June 17-19, 2019 in Stockholm, Sweden

4th IEEE European Symposium on Security and Privacy


Please refer to the workshop websites for the programs. Directions to the venue can be found here.

Registration + Welcome

08:00 - 08:50

Opening Remarks

08:50 - 09:00

Session: Smartphones and embedded systems

9:00 - 10:40

False Sense of Security: A Study on the Effectivity of Jailbreak Detection in Banking Apps
Ansgar Kellner, Micha Horlboge, Konrad Rieck, Christian Wressnegger (TU Braunschweig)
Up-To-Crash: Evaluating Third-Party Library Updatability on Android
Jie Huang, Nataniel Borges, Sven Bugiel, Michael Backes (CISPA Helmholtz Center for Information Security)
Challenges in Designing Exploit Mitigations for Deeply Embedded Systems
Ali Abbasi (Ruhr University Bochum); Jos Wetzels (Midnight Blue Labs); Thorsten Holz (Ruhr University Bochum); Sandro Etalle (Eindhoven University of Technology)
DroidEvolver: Self-Evolving Android Malware Detection System
Ke Xu, Yingjiu Li, Robert H. Deng (Singapore Management University); Kai Chen (Chinese Academy of Sciences); Jiayun Xu (Singapore Management University)

Coffee Break

10:40 - 11:05

Session: Programming languages and flow control

11:05 - 12:20

Programming with Flow-Limited Authorization: Coarser is Better 
Mathias Vorreiter Pedersen (Aarhus University); Stephen Chong (Harvard University)
Information-Flow Control for Database-backed Applications
Marco Guarnieri (IMDEA Software Institute); Musard Balliu (KTH Royal Institute of Technology); Daniel Schoepe (Chalmers University of Technology); David Basin (ETH Zurich); Andrei Sabelfeld (Chalmers University of Technology)
Steroids for DOPed Applications: A Compiler for Automated Data-Oriented Programming
Jannik Pewny, Philipp Koppe, Thorsten Holz (HGI, Ruhr-University Bochum)

Lunch

12:20 - 13:45

Session: Trusted systems

13:45 - 15:00

A Symbolic Analysis of ECC-based Direct Anonymous Attestation
Jorden Whitefield, Liqun Chen (Surrey Centre for Cyber Security, University of Surrey, UK); Ralf Sasse (Department of Computer Science, ETH Zurich); Steve Schneider, Helen Treharne, Steve Wesemeyer (Surrey Centre for Cyber Security, University of Surrey, UK)
Stealing Intel Secrets from SGX Enclaves via Speculative Execution
Guoxing Chen, Sanchuan Chen, Yuan Xiao, Yinqian Zhang, Zhiqiang Lin, Ten H. Lai (The Ohio State University)
ReplicaTEE: Enabling Seamless Replication of SGX Enclaves in the Cloud
Claudio Soriente, Ghassan Karame, Wenting Li, Sergey Fedorov (NEC Labs Europe)

Coffee Break

15:00 - 15:30

Session: Cryptocurrency, blockchain and cybercrime

15:30 - 17:10

Adaptive Call-site Sensitive Control Flow Integrity
Mustakimur Khandaker, Abu Naser, Wenqing Liu, Zhi Wang (Florida State University); Yajin Zhou (Zhejiang University); Yueqiang Cheng (Baidu X-lab)
Deanonymization and linkability of cryptocurrency transactions based on network analysis
Alex Biryukov, Sergei Tikhomirov (University of Luxembourg)
Ekiden: A Platform for Confidentiality-Preserving, Trustworthy, and Performant Smart Contracts
Raymond Cheng (UC Berkeley, Oasis Labs); Fan Zhang (Cornell Tech); Jernej Kos (Oasis Labs); Warren He, Nicholas Hynes, Noah Johnson (UC Berkeley, Oasis Labs); Ari Juels (Cornell Tech); Andrew Miller (UIUC); Dawn Song (UC Berkeley, Oasis Labs)
Understanding eWhoring
Alice Hutchings (University of Cambridge); Sergio Pastrana (Carlos III University of Madrid)

Keynote

09:00 - 9:50

Smashing the stack for fun and nonprofit
Melanie Rieback

Session: Crypto 1: schemes and protocols

9:50 - 10:40

Key-Insulated and Privacy-Preserving Signature Scheme with Publicly Derived Public Key
Zhen Liu (Shanghai Jiao Tong University); Guomin Yang (University of Wollongong); Duncan S. Wong (CryptoBLK); Khoa Nguyen, Huaxiong Wang (Nanyang Technological University)
A Mechanised Cryptographic Proof of the WireGuard Virtual Private Network Protocol 
Benjamin Lipp, Bruno Blanchet, Karthikeyan Bhargavan (INRIA Paris)

Coffee Break

10:40 - 11:05

Session: More protocols

11:05 - 12:20

The Case of Adversarial Inputs for Secure Similarity Approximation Protocols
Evgenios M. Kornaropoulos (Brown University); Petros Efstathopoulos (Symantec Research Labs)
A Practical Attestation Protocol for Autonomous Embedded Systems
Florian Kohnhäuser, Niklas Büscher, Stefan Katzenbeisser (TU Darmstadt)
SAID: Reshaping Signal into an Identity-Based Asynchronous Messaging Protocol with Authenticated Ratcheting
Olivier Blazy (University of Limoges, XLIM, CNRS UMR 7252); Angèle Bossuat, Xavier Bultel, Pierre-Alain Fouque (Univ Rennes, CNRS, IRISA); Cristina Onete (University of Limoges, XLIM, CNRS UMR 7252); Elena Pagnin (Aarhus University)

Lunch

12:20 - 13:20

Session: Benchmarking and modelling

13:20 - 15:00

SoK: Benchmarking Flaws in Systems Security
Erik van der Kouwe (Leiden University); Dennis Andriesse, Herbert Bos, Cristiano Giuffrida (Vrije Universiteit Amsterdam); Gernot Heiser (Data61 and UNSW)
Tell Me You Fixed It: Evaluating Vulnerability Notifications via Quarantine Networks
Orcun Cetin, Carlos Gañán, Lisette Altena, Samaneh Tajalizadehkhoob, Michel van Eeten (Delft University of Technology)
Discovering Correlations: A Formal Definition of Causal Dependency Among Heterogeneous Events
Charles XOSANAVONGSA, Eric TOTEL (CentraleSupelec); Olivier BETTAN (Thales Group)
Noise Explorer: Fully Automated Modeling and Verification for Arbitrary Noise Protocols
Nadim Kobeissi (INRIA Paris, Symbolic Software); Georgio Nicolas (Symbolic Software); Karthikeyan Bhargavan (INRIA Paris)

Coffee Break

15:00 - 15:25

Session: Crypto 2: side channels and users

15:25 - 17:05

IFAL: Issue First Activate Later Certificates for V2X
Eric Verheul (Radboud University); Christopher Hicks, Flavio D. Garcia (University of Birmingham)
Degenerate fault attacks on elliptic curve parameters in OpenSSL
Akira Takahashi (Aarhus University); Mehdi Tibouchi (NTT Secure Platform Laboratories)
On Aggregation of Information in Timing Attacks
Itsaka Rakotonirina (INRIA Nancy Grand-Est, LORIA); Boris Köpf (Microsoft Research)
In Encryption we don't Trust: The Effect of End-To-End Encryption to the Masses on User Perception
Sergej Dechand, Alena Naiakshina, Anastasia Danilova, Matthew Smith (Uni Bonn)

End of day

17:05 -

Session: Privacy

9:00 - 10:40

Rethinking Location Privacy for Unknown Mobility Behaviors
Simon Oya (University of Vigo); Carmela Troncoso (EPFL); Fernando Pérez-González (University of Vigo)
Revisiting User Privacy for Certificate Transparency
Daniel Kales, Olamide Omolola, Sebastian Ramacher (Graz University of Technology)
PILOT: Practical Privacy-Preserving Indoor Localization using OuTsourcing
Kimmo Järvinen (University of Helsinki); Helena Leppäkoski, Elena-Simona Lohan, Philipp Richter (Tampere University of Technology); Thomas Schneider, Oleksandr Tkachenko (TU Darmstadt); Zheng Yang (Singapore University of Technology and Design)
The 5G-AKA Authentication Protocol Privacy
Adrien Koutsos (LSV, CNRS, ENS Paris-Saclay, Université Paris-Saclay)

Coffee Break

10:40 - 11:05

Session: Machine learning

11:05 - 12:20

Towards Understanding Limitations of Pixel Discretization Against Adversarial Attacks
Jiefeng Chen (University of Wisconsin-Madison); Xi Wu (Google); Vaibhav Rastogi, Yingyu Liang, Somesh Jha (University of Wisconsin-Madison)
EzPC: Programmable and Efficient Secure Two-Party Computation for Machine Learning
Nishanth Chandran, Divya Gupta, Aseem Rastogi, Rahul Sharma (Microsoft Research); Shardul Tripathi (Indian Institute of Technology - Delhi)
PRADA: Protecting Against DNN Model Stealing Attacks
Mika Juuti, Sebastian Szyller, Samuel Marchal, N. Asokan (Aalto University)

Lunch

12:20 - 13:20

Session: Internet, passwords and malware

13:20 - 15:25

Mitch: A Machine Learning Approach to the Black-Box Detection of CSRF Vulnerabilities
Stefano Calzavara (Università Ca' Foscari Venezia); Mauro Conti (University of Padova); Riccardo Focardi, Alvise Rabitti (Università Ca' Foscari Venezia); Gabriele Tolomei (University of Padova)
Domain Impersonation is Feasible: A Study of CA Domain Validation Vulnerabilities
Lorenz Schwittmann, Matthäus Wander, Torben Weis (University of Duisburg-Essen)
TraffickStop: Detecting and Measuring Illicit Traffic Monetization Through Large-scale DNS Analysis
Baojun Liu (Tsinghua University); Zhou Li (University of California, Irvine); Peiyuan Zong (Institute of Information Engineering, Chinese Academy of Sciences); Chaoyi Lu, Haixin Duan, Ying Liu (Tsinghua University); Sumayah Alrwais (King Saud University); Xiaofeng Wang (Indiana University Bloomington); Shuang Hao (University of Texas at Dallas); Yaoqi Jia (Zilliqa Research); Yiming Zhang (Tsinghua University); Kai Chen (Institute of Information Engineering, Chinese Academy of Sciences); Zaifeng Zhang (360 Netlab)
Using Guessed Passwords to Thwart Online Guessing
Yuan Tian (U Virginia); Cormac Herley (Microsoft); Stuart Schechter (Unaffiliated)
MALPITY: Automatic Identification and Exploitation of Tarpit Vulnerabilities in Malware
Sebastian Walla, Christian Rossow (CISPA Helmholtz Center for Information Security)

Coffee Break

15:25 - 15:50

Session: Voting

15:50 - 17:05

Private votes on untrusted platforms: models, attacks and provable scheme
Sergiu Bursuc (Inria Nancy); Constantin Catalin Dragan (University of Surrey); Steve Kremer (Inria Nancy)
Is your vote overheard? A new scalable side-channel attack against paper voting
Jan Willemson, Kristjan Krips, Sebastian Värv (Cybernetica)
Improving Automated Symbolic Analysis of Ballot Secrecy for E-voting Protocols: A Method Based on Sufficient Conditions
Lucca Hirschi (Inria & LORIA); Cas Cremers (CISPA Helmholtz Center for Information Security)

Closing remarks

17:05 -

18:00 - 22:00

Please refer to the workshop websites for the programs. Directions to the venue can be found here.