June 17-19, 2019 in Stockholm, Sweden

4th IEEE European Symposium on Security and Privacy


Melanie Rieback, Smashing the stack for fun and nonprofit

Accepted Papers

False Sense of Security: A Study on the Effectivity of Jailbreak Detection in Banking Apps
Ansgar Kellner, Micha Horlboge, Konrad Rieck, Christian Wressnegger (TU Braunschweig)
Up-To-Crash: Evaluating Third-Party Library Updatability on Android
Jie Huang, Nataniel Borges, Sven Bugiel, Michael Backes (CISPA Helmholtz-Zentrum i.G.)
Challenges in Designing Exploit Mitigations for Deeply Embedded Systems
Ali Abbasi (Ruhr University Bochum); Jos Wetzels (Midnight Blue Labs); Thorsten Holz (Ruhr University Bochum); Sandro Etalle (Eindhoven University of Technology)
DroidEvolver: Self-Evolving and Scalable Android Malware Detection System
Ke Xu, Yingjiu Li, Robert H. Deng (Singapore Management University); Kai Chen (Chinese Academy of Sciences); Jiayun Xu (Singapore Management University)
Programming with Flow-Limited Authorization: Coarser is Better 
Mathias Vorreiter Pedersen (Aarhus University); Stephen Chong (Harvard University)
Information-Flow Control for Database-backed Applications
Marco Guarnieri (IMDEA Software Institute); Musard Balliu (KTH Royal Institute of Technology); Daniel Schoepe (Chalmers University of Technology); David Basin (ETH Zurich); Andrei Sabelfeld (Chalmers University of Technology)
Adaptive Call-site Sensitive Control Flow Integrity
Mustakimur Khandaker, Abu Naser, Wenqing Liu, Zhi Wang (Florida State University); Yajin Zhou (Zhejiang University); Yueqiang Cheng (Baidu X-lab)
Steroids for DOPed Applications: A Compiler for Automated Data-Oriented Programming
Jannik Pewny, Philipp Koppe, Thorsten Holz (HGI, Ruhr-University Bochum)
A Symbolic Analysis of ECC-based Direct Anonymous Attestation
Jorden Whitefield, Liqun Chen (Surrey Centre for Cyber Security, University of Surrey, UK); Ralf Sasse (Department of Computer Science, ETH Zurich); Steve Schneider, Helen Treharne, Steve Wesemeyer (Surrey Centre for Cyber Security, University of Surrey, UK)
Stealing Intel Secrets from SGX Enclaves via Speculative Execution
Guoxing Chen, Sanchuan Chen, Yuan Xiao, Yinqian Zhang, Zhiqiang Lin, Ten H. Lai (The Ohio State University)
ReplicaTEE: Enabling Seamless Replication of SGX Enclaves in the Cloud
Claudio Soriente, Ghassan Karame, Wenting Li, Sergey Fedorov (NEC Labs Europe)
Deanonymization and linkability of cryptocurrency transactions based on network analysis
Alex Biryukov, Sergei Tikhomirov (University of Luxembourg)
Ekiden: A Platform for Confidentiality-Preserving, Trustworthy, and Performant Smart Contracts
Raymond Cheng, Warren He, Nicholas Hynes, Noah Johnson, Jernej Kos, Fan Zhang, Ari Juels, Andrew Miller, Dawn Song
Understanding eWhoring
Alice Hutchings (University of Cambridge); Sergio Pastrana (Carlos III University of Madrid)
Key-Insulated and Privacy-Preserving Signature Scheme with Publicly Derived Public Key
Zhen Liu (Shanghai Jiao Tong University); Guomin Yang (University of Wollongong); Duncan S. Wong (CryptoBLK); Khoa Nguyen, Huaxiong Wang (Nanyang Technological University)
A Mechanised Cryptographic Proof of the WireGuard Virtual Private Network Protocol 
Benjamin Lipp, Bruno Blanchet, Karthikeyan Bhargavan (INRIA Paris)
The Case of Adversarial Inputs for Secure Similarity Approximation Protocols
Evgenios M. Kornaropoulos (Brown University); Petros Efstathopoulos (Symantec Research Labs)
A Practical Attestation Protocol for Autonomous Embedded Systems
Florian Kohnhäuser, Niklas Büscher, Stefan Katzenbeisser (TU Darmstadt)
IFAL: Issue First Activate Later Certificates for V2X
Eric Verheul (Radboud University); Christopher Hicks, Flavio D. Garcia (University of Birmingham)
SAID: Reshaping Signal into an Identity-Based Asynchronous Messaging Protocol with Authenticated Ratcheting
Olivier Blazy (University of Limoges, XLIM, CNRS UMR 7252); Angèle Bossuat, Xavier Bultel, Pierre-Alain Fouque (Univ Rennes, CNRS, IRISA); Cristina Onete (University of Limoges, XLIM, CNRS UMR 7252); Elena Pagnin (Chalmers University of Technology)
SoK: Best Practices in Systems Security Benchmarking
Erik van der Kouwe (Leiden University); Dennis Andriesse, Herbert Bos, Cristiano Giuffrida (Vrije Universiteit Amsterdam); Gernot Heiser (Data61 and UNSW)
Tell Me You Fixed It: Evaluating Vulnerability Notifications via Quarantine Networks
Orcun Cetin, Carlos Gañán, Lisette Altena, Samaneh Tajalizadehkhoob, Michel van Eeten (Delft University of Technology)
Discovering Correlations: A Formal Definition of Causal Dependency Between Heterogeneous Events
Charles XOSANAVONGSA, Eric TOTEL (CentraleSupelec); Olivier BETTAN (Thales Group)
Noise Explorer: Fully Automated Modeling and Verification for Arbitrary Noise Protocols
Nadim Kobeissi (INRIA Paris, Symbolic Software); Georgio Nicolas (Symbolic Software); Karthikeyan Bhargavan (INRIA Paris)
Degenerate fault attacks on elliptic curve parameters in OpenSSL
Akira Takahashi (Kyoto University); Mehdi Tibouchi (NTT Secure Platform Laboratories)
On Aggregation of Information in Timing Attacks
Itsaka Rakotonirina (INRIA Nancy Grand-Est, LORIA); Boris Köpf (Microsoft Research)
In Encryption we don't Trust: The Effect of End-To-End Encryption to the Masses on User Perception
Sergej Dechand, Alena Naiakshina, Anastasia Danilova, Matthew Smith (Uni Bonn)
Rethinking Location Privacy for Unknown Mobility Behaviors
Simon Oya (University of Vigo); Carmela Troncoso (EPFL); Fernando Pérez-González (University of Vigo)
Revisiting User Privacy for Certificate Transparency
Daniel Kales, Olamide Omolola, Sebastian Ramacher (Graz University of Technology)
PILOT: Practical Privacy-Preserving Indoor Localization using OuTsourcing
Kimmo Järvinen (University of Helsinki); Helena Leppäkoski, Elena-Simona Lohan, Philipp Richter (Tampere University of Technology); Thomas Schneider, Oleksandr Tkachenko (TU Darmstadt); Zheng Yang (Singapore University of Technology and Design)
The 5G-AKA Authentication Protocol Privacy
Adrien Koutsos (LSV, CNRS, ENS Paris-Saclay, Université Paris-Saclay)
Towards Understanding Limitations of Pixel Discretization Against Adversarial Attacks
Jiefeng Chen (University of Wisconsin-Madison); Xi Wu (Google); Vaibhav Rastogi, Yingyu Liang, Somesh Jha (University of Wisconsin-Madison)
EzPC: Programmable and Efficient Secure Two-Party Computation for Machine Learning
Nishanth Chandran, Divya Gupta, Aseem Rastogi, Rahul Sharma (Microsoft Research); Shardul Tripathi (Indian Institute of Technology - Delhi)
PRADA: Protecting against DNN Model Stealing Attacks
Mika Juuti, Sebastian Szyller, Samuel Marchal, N. Asokan (Aalto University)
Mitch: A Machine Learning Approach to the Black-Box Detection of CSRF Vulnerabilities
Stefano Calzavara (Università Ca' Foscari Venezia); Mauro Conti (University of Padova); Riccardo Focardi, Alvise Rabitti (Università Ca' Foscari Venezia); Gabriele Tolomei (University of Padova)
Domain Impersonation is Feasible: A Study of CA Domain Validation Vulnerabilities
Lorenz Schwittmann, Matthäus Wander, Torben Weis (University of Duisburg-Essen)
TraffickStop: Detecting and Measuring Illicit Traffic Monetization Through Large-scale DNS Analysis
Baojun Liu (Tsinghua University); Zhou Li (University of California, Irvine); Peiyuan Zong (Institute of Information Engineering, Chinese Academy of Sciences); Chaoyi Lu, Haixin Duan, Ying Liu (Tsinghua University); Sumayah Alrwais (King Saud University); Xiaofeng Wang (Indiana University Bloomington); Shuang Hao (University of Texas at Dallas); Yaoqi Jia (Zilliqa Research); Yiming Zhang (Tsinghua University); Kai Chen (Institute of Information Engineering, Chinese Academy of Sciences); Zaifeng Zhang (360 Netlab)
Using Guessed Passwords to Thwart Online Guessing
Yuan Tian (U Virginia); Cormac Herley (Microsoft); Stuart Schechter (Unaffiliated)
MALPITY: Automatic Identification and Exploitation of Tarpit Vulnerabilities in Malware
Sebastian Walla (CISPA, Saarland University); Christian Rossow (CISPA - Helmholtz Center i. G.)
Private votes on untrusted platforms: models, attacks and provable scheme
Sergiu Bursuc (Inria Nancy); Constantin Catalin Dragan (University of Surrey); Steve Kremer (Inria Nancy)
Is your vote overheard? A new scalable side-channel attack against paper voting
Jan Willemson, Kristjan Krips, Sebastian Värv (Cybernetica)
Improving Automated Symbolic Analysis of Ballot Secrecy for E-voting Protocols: A Method Based on Sufficient Conditions
Cas Cremers (CISPA Helmholtz Center (i.G.)); Lucca Hirschi (ETH Zurich)