ACSAC '20: Annual Computer Security Applications Conference, Virtual Event / Austin, TX, USA, 7-11 December, 2020 - researchr publication

researchr

You are not signed in
Sign in
Sign up

ACSAC '20: Annual Computer Security Applications Conference, Virtual Event / Austin, TX, USA, 7-11 December, 2020. ACM, 2020. [doi]

Conference: acsac2020

Abstract is missing.

The Tangled Genealogy of IoT MalwareEmanuele Cozzi, Pierre-Antoine Vervier, Matteo Dell'Amico, Yun Shen, Leyla Bilge, Davide Balzarotti. 1-16 [doi]

Spotlight: Malware Lead Generation at ScaleFabian Kaczmarczyck, Bernhard Grill, Luca Invernizzi, Jennifer Pullman, Cecilia M. Procopiuc, David Tao, Borbala Benko, Elie Bursztein. 17-27 [doi]

App-Agnostic Post-Execution Semantic Analysis of Android In-Memory Forensics ArtifactsAisha Ali Gombe, Alexandra Tambaoan, Angela Gurfolino, Golden G. Richard III. 28-41 [doi]

AVclass2: Massive Malware Tag Extraction from AV LabelsSilvia Sebastián, Juan Caballero. 42-53 [doi]

Advanced Windows Methods on Malware Detection and ClassificationDima Rabadi, Sin G. Teo. 54-68 [doi]

Betrayed by the Guardian: Security and Privacy Risks of Parental Control SolutionsSuzan Ali, Mounir Elgharabawy, Quentin Duchaussoy, Mohammad Mannan, Amr M. Youssef. 69-83 [doi]

Talek: Private Group Messaging with Hidden Access PatternsRaymond Cheng 0001, William Scott, Elisaweta Masserova, Irene Zhang, Vipul Goyal, Thomas E. Anderson, Arvind Krishnamurthy, Bryan Parno. 84-99 [doi]

Towards a Practical Differentially Private Collaborative Phone Blacklisting SystemDaniele Ucci, Roberto Perdisci, Jaewoo Lee, Mustaque Ahamad. 100-115 [doi]

Towards Realistic Membership Inferences: The Case of Survey DataLuke A. Bauer, Vincent Bindschaedler. 116-128 [doi]

Quantifying measurement quality and load distribution in TorAndre Greubel, Steffen Pohl, Samuel Kounev. 129-140 [doi]

SAIBERSOC: Synthetic Attack Injection to Benchmark and Evaluate the Performance of Security Operation CentersMartin Rosso, Michele Campobasso, Ganduulga Gankhuyag, Luca Allodi. 141-153 [doi]

Measurements of the Most Significant Software Security WeaknessesCarlos Cardoso Galhardo, Peter Mell, Irena Bojanova, Assane Gueye. 154-164 [doi]

This is Why We Can't Cache Nice Things: Lightning-Fast Threat Hunting using Suspicion-Based Hierarchical StorageWajih Ul Hassan, Ding Li, Kangkook Jee, Xiao Yu 0007, Kexuan Zou, Dawei Wang, Zhengzhang Chen, Zhichun Li, Junghwan Rhee, Jiaping Gui, Adam Bates 0001. 165-178 [doi]

CDL: Classified Distributed Learning for Detecting Security Attacks in Containerized ApplicationsYuhang Lin, Olufogorehan Tunde-Onadele, Xiaohui Gu. 179-188 [doi]

On the Forensic Validity of Approximated Audit LogsNoor Michael, Jaron Mink, Jason Liu, Sneha Gaur, Wajih Ul Hassan, Adam Bates 0001. 189-202 [doi]

More Than Just Good Passwords? A Study on Usability and Security Perceptions of Risk-based AuthenticationStephan Wiefling, Markus Dürmuth, Luigi Lo Iacono. 203-218 [doi]

Double Patterns: A Usable Solution to Increase the Security of Android Unlock PatternsTim Forman, Adam Aviv. 219-233 [doi]

Understanding User Perceptions of Security and Privacy for Group Chat: A Survey of Users in the US and UKSean Oesch, Ruba Abu-Salma, Oumar Diallo, Juliane Krämer, James Simmons, Justin Wu, Scott Ruoti. 234-248 [doi]

Widely Reused and Shared, Infrequently Updated, and Sometimes Inherited: A Holistic View of PIN Authentication in Digital Lives and BeyondHassan Khan, Jason Ceci, Jonah Stegman, Adam J. Aviv, Rozita Dara 0001, Ravi Kuber. 249-262 [doi]

Up2Dep: Android Tool Support to Fix Insecure Code DependenciesDuc-Cuong Nguyen, Erik Derr, Michael Backes 0001, Sven Bugiel. 263-276 [doi]

On the Feasibility of Automating Stock Market ManipulationCarter Yagemann, Simon P. Chung, Erkam Uzun, Sai Ragam, Brendan Saltaformaggio, Wenke Lee. 277-290 [doi]

Dragonblood is Still Leaking: Practical Cache-based Side-Channel in the WildDaniel De Almeida Braga, Pierre-Alain Fouque, Mohamed Sabt. 291-303 [doi]

DeepSIM: GPS Spoofing Detection on UAVs using Satellite Imagery MatchingNian Xue, Liang Niu, Xianbin Hong, Zhen Li, Larissa Hoffaeller, Christina Pöpper. 304-319 [doi]

Certified Copy? Understanding Security Risks of Wi-Fi Hotspot based Android Data Clone ServicesSiqi Ma, Hehao Li, Wenbo Yang, Juanru Li, Surya Nepal, Elisa Bertino. 320-331 [doi]

DPIFuzz: A Differential Fuzzing Framework to Detect DPI Elusion Strategies for QUICGaganjeet Singh Reen, Christian Rossow. 332-344 [doi]

A Flexible Framework for Expediting Bug Finding by Leveraging Past (Mis-)Behavior to Discover New BugsSanjeev Das, Kedrian James, Jan Werner, Manos Antonakakis, Michalis Polychronakis, Fabian Monrose. 345-359 [doi]

Cupid : Automatic Fuzzer Selection for Collaborative FuzzingEmre Güler, Philipp Görz, Elia Geretto, Andrea Jemmett, Sebastian Österlund, Herbert Bos, Cristiano Giuffrida, Thorsten Holz. 360-372 [doi]

Probabilistic Naming of Functions in Stripped BinariesJames Patrick-Evans, Lorenzo Cavallaro, Johannes Kinder. 373-385 [doi]

Guide Me to Exploit: Assisted ROP Exploit Generation for ActionScript Virtual MachineFadi Yilmaz, Meera Sridhar, Wontae Choi. 386-400 [doi]

Practical Fine-Grained Binary Code Randomization†Soumyakant Priyadarshan, Huan Nguyen 0004, R. Sekar. 401-414 [doi]

Faulty Point Unit: ABI Poisoning Attacks on Intel SGXFritz Alder, Jo Van Bulck, David Oswald, Frank Piessens. 415-427 [doi]

Reboot-Oriented IoT: Life Cycle Management in Trusted Execution Environment for Disposable IoT devicesKuniyasu Suzaki, Akira Tsukamoto, Andy Green, Mohammad Mannan. 428-441 [doi]

RusTEE: Developing Memory-Safe ARM TrustZone ApplicationsShengye Wan, Mingshen Sun, Kun Sun 0001, Ning Zhang 0017, Xu He. 442-453 [doi]

HeapExpo: Pinpointing Promoted Pointers to Prevent Use-After-Free VulnerabilitiesZekun Shen, Brendan Dolan-Gavitt. 454-465 [doi]

ρFEM: Efficient Backward-edge Protection Using Reversed Forward-edge MappingsPaul Muntean, Matthias Neumayer, Zhiqiang Lin, Gang Tan, Jens Grossklags, Claudia Eckert 0001. 466-479 [doi]

Constrained Concealment Attacks against Reconstruction-based Anomaly Detectors in Industrial Control SystemsAlessandro Erba, Riccardo Taormina, Stefano Galelli, Marcello Pogliani, Michele Carminati, Stefano Zanero, Nils Ole Tippenhauer. 480-495 [doi]

Workflow Integration Alleviates Identity and Access Management in Serverless ComputingArnav Sankaran, Pubali Datta, Adam Bates 0001. 496-509 [doi]

Privacy-Preserving Production Process Parameter ExchangeJan Pennekamp, Erik Buchholz, Yannik Lockner, Markus Dahlmanns, Tiandong Xi, Marcel Fey, Christian Brecher, Christian Hopmann, Klaus Wehrle. 510-525 [doi]

Efficient Oblivious Substring Search via Architectural SupportNicholas Mainardi, Davide Sampietro, Alessandro Barenghi, Gerardo Pelosi. 526-541 [doi]

SERENIoT: Distributed Network Security Policy Management and Enforcement for Smart HomesCorentin Thomasset, David Barrera 0003. 542-555 [doi]

Effect of Security Controls on Patching Window: A Causal Inference based ApproachAditya Kuppa, Lamine M. Aouad, Nhien-An Le-Khac. 556-566 [doi]

NoSQL Breakdown: A Large-scale Analysis of Misconfigured NoSQL ServicesDario Ferrari, Michele Carminati, Mario Polino, Stefano Zanero. 567-581 [doi]

GuardSpark++: Fine-Grained Purpose-Aware Access Control for Secure Data Sharing and Analysis in SparkTao Xue, Yu Wen, Bo Luo, Boyang Zhang, Yang Zheng, Yanfei Hu, Yingjiu Li, Gang Li, Dan Meng. 582-596 [doi]

Understanding Promotion-as-a-Service on GitHubKun Du, Hao Yang, Yubao Zhang, Haixin Duan, Haining Wang, Shuang Hao, Zhou Li 0001, Min Yang 0002. 597-610 [doi]

Query-Efficient Black-Box Attack Against Sequence-Based Malware ClassifiersIshai Rosenberg, Asaf Shabtai, Yuval Elovici, Lior Rokach. 611-626 [doi]

FPSelect: Low-Cost Browser Fingerprints for Mitigating Dictionary Attacks against Web Authentication MechanismsNampoina Andriamilanto, Tristan Allard, Gaëtan Le Guelvouit. 627-642 [doi]

Security Study of Service Worker Cross-Site ScriptingPhakpoom Chinprutthiwong, Raj Vardhan, Guangliang Yang, Guofei Gu. 643-654 [doi]

CAPS: Smoothly Transitioning to a More Resilient Web PKIStephanos Matsumoto, Jay Bosamiya, Yucheng Dai, Paul C. van Oorschot, Bryan Parno. 655-668 [doi]

dStyle-GAN: Generative Adversarial Network based on Writing and Photography Styles for Drug Identification in Darknet MarketsYiming Zhang 0002, Yiyue Qian, Yujie Fan, Yanfang Ye, Xin Li, Qi Xiong, Fudong Shao. 669-680 [doi]

Session Key Distribution Made Practical for CAN and CAN-FD Message AuthenticationYang Xiao, Shanghao Shi, Ning Zhang, Wenjing Lou, Y. Thomas Hou. 681-693 [doi]

LeakyPick: IoT Audio Spy DetectorRichard Mitev, Anna Pazii, Markus Miettinen, William Enck, Ahmad-Reza Sadeghi. 694-705 [doi]

IvoriWatch: Exploring Transparent Integrity Verification of Remote User Input Leveraging WearablesPrakash Shrestha, Zengrui Liu, Nitesh Saxena. 706-716 [doi]

Verify&Revive: Secure Detection and Recovery of Compromised Low-end Embedded DevicesMahmoud Ammar, Bruno Crispo. 717-732 [doi]

FirmAE: Towards Large-Scale Emulation of IoT Firmware for Dynamic AnalysisMingeun Kim, Dongkwan Kim, Eunsoo Kim, Suryeon Kim, Yeongjin Jang, Yongdae Kim. 733-745 [doi]

Device-agnostic Firmware Execution is Possible: A Concolic Execution Approach for Peripheral EmulationChen Cao, Le Guan, Jiang Ming 0002, Peng Liu 0005. 746-759 [doi]

Set It and Forget It! Turnkey ECC for Instant IntegrationDmitry Belyavsky, Billy Bob Brumley, Jesús-Javier Chi-Domínguez, Luis Rivera-Zamarripa, Igor Ustinov. 760-771 [doi]

Practical Over-Threshold Multi-Party Private Set IntersectionRasoul Akhavan Mahdavi, Thomas Humphries, Bailey Kacsmar, Simeon Krastnikov, Nils Lukas, John A. Premkumar, Masoumeh Shafieinejad, Simon Oya, Florian Kerschbaum, Erik-Oliver Blass. 772-783 [doi]

Secure and Verifiable Inference in Deep Neural NetworksGuowen Xu, Hongwei Li, Hao Ren, Jianfei Sun, Shengmin Xu, Jianting Ning, Haomiao Yang, Kan Yang 0001, Robert H. Deng. 784-797 [doi]

ZeroAUDITAman Luthra, James Cavanaugh, Hugo Renzzo Oclese, Rina M. Hirsch, Xiang Fu. 798-812 [doi]

Policy-based Chameleon Hash for Blockchain Rewriting with Black-box AccountabilityYangguang Tian, Nan Li, Yingjiu Li, Pawel Szalachowski, Jianying Zhou 0001. 813-828 [doi]

WearID: Low-Effort Wearable-Assisted Authentication of Voice Commands via Cross-Domain Comparison without TrainingCong Shi 0004, Yan Wang, Yingying Chen 0001, Nitesh Saxena, Chen Wang. 829-842 [doi]

Imperio: Robust Over-the-Air Adversarial Examples for Automatic Speech Recognition SystemsLea Schönherr, Thorsten Eisenhofer, Steffen Zeiler, Thorsten Holz, Dorothea Kolossa. 843-855 [doi]

Measuring the Effectiveness of Privacy Policies for Voice Assistant ApplicationsSong Liao, Christin Wilson, Long Cheng, Hongxin Hu, Huixing Deng. 856-869 [doi]

Voicefox: Leveraging Inbuilt Transcription to Enhance the Security of Machine-Human Speaker Verification against Voice Synthesis AttacksMaliheh Shirvanian, Manar Mohamed, Nitesh Saxena, S. Abhishek Anand. 870-883 [doi]

VibLive: A Continuous Liveness Detection for Secure Voice User Interface in IoT EnvironmentLinghan Zhang, Sheng Tan, Zi Wang, Yili Ren, Zhi Wang 0004, Jie Yang 0003. 884-896 [doi]

Februus: Input Purification Defense Against Trojan Attacks on Deep Neural Network SystemsBao Gia Doan, Ehsan Abbasnejad, Damith C. Ranasinghe. 897-912 [doi]

NoiseScope: Detecting Deepfake Images in a Blind SettingJiameng Pu, Neal Mangaokar, Bolun Wang, Chandan K. Reddy, Bimal Viswanath. 913-927 [doi]

StegoNet: Turn Deep Neural Network into a StegomalwareTao Liu 0023, Zihao Liu, Qi Liu, Wujie Wen, Wenyao Xu, Ming Li. 928-938 [doi]

SEEF-ALDR: A Speaker Embedding Enhancement Framework via Adversarial Learning based Disentangled RepresentationJianwei Tai, Xiaoqi Jia, Qingjia Huang, Weijuan Zhang, Haichao Du, Shengzhi Zhang. 939-950 [doi]

Attacking Graph-Based Classification without Changing Existing ConnectionsXuening Xu, Xiaojiang Du, Qiang Zeng 0001. 951-962 [doi]

runs on WebDSL