Abstract is missing.
- How Double-Fetch Situations turn into Double-Fetch Vulnerabilities: A Study of Double Fetches in the Linux KernelPengfei Wang, Jens Krinke, Kai Lu, Gen Li 0002, Steve Dodier-Lazaro. 1-16 [doi]
- Postmortem Program Analysis with Hardware-Enhanced Post-Crash ArtifactsJun Xu, Dongliang Mu, Xinyu Xing, Peng Liu 0005, Ping Chen, Bing Mao. 17-32 [doi]
- Ninja: Towards Transparent Tracing and Debugging on ARMZhenyu Ning, Fengwei Zhang. 33-49 [doi]
- Prime+Abort: A Timer-Free High-Precision L3 Cache Attack using Intel TSXCraig Disselkoen, David Kohlbrenner, Leo Porter, Dean M. Tullsen. 51-67 [doi]
- On the effectiveness of mitigations against floating-point timing channelsDavid Kohlbrenner, Hovav Shacham. 69-81 [doi]
- Constant-Time Callees with Variable-Time CallersCesar Pereida García, Billy Bob Brumley. 83-98 [doi]
- Neural Nets Can Learn Function Type Signatures From BinariesZheng-Leong Chua, Shiqi Shen, Prateek Saxena, Zhenkai Liang. 99-116 [doi]
- CAn't Touch This: Software-only Mitigation against Rowhammer Attacks targeting Kernel MemoryFerdinand Brasser, Lucas Davi, David Gens, Christopher Liebchen, Ahmad-Reza Sadeghi. 117-130 [doi]
- Efficient Protection of Path-Sensitive Control SecurityRen Ding, Chenxiong Qian, Chengyu Song, William Harris, Taesoo Kim, Wenke Lee. 131-148 [doi]
- Digtool: A Virtualization-Based Framework for Detecting Kernel VulnerabilitiesJianfeng Pan, Guanglu Yan, Xiaocao Fan. 149-165 [doi]
- kAFL: Hardware-Assisted Feedback Fuzzing for OS KernelsSergej Schumilo, Cornelius Aschermann, Robert Gawlik, Sebastian Schinzel, Thorsten Holz. 167-182 [doi]
- Venerable Variadic Vulnerabilities VanquishedPriyam Biswas, Alessandro Di Federico, Scott A. Carr, Prabhu Rajasekaran, Stijn Volckaert, Yeoul Na, Michael Franz, Mathias Payer. 186-198 [doi]
- Towards Practical Tools for Side Channel Aware Software Engineering: 'Grey Box' Modelling for Instruction LeakagesDavid McCann, Elisabeth Oswald, Carolyn Whitnall. 199-216 [doi]
- Strong and Efficient Cache Side-Channel Protection using Hardware Transactional MemoryDaniel Gruss, Julian Lettner, Felix Schuster, Olga Ohrimenko, István Haller, Manuel Costa. 217-233 [doi]
- CacheD: Identifying Cache-Based Timing Channels in Production SoftwareShuai Wang, Pei Wang, Xiao Liu, Danfeng Zhang, Dinghao Wu. 235-252 [doi]
- BinSim: Trace-based Semantic Binary Diffing via System Call Sliced Segment Equivalence CheckingJiang Ming, Dongpeng Xu, Yufei Jiang, Dinghao Wu. 253-270 [doi]
- PlatPal: Detecting Malicious Documents with Platform DiversityMeng Xu, Taesoo Kim. 271-287 [doi]
- Malton: Towards On-Device Non-Invasive Mobile Malware Analysis for ARTLei Xue, Yajin Zhou, Ting Chen, Xiapu Luo, Guofei Gu. 289-306 [doi]
- Global Measurement of DNS ManipulationPaul Pearce, Ben Jones, Frank Li, Roya Ensafi, Nick Feamster, Nick Weaver, Vern Paxson. 307-323 [doi]
- Characterizing the Nature and Dynamics of Tor Exit BlockingRachee Singh, Rishab Nithyanand, Sadia Afroz, Paul Pearce, Michael Carl Tschantz, Phillipa Gill, Vern Paxson. 325-341 [doi]
- DeTor: Provably Avoiding Geographic Regions in TorZhihao Li, Stephen Herwig, Dave Levin. 343-359 [doi]
- SmartAuth: User-Centered Authorization for the Internet of ThingsYuan Tian, Nan Zhang, Yue-Hsun Lin, Xiaofeng Wang, Blase Ur, Xianzheng Guo, Patrick Tague. 361-378 [doi]
- AWare: Preventing Abuse of Privacy-Sensitive Sensors via Operation BindingsGiuseppe Petracca, Ahmad Atamli-Reineh, Yuqiong Sun, Jens Grossklags, Trent Jaeger. 379-396 [doi]
- 6thSense: A Context-aware Sensor-based Attack Detector for Smart DevicesAmit Kumar Sikder, Hidayet Aksu, A. Selcuk Uluagac. 397-414 [doi]
- Identifier Binding Attacks and Defenses in Software-Defined NetworksSamuel Jero, William Koch, Richard Skowyra, Hamed Okhravi, Cristina Nita-Rotaru, David Bigelow. 415-432 [doi]
- HELP: Helper-Enabled In-Band Device Pairing Resistant Against Signal CancellationNirnimesh Ghose, Loukas Lazos, Ming Li. 433-450 [doi]
- Attacking the Brain: Races in the SDN Control PlaneLei Xu, Jeff Huang 0001, Sungmin Hong, Jialong Zhang, Guofei Gu. 451-468 [doi]
- Detecting Credential Spearphishing in Enterprise SettingsGrant Ho, Aashish Sharma, Mobin Javed, Vern Paxson, David A. Wagner 0001. 469-485 [doi]
- SLEUTH: Real-time Attack Scenario Reconstruction from COTS Audit DataMd Nahid Hossain, Sadegh M. Milajerdi, Junao Wang, Birhanu Eshete, Rigel Gjomemo, R. Sekar, Scott Stoller, V. N. Venkatakrishnan. 487-504 [doi]
- When the Weakest Link is Strong: Secure Collaboration in the Case of the Panama PapersSusan E. McGregor, Elizabeth Anne Watkins, Mahdi Nasrullah Al-Ameen, Kelly Caine, Franziska Roesner. 505-522 [doi]
- Hacking in Darkness: Return-oriented Programming against Secure EnclavesJae-Hyuk Lee, Jin Soo Jang, Yeongjin Jang, Nohyun Kwak, Yeseul Choi, Changho Choi, Taesoo Kim, Marcus Peinado, Brent ByungHoon Kang. 523-539 [doi]
- vTZ: Virtualizing ARM TrustZoneZhichao Hua, Jinyu Gu, Yubin Xia, Haibo Chen, Binyu Zang, Haibing Guan. 541-556 [doi]
- Inferring Fine-grained Control Flow Inside SGX Enclaves with Branch ShadowingSangho Lee 0001, Ming-Wei Shih, Prasun Gera, Taesoo Kim, Hyesoon Kim, Marcus Peinado. 557-574 [doi]
- AuthentiCall: Efficient Identity and Content Authentication for Phone CallsBradley Reaves, Logan Blue, Hadi Abdullah, Luis Vargas, Patrick Traynor, Thomas Shrimpton. 575-592 [doi]
- Picking Up My Tab: Understanding and Mitigating Synchronized Token Lifting and Spending in Mobile PaymentXiaolong Bai, Zhe Zhou, Xiaofeng Wang, Zhou Li, Xianghang Mi, Nan Zhang, Tongxin Li, Shi-Min Hu, Kehuan Zhang. 593-608 [doi]
- TrustBase: An Architecture to Repair and Strengthen Certificate-based AuthenticationMark O'Neill, Scott Heidbrink, Scott Ruoti, Jordan Whitehead, Dan Bunker, Luke Dickinson, Travis Hendershot, Joshua Reynolds, Kent E. Seamons, Daniel Zappala. 609-624 [doi]
- Transcend: Detecting Concept Drift in Malware Classification ModelsRoberto Jordaney, Kumar Sharad, Santanu Kumar Dash, Zhi Wang, Davide Papini, Ilia Nouretdinov, Lorenzo Cavallaro. 625-642 [doi]
- Syntia: Synthesizing the Semantics of Obfuscated CodeTim Blazytko, Moritz Contag, Cornelius Aschermann, Thorsten Holz. 643-659 [doi]
- Predicting the Resilience of Obfuscated Code Against Symbolic Execution Attacks via Machine LearningSebastian Banescu, Christian S. Collberg, Alexander Pretschner. 661-678 [doi]
- Extension Breakdown: Security Analysis of Browsers Extension Resources Control PoliciesIskander Sánchez-Rola, Igor Santos, Davide Balzarotti. 679-694 [doi]
- CCSP: Controlled Relaxation of Content Security Policies by Runtime Policy CompositionStefano Calzavara, Alvise Rabitti, Michele Bugliesi. 695-712 [doi]
- Same-Origin Policy: Evaluation in Modern BrowsersJörg Schwenk, Marcus Niemietz, Christian Mainka. 713-727 [doi]
- Locally Differentially Private Protocols for Frequency EstimationTianhao Wang, Jeremiah Blocki, Ninghui Li, Somesh Jha. 729-745 [doi]
- BLENDER: Enabling Local Search with a Hybrid Differential Privacy ModelBrendan Avent, Aleksandra Korolova, David Zeber, Torgeir Hovden, Benjamin Livshits. 747-764 [doi]
- Computer Security, Privacy, and DNA Sequencing: Compromising Computers with Synthesized DNA, Privacy Leaks, and MorePeter Ney, Karl Koscher, Lee Organick, Luis Ceze, Tadayoshi Kohno. 765-779 [doi]
- BootStomp: On the Security of Bootloaders in Mobile DevicesNilo Redini, Aravind Machiry, Dipanjan Das, Yanick Fratantonio, Antonio Bianchi, Eric Gustafson, Yan Shoshitaishvili, Christopher Kruegel, Giovanni Vigna. 781-798 [doi]
- Seeing Through The Same Lens: Introspecting Guest Address Space At Native SpeedSiqi Zhao, Xuhua Ding, Wen Xu, Dawu Gu. 799-813 [doi]
- Oscar: A Practical Page-Permissions-Based Scheme for Thwarting Dangling PointersThurston H. Y. Dang, Petros Maniatis, David A. Wagner 0001. 815-832 [doi]
- PDF Mirage: Content Masking Attack Against Information-Based Online ServicesIan D. Markwood, Dakun Shen, Yao Liu, Zhuo Lu. 833-847 [doi]
- Loophole: Timing Attacks on Shared Event Loops in ChromePepe Vila, Boris Köpf. 849-864 [doi]
- Game of Registrars: An Empirical Analysis of Post-Expiration Domain Name TakeoversTobias Lauinger, Abdelberi Chaabane, Ahmet Salih Buyukkayhan, Kaan Onarlioglu, William Robertson 0002. 865-880 [doi]
- Speeding up detection of SHA-1 collision attacks using unavoidable attack conditionsMarc Stevens, Daniel Shumow. 881-897 [doi]
- Phoenix: Rebirth of a Cryptographic Password-Hardening ServiceRussell W. F. Lai, Christoph Egger 0001, Dominique Schröder, Sherman S. M. Chow. 899-916 [doi]
- Vale: Verifying High-Performance Cryptographic Assembly CodeBarry Bond, Chris Hawblitzel, Manos Kapritsos, K. Rustan M. Leino, Jacob R. Lorch, Bryan Parno, Ashay Rane, Srinath T. V. Setty, Laure Thompson. 917-934 [doi]
- Exploring User Perceptions of Discrimination in Online Targeted AdvertisingAngelisa C. Plane, Elissa M. Redmiles, Michelle L. Mazurek, Michael Carl Tschantz. 935-951 [doi]
- Measuring the Insecurity of Mobile Deep Links of AndroidFang Liu, Chun Wang, Andres Pico, Danfeng Yao, Gang Wang. 953-969 [doi]
- How the Web Tangled Itself: Uncovering the History of Client-Side Web (In)SecurityBen Stock, Martin Johns, Marius Steffens, Michael Backes 0001. 971-987 [doi]
- Towards Efficient Heap Overflow DiscoveryXiangkun Jia, Chao Zhang, Purui Su, Yi Yang, Huafeng Huang, Dengguo Feng. 989-1006 [doi]
- DR. CHECKER: A Soundy Analysis for Linux Kernel DriversAravind Machiry, Chad Spensky, Jake Corina, Nick Stephens, Christopher Kruegel, Giovanni Vigna. 1007-1024 [doi]
- Dead Store Elimination (Still) Considered HarmfulZhaomo Yang, Brian Johannesmeyer, Anders Trier Olesen, Sorin Lerner, Kirill Levchenko. 1025-1040 [doi]
- Telling Your Secrets without Page Faults: Stealthy Page Table-Based Attacks on Enclaved ExecutionJo Van Bulck, Nico Weichbrodt, Rüdiger Kapitza, Frank Piessens, Raoul Strackx. 1041-1056 [doi]
- CLKSCREW: Exposing the Perils of Security-Oblivious Energy ManagementAdrian Tang, Simha Sethumadhavan, Salvatore J. Stolfo. 1057-1074 [doi]
- AutoLock: Why Cache Attacks on ARM Are Harder Than You ThinkMarc Green, Leandro Rodrigues Lima, Andreas Zankl, Gorka Irazoqui, Johann Heyszl, Thomas Eisenbarth. 1075-1091 [doi]
- Understanding the Mirai BotnetManos Antonakakis, Tim April, Michael Bailey, Matt Bernhard, Elie Bursztein, Jaime Cochran, Zakir Durumeric, J. Alex Halderman, Luca Invernizzi, Michalis Kallitsis, Deepak Kumar, Chaz Lever, Zane Ma, Joshua Mason, Damian Menscher, Chad Seaman, Nick Sullivan, Kurt Thomas, Yi Zhou. 1093-1110 [doi]
- MPI: Multiple Perspective Attack Investigation with Semantic Aware Execution PartitioningShiQing Ma, Juan Zhai, Fei Wang 0001, Kyu Hyung Lee, Xiangyu Zhang, Dongyan Xu. 1111-1128 [doi]
- Detecting Android Root Exploits by Learning from Root ProvidersIoannis Gasparis, Zhiyun Qian, Chengyu Song, Srikanth V. Krishnamurthy. 1129-1144 [doi]
- USB Snooping Made Easy: Crosstalk Leakage Attacks on USB HubsYang Su, Daniel Genkin, Damith Chinthana Ranasinghe, Yuval Yarom. 1145-1161 [doi]
- Reverse Engineering x86 Processor MicrocodePhilipp Koppe, Benjamin Kollenda, Marc Fyrbiak, Christian Kison, Robert Gawlik, Christof Paar, Thorsten Holz. 1163-1180 [doi]
- See No Evil, Hear No Evil, Feel No Evil, Print No Evil? Malicious Fill Patterns Detection in Additive ManufacturingChristian Bayens, Tuan Le, Luis Garcia, Raheem A. Beyah, Mehdi Javanmard, Saman A. Zonouz. 1181-1198 [doi]
- The Loopix Anonymity SystemAnia M. Piotrowska, Jamie Hayes, Tariq Elahi, Sebastian Meiser, George Danezis. 1199-1216 [doi]
- MCMix: Anonymous Messaging via Secure Multiparty ComputationNikolaos Alexopoulos, Aggelos Kiayias, Riivo Talviste, Thomas Zacharias 0001. 1217-1234 [doi]
- ORide: A Privacy-Preserving yet Accountable Ride-Hailing ServiceAnh Pham, Italo Dacosta, Guillaume Endignoux, Juan Ramón Troncoso-Pastoriza, Kévin Huguenin, Jean-Pierre Hubaux. 1235-1252 [doi]
- Adaptive Android Kernel Live PatchingYue Chen, Yulong Zhang, Zhi Wang, Liangzhao Xia, Chenfu Bao, Tao Wei. 1253-1270 [doi]
- CHAINIAC: Proactive Software-Update Transparency via Collectively Signed Skipchains and Verified BuildsKirill Nikitin, Eleftherios Kokoris-Kogias, Philipp Jovanovic, Nicolas Gailly, Linus Gasser, Ismail Khoffi, Justin Cappos, Bryan Ford. 1271-1287 [doi]
- ROTE: Rollback Protection for Trusted ExecutionSinisa Matetic, Mansoor Ahmed, Kari Kostiainen, Aritra Dhar, David Sommer, Arthur Gervais, Ari Juels, Srdjan Capkun. 1289-1306 [doi]
- A Longitudinal, End-to-End View of the DNSSEC EcosystemTaejoong Chung, Roland van Rijswijk-Deij, Balakrishnan Chandrasekaran 0002, David R. Choffnes, Dave Levin, Bruce M. Maggs, Alan Mislove, Christo Wilson. 1307-1322 [doi]
- Measuring HTTPS Adoption on the WebAdrienne Porter Felt, Richard Barnes, April King, Chris Palmer, Chris Bentzel, Parisa Tabriz. 1323-1338 [doi]
- "I Have No Idea What I'm Doing" - On the Usability of Deploying HTTPSKatharina Krombholz, Wilfried Mayer, Martin Schmiedecker, Edgar R. Weippl. 1339-1356 [doi]
- Beauty and the Burst: Remote Identification of Encrypted Video StreamsRoei Schuster, Vitaly Shmatikov, Eran Tromer. 1357-1374 [doi]
- Walkie-Talkie: An Efficient Defense Against Passive Website Fingerprinting AttacksTao Wang, Ian Goldberg. 1375-1390 [doi]
- A Privacy Analysis of Cross-device TrackingSebastian Zimmeck, Jie S. Li, HyungTae Kim, Steven M. Bellovin, Tony Jebara. 1391-1408 [doi]
- SmartPool: Practical Decentralized Pooled MiningLoi Luu, Yaron Velner, Jason Teutsch, Prateek Saxena. 1409-1426 [doi]
- REM: Resource-Efficient Mining for BlockchainsFan Zhang, Ittay Eyal, Robert Escriva, Ari Juels, Robbert van Renesse. 1427-1444 [doi]
- Ensuring Authorized Updates in Multi-user Database-Backed ApplicationsKevin Eykholt, Atul Prakash, Barzan Mozafari. 1445-1462 [doi]
- Qapla: Policy compliance for database-backed systemsAastha Mehta, Eslam Elnikety, Katura Harvey, Deepak Garg 0001, Peter Druschel. 1463-1479 [doi]