Table of Contents

• IO-DSSE: Scaling Dynamic Searchable Encryption to Millions of Indexes By Improving LocalityIan Miers, Payman Mohassel. [doi]
• A Call to ARMs: Understanding the Costs and Benefits of JIT Spraying MitigationsWilson Lian, Hovav Shacham, Stefan Savage. [doi]
• Dachshund: Digging for and Securing (Non-)Blinded Constants in JIT CodeGiorgi Maisuradze, Michael Backes 0001, Christian Rossow. [doi]
• Cracking Android Pattern Lock in Five AttemptsGuixin Ye, Zhanyong Tang, Dingyi Fang, XiaoJiang Chen, Kwang In Kim, Ben Taylor, Zheng Wang 0001. [doi]
• Dial One for Scam: A Large-Scale Analysis of Technical Support ScamsNajmeh Miramirkhani, Oleksii Starov, Nick Nikiforakis. [doi]
• Constant Round Maliciously Secure 2PC with Function-independent Preprocessing using LEGOJesper Buus Nielsen, Thomas Schneider 0003, Roberto Trifiletti. [doi]
• Automated Analysis of Privacy Requirements for Mobile AppsSebastian Zimmeck, Ziqi Wang, Lieyong Zou, Roger Iyengar, Bin Liu 0017, Florian Shaub, Shomir Wilson, Norman M. Sadeh, Steven M. Bellovin, Joel R. Reidenberg. [doi]
• Dark Hazard: Learning-based, Large-Scale Discovery of Hidden Sensitive Operations in Android AppsXiaorui Pan, Xueqiang Wang, Yue Duan, Xiaofeng Wang, Heng Yin. [doi]
• A Broad View of the Ecosystem of Socially Engineered Exploit DocumentsStevens Le-Blond, Cédric Gilbert, Utkarsh Upadhyay, Manuel Gomez-Rodriguez, David R. Choffnes. [doi]
• On the Safety and Efficiency of Virtual Firewall Elasticity ControlJuan Deng, Hongda Li, Hongxin Hu, Kuang-Ching Wang, Gail-Joon Ahn, Ziming Zhao, Wonkyu Han. [doi]
• An Evil Copy: How the Loader Betrays YouXinyang Ge, Mathias Payer, Trent Jaeger. [doi]
• Obfuscation-Resilient Privacy Leak Detection for Mobile Apps Through Differential AnalysisAndrea Continella, Yanick Fratantonio, Martina Lindorfer, Alessandro Puccetti, Ali Zand, Christopher Kruegel, Giovanni Vigna. [doi]
• ASLR on the Line: Practical Cache Attacks on the MMUBen Gras, Kaveh Razavi, Erik Bosman, Herbert Box, Cristiano Giuffrida. [doi]
• Unleashing Use-Before-Initialization Vulnerabilities in the Linux Kernel Using Targeted Stack SprayingKangjie Lu, Marie-Therese Walter, David Pfaff, Stefan Nümberger, Wenke Lee, Michael Backes 0001. [doi]
• PT-Rand: Practical Mitigation of Data-only Attacks against Page TablesLucas Davi, David Gens, Christopher Liebchen, Ahmad-Reza Sadeghi. [doi]
• Dynamic Virtual Address Range Adjustment for Intra-Level Privilege Separation on ARMYeongpil Cho, Donghyun Kwon, Hayoon Yi, Yunheung Paek. [doi]
• Measuring small subgroup attacks against Diffie-HellmanLuke Valenta, David Adrian, Antonio Sanso, Shaanan Cohney, Joshua Fried, Marcella Hastings, J. Alex Halderman, Nadia Heninger. [doi]
• Thou Shalt Not Depend on Me: Analysing the Use of Outdated JavaScript Libraries on the WebTobias Lauinger, Abdelberi Chaabane, Sajjad Arshad, William Robertson 0002, Christo Wilson, Engin Kirda. [doi]
• PSI: Precise Security Instrumentation for Enterprise NetworksTianlong Yu, Seyed Kaveh Fayaz, Michael P. Collins, Vyas Sekar, Srinivasan Seshan. [doi]
• Hey, My Malware Knows Physics! Attacking PLCs with Physical Model Aware RootkitLuis Garcia, Ferdinand Brasser, Mehmet Hazar Cintuglu, Ahmad-Reza Sadeghi, Osama A. Mohammed, Saman A. Zonouz. [doi]
• Indiscreet Logs: Diffie-Hellman Backdoors in TLSKristen Dorey, Nicholas Chang-Fong, Aleksander Essex. [doi]
• ContexloT: Towards Providing Contextual Integrity to Appified IoT PlatformsYunhan Jack Jia, Qi Alfred Chen, Shiqi Wang, Amir Rahmati, Earlence Fernandes, Zhuoqing Morley Mao, Atul Prakash. [doi]
• Broken Hearted: How To Attack ECG BiometricsSimon Eberz, Nicola Paoletti, Marc Roeschlin, Andrea Patané, Marta Kwiatkowska, Ivan Martinovic. [doi]
• Fake Co-visitation Injection Attacks to Recommender SystemsGuolei Yang, Neil Zhenqiang Gong, Ying Cai. [doi]
• Avoiding The Man on the Wire: Improving Tor's Security with Trust-Aware Path SelectionAaron Johnson, Rob Jansen, Aaron D. Jaggard, Joan Feigenbaum, Paul Syverson. [doi]
• The Security Impact of HTTPS InterceptionZakir Durumeric, Zane Ma, Drew Springall, Richard Barnes, Nick Sullivan, Elie Bursztein, Michael Bailey, J. Alex Halderman, Vern Paxson. [doi]
• (Cross-)Browser Fingerprinting via OS and Hardware Level FeaturesYinzhi Cao, Song Li, Erik Wijmans. [doi]
• Safelnit: Comprehensive and Practical Mitigation of Uninitialized Read VulnerabilitiesAlyssa Milburn, Herbert Bos, Cristiano Giuffrida. [doi]
• Dynamic Differential Location Privacy with Personalized Error BoundsLei Yu, Ling Liu 0001, Calton Pu. [doi]
• MaMaDroid: Detecting Android Malware by Building Markov Chains of Behavioral ModelsEnrico Mariconti, Lucky Onwuzurike, Panagiotis Andriotis, Emiliano De Cristofaro, Gordon J. Ross, Gianluca Stringhini. [doi]
• Deconstructing XenLe Shi, Yuming Wu, Yubin Xia, Nathan Dautenhahn, Haibo Chen, Binyu Zang, Jinming Li. [doi]
• Towards Implicit Visual Memory-Based AuthenticationClaude Castelluccia, Markus Dürmuth, Maximilian Golla, Fatma Deniz. [doi]
• Catching Worms, Trojan Horses and PUPs: Unsupervised Detection of Silent Delivery CampaignsBum Jun Kwon, Virinshi Srinivas, Amol Deshpande, Tudor Dumitras. [doi]
• SilentWhispers: Enforcing Security and Privacy in Decentralized Credit NetworksGiulio Malavolta, Pedro Moreno-Sanchez, Aniket Kate, Matteo Maffei. [doi]
• The Effect of DNS on Tor's AnonymityBenjamin Greschbach, Tobias Pulls, Laura M. Roberts, Phillip Winter, Nick Feamster. [doi]
• A Large-scale Analysis of the Mnemonic Password AdviceJohannes Kiesel, Benno Stein, Stefan Lucks. [doi]
• Automated Synthesis of Semantic Malware Signatures using Maximum SatisfiabilityYu Feng, Osbert Bastani, Ruben Martins, Isil Dillig, Saswat Anand. [doi]
• Stack Object Protection with Low Fat PointersGregory J. Duck, Roland H. C. Yap, Lorenzo Cavallaro. [doi]
• Using Fully Homomorphic Encryption for Statistical Analysis of Categorical, Ordinal and Numerical DataWenjie Lu, Shohei Kawasaki, Jun Sakuma. [doi]
• TenantGuard: Scalable Runtime Verification of Cloud-Wide VM-Level Network IsolationYushun Wang, Taous Madi, Suryadipta Majumdar, Yosr Jarraya, Amir Alimohammadifar, Makan Pourzandi, Lingyu Wang 0001, Mourad Debbabi. [doi]
• Dissecting Tor Bridges: A Security Evaluation of their Private and Public InfrastructuresSrdjan Matic, Carmela Troncoso, Juan Caballero. [doi]
• ObliviSync: Practical Oblivious File Backup and SynchronizationAdam J. Aviv, Seung Geol Choi, Travis Mayberry, Daniel S. Roche. [doi]
• Pushing the Communication Barrier in Secure Computation using Lookup TablesGhada Dessouky, Farinaz Koushanfar, Ahmad-Reza Sadeghi, Thomas Schneider 0003, Shaza Zeitouni, Michael Zohner. [doi]
• Ramblr: Making Reassembly Great AgainRuoyu Wang, Yan Shoshitaishvili, Antonio Bianchi, Aravind Machiry, John Grosen, Paul Grosen, Christopher Kruegel, Giovanni Vigna. [doi]
• Hello from the Other Side: SSH over Robust Cache Covert Channels in the CloudClémentine Maurice, Manuel Weber, Michael Schwarz 0001, Lukas Giner, Daniel Gruss, Carlo Alberto Boano, Stefan Mangard, Kay Römer. [doi]
• BOOMERANG: Exploiting the Semantic Gap in Trusted Execution EnvironmentsAravind Machiry, Eric Gustafson, Chad Spensky, Christopher Salls, Nick Stephens, Ruoyu Wang, Antonio Bianchi, Yung Ryn Choe, Christopher Kruegel, Giovanni Vigna. [doi]
• Self Destructing Exploit Executions via Input PerturbationYonghwi Kwon, Brendan Saltaformaggio, I Luk Kim, Kyu Hyung Lee, Xiangyu Zhang, Dongyan Xu. [doi]
• TumbleBit: An Untrusted Bitcoin-Compatible Anonymous Payment HubEthan Heilman, Leen Alshenibr, Foteini Baldimtsi, Alessandra Scafuro, Sharon Goldberg. [doi]
• HOP: Hardware makes Obfuscation PracticalKartik Nayak, Christopher W. Fletcher, Ling Ren 0001, Nishanth Chandran, Satya V. Lokam, Elaine Shi, Vipal Goyal. [doi]
• Fast Actively Secure OT Extension for Short SecretsArpita Patra, Pratik Sarkar, Ajith Suresh. [doi]
• VUzzer: Application-aware Evolutionary FuzzingSanjay Rawat 0001, Vivek Jain, Ashish Kumar, Lucian Cojocar, Cristiano Giuffrida, Herbert Bos. [doi]
• T-SGX: Eradicating Controlled-Channel Attacks Against Enclave ProgramsMing-Wei Shih, Sangho Lee 0001, Taesoo Kim, Marcus Peinado. [doi]
• Show Me the Money! Finding Flawed Implementations of Third-party In-app Payment in Android AppsWenbo Yang, Yuanyuan Zhang, Juanru Li, Hui Liu, Qing Wang, Yueheng Zhang, Dawu Gu. [doi]
• KEH-Gait: Towards a Mobile Healthcare User Authentication System by Kinetic Energy HarvestingWeitao Xu, Guohao Lan, Qi Lin, Sara Khalifa, Neil Bergmann, Mahbub Hassan, Wen Hu. [doi]
• SGX-Shield: Enabling Address Space Layout Randomization for SGX ProgramsJaebaek Seo, Byoungyoung Lee, Seong-Min Kim, Ming-Wei Shih, Insik Shin, Dongsu Han, Taesoo Kim. [doi]
• DELTA: A Security Assessment Framework for Software-Defined NetworksSeungsoo Lee, Changhoon Yoon, Chanhee Lee, Seungwon Shin, Vinod Yegneswaran, Phillip A. Porras. [doi]
• Address Oblivious Code Reuse: On the Effectiveness of Leakage Resilient DiversityRobert Rudd, Richard Skowyra, David Bigelow, Veer Dedhia, Thomas Hobson, Stephen Crane, Christopher Liebchen, Per Larsen, Lucas Davi, Michael Franz, Ahmad-Reza Sadeghi, Hamed Okhravi. [doi]
• MARX: Uncovering Class Hierarchies in C++ ProgramsAndre Pawlowski, Moritz Contag, Victor van der Veen, Chris Ouwehand, Thorsten Holz, Herbert Bos, Elias Athanasopoulos, Cristiano Giuffrida. [doi]
• FBS-Radar: Uncovering Fake Base Stations at Scale in the WildZhenhua Li, Weiwei Wang 0002, Christo Wilson, Jian Chen, Chen Qian 0001, Taeho Jung, Lan Zhang, Kebin Liu, Xiangyang Li 0001, Yunhao Liu. [doi]
• Are We There Yet? On RPKI's Deployment and SecurityYossi Gilad, Avichai Cohen, Amir Herzberg, Michael Schapira, Haya Shulman. [doi]
• Enabling Reconstruction of Attacks on Users via Efficient Browsing SnapshotsPhani Vadrevu, Jienan Liu, Bo Li, Babak Rahbarinia, Kyu Hyung Lee, Roberto Perdisci. [doi]
• P2P Mixing and Unlinkable Bitcoin TransactionsTim Ruffing, Pedro Moreno-Sanchez, Aniket Kate. [doi]
• WireGuard: Next Generation Kernel Network TunnelJason A. Donenfeld. [doi]
• Panoply: Low-TCB Linux Applications With SGX EnclavesShweta Shinde, Dat Le Tien, Shruti Tople, Prateek Saxena. [doi]
• Internet-scale Probing of CPS: Inference, Characterization and Orchestration AnalysisClaude Fachkha, Elias Bou-Harb, Anastasis Keliris, Nasir D. Memon, Mustaque Ahamad. [doi]
• Wi-Fly?: Detecting Privacy Invasion Attacks by Consumer DronesSimon Birnbach, Richard Baker, Ivan Martinovic. [doi]
• HisTorε: Differentially Private and Robust Statistics Collection for TorAkshaya Mani, Micah Sherr. [doi]
• WindowGuard: Systematic Protection of GUI Security in AndroidChuangang Ren, Peng Liu 0005, Sencun Zhu. [doi]