Table of Contents

• Transcript Collision Attacks: Breaking Authentication in TLS, IKE and SSHKarthikeyan Bhargavan, Gaëtan Leurent. [doi]
• When a Tree Falls: Using Diversity in Ensemble Classifiers to Identify Evasion in Malware DetectorsCharles Smutz, Angelos Stavrou. [doi]
• LinkMirage: Enabling Privacy-preserving Analytics on Social RelationshipsChangchang Liu, Prateek Mittal. [doi]
• TLS in the Wild: An Internet-wide Analysis of TLS-based Protocols for Electronic CommunicationRalph Holz, Johanna Amann, Olivier Mehani, Mohamed Ali Kâafar, Matthias Wachs. [doi]
• Towards Automated Dynamic Analysis for Linux-based Embedded FirmwareDaming D. Chen, Maverick Woo, David Brumley, Manuel Egele. [doi]
• Who Are You? A Statistical Approach to Measuring User AuthenticityDavid Freeman 0001, Sakshi Jain, Markus Dürmuth, Battista Biggio, Giorgio Giacinto. [doi]
• Enabling Client-Side Crash-Resistance to Overcome Diversification and Information HidingRobert Gawlik, Benjamin Kollenda, Philipp Koppe, Behrad Garmany, Thorsten Holz. [doi]
• Forwarding-Loop Attacks in Content Delivery NetworksJianjun Chen, Xiaofeng Zheng, Hai-Xin Duan, Jinjin Liang, Jian Jiang, Kang Li, Tao Wan, Vern Paxson. [doi]
• Automatic Forgery of Cryptographically Consistent Messages to Identify Security Vulnerabilities in Mobile ServicesChaoshun Zuo, Wubing Wang, Zhiqiang Lin, Rui Wang. [doi]
• Privacy-Preserving Shortest Path ComputationDavid J. Wu, Joe Zimmerman, Jérémy Planul, John C. Mitchell. [doi]
• Efficient Private Statistics with Succinct SketchesLuca Melis, George Danezis, Emiliano De Cristofaro. [doi]
• Kratos: Discovering Inconsistent Security Policy Enforcement in the Android FrameworkYuru Shao, Qi Alfred Chen, Zhuoqing Morley Mao, Jason Ott, Zhiyun Qian. [doi]
• Life after App Uninstallation: Are the Data Still Alive? Data Residue Attacks on AndroidXiao Zhang, Kailiang Ying, Yousra Aafer, Zhenshen Qiu, Wenliang Du. [doi]
• Measuring and Mitigating AS-level Adversaries Against TorRishab Nithyanand, Oleksii Starov, Phillipa Gill, Adva Zair, Michael Schapira. [doi]
• Automatically Evading Classifiers: A Case Study on PDF Malware ClassifiersWeilin Xu, Yanjun Qi, David Evans. [doi]
• VTrust: Regaining Trust on Virtual CallsChao Zhang, Dawn Song, Scott A. Carr, Mathias Payer, Tongxin Li, Yu Ding, Chengyu Song. [doi]
• Protecting C++ Dynamic Dispatch Through VTable InterleavingDimitar Bounov, Rami Gökhan Kici, Sorin Lerner. [doi]
• Going Native: Using a Large-Scale Analysis of Android Apps to Create a Practical Native-Code Sandboxing PolicyVitor Monte Afonso, Paulo L. de Geus, Antonio Bianchi, Yanick Fratantonio, Christopher Kruegel, Giovanni Vigna, Adam Doupé, Mario Polino. [doi]
• OpenSGX: An Open Platform for SGX ResearchPrerit Jain, Soham Jayesh Desai, Ming-Wei Shih, Taesoo Kim, Seong-Min Kim, Jae-Hyuk Lee, Changho Choi, Youjung Shin, Brent ByungHoon Kang, Dongsu Han. [doi]
• Do You See What I See? Differential Treatment of Anonymous UsersSheharbano Khattak, David Fifield, Sadia Afroz, Mobin Javed, Srikanth Sundaresan, Damon McCoy, Vern Paxson, Steven J. Murdoch. [doi]
• Killed by Proxy: Analyzing Client-end TLS InterceXavier de Carné de Carnavalet, Mohammad Mannan. [doi]
• Enforcing Kernel Security Invariants with Data Flow IntegrityChengyu Song, Byoungyoung Lee, Kangjie Lu, William Harris, Taesoo Kim, Wenke Lee. [doi]
• Differentially Private Password Frequency ListsJeremiah Blocki, Anupam Datta, Joseph Bonneau. [doi]
• FLEXDROID: Enforcing In-App Privilege Separation in AndroidJaebaek Seo, Daehyeok Kim, Donghyun Cho, Insik Shin, Taesoo Kim. [doi]
• Driller: Augmenting Fuzzing Through Selective Symbolic ExecutionNick Stephens, John Grosen, Christopher Salls, Andrew Dutcher, Ruoyu Wang, Jacopo Corbetta, Yan Shoshitaishvili, Christopher Kruegel, Giovanni Vigna. [doi]
• Leakage-Resilient Layout Randomization for Mobile DevicesKjell Braden, Lucas Davi, Christopher Liebchen, Ahmad-Reza Sadeghi, Stephen Crane, Michael Franz, Per Larsen. [doi]
• Don't Forget to Lock the Back Door! A Characterization of IPv6 Network Security PolicyJakub Czyz, Matthew J. Luckie, Mark Allman, Michael Bailey. [doi]
• Free for All! Assessing User Data Exposure to Advertising Libraries on AndroidSoteris Demetriou, Whitney Merrill, Wei Yang, Aston Zhang, Carl A. Gunter. [doi]
• Centrally Banked CryptocurrenciesGeorge Danezis, Sarah Meiklejohn. [doi]
• Website Fingerprinting at Internet ScaleAndriy Panchenko, Fabian Lanze, Jan Pennekamp, Thomas Engel, Andreas Zinnen, Martin Henze, Klaus Wehrle. [doi]
• Tracking Mobile Web Users Through Motion Sensors: Attacks and DefensesAnupam Das, Nikita Borisov, Matthew Caesar. [doi]
• Enabling Practical Software-defined Networking Security Applications with OFXJohn Sonchack, Jonathan M. Smith, Adam J. Aviv, Eric Keller. [doi]
• : SIBRA: Scalable Internet Bandwidth Reservation ArchitectureCristina Basescu, Raphael M. Reischuk, Pawel Szalachowski, Adrian Perrig, Yao Zhang, Hsu-Chun Hsiao, Ayumu Kubota, Jumpei Urakawa. [doi]
• IntelliDroid: A Targeted Input Generator for the Dynamic Analysis of Android MalwareMichelle Y. Wong, David Lie. [doi]
• Extract Me If You Can: Abusing PDF Parsers in Malware DetectorsCurtis Carmony, Xunchao Hu, Heng Yin, Abhishek Vasisht Bhaskar, Mu Zhang. [doi]
• ProTracer: Towards Practical Provenance Tracing by Alternating Between Logging and TaintingShiQing Ma, Xiangyu Zhang, Dongyan Xu. [doi]
• Attack Patterns for Black-Box Security Testing of Multi-Party Web ApplicationsAvinash Sudhodanan, Alessandro Armando, Roberto Carbone, Luca Compagna. [doi]
• The Price of Free: Privacy Leakage in Personalized Mobile In-Apps AdsWei Meng, Ren Ding, Simon P. Chung, Steven Han, Wenke Lee. [doi]
• Towards SDN-Defined Programmable BYOD (Bring Your Own Device) SecuritySungmin Hong, Robert Baykov, Lei Xu, Srinath Nadimpalli, Guofei Gu. [doi]
• CDN-on-Demand: An affordable DDoS Defense via Untrusted CloudsYossi Gilad, Amir Herzberg, Michael Sudkovitch, Michael Goberman. [doi]
• Are these Ads Safe: Detecting Hidden Attacks through the Mobile App-Web InterfacesVaibhav Rastogi, Rui Shao, Yan Chen, Xiang Pan, Shihong Zou, Ryan Riley. [doi]
• It's Free for a Reason: Exploring the Ecosystem of Free Live Streaming ServicesM. Zubair Rafique, Tom van Goethem, Wouter Joosen, Christophe Huygens, Nick Nikiforakis. [doi]
• Cache, Trigger, Impersonate: Enabling Context-Sensitive Honeyclient Analysis On-the-WireTeryl Taylor, Kevin Z. Snow, Nathan Otterness, Fabian Monrose. [doi]
• Practical Attacks Against Privacy and Availability in 4G/LTE Mobile Communication SystemsAltaf Shaik, Jean-Pierre Seifert, Ravishankar Borgaonkar, N. Asokan, Valtteri Niemi. [doi]
• What Mobile Ads Know About Mobile UsersSooel Son, Daehyeok Kim, Vitaly Shmatikov. [doi]
• SPIFFY: Inducing Cost-Detectability Tradeoffs for Persistent Link-Flooding AttacksMin-Suk Kang, Virgil D. Gligor, Vyas Sekar. [doi]
• Dependence Makes You Vulnberable: Differential Privacy Under Dependent TuplesChangchang Liu, Prateek Mittal, Supriyo Chakraborty. [doi]
• You are a Game Bot!: Uncovering Game Bots in MMORPGs via Self-similarity in the WildEunjo Lee, Jiyoung Woo, Hyoungshick Kim, Aziz Mohaisen, Huy Kang Kim. [doi]
• Harvesting Runtime Values in Android Applications That Feature Anti-Analysis TechniquesSiegfried Rasthofer, Steven Arzt, Marc Miltenberger, Eric Bodden. [doi]
• SKEE: A lightweight Secure Kernel-level Execution Environment for ARMAhmed M. Azab, Kirk Swidowski, Rohan Bhutkar, Jia Ma, Wenbo Shen, Ruowen Wang, Peng Ning. [doi]
• discovRE: Efficient Cross-Architecture Identification of Bugs in Binary CodeSebastian Eschweiler, Khaled Yakdan, Elmar Gerhards-Padilla. [doi]
• Who's in Control of Your Control System? Device Fingerprinting for Cyber-Physical SystemsDavid Formby, Preethi Srinivasan, Andrew Leonard, Jonathan Rogers, Raheem A. Beyah. [doi]
• LO-PHI: Low-Observable Physical Host Instrumentation for Malware AnalysisChad Spensky, Hongyi Hu, Kevin Leach. [doi]
• Attacking the Network Time ProtocolAanchal Malhotra, Isaac E. Cohen, Erik Brakke, Sharon Goldberg. [doi]
• Pitfalls in Designing Zero-Effort Deauthentication: Opportunistic Human Observation AttacksOtto Huhta, Swapnil Udar, Mika Juuti, Prakash Shrestha, Nitesh Saxena, N. Asokan. [doi]
• How to Make ASLR Win the Clone Wars: Runtime Re-RandomizationKangjie Lu, Wenke Lee, Stefan Nürnberger, Michael Backes 0001. [doi]
• Equihash: Asymmetric Proof-of-Work Based on the Generalized Birthday ProblemAlex Biryukov, Dmitry Khovratovich. [doi]
• CrossFire: An Analysis of Firefox Extension-Reuse VulnerabilitiesAhmet Salih Buyukkayhan, Kaan Onarlioglu, William K. Robertson, Engin Kirda. [doi]
• Keynote: On Subverting TrustMatthew D. Green. [doi]
• A Simple Generic Attack on Text CaptchasHaichang Gao, Jeff Yan, Fang Cao, Zhengya Zhang, Lei Lei, Mengyun Tang, Ping Zhang, Xin Zhou, Xuqin Wang, Jiawei Li. [doi]
• VISIBLE: Video-Assisted Keystroke Inference from Tablet Backside MotionJingchao Sun, Xiaocong Jin, Yimin Chen, Jinxue Zhang, Yanchao Zhang, Rui Zhang 0007. [doi]