38th IEEE Symposium on
Security and Privacy


Accepted Papers

A Framework for Universally Composable Diffie-Hellman Key Exchange
Ralf Küsters (University of Stuttgart), Daniel Rausch (University of Stuttgart)
A Lustrum of Malware Network Communication: Evolution and Insights
Chaz Lever (Georgia Tech), Platon Kotzias (IMDEA), Davide Balzarotti (Eurecom), Juan Caballero (IMDEA), Manos Antonakakis (Georgia Tech)
An Experimental Security Analysis of an Industrial Robot Controller
Davide Quarta (Politecnico di Milano), Marcello Pogliani (Politecnico di Milano), Mario Polino (Politecnico di Milano), Federico Maggi (Trend Micro Inc.), Andrea Maria Zanchettin (Politecnico di Milano), Stefano Zanero (Politecnico di Milano)
Augur: Internet-Wide Detection of Connectivity Disruptions
Paul Pearce (UC Berkeley), Roya Ensafi (Princeton), Frank Li (UC Berkeley), Nick Feamster (Princeton), Vern Paxson (UC Berkeley)
Backward-bounded DSE: Targeting Infeasibility Questions on Obfuscated Codes
Sébastien Bardin (CEA LIST), Robin David (CEA LIST), Jean-Yves Marion (LORIA)
CRLite: A Scalable System for Pushing All TLS Revocations to All Browsers
James Larisch (Northeastern University), David Choffnes (Northeastern University), Dave Levin (University of Maryland), Bruce M. Maggs (Duke University and Akamai Technologies), Alan Mislove (Northeastern University), Christo Wilson (Northeastern University)
Catena: Efficient Non-equivocation via Bitcoin
Alin Tomescu (MIT), Srinivas Devadas (MIT)
Cloak and Dagger: From Two Permissions to Complete Control of the UI Feedback Loop
Yanick Fratantonio (UC Santa Barbara), Chenxiong Qian (Georgia Tech), Simon Chung (Georgia Tech), Wenke Lee (Georgia Tech)
CoSMeDis: A Distributed Social Media Platform with Formally Verified Confidentiality Guarantees
Thomas Bauereiß (German Research Center for Artificial Intelligence (DFKI) Bremen, Germany), Armando Pesenti Gritti (Global NoticeBoard, UK), Andrei Popescu (School of Science and Technology, Middlesex University, UK/Institute of Mathematics Simion Stoilow of the Romanian Academy), Franco Raimondi (School of Science and Technology, Middlesex University, UK)
Comparing the Usability of Cryptographic APIs
Yasemin Acar (CISPA, Saarland University), Michael Backes (CISPA, Saarland University & MPI-SWS), Sascha Fahl (CISPA, Saarland University), Simson Garfinkel (National Institute of Standards and Technology), Doowon Kim (University of Maryland), Michelle Mazurek (University of Maryland), Christian Stransky (CISPA, Saarland University)
Counter-RAPTOR: Safeguarding Tor Against Active Routing Attacks
Yixin Sun (Princeton University), Anne Edmundson (Princeton University), Nick Feamster (Princeton University), Mung Chiang (Princeton University), Prateek Mittal (Princeton University)
Cryptographic Function Detection in Obfuscated Binaries via Bit-precise Symbolic Loop Mapping
Dongpeng Xu (The Pennsylvania State University), Jiang Ming (University of Texas at Arlington), Dinghao Wu (The Pennsylvania State University)
Finding and Preventing Bugs in JavaScript Bindings
Fraser Brown (Stanford University), Shravan Narayan (UCSD), Riad S. Wahby (Stanford University), Dawson Engler (Stanford University), Ranjit Jhala (UCSD), Deian Stefan (UCSD)
From trash to treasure: timing-sensitive garbage collection
Mathias Vorreiter Pedersen (Aarhus University), Aslan Askarov (Aarhus University)
HVLearn: Automated Black-box Analysis of Hostname Verification in SSL/TLS Implementations
Suphannee Sivakorn (Columbia University), George Argyros (Columbia University), Kexin Pei (Columbia University), Angelos D. Keromytis (Columbia University), Suman Jana (Columbia University)
Hardening Java's Access Control by Abolishing Implicit Privilege Elevation
Philipp Holzinger (Fraunhofer SIT), Ben Hermann (Technische Universität Darmstadt), Johannes Lerch (Technische Universität Darmstadt), Eric Bodden (Paderborn University & Fraunhofer IEM), Mira Mezini (Technische Universität Darmstadt)
Hijacking Bitcoin: Routing Attacks on Cryptocurrencies
Maria Apostolaki (ETH Zürich), Aviv Zohar (Hebrew University), Laurent Vanbever (ETH Zürich)
How They Did It: An Analysis of Emission Defeat Devices in Modern Automobiles
Moritz Contag (Ruhr University Bochum), Guo Li (University of California, San Diego), Andre Pawlowski (Ruhr University Bochum), Felix Domke, Kirill Levchenko (University of California, San Diego), Thorsten Holz (Ruhr University Bochum), Stefan Savage (University of California, San Diego)
How to Learn Klingon Without Dictionary: Detection and Measurement of Black Keywords Used by Underground Economy
Hao Yang (Tsinghua University), Xiulin Ma (Tsinghua University), Kun Du (Tsinghua University), Zhou Li (IEEE Member), Haixin Duan (Tsinghua University), Xiaodong Su (Baidu Inc.), Guang Liu (Baidu Inc.), Zhifeng Geng (Baidu Inc.), Jianping Wu (Tsinghua University)
IKP: Turning a PKI Around with Decentralized Automated Incentives
Stephanos Matsumoto (Carnegie Mellon University/ETH Zurich), Raphael M. Reischuk (ETH Zurich)
IVD: Automatic Learning and Enforcement of Authorization Rules in Online Social Networks
Paul Dan Marinescu (Facebook), Chad Parry (Facebook), Marjori Pomarole (Facebook), Yuan Tian (CMU), Patrick Tague (CMU), Ioannis Papagiannis (Facebook)
Identifying Personal DNA Methylation Profiles by Genotype Inference
Michael Backes (CISPA, Saarland University & MPI-SWS), Pascal Berrang (CISPA, Saarland University), Matthias Bieg (German Cancer Research Center (DKFZ)), Roland Eils (German Cancer Research Center (DKFZ) & University of Heidelberg), Carl Herrmann (German Cancer Research Center (DKFZ) & University of Heidelberg), Mathias Humbert (CISPA, Saarland University), Irina Lehmann (Helmholtz Centre for Environmental Research Leipzig - UFZ, Leipzig)
Implementing and Proving the TLS 1.3 Record Layer
Karthikeyan Bhargavan (Inria Paris-Rocquencourt), Antoine Delignat-Lavaud (Microsoft Research), Cédric Fournet (Microsoft Research), Markulf Kohlweiss (Microsoft Research), Jianyang Pan (Inria Paris-Rocquencourt), Jonathan Protzenko (Microsoft Research), Aseem Rastogi (Microsoft Research), Nikhil Swamy (Microsoft Research), Santiago Zanella-Béguelin (Microsoft Research), Jean Karim Zinzindohoué (Inria Paris-Rocquencourt)
IoT Goes Nuclear: Creating a Zigbee Chain Reaction
Eyal Ronen (Weizmann Institute of Science), Colin O’Flynn (Dalhousie University), Adi Shamir (Weizmann Institute of Science), Achi-Or Weingarten (Weizmann Institute of Science)
Is Interaction Necessary for Distributed Private Learning?
Adam Smith (Pennsylvania State University), Abhradeep Thakurta (University of California Santa Cruz), Jalaj Upadhyay (Pennsylvania State University)
Leakage-Abuse Attacks on Order-Revealing Encryption
Paul Grubbs (Cornell Tech), Kevin Sekniqi (Cornell University), Vincent Bindschaedler (UIUC), Muhammad Naveed (USC), Tom Ristenpart (Cornell Tech)
Machine-Checked Proofs of Privacy for Electronic Voting Protocols
Véronique Cortier (LORIA, CNRS & Inria & Université de Lorraine), Constantin Cătalin Drăgan (LORIA, CNRS & Inria), François Dupressoir (University of Surrey), Benedikt Schmidt (IMDEA Software Institute), Pierre-Yves Strub (École Polytechnique), Bogdan Warinschi (University of Bristol)
Membership Inference Attacks against Machine Learning Models
Reza Shokri (Cornell Tech), Marco Stronati (INRIA), Congzheng Song (Cornell), Vitaly Shmatikov (Cornell Tech)
Multi-touch Authentication Using Hand Geometry and Behavioral Information
Yunpeng Song (Xi'an Jiaotong University), Zhongmin Cai (Xi'an Jiaotong University), ZhiLi Zhang (University of Minnesota)
NEZHA: Efficient Domain-independent Differential Testing
Theofilos Petsios (Columbia University), Adrian Tang (Columbia University), Salvatore Stolfo (Columbia University), Angelos D. Keromytis (Columbia University), Suman Jana (Columbia University)
Norax: Enabling Execute-Only Memory for COTS Binaries on AArch64
Yaohui Chen (Stony Brook University), Dongli Zhang (Stony Brook University), Ruowen Wang (Samsung Research America), Rui Qiao (Stony Brook University), Ahmed M. Azab (Samsung Research America), Long Lu (Stony Brook University), Hayawardh Vijayakumar (Samsung Research America), Wenbo Shen (Samsung Research America)
Obstacles to the Adoption of Secure Communication Tools
Ruba Abu-Salma (University College London (UCL), UK), M. Angela Sasse (University College London (UCL), UK), Joseph Bonneau (Stanford University & Electronic Frontier Foundation (EFF), USA), Anastasia Danilova (University of Bonn, Germany), Alena Naiakshina (University of Bonn, Germany), Matthew Smith (University of Bonn, Germany)
One TPM to Bind Them All: Fixing TPM2.0 for Provably Secure Anonymous Attestation
Jan Camenisch (IBM Research - Zurich), Liqun Chen (University of Surrey), Manu Drijvers (IBM Research - Zurich and ETH Zurich), Anja Lehmann (IBM Research - Zurich), David Novick (Intel), Rainer Urian (Infineon)
Optimized Honest-Majority MPC for Malicious Adversaries - Breaking the 1 Billion-Gate Per Second Barrier
Toshinori Araki (NEC), Assi Barak (Bar-Ilan University), Jun Furukawa (NEC), Tamar Lichter (Queens College - CUNY), Yehuda Lindell (Bar-Ilan University), Ariel Nof (Bar-Ilan University), Kazuma Ohara (NEC), Adi Watzman (The Weizmann Institute of Science), Or Weinstein (Bar-Ilan University)
Protecting Bare-metal Embedded Systems with Privilege Overlays
Abraham A Clements (Purdue and Sandia National Labs), Naif Saleh Almakhdhub (Purdue), Khaled Saab (Georgia Institute of Technology), Prashast Srivastava (Purdue), Jinkyu Koo (Purdue), Saurabh Bagchi (Purdue), Mathias Payer (Purdue)
Pyramid: Enhancing Selectivity in Big Data Protection with Count Featurization
Mathias Lecuyer (Columbia University), Riley Spahn (Columbia University), Roxana Geambasu (Columbia University), Tzu-Kuo Huang (Uber Advanced Technologies Group), Siddhartha Sen (Microsoft Research)
Scalable Bias-Resistant Distributed Randomness
Ewa Syta (Trinity College), Philipp Jovanovic (École Polytechnique Fédérale de Lausanne), Eleftherios Kokoris Kogias (École Polytechnique Fédérale de Lausanne), Nicolas Gailly (École Polytechnique Fédérale de Lausanne), Linus Gasser (École Polytechnique Fédérale de Lausanne), Ismail Khoffi (École Polytechnique Fédérale de Lausanne), Michael J. Fischer (Yale University), Bryan Ford (École Polytechnique Fédérale de Lausanne)
SecureML: A System for Scalable Privacy-Preserving Machine Learning
Payman Mohassel (Visa Research), Yupeng Zhang (University of Maryland)
Securing Augmented Reality Output
Kiron Lebeck (University of Washington), Kimberly Ruth (University of Washington), Tadayoshi Kohno (University of Washington), Franziska Roesner (University of Washington)
Side-Channel Attacks on Shared Search Indexes
Liang Wang (University of Wisconsin, Madison), Paul Grubbs (Cornell Tech), Jiahui Lu (SJTU), Vincent Bindschaedler (UIUC), David Cash (Rutgers University), Thomas Ristenpart (Cornell Tech)
Skyfire: Data-Driven Seed Generation for Fuzzing
Junjie WANG (Nanyang Technological University), Bihuan CHEN (Nanyang Technological University), Lei WEI (Nanyang Technological University), Yang LIU (Nanyang Technological University)
SmarPer: Context-Aware and Automatic Runtime-Permissions for Mobile Devices
Katarzyna Olejnik (Raytheon BBN Technologies), Italo Dacosta (EPFL), Joana Machado (EPFL), Kévin Huguenin (UNIL), Mohammad Emtiyaz Khan (Center for Advanced Intelligence Project (AIP), RIKEN, Tokyo), Jean-Pierre Hubaux (EPFL)
SoK: Cryptographically Protected Database Search
Benjamin Fuller (University of Connecticut), Mayank Varia (Boston University), Arkady Yerukhimovich (MIT Lincoln Laboratory), Emily Shen (MIT Lincoln Laboratory), Ariel Hamlin (MIT Lincoln Laboratory), Vijay Gadepally (MIT Lincoln Laboratory), Richard Shay (MIT Lincoln Laboratory), John Darby Mitchell (MIT Lincoln Laboratory), Robert K. Cunningham (MIT Lincoln Laboratory)
SoK: Exploiting Network Printers
Jens Müller (Horst Görtz Institute for IT-Security, Ruhr University Bochum ), Vladislav Mladenov (Horst Görtz Institute for IT-Security, Ruhr University Bochum), Juraj Somorovsky (Horst Görtz Institute for IT-Security, Ruhr University Bochum), Jörg Schwenk (Horst Görtz Institute for IT-Security, Ruhr University Bochum)
SoK: Science, Security, and the Elusive Goal of Security as a Scientific Pursuit
Cormac Herley (Microsoft Research, USA), Paul C. van Oorschot (Carleton University, Canada)
Spotless Sandboxes: Evading Malware Analysis Systems using Wear-and-Tear Artifacts
Najmeh Miramirkhani (Stony Brook University), Mahathi Priya Appini (Stony Brook University), Nick Nikiforakis (Stony Brook University), Michalis Polychronakis (Stony Brook University)
Stack Overflow Considered Harmful? The Impact of Copy&Paste on Android Application Security
Felix Fischer (AISEC, Fraunhofer), Konstantin Böttinger (AISEC, Fraunhofer), Huang Xiao (AISEC, Fraunhofer), Christian Stransky (CISPA, Saarland University), Yasemin Acar (CISPA, Saarland University), Michael Backes (CISPA, Saarland University & MPI-SWS), Sascha Fahl (CISPA, Saarland University)
SymCerts: Practical Symbolic Execution For Exposing Noncompliance in X.509 Certificate Validation Implementations
Sze Yiu Chau (Purdue University), Omar Chowdhury (The University of Iowa), Endadul Hoque (Purdue University), Huangyi Ge (Purdue University), Aniket Kate (Purdue University), Cristina Nita-Rotaru (Northeastern University), Ninghui Li (Purdue University)
SysPal:System-guided Pattern Locks for Android
Geumhwan Cho (Sungkyunkwan University), Jun Ho Huh (Software R&D Center, Samsung Electronics), Junsung Cho (Sungkyunkwan University), Seongyeol Oh (Sungkyunkwan University), Youngbae Song (Sungkyunkwan University), Hyoungshick Kim (Sungkyunkwan University)
The Feasibility of Dynamically Granted Permissions: Aligning Mobile Privacy with User Preferences
Primal Wijesekera (University of British Columbia), Arjun Baokar (University of California, Berkeley), Lynn Tsai (University of California, Berkeley), Joel Reardon (University of California, Berkeley), Serge Egelman (University of California, Berkeley), David Wagner (University of California, Berkeley), Konstantin Beznosov (University of British Columbia)
The Password Reset MitM Attack
Nethanel Gelernter (Cyberpion & The College of Management Academic Studies), Senia Kalma (The College of Management Academic Studies), Bar Magnezi (The College of Management Academic Studies), Hen Porcilan (The College of Management Academic Studies)
To Catch a Ratter: Monitoring the Behavior of Amateur DarkComet RAT Operators in the Wild
Brown Farinholt (UC San Diego), Mohammad Rezaeirad (GMU), Paul Pearce (UC Berkeley), Hitesh Dharamdasani (Informant Networks), Haikuo Yin (UC San Diego), Stevens LeBlond (EPFL and MPI-SWS), Damon McCoy (NYU), Kirill Levchenko (UC San Diego)
Towards Evaluating the Robustness of Neural Networks
Nicholas Carlini (University of California, Berkeley), David Wagner (University of California, Berkeley)
Under the Shadow of Sunshine: Understanding and Detecting Bulletproof Hosting on Legitimate Service Provider Networks
Sumayah Alrwais (Indiana University at Bloomington), Xiaojing Liao (Georgia Institute of Technology), Xianghang Mi (Indiana University at Bloomington), Peng Wang (Indiana University at Bloomington), XiaoFeng Wang (Indiana University at Bloomington), Feng Qian (Indiana University at Bloomington), Raheem Beyah (Georgia Institute of Technology), Damon McCoy (New York University)
VUDDY: A Scalable Approach for Vulnerable Code Clone Discovery
Seulbae Kim (Korea University), Seunghoon Woo (Korea University), Heejo Lee (Korea University), Hakjoo Oh (Korea University)
Verified Models and Reference Implementations for the TLS 1.3 Standard Candidate
Karthikeyan Bhargavan (INRIA), Bruno Blanchet (INRIA), Nadim Kobeissi (INRIA)
Verifying and Synthesizing Constant-Resource Implementations with Types
Van Chan Ngo (Carnegie Mellon University), Mario Dehesa-Azuara (Carnegie Mellon University), Matthew Fredrikson (Carnegie Mellon University), Jan Hoffmann (Carnegie Mellon University)
XHOUND: Quantifying the Fingerprintability of Browser Extensions
Oleksii Starov (Stony Brook University), Nick Nikiforakis (Stony Brook University)
Your Exploit is Mine: Automatic Shellcode Transplant for Remote Exploits
Tiffany Bao (CMU), Ruoyu Wang (UCSB), Yan Shoshitaishvili (UCSB), David Brumley (CMU)
vSQL: Verifying Arbitrary SQL Queries over Dynamic Outsourced Databases
Yupeng Zhang (University of Maryland), Daniel Genkin (University of Maryland & University of Pennsylvania), Jonathan Katz (University of Maryland), Dimitrios Papadopoulos (University of Maryland), Charalampos Papamanthou (University of Maryland)