Abstract is missing.
- The Second Crypto War - What's Different NowSusan Landau 0001. [doi]
- Fear the Reaper: Characterization and Fast Detection of Card SkimmersNolen Scaife, Christian Peeters, Patrick Traynor. 1-14 [doi]
- BlackIoT: IoT Botnet of High Wattage Devices Can Disrupt the Power GridSaleh Soltan, Prateek Mittal, H. Vincent Poor. 15-32 [doi]
- Skill Squatting Attacks on Amazon AlexaDeepak Kumar, Riccardo Paccagnella, Paul Murley, Eric Hennenfent, Joshua Mason, Adam M. Bates, Michael Bailey. 33-47 [doi]
- CommanderSong: A Systematic Approach for Practical Adversarial Voice RecognitionXuejing Yuan, Yuxuan Chen, Yue Zhao, Yunhui Long, Xiaokang Liu, Kai Chen 0012, Shengzhi Zhang, Heqing Huang, Xiaofeng Wang 0006, Carl A. Gunter. 49-64 [doi]
- ACES: Automatic Compartments for Embedded SystemsAbraham A. Clements, Naif Saleh Almakhdhub, Saurabh Bagchi, Mathias Payer. 65-82 [doi]
- IMIX: In-Process Memory Isolation EXtensionTommaso Frassetto, Patrick Jauernig, Christopher Liebchen, Ahmad-Reza Sadeghi. 83-97 [doi]
- HeapHopper: Bringing Bounded Model Checking to Heap Implementation SecurityMoritz Eckert, Antonio Bianchi, Ruoyu Wang 0001, Yan Shoshitaishvili, Christopher Kruegel, Giovanni Vigna. 99-116 [doi]
- Guarder: A Tunable Secure AllocatorSam Silvestro, Hongyu Liu, Tianyi Liu, Zhiqiang Lin, Tongping Liu. 117-133 [doi]
- Fp-Scanner: The Privacy Implications of Browser Fingerprint InconsistenciesAntoine Vastel, Pierre Laperdrix, Walter Rudametkin, Romain Rouvoy. 135-150 [doi]
- Who Left Open the Cookie Jar? A Comprehensive Evaluation of Third-Party Cookie PoliciesGertjan Franken, Tom van Goethem, Wouter Joosen. 151-168 [doi]
- Effective Detection of Multimedia Protocol Tunneling using Machine LearningDiogo Barradas, Nuno Santos 0001, Luís Rodrigues. 169-185 [doi]
- Quack: Scalable Remote Measurement of Application-Layer CensorshipBenjamin VanderSloot, Allison McDonald, Will Scott, J. Alex Halderman, Roya Ensafi. 187-202 [doi]
- Better managed than memorized? Studying the Impact of Managers on Password Strength and ReuseSanam Ghorbani Lyastani, Michael Schilling, Sascha Fahl, Michael Backes 0001, Sven Bugiel. 203-220 [doi]
- Forgetting of Passwords: Ecological Theory and DataXianyi Gao, Yulong Yang, Can Liu, Christos Mitropoulos, Janne Lindqvist, Antti Oulasvirta. 221-238 [doi]
- The Rewards and Costs of Stronger Passwords in a University: Linking Password Lifetime to StrengthIngolf Becker, Simon Parkin, M. Angela Sasse. 239-253 [doi]
- Rethinking Access Control and Authentication for the Home Internet of Things (IoT)Weijia He, Maximilian Golla, Roshni Padhi, Jordan Ofek, Markus Dürmuth, Earlence Fernandes, Blase Ur. 255-272 [doi]
- ATtention Spanned: Comprehensive Vulnerability Analysis of AT Commands Within the Android EcosystemDave (Jing) Tian, Grant Hernandez, Joseph I. Choi, Vanessa Frost, Christie Raules, Patrick Traynor, Hayawardh Vijayakumar, Lee Harrison, Amir Rahmati, Michael Grace, Kevin R. B. Butler. 273-290 [doi]
- Charm: Facilitating Dynamic Analysis of Device Drivers of Mobile SystemsSeyed Mohammadjavad Seyed Talebi, Hamid Tavakoli, Hang Zhang, Zheng Zhang, Ardalan Amiri Sani, Zhiyun Qian. 291-307 [doi]
- Inception: System-Wide Security Testing of Real-World Embedded Systems SoftwareNassim Corteggiani, Giovanni Camurati, Aurélien Francillon. 309-326 [doi]
- Acquisitional Rule-based Engine for Discovering Internet-of-Thing DevicesXuan Feng, Qiang Li 0007, Haining Wang, Limin Sun. 327-341 [doi]
- A Sense of Time for JavaScript and Node.js: First-Class Timeouts as a Cure for Event Handler PoisoningJames C. Davis, Eric R. Williamson, Dongyoon Lee. 343-359 [doi]
- Freezing the Web: A Study of ReDoS Vulnerabilities in JavaScript-based Web ServersCristian-Alexandru Staicu, Michael Pradel. 361-376 [doi]
- NAVEX: Precise and Scalable Exploit Generation for Dynamic Web ApplicationsAbeer Alhuzali, Rigel Gjomemo, Birhanu Eshete, V. N. Venkatakrishnan. 377-392 [doi]
- Rampart: Protecting Web Applications from CPU-Exhaustion Denial-of-Service AttacksWei Meng 0001, Chenxiong Qian, Shuang Hao, Kevin Borgolte, Giovanni Vigna, Christopher Kruegel, Wenke Lee. 393-410 [doi]
- How Do Tor Users Interact With Onion Services?Philipp Winter, Anne Edmundson, Laura M. Roberts, Agnieszka Dutkowska-Zuk, Marshini Chetty, Nick Feamster. 411-428 [doi]
- Towards Predicting Efficient and Anonymous Tor CircuitsArmon Barton, Matthew Wright 0001, Jiang Ming 0002, Mohsen Imani. 429-444 [doi]
- BurnBox: Self-Revocable Encryption in a World Of Compelled AccessNirvan Tyagi, Muhammad Haris Mughees, Thomas Ristenpart, Ian Miers. 445-461 [doi]
- An Empirical Analysis of Anonymity in ZcashGeorge Kappos, Haaroon Yousaf, Mary Maller, Sarah Meiklejohn. 463-477 [doi]
- Unveiling and Quantifying Facebook Exploitation of Sensitive Personal Data for Advertising PurposesJosé González Cabañas, Ángel Cuevas, Rubén Cuevas. 479-495 [doi]
- Analysis of Privacy Protections in Fitness Tracking Social Networks -or- You can run, but can you hide?Wajih Ul Hassan, Saad Hussain, Adam M. Bates. 497-512 [doi]
- AttriGuard: A Practical Defense Against Attribute Inference Attacks via Adversarial Machine LearningJinyuan Jia, Neil Zhenqiang Gong. 513-529 [doi]
- Polisis: Automated Analysis and Presentation of Privacy Policies Using Deep LearningHamza Harkous, Kassem Fawaz, Rémi Lebret, Florian Schaub, Kang G. Shin, Karl Aberer. 531-548 [doi]
- Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration ChannelsDamian Poddebniak, Christian Dresen, Jens Müller 0007, Fabian Ising, Sebastian Schinzel, Simon Friedberger, Juraj Somorovsky, Jörg Schwenk. 549-566 [doi]
- The Dangers of Key Reuse: Practical Attacks on IPsec IKEDennis Felsch, Martin Grothe, Jörg Schwenk, Adam Czubak, Marcin Szymanek. 567-583 [doi]
- One&Done: A Single-Decryption EM-Based Attack on OpenSSL's Constant-Time Blinded RSAMonjur Alam, Haider A. Khan, Moumita Dey, Nishith Sinha, Robert Locke Callan, Alenka G. Zajic, Milos Prvulovic. 585-602 [doi]
- DATA - Differential Address Trace Analysis: Finding Address-based Side-Channels in BinariesSamuel Weiser, Andreas Zankl, Raphael Spreitzer, Katja Miller, Stefan Mangard, Georg Sigl. 603-620 [doi]
- The Battle for New York: A Case Study of Applied Digital Threat Modeling at the Enterprise LevelRock Stevens, Daniel Votipka, Elissa M. Redmiles, Colin Ahern, Patrick Sweeney, Michelle L. Mazurek. 621-637 [doi]
- SAQL: A Stream-based Query System for Real-Time Abnormal System Behavior DetectionPeng Gao, Xusheng Xiao, Ding Li, Zhichun Li, Kangkook Jee, Zhenyu Wu, Chung Hwan Kim, Sanjeev R. Kulkarni, Prateek Mittal. 639-656 [doi]
- Practical Accountability of Secret ProcessesJonathan Frankle, Sunoo Park, Daniel Shaar, Shafi Goldwasser, Daniel J. Weitzner. 657-674 [doi]
- DIZK: A Distributed Zero Knowledge Proof SystemHoward Wu, Wenting Zheng, Alessandro Chiesa, Raluca Ada Popa, Ion Stoica. 675-692 [doi]
- NetHide: Secure and Practical Network Topology ObfuscationRoland Meier, Petar Tsankov, Vincent Lenders, Laurent Vanbever, Martin T. Vechev. 693-709 [doi]
- Towards a Secure Zero-rating Framework with Three PartiesZhiheng Liu, Zhen Zhang, Yinzhi Cao, Zhaohan Xi, Shihao Jing, Humberto La Roche. 711-728 [doi]
- MoonShine: Optimizing OS Fuzzer Seed Selection with Trace DistillationShankara Pailoor, Andrew Aday, Suman Jana. 729-743 [doi]
- QSYM : A Practical Concolic Execution Engine Tailored for Hybrid FuzzingInsu Yun, Sangho Lee 0001, Meng Xu, Yeongjin Jang, Taesoo Kim. 745-761 [doi]
- Automatic Heap Layout Manipulation for ExploitationSean Heelan, Tom Melham, Daniel Kroening. 763-779 [doi]
- FUZE: Towards Facilitating Exploit Generation for Kernel Use-After-Free VulnerabilitiesWei Wu, Yueqi Chen, Jun Xu 0024, Xinyu Xing, Xiaorui Gong, Wei Zou. 781-797 [doi]
- The Secure Socket API: TLS as an Operating System ServiceMark O'Neill, Scott Heidbrink, Jordan Whitehead, Tanner Perdue, Luke Dickinson, Torstein Collett, Nick Bonner, Kent E. Seamons, Daniel Zappala. 799-816 [doi]
- Return Of Bleichenbacher's Oracle Threat (ROBOT)Hanno Böck, Juraj Somorovsky, Craig Young. 817-849 [doi]
- Bamboozling Certificate Authorities with BGPHenry Birge-Lee, Yixin Sun, Anne Edmundson, Jennifer Rexford, Prateek Mittal. 833-849 [doi]
- The Broken Shield: Measuring Revocation Effectiveness in the Windows Code-Signing PKIDoowon Kim, Bum Jun Kwon, Kristián Kozák, Christopher Gates 0002, Tudor Dumitras. 851-868 [doi]
- Debloating Software through Piece-Wise Compilation and LoadingAnh Quach, Aravind Prakash, Lok-Kwong Yan. 869-886 [doi]
- Precise and Accurate Patch Presence Test for BinariesHang Zhang, Zhiyun Qian. 887-902 [doi]
- From Patching Delays to Infection Symptoms: Using Risk Profiles for an Early Discovery of Vulnerabilities Exploited in the WildChaowei Xiao, Armin Sarabi, Yang Liu, Bo Li, Mingyan Liu, Tudor Dumitras. 903-918 [doi]
- Understanding the Reproducibility of Crowd-reported Security VulnerabilitiesDongliang Mu, Alejandro Cuevas, Limin Yang, Hang Hu 0002, Xinyu Xing, Bing Mao, Gang Wang 0011. 919-936 [doi]
- Malicious Management Unit: Why Stopping Cache Attacks in Software is Harder Than You ThinkStephan van Schaik, Cristiano Giuffrida, Herbert Bos, Kaveh Razavi. 937-954 [doi]
- Translation Leak-aside Buffer: Defeating Cache Side-channel Protections with TLB AttacksBen Gras, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida. 955-972 [doi]
- Meltdown: Reading Kernel Memory from User SpaceMoritz Lipp, Michael Schwarz 0001, Daniel Gruss, Thomas Prescher 0002, Werner Haas, Anders Fogh, Jann Horn, Stefan Mangard, Paul Kocher, Daniel Genkin, Yuval Yarom, Mike Hamburg. 973-990 [doi]
- Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order ExecutionJo Van Bulck, Marina Minkin, Ofir Weisse, Daniel Genkin, Baris Kasikci, Frank Piessens, Mark Silberstein, Thomas F. Wenisch, Yuval Yarom, Raoul Strackx. 991-1008 [doi]
- Plug and Prey? Measuring the Commoditization of Cybercrime via Online Anonymous MarketsRolf van Wegberg, Samaneh Tajalizadehkhoob, Kyle Soska, Ugur Akyazi, Carlos Hernandez Gañán, Bram Klievink, Nicolas Christin, Michel van Eeten. 1009-1026 [doi]
- Reading Thieves' Cant: Automatically Identifying and Understanding Dark Jargons from Cybercrime MarketplacesKan Yuan, Haoran Lu, Xiaojing Liao, Xiaofeng Wang 0001. 1027-1041 [doi]
- Schrödinger's RAT: Profiling the Stakeholders in the Remote Access Trojan EcosystemMohammad Rezaeirad, Brown Farinholt, Hitesh Dharmdasani, Paul Pearce, Kirill Levchenko, Damon McCoy. 1043-1060 [doi]
- The aftermath of a crypto-ransomware attack at a large academic institutionLeah Zhang-Kennedy, Hala Assal, Jessica N. Rocheleau, Reham Mohamed, Khadija Baig, Sonia Chiasson. 1061-1078 [doi]
- We Still Don't Have Secure Cross-Domain Requests: an Empirical Study of CORSJianjun Chen, Jian Jiang, Hai-Xin Duan, Tao Wan, Shuo Chen, Vern Paxson, Min Yang 0002. 1079-1093 [doi]
- End-to-End Measurements of Email Spoofing AttacksHang Hu 0002, Gang Wang 0011. 1095-1112 [doi]
- Who Is Answering My Queries: Understanding and Characterizing Interception of the DNS Resolution PathBaojun Liu, Chaoyi Lu, Hai-Xin Duan, Ying Liu, Zhou Li, Shuang Hao, Min Yang 0002. 1113-1128 [doi]
- End-Users Get Maneuvered: Empirical Analysis of Redirection Hijacking in Content Delivery NetworksShuai Hao, Yubao Zhang, Haining Wang, Angelos Stavrou. 1129-1145 [doi]
- SAD THUG: Structural Anomaly Detection for Transmissions of High-value Information Using GraphicsJonathan P. Chapman. 1147-1164 [doi]
- FANCI : Feature-based Automated NXDomain Classification and IntelligenceSamuel Schüppen, Dominik Teubert, Patrick Herrmann, Ulrike Meyer. 1165-1181 [doi]
- An Empirical Study of Web Resource Manipulation in Real-world Mobile ApplicationsXiaohan Zhang, Yuan Zhang, Qianqian Mo, Hao Xia, Zhemin Yang, Min Yang 0002, Xiaofeng Wang 0006, Long Lu, Hai-Xin Duan. 1183-1198 [doi]
- Fast and Service-preserving Recovery from Malware Infections Using CRIUAshton Webster, Ryan Eckenrod, James Purtilo. 1199-1211 [doi]
- The Guard's Dilemma: Efficient Code-Reuse Attacks Against Intel SGXAndrea Biondo, Mauro Conti, Lucas Davi, Tommaso Frassetto, Ahmad-Reza Sadeghi. 1213-1227 [doi]
- A Bad Dream: Subverting Trusted Platform Module While You Are SleepingSeunghun Han, Wook Shin, Jun-Hyeok Park, Hyoung-Chun Kim. 1229-1246 [doi]
- Tackling runtime-based obfuscation in Android with TIROMichelle Y. Wong, David Lie. 1247-1262 [doi]
- Discovering Flaws in Security-Focused Static Analysis Tools for Android using Systematic MutationRichard Bonett, Kaushal Kafle, Kevin Moran, Adwait Nadkarni, Denys Poshyvanyk. 1263-1280 [doi]
- With Great Training Comes Great Vulnerability: Practical Attacks against Transfer LearningBolun Wang, Yuanshun Yao, Bimal Viswanath, Haitao Zheng, Ben Y. Zhao. 1281-1297 [doi]
- When Does Machine Learning FAIL? Generalized Transferability for Evasion and Poisoning AttacksOctavian Suciu, Radu Marginean, Yigitcan Kaya, Hal Daumé III, Tudor Dumitras. 1299-1316 [doi]
- teEther: Gnawing at Ethereum to Automatically Exploit Smart ContractsJohannes Krupp, Christian Rossow. 1317-1333 [doi]
- Enter the Hydra: Towards Principled Bug Bounties and Exploit-Resistant Smart ContractsLorenz Breidenbach, Philip Daian, Florian Tramèr, Ari Juels. 1335-1352 [doi]
- Arbitrum: Scalable, private smart contractsHarry A. Kalodner, Steven Goldfeder, Xiaoqi Chen, S. Matthew Weinberg, Edward W. Felten. 1353-1370 [doi]
- Erays: Reverse Engineering Ethereum's Opaque Smart ContractsYi Zhou, Deepak Kumar, Surya Bakshi, Joshua Mason, Andrew Miller, Michael Bailey. 1371-1385 [doi]
- DelegaTEE: Brokered Delegation Using Trusted Execution EnvironmentsSinisa Matetic, Moritz Schneider, Andrew Miller, Ari Juels, Srdjan Capkun. 1387-1403 [doi]
- Simple Password-Hardened Encryption ServicesRussell W. F. Lai, Christoph Egger 0001, Manuel Reinert, Sherman S. M. Chow, Matteo Maffei, Dominique Schröder. 1405-1421 [doi]
- Security Namespace: Making Linux Security Frameworks Available to ContainersYuqiong Sun, David Safford, Mimi Zohar, Dimitrios Pendarakis, Zhongshu Gu, Trent Jaeger. 1423-1439 [doi]
- Shielding Software From Privileged Side-Channel AttacksXiaowan Dong, Zhuojia Shen, John Criswell, Alan L. Cox, Sandhya Dwarkadas. 1441-1458 [doi]
- Vetting Single Sign-On SDK Implementations via Symbolic ReasoningRonghai Yang, Wing Cheong Lau, Jiongyi Chen, Kehuan Zhang. 1459-1474 [doi]
- O Single Sign-Off, Where Art Thou? An Empirical Analysis of Single Sign-On Account Hijacking and Session Management on the WebMohammad Ghasemisharif, Amrutha Ramesh, Stephen Checkoway, Chris Kanich, Jason Polakis. 1475-1492 [doi]
- WPSE: Fortifying Web Protocols via Browser-Side Security MonitoringStefano Calzavara, Riccardo Focardi, Matteo Maffei, Clara Schneidewind, Marco Squarcina, Mauro Tempesta. 1493-1510 [doi]
- Man-in-the-Machine: Exploiting Ill-Secured Communication Inside the ComputerThanh Bui, Siddharth Prakash Rao, Markku Antikainen, Viswanathan Manihatty Bojan, Tuomas Aura. 1511-1525 [doi]
- All Your GPS Are Belong To Us: Towards Stealthy Manipulation of Road Navigation SystemsKexiong (Curtis) Zeng, Shinan Liu, Yuanchao Shu, Dong Wang, Haoyu Li, Yanzhi Dou, Gang Wang 0011, Yaling Yang. 1527-1544 [doi]
- Injected and Delivered: Fabricating Implicit Control over Actuation Systems by Spoofing Inertial SensorsYazhou Tu, Zhiqiang Lin, Insup Lee, Xiali Hei. 1545-1562 [doi]
- Modelling and Analysis of a Hierarchy of Distance Bounding AttacksTom Chothia, Joeri de Ruiter, Ben Smyth. 1563-1580 [doi]
- Off-Path TCP Exploit: How Wireless Routers Can Jeopardize Your SecretsWeiteng Chen, Zhiyun Qian. 1581-1598 [doi]
- Formal Security Analysis of Neural Networks using Symbolic IntervalsShiqi Wang, Kexin Pei, Justin Whitehouse, Junfeng Yang, Suman Jana. 1599-1614 [doi]
- Turning Your Weakness Into a Strength: Watermarking Deep Neural Networks by BackdooringYossi Adi, Carsten Baum, Moustapha Cissé, Benny Pinkas, Joseph Keshet. 1615-1631 [doi]
- A4NT: Author Attribute Anonymity by Adversarial Training of Neural Machine TranslationRakshith Shetty, Bernt Schiele, Mario Fritz. 1633-1650 [doi]
- GAZELLE: A Low Latency Framework for Secure Neural Network InferenceChiraag Juvekar, Vinod Vaikuntanathan, Anantha Chandrakasan. 1651-1669 [doi]
- FlowCog: Context-aware Semantics Extraction and Analysis of Information Flow Leaks in Android AppsXiang Pan, Yinzhi Cao, Xuechao Du, Boyuan He, Gan Fang, Rui Shao, Yan Chen 0004. 1669-1685 [doi]
- Sensitive Information Tracking in Commodity IoTZ. Berkay Celik, Leonardo Babun, Amit Kumar Sikder, Hidayet Aksu, Gang Tan, Patrick D. McDaniel, A. Selcuk Uluagac. 1687-1704 [doi]
- Enabling Refinable Cross-Host Attack Investigation with Efficient Data Flow Tagging and TrackingYang Ji, Sangho Lee 0001, Mattia Fazzini, Joey Allen, Evan Downing, Taesoo Kim, Alessandro Orso, Wenke Lee. 1705-1722 [doi]
- Dependence-Preserving Data Compaction for Scalable Forensic AnalysisMd Nahid Hossain, Junao Wang, R. Sekar, Scott D. Stoller. 1723-1740 [doi]