(Un)informed Consent: Studying GDPR Consent Notices in the Field | Christine Utz (Ruhr-Universität Bochum); Martin Degeling (Ruhr-Universität Bochum); Sascha Fahl (Ruhr-Universität Bochum); Florian Schaub (University of Michigan); Thorsten Holz (Ruhr-Universität Bochum); |
“I don’t see why I would ever want to use it”: Analyzing the Usability of Popular Smartphone Password Managers | Sunyoung Seiler-Hwang (University of Mannheim);Patricia Arias-Cabarcos (University of Mannheim);Andrés Marín (University Carlos III of Madrid);Florina Almenares (University Carlos III of Madrid);Daniel Díaz-Sánchez (University Carlos III of Madrid);Christian Becker (University of Mannheim); |
1 Trillion Dollar Refund – How To Spoof PDF Signatures | Vladislav Mladenov (Ruhr University Bochum, Chair for Network and Data Security); Christian Mainka (Ruhr University Bochum, Chair for Network and Data Security); Karsten Meyer zu Selhausen (Hackmanit GmbH); Martin Grothe (Ruhr University Bochum, Chair for Network and Data Security); Jörg Schwenk (Ruhr University Bochum, Chair for Network and Data Security); |
28 Blinks Later: Tackling Practical Challenges of Eye Movement Biometrics | Simon Eberz (University of Oxford); Giulio Lovisotto (University of Oxford); Kasper Rasmussen (University of Oxford); Vincent Lenders (Armasuisse); Ivan Martinovic (University of Oxford); |
5GReasoner: A Property-Directed Security and Privacy Analysis Framework for 5G Cellular Network Protocol | Syed Rafiul Hussain (Purdue University); Mitziu Echeverria (University of Iowa); Imtiaz Karim (Purdue University); Omar Chowdhury (The University of Iowa); Elisa Bertino (Purdue University); |
A Formal Treatment of Deterministic Wallets | Poulami Das (Technische Universität Darmstadt, Germany); Sebastian Faust (Technische Universität Darmstadt, Germany); Julian Loss (Ruhr-Universität Bochum, Germany); |
A High-Assurance Evaluator for Machine-Checked Secure Multiparty Computation | Vitor Pereira (INESC TEC & DCC FC Universidade do Porto); Karim Eldefrawy (SRI International); |
A Machine-Checked Proof of Security for AWS Key Management Service | José Bacelar Almeida (University of Minho and INESC TEC); Manuel Barbosa (University of Porto (FCUP) and INESC TEC); Gilles Barthe (MPI-SP and IMDEA Software Institute); Matthew Campagna (Amazon Web Services); Ernie Cohen (Amazon Web Services); Benjamin Gregoire (INRIA Sophia Antipolis); Vitor Pereira (University of Porto (FCUP) and INESC TEC); Bernardo Portela (University of Porto (FCUP) and INESC TEC); Pierre-Yves Strub (École Polytechnique); Serdar Tasiran (Amazon Web Services); |
A Tale of Two Worlds: Assessing the Vulnerability of Enclave Shielding Runtimes | Jo Van Bulck (imec-DistriNet, KU Leuven, Belgium); David Oswald (School of Computer Science, University of Birmingham, UK); Eduard Marin (School of Computer Science, University of Birmingham, UK); Abdulla Aldoseri (School of Computer Science, University of Birmingham, UK); Flavio D. Garcia (School of Computer Science, University of Birmingham, UK); Frank Piessens (imec-DistriNet, KU Leuven, Belgium); |
A Usability Evaluation of Let’s Encrypt and Certbot – Usable Security Done Right? | Christian Tiefenau (University of Bonn); Emanuel von Zezschwitz (University of Bonn, Fraunhofer FKIE); Maximilian Häring (Fraunhofer FKIE); Katharina Krombholz (CISPA Helmholtz Center for Information Security); Matthew Smith (University of Bonn, Fraunhofer FKIE); |
ABS: Scanning Neural Networks for Back-doors by Artificial Brain Stimulation | Yingqi Liu (Purdue University); Wen-Chuan Lee (Purdue University); Guanhong Tao (Purdue University); Shiqing Ma (Purdue University); Yousra Aafer (Purdue University); Xiangyu Zhang (Purdue University); |
Adversarial Sensor Attack on LiDAR-based Perception in Autonomous Driving | Yulong Cao (University of Michigan); Chaowei Xiao (University of Michigan); Benjamin Cyr (University of Michigan); Yimeng Zhou (University of Michigan); Won Park (University of Michigan); Sara Rampazzi (University of Michigan); Qi Alfred Chen (University of California, Irvine); Kevin Fu (University of Michigan); Z. Morley Mao (University of Michigan); |
AdVersarial: Perceptual Ad Blocking meets Adversarial Machine Learning | Florian Tramèr (Stanford University); Pascal Dupré (CISPA); Gili Rusak (Stanford); Giancarlo Pellegrino (Stanford University, CISPA); Dan Boneh (Stanford University); |
An In-depth Look Into SDN Topology Discovery Mechanisms: Novel Attacks and Practical Countermeasures | Eduard Marin (University of Birmingham); Nicola Bucciol (University of Padua); Mauro Conti (University of Padua); |
Analyzing Subgraph Statistics from Extended Local Views with Decentralized Differential Privacy | Haipei Sun (Qatar Computing Research Institute); Xiaokui Xiao (National University of Singapore); Issa Khalil (Qatar Computing Research Institute (QCRI), HBKU); Yin Yang (College of Science and Engineering, Hamad Bin Khalifa University); Zhan Qin (ZheJiang University); Hui (Wendy) Wang (Stevens Institute of Technology); Ting Yu (Qatar Computing Research Institute); |
Are These Pairing Elements Correct? Automated Verification and Applications | Susan Hohenberger (Johns Hopkins University); Satyanarayana Vusirikala (University of Texas at Austin); |
Atomic Multi-Channel Updates with Constant Collateral in Bitcoin-Compatible Payment-Channel Networks | Christoph Egger (Friedrich-Alexander-Universität Erlangen-Nürnberg); Pedro Moreno-Sanchez (TU Wien); Matteo Maffei (TU Wien); |
Attacking Graph-based Classification via Manipulating the Graph Structure | Binghui Wang (Duke University); Neil Zhenqiang Gong (Duke University); |
Automatic Fingerprinting of Vulnerable BLE IoT Devices with Static UUIDs from Mobile Apps | Chaoshun Zuo (Ohio State University); Haohuang Wen (Ohio State University); Zhiqiang Lin (Ohio State University); Yinqian Zhang (Ohio State University); |
Balance: Dynamic Adjustment of Cryptocurrency Deposits | Dominik Harz (Imperial College London); Lewis Gudgeon (Imperial College London); Arthur Gervais (Imperial College London); William J. Knottenbelt (Imperial College London); |
Binary Control-Flow Trimming | Masoud Ghaffarinia (University of Texas at Dallas); Kevin Hamlen (University of Texas at Dallas); |
Certificate Transparency in the Wild: Exploring the Reliability of Monitors | Bingyu Li (Institute of Information Engineering, CAS); Jingqiang Lin (Institute of Information Engineering, CAS); Fengjun Li (The University of Kansas, Lawrence, USA); Qiongxiao Wang (Institute of Information Engineering, CAS); Qi Li (Tsinghua University, China); Jiwu Jing (Institute of Information Engineering, CAS); Congli Wang (Institute of Information Engineering, CAS); |
Charting the Attack Surface of Trigger-Action IoT Platforms | Qi Wang (University of Illinois at Urbana-Champaign); Pubali Datta (University of Illinois at Urbana-Champaign); Wei Yang (The University of Texas at Dallas); Si Liu (University of Illinois at Urbana-Champaign); Carl Gunter (University of Illinois at Urbana-Champaign); Adam Bates (University of Illinois at Urbana-Champaign); |
CHURP: Dynamic-Committee Proactive Secret Sharing | Sai Krishna Deepak Maram (Cornell Tech); Fan Zhang (Cornell Tech); Lun Wang (UC Berkeley); Andrew Low (UC Berkeley); Yupeng Zhang (UC Berkeley and Texas A&M); Ari Juels (Jacobs Institute, Cornell Tech); Dawn Song (UC Berkeley); |
Conjure: Summoning Proxies from Unused Address Space | Sergey Frolov (University of Colorado Boulder); Jack Wampler (University of Colorado Boulder); Sze Chuen Tan (UIUC); J. Alex Halderman (University of Michigan); Nikita Borisov (UIUC); Eric Wustrow (University of Colorado Boulder); J. Alex Halderman (University of Michigan); |
CryptoGuard: High Precision Detection of Cryptographic Vulnerabilities in Massive-sized Java Projects | Sazzadur Rahaman (Department of Computer Science, Virginia Tech); Ya Xiao (Department of Computer Science, Virginia Tech); Sharmin Afrose (Department of Computer Science, Virginia Tech); Fahad Shaon (Department of Computer Science, The University of Texas at Dallas); Ke Tian (Department of Computer Science, Virginia Tech); Miles Frantz (Department of Computer Science, Virginia Tech); Murat Kantarcioglu (Department of Computer Science, The University of Texas at Dallas); Danfeng (Daphne) Yao (Department of Computer Science, Virginia Tech); |
DeepIntent: Deep Icon-Behavior Learning for Detecting Intention-Behavior Discrepancy in Mobile Apps | Shengqu Xi (Nanjing University); Shao Yang (Case Western Reserve University); Xusheng Xiao (Case Western Reserve University); Yuan Yao (Nanjing University); Yayuan Xiong (Nanjing University); Fengyuan Xu (National Key Lab for Novel Software Technology, Nanjing University); Haoyu Wang (Beijing University of Posts and Telecommunications); Peng Gao (University of California, Berkeley); Zhuotao Liu (University of Illinois at Urbana-Champaign); Feng Xu (Nanjing University); Jian Lu (Nanjing University); |
DeMiCPU: Device Fingerprinting with Magnetic Signals Radiated by CPU | Yushi Cheng (Zhejiang University); Xiaoyu Ji (Zhejiang University); Juchuan Zhang (Zhejiang University); Wenyuan Xu (Zhejiang University); Yi-Chao Chen (University of Texas at Austin); |
Detecting Fake Accounts in Online Social Networks at the Time of Registrations | Dong Yuan (Tsinghua University); Yuanli Miao (Tsinghua University); Neil Zhenqiang Gong (Duke University); Zheng Yang(Tsinghua University); Qi Li (Tsinghua University); Dawn Song (UC Berkeley); Qian Wang (Wuhan University); Xiao Liang (Tencent); |
Different is Good: Detecting the Use of Uninitialized Variables through Differential Replay | Mengchen Cao (Orion Security Lab, Alibaba Group); Xiantong Hou (Orion Security Lab, Alibaba Group); Tao Wang (Orion Security Lab, Alibaba Group); Hunter Qu (Orion Security Lab, Alibaba Group); Yajin Zhou (Zhejiang University); Xiaolong Bai (Orion Security Lab, Alibaba Group); Fuwei Wang (Orion Security Lab, Alibaba Group); |
Differentially Private Nonparametric Hypothesis Testing | Simon Couch (Reed College); Zeki Kazan (Reed College); Kaiyan Shi (Reed College); Andrew Bray (Reed College); Adam Groce (Reed College); |
Distributed Vector-OLE: Improved Constructions and Implementation | Adrià Gascón (The Alan Turing Institute / University of Warwick); Mariana Raykova (Google); Leonie Reichert (Humboldt-Universität zu Berlin); Phillipp Schoppmann (Humboldt-Universität zu Berlin); |
Effective and Light-Weight Deobfuscation and Semantic-Aware Attack Detection for PowerShell Scripts | Zhenyuan LI (Zhejiang University); Qi Alfred Chen (University of California, Irvine); Chunlin Xiong (Zhejiang University); Yan Chen (Northwestern University); Tiantian Zhu (Zhejiang University of Technology); Hai Yang (MagicShield Inc); |
Efficient MPC via Program Analysis: A Framework for Efficient Optimal Mixing | Muhammad Ishaq (University of Edinburgh);Ana Milanova (Rensselaer Polytechnic Institute);Vassilis Zikas (University of Edinburgh); |
Efficient Multi-Key Homomorphic Encryption with Packed Ciphertexts with Application to Oblivious Neural Network Inference | Hao Chen (MIcrosoft Research); Wei Dai (Microsoft Research); Miran Kim (University of Texas, Health Science Center at Houston); Yongsoo Song (Microsoft Research); |
Efficient Publicly Verifiable 2PC over a Blockchain with Applications to Financially-Secure Computations | Ruiyu Zhu (Indiana University Bloomington); Changchang Ding (Indiana University Bloomington); Yan Huang (Indiana University Bloomington); |
Efficient Two-Round OT Extension and Silent Non-Interactive Secure Computation | Elette Boyle (IDC Herzliya); Geoffroy Couteau (Karlsruhe Institute of Technology); Niv Gilboa (Ben-Gurion University of the Negev); Yuval Ishai (Technion); Lisa Kohl (Karlsruhe Institute of Technology); Peter Rindal (Visa Research); Peter Scholl (Aarhus University); |
Efficient Verifiable Secret Sharing with Share Recovery in BFT Protocols | Soumya Basu (Cornell University, IC3, VMWare Research); Alin Tomescu (MIT, VMWare Research); Ittai Abraham (VMware Research); Dahlia Malkhi (VMWare); Mike Reiter (UNC, VMWare Research); Emin Gün Sirer (Cornell, IC3); |
Efficient Zero-Knowledge Arguments in the Discrete Log Setting, Revisited | Michael Klooß (Karlsruhe Institute of Technology); Max Hoffmann (Ruhr University Bochum); Andy Rupp (Karlsruhe Institute of Technology); |
Encrypted Databases: New Volume Attacks against Range Queries | Zichen Gui (University of Bristol); Oliver Johnson (University of Bristol); Bogdan Warinschi (University of Bristol); |
Endemic Oblivious Transfer | Peter Rindal (Visa Research); Daniel Masny (Visa Research); |
Erlay: Efficient Transaction Relay for Bitcoin | Gleb Naumenko (University of British Columbia);Gregory Maxwell (Independent);Pieter Wuille (Blockstream);Alexandra (Sasha) Fedorova (University of British Columbia);Ivan Beschastnikh (University of British Columbia); |
Exploiting Symmetries when Proving Equivalence Properties for Security Protocols | Vincent Cheval (INRIA Nancy – Grand Est);Steve Kremer (INRIA Nancy – Grand Est);Itsaka Rakotonirina (INRIA Nancy – Grand Est); |
Fallout: Leaking Data on Meltdown-resistant CPUs | Claudio Canella (Graz University of Technology); Daniel Genkin (University of Michigan); Lukas Giner (Graz University of Technology); Daniel Gruss (Graz University of Technology); Moritz Lipp (Graz University of Technology); Marina Minkin (University of Michigan); Daniel Moghimi (Worcester Polytechnic Institute); Frank Piessens (KU Leuven); Michael Schwarz (Graz University of Technology); Berk Sunar (Worcester Polytechnic Institute); Jo Van Bulck (KU Leuven); Yuval Yarom (University of Adelaide and Data61) |
Fast Actively Secure Five-Party Computation with Security Beyond Abort | Megha Byali (Indian Institute of Science, Bangalore); Carmit Hazay (Bar-Ilan University, Israel); Arpita Patra (Indian Institute of Science, Bangalore); Swati Singla (Indian Institute of Science, Bangalore); |
Five Years of the Right to be Forgotten | Kurt Thomas (Google); Theo Bertram (Google); Elie Bursztein (Google); Stephanie Caro (Google); Hubert Chao (Google); Rutledge Chin Feman (Google); Peter Fleischer (Google); Albin Gustafsson (Google); Jess Hemerly (Google); Chris Hibbert (Google); Luca Invernizzi (Google); Lanah Kammourieh Donnelly (Google); Jason Ketover (Google); Jay Laefer (Google); Paul Nicholas (Google); Yuan Niu (Google); Harjinder Obhi (Google); David Price (Google); Andrew Strait (Google); Al Verney (Google); |
Flexible Byzantine Fault Tolerance | Dahlia Malkhi (VMware Research); Kartik Nayak (VMware Research); Ling Ren (VMware Research); |
GALACTICS: Gaussian Sampling for Lattice-Based Constant-Time Implementation of Cryptographic Signatures, Revisited | Gilles Barthe (MPI-SP and IMDEA Software Institute);Sonia Belaïd (CryptoExperts);Thomas Espitau (Sorbonne Université);Pierre-Alain Fouque (Univ Rennes);Mélissa Ross (ENS and Thalès);Mehdi Tibouchi (NTT Corporation); |
Geneva: Evolving Censorship Evasion Strategies | Kevin Bock (University of Maryland); George Hughey (University of Maryland); Xiao Qiang (UC Berkeley); Dave Levin (University of Maryland); |
Gollum: Modular and Greybox Exploit Generation for Heap Overflows in Interpreters | Sean Heelan (University of Oxford); Daniel Kroening (University of Oxford); Tom Melham (University of Oxford); |
Hardware-Backed Heist | Keegan Ryan (NCC Group); Keegan Ryan (NCC Group); |
HideNoSeek: Camouflaging Malicious JavaScript in Benign ASTs | Aurore Fass (CISPA Helmholtz Center for Information Security);Michael Backes (CISPA Helmholtz Center for Information Security);Ben Stock (CISPA Helmholtz Center for Information Security); |
HoneyBadgerMPC and AsynchroMix: Practical Asynchronous MPC and its Application to Anonymous Communication | Donghang Lu (Purdue University); Thomas Yurek (UIUC); Samarth Kulshreshtha (UIUC); Rahul Govind (UIUC); Aniket Kate (Purdue University); Andrew Miller (UIUC); |
Houdini’s Escape: Breaking the Resource Rein of Linux Control Groups | Xing Gao (University of Memphis); Zhongshu Gu (IBM Research); Zhengfa Li (Independent Researcher); Hani Jamjoom (IBM Research); Cong Wang (Old Dominion University); |
How to (not) share a password: Privacy preserving protocols for finding heavy hitters with adversarial behavior | Moni Naor (Weizmann Institue);Benny Pinkas (Bar Ilan University);Eyal Ronen (Tel Aviv University, KU Leuven); |
How to accurately and privately identify anomalies | Hafiz Asif (Rutgers University); Periklis Papakonstantinou (Rutgers University); Jaideep Vaidya (Rutgers University); |
HyperService: Interoperability and Programmability across Heterogeneous Blockchains | Zhuotao Liu (UIUC & Google); Yangxi Xiang (Beijing University of Posts and Telecommunications); Jian Shi (Case Western Reserve University); Peng Gao (University of California, Berkeley); Haoyu Wang (Beijing University of Posts and Telecommunications); Xusheng Xiao (Case Western Reserve University); Bihan Wen (Nanyang Technological University); Yih-Chun Hu (UIUC); |
Insecure Until Proven Updated: Analyzing AMD SEV’s Remote Attestation | Robert Buhren (Technische Universität Berlin); Christian Werling (Hasso Plattner Institute, Potsdam); Jean-Pierre Seifert(Technische Universität Berlin) |
Intriguer: Field-Level Constraint Solving for Hybrid Fuzzing | Mingi Cho (Yonsei University);Seoyoung Kim (Yonsei University);Taekyoung Kwon (Yonsei University); |
Just the Tip of the Iceberg: Internet-Scale Exploitation of Routers for Cryptojacking | H.L.J. Bijmans (Delft University of Technology);T.M. Booij (Delft University of Technology);C. Doerr (Delft University of Technology); |
Latent Backdoor Attacks on Deep Neural Networks | Yuanshun Yao (University of Chicago); Huiying Li (University of Chicago); Haitao Zheng (University of Chicago); Ben Y. Zhao (University of Chicago); |
Learning to Fuzz from Symbolic Execution with Application to Smart Contracts | Jingxuan He (ETH Zurich); Mislav Balunovic (ETH Zurich); Nodar Ambroladze (ETH Zurich); Petar Tsankov (ETH Zurich); Martin Vechev (ETH Zurich); |
LegoSNARK: Modular Design and Composition of Succinct Zero-Knowledge Proofs | Matteo Campanelli (IMDEA Software Institute, Madrid, Spain); Dario Fiore (IMDEA Software Institute, Madrid, Spain); Anaïs Querol (IMDEA Software Institute, Madrid, and Universidad Politecnica de Madrid, Spain); |
Let’s Encrypt: An Automated Certificate Authority to Encrypt the Entire Web | Josh Aas (Let’s Encrypt); Richard Barnes (Cisco); Benton Case (Stanford University); Zakir Durumeric (Stanford University); Peter Eckersley (Electronic Frontier Foundation); Alan Flores-López (Stanford University); J. Alex Halderman (University of Michigan); Jacob Hoffman-Andrews (Electronic Frontier Foundation); James Kasten (University of Michigan); Eric Rescorla (Mozilla); Seth Schoen (Electronic Frontier Foundation); Brad Warren (Electronic Frontier Foundation); |
LevioSA: Lightweight Secure Arithmetic Computation | Carmit Hazay (Bar-Ilan University); Yuval Ishai (Technion); Antonio Marcedone (Cornell-Tech); Muthu Venkitasubramaniam (University of Rochester); |
LibreCAN: Automated CAN Message Translator | Mert D. Pesé (University of Michigan, Ann Arbor); Troy Stacer (University of Michigan, Ann Arbor); C. Andrés Campos (University of Michigan, Ann Arbor); Eric Newberry (University of Michigan, Ann Arbor); Dongyao Chen (University of Michigan, Ann Arbor); Kang G. Shin (University of Michigan, Ann Arbor); |
Lifelong Anomaly Detection Through Unlearning | Min Du (University of California Berkeley);Zhi Chen (University of California Berkeley);Chang Liu (Citadel Securities);Rajvardhan Oak (University of California Berkeley);Dawn Song (University of California Berkeley) |
LightBox: Full-stack Protected Stateful Middlebox at Lightning Speed | Huayi DUAN (City University of Hong Kong); Cong Wang (City University of Hong Kong); Xingliang Yuan (Monash University); Yajin Zhou (Zhejiang University); Qian Wang (Wuhan University); Kui Ren (Zhejiang University); |
Log2vec: A Heterogeneous Graph Embedding Based Approach for Detecting Cyber Threats within Enterprise | Fucheng Liu (Institute of Information Engineering, Chinese Academy of Science);Yu Wen (Institute of Information Engineering, Chinese Academy of Sciences);Dongxue Zhang (Institute of Information Engineering, Chinese Academy of Science);Xihe Jiang (Institute of Information Engineering, Chinese Academy of Science);Xinyu Xing (The Pennsylvania State University);Dan Meng (Institute of Information Engineering, Chinese Academy of Science); |
Machine-Checked Proofs for Cryptographic Standards | José Bacelar Almeida (Universidade do Minho & INESC-TEC); Cécile Baritel-Ruet (Université Côte d’Azur & Inria Sophia-Antipolis); Manuel Barbosa (Universidade do Porto & INESC-TEC); Gilles Barthe (MPI-SP & IMDEA Software Institute); François Dupressoir (University of Surrey & University of Bristol); Benjamin Grégoire (Inria Sophia-Antipolis); Vincent Laporte (Inria); Tiago Oliveira (Universidade do Porto & INESC-TEC & FCUP); Alley Stoughton (Boston University); Pierre-Yves Strub (École Polytechnique); |
Make Some ROOM for the Zeros: Data Sparsity in Secure Distributed Machine Learning | Phillipp Schoppmann (Humboldt-Universität zu Berlin); Adrià Gascón (The Alan Turing Institute, University of Warwick); Mariana Raykova (Google); Benny Pinkas (Bar Ilan University); |
MalMax: Multi-Aspect Execution for Automated Dynamic Web Server Malware Analysis | Abbas Naderi-Afooshteh (University of Virginia); Yonghwi Kwon (University of Virginia); Jack Davidson (University of Virginia); Anh Nguyen-Tuong (University of Virginia); Ali Razmjoo-Qalaei (ZDResearch); Mohammad-Reza Zamiri-Gourabi (ZDResearch); |
Matched and Mismatched SOCs: A Qualitative Study on Security Operations Center Issues | Faris Bugra Kokulu (Arizona State University); Ananta Soneji (Arizona State University); Tiffany Bao (Arizona State University); Yan Shoshitaishvili (Arizona State University); Ziming Zhao (Rochester Institute of Technology); Adam Doupé (Arizona State University); Gail-Joon Ahn (Arizona State University and Samsung Research); |
MatRiCT: Efficient, Scalable and Post-Quantum Blockchain Confidential Transactions Protocol | Muhammed F. Esgin (Monash University and Data61, CSIRO); Raymond K. Zhao (Monash University); Ron Steinfeld (Monash University); Joseph K. Liu (Monash University); Dongxi Liu (Data61, CSIRO); |
Matryoshka: fuzzing deeply nested branches | Peng Chen (ByteDance AI lab); Jianzhong Liu (ShanghaiTech University); Hao Chen (University of California, Davis); |
Membership Privacy for Fully Dynamic Group Signatures | Michael Backes (CISPA Helmholtz Center for Information Security); Lucjan Hanzlik (CISPA Helmholtz Center for Information Security, Stanford University); Jonas Schneider-Bensch (CISPA Helmholtz Center for Information Security); |
MemGuard: Defending against Black-Box Membership Inference Attacks via Adversarial Examples | Jinyuan Jia (Duke University); Ahmed Salem (CISPA Helmholtz Center for Information Security); Michael Backes (CISPA Helmholtz Center for Information Security); Yang Zhang (CISPA Helmholtz Center for Information Security); Neil Zhenqiang Gong (Duke University); |
Mitigating Leakage in Secure Cloud-Hosted Data Structures: Volume Hiding for Multi-Maps via Hashing | Sarvar Patel (Google); Giuseppe Persiano (Universita’ di Salerno and Google); Kevin Yeo (Google); Moti Yung (Google); |
Moving Beyond Set-It-And-Forget-It Privacy Settings on Social Media | Mainack Mondal (Cornell University / University of Chicago); Günce Su Yılmaz (University of Chicago); Noah Hirsch (University of Chicago); Mohammad Taha Khan (University of Illinois at Chicago); Michael Tang (University of Chicago); Christopher Tran (University of Illinois at Chicago); Chris Kanich (University of Illinois at Chicago); Blase Ur (University of Chicago); Elena Zheleva (University of Illinois at Chicago); |
Multisketches: Practical Secure Sketches Using Off-the-Shelf Biometric Matching Algorithms | Rahul Chatterjee (Cornell University); M. Sadegh Riazi (UCSD); Tanmoy Chowdhury (GMU); Emanuela Marasco (GMU); Farinaz Koushanfar (UCSD); Ari Juels (Jacobs Institute, Cornell Tech); |
Network Hygiene, Incentives, and Regulation: Deployment of Source Address Validation in the Internet | Matthew Luckie (University of Waikato); Robert Beverly (Naval Postgraduate School); Ryan Koga (CAIDA / UC San Diego); Ken Keys (CAIDA / UC San Diego); Joshua Kroll (UC Berkeley School of Information); kc claffy (CAIDA / UC San Diego); |
Neural Network Inversion in Adversarial Setting via Background Knowledge Alignment | Ziqi Yang (National University of Singapore); Jiyi Zhang (National University of Singapore); Ee-Chien Chang (National University of Singapore); Zhenkai Liang (National University of Singapore); |
Oh, the Places You’ve Been! User Reactions to Longitudinal Transparency About Third-Party Web Tracking and Inferencing | Ben Weinshel (University of Chicago); Miranda Wei (University of Chicago); Mainack Mondal (Cornell University / University of Chicago); Euirim Choi (University of Chicago); Shawn Shan (University of Chicago); Claire Dolin (University of Chicago); Michelle L. Mazurek (University of Maryland); Blase Ur (University of Chicago); |
Omniring: Scaling Private Payments Without Trusted Setup | Russell W. F. Lai (Friedrich Alexander University Erlangen-Nuremberg); Viktoria Ronge (Friedrich Alexander University Erlangen-Nuremberg); Tim Ruffing (Blockstream); Dominique Schröder (Friedrich Alexander University Erlangen-Nuremberg); Sri Aravinda Krishnan Thyagarajan (Friedrich Alexander University Erlangen-Nuremberg); Jiafan Wang (Chinese University of Hong Kong); |
Onion Ring ORAM: Efficient Constant Bandwidth Oblivious RAM from (Leveled) TFHE | Hao Chen (Microsoft Research); Ilaria Chillotti (KU Leuven); Ling Ren (VMware Research); |
OPERA: Open Remote Attestation for Intel’s Secure Enclaves | Guoxing Chen (The Ohio State University); Yinqian Zhang (The Ohio State University); Ten-Hwang Lai (The Ohio State University); |
Page Cache Attacks | Daniel Gruss (Graz University of Technology); Erik Kraft (Graz University of Technology); Trishita Tiwari (Boston University); Michael Schwarz (Graz University of Technology); Ari Trachtenberg (Boston University); Jason Hennessey (NetApp); Alex Ionescu (CrowdStrike); Anders Fogh (Intel Corporation); |
Peeves: Physical Event Verification in Smart Homes | Simon Birnbach (University of Oxford); Simon Eberz (University of Oxford); Ivan Martinovic (University of Oxford); |
PIEs: Public Incompressible Encodings for Decentralized Storage | Ethan Cecchetti (Cornell University); Benjamin Fisch (Stanford University); Ian Miers (Cornell Tech); Ari Juels (Jacobs Institute, Cornell Tech); |
POIROT: Aligning Attack Behavior with Kernel Audit Records for Cyber Threat Hunting | Sadegh M. Milajerdi (UIC); Birhanu Eshete (University of Michigan-Dearborn); Rigel Gjomemo (UIC); V.N. Venkatakrishnan (UIC); |
Post-Collusion Security and Distance Bounding | Sjouke Mauw (SnT/CSC, University of Luxembourg); Zach Smith (CSC, University of Luxembourg); Jorge Toro-Pozo (CSC, University of Luxembourg); Rolando Trujillo-Rasua (School of Information Technology, Deakin University); |
Power Adjusting and Bribery Racing: Novel Mining Attacks in the Bitcoin System | Shang Gao (The Hong Kong Polytechnic University); Zecheng Li (The Hong Kong Polytechnic University); Zhe Peng (The Hong Kong Polytechnic University); Bin Xiao (The Hong Kong Polytechnic University); Shang Gao (Microsoft Research); |
Practical Decryption exFiltration: Breaking PDF Encryption | Jens Müller (Ruhr University Bochum); Fabian Ising (Münster University of Applied Sciences); Vladislav Mladenov (Ruhr University Bochum); Christian Mainka (Ruhr University Bochum); Sebastian Schinzel (Münster University of Applied Sciences); Jörg Schwenk (Ruhr University Bochum); |
Practical Fully Secure Three-Party Computation via Sublinear Distributed ZK Proofs | Ariel Nof (Bar-Ilan University); Yuval Ishai (Technion and UCLA); Elette Boyle (IDC Herzliya); Niv Gilboa (BGU); |
Principled Unearthing of TCP Side Channel Vulnerabilities | Yue Cao (University of California, Riverside); Zhongjie Wang (University of California, Riverside); Zhiyun Qian (University of California, Riverside); Chengyu Song (University of California, Riverside); Srikanth Krishnamurthy (University of California, Riverside); Paul Yu (Army Research Laboratory); |
Prism: Deconstructing the Blockchain to Approach Physical Limits | Vivek Bagaria (Stanford University); Sreeram Kannan (University of Washington Seattle); David Tse (Stanford University); Giulia Fanti (Carnegie Mellon University); Pramod Viswanath (University of Illinois Urbana-Champaign); |
Privacy Aspects and Subliminal Channels in Zcash | Alex Biryukov (University of Luxembourg); Daniel Feher (University of Luxembourg); Giuseppe Vitto (University of Luxembourg); |
Privacy Risks of Securing Machine Learning Models against Adversarial Examples | Liwei Song (Princeton University); Reza Shokri (National University of Singapore (NUS)); Prateek Mittal (Princeton University); |
PrivDPI: Privacy-Preserving Encrypted Traffic Inspection with Reusable Obfuscated Rules | Jianting Ning (Fujian Normal University & National University of Singapore); Geong Sen Poh (Trustwave & NUS-Singtel Cyber Security Lab); Jia-Ch’ng Loh (NUS-Singtel Cyber Security Lab); Jason Chia (NUS-Singtel Cyber Security Lab); Ee-Chien Chang (National University of Singapore); |
Probabilistic Data Structures in Adversarial Environments | David Clayton (University of Florida); Christopher Patton (University of Florida); Thomas Shrimpton (University of Florida); |
Procedural Noise Adversarial Examples for Black-Box Attacks on Deep Convolutional Networks | Kenneth Co (Imperial College London);Luis Muñoz-González (Imperial College London);Emil C. Lupu (Imperial College London);Sixte de Maupeou (Imperial College London);Kenneth Co (Imperial College London); |
Program-mandering: Quantitative Privilege Separation | Shen Liu (The Pennsylvania State University, University Park); Dongrui Zeng (The Pennsylvania State University, University Park); Yongzhe Huang (The Pennsylvania State University, University Park); Frank Capobianco (The Pennsylvania State University, University Park); Stephen McCamant (University of Minnesota, Twin Cities); Trent Jaeger (The Pennsylvania State University, University Park); Gang Tan (The Pennsylvania State University, University Park); |
Proof-Carrying Network Code | Christian Skalka (University of Vermont); John Ring (University of Vermont); David Darais (University of Vermont); Minseok Kwon (Rochester Institute of Technology); Sahil Gupta (Rochester Institute of Technology); Kyle Diller (Rochester Institute of Technology); Steffen Smolka (Cornell University); Nate Foster (Cornell University); |
Protocols for Checking Compromised Credentials | Lucy Li (Cornell University); Bijeeta Pal (Cornell University); Junade Ali (Cloudflare Inc.); Nick Sullivan (Cloudflare Inc.); Rahul Chatterjee (Cornell University); Thomas Ristenpart (Cornell Tech); |
Quantitative Verification of Neural Networks and Its Security Applications | Teodora Baluta (National University of Singapore);Shiqi Shen (National University of Singapore);Shweta Shinde (University of California, Berkeley);Kuldeep S. Meel (National University of Singapore);Prateek Saxena (National University of Singapore); |
QUOTIENT: Two-Party Secure Neural Network Training and Prediction | Nitin Agrawal (University of Oxford); Ali Shahin Shamsabadi (Queen Mary University London); Matthew Kusner (University of Oxford, The Alan Turing Institute); Adria Gascon (The Alan Turing Institute); |
SAMPL: Scalable Auditability of Monitoring Processes using Public Ledgers | Roopa Vishwanathan (New Mexico State University); Gaurav Panwar (New Mexico State University); Satyajayant Misra (New Mexico State University); Austin Bos (New Mexico State University); |
SecTEE: A Software-based Approach to Secure Enclave Architecture Using TEE | Shijun Zhao (Institute of Software Chinese Academy of Sciences); Qianying Zhang (Capital Normal University Information Engineering Colleg); Qin Yu (Institute of Software Chinese Academy of Sciences); Wei Feng (Institute of Software Chinese Academy of Sciences); Dengguo Feng (Institute of Software Chinese Academy of Sciences); |
Securely Sampling Biased Coins with Applications to Differential Privacy | Jeffrey Champion (Northeastern University); Abhi Shelat (Northeastern University); Jonathan Ullman (Northeastern University); |
Security Certification in Payment Card Industry: Testbeds, Measurements, and Recommendations | Sazzadur Rahaman (Virginia Tech), Gang Wang (University of Illinois at Urbana-Champaign), Daphne Yao (Virginia Tech) |
Seeing isn’t Believing: Towards More Robust Adversarial Attack Against Real World Object Detectors | Yue Zhao (SKLOIS, Institute of Information Engineering, Chinese Academy of Sciences, China; School of Cyber Security, University of Chinese Academy of Sciences, China); Hong Zhu (SKLOIS, Institute of Information Engineering, Chinese Academy of Sciences, China; School of Cyber Security, University of Chinese Academy of Sciences, China); Ruigang Liang (SKLOIS, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China); Qintao Shen (SKLOIS, Institute of Information Engineering, Chinese Academy of Sciences, China; School of Cyber Security, University of Chinese Academy of Sciences, China); Shengzhi Zhang (Department of Computer Science, Metropolitan College, Boston University); Kai Chen (SKLOIS, Institute of Information Engineering,Chinese Academy of Sciences, China; School of Cyber Security, University of Chinese Academy of Sciences, China); |
SEEMless: Secure End-to-End Encrypted Messaging with less Trust | Melissa Chase (Microsoft Research); Apoorvaa Deshpande (Brown University); Esha Ghosh (Microsoft Research); Harjasleen Malvai (Cornell University); |
Seems Legit: Automated Analysis of Subtle Attacks on Protocols that use Signatures | Dennis Jackson (University of Oxford); Katriel Cohn-Gordon (independent); Cas Cremers (CISPA Helmholtz Center for Information Security); Ralf Sasse (ETH Zürich); |
SICO: Surgical Interception Attacks by Manipulating BGP Communities | Henry Birge-Lee (Princeton University); Liang Wang (Princeton University); Jennifer Rexford (Princeton University); Prateek Mittal (Princeton University); |
Signed Cryptographic Program Verification with Typed CryptoLine | Yu-Fu Fu (Academia Sinica); Jiaxiang Liu (Academia Sinica & Shenzhen University); Xiaomu Shi (Academia Sinica & Shenzhen University); Ming-Hsien Tsai (Academia Sinica); Bow-Yaw Wang (Academia Sinica); Bo-Yin Yang (Academia Sinica); |
SLAKE: Facilitating Slab Manipulation for Exploiting Vulnerabilities in the Linux Kernel | Yueqi Chen (Pennsylvania State University); Xinyu Xing (Pennsylvania State University); |
SMoTherSpectre: exploiting speculative execution through port contention | Atri Bhattacharyya (EPFL); Alexandra Sandulescu (IBM Zurich); Matthias Neugschwandtner (IBM Zurich); Alessandro Sorniotti (IBM Zurich); Babak Falsafi (EPFL); Mathias Payer (EPFL); Anil Kurmus (IBM Zurich); |
Sonic: Zero-Knowledge SNARKs from Linear-Size Universal and Updatable Structured Reference Strings | Mary Maller (University College London); Sean Bowe (Zcash); Markulf Kohlweiss (University of Edinburgh, IOHK); Sarah Meiklejohn (University College London); |
Stormy: Statistics in Tor by Measuring Securely | Ryan Wails (U.S. Naval Research Laboratory); Aaron Johnson (U.S. Naval Research Laboratory); Daniel Starin (Perspecta Labs); Arkady Yerukhimovich (George Washington University); S. Dov Gordon (George Mason University) |
Succinct Arguments for Bilinear Group Arithmetic: Practical Structure-Preserving Cryptography | Russell W. F. Lai (Friedrich-Alexander University Erlangen-Nuremberg); Giulio Malavolta ( Carnegie Mellon University); Viktoria Ronge (Friedrich-Alexander University Erlangen-Nuremberg); |
Tesseract: Real-Time Cryptocurrency Exchange Using Trusted Hardware | Iddo Bentov (Cornell Tech);Ari Juels (Cornell Tech);Fan Zhang (Cornell Tech);Yan Ji (Cornell Tech);Phil Daian (Cornell Tech);Lorenz Breindenbach (ETH Zurich); |
The Art and Craft of Fraudulent App Promotion in Google Play | Mizanur Rahman (Amazon); Nestor Hernandez (FIU); Ruben Recabarren (FIU); Syed Ishtiaque Ahmed (University of Toronto); Bogdan Carbunar (FIU); |
The Catcher in the Field: A Fieldprint based Spoofing Detection for Text-Independent Speaker Verification | Chen Yan (Zhejiang University); Yan Long (Zhejiang University); Xiaoyu Ji (Zhejiang University); Wenyuan Xu (Zhejiang University); |
The Next 700 Policy Miners: A Universal Method for Building Policy Miners | Carlos Cotrini (ETH Zurich); Luca Corinzia (ETH Zurich); Thilo Weghorn (ETH Zurich); David Basin (ETH Zurich); |
The SPHINCS+ signature framework | Andreas Hülsing (TU Eindhoven); Peter Schwabe (RU Nijmegen); Joost Rijneveld (RU Nijmegen); Stefan Kölbl (Cybercrypt); Daniel J Bernstein (University of Illinois at Chicago and Ruhr University Bochum); Ruben Niederhagen (SIT Fraunhofer); |
TokenScope: Automatically Detecting Inconsistent Behaviors of Cryptocurrency Tokens in Ethereum | Ting Chen (University of Electronic Science and Technology of China); Yufei Zhang (University of Electronic Science and Technology of China); Zihao Li (University of Electronic Science and Technology of China); Xiapu Luo (The Hong Kong Polytechnic University); Ting Wang (Lehigh University); Rong Cao (University of Electronic Science and Technology of China); Xiuzhuo Xiao (University of Electronic Science and Technology of China); Xiaosong Zhang (University of Electronic Science and Technology of China); |
Towards Continuous Access Control Validation and Forensics | Chengcheng Xiang (University of California San Diego); Yudong Wu (University of California San Diego); Bingyu Shen (University of California San Diego); Mingyao Shen (University of California San Diego); Tianyin Xu (University of Illinois Urbana-Champaign); Yuanyuan Zhou (University of California San Diego); Cindy Moore (University of California San Diego); Xinxin Jin (Whova, Inc.); Tianwei Sheng (Whova, Inc.); |
Towards Memory Safe Enclave Programming with Rust-SGX | Huibo Wang (University of Texas at Dallas); Pei Wang (Baidu X-Lab); Yu Ding (Baidu X-Lab); Mingshen Sun (Baidu X-Lab); Yiming Jing (Baidu X-Lab); Ran Duan (Baidu X-Lab); Long Li (Baidu X-Lab); Yulong Zhang (Baidu X-Lab); Tao Wei (Baidu X-Lab); Zhiqiang Lin (Ohio State University); |
Traceback for End-to-End Encrypted Messaging | Nirvan Tyagi (Cornell University); Ian Miers (Cornell Tech; University of Maryland); Thomas Ristenpart (Cornell Tech); |
Transparency Logs via Append-only Authenticated Dictionaries | Alin Tomescu (MIT); Vivek Bhupatiraju (Lexington High School); Dimitrios Papadopoulos (Hong Kong University of Science and Technology); Charalampos Papamanthou (University of Maryland); Nikos Triandopoulos (Stevens Institute of Technology); Srinivas Devadas (MIT); |
Trick or Heat? Manipulating Critical Temperature-Based Control Systems using Rectification attacks | Yazhou Tu (University of Louisiana at Lafayette); Sara Rampazzi (University of Michigan); Bin Hao (University of Louisiana at Lafayette); Angel Rodriguez (University of Michigan); Kevin Fu (University of Michigan); Xiali Hei (University of Louisiana at Lafayette); |
Triplet Fingerprinting: More Practical and Portable Website Fingerprinting with N-shot Learning | Payap Sirinam (Navaminda Kasatriyadhiraj Royal Air Force Academy); Nate Matthews (Rochester Institute of Technology); Mohammad Saidur Rahman (Rochester Institute of Technology); Matthew Wright (Rochester Institute of Technology); |
Two-party Private Set Intersection with an Untrusted Third Party. | Phi Hung Le (George Mason University);Samuel Ranellucci (University of Maryland, George Mason University);S. Dov Gordon (George Mason University); |
Two-Thirds Honest-Majority MPC for Malicious Adversaries at Almost the Cost of Semi-Honest | Jun Furukawa (NEC Israel Research Center); Yehuda Lindell (Bar-Ilan University and Unbound Tech); |
Updatable Anonymous Credentials and Applications to Incentive Systems | Johannes Blömer (Paderborn University); Jan Bobolz (Paderborn University); Denis Diemert (Paderborn University); Fabian Eidens (Paderborn University); |
Updatable Oblivious Key Management for Storage Systems | Stanislaw Jarecki (University of California, Irvine);Hugo Krawczyk (Algorand Foundation);Jason Resch (Independent); |
User Account Access Graphs | Sven Hammann (ETH Zurich); Sasa Radomirovic (University of Dundee); Ralf Sasse (ETH Zurich); David Basin (ETH Zurich); |
Velody: Nonlinear Vibration Challenge-Response for Resilient User Authentication | Jingjie Li (University of Wisconsin-Madison); Younghyun Kim (University of Wisconsin-Madison); Kassem Fawaz (University of Wisconsin-Madison); |
Verified Verifiers for Verifying Elections | Thomas Haines (Norwegian University of Science and Technology);Rajev Gore (The Australian National University);Mukesh Tiwari (The Australian National University); |
VeriSketch: Synthesizing Secure Hardware Designs with Timing-Sensitive Information Flow Properties | Armaiti Ardeshiricham (UCSD); Yoshiki Takashima (UCSD); Sicun Gao (UCSD); Ryan Kastner (UCSD); |
VoltJockey: Breaching TrustZone by Software-Controlled Voltage Manipulation over Multi-core Frequencies | Pengfei Qiu (Research Institute of Information Technology & BNRist, Tsinghua University, Beijing, China); Yongqiang Lyu (Research Institute of Information Technology & BNRist, Tsinghua University, Beijing, China); Dongsheng Wang (Research Institute of Information Technology & BNRist, Tsinghua University, Beijing, China); Gang Qu (Department of Electrical and Computer Engineering, University of Maryland, College Park, Maryland, USA); |
Watching You Watch: The Tracking Ecosystem of Over-the-Top TV Streaming Devices | Hooman Mohajeri Moghaddam (Princeton University); Gunes Acar (Princeton University); Arunesh Mathur (Princeton University); Danny Y. Huang (Princeton University); Ben Burgess (Princeton University); Nick Feamster (Princeton University); Edward Felten (Princeton University); Prateek Mittal (Princeton University); Arvind Narayanan (Princeton University); |
Where Does It Go? Refining Indirect-Call Targets with Multi-Layer Type Analysis | Kangjie Lu (University of Minnesota); Hong Hu (GeorgiaTech); |
WI is not Enough: Zero-Knowledge Contingent (Service) Payments Revisited | Georg Fuchsbauer (Inria and Ecole normale superieure); |
You Are Who You Appear to Be: A Longitudinal Study of Domain Impersonation in TLS Certificates | Richard Roberts (University of Maryland); Yaelle Goldschlag (University of Maryland); Rachel Walter (University of Maryland); Taejoong Chung (Rochester Institute of Technology); Alan Mislove (Northeastern University); Dave Levin (University of Maryland); |
You Shall Not Join: A Measurement Study of Cryptocurrency Peer-to-Peer Bootstrapping Techniques | Angelique Faye Loe (Royal Holloway, University of London); Elizabeth Quaglia (Royal Holloway, University of London); |
Your Cache Has Fallen: Cache-Poisoned Denial-of-Service Attack | Hoai Viet Nguyen (Cologne University of Applied Sciences); Luigi Lo Iacono (Cologne University of Applied Sciences); Hannes Federrath (University of Hamburg); |
zkay: Specifying and Enforcing Data Privacy in Smart Contracts | Samuel Steffen (ETH Zürich); Benjamin Bichsel (ETH Zürich); Mario Gersbach (ETH Zürich); Noa Melchior (ETH Zürich); Petar Tsankov (ETH Zürich); Martin Vechev (ETH Zürich); |
ZombieLoad: Cross-Privilege-Boundary Data Sampling | Michael Schwarz (Graz University of Technology); Moritz Lipp (Graz University of Technology); Ahmad Moghimi (Worcester Polytechnic Institute); Jo Van Bulck (imec-DistriNet, KU Leuven); Julian Stecklina (Cyberus Technology); Thomas Prescher (Cyberus Technology); Daniel Gruss (Graz University of Technology); |