Table of Contents

• Keynote: Modern Challenges for Cyber DefenseDeborah A. Frincke. [doi]
• BadBluetooth: Breaking Android Security Mechanisms via Malicious Bluetooth PeripheralsFenghao Xu, Wenrui Diao, Zhou Li, Jiongyi Chen, Kehuan Zhang. [doi]
• Latex Gloves: Protecting Browser Extensions from Probing and Revelation AttacksAlexander Sjösten, Steven Van Acker, Pablo Picazo-Sanchez, Andrei Sabelfeld. [doi]
• OBFUSCURO: A Commodity Obfuscation Engine on Intel SGXAdil Ahmad, Byunggill Joe, Yuan Xiao, Yinqian Zhang, Insik Shin, Byoungyoung Lee. [doi]
• Send Hardest Problems My Way: Probabilistic Path Prioritization for Hybrid FuzzingLei Zhao, Yue Duan, Heng Yin, Jifeng Xuan. [doi]
• DNS Cache-Based User TrackingAmit Klein, Benny Pinkas. [doi]
• Establishing Software Root of Trust UnconditionallyVirgil D. Gligor, Shan Leung Maverick Woo. [doi]
• Total Recall: Persistence of Passwords in AndroidJaeho Lee, Ang Chen, Dan S. Wallach. [doi]
• Profit: Detecting and Quantifying Side Channels in Networked ApplicationsNicolás Rosner, Ismet Burak Kadron, Lucas Bang, Tevfik Bultan. [doi]
• Don't Trust The Locals: Investigating the Prevalence of Persistent Client-Side Cross-Site Scripting in the WildMarius Steffens, Christian Rossow, Martin Johns, Ben Stock. [doi]
• Privacy Attacks to the 4G and 5G Cellular Paging Protocols Using Side Channel InformationSyed Rafiul Hussain, Mitziu Echeverria, Omar Chowdhury, Ninghui Li, Elisa Bertino. [doi]
• PeriScope: An Effective Probing and Fuzzing Framework for the Hardware-OS BoundaryDokyung Song, Felicitas Hetzelt, Dipanjan Das 0002, Chad Spensky, Yeoul Na, Stijn Volckaert, Giovanni Vigna, Christopher Kruegel, Jean-Pierre Seifert, Michael Franz. [doi]
• NIC: Detecting Adversarial Samples with Neural Network Invariant CheckingShiQing Ma, Yingqi Liu, Guanhong Tao, Wen-Chuan Lee, Xiangyu Zhang 0001. [doi]
• SANCTUARY: ARMing TrustZone with User-space EnclavesFerdinand Brasser, David Gens, Patrick Jauernig, Ahmad-Reza Sadeghi, Emmanuel Stapf. [doi]
• Digital Healthcare-Associated Infection: A Case Study on the Security of a Major Multi-Campus Hospital SystemLuis Vargas, Logan Blue, Vanessa Frost, Christopher Patton, Nolen Scaife, Kevin R. B. Butler, Patrick Traynor. [doi]
• Adversarial Attacks Against Automatic Speech Recognition Systems via Psychoacoustic HidingLea Schönherr, Katharina Kohls, Steffen Zeiler, Thorsten Holz, Dorothea Kolossa. [doi]
• A Systematic Framework to Generate Invariants for Anomaly Detection in Industrial Control SystemsCheng Feng 0004, Venkata Reddy Palleti, Aditya Mathur, Deeph Chana. [doi]
• On the Challenges of Geographical Avoidance for TorKatharina Kohls, Kai Jansen, David Rupprecht, Thorsten Holz, Christina Pöpper. [doi]
• Component-Based Formal Analysis of 5G-AKA: Channel Assumptions and Session ConfusionCas Cremers, Martin Dehnel-Wild. [doi]
• Geo-locating Drivers: A Study of Sensitive Data Leakage in Ride-Hailing ServicesQingchuan Zhao, Chaoshun Zuo, Giancarlo Pellegrino, Zhiqiang Lin. [doi]
• Coconut: Threshold Issuance Selective Disclosure Credentials with Applications to Distributed LedgersAlberto Sonnino, Mustafa Al-Bassam, Shehar Bano, Sarah Meiklejohn, George Danezis. [doi]
• Master of Web Puppets: Abusing Web Browsers for Persistent and Stealthy ComputationPanagiotis Papadopoulos, Panagiotis Ilia, Michalis Polychronakis, Evangelos P. Markatos, Sotiris Ioannidis, Giorgos Vasiliadis. [doi]
• How to End Password Reuse on the WebKe Coby Wang, Michael K. Reiter. [doi]
• Practical Hidden Voice Attacks against Speech and Speaker Recognition SystemsHadi Abdullah, Washington Garcia, Christian Peeters, Patrick Traynor, Kevin R. B. Butler, Joseph Wilson. [doi]
• SABRE: Protecting Bitcoin against Routing AttacksMaria Apostolaki, Gian Marti, Jan Müller, Laurent Vanbever. [doi]
• Automating Patching of Vulnerable Open-Source Software Versions in Application BinariesRuian Duan, Ashish Bijlani, Yang Ji, Omar Alrawi, Yiyuan Xiong, Moses Ike, Brendan Saltaformaggio, Wenke Lee. [doi]
• Analyzing Semantic Correctness with Symbolic Execution: A Case Study on PKCS#1 v1.5 Signature VerificationSze Yiu Chau, Moosa Yahyazadeh, Omar Chowdhury, Aniket Kate, Ninghui Li. [doi]
• Unveiling your keystrokes: A Cache-based Side-channel Attack on Graphics LibrariesDaimeng Wang, Ajaya Neupane, Zhiyun Qian, Nael B. Abu-Ghazaleh, Srikanth V. Krishnamurthy, Edward J. M. Colbert, Paul Yu. [doi]
• Cracking the Wall of Confinement: Understanding and Analyzing Malicious Domain Take-downsEihal Alowaisheq, Peng Wang, Sumayah A. Alrwais, Xiaojing Liao, Xiaofeng Wang 0001, Tasneem Alowaisheq, Xianghang Mi, Siyuan Tang, Baojun Liu. [doi]
• DroidCap: OS Support for Capability-based Permissions in AndroidAbdallah Dawoud, Sven Bugiel. [doi]
• Cleaning Up the Internet of Evil Things: Real-World Evidence on ISP and Consumer Efforts to Remove MiraiOrçun Çetin, Carlos Gañán, Lisette Altena, Takahiro Kasama, Daisuke Inoue, Kazuki Tamiya, Ying Tie, Katsunari Yoshioka, Michel van Eeten. [doi]
• Measuring the Facebook Advertising EcosystemAthanasios Andreou, Márcio Silva, Fabrício Benevenuto, Oana Goga, Patrick Loiseau, Alan Mislove. [doi]
• Mind Your Own Business: A Longitudinal Study of Threats and Vulnerabilities in EnterprisesPlaton Kotzias, Leyla Bilge, Pierre-Antoine Vervier, Juan Caballero. [doi]
• ConcurORAM: High-Throughput Stateless Parallel Multi-Client ORAMAnrin Chakraborti, Radu Sion. [doi]
• Measurement and Analysis of Hajime, a Peer-to-peer IoT BotnetStephen Herwig, Katura Harvey, George Hughey, Richard Roberts, Dave Levin. [doi]
• Nearby Threats: Reversing, Analyzing, and Attacking Google's 'Nearby Connections' on AndroidDaniele Antonioli, Nils Ole Tippenhauer, Kasper Bonne Rasmussen. [doi]
• Robust Performance Metrics for Authentication SystemsShridatt Sugrim, Can Liu, Meghan McLean, Janne Lindqvist. [doi]
• We Value Your Privacy ... Now Take Some Cookies: Measuring the GDPR's Impact on Web PrivacyMartin Degeling, Christine Utz, Christopher Lentzsch, Henry Hosseini, Florian Schaub, Thorsten Holz. [doi]
• Please Forget Where I Was Last Summer: The Privacy Risks of Public Location (Meta)DataKostas Drakonakis, Panagiotis Ilia, Sotiris Ioannidis, Jason Polakis. [doi]
• Fine-Grained and Controlled Rewriting in Blockchains: Chameleon-Hashing Gone Attribute-BasedDavid Derler, Kai Samelin, Daniel Slamanig, Christoph Striecks. [doi]
• NAUTILUS: Fishing for Deep Bugs with GrammarsCornelius Aschermann, Tommaso Frassetto, Thorsten Holz, Patrick Jauernig, Ahmad-Reza Sadeghi, Daniel Teuchert. [doi]
• Tranco: A Research-Oriented Top Sites Ranking Hardened Against ManipulationVictor Le Pochat, Tom van Goethem, Samaneh Tajalizadehkhoob, Maciej Korczynski, Wouter Joosen. [doi]
• CodeAlchemist: Semantics-Aware Code Generation to Find Vulnerabilities in JavaScript EnginesHyungseok Han, DongHyeon Oh, Sang Kil Cha. [doi]
• TIMBER-V: Tag-Isolated Memory Bringing Fine-grained Enclaves to RISC-VSamuel Weiser, Mario Werner, Ferdinand Brasser, Maja Malenko, Stefan Mangard, Ahmad-Reza Sadeghi. [doi]
• One Engine To Serve 'em All: Inferring Taint Rules Without Architectural SemanticsZheng-Leong Chua, Yanhao Wang, Teodora Baluta, Prateek Saxena, Zhenkai Liang, Purui Su. [doi]
• A Treasury System for Cryptocurrencies: Enabling Better Collaborative IntelligenceBingsheng Zhang, Roman Oliynykov, Hamed Balogun. [doi]
• ExSpectre: Hiding Malware in Speculative ExecutionJack Wampler, Ian Martiny, Eric Wustrow. [doi]
• MBeacon: Privacy-Preserving Beacons for DNA Methylation DataInken Hagestedt, Yang Zhang 0016, Mathias Humbert, Pascal Berrang, Haixu Tang, Xiaofeng Wang 0001, Michael Backes 0001. [doi]
• How Bad Can It Git? Characterizing Secret Leakage in Public GitHub RepositoriesMichael Meli, Matthew R. McNiece, Bradley Reaves. [doi]
• Time Does Not Heal All Wounds: A Longitudinal Analysis of Security-Mechanism Support in Mobile BrowsersMeng Luo, Pierre Laperdrix, Nima Honarmand, Nick Nikiforakis. [doi]
• DIAT: Data Integrity Attestation for Resilient Collaboration of Autonomous SystemsTigist Abera, Raad Bahmani, Ferdinand Brasser, Ahmad Ibrahim 0002, Ahmad-Reza Sadeghi, Matthias Schunter. [doi]
• RFDIDS: Radio Frequency-based Distributed Intrusion Detection System for the Power GridTohid Shekari, Christian Bayens, Morris Cohen, Lukas Graber, Raheem Beyah. [doi]
• Stealthy Adversarial Perturbations Against Real-Time Video Classification SystemsShasha Li, Ajaya Neupane, Sujoy Paul, Chengyu Song, Srikanth V. Krishnamurthy, Amit K. Roy Chowdhury, Ananthram Swami. [doi]
• IoTGuard: Dynamic Enforcement of Security and Safety Policy in Commodity IoTZ. Berkay Celik, Gang Tan, Patrick D. McDaniel. [doi]
• Balancing Image Privacy and Usability with Thumbnail-Preserving EncryptionKimia Tajik, Akshith Gunasekaran, Rhea Dutta, Brandon Ellis, Rakesh B. Bobba, Mike Rosulek, Charles V. Wright, Wu-chi Feng. [doi]
• Understanding Open Ports in Android Applications: Discovery, Diagnosis, and Security AssessmentDaoyuan Wu, Debin Gao, Rocky K. C. Chang, En He, Eric K. T. Cheng, Robert H. Deng. [doi]
• TextBugger: Generating Adversarial Text Against Real-world ApplicationsJinfeng Li, Shouling Ji, Tianyu Du, Bo Li, Ting Wang. [doi]
• Thunderclap: Exploring Vulnerabilities in Operating System IOMMU Protection via DMA from Untrustworthy PeripheralsA. Theodore Markettos, Colin Rothwell, Brett F. Gutstein, Allison Pearce, Peter G. Neumann, Simon W. Moore, Robert N. M. Watson. [doi]
• maTLS: How to Make TLS middlebox-aware?HyunWoo Lee, Zach Smith, Junghwan Lim, Gyeongjae Choi, Selin Chun, Taejoong Chung, Ted Taekyoung Kwon. [doi]
• Oligo-Snoop: A Non-Invasive Side Channel Attack Against DNA Synthesis MachinesSina Faezi, Sujit Rokka Chhetri, Arnav Vaibhav Malawade, John Charles Chaput, William H. Grover, Philip Brisk, Mohammad Abdullah Al Faruque. [doi]
• Statistical Privacy for Streaming TrafficXiaokuan Zhang, Jihun Hamm, Michael K. Reiter, Yinqian Zhang. [doi]
• REDQUEEN: Fuzzing with Input-to-State CorrespondenceCornelius Aschermann, Sergej Schumilo, Tim Blazytko, Robert Gawlik, Thorsten Holz. [doi]
• Life after Speech Recognition: Fuzzing Semantic Misinterpretation for Voice Assistant ApplicationsYangyong Zhang, Lei Xu, Abner Mendoza, Guangliang Yang, Phakpoom Chinprutthiwong, Guofei Gu. [doi]
• Countering Malicious Processes with Process-DNS AssociationSuphannee Sivakorn, Kangkook Jee, Yixin Sun, Lauri Kort-Parn, Zhichun Li, Cristian Lumezanu, Zhenyu Wu, Lu-An Tang, Ding Li. [doi]
• Ginseng: Keeping Secrets in Registers When You Distrust the Operating SystemMin Hong Yun, Lin Zhong 0001. [doi]
• rORAM: Efficient Range ORAM with O(log2 N) LocalityAnrin Chakraborti, Adam J. Aviv, Seung Geol Choi, Travis Mayberry, Daniel S. Roche, Radu Sion. [doi]
• UWB with Pulse Reordering: Securing Ranging against Relay and Physical-Layer AttacksMridula Singh, Patrick Leu, Srdjan Capkun. [doi]
• Neuro-Symbolic Execution: Augmenting Symbolic Execution with Neural ConstraintsShiqi Shen, Shweta Shinde, Soundarya Ramesh, Abhik Roychoudhury, Prateek Saxena. [doi]
• Graph-based Security and Privacy Analytics via Collective Classification with Joint Weight Learning and PropagationBinghui Wang, Jinyuan Jia, Neil Zhenqiang Gong. [doi]
• CRCount: Pointer Invalidation with Reference Counting to Mitigate Use-after-free in Legacy C/C++Jangseop Shin, Donghyun Kwon, Jiwon Seo, Yeongpil Cho, Yunheung Paek. [doi]
• Neural Machine Translation Inspired Binary Code Similarity Comparison beyond Function PairsFei Zuo, Xiaopeng Li, Patrick Young, Lannan Luo, Qiang Zeng 0001, Zhexin Zhang. [doi]
• Cybercriminal Minds: An investigative study of cryptocurrency abuses in the Dark WebSeunghyeon Lee, Changhoon Yoon, Heedo Kang, Yeonkeun Kim, Yongdae Kim, Dongsu Han, Sooel Son, Seungwon Shin. [doi]
• Private Continual Release of Real-Valued Data StreamsVictor Perrier, Hassan Jameel Asghar, Dali Kaafar. [doi]
• Quantity vs. Quality: Evaluating User Interest Profiles Using Ad Preference ManagersMuhammad Ahmad Bashir, Umar Farooq, Maryam Shahid, Muhammad Fareed Zaffar, Christo Wilson. [doi]
• JavaScript Template Attacks: Automatically Inferring Host Information for Targeted ExploitsMichael Schwarz 0001, Florian Lackner, Daniel Gruss. [doi]
• Enemy At the Gateways: Censorship-Resilient Proxy Distribution Using Game TheoryMilad Nasr, Sadegh Farhang, Amir Houmansadr, Jens Grossklags. [doi]
• Anonymous Multi-Hop Locks for Blockchain Scalability and InteroperabilityGiulio Malavolta, Pedro Moreno-Sanchez, Clara Schneidewind, Aniket Kate, Matteo Maffei. [doi]
• Giving State to the Stateless: Augmenting Trustworthy Computation with LedgersGabriel Kaptchuk, Matthew Green 0001, Ian Miers. [doi]
• Data Oblivious ISA Extensions for Side Channel-Resistant and High Performance ComputingJiyong Yu, Lucas Hsiung, Mohamad El Hajj, Christopher W. Fletcher. [doi]
• The Crux of Voice (In)Security: A Brain Study of Speaker Legitimacy DetectionAjaya Neupane, Nitesh Saxena, Leanne M. Hirshfield, Sarah E. Bratt. [doi]
• Sereum: Protecting Existing Smart Contracts Against Re-Entrancy AttacksMichael Rodler, Wenting Li, Ghassan O. Karame, Lucas Davi. [doi]
• The use of TLS in Censorship CircumventionSergey Frolov, Eric Wustrow. [doi]
• ICSREF: A Framework for Automated Reverse Engineering of Industrial Control Systems BinariesAnastasis Keliris, Michail Maniatakos. [doi]
• YODA: Enabling computationally intensive contracts on blockchains with Byzantine and Selfish nodesSourav Das, Vinay Joseph Ribeiro, Abhijeet Anand. [doi]
• ML-Leaks: Model and Data Independent Membership Inference Attacks and Defenses on Machine Learning ModelsAhmed Salem, Yang Zhang 0016, Mathias Humbert, Pascal Berrang, Mario Fritz, Michael Backes 0001. [doi]
• Constructing an Adversary Solver for EquihashXiaofei Bai, Jian Gao, Chenglong Hu, Liang Zhang. [doi]
• NoDoze: Combatting Threat Alert Fatigue with Automated Provenance TriageWajih Ul Hassan, Shengjian Guo, Ding Li, Zhengzhang Chen, Kangkook Jee, Zhichun Li, Adam Bates 0001. [doi]
• Distinguishing Attacks from Legitimate Authentication Traffic at ScaleCormac Herley, Stuart E. Schechter. [doi]
• Vault: Fast Bootstrapping for the Algorand CryptocurrencyDerek Leung, Adam Suhl, Yossi Gilad, Nickolai Zeldovich. [doi]
• TEE-aided Write Protection Against Privileged Data TamperingLianying Zhao, Mohammad Mannan. [doi]