Schoppmann (Humboldt-Universität zu Berlin); Adrià Gascón (The Alan Turing Institute, University of Warwick); Mariana Raykova (Google); Benny Pinkas (Bar Ilan University);
MalMax: Multi-Aspect Execution for Automated Dynamic Web Server Malware Analysis Abbas Naderi-Afooshteh (University of Virginia); Yonghwi Kwon (University of Virginia); Jack Davidson (University of Virginia); Anh Nguyen-Tuong (University of Virginia); Ali Razmjoo-Qalaei (ZDResearch); Mohammad-Reza Zamiri-Gourabi (ZDResearch);
Matched and Mismatched SOCs: A Qualitative Study on Security Operations Center Issues Faris Bugra Kokulu (Arizona State University); Ananta Soneji (Arizona State University); Tiffany Bao (Arizona State University); Yan Shoshitaishvili (Arizona State University); Ziming Zhao (Rochester Institute of Technology); Adam Doupé (Arizona State University); Gail-Joon Ahn (Arizona State University and Samsung Research);
MatRiCT: Efficient, Scalable and Post-Quantum Blockchain Confidential Transactions Protocol Muhammed F. Esgin (Monash University and Data61, CSIRO); Raymond K. Zhao (Monash University); Ron Steinfeld (Monash University); Joseph K. Liu (Monash University); Dongxi Liu (Data61, CSIRO);
Matryoshka: fuzzing deeply nested branches Peng Chen (ByteDance AI lab); Jianzhong Liu (ShanghaiTech University); Hao Chen (University of California, Davis);
Membership Privacy for Fully Dynamic Group Signatures Michael Backes (CISPA Helmholtz Center for Information Security); Lucjan Hanzlik (CISPA Helmholtz Center for Information Security, Stanford University); Jonas Schneider-Bensch (CISPA Helmholtz Center for Information Security);
MemGuard: Defending against Black-Box Membership Inference Attacks via Adversarial Examples Jinyuan Jia (Duke University); Ahmed Salem (CISPA Helmholtz Center for Information Security); Michael Backes (CISPA Helmholtz Center for Information Security); Yang Zhang (CISPA Helmholtz Center for Information Security); Neil Zhenqiang Gong (Duke University);
Mitigating Leakage in Secure Cloud-Hosted Data Structures: Volume Hiding for Multi-Maps via Hashing Sarvar Patel (Google); Giuseppe Persiano (Universita’ di Salerno and Google); Kevin Yeo (Google); Moti Yung (Google);
Moving Beyond Set-It-And-Forget-It Privacy Settings on Social Media Mainack Mondal (Cornell University / University of Chicago); Günce Su Yılmaz (University of Chicago); Noah Hirsch (University of Chicago); Mohammad Taha Khan (University of Illinois at Chicago); Michael Tang (University of Chicago); Christopher Tran (University of Illinois at Chicago); Chris Kanich (University of Illinois at Chicago); Blase Ur (University of Chicago); Elena Zheleva (University of Illinois at Chicago);
Multisketches: Practical Secure Sketches Using Off-the-Shelf Biometric Matching Algorithms Rahul Chatterjee (Cornell University); M. Sadegh Riazi (UCSD); Tanmoy Chowdhury (GMU); Emanuela Marasco (GMU); Farinaz Koushanfar (UCSD); Ari Juels (Jacobs Institute, Cornell Tech);
Network Hygiene, Incentives, and Regulation: Deployment of Source Address Validation in the Internet Matthew Luckie (University of Waikato); Robert Beverly (Naval Postgraduate School); Ryan Koga (CAIDA / UC San Diego); Ken Keys (CAIDA / UC San Diego); Joshua Kroll (UC Berkeley School of Information); kc claffy (CAIDA / UC San Diego);
Neural Network Inversion in Adversarial Setting via Background Knowledge Alignment Ziqi Yang (National University of Singapore); Jiyi Zhang (National University of Singapore); Ee-Chien Chang (National University of Singapore); Zhenkai Liang (National University of Singapore);
Oh, the Places You’ve Been! User Reactions to Longitudinal Transparency About Third-Party Web Tracking and Inferencing Ben Weinshel (University of Chicago); Miranda Wei (University of Chicago); Mainack Mondal (Cornell University / University of Chicago); Euirim Choi (University of Chicago); Shawn Shan (University of Chicago); Claire Dolin (University of Chicago); Michelle L. Mazurek (University of Maryland); Blase Ur (University of Chicago);
Omniring: Scaling Private Payments Without Trusted Setup Russell W. F. Lai (Friedrich Alexander University Erlangen-Nuremberg); Viktoria Ronge (Friedrich Alexander University Erlangen-Nuremberg); Tim Ruffing (Blockstream); Dominique Schröder (Friedrich Alexander University Erlangen-Nuremberg); Sri Aravinda Krishnan Thyagarajan (Friedrich Alexander University Erlangen-Nuremberg); Jiafan Wang (Chinese University of Hong Kong);
Onion Ring ORAM: Efficient Constant Bandwidth Oblivious RAM from (Leveled) TFHE Hao Chen (Microsoft Research); Ilaria Chillotti (KU Leuven); Ling Ren (VMware Research);
OPERA: Open Remote Attestation for Intel’s Secure Enclaves Guoxing Chen (The Ohio State University); Yinqian Zhang (The Ohio State University); Ten-Hwang Lai (The Ohio State University);
Page Cache Attacks Daniel Gruss (Graz University of Technology); Erik Kraft (Graz University of Technology); Trishita Tiwari (Boston University); Michael Schwarz (Graz University of Technology); Ari Trachtenberg (Boston University); Jason Hennessey (NetApp); Alex Ionescu (CrowdStrike); Anders Fogh (Intel Corporation);
Peeves: Physical Event Verification in Smart Homes Simon Birnbach (University of Oxford); Simon Eberz (University of Oxford); Ivan Martinovic (University of Oxford);
PIEs: Public Incompressible Encodings for Decentralized Storage Ethan Cecchetti (Cornell University); Benjamin Fisch (Stanford University); Ian Miers (Cornell Tech); Ari Juels (Jacobs Institute, Cornell Tech);
POIROT: Aligning Attack Behavior with Kernel Audit Records for Cyber Threat Hunting Sadegh M. Milajerdi (UIC); Birhanu Eshete (University of Michigan-Dearborn); Rigel Gjomemo (UIC); V.N. Venkatakrishnan (UIC);
Post-Collusion Security and Distance Bounding Sjouke Mauw (SnT/CSC, University of Luxembourg); Zach Smith (CSC, University of Luxembourg); Jorge Toro-Pozo (CSC, University of Luxembourg); Rolando Trujillo-Rasua (School of Information Technology, Deakin University);
Power Adjusting and Bribery Racing: Novel Mining Attacks in the Bitcoin System Shang Gao (The Hong Kong Polytechnic University); Zecheng Li (The Hong Kong Polytechnic University); Zhe Peng (The Hong Kong Polytechnic University); Bin Xiao (The Hong Kong Polytechnic University); Shang Gao (Microsoft Research);
Practical Decryption exFiltration: Breaking PDF Encryption Jens Müller (Ruhr University Bochum); Fabian Ising (Münster University of Applied Sciences); Vladislav Mladenov (Ruhr University Bochum); Christian Mainka (Ruhr University Bochum); Sebastian Schinzel (Münster University of Applied Sciences); Jörg Schwenk (Ruhr University Bochum);
Practical Fully Secure Three-Party Computation via Sublinear Distributed ZK Proofs Ariel Nof (Bar-Ilan University); Yuval Ishai (Technion and UCLA); Elette Boyle (IDC Herzliya); Niv Gilboa (BGU);
Principled Unearthing of TCP Side Channel Vulnerabilities Yue Cao (University of California, Riverside); Zhongjie Wang (University of California, Riverside); Zhiyun Qian (University of California, Riverside); Chengyu Song (University of California, Riverside); Srikanth Krishnamurthy (University of California, Riverside); Paul Yu (Army Research Laboratory);
Prism: Deconstructing the Blockchain to Approach Physical Limits Vivek Bagaria (Stanford University); Sreeram Kannan (University of Washington Seattle); David Tse (Stanford University); Giulia Fanti (Carnegie Mellon University); Pramod Viswanath (University of Illinois Urbana-Champaign);
Privacy Aspects and Subliminal Channels in Zcash Alex Biryukov (University of Luxembourg); Daniel Feher (University of Luxembourg); Giuseppe Vitto (University of Luxembourg);
Privacy Risks of Securing Machine Learning Models against Adversarial Examples Liwei Song (Princeton University); Reza Shokri (National University of Singapore (NUS)); Prateek Mittal (Princeton University);
PrivDPI: Privacy-Preserving Encrypted Traffic Inspection with Reusable Obfuscated Rules Jianting Ning (Fujian Normal University & National University of Singapore); Geong Sen Poh (Trustwave & NUS-Singtel Cyber Security Lab); Jia-Ch’ng Loh (NUS-Singtel Cyber Security Lab); Jason Chia (NUS-Singtel Cyber Security Lab); Ee-Chien Chang (National University of Singapore);
Probabilistic Data Structures in Adversarial Environments David Clayton (University of Florida); Christopher Patton (University of Florida); Thomas Shrimpton (University of Florida);
Procedural Noise Adversarial Examples for Black-Box Attacks on Deep Convolutional Networks Kenneth Co (Imperial College London);Luis Muñoz-González (Imperial College London);Emil C. Lupu (Imperial College London);Sixte de Maupeou (Imperial College London);Kenneth Co (Imperial College London);
Program-mandering: Quantitative Privilege Separation Shen Liu (The Pennsylvania State University, University Park); Dongrui Zeng (The Pennsylvania State University, University Park); Yongzhe Huang (The Pennsylvania State University, University Park); Frank Capobianco (The Pennsylvania State University, University Park); Stephen McCamant (University of Minnesota, Twin Cities); Trent Jaeger (The Pennsylvania State University, University Park); Gang Tan (The Pennsylvania State University, University Park);
Proof-Carrying Network Code Christian Skalka (University of Vermont); John Ring (University of Vermont); David Darais (University of Vermont); Minseok Kwon (Rochester Institute of Technology); Sahil Gupta (Rochester Institute of Technology); Kyle Diller (Rochester Institute of Technology); Steffen Smolka (Cornell University); Nate Foster (Cornell University);
Protocols for Checking Compromised Credentials Lucy Li (Cornell University); Bijeeta Pal (Cornell University); Junade Ali (Cloudflare Inc.); Nick Sullivan (Cloudflare Inc.); Rahul Chatterjee (Cornell University); Thomas Ristenpart (Cornell Tech);
Quantitative Verification of Neural Networks and Its Security Applications Teodora Baluta (National University of Singapore);Shiqi Shen (National University of Singapore);Shweta Shinde (University of California, Berkeley);Kuldeep S. Meel (National University of Singapore);Prateek Saxena (National University of Singapore);
QUOTIENT: Two-Party Secure Neural Network Training and Prediction Nitin Agrawal (University of Oxford); Ali Shahin Shamsabadi (Queen Mary University London); Matthew Kusner (University of Oxford, The Alan Turing Institute); Adria Gascon (The Alan Turing Institute);
SAMPL: Scalable Auditability of Monitoring Processes using Public Ledgers Roopa Vishwanathan (New Mexico State University); Gaurav Panwar (New Mexico State University); Satyajayant Misra (New Mexico State University); Austin Bos (New Mexico State University);
SecTEE: A Software-based Approach to Secure Enclave Architecture Using TEE Shijun Zhao (Institute of Software Chinese Academy of Sciences); Qianying Zhang (Capital Normal University Information Engineering Colleg); Qin Yu (Institute of Software Chinese Academy of Sciences); Wei Feng (Institute of Software Chinese Academy of Sciences); Dengguo Feng (Institute of Software Chinese Academy of Sciences);
Securely Sampling Biased Coins with Applications to Differential Privacy Jeffrey Champion (Northeastern University); Abhi Shelat (Northeastern University); Jonathan Ullman (Northeastern University);
Security Certification in Payment Card Industry: Testbeds, Measurements, and Recommendations Sazzadur Rahaman (Virginia Tech), Gang Wang (University of Illinois at Urbana-Champaign), Daphne Yao (Virginia Tech)
Seeing isn’t Believing: Towards More Robust Adversarial Attack Against Real World Object Detectors Yue Zhao (SKLOIS, Institute of Information Engineering, Chinese Academy of Sciences, China; School of Cyber Security, University of Chinese Academy of Sciences, China); Hong Zhu (SKLOIS, Institute of Information Engineering, Chinese Academy of Sciences, China; School of Cyber Security, University of Chinese Academy of Sciences, China); Ruigang Liang (SKLOIS, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China); Qintao Shen (SKLOIS, Institute of Information Engineering, Chinese Academy of Sciences, China; School of Cyber Security, University of Chinese Academy of Sciences, China); Shengzhi Zhang (Department of Computer Science, Metropolitan College, Boston University); Kai Chen (SKLOIS, Institute of Information Engineering,Chinese Academy of Sciences, China; School of Cyber Security, University of Chinese Academy of Sciences, China);
SEEMless: Secure End-to-End Encrypted Messaging with less Trust Melissa Chase (Microsoft Research); Apoorvaa Deshpande (Brown University); Esha Ghosh (Microsoft Research); Harjasleen Malvai (Cornell University);
Seems Legit: Automated Analysis of Subtle Attacks on Protocols that use Signatures Dennis Jackson (University of Oxford); Katriel Cohn-Gordon (independent); Cas Cremers (CISPA Helmholtz Center for Information Security); Ralf Sasse (ETH Zürich);
SICO: Surgical Interception Attacks by Manipulating BGP Communities Henry Birge-Lee (Princeton University); Liang Wang (Princeton University); Jennifer Rexford (Princeton University); Prateek Mittal (Princeton University);
Signed Cryptographic Program Verification with Typed CryptoLine Yu-Fu Fu (Academia Sinica); Jiaxiang Liu (Academia Sinica & Shenzhen University); Xiaomu Shi (Academia Sinica & Shenzhen University); Ming-Hsien Tsai (Academia Sinica); Bow-Yaw Wang (Academia Sinica); Bo-Yin Yang (Academia Sinica);
SLAKE: Facilitating Slab Manipulation for Exploiting Vulnerabilities in the Linux Kernel Yueqi Chen (Pennsylvania State University); Xinyu Xing (Pennsylvania State University);
SMoTherSpectre: exploiting speculative execution through port contention Atri Bhattacharyya (EPFL); Alexandra Sandulescu (IBM Zurich); Matthias Neugschwandtner (IBM Zurich); Alessandro Sorniotti (IBM Zurich); Babak Falsafi (EPFL); Mathias Payer (EPFL); Anil Kurmus (IBM Zurich);
Sonic: Zero-Knowledge SNARKs from Linear-Size Universal and Updatable Structured Reference Strings Mary Maller (University College London); Sean Bowe (Zcash); Markulf Kohlweiss (University of Edinburgh, IOHK); Sarah Meiklejohn (University College London);
Stormy: Statistics in Tor by Measuring Securely Ryan Wails (U.S. Naval Research Laboratory);Aaron Johnson (U.S. Naval Research Laboratory);Daniel Starin (Perspecta Labs);Arkady Yerukhimovich (George Washington University);S. Dov Gordon (George Mason University);Arkady Yerukhimovich (MIT Lincoln Laboratory);
Succinct Arguments for Bilinear Group Arithmetic: Practical Structure-Preserving Cryptography Russell W. F. Lai (Friedrich-Alexander University Erlangen-Nuremberg); Giulio Malavolta ( Carnegie Mellon University); Viktoria Ronge (Friedrich-Alexander University Erlangen-Nuremberg);
Tesseract: Real-Time Cryptocurrency Exchange Using Trusted Hardware Iddo Bentov (Cornell Tech);Ari Juels (Cornell Tech);Fan Zhang (Cornell Tech);Yan Ji (Cornell Tech);Phil Daian (Cornell Tech);Lorenz Breindenbach (ETH Zurich);
The Art and Craft of Fraudulent App Promotion in Google Play Mizanur Rahman (Amazon); Nestor Hernandez (FIU); Ruben Recabarren (FIU); Syed Ishtiaque Ahmed (University of Toronto); Bogdan Carbunar (FIU);
The Catcher in the Field: A Fieldprint based Spoofing Detection for Text-Independent Speaker Verification Chen Yan (Zhejiang University); Yan Long (Zhejiang University); Xiaoyu Ji (Zhejiang University); Wenyuan Xu (Zhejiang University);
The Next 700 Policy Miners: A Universal Method for Building Policy Miners Carlos Cotrini (ETH Zurich); Luca Corinzia (ETH Zurich); Thilo Weghorn (ETH Zurich); David Basin (ETH Zurich);
The SPHINCS+ signature framework Andreas Hülsing (TU Eindhoven); Peter Schwabe (RU Nijmegen); Joost Rijneveld (RU Nijmegen); Stefan Kölbl (Cybercrypt); Daniel J Bernstein (University of Illinois at Chicago and Ruhr University Bochum); Ruben Niederhagen (SIT Fraunhofer);
TokenScope: Automatically Detecting Inconsistent Behaviors of Cryptocurrency Tokens in Ethereum Ting Chen (University of Electronic Science and Technology of China); Yufei Zhang (University of Electronic Science and Technology of China); Zihao Li (University of Electronic Science and Technology of China); Xiapu Luo (The Hong Kong Polytechnic University); Ting Wang (Lehigh University); Rong Cao (University of Electronic Science and Technology of China); Xiuzhuo Xiao (University of Electronic Science and Technology of China); Xiaosong Zhang (University of Electronic Science and Technology of China);
Towards Continuous Access Control Validation and Forensics Chengcheng Xiang (University of California San Diego); Yudong Wu (University of California San Diego); Bingyu Shen (University of California San Diego); Mingyao Shen (University of California San Diego); Tianyin Xu (University of Illinois Urbana-Champaign); Yuanyuan Zhou (University of California San Diego); Cindy Moore (University of California San Diego); Xinxin Jin (Whova, Inc.); Tianwei Sheng (Whova, Inc.);
Towards Memory Safe Enclave Programming with Rust-SGX Huibo Wang (University of Texas at Dallas); Pei Wang (Baidu X-Lab); Yu Ding (Baidu X-Lab); Mingshen Sun (Baidu X-Lab); Yiming Jing (Baidu X-Lab); Ran Duan (Baidu X-Lab); Long Li (Baidu X-Lab); Yulong Zhang (Baidu X-Lab); Tao Wei (Baidu X-Lab); Zhiqiang Lin (Ohio State University);
Traceback for End-to-End Encrypted Messaging Nirvan Tyagi (Cornell University); Ian Miers (Cornell Tech;  University of Maryland); Thomas Ristenpart (Cornell Tech);
Transparency Logs via Append-only Authenticated Dictionaries Alin Tomescu (MIT); Vivek Bhupatiraju (Lexington High School); Dimitrios Papadopoulos (Hong Kong University of Science and Technology); Charalampos Papamanthou (University of Maryland); Nikos Triandopoulos (Stevens Institute of Technology); Srinivas Devadas (MIT);
Trick or Heat? Manipulating Critical Temperature-Based Control Systems using Rectification attacks Yazhou Tu (University of Louisiana at Lafayette); Sara Rampazzi (University of Michigan); Bin Hao (University of Louisiana at Lafayette); Angel Rodriguez (University of Michigan); Kevin Fu (University of Michigan); Xiali Hei (University of Louisiana at Lafayette);
Triplet Fingerprinting: More Practical and Portable Website Fingerprinting with N-shot Learning Payap Sirinam (Navaminda Kasatriyadhiraj Royal Air Force Academy); Nate Matthews (Rochester Institute of Technology); Mohammad Saidur Rahman (Rochester Institute of Technology); Matthew Wright (Rochester Institute of Technology);
Two-party Private Set Intersection with an Untrusted Third Party. Phi Hung Le (George Mason University);Samuel Ranellucci (University of Maryland, George Mason University);S. Dov Gordon (George Mason University);
Two-Thirds Honest-Majority MPC for Malicious Adversaries at Almost the Cost of Semi-Honest Jun Furukawa (NEC Israel Research Center); Yehuda Lindell (Bar-Ilan University and Unbound Tech);
Updatable Anonymous Credentials and Applications to Incentive Systems Johannes Blömer (Paderborn University); Jan Bobolz (Paderborn University); Denis Diemert (Paderborn University); Fabian Eidens (Paderborn University);
Updatable Oblivious Key Management for Storage Systems Stanislaw Jarecki (University of California, Irvine);Hugo Krawczyk (Algorand Foundation);Jason Resch (Independent);
User Account Access Graphs Sven Hammann (ETH Zurich); Sasa Radomirovic (University of Dundee); Ralf Sasse (ETH Zurich); David Basin (ETH Zurich);
Velody: Nonlinear Vibration Challenge-Response for Resilient User Authentication Jingjie Li (University of Wisconsin-Madison); Younghyun Kim (University of Wisconsin-Madison); Kassem Fawaz (University of Wisconsin-Madison);
Verified Verifiers for Verifying Elections Thomas Haines (Norwegian University of Science and Technology);Rajev Gore (The Australian National University);Mukesh Tiwari (The Australian National University);
VeriSketch: Synthesizing Secure Hardware Designs with Timing-Sensitive Information Flow Properties Armaiti Ardeshiricham (UCSD); Yoshiki Takashima (UCSD); Sicun Gao (UCSD); Ryan Kastner (UCSD);
VoltJockey: Breaching TrustZone by Software-Controlled Voltage Manipulation over Multi-core Frequencies Pengfei Qiu (Research Institute of Information Technology & BNRist, Tsinghua University, Beijing, China); Yongqiang Lyu (Research Institute of Information Technology & BNRist, Tsinghua University, Beijing, China); Dongsheng Wang (Research Institute of Information Technology & BNRist, Tsinghua University, Beijing, China); Gang Qu (Department of Electrical and Computer Engineering, University of Maryland, College Park, Maryland, USA);
Watching You Watch: The Tracking Ecosystem of Over-the-Top TV Streaming Devices Hooman Mohajeri Moghaddam (Princeton University); Gunes Acar (Princeton University); Arunesh Mathur (Princeton University); Danny Y. Huang (Princeton University); Ben Burgess (Princeton University); Nick Feamster (Princeton University); Edward Felten (Princeton University); Prateek Mittal (Princeton University); Arvind Narayanan (Princeton University);
Where Does It Go? Refining Indirect-Call Targets with Multi-Layer Type Analysis Kangjie Lu (University of Minnesota); Hong Hu (GeorgiaTech);
WI is not Enough: Zero-Knowledge Contingent (Service) Payments Revisited Georg Fuchsbauer (Inria and Ecole normale superieure);
You Are Who You Appear to Be: A Longitudinal Study of Domain Impersonation in TLS Certificates Richard Roberts (University of Maryland); Yaelle Goldschlag (University of Maryland); Rachel Walter (University of Maryland); Taejoong Chung (Rochester Institute of Technology); Alan Mislove (Northeastern University); Dave Levin (University of Maryland);
You Shall Not Join: A Measurement Study of Cryptocurrency Peer-to-Peer Bootstrapping Techniques Angelique Faye Loe (Royal Holloway, University of London); Elizabeth Quaglia (Royal Holloway, University of London);
Your Cache Has Fallen: Cache-Poisoned Denial-of-Service Attack Hoai Viet Nguyen (Cologne University of Applied Sciences); Luigi Lo Iacono (Cologne University of Applied Sciences); Hannes Federrath (University of Hamburg);
zkay: Specifying and Enforcing Data Privacy in Smart Contracts Samuel Steffen (ETH Zürich); Benjamin Bichsel (ETH Zürich); Mario Gersbach (ETH Zürich); Noa Melchior (ETH Zürich); Petar Tsankov (ETH Zürich); Martin Vechev (ETH Zürich);
ZombieLoad: Cross-Privilege-Boundary Data Sampling Michael Schwarz (Graz University of Technology); Moritz Lipp (Graz University of Technology); Ahmad Moghimi (Worcester Polytechnic Institute); Jo Van Bulck (imec-DistriNet, KU Leuven); Julian Stecklina (Cyberus Technology); Thomas Prescher (Cyberus Technology); Daniel Gruss (Graz University of Technology);