April 24-26, 2018 in London, United Kingdom

3rd IEEE European Symposium on Security and Privacy



Lujo Bauer (CMU), From password policies to adversarial machine learning, it's all about the user.

Sunny Consolvo (Google), Studying user-facing threats in security & privacy.

Accepted Papers

More is Less: On the End-to-End Security of Group Chats in Signal, WhatsApp, and Threema
Paul Rösler (Horst Görtz Institute for IT Security, Chair for Network and Data Security, Ruhr-University Bochum), Christian Mainka (Horst Görtz Institute for IT Security, Chair for Network and Data Security, Ruhr-University Bochum), Jörg Schwenk (Horst Görtz Institute for IT Security, Chair for Network and Data Security, Ruhr-University Bochum)
What you get is what you C: Controlling side effects in mainstream C compilers
Laurent Simon (Cambridge University), David Chisnall (Cambridge University), Ross Anderson (Cambridge University)
ChainSmith: Automatically Learning the Semantics of Malicious Campaigns by Mining Threat Intelligence Reports
Ziyun Zhu (University of Maryland, College Park), Tudor Dumitras (University of Maryland, College Park)
ERASER: Your Data Won’t Be Back
Kaan Onarlioglu (Akamai Technologies), William Robertson (Northeastern University), Engin Kirda (Northeastern University)
Get in Line: Ongoing Co-Presence Verification of a Vehicle Formation Based on Driving Trajectories
Christian Vaas (University of Oxford), Mika Juuti (Aalto University), N. Asokan (Aalto University), Ivan Martinovic (University of Oxford)
Language-Independent Synthesis of Firewall Policies
Chiara Bodei (Università di Pisa), Pierpaolo Degano (Università di Pisa), Riccardo Focardi (Università Ca Foscari Venezia), Letterio Galletta (Università di Pisa), Mauro Tempesta (Università Ca Foscari Venezia), Lorenzo Veronese (Università Ca Foscari Venezia)
Understanding User Tradeoffs for Search in Encrypted Communication
Wei Bai (University of Maryland, College Park), Ciara Lynton (University of Maryland, College Park), Michelle L. Mazurek (University of Maryland, College Park), Charalampos (Babis) Papamanthou (University of Maryland, College Park)
Short Double- and N-Times-Authentication-Preventing Signatures from ECDSA and More
David Derler (IAIK, Graz University of Technology), Sebastian Ramacher (IAIK, Graz University of Technology), Daniel Slamanig (AIT Austrian Institute of Technology)
Formally Reasoning about the Cost and Efficacy of Securing the Email Infrastructure
Patrick Speicher (CISPA, Saarland University), Marcel Steinmetz (CISPA, Saarland University), Robert Künnemann (CISPA, Saarland University), Milivoj Simeonovski (CISPA, Saarland University), Giancarlo Pellegrino (CISPA, Saarland University), Jörg Hoffmann (CISPA, Saarland University), Michael Backes (CISPA, Saarland University)
Security Risks in Asynchronous Web Servers: When Performance Optimizations Amplify the Impact of Data-oriented Attacks
Micah Morton (UNC at Chapel Hill), Jan Werner (UNC at Chapel Hill), Panagiotis Kintis (Georgia Tech), Kevin Snow (Zeropoint Dynamics), Manos Antonakakis (Georgia Tech), Michalis Polychronakis (Stony Brook University), Fabian Monrose (UNC at Chapel Hill)
A formal analysis of the Neuchâtel e-voting protocol
Véronique Cortier (Loria & CNRS, France), David Galindo (University of Birmingham, UK), Mathieu Turuani (Loria & INRIA, France)
Sponge-Based Control-Flow Protection for IoT Devices
Mario Werner (Graz University of Technology), Thomas Unterluggauer (Graz University of Technology), David Schaffenrath (Graz University of Technology), Stefan Mangard (Graz University of Technology)
The Real First Class? Inferring Confidential Corporate Mergers and Government Relations from Air Traffic Communication
Martin Strohmeier (University of Oxford), Matthew Smith (University of Oxford), Vincent Lenders (Armasuisse), Ivan Martinovic (University of Oxford)
Online Synthesis of Adaptive Side-Channel Attacks Based On Noisy Observations
Lucas Bang (University of California Santa Barbara), Nicolas Rosner (University of California Santa Barbara), Tevfik Bultan (University of California Santa Barbara)
Crypto Crumple Zones: Enabling Limited Access without Mass Surveillance
Charles Wright (Portland State University), Mayank Varia (Boston University)
User Blocking Considered Harmful? An Attacker-controllable Side Channel to Identify Social Accounts
Takuya Watanabe (NTT Secure Platform Laboratories), Eitaro Shioji (NTT Secure Platform Laboratories), Mitsuaki Akiyama (NTT Secure Platform Laboratories), Keito Sasaoka (Waseda University), Takeshi Yagi (NTT Secure Platform Laboratories), Tatsuya Mori (Waseda University)
On Composability of Game-based Password Authenticated Key Exchange
Marjan Skrobot (University of Luxembourg), Jean Lancrenon (itrust consulting)
I Spy with My Little Eye: Analysis and Detection of Spying Browser Extensions
Anupama Aggarwal (IIIT - Delhi, India), Saravana Kumar (CEG, Guindy, India), Bimal Viswanath (UC Santa Barbara), Liang Zhang (Northeastern University), Ayush Shah (IIIT - Delhi, India), Ponnurangam Kumaraguru (IIIT - Delhi, India)
Position-independent Code Reuse: On the Effectiveness of ASLR in the Absence of Information Disclosure
Enes Göktaş (Vrije Universiteit Amsterdam), Benjamin Kollenda (Ruhr-Universität Bochum), Philipp Koppe (Ruhr-Universität Bochum), Erik Bosman (Vrije Universiteit Amsterdam), Georgios Portokalidis (Stevens Institute of Technology), Thorsten Holz (Ruhr-Universität Bochum), Herbert Bos (Vrije Universiteit Amsterdam), Cristiano Giuffrida (Vrije Universiteit Amsterdam)
TARANET: Traffic-Analysis Resistant Anonymity at the NETwork layer
Chen Chen (CMU), Daniele E. Asoni (ETH Zurich), Adrian Perrig (ETH Zurich), David Barrera (Polytechnique Montréal), George Danezis (UCL), Carmela Troncoso (IMDEA Software Institute)
Attacking Deterministic Signature Schemes using Fault Attacks
Damian Poddebniak (Münster University of Applied Sciences), Juraj Somorovsky (Ruhr-University Bochum), Sebastian Schinzel (Münster University of Applied Sciences), Manfred Lochter (Federal Office for Information Security), Paul Rösler (Ruhr-University Bochum)
Dissecting Privacy Risks in Biomedical Data
Pascal Berrang (CISPA, Saarland University), Mathias Humbert (Swiss Data Science Center, ETH/EPFL), Yang Zhang (CISPA, Saarland University), Irina Lehmann (Helmholtz Centre for Environmental Research Leipzig, UFZ, Leipzig), Roland Eils (German Cancer Research Center (DKFZ) & University of Heidelberg), Michael Backes (CISPA, Saarland University)
CRYSTALS - Kyber: a CCA-secure module-lattice-based KEM
Joppe Bos (NXP), Leo Ducas (CWI), Eike Kiltz (Ruhr-University Bochum), Tancrede Lepoint (SRI), Vadim Lybashevsky (IBM Research), John M. Schanck (University of Waterloo), Peter Schwabe (Radboud University), Damien Stehle (Universite de Lyon)
Masters of Time: An Overview of the NTP Ecosystem
Teemu Rytilahti (Horst Görtz Institute for IT-Security, Ruhr University Bochum), Dennis Tatang (Horst Görtz Institute for IT-Security, Ruhr University Bochum), Janosch Köpper (Horst Görtz Institute for IT-Security, Ruhr University Bochum), Thorsten Holz (Horst Görtz Institute for IT-Security, Ruhr University Bochum)
Probabilistic Obfuscation through Covert Channels
Jon Stephens (The University of Arizona), Babak Yadegari (The University of Arizona), Christian Collberg (The University of Arizona), Saumya Debray (The University of Arizona), Carlos Scheidegger (The University of Arizona)
Have your PI and Eat it Too: Practical Security on a Low-cost Ubiquitous Computing Platform
Amit Vasudevan (CyLab / CMU), Sagar Chaki (SEI / CMU), Amit Vasudevan (CyLab, Carnegie Mellon University)
SoK: Security and Privacy in Machine Learning
Nicolas Papernot (Penn State), Patrick McDaniel (Penn State), Arunesh Sinha (University of Michigan), Michael P. Wellman (University of Michigan)
Just In Time Hashing
Benjamin Harsha (Purdue University), Jeremiah Blocki (Purdue University)
Forgotten Siblings: Unifying Attacks on Machine Learning and Digital Watermarking
Erwin Quiring (TU Braunschweig), Daniel Arp (TU Braunschweig), Konrad Rieck (TU Braunschweig)
COVERN: A Logic for Compositional Verification of Information Flow Control
Toby Murray (University of Melbourne and Data61), Robert Sison (CSE, UNSW and Data61), Kai Engelhardt (CSE, UNSW and Data61)
DeepRefiner: Multi-layer Android Malware Detection System Applying Deep Neural Networks
Ke Xu (Singapore Management University), Yingjiu Li (Singapore Management University), Robert H. Deng (Singapore Management University), Kai Chen (Chinese Academy of Sciences)
In search of CurveSwap: Measuring elliptic curve implementations in the wild
Luke Valenta (University of Pennsylvania), Nick Sullivan (Cloudflare), Antonio Sanso (Adobe), Nadia Heninger (University of Pennsylvania)
Mining ABAC Rules from Sparse Logs
Carlos Cotrini (ETH Zürich), Thilo Weghorn (ETH Zürich), David Basin (ETH Zürich)