Abstract is missing.
- Lock It and Still Lose It - on the (In)Security of Automotive Remote Keyless Entry SystemsFlavio D. Garcia, David Oswald, Timo Kasper, Pierre Pavlidès. [doi]
- Internet Jones and the Raiders of the Lost Trackers: An Archaeological Study of Web Tracking from 1996 to 2016Adam Lerner, Anna Kornfeld Simpson, Tadayoshi Kohno, Franziska Roesner. [doi]
- Flip Feng Shui: Hammering a Needle in the Software StackKaveh Razavi, Ben Gras, Erik Bosman, Bart Preneel, Cristiano Giuffrida, Herbert Bos. 1-18 [doi]
- One Bit Flips, One Cloud Flops: Cross-VM Row Hammer Attacks and Privilege EscalationYuan Xiao, Xiaokuan Zhang, Yinqian Zhang, Radu Teodorescu. 19-35 [doi]
- PIkit: A New Kernel-Independent Processor-Interconnect RootkitWonJun Song, Hyunwoo Choi, Junhong Kim, Eunsoo Kim, Yongdae Kim, John Kim. 37-51 [doi]
- Verifying Constant-Time ImplementationsJosé Bacelar Almeida, Manuel Barbosa, Gilles Barthe, François Dupressoir, Michael Emmi. 53-70 [doi]
- Secure, Precise, and Fast Floating-Point Operations on x86 ProcessorsAshay Rane, Calvin Lin, Mohit Tiwari. 71-86 [doi]
- überSpark: Enforcing Verifiable Object Abstractions for Automated Compositional Security Analysis of a HypervisorAmit Vasudevan, Sagar Chaki, Petros Maniatis, Limin Jia, Anupam Datta. 87-104 [doi]
- Undermining Information Hiding (and What to Do about It)Enes Göktas, Robert Gawlik, Benjamin Kollenda, Elias Athanasopoulos, Georgios Portokalidis, Cristiano Giuffrida, Herbert Bos. 105-119 [doi]
- Poking Holes in Information HidingAngelos Oikonomopoulos, Elias Athanasopoulos, Herbert Bos, Cristiano Giuffrida. 121-138 [doi]
- What Cannot Be Read, Cannot Be Leveraged? Revisiting Assumptions of JIT-ROP DefensesGiorgi Maisuradze, Michael Backes 0001, Christian Rossow. 139-156 [doi]
- zxcvbn: Low-Budget Password Strength EstimationDaniel Lowe Wheeler. 157-173 [doi]
- Fast, Lean, and Accurate: Modeling Password Guessability Using Neural NetworksWilliam Melicher, Blase Ur, Sean M. Segreti, Saranga Komanduri, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor. 175-191 [doi]
- An Empirical Study of Textual Key-Fingerprint RepresentationsSergej Dechand, Dominik Schürmann, Karoline Busse, Yasemin Acar, Sascha Fahl, Matthew Smith 0001. 193-208 [doi]
- Off-Path TCP Exploits: Global Rate Limit Considered DangerousYue Cao, Zhiyun Qian, Zhongjie Wang, Tuan Dao, Srikanth V. Krishnamurthy, Lisa M. Marvel. 209-225 [doi]
- Website-Targeted False Content Injection by Network OperatorsGabi Nakibly, Jaime Schcolnik, Yossi Rubin. 227-244 [doi]
- The Ever-Changing Labyrinth: A Large-Scale Analysis of Wildcard DNS Powered Blackhat SEOKun Du, Hao Yang, Zhou Li, Hai-Xin Duan, Kehuan Zhang. 245-262 [doi]
- A Comprehensive Measurement Study of Domain Generating MalwareDaniel Plohmann, Khaled Yakdan, Michael Klatt, Johannes Bader, Elmar Gerhards-Padilla. 263-278 [doi]
- Enhancing Bitcoin Security and Performance with Strong Consistency via Collective SigningEleftherios Kokoris-Kogias, Philipp Jovanovic, Nicolas Gailly, Ismail Khoffi, Linus Gasser, Bryan Ford. 279-296 [doi]
- Faster Malicious 2-Party Secure Computation with Online/Offline Dual ExecutionPeter Rindal, Mike Rosulek. 297-314 [doi]
- Egalitarian ComputingAlex Biryukov, Dmitry Khovratovich. 315-326 [doi]
- Post-quantum Key Exchange - A New HopeErdem Alkim, Léo Ducas, Thomas Pöppelmann, Peter Schwabe. 327-343 [doi]
- Automatically Detecting Error Handling Bugs Using Error SpecificationsSuman Jana, Yuan Jochen Kang, Samuel Roth, Baishakhi Ray. 345-362 [doi]
- APISan: Sanitizing API Usages through Semantic Cross-CheckingInsu Yun, Changwoo Min, Xujie Si, Yeongjin Jang, Taesoo Kim, Mayur Naik. 363-378 [doi]
- On Omitting Commits and Committing Omissions: Preventing Git Metadata Tampering That (Re)introduces Software VulnerabilitiesSantiago Torres-Arias, Anil Kumar Ammula, Reza Curtmola, Justin Cappos. 379-395 [doi]
- Defending against Malicious Peripherals with CinchSebastian Angel, Riad S. Wahby, Max Howald, Joshua B. Leners, Michael Spilo, Zhen Sun, Andrew J. Blumberg, Michael Walfish. 397-414 [doi]
- Making USB Great Again with USBFILTERDave (Jing) Tian, Nolen Scaife, Adam M. Bates, Kevin R. B. Butler, Patrick Traynor. 415-430 [doi]
- Micro-Virtualization Memory Tracing to Detect and Prevent Spraying AttacksStefano Cristalli, Mattia Pagnozzi, Mariano Graziano, Andrea Lanzi, Davide Balzarotti. 431-446 [doi]
- Request and Conquer: Exposing Cross-Origin Resource SizeTom van Goethem, Mathy Vanhoef, Frank Piessens, Wouter Joosen. 447-462 [doi]
- Trusted Browsers for Uncertain TimesDavid Kohlbrenner, Hovav Shacham. 463-480 [doi]
- Tracing Information Flows Between Ad Exchanges Using Retargeted AdsMuhammad Ahmad Bashir, Sajjad Arshad, William Robertson, Christo Wilson. 481-496 [doi]
- Virtual U: Defeating Face Liveness Detection by Building Virtual Models from Your Public PhotosYi Xu, True Price, Jan-Michael Frahm, Fabian Monrose. 497-512 [doi]
- Hidden Voice CommandsNicholas Carlini, Pratyush Mishra, Tavish Vaidya, Yuankai Zhang, Micah Sherr, Clay Shields, David Wagner, Wenchao Zhou. 513-530 [doi]
- FlowFence: Practical Data Protection for Emerging IoT Application FrameworksEarlence Fernandes, Justin Paupore, Amir Rahmati, Daniel Simionato, Mauro Conti, Atul Prakash. 531-548 [doi]
- ARMageddon: Cache Attacks on Mobile DevicesMoritz Lipp, Daniel Gruss, Raphael Spreitzer, Clémentine Maurice, Stefan Mangard. 549-564 [doi]
- DRAMA: Exploiting DRAM Addressing for Cross-CPU AttacksPeter Pessl, Daniel Gruss, Clémentine Maurice, Michael Schwarz, Stefan Mangard. 565-581 [doi]
- An In-Depth Analysis of Disassembly on Full-Scale x86/x64 BinariesDennis Andriesse, Xi Chen, Victor van der Veen, Asia Slowinska, Herbert Bos. 583-600 [doi]
- Stealing Machine Learning Models via Prediction APIsFlorian Tramèr, Fan Zhang, Ari Juels, Michael K. Reiter, Thomas Ristenpart. 601-618 [doi]
- Oblivious Multi-Party Machine Learning on Trusted ProcessorsOlga Ohrimenko, Felix Schuster, Cédric Fournet, Aastha Mehta, Sebastian Nowozin, Kapil Vaswani, Manuel Costa. 619-636 [doi]
- Thoth: Comprehensive Policy Compliance in Data Retrieval SystemsEslam Elnikety, Aastha Mehta, Anjo Vahldiek-Oberwagner, Deepak Garg 0001, Peter Druschel. 637-654 [doi]
- Dancing on the Lip of the Volcano: Chosen Ciphertext Attacks on Apple iMessageChristina Garman, Matthew Green 0001, Gabriel Kaptchuk, Ian Miers, Michael Rushanan. 655-672 [doi]
- Predicting, Decrypting, and Abusing WPA2/802.11 Group KeysMathy Vanhoef, Frank Piessens. 673-688 [doi]
- DROWN: Breaking TLS Using SSLv2Nimrod Aviram, Sebastian Schinzel, Juraj Somorovsky, Nadia Heninger, Maik Dankel, Jens Steube, Luke Valenta, David Adrian, J. Alex Halderman, Viktor Dukhovni, Emilia Käsper, Shaanan Cohney, Susanne Engels, Christof Paar, Yuval Shavitt. 689-706 [doi]
- All Your Queries Are Belong to Us: The Power of File-Injection Attacks on Searchable EncryptionYupeng Zhang, Jonathan Katz, Charalampos Papamanthou. 707-720 [doi]
- Investigating Commercial Pay-Per-Install and the Distribution of Unwanted SoftwareKurt Thomas, Juan A. Elices Crespo, Ryan Rasti, Jean Michel Picod, Cait Phillips, Marc-André Decoste, Chris Sharp, Fabio Tirelo, Ali Tofigh, Marc-Antoine Courteau, Lucas Ballard, Robert Shield, Nav Jagpal, Moheeb Abu Rajab, Panayiotis Mavrommatis, Niels Provos, Elie Bursztein, Damon McCoy. 721-739 [doi]
- Measuring PUP Prevalence and PUP Distribution through Pay-Per-Install ServicesPlaton Kotzias, Leyla Bilge, Juan Caballero. 739-756 [doi]
- UNVEIL: A Large-Scale, Automated Approach to Detecting RansomwareAmin Kharraz, Sajjad Arshad, Collin Mulliner, William K. Robertson, Engin Kirda. 757-772 [doi]
- Towards Measuring and Mitigating Social Engineering Software Download AttacksTerry Nelms, Roberto Perdisci, Manos Antonakakis, Mustaque Ahamad. 773-789 [doi]
- Specification Mining for Intrusion Detection in Networked Control SystemsMarco Caselli, Emmanuele Zambon, Johanna Amann, Robin Sommer, Frank Kargl. 791-806 [doi]
- Optimized Invariant Representation of Network Traffic for Detecting Unseen Malware VariantsKarel Bartos, Michal Sofka, Vojtech Franc. 807-822 [doi]
- Authenticated Network Time SynchronizationBenjamin Dowling, Douglas Stebila, Greg Zaverucha. 823-840 [doi]
- fTPM: A Software-Only Implementation of a TPM ChipHimanshu Raj, Stefan Saroiu, Alec Wolman, Ronald Aigner, Jeremiah Cox, Paul England, Chris Fenner, Kinshuman Kinshumann, Jork Löser, Dennis Mattoon, Magnus Nyström, David Robinson, Rob Spiger, Stefan Thom, David Wooten. 841-856 [doi]
- Sanctum: Minimal Hardware Extensions for Strong Software IsolationVictor Costan, Ilia A. Lebedev, Srinivas Devadas. 857-874 [doi]
- Ariadne: A Minimal Approach to State ContinuityRaoul Strackx, Frank Piessens. 875-892 [doi]
- The Million-Key Question - Investigating the Origins of RSA Public KeysPetr Svenda, Matús Nemec, Peter Sekan, Rudolf Kvasnovský, David Formánek, David Komárek, Vashek Matyás. 893-910 [doi]
- Fingerprinting Electronic Control Units for Vehicle Intrusion DetectionKyong-Tak Cho, Kang G. Shin. 911-927 [doi]
- OblivP2P: An Oblivious Peer-to-Peer Content Sharing SystemYaoqi Jia, Tarik Moataz, Shruti Tople, Prateek Saxena. 945-962 [doi]
- AuthLoop: End-to-End Cryptographic Authentication for Telephony over Voice ChannelsBradley Reaves, Logan Blue, Patrick Traynor. 963-978 [doi]
- You Are Who You Know and How You Behave: Attribute Inference Attacks via Users' Social Friends and BehaviorsNeil Zhenqiang Gong, Bin Liu. 979-995 [doi]
- Hey, You Have a Problem: On the Feasibility of Large-Scale Web Vulnerability NotificationBen Stock, Giancarlo Pellegrino, Christian Rossow, Martin Johns, Michael Backes 0001. 1015-1032 [doi]
- You've Got Vulnerability: Exploring Effective Vulnerability NotificationsFrank Li, Zakir Durumeric, Jakub Czyz, Mohammad Karami, Michael Bailey, Damon McCoy, Stefan Savage, Vern Paxson. 1033-1050 [doi]
- Mirror: Enabling Proofs of Data Replication and Retrievability in the CloudFrederik Armknecht, Ludovic Barman, Jens-Matthias Bohli, Ghassan O. Karame. 1051-1068 [doi]
- ZKBoo: Faster Zero-Knowledge for Boolean CircuitsIrene Giacomelli, Jesper Madsen, Claudio Orlandi. 1069-1083 [doi]
- The Cut-and-Choose Game and Its Application to Cryptographic ProtocolsRuiyu Zhu, Yan Huang, Jonathan Katz, Abhi Shelat. 1085-1100 [doi]
- On Demystifying the Android Application Framework: Re-Visiting Android Permission Specification AnalysisMichael Backes 0001, Sven Bugiel, Erik Derr, Patrick McDaniel, Damien Octeau, Sebastian Weisgerber. 1101-1118 [doi]
- Practical DIFC Enforcement on AndroidAdwait Nadkarni, Benjamin Andow, William Enck, Somesh Jha. 1119-1136 [doi]
- Screen after Previous Screens: Spatial-Temporal Recreation of Android App Displays from Memory ImagesBrendan Saltaformaggio, Rohit Bhatia, Xiangyu Zhang, Dongyan Xu, Golden G. Richard III. 1137-1151 [doi]
- Harvesting Inconsistent Security Configurations in Custom Android ROMs via Differential AnalysisYousra Aafer, Xiao Zhang, Wenliang Du. 1153-1168 [doi]
- Identifying and Characterizing Sybils in the Tor NetworkPhilipp Winter, Roya Ensafi, Karsten Loesing, Nick Feamster. 1169-1185 [doi]
- k-fingerprinting: A Robust Scalable Website Fingerprinting TechniqueJamie Hayes, George Danezis. 1187-1203 [doi]
- Protecting Privacy of BLE Device UsersKassem Fawaz, Kyu-Han Kim, Kang G. Shin. 1205-1221 [doi]
- Privacy in Epigenetics: Temporal Linkability of MicroRNA Expression ProfilesMichael Backes 0001, Pascal Berrang, Anna Hecksteden, Mathias Humbert, Andreas Keller, Tim Meyer. 1223-1240 [doi]