25th NDSS 2018:San Diego, CA, USA

25th Annual Network and Distributed System Security Symposium, NDSS 2018, San Diego, California, USA, February 18-21, 2018. The Internet Society 【DBLP Link

Paper Num: 71 || Session Num: 17

Session 1A: IoT 4

1. IoTFuzzer: Discovering Memory Corruptions in IoT Through App-based Fuzzing.

Paper Link】 【Pages】:

【Authors】: Jiongyi Chen ; Wenrui Diao ; Qingchuan Zhao ; Chaoshun Zuo ; Zhiqiang Lin ; XiaoFeng Wang ; Wing Cheong Lau ; Menghan Sun ; Ronghai Yang ; Kehuan Zhang

【Abstract】:

【Keywords】:

2. Fear and Logging in the Internet of Things.

Paper Link】 【Pages】:

【Authors】: Qi Wang ; Wajih Ul Hassan ; Adam M. Bates ; Carl A. Gunter

【Abstract】:

【Keywords】:

3. Decentralized Action Integrity for Trigger-Action IoT Platforms.

Paper Link】 【Pages】:

【Authors】: Earlence Fernandes ; Amir Rahmati ; Jaeyeon Jung ; Atul Prakash

【Abstract】:

【Keywords】:

4. What You Corrupt Is Not What You Crash: Challenges in Fuzzing Embedded Devices.

Paper Link】 【Pages】:

【Authors】: Marius Muench ; Jan Stijohann ; Frank Kargl ; Aurélien Francillon ; Davide Balzarotti

【Abstract】:

【Keywords】:

Session 1B: Attacks and Vulnerabilities 4

5. Didn't You Hear Me? - Towards More Successful Web Vulnerability Notifications.

Paper Link】 【Pages】:

【Authors】: Ben Stock ; Giancarlo Pellegrino ; Frank Li ; Michael Backes ; Christian Rossow

【Abstract】:

【Keywords】:

6. Exposing Congestion Attack on Emerging Connected Vehicle based Traffic Signal Control.

Paper Link】 【Pages】:

【Authors】: Qi Alfred Chen ; Yucheng Yin ; Yiheng Feng ; Z. Morley Mao ; Henry X. Liu

【Abstract】:

【Keywords】:

7. Removing Secrets from Android's TLS.

Paper Link】 【Pages】:

【Authors】: Jaeho Lee ; Dan S. Wallach

【Abstract】:

【Keywords】:

8. rtCaptcha: A Real-Time CAPTCHA Based Liveness Detection System.

Paper Link】 【Pages】:

【Authors】: Erkam Uzun ; Simon Pak Ho Chung ; Irfan Essa ; Wenke Lee

【Abstract】:

【Keywords】:

Session 2A: Network Security/Cellular Networks 4

9. Automated Attack Discovery in TCP Congestion Control Using a Model-guided Approach.

Paper Link】 【Pages】:

【Authors】: Samuel Jero ; Md. Endadul Hoque ; David R. Choffnes ; Alan Mislove ; Cristina Nita-Rotaru

【Abstract】:

【Keywords】:

10. Preventing (Network) Time Travel with Chronos.

Paper Link】 【Pages】:

【Authors】: Omer Deutsch ; Neta Rozen Schiff ; Danny Dolev ; Michael Schapira

【Abstract】:

【Keywords】:

11. LTEInspector: A Systematic Approach for Adversarial Testing of 4G LTE.

Paper Link】 【Pages】:

【Authors】: Syed Rafiul Hussain ; Omar Chowdhury ; Shagufta Mehnaz ; Elisa Bertino

【Abstract】:

【Keywords】:

12. GUTI Reallocation Demystified: Cellular Location Tracking with Changing Temporary Identifier.

Paper Link】 【Pages】:

【Authors】: Byeongdo Hong ; Sangwook Bae ; Yongdae Kim

【Abstract】:

【Keywords】:

Session 2B: Crypto 4

13. Mind Your Keys? A Security Evaluation of Java Keystores.

Paper Link】 【Pages】:

【Authors】: Riccardo Focardi ; Francesco Palmarini ; Marco Squarcina ; Graham Steel ; Mauro Tempesta

【Abstract】:

【Keywords】:

14. A Security Analysis of Honeywords.

Paper Link】 【Pages】:

【Authors】: Ding Wang ; Haibo Cheng ; Ping Wang ; Jeff Yan ; Xinyi Huang

【Abstract】:

【Keywords】:

15. Revisiting Private Stream Aggregation: Lattice-Based PSA.

Paper Link】 【Pages】:

【Authors】: Daniela Becker ; Jorge Guajardo ; Karl-Heinz Zimmermann

【Abstract】:

【Keywords】:

16. ZeroTrace : Oblivious Memory Primitives from Intel SGX.

Paper Link】 【Pages】:

【Authors】: Sajin Sasy ; Sergey Gorbunov ; Christopher W. Fletcher

【Abstract】:

【Keywords】:

Session 3A: Deep Learning and Adversarial ML 5

17. Automated Website Fingerprinting through Deep Learning.

Paper Link】 【Pages】:

【Authors】: Vera Rimmer ; Davy Preuveneers ; Marc Juárez ; Tom van Goethem ; Wouter Joosen

【Abstract】:

【Keywords】:

18. VulDeePecker: A Deep Learning-Based System for Vulnerability Detection.

Paper Link】 【Pages】:

【Authors】: Zhen Li ; Deqing Zou ; Shouhuai Xu ; Xinyu Ou ; Hai Jin ; Sujuan Wang ; Zhijun Deng ; Yuyi Zhong

【Abstract】:

【Keywords】:

19. Kitsune: An Ensemble of Autoencoders for Online Network Intrusion Detection.

Paper Link】 【Pages】:

【Authors】: Yisroel Mirsky ; Tomer Doitshman ; Yuval Elovici ; Asaf Shabtai

【Abstract】:

【Keywords】:

20. Feature Squeezing: Detecting Adversarial Examples in Deep Neural Networks.

Paper Link】 【Pages】:

【Authors】: Weilin Xu ; David Evans ; Yanjun Qi

【Abstract】:

【Keywords】:

21. Trojaning Attack on Neural Networks.

Paper Link】 【Pages】:

【Authors】: Yingqi Liu ; Shiqing Ma ; Yousra Aafer ; Wen-Chuan Lee ; Juan Zhai ; Weihang Wang ; Xiangyu Zhang

【Abstract】:

【Keywords】:

Session 3B: Authentication 5

22. Broken Fingers: On the Usage of the Fingerprint API in Android.

Paper Link】 【Pages】:

【Authors】: Antonio Bianchi ; Yanick Fratantonio ; Aravind Machiry ; Christopher Kruegel ; Giovanni Vigna ; Simon Pak Ho Chung ; Wenke Lee

【Abstract】:

【Keywords】:

23. K-means++ vs. Behavioral Biometrics: One Loop to Rule Them All.

Paper Link】 【Pages】:

【Authors】: Parimarjan Negi ; Prafull Sharma ; Vivek Jain ; Bahman Bahmani

【Abstract】:

【Keywords】:

24. ABC: Enabling Smartphone Authentication with Built-in Camera.

Paper Link】 【Pages】:

【Authors】: Zhongjie Ba ; Sixu Piao ; Xinwen Fu ; Dimitrios Koutsonikolas ; Aziz Mohaisen ; Kui Ren

【Abstract】:

【Keywords】:

25. Device Pairing at the Touch of an Electrode.

Paper Link】 【Pages】:

【Authors】: Marc Roeschlin ; Ivan Martinovic ; Kasper Bonne Rasmussen

【Abstract】:

【Keywords】:

26. Face Flashing: a Secure Liveness Detection Protocol based on Light Reflections.

Paper Link】 【Pages】:

【Authors】: Di Tang ; Zhe Zhou ; Yinqian Zhang ; Kehuan Zhang

【Abstract】:

【Keywords】:

Session 4A: Measurements 4

27. A Large-scale Analysis of Content Modification by Open HTTP Proxies.

Paper Link】 【Pages】:

【Authors】: Giorgos Tsirantonakis ; Panagiotis Ilia ; Sotiris Ioannidis ; Elias Athanasopoulos ; Michalis Polychronakis

【Abstract】:

【Keywords】:

28. Measuring and Disrupting Anti-Adblockers Using Differential Execution Analysis.

Paper Link】 【Pages】:

【Authors】: Shitong Zhu ; Xunchao Hu ; Zhiyun Qian ; Zubair Shafiq ; Heng Yin

【Abstract】:

【Keywords】:

29. Towards Measuring the Effectiveness of Telephony Blacklists.

Paper Link】 【Pages】:

【Authors】: Sharbani Pandit ; Roberto Perdisci ; Mustaque Ahamad ; Payas Gupta

【Abstract】:

【Keywords】:

30. Things You May Not Know About Android (Un)Packers: A Systematic Study based on Whole-System Emulation.

Paper Link】 【Pages】:

【Authors】: Yue Duan ; Mu Zhang ; Abhishek Vasisht Bhaskar ; Heng Yin ; Xiaorui Pan ; Tongxin Li ; Xueqiang Wang ; XiaoFeng Wang

【Abstract】:

【Keywords】:

Session 4B: Software Attacks and Secure Architectures 4

31. KeyDrown: Eliminating Software-Based Keystroke Timing Side-Channel Attacks.

Paper Link】 【Pages】:

【Authors】: Michael Schwarz ; Moritz Lipp ; Daniel Gruss ; Samuel Weiser ; Clémentine Maurice ; Raphael Spreitzer ; Stefan Mangard

【Abstract】:

【Keywords】:

32. Securing Real-Time Microcontroller Systems through Customized Memory View Switching.

Paper Link】 【Pages】:

【Authors】: Chung Hwan Kim ; Taegyu Kim ; Hongjun Choi ; Zhongshu Gu ; Byoungyoung Lee ; Xiangyu Zhang ; Dongyan Xu

【Abstract】:

【Keywords】:

33. Automated Generation of Event-Oriented Exploits in Android Hybrid Apps.

Paper Link】 【Pages】:

【Authors】: Guangliang Yang ; Jeff Huang ; Guofei Gu

【Abstract】:

【Keywords】:

34. Tipped Off by Your Memory Allocator: Device-Wide User Activity Sequencing from Android Memory Images.

Paper Link】 【Pages】:

【Authors】: Rohit Bhatia ; Brendan Saltaformaggio ; Seung Jei Yang ; Aisha I. Ali-Gombe ; Xiangyu Zhang ; Dongyan Xu ; Golden G. Richard III

【Abstract】:

【Keywords】:

Session 5A: Software Security 5

35. K-Miner: Uncovering Memory Corruption in Linux.

Paper Link】 【Pages】:

【Authors】: David Gens ; Simon Schmitt ; Lucas Davi ; Ahmad-Reza Sadeghi

【Abstract】:

【Keywords】:

36. CFIXX: Object Type Integrity for C++.

Paper Link】 【Pages】:

【Authors】: Nathan Burow ; Derrick McKee ; Scott A. Carr ; Mathias Payer

【Abstract】:

【Keywords】:

37. Back To The Epilogue: Evading Control Flow Guard via Unaligned Targets.

Paper Link】 【Pages】:

【Authors】: Andrea Biondo ; Mauro Conti ; Daniele Lain

【Abstract】:

【Keywords】:

38. Superset Disassembly: Statically Rewriting x86 Binaries Without Heuristics.

Paper Link】 【Pages】:

【Authors】: Erick Bauman ; Zhiqiang Lin ; Kevin W. Hamlen

【Abstract】:

【Keywords】:

39. Enhancing Memory Error Detection for Large-Scale Applications and Fuzz Testing.

Paper Link】 【Pages】:

【Authors】: Wookhyun Han ; Byunggill Joe ; Byoungyoung Lee ; Chengyu Song ; Insik Shin

【Abstract】:

【Keywords】:

Session 5B: Privacy in Mobile 5

40. Finding Clues for Your Secrets: Semantics-Driven, Learning-Based Privacy Discovery in Mobile Apps.

Paper Link】 【Pages】:

【Authors】: Yuhong Nan ; Zhemin Yang ; Xiaofeng Wang ; Yuan Zhang ; Donglai Zhu ; Min Yang

【Abstract】:

【Keywords】:

41. Bug Fixes, Improvements, ... and Privacy Leaks - A Longitudinal Study of PII Leaks Across Android App Versions.

Paper Link】 【Pages】:

【Authors】: Jingjing Ren ; Martina Lindorfer ; Daniel J. Dubois ; Ashwin Rao ; David R. Choffnes ; Narseo Vallina-Rodriguez

【Abstract】:

【Keywords】:

42. Apps, Trackers, Privacy, and Regulators: A Global Study of the Mobile Tracking Ecosystem.

Paper Link】 【Pages】:

【Authors】: Abbas Razaghpanah ; Rishab Nithyanand ; Narseo Vallina-Rodriguez ; Srikanth Sundaresan ; Mark Allman ; Christian Kreibich ; Phillipa Gill

【Abstract】:

【Keywords】:

43. OS-level Side Channels without Procfs: Exploring Cross-App Information Leakage on iOS.

Paper Link】 【Pages】:

【Authors】: Xiaokuan Zhang ; Xueqiang Wang ; Xiaolong Bai ; Yinqian Zhang ; XiaoFeng Wang

【Abstract】:

【Keywords】:

44. Knock Knock, Who's There? Membership Inference on Aggregate Location Data.

Paper Link】 【Pages】:

【Authors】: Apostolos Pyrgelis ; Carmela Troncoso ; Emiliano De Cristofaro

【Abstract】:

【Keywords】:

Session 6A: Cloud 4

45. Reduced Cooling Redundancy: A New Security Vulnerability in a Hot Data Center.

Paper Link】 【Pages】:

【Authors】: Xing Gao ; Zhang Xu ; Haining Wang ; Li Li ; Xiaorui Wang

【Abstract】:

【Keywords】:

46. OBLIVIATE: A Data Oblivious Filesystem for Intel SGX.

Paper Link】 【Pages】:

【Authors】: Adil Ahmad ; Kyungtae Kim ; Muhammad Ihsanulhaq Sarfaraz ; Byoungyoung Lee

【Abstract】:

【Keywords】:

47. Microarchitectural Minefields: 4K-Aliasing Covert Channel and Multi-Tenant Detection in Iaas Clouds.

Paper Link】 【Pages】:

【Authors】: Dean Sullivan ; Orlando Arias ; Travis Meade ; Yier Jin

【Abstract】:

【Keywords】:

48. Cloud Strife: Mitigating the Security Risks of Domain-Validated Certificates.

Paper Link】 【Pages】:

【Authors】: Kevin Borgolte ; Tobias Fiebig ; Shuang Hao ; Christopher Kruegel ; Giovanni Vigna

【Abstract】:

【Keywords】:

Session 6B: Privacy and De-Anonymization 4

49. Consensual and Privacy-Preserving Sharing of Multi-Subject and Interdependent Data.

Paper Link】 【Pages】:

【Authors】: Alexandra-Mihaela Olteanu ; Kévin Huguenin ; Italo Dacosta ; Jean-Pierre Hubaux

【Abstract】:

【Keywords】:

50. When Coding Style Survives Compilation: De-anonymizing Programmers from Executable Binaries.

Paper Link】 【Pages】:

【Authors】: Aylin Caliskan ; Fabian Yamaguchi ; Edwin Dauber ; Richard E. Harang ; Konrad Rieck ; Rachel Greenstadt ; Arvind Narayanan

【Abstract】:

【Keywords】:

51. De-anonymization of Mobility Trajectories: Dissecting the Gaps between Theory and Practice.

Paper Link】 【Pages】:

【Authors】: Huandong Wang ; Chen Gao ; Yong Li ; Gang Wang ; Depeng Jin ; Jingbo Sun

【Abstract】:

【Keywords】:

52. Veil: Private Browsing Semantics Without Browser-side Assistance.

Paper Link】 【Pages】:

【Authors】: Frank Wang ; James Mickens ; Nickolai Zeldovich

【Abstract】:

【Keywords】:

Session 7A: Web Security 4

53. Game of Missuggestions: Semantic Analysis of Search-Autocomplete Manipulations.

Paper Link】 【Pages】:

【Authors】: Peng Wang ; Xianghang Mi ; Xiaojing Liao ; XiaoFeng Wang ; Kan Yuan ; Feng Qian ; Raheem A. Beyah

【Abstract】:

【Keywords】:

54. SYNODE: Understanding and Automatically Preventing Injection Attacks on NODE.JS.

Paper Link】 【Pages】:

【Authors】: Cristian-Alexandru Staicu ; Michael Pradel ; Benjamin Livshits

【Abstract】:

【Keywords】:

55. JavaScript Zero: Real JavaScript and Zero Side-Channel Attacks.

Paper Link】 【Pages】:

【Authors】: Michael Schwarz ; Moritz Lipp ; Daniel Gruss

【Abstract】:

【Keywords】:

56. Riding out DOMsday: Towards Detecting and Preventing DOM Cross-Site Scripting.

Paper Link】 【Pages】:

【Authors】: William Melicher ; Anupam Das ; Mahmood Sharif ; Lujo Bauer ; Limin Jia

【Abstract】:

【Keywords】:

Session 7B: Audit Logs 4

57. Towards Scalable Cluster Auditing through Grammatical Inference over Provenance Graphs.

Paper Link】 【Pages】:

【Authors】: Wajih Ul Hassan ; Mark Lemay ; Nuraini Aguse ; Adam M. Bates ; Thomas Moyer

【Abstract】:

【Keywords】:

58. MCI : Modeling-based Causality Inference in Audit Logging for Attack Investigation.

Paper Link】 【Pages】:

【Authors】: Yonghwi Kwon ; Fei Wang ; Weihang Wang ; Kyu Hyung Lee ; Wen-Chuan Lee ; Shiqing Ma ; Xiangyu Zhang ; Dongyan Xu ; Somesh Jha ; Gabriela F. Ciocarlie ; Ashish Gehani ; Vinod Yegneswaran

【Abstract】:

【Keywords】:

59. Towards a Timely Causality Analysis for Enterprise Security.

Paper Link】 【Pages】:

【Authors】: Yushan Liu ; Mu Zhang ; Ding Li ; Kangkook Jee ; Zhichun Li ; Zhenyu Wu ; Junghwan Rhee ; Prateek Mittal

【Abstract】:

【Keywords】:

60. JSgraph: Enabling Reconstruction of Web Attacks via Efficient Tracking of Live In-Browser JavaScript Executions.

Paper Link】 【Pages】:

【Authors】: Bo Li ; Phani Vadrevu ; Kyu Hyung Lee ; Roberto Perdisci

【Abstract】:

【Keywords】:

Session 8: Android 4

61. AceDroid: Normalizing Diverse Android Access Control Checks for Inconsistency Detection.

Paper Link】 【Pages】:

【Authors】: Yousra Aafer ; Jianjun Huang ; Yi Sun ; Xiangyu Zhang ; Ninghui Li ; Chen Tian

【Abstract】:

【Keywords】:

62. InstaGuard: Instantly Deployable Hot-patches for Vulnerable System Programs on Android.

Paper Link】 【Pages】:

【Authors】: Yaohui Chen ; Yuping Li ; Long Lu ; Yueh-Hsun Lin ; Hayawardh Vijayakumar ; Zhi Wang ; Xinming Ou

【Abstract】:

【Keywords】:

63. BreakApp: Automated, Flexible Application Compartmentalization.

Paper Link】 【Pages】:

【Authors】: Nikos Vasilakis ; Ben Karel ; Nick Roessler ; Nathan Dautenhahn ; André DeHon ; Jonathan M. Smith

【Abstract】:

【Keywords】:

64. Resolving the Predicament of Android Custom Permissions.

Paper Link】 【Pages】:

【Authors】: Güliz Seray Tuncay ; Soteris Demetriou ; Karan Ganju ; Carl A. Gunter

【Abstract】:

【Keywords】:

Session 9: Blockchain and Smart Contracts 4

65. ZEUS: Analyzing Safety of Smart Contracts.

Paper Link】 【Pages】:

【Authors】: Sukrit Kalra ; Seep Goel ; Mohan Dhawan ; Subodh Sharma

【Abstract】:

【Keywords】:

66. Chainspace: A Sharded Smart Contracts Platform.

Paper Link】 【Pages】:

【Authors】: Mustafa Al-Bassam ; Alberto Sonnino ; Shehar Bano ; Dave Hrycyszyn ; George Danezis

【Abstract】:

【Keywords】:

67. Settling Payments Fast and Private: Efficient Decentralized Routing for Path-Based Transactions.

Paper Link】 【Pages】:

【Authors】: Stefanie Roos ; Pedro Moreno-Sanchez ; Aniket Kate ; Ian Goldberg

【Abstract】:

【Keywords】:

68. TLS-N: Non-repudiation over TLS Enablign Ubiquitous Content Signing.

Paper Link】 【Pages】:

【Authors】: Hubert Ritzdorf ; Karl Wüst ; Arthur Gervais ; Guillaume Felley ; Srdjan Capkun

【Abstract】:

【Keywords】:

Session 10: Social Networks and Anonymity 3

69. Investigating Ad Transparency Mechanisms in Social Media: A Case Study of Facebooks Explanations.

Paper Link】 【Pages】:

【Authors】: Athanasios Andreou ; Giridhari Venkatadri ; Oana Goga ; Krishna P. Gummadi ; Patrick Loiseau ; Alan Mislove

【Abstract】:

【Keywords】:

70. Inside Job: Applying Traffic Analysis to Measure Tor from Within.

Paper Link】 【Pages】:

【Authors】: Rob Jansen ; Marc Juárez ; Rafa Galvez ; Tariq Elahi ; Claudia Díaz

【Abstract】:

【Keywords】:

71. Smoke Screener or Straight Shooter: Detecting Elite Sybil Attacks in User-Review Social Networks.

Paper Link】 【Pages】:

【Authors】: Haizhong Zheng ; Minhui Xue ; Hao Lu ; Shuang Hao ; Haojin Zhu ; Xiaohui Liang ; Keith W. Ross

【Abstract】:

【Keywords】: