NDSS 2014:San Diego, California, USA

21st Annual Network and Distributed System Security Symposium, NDSS 2014, San Diego, California, USA, February 23-26, 2014. The Internet Society 【DBLP Link】

Paper Num: 55 || Session Num: 0

1. On the Mismanagement and Maliciousness of Networks.

【Paper Link】【Pages】:

【Authors】: Jing Zhang ; Zakir Durumeric ; Michael Bailey ; Mingyan Liu ; Manish Karir

【Abstract】:

【Keywords】:

2. No Direction Home: The True Cost of Routing Around Decoys.

【Paper Link】【Pages】:

【Authors】: Amir Houmansadr ; Edmund L. Wong ; Vitaly Shmatikov

【Abstract】:

【Keywords】:

3. Gaining Control of Cellular Traffic Accounting by Spurious TCP Retransmission.

【Paper Link】【Pages】:

【Authors】: Younghwan Go ; Eunyoung Jeong ; Jongil Won ; Yongdae Kim ; Denis Foo Kune ; KyoungSoo Park

【Abstract】:

【Keywords】:

4. CyberProbe: Towards Internet-Scale Active Detection of Malicious Servers.

【Paper Link】【Pages】:

【Authors】: Antonio Nappa ; Zhaoyan Xu ; M. Zubair Rafique ; Juan Caballero ; Guofei Gu

【Abstract】:

【Keywords】:

5. Amplification Hell: Revisiting Network Protocols for DDoS Abuse.

【Paper Link】【Pages】:

【Authors】: Christian Rossow

【Abstract】:

【Keywords】:

6. ROPecker: A Generic and Practical Approach For Defending Against ROP Attacks.

【Paper Link】【Pages】:

【Authors】: Yueqiang Cheng ; Zongwei Zhou ; Miao Yu ; Xuhua Ding ; Robert H. Deng

【Abstract】:

【Keywords】:

7. A Trusted Safety Verifier for Process Controller Code.

【Paper Link】【Pages】:

【Authors】: Stephen E. McLaughlin ; Saman A. Zonouz ; Devin J. Pohly ; Patrick D. McDaniel

【Abstract】:

【Keywords】:

8. AVATAR: A Framework to Support Dynamic Security Analysis of Embedded Systems' Firmwares.

【Paper Link】【Pages】:

【Authors】: Jonas Zaddach ; Luca Bruno ; Aurélien Francillon ; Davide Balzarotti

【Abstract】:

【Keywords】:

9. SafeDispatch: Securing C++ Virtual Calls from Memory Corruption Attacks.

【Paper Link】【Pages】:

【Authors】: Dongseok Jang ; Zachary Tatlock ; Sorin Lerner

【Abstract】:

【Keywords】:

10. Hybrid-Bridge: Efficiently Bridging the Semantic-Gap in VMI via Decoupled Execution and Training Memoization.

【Paper Link】【Pages】:

【Authors】: Alireza Saberi ; Yangchun Fu ; Zhiqiang Lin

【Abstract】:

【Keywords】:

11. Screenmilker: How to Milk Your Android Screen for Secrets.

【Paper Link】【Pages】:

【Authors】: Chia-Chi Lin ; Hongyang Li ; Xiao-yong Zhou ; XiaoFeng Wang

【Abstract】:

【Keywords】:

12. AccelPrint: Imperfections of Accelerometers Make Smartphones Trackable.

【Paper Link】【Pages】:

【Authors】: Sanorita Dey ; Nirupam Roy ; Wenyuan Xu ; Romit Roy Choudhury ; Srihari Nelakuditi

【Abstract】:

【Keywords】:

13. Smartphones as Practical and Secure Location Verification Tokens for Payments.

【Paper Link】【Pages】:

【Authors】: Claudio Marforio ; Nikolaos Karapanos ; Claudio Soriente ; Kari Kostiainen ; Srdjan Capkun

【Abstract】:

【Keywords】:

14. Breaking and Fixing Origin-Based Access Control in Hybrid Web/Mobile Application Frameworks.

【Paper Link】【Pages】:

【Authors】: Martin Georgiev ; Suman Jana ; Vitaly Shmatikov

【Abstract】:

【Keywords】:

15. Inside Job: Understanding and Mitigating the Threat of External Device Mis-Binding on Android.

【Paper Link】【Pages】:

【Authors】: Muhammad Naveed ; Xiao-yong Zhou ; Soteris Demetriou ; XiaoFeng Wang ; Carl A. Gunter

【Abstract】:

【Keywords】:

16. DSpin: Detecting Automatically Spun Content on the Web.

【Paper Link】【Pages】:

【Authors】: Qing Zhang ; David Y. Wang ; Geoffrey M. Voelker

【Abstract】:

【Keywords】:

17. Toward Black-Box Detection of Logic Flaws in Web Applications.

【Paper Link】【Pages】:

【Authors】: Giancarlo Pellegrino ; Davide Balzarotti

【Abstract】:

【Keywords】:

18. Macaroons: Cookies with Contextual Caveats for Decentralized Authorization in the Cloud.

【Paper Link】【Pages】:

【Authors】: Arnar Birgisson ; Joe Gibbs Politz ; Úlfar Erlingsson ; Ankur Taly ; Michael Vrable ; Mark Lentczner

【Abstract】:

【Keywords】:

19. Detecting Logic Vulnerabilities in E-commerce Applications.

【Paper Link】【Pages】:

【Authors】: Fangqi Sun ; Liang Xu ; Zhendong Su

【Abstract】:

【Keywords】:

20. Simulation of Built-in PHP Features for Precise Static Code Analysis.

【Paper Link】【Pages】:

【Authors】: Johannes Dahse ; Thorsten Holz

【Abstract】:

【Keywords】:

21. Enhanced Certificate Transparency and End-to-End Encrypted Mail.

【Paper Link】【Pages】:

【Authors】: Mark Dermot Ryan

【Abstract】:

【Keywords】:

22. Privacy through Pseudonymity in Mobile Telephony Systems.

【Paper Link】【Pages】:

【Authors】: Myrto Arapinis ; Loretta Ilaria Mancini ; Eike Ritter ; Mark Ryan

【Abstract】:

【Keywords】:

23. Privacy-Preserving Distributed Stream Monitoring.

【Paper Link】【Pages】:

【Authors】: Arik Friedman ; Izchak Sharfman ; Daniel Keren ; Assaf Schuster

【Abstract】:

【Keywords】:

24. The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network.

【Paper Link】【Pages】:

【Authors】: Rob Jansen ; Florian Tschorsch ; Aaron Johnson ; Björn Scheuermann

【Abstract】:

【Keywords】:

25. Selling off User Privacy at Auction.

【Paper Link】【Pages】:

【Authors】: Lukasz Olejnik ; Minh-Dung Tran ; Claude Castelluccia

【Abstract】:

【Keywords】:

26. The Tangled Web of Password Reuse.

【Paper Link】【Pages】:

【Authors】: Anupam Das ; Joseph Bonneau ; Matthew Caesar ; Nikita Borisov ; XiaoFeng Wang

【Abstract】:

【Keywords】:

27. On Semantic Patterns of Passwords and their Security Impact.

【Paper Link】【Pages】:

【Authors】: Rafael Veras ; Christopher Collins ; Julie Thorpe

【Abstract】:

【Keywords】:

28. From Very Weak to Very Strong: Analyzing Password-Strength Meters.

【Paper Link】【Pages】:

【Authors】: Xavier de Carné de Carnavalet ; Mohammad Mannan

【Abstract】:

【Keywords】:

29. Copker: Computing with Private Keys without RAM.

【Paper Link】【Pages】:

【Authors】: Le Guan ; Jingqiang Lin ; Bo Luo ; Jiwu Jing

【Abstract】:

【Keywords】:

30. Practical Dynamic Searchable Encryption with Small Leakage.

【Paper Link】【Pages】:

【Authors】: Emil Stefanov ; Charalampos Papamanthou ; Elaine Shi

【Abstract】:

【Keywords】:

31. Decentralized Anonymous Credentials.

【Paper Link】【Pages】:

【Authors】: Christina Garman ; Matthew Green ; Ian Miers

【Abstract】:

【Keywords】:

32. Dynamic Searchable Encryption in Very-Large Databases: Data Structures and Implementation.

【Paper Link】【Pages】:

【Authors】: David Cash ; Joseph Jaeger ; Stanislaw Jarecki ; Charanjit S. Jutla ; Hugo Krawczyk ; Marcel-Catalin Rosu ; Michael Steiner

【Abstract】:

【Keywords】:

33. Authentication Using Pulse-Response Biometrics.

【Paper Link】【Pages】:

【Authors】: Kasper Bonne Rasmussen ; Marc Roeschlin ; Ivan Martinovic ; Gene Tsudik

【Abstract】:

【Keywords】:

【Paper Link】【Pages】:

【Authors】: Michael Dietz ; Dan S. Wallach

【Abstract】:

【Keywords】:

35. Two-Factor Authentication Resilient to Server Compromise Using Mix-Bandwidth Devices.

【Paper Link】【Pages】:

【Authors】: Maliheh Shirvanian ; Stanislaw Jarecki ; Nitesh Saxena ; Naveen Nathan

【Abstract】:

【Keywords】:

36. Leveraging USB to Establish Host Identity Using Commodity Devices.

【Paper Link】【Pages】:

【Authors】: Adam M. Bates ; Ryan Leonard ; Hannah Pruse ; Daniel Lowd ; Kevin R. B. Butler

【Abstract】:

【Keywords】:

37. PlaceAvoider: Steering First-Person Cameras away from Sensitive Spaces.

【Paper Link】【Pages】:

【Authors】: Robert Templeman ; Mohammed Korayem ; David J. Crandall ; Apu Kapadia

【Abstract】:

【Keywords】:

38. Auditable Version Control Systems.

【Paper Link】【Pages】:

【Authors】: Bo Chen ; Reza Curtmola

【Abstract】:

【Keywords】:

39. Power Attack: An Increasing Threat to Data Centers.

【Paper Link】【Pages】:

【Authors】: Zhang Xu ; Haining Wang ; Zichen Xu ; Xiaorui Wang

【Abstract】:

【Keywords】:

40. Scambaiter: Understanding Targeted Nigerian Scams on Craigslist.

【Paper Link】【Pages】:

【Authors】: Youngsam Park ; Jackie Jones ; Damon McCoy ; Elaine Shi ; Markus Jakobsson

【Abstract】:

【Keywords】:

41. Botcoin: Monetizing Stolen Cycles.

【Paper Link】【Pages】:

【Authors】: Danny Yuxing Huang ; Hitesh Dharmdasani ; Sarah Meiklejohn ; Vacha Dave ; Chris Grier ; Damon McCoy ; Stefan Savage ; Nicholas Weaver ; Alex C. Snoeren ; Kirill Levchenko

【Abstract】:

【Keywords】:

42. A Machine-learning Approach for Classifying and Categorizing Android Sources and Sinks.

【Paper Link】【Pages】:

【Authors】: Siegfried Rasthofer ; Steven Arzt ; Eric Bodden

【Abstract】:

【Keywords】:

43. AirBag: Boosting Smartphone Resistance to Malware Infection.

【Paper Link】【Pages】:

【Authors】: Chiachih Wu ; Yajin Zhou ; Kunal Patel ; Zhenkai Liang ; Xuxian Jiang

【Abstract】:

【Keywords】:

44. SMV-Hunter: Large Scale, Automated Detection of SSL/TLS Man-in-the-Middle Vulnerabilities in Android Apps.

【Paper Link】【Pages】:

【Authors】: David Sounthiraraj ; Justin Sahs ; Garret Greenwood ; Zhiqiang Lin ; Latifur Khan

【Abstract】:

【Keywords】:

45. AppSealer: Automatic Generation of Vulnerability-Specific Patches for Preventing Component Hijacking Attacks in Android Applications.

【Paper Link】【Pages】:

【Authors】: Mu Zhang ; Heng Yin

【Abstract】:

【Keywords】:

46. Execute This! Analyzing Unsafe and Malicious Dynamic Code Loading in Android Applications.

【Paper Link】【Pages】:

【Authors】: Sebastian Poeplau ; Yanick Fratantonio ; Antonio Bianchi ; Christopher Kruegel ; Giovanni Vigna

【Abstract】:

【Keywords】:

47. Nazca: Detecting Malware Distribution in Large-Scale Networks.

【Paper Link】【Pages】:

【Authors】: Luca Invernizzi ; Stanislav Miskovic ; Ruben Torres ; Christopher Kruegel ; Sabyasachi Saha ; Giovanni Vigna ; Sung-Ju Lee ; Marco Mellia

【Abstract】:

【Keywords】:

48. Persistent Data-only Malware: Function Hooks without Code.

【Paper Link】【Pages】:

【Authors】: Sebastian Vogl ; Jonas Pfoh ; Thomas Kittel ; Claudia Eckert

【Abstract】:

【Keywords】:

49. DREBIN: Effective and Explainable Detection of Android Malware in Your Pocket.

【Paper Link】【Pages】:

【Authors】: Daniel Arp ; Michael Spreitzenbarth ; Malte Hubner ; Hugo Gascon ; Konrad Rieck

【Abstract】:

【Keywords】:

50. Gyrus: A Framework for User-Intent Monitoring of Text-based Networked Applications.

【Paper Link】【Pages】:

【Authors】: Yeongjin Jang ; Simon P. Chung ; Bryan D. Payne ; Wenke Lee

【Abstract】:

【Keywords】:

51. Neural Signatures of User-Centered Security: An fMRI Study of Phishing, and Malware Warnings.

【Paper Link】【Pages】:

【Authors】: Ajaya Neupane ; Nitesh Saxena ; Keya Kuruvilla ; Michael Georgescu ; Rajesh K. Kana

【Abstract】:

【Keywords】:

52. Web PKI: Closing the Gap between Guidelines and Practices.

【Paper Link】【Pages】:

【Authors】: Antoine Delignat-Lavaud ; Martín Abadi ; Andrew Birrell ; Ilya Mironov ; Ted Wobber ; Yinglian Xie

【Abstract】:

【Keywords】:

53. Efficient Private File Retrieval by Combining ORAM and PIR.

【Paper Link】【Pages】:

【Authors】: Travis Mayberry ; Erik-Oliver Blass ; Agnes Hui Chan

【Abstract】:

【Keywords】:

54. Practical Known-Plaintext Attacks against Physical Layer Security in Wireless MIMO Systems.

【Paper Link】【Pages】:

【Authors】: Matthias Schulz ; Adrian Loch ; Matthias Hollick

【Abstract】:

【Keywords】:

55. Practical Issues with TLS Client Certificate Authentication.

【Paper Link】【Pages】:

【Authors】: Arnis Parsovs

【Abstract】:

【Keywords】:

NDSS 2014:San Diego, California, USA

Paper Num: 55 || Session Num: 0

1. On the Mismanagement and Maliciousness of Networks.

2. No Direction Home: The True Cost of Routing Around Decoys.

3. Gaining Control of Cellular Traffic Accounting by Spurious TCP Retransmission.

4. CyberProbe: Towards Internet-Scale Active Detection of Malicious Servers.

5. Amplification Hell: Revisiting Network Protocols for DDoS Abuse.

6. ROPecker: A Generic and Practical Approach For Defending Against ROP Attacks.

7. A Trusted Safety Verifier for Process Controller Code.

8. AVATAR: A Framework to Support Dynamic Security Analysis of Embedded Systems' Firmwares.

9. SafeDispatch: Securing C++ Virtual Calls from Memory Corruption Attacks.

10. Hybrid-Bridge: Efficiently Bridging the Semantic-Gap in VMI via Decoupled Execution and Training Memoization.

11. Screenmilker: How to Milk Your Android Screen for Secrets.

12. AccelPrint: Imperfections of Accelerometers Make Smartphones Trackable.

13. Smartphones as Practical and Secure Location Verification Tokens for Payments.

14. Breaking and Fixing Origin-Based Access Control in Hybrid Web/Mobile Application Frameworks.

15. Inside Job: Understanding and Mitigating the Threat of External Device Mis-Binding on Android.

16. DSpin: Detecting Automatically Spun Content on the Web.

17. Toward Black-Box Detection of Logic Flaws in Web Applications.

18. Macaroons: Cookies with Contextual Caveats for Decentralized Authorization in the Cloud.

19. Detecting Logic Vulnerabilities in E-commerce Applications.

20. Simulation of Built-in PHP Features for Precise Static Code Analysis.

21. Enhanced Certificate Transparency and End-to-End Encrypted Mail.

22. Privacy through Pseudonymity in Mobile Telephony Systems.

23. Privacy-Preserving Distributed Stream Monitoring.

24. The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network.

25. Selling off User Privacy at Auction.

26. The Tangled Web of Password Reuse.

27. On Semantic Patterns of Passwords and their Security Impact.

28. From Very Weak to Very Strong: Analyzing Password-Strength Meters.

29. Copker: Computing with Private Keys without RAM.

30. Practical Dynamic Searchable Encryption with Small Leakage.

31. Decentralized Anonymous Credentials.

32. Dynamic Searchable Encryption in Very-Large Databases: Data Structures and Implementation.

33. Authentication Using Pulse-Response Biometrics.

34. Hardening Persona - Improving Federated Web Login.

35. Two-Factor Authentication Resilient to Server Compromise Using Mix-Bandwidth Devices.

36. Leveraging USB to Establish Host Identity Using Commodity Devices.

37. PlaceAvoider: Steering First-Person Cameras away from Sensitive Spaces.

38. Auditable Version Control Systems.

39. Power Attack: An Increasing Threat to Data Centers.

40. Scambaiter: Understanding Targeted Nigerian Scams on Craigslist.

41. Botcoin: Monetizing Stolen Cycles.

42. A Machine-learning Approach for Classifying and Categorizing Android Sources and Sinks.

43. AirBag: Boosting Smartphone Resistance to Malware Infection.

44. SMV-Hunter: Large Scale, Automated Detection of SSL/TLS Man-in-the-Middle Vulnerabilities in Android Apps.

45. AppSealer: Automatic Generation of Vulnerability-Specific Patches for Preventing Component Hijacking Attacks in Android Applications.

46. Execute This! Analyzing Unsafe and Malicious Dynamic Code Loading in Android Applications.

47. Nazca: Detecting Malware Distribution in Large-Scale Networks.

48. Persistent Data-only Malware: Function Hooks without Code.

49. DREBIN: Effective and Explainable Detection of Android Malware in Your Pocket.

50. Gyrus: A Framework for User-Intent Monitoring of Text-based Networked Applications.

51. Neural Signatures of User-Centered Security: An fMRI Study of Phishing, and Malware Warnings.

52. Web PKI: Closing the Gap between Guidelines and Practices.

53. Efficient Private File Retrieval by Combining ORAM and PIR.

54. Practical Known-Plaintext Attacks against Physical Layer Security in Wireless MIMO Systems.

55. Practical Issues with TLS Client Certificate Authentication.