MAY 22-24, 2017 AT THE FAIRMONT HOTEL, SAN JOSE, CA

38th IEEE Symposium on
Security and Privacy

   Register

Agenda


May 21


Registration and Reception

04:00PM - 07:00PM

May 22


Registration

07:00AM - 05:00PM

Breakfast

07:30AM - 08:30AM

Opening Remarks

08:30AM - 08:40AM

Session #1: Privacy and Learning

08:40AM - 10:20AM

Membership Inference Attacks against Machine Learning Models
Reza Shokri (Cornell Tech), Marco Stronati (INRIA), Congzheng Song (Cornell), Vitaly Shmatikov (Cornell Tech)
SecureML: A System for Scalable Privacy-Preserving Machine Learning
Payman Mohassel (Visa Research), Yupeng Zhang (University of Maryland)
Towards Evaluating the Robustness of Neural Networks
Nicholas Carlini (University of California, Berkeley), David Wagner (University of California, Berkeley)
Is Interaction Necessary for Distributed Private Learning?
Adam Smith (Pennsylvania State University), Abhradeep Thakurta (University of California Santa Cruz), Jalaj Upadhyay (Pennsylvania State University)
Pyramid: Enhancing Selectivity in Big Data Protection with Count Featurization
Mathias Lecuyer (Columbia University), Riley Spahn (Columbia University), Roxana Geambasu (Columbia University), Tzu-Kuo Huang (Uber Advanced Technologies Group), Siddhartha Sen (Microsoft Research)

Break (40 Minutes)

10:20AM - 11:00AM

Session #2: Getting Security Right

11:00AM - 12:40PM

SoK: Science, Security, and the Elusive Goal of Security as a Scientific Pursuit
Cormac Herley (Microsoft Research, USA), Paul C. van Oorschot (Carleton University, Canada)
Stack Overflow Considered Harmful? The Impact of Copy&Paste on Android Application Security
Felix Fischer (AISEC, Fraunhofer), Konstantin Böttinger (AISEC, Fraunhofer), Huang Xiao (AISEC, Fraunhofer), Christian Stransky (CISPA, Saarland University), Yasemin Acar (CISPA, Saarland University), Michael Backes (CISPA, Saarland University & MPI-SWS), Sascha Fahl (CISPA, Saarland University)
Obstacles to the Adoption of Secure Communication Tools
Ruba Abu-Salma (University College London (UCL), UK), M. Angela Sasse (University College London (UCL), UK), Joseph Bonneau (Stanford University & Electronic Frontier Foundation (EFF), USA), Anastasia Danilova (University of Bonn, Germany), Alena Naiakshina (University of Bonn, Germany), Matthew Smith (University of Bonn, Germany)
Comparing the Usability of Cryptographic APIs
Yasemin Acar (CISPA, Saarland University), Michael Backes (CISPA, Saarland University & MPI-SWS), Sascha Fahl (CISPA, Saarland University), Simson Garfinkel (National Institute of Standards and Technology), Doowon Kim (University of Maryland), Michelle Mazurek (University of Maryland), Christian Stransky (CISPA, Saarland University)
SoK: Cryptographically Protected Database Search
Benjamin Fuller (University of Connecticut), Mayank Varia (Boston University), Arkady Yerukhimovich (MIT Lincoln Laboratory), Emily Shen (MIT Lincoln Laboratory), Ariel Hamlin (MIT Lincoln Laboratory), Vijay Gadepally (MIT Lincoln Laboratory), Richard Shay (MIT Lincoln Laboratory), John Darby Mitchell (MIT Lincoln Laboratory), Robert K. Cunningham (MIT Lincoln Laboratory)

Lunch

12:40PM - 01:40PM

Session #3: Attacks

01:40PM - 03:20PM

IoT Goes Nuclear: Creating a Zigbee Chain Reaction
Eyal Ronen (Weizmann Institute of Science), Colin O’Flynn (Dalhousie University), Adi Shamir (Weizmann Institute of Science), Achi-Or Weingarten (Weizmann Institute of Science)
SoK: Exploiting Network Printers
Jens Müller (Horst Görtz Institute for IT-Security, Ruhr University Bochum ), Vladislav Mladenov (Horst Görtz Institute for IT-Security, Ruhr University Bochum), Juraj Somorovsky (Horst Görtz Institute for IT-Security, Ruhr University Bochum), Jörg Schwenk (Horst Görtz Institute for IT-Security, Ruhr University Bochum)
How They Did It: An Analysis of Emission Defeat Devices in Modern Automobiles
Moritz Contag (Ruhr University Bochum), Guo Li (University of California, San Diego), Andre Pawlowski (Ruhr University Bochum), Felix Domke, Kirill Levchenko (University of California, San Diego), Thorsten Holz (Ruhr University Bochum), Stefan Savage (University of California, San Diego)
The Password Reset MitM Attack
Nethanel Gelernter (Cyberpion & The College of Management Academic Studies), Senia Kalma (The College of Management Academic Studies), Bar Magnezi (The College of Management Academic Studies), Hen Porcilan (The College of Management Academic Studies)
An Experimental Security Analysis of an Industrial Robot Controller
Davide Quarta (Politecnico di Milano), Marcello Pogliani (Politecnico di Milano), Mario Polino (Politecnico di Milano), Federico Maggi (Trend Micro Inc.), Andrea Maria Zanchettin (Politecnico di Milano), Stefano Zanero (Politecnico di Milano)

Break (30 Minutes)

03:20PM - 03:50PM

Session #4: Systems Security and Authentication

03:50PM - 05:30PM

Protecting Bare-metal Embedded Systems with Privilege Overlays
Abraham A Clements (Purdue and Sandia National Labs), Naif Saleh Almakhdhub (Purdue), Khaled Saab (Georgia Institute of Technology), Prashast Srivastava (Purdue), Jinkyu Koo (Purdue), Saurabh Bagchi (Purdue), Mathias Payer (Purdue)
Norax: Enabling Execute-Only Memory for COTS Binaries on AArch64
Yaohui Chen (Stony Brook University), Dongli Zhang (Stony Brook University), Ruowen Wang (Samsung Research America), Rui Qiao (Stony Brook University), Ahmed M. Azab (Samsung Research America), Long Lu (Stony Brook University), Hayawardh Vijayakumar (Samsung Research America), Wenbo Shen (Samsung Research America)
Securing Augmented Reality Output
Kiron Lebeck (University of Washington), Kimberly Ruth (University of Washington), Tadayoshi Kohno (University of Washington), Franziska Roesner (University of Washington)
SysPal:System-guided Pattern Locks for Android
Geumhwan Cho (Sungkyunkwan University), Jun Ho Huh (Software R&D Center, Samsung Electronics), Junsung Cho (Sungkyunkwan University), Seongyeol Oh (Sungkyunkwan University), Youngbae Song (Sungkyunkwan University), Hyoungshick Kim (Sungkyunkwan University)
Multi-touch Authentication Using Hand Geometry and Behavioral Information
Yunpeng Song (Xi'an Jiaotong University), Zhongmin Cai (Xi'an Jiaotong University), ZhiLi Zhang (University of Minnesota)

Poster Reception

05:30PM - 07:30PM

May 23


Registration

07:00AM - 05:00PM

Breakfast

07:30AM - 08:30AM

Awards

08:30AM - 08:40AM

Session #5: Bitcoin and Distributed Systems

08:40AM - 10:20AM

Hijacking Bitcoin: Routing Attacks on Cryptocurrencies
Maria Apostolaki (ETH Zürich), Aviv Zohar (Hebrew University), Laurent Vanbever (ETH Zürich)
Catena: Efficient Non-equivocation via Bitcoin
Alin Tomescu (MIT), Srinivas Devadas (MIT)
IKP: Turning a PKI Around with Decentralized Automated Incentives
Stephanos Matsumoto (Carnegie Mellon University/ETH Zurich), Raphael M. Reischuk (ETH Zurich)
Augur: Internet-Wide Detection of Connectivity Disruptions
Paul Pearce (UC Berkeley), Roya Ensafi (Princeton), Frank Li (UC Berkeley), Nick Feamster (Princeton), Vern Paxson (UC Berkeley)
Scalable Bias-Resistant Distributed Randomness
Ewa Syta (Trinity College), Philipp Jovanovic (École Polytechnique Fédérale de Lausanne), Eleftherios Kokoris Kogias (École Polytechnique Fédérale de Lausanne), Nicolas Gailly (École Polytechnique Fédérale de Lausanne), Linus Gasser (École Polytechnique Fédérale de Lausanne), Ismail Khoffi (École Polytechnique Fédérale de Lausanne), Michael J. Fischer (Yale University), Bryan Ford (École Polytechnique Fédérale de Lausanne)

Break (30 Minutes)

10:20AM - 10:50AM

Session #6: TLS Session Security

10:50AM - 12:30PM

Implementing and Proving the TLS 1.3 Record Layer
Karthikeyan Bhargavan (Inria Paris-Rocquencourt), Antoine Delignat-Lavaud (Microsoft Research), Cédric Fournet (Microsoft Research), Markulf Kohlweiss (Microsoft Research), Jianyang Pan (Inria Paris-Rocquencourt), Jonathan Protzenko (Microsoft Research), Aseem Rastogi (Microsoft Research), Nikhil Swamy (Microsoft Research), Santiago Zanella-Béguelin (Microsoft Research), Jean Karim Zinzindohoué (Inria Paris-Rocquencourt)
Verified Models and Reference Implementations for the TLS 1.3 Standard Candidate
Karthikeyan Bhargavan (INRIA), Bruno Blanchet (INRIA), Nadim Kobeissi (INRIA)
SymCerts: Practical Symbolic Execution For Exposing Noncompliance in X.509 Certificate Validation Implementations
Sze Yiu Chau (Purdue University), Omar Chowdhury (The University of Iowa), Endadul Hoque (Purdue University), Huangyi Ge (Purdue University), Aniket Kate (Purdue University), Cristina Nita-Rotaru (Northeastern University), Ninghui Li (Purdue University)
HVLearn: Automated Black-box Analysis of Hostname Verification in SSL/TLS Implementations
Suphannee Sivakorn (Columbia University), George Argyros (Columbia University), Kexin Pei (Columbia University), Angelos D. Keromytis (Columbia University), Suman Jana (Columbia University)
CRLite: A Scalable System for Pushing All TLS Revocations to All Browsers
James Larisch (Northeastern University), David Choffnes (Northeastern University), Dave Levin (University of Maryland), Bruce M. Maggs (Duke University and Akamai Technologies), Alan Mislove (Northeastern University), Christo Wilson (Northeastern University)

Lunch

12:30PM - 01:30PM

Session #7: Software Security

01:30PM - 03:10PM

Finding and Preventing Bugs in JavaScript Bindings
Fraser Brown (Stanford University), Shravan Narayan (UCSD), Riad S. Wahby (Stanford University), Dawson Engler (Stanford University), Ranjit Jhala (UCSD), Deian Stefan (UCSD)
Skyfire: Data-Driven Seed Generation for Fuzzing
Junjie WANG (Nanyang Technological University), Bihuan CHEN (Nanyang Technological University), Lei WEI (Nanyang Technological University), Yang LIU (Nanyang Technological University)
VUDDY: A Scalable Approach for Vulnerable Code Clone Discovery
Seulbae Kim (Korea University), Seunghoon Woo (Korea University), Heejo Lee (Korea University), Hakjoo Oh (Korea University)
NEZHA: Efficient Domain-independent Differential Testing
Theofilos Petsios (Columbia University), Adrian Tang (Columbia University), Salvatore Stolfo (Columbia University), Angelos D. Keromytis (Columbia University), Suman Jana (Columbia University)
Backward-bounded DSE: Targeting Infeasibility Questions on Obfuscated Codes
Sébastien Bardin (CEA LIST), Robin David (CEA LIST), Jean-Yves Marion (LORIA)

Break (30 Minutes)

03:10PM - 03:40PM

Session #8: Information-flow Channel Security

03:40PM - 05:20PM

Leakage-Abuse Attacks on Order-Revealing Encryption
Paul Grubbs (Cornell Tech), Kevin Sekniqi (Cornell University), Vincent Bindschaedler (UIUC), Muhammad Naveed (USC), Tom Ristenpart (Cornell Tech)
Side-Channel Attacks on Shared Search Indexes
Liang Wang (University of Wisconsin, Madison), Paul Grubbs (Cornell Tech), Jiahui Lu (SJTU), Vincent Bindschaedler (UIUC), David Cash (Rutgers University), Thomas Ristenpart (Cornell Tech)
From trash to treasure: timing-sensitive garbage collection
Mathias Vorreiter Pedersen (Aarhus University), Aslan Askarov (Aarhus University)
Verifying and Synthesizing Constant-Resource Implementations with Types
Van Chan Ngo (Carnegie Mellon University), Mario Dehesa-Azuara (Carnegie Mellon University), Matthew Fredrikson (Carnegie Mellon University), Jan Hoffmann (Carnegie Mellon University)
CoSMeDis: A Distributed Social Media Platform with Formally Verified Confidentiality Guarantees
Thomas Bauereiß (German Research Center for Artificial Intelligence (DFKI) Bremen, Germany), Armando Pesenti Gritti (Global NoticeBoard, UK), Andrei Popescu (School of Science and Technology, Middlesex University, UK/Institute of Mathematics Simion Stoilow of the Romanian Academy), Franco Raimondi (School of Science and Technology, Middlesex University, UK)

Break (10 Minutes)

05:20PM - 05:30PM

Short Talks

05:30PM - 06:30PM

S&P TC Business Meeting

06:30PM - 07:30PM

May 24


Registration

07:00AM - 06:00PM

Breakfast

07:30AM - 08:30AM

Closing Remarks

08:30AM - 08:40AM

Session #9: Underground Economics

08:40AM - 10:20AM

How to Learn Klingon Without Dictionary: Detection and Measurement of Black Keywords Used by Underground Economy
Hao Yang (Tsinghua University), Xiulin Ma (Tsinghua University), Kun Du (Tsinghua University), Zhou Li (IEEE Member), Haixin Duan (Tsinghua University), Xiaodong Su (Baidu Inc.), Guang Liu (Baidu Inc.), Zhifeng Geng (Baidu Inc.), Jianping Wu (Tsinghua University)
To Catch a Ratter: Monitoring the Behavior of Amateur DarkComet RAT Operators in the Wild
Brown Farinholt (UC San Diego), Mohammad Rezaeirad (GMU), Paul Pearce (UC Berkeley), Hitesh Dharamdasani (Informant Networks), Haikuo Yin (UC San Diego), Stevens LeBlond (EPFL and MPI-SWS), Damon McCoy (NYU), Kirill Levchenko (UC San Diego)
A Lustrum of Malware Network Communication: Evolution and Insights
Chaz Lever (Georgia Tech), Platon Kotzias (IMDEA), Davide Balzarotti (Eurecom), Juan Caballero (IMDEA), Manos Antonakakis (Georgia Tech)
Under the Shadow of Sunshine: Understanding and Detecting Bulletproof Hosting on Legitimate Service Provider Networks
Sumayah Alrwais (Indiana University at Bloomington), Xiaojing Liao (Georgia Institute of Technology), Xianghang Mi (Indiana University at Bloomington), Peng Wang (Indiana University at Bloomington), XiaoFeng Wang (Indiana University at Bloomington), Feng Qian (Indiana University at Bloomington), Raheem Beyah (Georgia Institute of Technology), Damon McCoy (New York University)
Your Exploit is Mine: Automatic Shellcode Transplant for Remote Exploits
Tiffany Bao (CMU), Ruoyu Wang (UCSB), Yan Shoshitaishvili (UCSB), David Brumley (CMU)

Break (30 Minutes)

10:20AM - 10:50AM

Session #10: Cryptography

10:50AM - 12:30PM

Optimized Honest-Majority MPC for Malicious Adversaries - Breaking the 1 Billion-Gate Per Second Barrier
Toshinori Araki (NEC), Assi Barak (Bar-Ilan University), Jun Furukawa (NEC), Tamar Lichter (Queens College - CUNY), Yehuda Lindell (Bar-Ilan University), Ariel Nof (Bar-Ilan University), Kazuma Ohara (NEC), Adi Watzman (The Weizmann Institute of Science), Or Weinstein (Bar-Ilan University)
vSQL: Verifying Arbitrary SQL Queries over Dynamic Outsourced Databases
Yupeng Zhang (University of Maryland), Daniel Genkin (University of Maryland & University of Pennsylvania), Jonathan Katz (University of Maryland), Dimitrios Papadopoulos (University of Maryland), Charalampos Papamanthou (University of Maryland)
A Framework for Universally Composable Diffie-Hellman Key Exchange
Ralf Küsters (University of Stuttgart), Daniel Rausch (University of Stuttgart)
One TPM to Bind Them All: Fixing TPM2.0 for Provably Secure Anonymous Attestation
Jan Camenisch (IBM Research - Zurich), Liqun Chen (University of Surrey), Manu Drijvers (IBM Research - Zurich and ETH Zurich), Anja Lehmann (IBM Research - Zurich), David Novick (Intel), Rainer Urian (Infineon)
Cryptographic Function Detection in Obfuscated Binaries via Bit-precise Symbolic Loop Mapping
Dongpeng Xu (The Pennsylvania State University), Jiang Ming (University of Texas at Arlington), Dinghao Wu (The Pennsylvania State University)

Lunch

12:30PM - 01:30PM

Session #11: Privacy

01:30PM - 03:10PM

XHOUND: Quantifying the Fingerprintability of Browser Extensions
Oleksii Starov (Stony Brook University), Nick Nikiforakis (Stony Brook University)
Identifying Personal DNA Methylation Profiles by Genotype Inference
Michael Backes (CISPA, Saarland University & MPI-SWS), Pascal Berrang (CISPA, Saarland University), Matthias Bieg (German Cancer Research Center (DKFZ)), Roland Eils (German Cancer Research Center (DKFZ) & University of Heidelberg), Carl Herrmann (German Cancer Research Center (DKFZ) & University of Heidelberg), Mathias Humbert (CISPA, Saarland University), Irina Lehmann (Helmholtz Centre for Environmental Research Leipzig - UFZ, Leipzig)
Counter-RAPTOR: Safeguarding Tor Against Active Routing Attacks
Yixin Sun (Princeton University), Anne Edmundson (Princeton University), Nick Feamster (Princeton University), Mung Chiang (Princeton University), Prateek Mittal (Princeton University)
Machine-Checked Proofs of Privacy for Electronic Voting Protocols
Véronique Cortier (LORIA, CNRS & Inria & Université de Lorraine), Constantin Cătalin Drăgan (LORIA, CNRS & Inria), François Dupressoir (University of Surrey), Benedikt Schmidt (IMDEA Software Institute), Pierre-Yves Strub (École Polytechnique), Bogdan Warinschi (University of Bristol)
Spotless Sandboxes: Evading Malware Analysis Systems using Wear-and-Tear Artifacts
Najmeh Miramirkhani (Stony Brook University), Mahathi Priya Appini (Stony Brook University), Nick Nikiforakis (Stony Brook University), Michalis Polychronakis (Stony Brook University)

Break (20 Minutes)

03:10PM - 03:40PM

Session #12: Authorization

03:40PM - 05:20PM

Hardening Java's Access Control by Abolishing Implicit Privilege Elevation
Philipp Holzinger (Fraunhofer SIT), Ben Hermann (Technische Universität Darmstadt), Johannes Lerch (Technische Universität Darmstadt), Eric Bodden (Paderborn University & Fraunhofer IEM), Mira Mezini (Technische Universität Darmstadt)
Cloak and Dagger: From Two Permissions to Complete Control of the UI Feedback Loop
Yanick Fratantonio (UC Santa Barbara), Chenxiong Qian (Georgia Tech), Simon Chung (Georgia Tech), Wenke Lee (Georgia Tech)
SmarPer: Context-Aware and Automatic Runtime-Permissions for Mobile Devices
Katarzyna Olejnik (Raytheon BBN Technologies), Italo Dacosta (EPFL), Joana Machado (EPFL), Kévin Huguenin (UNIL), Mohammad Emtiyaz Khan (Center for Advanced Intelligence Project (AIP), RIKEN, Tokyo), Jean-Pierre Hubaux (EPFL)
The Feasibility of Dynamically Granted Permissions: Aligning Mobile Privacy with User Preferences
Primal Wijesekera (University of British Columbia), Arjun Baokar (University of California, Berkeley), Lynn Tsai (University of California, Berkeley), Joel Reardon (University of California, Berkeley), Serge Egelman (University of California, Berkeley), David Wagner (University of California, Berkeley), Konstantin Beznosov (University of British Columbia)
IVD: Automatic Learning and Enforcement of Authorization Rules in Online Social Networks
Paul Dan Marinescu (Facebook), Chad Parry (Facebook), Marjori Pomarole (Facebook), Yuan Tian (CMU), Patrick Tague (CMU), Ioannis Papagiannis (Facebook)

Speed Mentoring, BoFs, Symposium/Workshops Bridging Reception

05:45PM - 07:45PM

May 25


Workshops Registration

07:00AM - 11:00AM

Workshops Breakfast

07:30AM - 08:30AM

Workshops Opening Remarks

08:45AM - 09:00AM

Workshops Session #1

09:00AM - 10:00AM

Workshops Break (30 minutes)

10:15AM - 10:45AM

Workshops Session #2

10:45AM - 12:30PM

Workshops Lunch

12:30PM - 01:30PM

Workshops Session #3

01:30PM - 03:15PM

Workshops Break (30 minutes)

03:15PM - 03:45PM

Workshops Session #4

03:45PM - 05:30PM

Closing Remarks

05:30PM - 05:45PM