23. NDSS 2016:San Diego, California, USA

23nd Annual Network and Distributed System Security Symposium, NDSS 2016, San Diego, California, USA, February 21-24, 2016. The Internet Society 【DBLP Link

Paper Num: 61 || Session Num: 14

Session 1: Transport Layer Security 3

1. Transcript Collision Attacks: Breaking Authentication in TLS, IKE and SSH.

Paper Link】 【Pages】:

【Authors】: Karthikeyan Bhargavan ; Gaëtan Leurent

【Abstract】:

【Keywords】:

2. TLS in the Wild: An Internet-wide Analysis of TLS-based Protocols for Electronic Communication.

Paper Link】 【Pages】:

【Authors】: Ralph Holz ; Johanna Amann ; Olivier Mehani ; Mohamed Ali Kâafar ; Matthias Wachs

【Abstract】:

【Keywords】:

3. Killed by Proxy: Analyzing Client-end TLS Interce.

Paper Link】 【Pages】:

【Authors】: Xavier de Carné de Carnavalet ; Mohammad Mannan

【Abstract】:

【Keywords】:

Session 2: Network Security - Part I 4

4. : SIBRA: Scalable Internet Bandwidth Reservation Architecture.

Paper Link】 【Pages】:

【Authors】: Cristina Basescu ; Raphael M. Reischuk ; Pawel Szalachowski ; Adrian Perrig ; Yao Zhang ; Hsu-Chun Hsiao ; Ayumu Kubota ; Jumpei Urakawa

【Abstract】:

【Keywords】:

5. Don't Forget to Lock the Back Door! A Characterization of IPv6 Network Security Policy.

Paper Link】 【Pages】:

【Authors】: Jakub Czyz ; Matthew J. Luckie ; Mark Allman ; Michael Bailey

【Abstract】:

【Keywords】:

6. Attacking the Network Time Protocol.

Paper Link】 【Pages】:

【Authors】: Aanchal Malhotra ; Isaac E. Cohen ; Erik Brakke ; Sharon Goldberg

【Abstract】:

【Keywords】:

Paper Link】 【Pages】:

【Authors】: Min Suk Kang ; Virgil D. Gligor ; Vyas Sekar

【Abstract】:

【Keywords】:

Session 3: Web Security 4

8. CrossFire: An Analysis of Firefox Extension-Reuse Vulnerabilities.

Paper Link】 【Pages】:

【Authors】: Ahmet Salih Buyukkayhan ; Kaan Onarlioglu ; William K. Robertson ; Engin Kirda

【Abstract】:

【Keywords】:

9. It's Free for a Reason: Exploring the Ecosystem of Free Live Streaming Services.

Paper Link】 【Pages】:

【Authors】: M. Zubair Rafique ; Tom van Goethem ; Wouter Joosen ; Christophe Huygens ; Nick Nikiforakis

【Abstract】:

【Keywords】:

10. Attack Patterns for Black-Box Security Testing of Multi-Party Web Applications.

Paper Link】 【Pages】:

【Authors】: Avinash Sudhodanan ; Alessandro Armando ; Roberto Carbone ; Luca Compagna

【Abstract】:

【Keywords】:

11. Are these Ads Safe: Detecting Hidden Attacks through the Mobile App-Web Interfaces.

Paper Link】 【Pages】:

【Authors】: Vaibhav Rastogi ; Rui Shao ; Yan Chen ; Xiang Pan ; Shihong Zou ; Ryan Riley

【Abstract】:

【Keywords】:

Session 4: Network Security Part II 4

12. Enabling Practical Software-defined Networking Security Applications with OFX.

Paper Link】 【Pages】:

【Authors】: John Sonchack ; Jonathan M. Smith ; Adam J. Aviv ; Eric Keller

【Abstract】:

【Keywords】:

13. Forwarding-Loop Attacks in Content Delivery Networks.

Paper Link】 【Pages】:

【Authors】: Jianjun Chen ; Xiaofeng Zheng ; Hai-Xin Duan ; Jinjin Liang ; Jian Jiang ; Kang Li ; Tao Wan ; Vern Paxson

【Abstract】:

【Keywords】:

14. CDN-on-Demand: An affordable DDoS Defense via Untrusted Clouds.

Paper Link】 【Pages】:

【Authors】: Yossi Gilad ; Amir Herzberg ; Michael Sudkovitch ; Michael Goberman

【Abstract】:

【Keywords】:

15. Towards SDN-Defined Programmable BYOD (Bring Your Own Device) Security.

Paper Link】 【Pages】:

【Authors】: Sungmin Hong ; Robert Baykov ; Lei Xu ; Srinath Nadimpalli ; Guofei Gu

【Abstract】:

【Keywords】:

Session 5: MISC: Cryptocurrencies, Captchas, and GameBots 4

16. Centrally Banked Cryptocurrencies.

Paper Link】 【Pages】:

【Authors】: George Danezis ; Sarah Meiklejohn

【Abstract】:

【Keywords】:

17. Equihash: Asymmetric Proof-of-Work Based on the Generalized Birthday Problem.

Paper Link】 【Pages】:

【Authors】: Alex Biryukov ; Dmitry Khovratovich

【Abstract】:

【Keywords】:

18. A Simple Generic Attack on Text Captchas.

Paper Link】 【Pages】:

【Authors】: Haichang Gao ; Jeff Yan ; Fang Cao ; Zhengya Zhang ; Lei Lei ; Mengyun Tang ; Ping Zhang ; Xin Zhou ; Xuqin Wang ; Jiawei Li

【Abstract】:

【Keywords】:

19. You are a Game Bot!: Uncovering Game Bots in MMORPGs via Self-similarity in the Wild.

Paper Link】 【Pages】:

【Authors】: Eunjo Lee ; Jiyoung Woo ; Hyoungshick Kim ; Aziz Mohaisen ; Huy Kang Kim

【Abstract】:

【Keywords】:

Session 6: Privacy in Mobile 5

20. Tracking Mobile Web Users Through Motion Sensors: Attacks and Defenses.

Paper Link】 【Pages】:

【Authors】: Anupam Das ; Nikita Borisov ; Matthew Caesar

【Abstract】:

【Keywords】:

21. The Price of Free: Privacy Leakage in Personalized Mobile In-Apps Ads.

Paper Link】 【Pages】:

【Authors】: Wei Meng ; Ren Ding ; Simon P. Chung ; Steven Han ; Wenke Lee

【Abstract】:

【Keywords】:

22. What Mobile Ads Know About Mobile Users.

Paper Link】 【Pages】:

【Authors】: Sooel Son ; Daehyeok Kim ; Vitaly Shmatikov

【Abstract】:

【Keywords】:

23. Free for All! Assessing User Data Exposure to Advertising Libraries on Android.

Paper Link】 【Pages】:

【Authors】: Soteris Demetriou ; Whitney Merrill ; Wei Yang ; Aston Zhang ; Carl A. Gunter

【Abstract】:

【Keywords】:

24. Practical Attacks Against Privacy and Availability in 4G/LTE Mobile Communication Systems.

Paper Link】 【Pages】:

【Authors】: Altaf Shaik ; Jean-Pierre Seifert ; Ravishankar Borgaonkar ; N. Asokan ; Valtteri Niemi

【Abstract】:

【Keywords】:

Session 7: Software Security 5

25. Towards Automated Dynamic Analysis for Linux-based Embedded Firmware.

Paper Link】 【Pages】:

【Authors】: Daming D. Chen ; Maverick Woo ; David Brumley ; Manuel Egele

【Abstract】:

【Keywords】:

26. discovRE: Efficient Cross-Architecture Identification of Bugs in Binary Code.

Paper Link】 【Pages】:

【Authors】: Sebastian Eschweiler ; Khaled Yakdan ; Elmar Gerhards-Padilla

【Abstract】:

【Keywords】:

27. Driller: Augmenting Fuzzing Through Selective Symbolic Execution.

Paper Link】 【Pages】:

【Authors】: Nick Stephens ; John Grosen ; Christopher Salls ; Andrew Dutcher ; Ruoyu Wang ; Jacopo Corbetta ; Yan Shoshitaishvili ; Christopher Kruegel ; Giovanni Vigna

【Abstract】:

【Keywords】:

28. VTrust: Regaining Trust on Virtual Calls.

Paper Link】 【Pages】:

【Authors】: Chao Zhang ; Dawn Song ; Scott A. Carr ; Mathias Payer ; Tongxin Li ; Yu Ding ; Chengyu Song

【Abstract】:

【Keywords】:

29. Protecting C++ Dynamic Dispatch Through VTable Interleaving.

Paper Link】 【Pages】:

【Authors】: Dimitar Bounov ; Rami Gökhan Kici ; Sorin Lerner

【Abstract】:

【Keywords】:

Session 8: System Security - Part I 4

30. ProTracer: Towards Practical Provenance Tracing by Alternating Between Logging and Tainting.

Paper Link】 【Pages】:

【Authors】: Shiqing Ma ; Xiangyu Zhang ; Dongyan Xu

【Abstract】:

【Keywords】:

31. Who's in Control of Your Control System? Device Fingerprinting for Cyber-Physical Systems.

Paper Link】 【Pages】:

【Authors】: David Formby ; Preethi Srinivasan ; Andrew Leonard ; Jonathan Rogers ; Raheem A. Beyah

【Abstract】:

【Keywords】:

32. SKEE: A lightweight Secure Kernel-level Execution Environment for ARM.

Paper Link】 【Pages】:

【Authors】: Ahmed M. Azab ; Kirk Swidowski ; Rohan Bhutkar ; Jia Ma ; Wenbo Shen ; Ruowen Wang ; Peng Ning

【Abstract】:

【Keywords】:

33. OpenSGX: An Open Platform for SGX Research.

Paper Link】 【Pages】:

【Authors】: Prerit Jain ; Soham Jayesh Desai ; Ming-Wei Shih ; Taesoo Kim ; Seong Min Kim ; Jae-Hyuk Lee ; Changho Choi ; Youjung Shin ; Brent ByungHoon Kang ; Dongsu Han

【Abstract】:

【Keywords】:

Session 9: Privacy - Part I 4

34. Efficient Private Statistics with Succinct Sketches.

Paper Link】 【Pages】:

【Authors】: Luca Melis ; George Danezis ; Emiliano De Cristofaro

【Abstract】:

【Keywords】:

35. Dependence Makes You Vulnberable: Differential Privacy Under Dependent Tuples.

Paper Link】 【Pages】:

【Authors】: Changchang Liu ; Supriyo Chakraborty ; Prateek Mittal

【Abstract】:

【Keywords】:

36. Privacy-Preserving Shortest Path Computation.

Paper Link】 【Pages】:

【Authors】: David J. Wu ; Joe Zimmerman ; Jérémy Planul ; John C. Mitchell

【Abstract】:

【Keywords】:

37. LinkMirage: Enabling Privacy-preserving Analytics on Social Relationships.

Paper Link】 【Pages】:

【Authors】: Changchang Liu ; Prateek Mittal

【Abstract】:

【Keywords】:

Session 10: Privacy - Part II 3

38. Do You See What I See? Differential Treatment of Anonymous Users.

Paper Link】 【Pages】:

【Authors】: Sheharbano Khattak ; David Fifield ; Sadia Afroz ; Mobin Javed ; Srikanth Sundaresan ; Damon McCoy ; Vern Paxson ; Steven J. Murdoch

【Abstract】:

【Keywords】:

39. Measuring and Mitigating AS-level Adversaries Against Tor.

Paper Link】 【Pages】:

【Authors】: Rishab Nithyanand ; Oleksii Starov ; Phillipa Gill ; Adva Zair ; Michael Schapira

【Abstract】:

【Keywords】:

40. Website Fingerprinting at Internet Scale.

Paper Link】 【Pages】:

【Authors】: Andriy Panchenko ; Fabian Lanze ; Jan Pennekamp ; Thomas Engel ; Andreas Zinnen ; Martin Henze ; Klaus Wehrle

【Abstract】:

【Keywords】:

Session 11: Malware 5

41. Extract Me If You Can: Abusing PDF Parsers in Malware Detectors.

Paper Link】 【Pages】:

【Authors】: Curtis Carmony ; Xunchao Hu ; Heng Yin ; Abhishek Vasisht Bhaskar ; Mu Zhang

【Abstract】:

【Keywords】:

42. Automatically Evading Classifiers: A Case Study on PDF Malware Classifiers.

Paper Link】 【Pages】:

【Authors】: Weilin Xu ; Yanjun Qi ; David Evans

【Abstract】:

【Keywords】:

43. Cache, Trigger, Impersonate: Enabling Context-Sensitive Honeyclient Analysis On-the-Wire.

Paper Link】 【Pages】:

【Authors】: Teryl Taylor ; Kevin Z. Snow ; Nathan Otterness ; Fabian Monrose

【Abstract】:

【Keywords】:

44. LO-PHI: Low-Observable Physical Host Instrumentation for Malware Analysis.

Paper Link】 【Pages】:

【Authors】: Chad Spensky ; Hongyi Hu ; Kevin Leach

【Abstract】:

【Keywords】:

45. When a Tree Falls: Using Diversity in Ensemble Classifiers to Identify Evasion in Malware Detectors.

Paper Link】 【Pages】:

【Authors】: Charles Smutz ; Angelos Stavrou

【Abstract】:

【Keywords】:

Session 12: System Security - Part II 5

46. Kratos: Discovering Inconsistent Security Policy Enforcement in the Android Framework.

Paper Link】 【Pages】:

【Authors】: Yuru Shao ; Qi Alfred Chen ; Zhuoqing Morley Mao ; Jason Ott ; Zhiyun Qian

【Abstract】:

【Keywords】:

47. How to Make ASLR Win the Clone Wars: Runtime Re-Randomization.

Paper Link】 【Pages】:

【Authors】: Kangjie Lu ; Wenke Lee ; Stefan Nürnberger ; Michael Backes

【Abstract】:

【Keywords】:

48. Leakage-Resilient Layout Randomization for Mobile Devices.

Paper Link】 【Pages】:

【Authors】: Kjell Braden ; Lucas Davi ; Christopher Liebchen ; Ahmad-Reza Sadeghi ; Stephen Crane ; Michael Franz ; Per Larsen

【Abstract】:

【Keywords】:

49. Enabling Client-Side Crash-Resistance to Overcome Diversification and Information Hiding.

Paper Link】 【Pages】:

【Authors】: Robert Gawlik ; Benjamin Kollenda ; Philipp Koppe ; Behrad Garmany ; Thorsten Holz

【Abstract】:

【Keywords】:

50. Enforcing Kernel Security Invariants with Data Flow Integrity.

Paper Link】 【Pages】:

【Authors】: Chengyu Song ; Byoungyoung Lee ; Kangjie Lu ; William Harris ; Taesoo Kim ; Wenke Lee

【Abstract】:

【Keywords】:

Session 13: Android Security 5

51. Going Native: Using a Large-Scale Analysis of Android Apps to Create a Practical Native-Code Sandboxing Policy.

Paper Link】 【Pages】:

【Authors】: Vitor Monte Afonso ; Paulo L. de Geus ; Antonio Bianchi ; Yanick Fratantonio ; Christopher Kruegel ; Giovanni Vigna ; Adam Doupé ; Mario Polino

【Abstract】:

【Keywords】:

52. Life after App Uninstallation: Are the Data Still Alive? Data Residue Attacks on Android.

Paper Link】 【Pages】:

【Authors】: Xiao Zhang ; Kailiang Ying ; Yousra Aafer ; Zhenshen Qiu ; Wenliang Du

【Abstract】:

【Keywords】:

53. FLEXDROID: Enforcing In-App Privilege Separation in Android.

Paper Link】 【Pages】:

【Authors】: Jaebaek Seo ; Daehyeok Kim ; Donghyun Cho ; Insik Shin ; Taesoo Kim

【Abstract】:

【Keywords】:

54. IntelliDroid: A Targeted Input Generator for the Dynamic Analysis of Android Malware.

Paper Link】 【Pages】:

【Authors】: Michelle Y. Wong ; David Lie

【Abstract】:

【Keywords】:

55. Harvesting Runtime Values in Android Applications That Feature Anti-Analysis Techniques.

Paper Link】 【Pages】:

【Authors】: Siegfried Rasthofer ; Steven Arzt ; Marc Miltenberger ; Eric Bodden

【Abstract】:

【Keywords】:

Session 14: User Authentication 5

56. Automatic Forgery of Cryptographically Consistent Messages to Identify Security Vulnerabilities in Mobile Services.

Paper Link】 【Pages】:

【Authors】: Chaoshun Zuo ; Wubing Wang ; Zhiqiang Lin ; Rui Wang

【Abstract】:

【Keywords】:

57. Differentially Private Password Frequency Lists.

Paper Link】 【Pages】:

【Authors】: Jeremiah Blocki ; Anupam Datta ; Joseph Bonneau

【Abstract】:

【Keywords】:

58. Who Are You? A Statistical Approach to Measuring User Authenticity.

Paper Link】 【Pages】:

【Authors】: David Freeman ; Sakshi Jain ; Markus Dürmuth ; Battista Biggio ; Giorgio Giacinto

【Abstract】:

【Keywords】:

59. Pitfalls in Designing Zero-Effort Deauthentication: Opportunistic Human Observation Attacks.

Paper Link】 【Pages】:

【Authors】: Otto Huhta ; Swapnil Udar ; Mika Juuti ; Prakash Shrestha ; Nitesh Saxena ; N. Asokan

【Abstract】:

【Keywords】:

60. VISIBLE: Video-Assisted Keystroke Inference from Tablet Backside Motion.

Paper Link】 【Pages】:

【Authors】: Jingchao Sun ; Xiaocong Jin ; Yimin Chen ; Jinxue Zhang ; Yanchao Zhang ; Rui Zhang

【Abstract】:

【Keywords】: