Table of Contents

• Quantitative Assessment on the Limitations of Code Randomization for Legacy BinariesPei Wang 0007, Jinquan Zhang, Shuai Wang 0011, Dinghao Wu. 1-16 [doi]
• Saffire: Context-sensitive Function Specialization against Code Reuse AttacksShachee Mishra, Michalis Polychronakis. 17-33 [doi]
• Improving Fuzzing through Controlled CompilationLaurent Simon, Akash Verma. 34-52 [doi]
• VGRAPH: A Robust Vulnerable Code Clone Detection System Using Code Property TripletsBenjamin Bowman, H. Howie Huang. 53-69 [doi]
• Multi-country Study of Third Party Trackers from Real Browser HistoriesXuehui Hu, Guillermo Suarez de Tangil, Nishanth Sastry. 70-86 [doi]
• X-Men: A Mutation-Based Approach for the Formal Analysis of Security CeremoniesDiego Sempreboni, Luca Viganò 0001. 87-104 [doi]
• "Anyone Else Seeing this Error?": Community, System Administrators, and Patch InformationAdam Jenkins, Pieris Kalligeros, Kami Vaniea, Maria K. Wolters. 105-119 [doi]
• User Attitudes On Direct-to-Consumer Genetic TestingDebjani Saha, Anna Chan, Brook Stacy, Kiran Javkar, Sushant Patkar, Michelle L. Mazurek. 120-138 [doi]
• Jekyll: Attacking Medical Image Diagnostics using Deep Generative ModelsNeal Mangaokar, Jiameng Pu, Parantapa Bhattacharya, Chandan K. Reddy, Bimal Viswanath. 139-157 [doi]
• Evaluating Explanation Methods for Deep Learning in SecurityAlexander Warnecke, Daniel Arp, Christian Wressnegger, Konrad Rieck. 158-174 [doi]
• Bypassing Backdoor Detection Algorithms in Deep LearningTe Juin Lester Tan, Reza Shokri. 175-183 [doi]
• Biometric Backdoors: A Poisoning Attack Against Unsupervised Template UpdatingGiulio Lovisotto, Simon Eberz, Ivan Martinovic. 184-197 [doi]
• DLA: Dense-Layer-Analysis for Adversarial Example DetectionPhilip Sperl, Ching-yu Kao, Peng Chen, Xiao Lei, Konstantin Böttinger. 198-215 [doi]
• Ordinos: A Verifiable Tally-Hiding E-Voting SystemRalf Küsters, Julian Liedtke, Johannes Müller 0001, Daniel Rausch 0001, Andreas Vogt 0001. 216-235 [doi]
• Accountability in a Permissioned Blockchain: Formal Analysis of Hyperledger FabricMike Graf, Ralf Küsters, Daniel Rausch 0001. 236-255 [doi]
• Reward Sharing Schemes for Stake PoolsLars Brünjes, Aggelos Kiayias, Elias Koutsoupias, Aikaterini-Panagiota Stouka. 256-275 [doi]
• Modular Security Analysis of OAuth 2.0 in the Three-Party SettingXinyu Li, Jing Xu, Zhenfeng Zhang, Xiao Lan, Yuchen Wang. 276-293 [doi]
• Replay Attacks and Defenses Against Cross-shard Consensus in Sharded Distributed LedgersAlberto Sonnino, Shehar Bano, Mustafa Al-Bassam, George Danezis. 294-308 [doi]
• TagBleed: Breaking KASLR on the Isolated Kernel Address Space using Tagged TLBsJakob Koschel, Cristiano Giuffrida, Herbert Bos, Kaveh Razavi. 309-321 [doi]
• Chameleons' Oblivion: Complex-Valued Deep Neural Networks for Protocol-Agnostic RF Device FingerprintingIoannis Agadakos, Nikolaos Agadakos, Jason Polakis, Mohamed R. Amer. 322-338 [doi]
• DARIA: Designing Actuators to Resist Arbitrary Attacks Against Cyber-Physical SystemsJairo Giraldo, Sahand Hadizadeh Kafash, Justin Ruths, Alvaro A. Cárdenas. 339-353 [doi]
• Practical Volume-Based Attacks on Encrypted DatabasesRishabh Poddar, Stephanie Wang, Jianan Lu, Raluca Ada Popa. 354-369 [doi]
• On Deploying Secure Computing: Private Intersection-Sum-with-CardinalityMihaela Ion, Ben Kreuter, Ahmet Erhan Nergiz, Sarvar Patel, Shobhit Saxena, Karn Seth, Mariana Raykova 0001, David Shanahan, Moti Yung. 370-389 [doi]
• Differentially Private Two-Party Set OperationsBailey Kacsmar, Basit Khurram, Nils Lukas, Alexander Norton, Masoumeh Shafieinejad, Zhiwei Shang, Yaser Baseri, Maryam Sepehri, Simon Oya, Florian Kerschbaum. 390-404 [doi]
• Zone Encryption with Anonymous Authentication for V2V CommunicationJan Camenisch, Manu Drijvers, Anja Lehmann, Gregory Neven, Patrick Towa. 405-424 [doi]
• Extensive Security Verification of the LoRaWAN Key-Establishment: Insecurities & PatchesStephan Wesemeyer, Ioana Boureanu, Zach Smith, Helen Treharne. 425-444 [doi]
• AVGuardian: Detecting and Mitigating Publish-Subscribe Overprivilege for Autonomous Vehicle SystemsDavid Ke Hong, John Kloosterman, Yuqi Jin, Yulong Cao, Qi Alfred Chen, Scott A. Mahlke, Z. Morley Mao. 445-459 [doi]
• A Vehicular DAA Scheme for Unlinkable ECDSA Pseudonyms in V2XChristopher Hicks, Flavio D. Garcia. 460-473 [doi]
• IoTFinder: Efficient Large-Scale Identification of IoT Devices via Passive DNS Traffic AnalysisRoberto Perdisci, Thomas Papastergiou, Omar Alrawi, Manos Antonakakis. 474-489 [doi]
• Generalized Iterative Bayesian Update and Applications to Mechanisms for Privacy ProtectionEhab ElSalamouny, Catuscia Palamidessi. 490-507 [doi]
• Membership Inference Against DNA Methylation DatabasesInken Hagestedt, Mathias Humbert, Pascal Berrang, Irina Lehmann, Roland Eils, Michael Backes 0001, Yang Zhang 0016. 509-520 [doi]
• A Pragmatic Approach to Membership Inferences on Machine Learning ModelsYunhui Long, Lei Wang, Diyue Bu, Vincent Bindschaedler, Xiaofeng Wang 0001, Haixu Tang, Carl A. Gunter, Kai Chen. 521-534 [doi]
• Chorus: a Programming Framework for Building Scalable Differential Privacy MechanismsNoah M. Johnson, Joseph P. Near, Joseph M. Hellerstein, Dawn Song. 535-551 [doi]
• Detecting Malware Injection with Program-DNS BehaviorYixin Sun, Kangkook Jee, Suphannee Sivakorn, Zhichun Li, Cristian Lumezanu, Lauri Korts-Pärn, Zhenyu Wu, Junghwan Rhee, Chung Hwan Kim, Mung Chiang, Prateek Mittal. 552-568 [doi]
• SecurePay: Strengthening Two-Factor Authentication for Arbitrary TransactionsRadhesh Krishnan Konoth, Björn Fischer, Wan J. Fokkink, Elias Athanasopoulos, Kaveh Razavi, Herbert Bos. 569-586 [doi]
• PESTO: Proactively Secure Distributed Single Sign-On, or How to Trust a Hacked ServerCarsten Baum, Tore Kasper Frederiksen, Julia Hesse, Anja Lehmann, Avishay Yanai. 587-606 [doi]
• COMAR: Classification of Compromised versus Maliciously Registered DomainsSourena Maroofi, Maciej Korczynski, Cristian Hesselman, Benoît Ampeau, Andrzej Duda. 607-623 [doi]
• SoK: Delegation and Revocation, the Missing Links in the Web's Chain of TrustLaurent Chuat, AbdelRahman Abdou, Ralf Sasse, Christoph Sprenger 0001, David A. Basin, Adrian Perrig. 624-638 [doi]