Tuesday (November 12th, 2019) — CCS Main Conference
Wednesday (November 13th, 2019) — CCS Main Conference
Thursday (November 14th, 2019) — CCS Main Conference
Friday (November 15th, 2019) — Post-Conference Workshops
Pre-Conference Workshops on Monday, November 11th, 2019 (07:30-17:30)
Time | 2019 Cloud Computing Security Workshop Room: Blenheim |
5th Workshop on Theory and Practice of Differential Privacy Room: Buckingham & Kensington |
Theory of Implementation Security Workshop Room: Thames – Waterloo & Tower |
6th ACM Workshop on Moving Target Defense Room: Windsor – Lancaster |
7th Workshop on Encrypted Computing & Applied Homomorphic Cryptography Room: Westminster |
18th Workshop on Privacy in the Electronic Society Room: Windsor – York |
ACM Workshop on Cyber-Physical Systems Security & Privacy Room: Park |
5th Security Standardisation Research Workshop Room: Thames – Chelsea & Richmond |
---|---|---|---|---|---|---|---|---|
07:30-09:00 | Breakfast (Room: Monarch) & Registration (Room: West Wing Foyer) | |||||||
09:00-10:00 | CCSW | TPDP | TIS | MTD | WAHC | WPES | CPS-SPC | SSR |
10:00-10:45 | Coffee Break | |||||||
10:45-12:00 | CCSW | TPDP | TIS | MTD | WAHC | WPES | CPS-SPC | SSR |
12:00-14:00 | Lunch Break (Room: Monarch) | |||||||
14:00-15:00 | CCSW | TPDP | TIS | MTD | WAHC | WPES | CPS-SPC | SSR |
15:00-15:45 | Coffee Break | |||||||
15:45-17:30 | CCSW | TPDP | TIS | MTD | WAHC | WPES | CPS-SPC | SSR | 17:30-18:00 | Break | 18:00-20:00 | CCS Women’s Networking Reception (Room: EDG Bar Library) |
CCS Main Conference on Tuesday, November 12th, 2019
Room Time |
Kings Balmoral | Kings Sandringham | Windsor | Blenheim | Buckingham & Kensington | |
---|---|---|---|---|---|---|
07:30-9:00 | Breakfast (Room: Monarch) & Registration (Room: West Wing Foyer) | |||||
09:00-9:15 | Chairs’ Welcome (Room: Kings) | |||||
09:15-10:30 | Keynote: Ingrid Verbauwhede, The Need for Hardware Roots of Trust (Room: Kings) Session chair: Jonathan Katz, George Mason University | |||||
10:30-11:00 | Coffee Break | |||||
11:00-12:00 | 1A: Attack I | 1B: Cryptographic Primitives | 1C: Cloud Security I | 1D: Forensics | 1E: Privacy I | |
Session chair: Wenyuan Xu, Zhejiang University | Session chair: Dario Fiore, IMDEA Software Institute | Session chair: Zhiqiang Lin, Ohio State University | Session chair: Omar Haider Chowdhury, The University of Iowa | Session chair: Ben Stock, CISPA Helmholtz Center for Information Security | ||
1 Trillion Dollar Refund – How To Spoof PDF Signatures
|
Omniring: Scaling Up Private Payments Without Trusted Setup — Formal Foundations and a Construction of Ring Confidential Transactions with Log-size Proofs
|
A Machine-Checked Proof of Security for AWS Key Management Service
|
The Next 700 Policy Miners: A Universal Method for Building Policy Miners
|
Watching You Watch: The Tracking Ecosystem of Over-the-Top TV Streaming Devices
|
||
Practical Decryption exFiltration: Breaking PDF Encryption
|
WI is not Enough: Zero-Knowledge Contingent (Service) Payments Revisited
|
Mitigating Leakage in Secure Cloud-Hosted Data Structures: Volume Hiding for Multi-Maps via Hashing
|
Towards Continuous Access Control Validation and Forensics
|
Oh, the Places You’ve Been! User Reactions to Longitudinal Transparency About Third-Party Web Tracking and Inferencing
|
||
12:00-13:30 | Lunch Break (Room: Monarch) | |||||
13:30-15:30 | 2A: Side Channels I | 2B: ML Security I | 2C: Secure Computing I | 2D: Encryption (Searchable, Updatable, Homomorphic, etc.) | 2E: Internet Security | |
Session chair: Michael Franz, University of California, Irvine | Session chair: Yang Zhang, CISPA Helmholtz Center for Information Security | Session chair: Yan Huang, Indiana University Bloomington | Session chair: Joshua Schiffman, HP Labs, HP Inc. | Session chair: Paul Pearce, Georgia Tech | ||
Page Cache Attacks
|
Neural Network Inversion in Adversarial Setting via Background Knowledge Alignment
|
Efficient Two-Round OT Extension and Silent Non-Interactive Secure Computation
|
Encrypted Databases: New Volume Attacks against Range Queries
|
SICO: Surgical Interception Attacks by Manipulating BGP Communities
|
||
Hardware-Backed Heist: Extracting ECDSA Keys from Qualcomm’s TrustZone
|
Privacy Risks of Securing Machine Learning Models against Adversarial Examples
|
Endemic Oblivious Transfer
|
Updatable Oblivious Key Management for Storage Systems
|
Just the Tip of the Iceberg: Internet-Scale Exploitation of Routers for Cryptojacking
|
||
VoltJockey: Breaching TrustZone by Software-Controlled Voltage Manipulation over Multi-core Frequencies
|
MemGuard: Defending against Black-Box Membership Inference Attacks via Adversarial Examples
|
LevioSA: Lightweight Secure Arithmetic Computation
|
Efficient Multi-Key Homomorphic Encryption with Packed Ciphertexts with Application to Oblivious Neural Network Inference
|
Network Hygiene, Incentives, and Regulation: Deployment of Source Address Validation in the Internet
|
||
Principled Unearthing of TCP Side Channel Vulnerabilities
|
Procedural Noise Adversarial Examples for Black-Box Attacks on Deep Convolutional Networks
|
Onion Ring ORAM: Efficient Constant Bandwidth Oblivious RAM from (Leveled) TFHE
|
Traceback for End-to-End Encrypted Messaging
|
Security Certification in Payment Card Industry: Testbeds, Measurements, and Recommendations
|
||
15:30-16:00 | Coffee Break | |||||
16:00-17:30 | 3A: Fuzzing: Methods and Applications | 3B: Blockchain I | 3C: Secure Computing II | 3D: Formal Analysis I | 3E: Privacy II | |
Session chair: Venkat Venkatakrishnan, University of Illinois at Chicago | Session chair: Andrew Miller, University of Illinois at Urbana-Champaign | Session chair: Nick Hopper, University of Minnesota | Session chair: Carl Gunter, University of Illinois at Urbana-Champaign | Session chair: Ilya Mironov, Facebook Research | ||
Matryoshka: fuzzing deeply nested branches
|
HyperService: Interoperability and Programmability across Heterogeneous Blockchains
|
Securely Sampling Biased Coins with Applications to Differential Privacy
|
A Formal Treatment of Deterministic Wallets
|
Analyzing Subgraph Statistics from Extended Local Views with Decentralized Differential Privacy
|
||
Intriguer: Field-Level Constraint Solving for Hybrid Fuzzing
|
MatRiCT: Efficient, Scalable and Post-Quantum Blockchain Confidential Transactions Protocol
|
Stormy: Statistics in Tor by Measuring Securely
|
5GReasoner: A Property-Directed Security and Privacy Analysis Framework for 5G Cellular Network Protocol
|
How to accurately and privately identify anomalies
|
||
Learning to Fuzz from Symbolic Execution with Application to Smart Contracts
|
Prism: Deconstructing the Blockchain to Approach Physical Limits
|
Efficient Publicly Verifiable 2PC over a Blockchain with Applications to Financially-Secure Computations
|
Verified Verifiers for Verifying Elections
|
Differentially Private Nonparametric Hypothesis Testing
|
||
17:30-18:00 | Break | |||||
18:00-19:30 | Poster Session I (Room: Monarch) | |||||
19:30-20:30 | Business Meeting (Room: Kings Balmoral) |
CCS Main Conference on Wednesday, November 13th, 2019
Room Time |
Kings Balmoral | Kings Sandringham | Windsor | Blenheim | Buckingham & Kensington | |
---|---|---|---|---|---|---|
07:30-09:00 | Breakfast (Room: Monarch) & Registration (Room: West Wing Foyer) | 09:00-10:30 | 4A: Side Channels II | 4B: Blockchain II | 4C: Secure Computing III | 4D: Formal Analysis II | 4E: Privacy III |
Session chair: Yinqian Zhang, Ohio State University | Session chair: Aggelos Kiayias, University of Edinburgh | Session chair: Jonathan Katz, George Mason University | Session chair: Ninghui Li, Purdue University | Session chair:Yang Zhang, CISPA Helmholtz Center for Information Security | ||
ZombieLoad: Cross-Privilege-Boundary Data Sampling
|
Atomic Multi-Channel Updates with Constant Collateral in Bitcoin-Compatible Payment-Channel Networks
|
A High-Assurance Evaluator for Machine-Checked Secure Multiparty Computation
|
Exploiting Symmetries when Proving Equivalence Properties for Security Protocols
|
Five Years of the Right to be Forgotten
|
||
Fallout: Leaking Data on Meltdown-resistant CPUs
|
Erlay: Efficient Transaction Relay for Bitcoin
|
Practical Fully Secure Three-Party Computation via Sublinear Distributed ZK Proofs
|
Are These Pairing Elements Correct? Automated Verification and Applications
|
(Un)informed Consent: Studying GDPR Consent Notices in the Field
|
||
SMoTherSpectre: exploiting speculative execution through port contention
|
Power Adjusting and Bribery Racing: Novel Mining Attacks in the Bitcoin System
|
HoneyBadgerMPC and AsynchroMix: Practical Asynchronous MPC and its Application to Anonymous Communication
|
Post-Collusion Security and Distance Bounding
|
Moving Beyond Set-It-And-Forget-It Privacy Settings on Social Media
|
||
10:30-11:00 | Coffee Break | |||||
11:00-12:00 | 5A: Software Security | 5B: Protocols | 5C: Cloud Security II | 5D: SDN Security | 5E: Fingerprinting | |
Session chair: Hao Chen, University of California, Davis | Session chair: Carmit Hazay, Bar-Ilan University | Session chair: Kun Sun, George Mason University | Session chair: Seungwon Shin, KAIST | Session chair: Nils Ole Tippenhauer, CISPA Helmholtz Center for Information Security | ||
Binary Control-Flow Trimming
|
Flexible Byzantine Fault Tolerance
|
Houdini’s Escape: Breaking the Resource Rein of Linux Control Groups
|
An In-depth Look Into SDN Topology Discovery Mechanisms: Novel Attacks and Practical Countermeasures
|
Triplet Fingerprinting: More Practical and Portable Website Fingerprinting with N-shot Learning
|
||
Program-mandering: Quantitative Privilege Separation
|
Distributed Vector-OLE: Improved Constructions and Implementation
|
Insecure Until Proven Updated: Analyzing AMD SEV’s Remote Attestation
|
Proof-Carrying Network Code
|
DeMiCPU: Device Fingerprinting with Magnetic Signals Radiated by CPU
|
||
12:00-13:30 | Lunch Break (Room: Monarch) | |||||
13:30-15:30 | 6A: Biometrics Security | 6B: ML Security II | 6C: Secure Computing VI | 6D: Cyber Threat | 6E: Passwords and Accounts | |
Session chair: Kehuan Zhang, The Chinese University of Hong Kong | Session chair: Neil Gong, Duke University | Session chair: Mike Rosulek, Oregon State University | Session chair: Ting Yu, Qatar Computing Research Institute | Session chair: Blase Ur, University of Chicago | ||
Multisketches: Practical Secure Sketches Using Off-the-Shelf Biometric Matching Algorithms
|
QUOTIENT: Two-Party Secure Neural Network Training and Prediction
|
Transparency Logs via Append-only Authenticated Dictionaries
|
Log2vec: A Heterogeneous Graph Embedding Based Approach for Detecting Cyber Threats within Enterprise
|
How to (not) share a password: Privacy preserving protocols for finding heavy hitters with adversarial behavior
|
||
28 Blinks Later: Tackling Practical Challenges of Eye Movement Biometrics
|
Quantitative Verification of Neural Networks and Its Security Applications
|
Probabilistic Data Structures in Adversarial Environments
|
POIROT: Aligning Attack Behavior with Kernel Audit Records for Cyber Threat Hunting
|
Protocols for Checking Compromised Credentials
|
||
Velody: Nonlinear Vibration Challenge-Response for Resilient User Authentication
|
ABS: Scanning Neural Networks for Back-doors by Artificial Brain Stimulation
|
Make Some ROOM for the Zeros: Data Sparsity in Secure Distributed Machine Learning
|
Effective and Light-Weight Deobfuscation and Semantic-Aware Attack Detection for PowerShell Scripts
|
User Account Access Graphs
|
||
The Catcher in the Field: A Fieldprint based Spoofing Detection for Text-Independent Speaker Verification
|
Lifelong Anomaly Detection Through Unlearning
|
PIEs: Public Incompressible Encodings for Decentralized Storage
|
MalMax: Multi-Aspect Execution for Automated Dynamic Web Server Malware Analysis
|
Detecting Fake Accounts in Online Social Networks at the Time of Registrations
|
||
15:30-16:00 | Coffee Break | |||||
16:00-17:30 | 7A: Internet of Things | 7B: Blockchain III | 7C: Secure Computing V | 7D: Formal Analysis III | 7E: Privacy-Preserving Techniques | |
Session chair: Kangjie Lu, University of Minnesota | Session chair: Danfeng Yao, Virginia Tech | Session chair: XiaoFeng Wang, Indiana University | Session chair: Matteo Maffei, TU Wien | Session chair: Jonathan Katz, George Mason University | ||
Charting the Attack Surface of Trigger-Action IoT Platforms
|
Balance: Dynamic Adjustment of Cryptocurrency Deposits
|
Efficient MPC via Program Analysis: A Framework for Efficient Optimal Mixing
|
Signed Cryptographic Program Verification with Typed CryptoLine
|
SEEMless: Secure End-to-End Encrypted Messaging with less Trust
|
||
Peeves: Physical Event Verification in Smart Homes
|
TokenScope: Automatically Detecting Inconsistent Behaviors of Cryptocurrency Tokens in Ethereum
|
Two-Thirds Honest-Majority MPC for Malicious Adversaries at Almost the Cost of Semi-Honest
|
Machine-Checked Proofs for Cryptographic Standards
|
PrivDPI: Privacy-Preserving Encrypted Traffic Inspection with Reusable Obfuscated Rules
|
||
Automatic Fingerprinting of Vulnerable BLE IoT Devices with Static UUIDs from Mobile Apps
|
Tesseract: Real-Time Cryptocurrency Exchange Using Trusted Hardware
|
Fast Actively Secure Five-Party Computation with Security Beyond Abort
|
VeriSketch: Synthesizing Secure Hardware Designs with Timing-Sensitive Information Flow Properties
|
Updatable Anonymous Credentials and Applications to Incentive Systems
|
||
17:30-17:35 | Break | |||||
17:35-18:35 | Panel Discussion: Scaling the Academic Security Community (Room: Sandringham) | |||||
18:35-19:00 | Break | |||||
19:00-22:00 | Banquet & Awards (Room: Monarch) |
CCS Main Conference on Thursday, November 14th, 2019
Room Time |
Kings Balmoral | Kings Sandringham | Windsor | Blenheim | Buckingham & Kensington | |
---|---|---|---|---|---|---|
07:30-09:00 | Breakfast (Room: Monarch) & Registration (Room: West Wing Foyer) | |||||
09:00-10:30 | Keynote: N. Asokan, Hardware-assisted Trusted Execution Environments — Look Back, Look Ahead (Room: Kings) Session chair: XiaoFeng Wang, Indiana University | |||||
10:30-11:00 | Coffee Break | |||||
11:00-12:00 | 8A: Attack II | 8B: TEE I | 8C: Blockchain VI | 8D: Language Security | 8E: Web Security | |
Session chair: Chao Zhang, Tsinghua University | Session chair: Yuval Yarom, University of Adelaide and Datat61 | Session chair: XiaoFeng Wang, Indiana University | Session chair: Johannes Kinder, Bundeswehr University Munich | Session chair: Giovanni Vigna, UCSB | ||
Gollum: Modular and Greybox Exploit Generation for Heap Overflows in Interpreters
|
SecTEE: A Software-based Approach to Secure Enclave Architecture Using TEE
|
zkay: Specifying and Enforcing Data Privacy in Smart Contracts
|
Where Does It Go? Refining Indirect-Call Targets with Multi-Layer Type Analysis
|
HideNoSeek: Camouflaging Malicious JavaScript in Benign ASTs
|
||
SLAKE: Facilitating Slab Manipulation for Exploiting Vulnerabilities in the Linux Kernel
|
A Tale of Two Worlds: Assessing the Vulnerability of Enclave Shielding Runtimes
|
Privacy Aspects and Subliminal Channels in Zcash
|
Different is Good: Detecting the Use of Uninitialized Variables through Differential Replay
|
Your Cache Has Fallen: Cache-Poisoned Denial-of-Service Attack
|
||
12:00-13:30 | Lunch Break (Room: Monarch) | |||||
13:30-15:30 | 9A: User Study | 9B: ML Security III | 9C: Zero-Knowledge Proofs | 9D: Signatures | 9E: Web Censorship and Auditing | |
Session chair: Kassem Fawaz, University of Wisconsin-Madison | Session chair: Esfandiar Mohammadi, University of Luebeck | Session chair: Daniel Genkin, University of Michigan | Session chair: Dominique Schröder, Friedrich-Alexander-Universität Erlangen-Nürnberg | Session chair: Rob Jansen, U.S. Naval Research Laboratory | ||
“I don’t see why I would ever want to use it”: Analyzing the Usability of Popular Smartphone Password Managers
|
Seeing isn’t Believing: Towards More Robust Adversarial Attack Against Real World Object Detectors
|
Succinct Arguments for Bilinear Group Arithmetic: Practical Structure-Preserving Cryptography
|
The SPHINCS+ signature framework
|
Geneva: Evolving Censorship Evasion Strategies
|
||
Matched and Mismatched SOCs: A Qualitative Study on Security Operations Center Issues
|
AdVersarial: Perceptual Ad Blocking meets Adversarial Machine Learning
|
LegoSNARK: Modular Design and Composition of Succinct Zero-Knowledge Proofs
|
GALACTICS: Gaussian Sampling for Lattice-Based Constant-Time Implementation of Cryptographic Signatures, Revisited
|
Conjure: Summoning Proxies from Unused Address Space
|
||
A Usability Evaluation of Let’s Encrypt and Certbot – Usable Security Done Right?
|
Attacking Graph-based Classification via Manipulating the Graph Structure
|
Efficient Zero-Knowledge Arguments in the Discrete Log Setting, Revisited
|
Seems Legit: Automated Analysis of Subtle Attacks on Protocols that use Signatures
|
You Shall Not Join: A Measurement Study of Cryptocurrency Peer-to-Peer Bootstrapping Techniques
|
Latent Backdoor Attacks on Deep Neural Networks
|
Sonic: Zero-Knowledge SNARKs from Linear-Size Universal and Updatable Structured Reference Strings
|
Membership Privacy for Fully Dynamic Group Signatures
|
SAMPL: Scalable Auditability of Monitoring Processes using Public Ledgers
Roopa Vishwanathan (New Mexico State University);Gaurav Panwar (New Mexico State University);Satyajayant Misra (New Mexico State University);Austin Bos (New Mexico State University)
|
15:30-16:00 | Coffee Break | |||||
16:00-17:30 | 10A: Cyberphysical Security | 10B: TEE II | 10C: Secret Sharing | 10D: Mobile Security | 10E: Certificates | |
Session chair: Soteris Demetriou, Imperial College London | Session chair: Sven Bugiel, CISPA Helmholtz Center for Information Security | Session chair: Lorenzo Cavallaro, King’s College London | Session chair: Adam Doupé, Arizona State University | Session chair: Tudor Dumitras, University of Maryland, College Park | ||
Adversarial Sensor Attack on LiDAR-based Perception in Autonomous Driving
|
OPERA: Open Remote Attestation for Intel’s Secure Enclaves
|
CHURP: Dynamic-Committee Proactive Secret Sharing
|
DeepIntent: Deep Icon-Behavior Learning for Detecting Intention-Behavior Discrepancy in Mobile Apps
|
Let’s Encrypt: An Automated Certificate Authority to Encrypt the Entire Web
|
||
LibreCAN: Automated CAN Message Translator
|
Towards Memory Safe Enclave Programming with Rust-SGX
|
Efficient Verifiable Secret Sharing with Share Recovery in BFT Protocols
|
The Art and Craft of Fraudulent App Promotion in Google Play
|
You Are Who You Appear to Be: A Longitudinal Study of Domain Impersonation in TLS Certificates
|
||
Trick or Heat? Manipulating Critical Temperature-Based Control Systems using Rectification attacks
|
LightBox: Full-stack Protected Stateful Middlebox at Lightning Speed
|
Two-party Private Set Intersection with an Untrusted Third Party.
|
CryptoGuard: High Precision Detection of Cryptographic Vulnerabilities in Massive-sized Java Projects
|
Certificate Transparency in the Wild: Exploring the Reliability of Monitors
|
Post-Conference Workshops on Friday, November 15th, 2019 (07:30-17:30)
Time | 12th ACM Workshop on Artificial Intelligence and Security Room: Blenheim |
3rd Workshop on Forming an Ecosystem Around Software Transformation Room: Windsor Lancester |
Privacy Preserving Machine Learning Room: Buckingham & Kensington |
3rd Software Protection Workshop Room: Park |
2nd Workshop on the Internet of Things Security and Privacy Room: Windsor York |
3rd Attacks and Solutions in Hardware Security Workshop Room: Thames Chelsea & Richmond |
14th ACM SIGSAC Workshop on Programming Languages and Analysis for Security Room: Westminster |
1st Workshop on Cyber-Security Arms Race Room: Thames Waterloo & Tower |
---|---|---|---|---|---|---|---|---|
07:30-09:00 | Breakfast (Room: Monarch) & Registration (Room: West Wing Foyer) | |||||||
9:00-10:00 | AISec | FEAST | PPML | SPRO | IoT S&P | ASHES | PLAS | CYSARM |
10:00-10:45 | Coffee Break | |||||||
10:45-12:00 | AISec | FEAST | PPML | SPRO | IoT S&P | ASHES | PLAS | CYSARM |
12:00-14:00 | Lunch Break (Room: Monarch) | |||||||
14:00-15:00 | AISec | FEAST | PPML | SPRO | IoT S&P | ASHES | PLAS | CYSARM |
15:00-15:45 | Coffee Break | |||||||
15:45-17:30 | AISec | FEAST | PPML | SPROuntil 18:30 | IoT S&P | ASHES | PLAS | CYSARM |