2019 IEEE Symposium on Security and Privacy, SP 2019, San Francisco, CA, USA, May 19-23, 2019 - researchr publication

researchr

You are not signed in
Sign in
Sign up

2019 IEEE Symposium on Security and Privacy, SP 2019, San Francisco, CA, USA, May 19-23, 2019. IEEE, 2019. [doi]

Conference: sp

Abstract is missing.

Spectre Attacks: Exploiting Speculative ExecutionPaul Kocher, Jann Horn, Anders Fogh, Daniel Genkin, Daniel Gruss, Werner Haas, Mike Hamburg, Moritz Lipp, Stefan Mangard, Thomas Prescher 0002, Michael Schwarz 0001, Yuval Yarom. 1-19 [doi]

SoK: The Challenges, Pitfalls, and Perils of Using Hardware Performance Counters for SecuritySanjeev Das, Jan Werner, Manos Antonakakis, Michalis Polychronakis, Fabian Monrose. 20-38 [doi]

Theory and Practice of Finding Eviction SetsPepe Vila, Boris Köpf, José F. Morales. 39-54 [doi]

Exploiting Correcting Codes: On the Effectiveness of ECC Memory Against Rowhammer AttacksLucian Cojocar, Kaveh Razavi, Cristiano Giuffrida, Herbert Bos. 55-71 [doi]

Self-Encrypting Deception: Weaknesses in the Encryption of Solid State DrivesCarlo Meijer, Bernard van Gastel. 72-87 [doi]

RIDL: Rogue In-Flight Data LoadStephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Giorgi Maisuradze, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida. 88-105 [doi]

Perun: Virtual Payment Hubs over CryptocurrenciesStefan Dziembowski, Lisa Eckey, Sebastian Faust, Daniel Malinowski. 106-123 [doi]

Redactable Blockchain in the Permissionless SettingDominic Deuber, Bernardo Magri, Sri Aravinda Krishnan Thyagarajan. 124-138 [doi]

Proof-of-Stake SidechainsPeter Gazi, Aggelos Kiayias, Dionysis Zindros. 139-156 [doi]

Ouroboros Crypsinous: Privacy-Preserving Proof-of-StakeThomas Kerber, Aggelos Kiayias, Markulf Kohlweiss, Vassilis Zikas. 157-174 [doi]

Lay Down the Common Metrics: Evaluating Proof-of-Work Consensus Protocols' SecurityRen Zhang 0003, Bart Preneel. 175-192 [doi]

XCLAIM: Trustless, Interoperable, Cryptocurrency-Backed AssetsAlexei Zamyatin, Dominik Harz, Joshua Lind, Panayiotis Panayiotou, Arthur Gervais, William J. Knottenbelt. 193-210 [doi]

Does Certificate Transparency Break the Web? Measuring Adoption and Error RateEmily Stark, Ryan Sleevi, Rijad Muminovic, Devon O'Brien, Eran Messeri, Adrienne Porter Felt, Brendan McMillion, Parisa Tabriz. 211-226 [doi]

EmPoWeb: Empowering Web Applications with Browser ExtensionsDolière Francis Somé. 227-245 [doi]

"If HTTPS Were Secure, I Wouldn't Need 2FA" - End User and Administrator Mental Models of HTTPSKatharina Krombholz, Karoline Busse, Katharina Pfeffer, Matthew Smith 0001, Emanuel von Zezschwitz. 246-263 [doi]

Fidelius: Protecting User Secrets from Compromised BrowsersSaba Eskandarian, Jonathan Cogan, Sawyer Birnbaum, Peh Chang Wei Brandon, Dillon Franke, Forest Fraser, Gaspar Garcia Jr., Eric Gong, Hung T. Nguyen, Taresh K. Sethi, Vishal Subbiah, Michael Backes 0001, Giancarlo Pellegrino, Dan Boneh. 264-280 [doi]

Postcards from the Post-HTTP World: Amplification of HTTPS Vulnerabilities in the Web EcosystemStefano Calzavara, Riccardo Focardi, Matús Nemec, Alvise Rabitti, Marco Squarcina. 281-298 [doi]

Towards Practical Differentially Private Convex OptimizationRoger Iyengar, Joseph P. Near, Dawn Song, Om Thakkar, Abhradeep Thakurta, Lun Wang. 299-316 [doi]

PrivKV: Key-Value Data Collection with Local Differential PrivacyQingqing Ye, Haibo Hu, Xiaofeng Meng, Huadi Zheng. 317-331 [doi]

Differentially Private Model Publishing for Deep LearningLei Yu, Ling Liu 0001, Calton Pu, Mehmet Emre Gursoy, Stacey Truex. 332-349 [doi]

KHyperLogLog: Estimating Reidentifiability and Joinability of Large Data at ScalePern Hui Chia, Damien Desfontaines, Irippuge Milinda Perera, Daniel Simmons-Marengo, Chao Li, Wei-Yen Day, Qiushi Wang, Miguel Guevara. 350-364 [doi]

Characterizing Pixel Tracking through the Lens of Disposable Email ServicesHang Hu 0002, Peng Peng, Gang Wang. 365-379 [doi]

Reasoning Analytically about Password-Cracking SoftwareEnze Liu, Amanda Nakanishi, Maximilian Golla, David Cash, Blase Ur. 380-397 [doi]

True2F: Backdoor-Resistant Authentication TokensEmma Dauterman, Henry Corrigan-Gibbs, David Mazières, Dan Boneh, Dominic Rizzo. 398-416 [doi]

Beyond Credential Stuffing: Password Similarity Models Using Neural NetworksBijeeta Pal, Tal Daniel, Rahul Chatterjee 0001, Thomas Ristenpart. 417-434 [doi]

The 9 Lives of Bleichenbacher's CAT: New Cache ATtacks on TLS ImplementationsEyal Ronen, Robert Gillham, Daniel Genkin, Adi Shamir, David Wong, Yuval Yarom. 435-452 [doi]

An Extensive Formal Security Analysis of the OpenID Financial-Grade APIDaniel Fett, Pedram Hosseyni, Ralf Küsters. 453-471 [doi]

Asm2Vec: Boosting Static Representation Robustness for Binary Clone Search against Code Obfuscation and Compiler OptimizationSteven H. H. Ding, Benjamin C. M. Fung, Philippe Charland. 472-489 [doi]

Iodine: Fast Dynamic Taint Tracking Using Rollback-free Optimistic Hybrid AnalysisSubarno Banerjee, David Devecsery, Peter M. Chen, Satish Narayanasamy. 490-504 [doi]

CaSym: Cache Aware Symbolic Execution for Side Channel Detection and MitigationRobert Brotzman, Shen Liu, Danfeng Zhang, Gang Tan, Mahmut T. Kandemir. 505-521 [doi]

Towards Automated Safety Vetting of PLC Code in Real-World PlantsMu Zhang, Chien-Ying Chen, Bin-Chou Kao, Yassine Qamsane, Yuru Shao, Yikai Lin, Elaine Shi, Sibin Mohan, Kira Barton, James R. Moyne, Z. Morley Mao. 522-538 [doi]

Using Safety Properties to Generate Vulnerability PatchesZhen Huang 0002, David Lie, Gang Tan, Trent Jaeger. 539-554 [doi]

Short Text, Large Effect: Measuring the Impact of User Reviews on Android App Security & PrivacyDuc-Cuong Nguyen, Erik Derr, Michael Backes 0001, Sven Bugiel. 555-569 [doi]

Demystifying Hidden Privacy Settings in Mobile AppsYi Chen, Mingming Zha, Nan Zhang, Dandan Xu, Qianqian Zhao, Xuan Feng, Kan Yuan, Fnu Suya, Yuan Tian, Kai Chen 0012, Xiaofeng Wang 0001, Wei Zou. 570-586 [doi]

Security of GPS/INS Based On-road Location Tracking SystemsSashank Narain, Aanjhan Ranganathan, Guevara Noubir. 587-601 [doi]

Understanding the Security of ARM Debugging FeaturesZhenyu Ning, Fengwei Zhang. 602-619 [doi]

Tap 'n Ghost: A Compilation of Novel Attack Techniques against Smartphone TouchscreensSeita Maruyama, Satohiro Wakabayashi, Tatsuya Mori. 620-637 [doi]

SensorID: Sensor Calibration Fingerprinting for SmartphonesJiexin Zhang, Alastair R. Beresford, Ian Sheret. 638-655 [doi]

Certified Robustness to Adversarial Examples with Differential PrivacyMathias Lécuyer, Vaggelis Atlidakis, Roxana Geambasu, Daniel Hsu 0001, Suman Jana. 656-672 [doi]

DEEPSEC: A Uniform Platform for Security Analysis of Deep Learning ModelXiang Ling, Shouling Ji, Jiaxu Zou, Jiannan Wang, Chunming Wu, Bo Li, Ting Wang. 673-690 [doi]

Exploiting Unintended Feature Leakage in Collaborative LearningLuca Melis, Congzheng Song, Emiliano De Cristofaro, Vitaly Shmatikov. 691-706 [doi]

Neural Cleanse: Identifying and Mitigating Backdoor Attacks in Neural NetworksBolun Wang, Yuanshun Yao, Shawn Shan, Huiying Li, Bimal Viswanath, Haitao Zheng, Ben Y. Zhao. 707-723 [doi]

Helen: Maliciously Secure Coopetitive Learning for Linear ModelsWenting Zheng, Raluca Ada Popa, Joseph E. Gonzalez, Ion Stoica. 724-738 [doi]

Comprehensive Privacy Analysis of Deep Learning: Passive and Active White-box Inference Attacks against Centralized and Federated LearningMilad Nasr, Reza Shokri, Amir Houmansadr. 739-753 [doi]

Razzer: Finding Kernel Race Bugs through FuzzingDae R. Jeong, Kyungtae Kim, Basavesh Shivakumar, Byoungyoung Lee, Insik Shin. 754-768 [doi]

ProFuzzer: On-the-fly Input Type Probing for Better Zero-Day Vulnerability DiscoveryWei You, Xueqiang Wang, ShiQing Ma, JianJun Huang, Xiangyu Zhang, Xiaofeng Wang 0001, Bin Liang 0002. 769-786 [doi]

Full-Speed Fuzzing: Reducing Fuzzing Overhead through Coverage-Guided TracingStefan Nagy, Matthew Hicks. 787-802 [doi]

NEUZZ: Efficient Fuzzing with Neural Program SmoothingDongdong She, Kexin Pei, Dave Epstein, Junfeng Yang, Baishakhi Ray, Suman Jana. 803-817 [doi]

Fuzzing File Systems via Two-Dimensional Input Space ExplorationWen Xu, Hyungon Moon, Sanidhya Kashyap, Po-Ning Tseng, Taesoo Kim. 818-834 [doi]

F-BLEAU: Fast Black-Box Leakage EstimationGiovanni Cherubin, Konstantinos Chatzikokolakis 0001, Catuscia Palamidessi. 835-852 [doi]

Synesthesia: Detecting Screen Content via Remote Acoustic Side ChannelsDaniel Genkin, Mihir Pattani, Roei Schuster, Eran Tromer. 853-869 [doi]

Port Contention for Fun and ProfitAlejandro Cabrera Aldaya, Billy Bob Brumley, Sohaib ul Hassan, Cesar Pereida García, Nicola Tuveri. 870-887 [doi]

Attack Directories, Not Caches: Side Channel Attacks in a Non-Inclusive WorldMengjia Yan, Read Sprabery, Bhargava Gopireddy, Christopher W. Fletcher, Roy H. Campbell, Josep Torrellas. 888-904 [doi]

Hard Drive of Hearing: Disks that Eavesdrop with a Synthesized MicrophoneAndrew Kwong, Wenyuan Xu, Kevin Fu. 905-919 [doi]

"Should I Worry?" A Cross-Cultural Examination of Account Security Incident ResponseElissa M. Redmiles. 920-934 [doi]

Bitcoin vs. Bitcoin Cash: Coexistence or Downfall of Bitcoin Cash?Yujin Kwon, Hyoungshick Kim, Jinwoo Shin, Yongdae Kim. 935-951 [doi]

Stealthy Porn: Understanding Real-World Adversarial Images for Illicit Online PromotionKan Yuan, Di Tang, Xiaojing Liao, Xiaofeng Wang 0001, Xuan Feng, Yi Chen, Menghan Sun, Haoran Lu, Kehuan Zhang. 952-966 [doi]

LBM: A Security Framework for Peripherals within the Linux KernelDave Jing Tian, Grant Hernandez, Joseph I. Choi, Vanessa Frost, Peter C. Johnson 0001, Kevin R. B. Butler. 967-984 [doi]

SoK: Shining Light on Shadow StacksNathan Burow, Xinping Zhang, Mathias Payer. 985-999 [doi]

Kiss from a Rogue: Evaluating Detectability of Pay-at-the-Pump Card SkimmersNolen Scaife, Jasmine Bowers, Christian Peeters, Grant Hernandez, Imani N. Sherman, Patrick Traynor, Lisa Anthony. 1000-1014 [doi]

Blind Certificate AuthoritiesLiang Wang, Gilad Asharov, Rafael Pass, Thomas Ristenpart, Abhi Shelat. 1015-1032 [doi]

Data Recovery on Encrypted Databases with k-Nearest Neighbor Query LeakageEvgenios M. Kornaropoulos, Charalampos Papamanthou, Roberto Tamassia. 1033-1050 [doi]

Threshold ECDSA from ECDSA Assumptions: The Multiparty CaseJack Doerner, Yashvanth Kondi, Eysa Lee, Abhi Shelat. 1051-1066 [doi]

Learning to Reconstruct: Statistical Learning Theory and Encrypted Database AttacksPaul Grubbs, Marie-Sarah Lacharité, Brice Minaud, Kenneth G. Paterson. 1067-1083 [doi]

On the Security of Two-Round Multi-SignaturesManu Drijvers, Kasra Edalatnejad, Bryan Ford, Eike Kiltz, Julian Loss, Gregory Neven, Igors Stepanovs. 1084-1101 [doi]

New Primitives for Actively-Secure MPC over Rings with Applications to Private Machine LearningIvan Damgård, Daniel Escudero 0001, Tore Kasper Frederiksen, Marcel Keller, Peter Scholl, Nikolaj Volgushev. 1102-1120 [doi]

Breaking LTE on Layer TwoDavid Rupprecht, Katharina Kohls, Thorsten Holz, Christina Pöpper. 1121-1136 [doi]

HOLMES: Real-Time APT Detection through Correlation of Suspicious Information FlowsSadegh Momeni Milajerdi, Rigel Gjomemo, Birhanu Eshete, R. Sekar, V. N. Venkatakrishnan. 1137-1152 [doi]

Touching the Untouchables: Dynamic Security Analysis of the LTE Control PlaneHongil Kim, Jiho Lee, Eunkyu Lee, Yongdae Kim. 1153-1168 [doi]

On the Feasibility of Rerouting-Based DDoS DefensesMuoi Tran, Min-Suk Kang, Hsu-Chun Hsiao, Wei-Hsuan Chiang, Shu-Po Tung, Yu-Su Wang. 1169-1184 [doi]

Resident Evil: Understanding Residential IP Proxy as a Dark ServiceXianghang Mi, Xuan Feng, Xiaojing Liao, Baojun Liu, Xiaofeng Wang 0001, Feng Qian, Zhou Li 0001, Sumayah A. Alrwais, Limin Sun, Ying Liu. 1185-1201 [doi]

Simple High-Level Code for Cryptographic Arithmetic - With Proofs, Without CompromisesAndres Erbsen, Jade Philipoom, Jason Gross, Robert Sloan, Adam Chlipala. 1202-1219 [doi]

SoK: General Purpose Compilers for Secure Multi-Party ComputationMarcella Hastings, Brett Hemenway, Daniel Noble, Steve Zdancewic. 1220-1237 [doi]

The Code That Never Ran: Modeling Attacks on Speculative EvaluationCraig Disselkoen, Radha Jagadeesan, Alan Jeffrey, James Riely. 1238-1255 [doi]

Formally Verified Cryptographic Web Applications in WebAssemblyJonathan Protzenko, Benjamin Beurdouche, Denis Merigoux, Karthikeyan Bhargavan. 1256-1274 [doi]

SoK: Sanitizing for SecurityDokyung Song, Julian Lettner, Prabhu Rajasekaran, Yeoul Na, Stijn Volckaert, Per Larsen, Michael Franz. 1275-1295 [doi]

Why Does Your Data Leak? Uncovering the Data Leakage in Cloud from Mobile AppsChaoshun Zuo, Zhiqiang Lin, Yinqian Zhang. 1296-1310 [doi]

Measuring and Analyzing Search Engine Poisoning of Linguistic CollisionsMatthew Joslin, Neng Li, Shuang Hao, Minhui Xue, Haojin Zhu. 1311-1325 [doi]

How Well Do My Results Generalize? Comparing Security and Privacy Survey Results from MTurk, Web, and Telephone SamplesElissa M. Redmiles, Sean Kross, Michelle L. Mazurek. 1326-1343 [doi]

PhishFarm: A Scalable Framework for Measuring the Effectiveness of Evasion Techniques against Browser Phishing BlacklistsAdam Oest, Yeganeh Safaei, Adam Doupé, Gail-Joon Ahn, Brad Wardman, Kevin Tyers. 1344-1361 [doi]

SoK: Security Evaluation of Home-Based IoT DeploymentsOmar Alrawi, Chaz Lever, Manos Antonakakis, Fabian Monrose. 1362-1380 [doi]

Dangerous Skills: Understanding and Mitigating Security Risks of Voice-Controlled Third-Party Functions on Virtual Personal Assistant SystemsNan Zhang, Xianghang Mi, Xuan Feng, Xiaofeng Wang 0001, Yuan Tian 0001, Feng Qian. 1381-1396 [doi]

Drones' Cryptanalysis - Smashing Cryptography with a FlickerBen Nassi, Raz Ben-Netanel, Adi Shamir, Yuval Elovici. 1397-1414 [doi]

Dominance as a New Trusted Computing Primitive for the Internet of ThingsMeng Xu, Manuel Huber 0001, Zhichuang Sun, Paul England, Marcus Peinado, Sangho Lee 0001, Andrey Marochko, Dennis Mattoon, Rob Spiger, Stefan Thom. 1415-1430 [doi]

runs on WebDSL