Table of Contents

• Mind Your Keys? A Security Evaluation of Java KeystoresRiccardo Focardi, Francesco Palmarini, Marco Squarcina, Graham Steel, Mauro Tempesta. [doi]
• Veil: Private Browsing Semantics Without Browser-side AssistanceFrank Wang, James Mickens, Nickolai Zeldovich. [doi]
• JSgraph: Enabling Reconstruction of Web Attacks via Efficient Tracking of Live In-Browser JavaScript ExecutionsBo Li, Phani Vadrevu, Kyu Hyung Lee, Roberto Perdisci. [doi]
• AceDroid: Normalizing Diverse Android Access Control Checks for Inconsistency DetectionYousra Aafer, JianJun Huang, Yi Sun, Xiangyu Zhang 0001, Ninghui Li, Chen Tian. [doi]
• Measuring and Disrupting Anti-Adblockers Using Differential Execution AnalysisShitong Zhu, Xunchao Hu, Zhiyun Qian, Zubair Shafiq, Heng Yin. [doi]
• Securing Real-Time Microcontroller Systems through Customized Memory View SwitchingChung Hwan Kim, TaeGyu Kim, Hongjun Choi, Zhongshu Gu, Byoungyoung Lee, Xiangyu Zhang 0001, Dongyan Xu. [doi]
• Preventing (Network) Time Travel with ChronosOmer Deutsch, Neta Rozen Schiff, Danny Dolev, Michael Schapira. [doi]
• Face Flashing: a Secure Liveness Detection Protocol based on Light ReflectionsDi Tang, Zhe Zhou, Yinqian Zhang, Kehuan Zhang. [doi]
• Broken Fingers: On the Usage of the Fingerprint API in AndroidAntonio Bianchi, Yanick Fratantonio, Aravind Machiry, Christopher Kruegel, Giovanni Vigna, Simon Pak Ho Chung, Wenke Lee. [doi]
• A Security Analysis of HoneywordsDing Wang 0002, Haibo Cheng, Ping Wang 0003, Jeff Yan, Xinyi Huang. [doi]
• Knock Knock, Who's There? Membership Inference on Aggregate Location DataApostolos Pyrgelis, Carmela Troncoso, Emiliano De Cristofaro. [doi]
• Bug Fixes, Improvements, ... and Privacy Leaks - A Longitudinal Study of PII Leaks Across Android App VersionsJingjing Ren, Martina Lindorfer, Daniel J. Dubois, Ashwin Rao, David R. Choffnes, Narseo Vallina-Rodriguez. [doi]
• LTEInspector: A Systematic Approach for Adversarial Testing of 4G LTESyed Rafiul Hussain, Omar Chowdhury, Shagufta Mehnaz, Elisa Bertino. [doi]
• Feature Squeezing: Detecting Adversarial Examples in Deep Neural NetworksWeilin Xu, David Evans 0001, Yanjun Qi. [doi]
• rtCaptcha: A Real-Time CAPTCHA Based Liveness Detection SystemErkam Uzun, Simon Pak Ho Chung, Irfan Essa, Wenke Lee. [doi]
• Smoke Screener or Straight Shooter: Detecting Elite Sybil Attacks in User-Review Social NetworksHaizhong Zheng, Minhui Xue, Hao Lu, Shuang Hao, Haojin Zhu, Xiaohui Liang, Keith W. Ross. [doi]
• Cloud Strife: Mitigating the Security Risks of Domain-Validated CertificatesKevin Borgolte, Tobias Fiebig, Shuang Hao, Christopher Kruegel, Giovanni Vigna. [doi]
• Fear and Logging in the Internet of ThingsQi Wang, Wajih Ul Hassan, Adam M. Bates, Carl A. Gunter. [doi]
• Tipped Off by Your Memory Allocator: Device-Wide User Activity Sequencing from Android Memory ImagesRohit Bhatia, Brendan Saltaformaggio, Seung-Jei Yang, Aisha I. Ali-Gombe, Xiangyu Zhang 0001, Dongyan Xu, Golden G. Richard III. [doi]
• Finding Clues for Your Secrets: Semantics-Driven, Learning-Based Privacy Discovery in Mobile AppsYuhong Nan, Zhemin Yang, Xiaofeng Wang 0006, Yuan Zhang, Donglai Zhu, Min Yang 0002. [doi]
• Decentralized Action Integrity for Trigger-Action IoT PlatformsEarlence Fernandes, Amir Rahmati, Jaeyeon Jung, Atul Prakash. [doi]
• Exposing Congestion Attack on Emerging Connected Vehicle based Traffic Signal ControlQi Alfred Chen, Yucheng Yin, Yiheng Feng, Z. Morley Mao, Henry X. Liu. [doi]
• GUTI Reallocation Demystified: Cellular Location Tracking with Changing Temporary IdentifierByeongdo Hong, Sangwook Bae, Yongdae Kim. [doi]
• JavaScript Zero: Real JavaScript and Zero Side-Channel AttacksMichael Schwarz 0001, Moritz Lipp, Daniel Gruss. [doi]
• Revisiting Private Stream Aggregation: Lattice-Based PSADaniela Becker, Jorge Guajardo, Karl-Heinz Zimmermann. [doi]
• Trojaning Attack on Neural NetworksYingqi Liu, ShiQing Ma, Yousra Aafer, Wen-Chuan Lee, Juan Zhai, Weihang Wang, Xiangyu Zhang 0001. [doi]
• Back To The Epilogue: Evading Control Flow Guard via Unaligned TargetsAndrea Biondo, Mauro Conti, Daniele Lain. [doi]
• VulDeePecker: A Deep Learning-Based System for Vulnerability DetectionZhen Li, Deqing Zou, Shouhuai Xu, Xinyu Ou, Hai Jin 0001, Sujuan Wang, Zhijun Deng, Yuyi Zhong. [doi]
• Towards a Timely Causality Analysis for Enterprise SecurityYushan Liu, Mu Zhang, Ding Li, Kangkook Jee, Zhichun Li, Zhenyu Wu, Junghwan Rhee, Prateek Mittal. [doi]
• InstaGuard: Instantly Deployable Hot-patches for Vulnerable System Programs on AndroidYaohui Chen, Yuping Li, Long Lu, Yueh-Hsun Lin, Hayawardh Vijayakumar, Zhi Wang, Xinming Ou. [doi]
• Towards Scalable Cluster Auditing through Grammatical Inference over Provenance GraphsWajih Ul Hassan, Mark Lemay, Nuraini Aguse, Adam M. Bates, Thomas Moyer. [doi]
• Inside Job: Applying Traffic Analysis to Measure Tor from WithinRob Jansen, Marc Juárez, Rafa Galvez, Tariq Elahi, Claudia Díaz. [doi]
• OBLIVIATE: A Data Oblivious Filesystem for Intel SGXAdil Ahmad, Kyungtae Kim, Muhammad Ihsanulhaq Sarfaraz, Byoungyoung Lee. [doi]
• Enhancing Memory Error Detection for Large-Scale Applications and Fuzz TestingWookhyun Han, Byunggill Joe, Byoungyoung Lee, Chengyu Song, Insik Shin. [doi]
• Microarchitectural Minefields: 4K-Aliasing Covert Channel and Multi-Tenant Detection in Iaas CloudsDean Sullivan, Orlando Arias, Travis Meade, Yier Jin. [doi]
• CFIXX: Object Type Integrity for C++Nathan Burow, Derrick McKee, Scott A. Carr, Mathias Payer. [doi]
• MCI : Modeling-based Causality Inference in Audit Logging for Attack InvestigationYonghwi Kwon, Fei Wang 0001, Weihang Wang, Kyu Hyung Lee, Wen-Chuan Lee, ShiQing Ma, Xiangyu Zhang 0001, Dongyan Xu, Somesh Jha, Gabriela F. Ciocarlie, Ashish Gehani, Vinod Yegneswaran. [doi]
• Automated Generation of Event-Oriented Exploits in Android Hybrid AppsGuangliang Yang, Jeff Huang 0001, Guofei Gu. [doi]
• What You Corrupt Is Not What You Crash: Challenges in Fuzzing Embedded DevicesMarius Muench, Jan Stijohann, Frank Kargl, Aurélien Francillon, Davide Balzarotti. [doi]
• Riding out DOMsday: Towards Detecting and Preventing DOM Cross-Site ScriptingWilliam Melicher, Anupam Das 0001, Mahmood Sharif, Lujo Bauer, Limin Jia. [doi]
• ZEUS: Analyzing Safety of Smart ContractsSukrit Kalra, Seep Goel, Mohan Dhawan, Subodh Sharma. [doi]
• OS-level Side Channels without Procfs: Exploring Cross-App Information Leakage on iOSXiaokuan Zhang, Xueqiang Wang, Xiaolong Bai, Yinqian Zhang, Xiaofeng Wang 0001. [doi]
• Chainspace: A Sharded Smart Contracts PlatformMustafa Al-Bassam, Alberto Sonnino, Shehar Bano, Dave Hrycyszyn, George Danezis. [doi]
• Resolving the Predicament of Android Custom PermissionsGüliz Seray Tuncay, Soteris Demetriou, Karan Ganju, Carl A. Gunter. [doi]
• TLS-N: Non-repudiation over TLS Enablign Ubiquitous Content SigningHubert Ritzdorf, Karl Wüst, Arthur Gervais, Guillaume Felley, Srdjan Capkun. [doi]
• SYNODE: Understanding and Automatically Preventing Injection Attacks on NODE.JSCristian-Alexandru Staicu, Michael Pradel, Benjamin Livshits. [doi]
• K-Miner: Uncovering Memory Corruption in LinuxDavid Gens, Simon Schmitt, Lucas Davi, Ahmad-Reza Sadeghi. [doi]
• Things You May Not Know About Android (Un)Packers: A Systematic Study based on Whole-System EmulationYue Duan, Mu Zhang, Abhishek Vasisht Bhaskar, Heng Yin, Xiaorui Pan, Tongxin Li, Xueqiang Wang, Xiaofeng Wang 0001. [doi]
• KeyDrown: Eliminating Software-Based Keystroke Timing Side-Channel AttacksMichael Schwarz 0001, Moritz Lipp, Daniel Gruss, Samuel Weiser, Clémentine Maurice, Raphael Spreitzer, Stefan Mangard. [doi]
• Device Pairing at the Touch of an ElectrodeMarc Roeschlin, Ivan Martinovic, Kasper Bonne Rasmussen. [doi]
• IoTFuzzer: Discovering Memory Corruptions in IoT Through App-based FuzzingJiongyi Chen, Wenrui Diao, Qingchuan Zhao, Chaoshun Zuo, Zhiqiang Lin, Xiaofeng Wang 0001, Wing Cheong Lau, Menghan Sun, Ronghai Yang, Kehuan Zhang. [doi]
• Removing Secrets from Android's TLSJaeho Lee, Dan S. Wallach. [doi]
• ABC: Enabling Smartphone Authentication with Built-in CameraZhongjie Ba, Sixu Piao, Xinwen Fu, Dimitrios Koutsonikolas, Aziz Mohaisen, Kui Ren 0001. [doi]
• Consensual and Privacy-Preserving Sharing of Multi-Subject and Interdependent DataAlexandra-Mihaela Olteanu, Kévin Huguenin, Italo Dacosta, Jean-Pierre Hubaux. [doi]
• Reduced Cooling Redundancy: A New Security Vulnerability in a Hot Data CenterXing Gao, Zhang Xu, Haining Wang, Li Li, Xiaorui Wang. [doi]
• Game of Missuggestions: Semantic Analysis of Search-Autocomplete ManipulationsPeng Wang, Xianghang Mi, Xiaojing Liao, Xiaofeng Wang 0001, Kan Yuan, Feng Qian, Raheem A. Beyah. [doi]
• Investigating Ad Transparency Mechanisms in Social Media: A Case Study of Facebooks ExplanationsAthanasios Andreou, Giridhari Venkatadri, Oana Goga, Krishna P. Gummadi, Patrick Loiseau, Alan Mislove. [doi]
• Apps, Trackers, Privacy, and Regulators: A Global Study of the Mobile Tracking EcosystemAbbas Razaghpanah, Rishab Nithyanand, Narseo Vallina-Rodriguez, Srikanth Sundaresan, Mark Allman, Christian Kreibich, Phillipa Gill. [doi]
• When Coding Style Survives Compilation: De-anonymizing Programmers from Executable BinariesAylin Caliskan, Fabian Yamaguchi, Edwin Dauber, Richard E. Harang, Konrad Rieck, Rachel Greenstadt, Arvind Narayanan. [doi]
• Settling Payments Fast and Private: Efficient Decentralized Routing for Path-Based TransactionsStefanie Roos, Pedro Moreno-Sanchez, Aniket Kate, Ian Goldberg. [doi]
• Didn't You Hear Me? - Towards More Successful Web Vulnerability NotificationsBen Stock, Giancarlo Pellegrino, Frank Li, Michael Backes 0001, Christian Rossow. [doi]
• BreakApp: Automated, Flexible Application CompartmentalizationNikos Vasilakis, Ben Karel, Nick Roessler, Nathan Dautenhahn, André DeHon, Jonathan M. Smith. [doi]
• K-means++ vs. Behavioral Biometrics: One Loop to Rule Them AllParimarjan Negi, Prafull Sharma, Vivek Jain, Bahman Bahmani. [doi]
• Automated Attack Discovery in TCP Congestion Control Using a Model-guided ApproachSamuel Jero, Md. Endadul Hoque, David R. Choffnes, Alan Mislove, Cristina Nita-Rotaru. [doi]
• Automated Website Fingerprinting through Deep LearningVera Rimmer, Davy Preuveneers, Marc Juárez, Tom van Goethem, Wouter Joosen. [doi]
• De-anonymization of Mobility Trajectories: Dissecting the Gaps between Theory and PracticeHuandong Wang, Chen Gao, Yong Li 0008, Gang Wang 0011, Depeng Jin, Jingbo Sun. [doi]
• A Large-scale Analysis of Content Modification by Open HTTP ProxiesGiorgos Tsirantonakis, Panagiotis Ilia, Sotiris Ioannidis, Elias Athanasopoulos, Michalis Polychronakis. [doi]
• Towards Measuring the Effectiveness of Telephony BlacklistsSharbani Pandit, Roberto Perdisci, Mustaque Ahamad, Payas Gupta. [doi]
• Superset Disassembly: Statically Rewriting x86 Binaries Without HeuristicsErick Bauman, Zhiqiang Lin, Kevin W. Hamlen. [doi]
• Kitsune: An Ensemble of Autoencoders for Online Network Intrusion DetectionYisroel Mirsky, Tomer Doitshman, Yuval Elovici, Asaf Shabtai. [doi]
• ZeroTrace : Oblivious Memory Primitives from Intel SGXSajin Sasy, Sergey Gorbunov, Christopher W. Fletcher. [doi]