Table of Contents

• Hunting the Red Fox Online: Understanding and Detection of Mass Redirect-Script InjectionsZhou Li, Sumayah A. Alrwais, Xiaofeng Wang, Eihal Alowaisheq. 3-18 [doi]
• Stealing Webpages Rendered on Your Browser by Exploiting GPU VulnerabilitiesSangho Lee, Youngsok Kim, Jangwoo Kim, Jong Kim. 19-33 [doi]
• All Your Screens Are Belong to Us: Attacks Exploiting the HTML5 Screen Sharing APIYuan Tian, Ying-Chuan Liu, Amar Bhosale, Lin-Shung Huang, Patrick Tague, Collin Jackson. 34-48 [doi]
• Chip and Skim: Cloning EMV Cards with the Pre-play AttackMike Bond, Omar Choudary, Steven J. Murdoch, Sergei P. Skorobogatov, Ross J. Anderson. 49-64 [doi]
• When HTTPS Meets CDN: A Case of Authentication in Delegated ServiceJinjin Liang, Jian Jiang, Hai-Xin Duan, Kang Li, Tao Wan, Jianping Wu. 67-82 [doi]
• Analyzing Forged SSL Certificates in the WildLin-Shung Huang, Alex Rice, Erling Ellingsen, Collin Jackson. 83-97 [doi]
• Triple Handshakes and Cookie Cutters: Breaking and Fixing Authentication over TLSKarthikeyan Bhargavan, Antoine Delignat-Lavaud, Cédric Fournet, Alfredo Pironti, Pierre-Yves Strub. 98-113 [doi]
• Using Frankencerts for Automated Adversarial Testing of Certificate Validation in SSL/TLS ImplementationsChad Brubaker, Suman Jana, Baishakhi Ray, Sarfraz Khurshid, Vitaly Shmatikov. 114-129 [doi]
• Automating Isolation and Least Privilege in Web ServicesAaron Blankstein, Michael J. Freedman. 133-148 [doi]
• Hidden GEMs: Automated Discovery of Access Control Vulnerabilities in Graphical User InterfacesCollin Mulliner, William K. Robertson, Engin Kirda. 149-162 [doi]
• Automated Analysis of Security Protocols with Global StateSteve Kremer, Robert Künnemann. 163-178 [doi]
• Automated Verification of Group Key Agreement ProtocolsBenedikt Schmidt, Ralf Sasse, Cas Cremers, David A. Basin. 179-194 [doi]
• Practical Evasion of a Learning-Based Classifier: A Case StudyNedim Srndic, Pavel Laskov. 197-211 [doi]
• Doppelgänger Finder: Taking Stylometry to the UndergroundSadia Afroz, Aylin Caliskan Islam, Ariel Stolerman, Rachel Greenstadt, Damon McCoy. 212-226 [doi]
• Hacking BlindAndrea Bittau, Adam Belay, Ali José Mashtizadeh, David Mazières, Dan Boneh. 227-242 [doi]
• Framing Signals - A Return to Portable ShellcodeErik Bosman, Herbert Bos. 243-258 [doi]
• Pivot: Fast, Synchronous Mashup Isolation Using Generator ChainsJames Mickens. 261-275 [doi]
• SoK: Automated Software DiversityPer Larsen, Andrei Homescu, Stefan Brunthaler, Michael Franz. 276-291 [doi]
• KCoFI: Complete Control-Flow Integrity for Commodity Operating System KernelsJohn Criswell, Nathan Dautenhahn, Vikram S. Adve. 292-307 [doi]
• Dancing with Giants: Wimpy Kernels for On-Demand Isolated I/OZongwei Zhou, Miao Yu, Virgil D. Gligor. 308-323 [doi]
• Bootstrapping Privacy Compliance in Big Data SystemsShayak Sen, Saikat Guha, Anupam Datta, Sriram K. Rajamani, Janice Y. Tsai, Jeannette M. Wing. 327-342 [doi]
• Formal Analysis of Chaumian Mix Nets with Randomized Partial CheckingRalf Küsters, Tomasz Truderung, Andreas Vogt 0001. 343-358 [doi]
• Blind Seer: A Scalable Private DBMSVasilis Pappas, Fernando Krell, Binh Vo, Vladimir Kolesnikov, Tal Malkin, Seung Geol Choi, Wesley George, Angelos D. Keromytis, Steve Bellovin. 359-374 [doi]
• ANONIZE: A Large-Scale Anonymous Survey SystemSusan Hohenberger, Steven Myers, Rafael Pass, Abhi Shelat. 375-389 [doi]
• Upgrading Your Android, Elevating My Malware: Privilege Escalation through Mobile OS UpdatingLuyi Xing, Xiaorui Pan, Rui Wang 0010, Kan Yuan, Xiaofeng Wang. 393-408 [doi]
• The Peril of Fragmentation: Security Hazards in Android Device Driver CustomizationsXiao-yong Zhou, Yeonjoon Lee, Nan Zhang, Muhammad Naveed, Xiaofeng Wang. 409-423 [doi]
• From Zygote to Morula: Fortifying Weakened ASLR on AndroidByoungyoung Lee, Long Lu, Tielei Wang, Taesoo Kim, Wenke Lee. 424-439 [doi]
• Secure Multiparty Computations on BitcoinMarcin Andrychowicz, Stefan Dziembowski, Daniel Malinowski, Lukasz Mazurek. 443-458 [doi]
• Zerocash: Decentralized Anonymous Payments from BitcoinEli Ben-Sasson, Alessandro Chiesa, Christina Garman, Matthew Green 0001, Ian Miers, Eran Tromer, Madars Virza. 459-474 [doi]
• Permacoin: Repurposing Bitcoin Work for Data PreservationAndrew Miller, Ari Juels, Elaine Shi, Bryan Parno, Jonathan Katz. 475-490 [doi]
• Cloak and Swagger: Understanding Data Sensitivity through the Lens of User AnonymitySai Teja Peddinti, Aleksandra Korolova, Elie Bursztein, Geetanjali Sampemane. 493-508 [doi]
• Stopping a Rapid Tornado with a PuffJose Lopes, Nuno Neves. 509-523 [doi]
• SoK: Security and Privacy in Implantable Medical Devices and Body Area NetworksMichael Rushanan, Aviel D. Rubin, Denis Foo Kune, Colleen M. Swanson. 524-539 [doi]
• Quantifying Information Flow for Dynamic SecretsPiotr Mardziel, Mário S. Alvim, Michael W. Hicks, Michael R. Clarkson. 540-555 [doi]
• Not-So-Random Numbers in Virtualized Linux and the Whirlwind RNGAdam Everspaugh, Yan Zhai, Robert Jellinek, Thomas Ristenpart, Michael M. Swift. 559-574 [doi]
• Out of Control: Overcoming Control-Flow IntegrityEnes Göktas, Elias Athanasopoulos, Herbert Bos, Georgios Portokalidis. 575-589 [doi]
• Modeling and Discovering Vulnerabilities with Code Property GraphsFabian Yamaguchi, Nico Golde, Daniel Arp, Konrad Rieck. 590-604 [doi]
• SoK: Introspections on Trust and the Semantic GapBhushan Jain, Mirza Basim Baig, Dongli Zhang, Donald E. Porter, Radu Sion. 605-620 [doi]
• Automating Efficient RAM-Model Secure ComputationChang Liu, Yan Huang, Elaine Shi, Jonathan Katz, Michael W. Hicks. 623-638 [doi]
• Dynamic Searchable Encryption via Blind StorageMuhammad Naveed, Manoj Prabhakaran, Carl A. Gunter. 639-654 [doi]
• Wysteria: A Programming Language for Generic, Mixed-Mode Multiparty ComputationsAseem Rastogi, Matthew A. Hammer, Michael Hicks. 655-670 [doi]
• An Expressive Model for the Web Infrastructure: Definition and Application to the Browser ID SSO SystemDaniel Fett, Ralf Küsters, Guido Schmitz. 673-688 [doi]
• A Study of Probabilistic Password ModelsJerry Ma, Weining Yang, Min Luo, Ninghui Li. 689-704 [doi]
• ZEBRA: Zero-Effort Bilateral Recurring AuthenticationShrirang Mare, Andres Molina-Markham, Cory Cornelius, Ronald A. Peterson, David Kotz. 705-720 [doi]