default search action
21st CCS 2014: Scottsdale, AZ, USA
- Gail-Joon Ahn, Moti Yung, Ninghui Li:
Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, Scottsdale, AZ, USA, November 3-7, 2014. ACM 2014, ISBN 978-1-4503-2957-6
Session 1A -- Payments & Security
- Karim El Defrawy, Joshua Lampkins:
Founding Digital Currency on Secure Computation. 1-14 - Alex Biryukov, Dmitry Khovratovich, Ivan Pustogarov:
Deanonymisation of Clients in Bitcoin P2P Network. 15-29 - Ranjit Kumaresan, Iddo Bentov:
How to Use Bitcoin to Incentivize Correct Computations. 30-41
Session 1B -- Code Manipulation
- Johannes Dahse, Nikolai Krein, Thorsten Holz:
Code Reuse Attacks in PHP: Automated POP Chain Generation. 42-53 - Jeff Seibert, Hamed Okkhravi, Eric Söderström:
Information Leaks Without Memory Disclosures: Remote Side Channel Attacks on Diversified Code. 54-65 - Xing Jin, Xunchao Hu, Kailiang Ying, Wenliang Du, Heng Yin, Gautam Nagesh Peri:
Code Injection Attacks on HTML5-based Mobile Apps: Characterization, Detection and Mitigation. 66-77
Session 1C -- Operating Systems
- Seungwon Shin, YongJoo Song, Taekyung Lee, Sangho Lee, Jaewoong Chung, Phillip A. Porras, Vinod Yegneswaran, Jiseong Noh, Brent ByungHoon Kang:
Rosemary: A Robust, Secure, and High-performance Network Operating System. 78-89 - Ahmed M. Azab, Peng Ning, Jitesh Shah, Quan Chen, Rohan Bhutkar, Guruprasad Ganesh, Jia Ma, Wenbo Shen:
Hypervision Across Worlds: Real-time Kernel Protection from the ARM TrustZone Secure World. 90-102 - Yeongjin Jang, Chengyu Song, Simon P. Chung, Tielei Wang, Wenke Lee:
A11y Attacks: Exploiting Accessibility in Operating Systems. 103-115
Session 2A -- Advertisement: Security & Privacy
- Alexey Reznichenko, Paul Francis:
Private-by-Design Advertising Meets the Real World. 116-128 - Wei Meng, Xinyu Xing, Anmol Sheth, Udi Weinsberg, Wenke Lee:
Your Online Interests: Pwned! A Pollution Attack Against Targeted Advertising. 129-140 - Paul Pearce, Vacha Dave, Chris Grier, Kirill Levchenko, Saikat Guha, Damon McCoy, Vern Paxson, Stefan Savage, Geoffrey M. Voelker:
Characterizing Large-Scale Click Fraud in ZeroAccess. 141-152
Session 2B -- Malware
- Jie Zhang, Feng Yuan, Qiang Xu:
DeTrust: Defeating Hardware Trust Verification with Stealthy Implicitly-Triggered Hardware Trojans. 153-166 - DaeHee Jang, Hojoon Lee, Minsu Kim, Daehyeok Kim, Daegyeong Kim, Brent ByungHoon Kang:
ATRA: Address Translation Redirection Attack against Hardware-based External Monitors. 167-178 - Zhaoyan Xu, Antonio Nappa, Robert Baykov, Guangliang Yang, Juan Caballero, Guofei Gu:
AUTOPROBE: Towards Automatic Active Malicious Server Probing Using Dynamic Binary Analysis. 179-190
Session 2C -- Oblivious Computations
- Xiao Shaun Wang, Yan Huang, T.-H. Hubert Chan, Abhi Shelat, Elaine Shi:
SCORAM: Oblivious RAM for Secure Computation. 191-202 - Erik-Oliver Blass, Travis Mayberry, Guevara Noubir, Kaan Onarlioglu:
Toward Robust Hidden Volumes Using Write-Only Oblivious RAM. 203-214 - Xiao Shaun Wang, Kartik Nayak, Chang Liu, T.-H. Hubert Chan, Elaine Shi, Emil Stefanov, Yan Huang:
Oblivious Data Structures. 215-226
Session 3A -- Location/Web Privacy
- Xiang Cai, Rishab Nithyanand, Tao Wang, Rob Johnson, Ian Goldberg:
A Systematic Approach to Developing and Evaluating Website Fingerprinting Defenses. 227-238 - Kassem Fawaz, Kang G. Shin:
Location Privacy Protection for Smartphone Users. 239-250 - Nicolás Emilio Bordenabe, Konstantinos Chatzikokolakis, Catuscia Palamidessi:
Optimal Geo-Indistinguishable Mechanisms for Location Privacy. 251-262 - Marc Juarez, Sadia Afroz, Gunes Acar, Claudia Díaz, Rachel Greenstadt:
A Critical Evaluation of Website Fingerprinting Attacks. 263-274
Session 3B -- Applications Oriented Cryptosystems
- Florian Kerschbaum, Axel Schröpfer:
Optimal Average-Complexity Ideal-Security Order-Preserving Encryption. 275-286 - Jung Hee Cheon, Hyung Tae Lee, Jae Hong Seo:
A New Additive Homomorphic Encryption based on the co-ACD Problem. 287-298 - Yu-Fang Chen, Chang-Hong Hsu, Hsin-Hung Lin, Peter Schwabe, Ming-Hsien Tsai, Bow-Yaw Wang, Bo-Yin Yang, Shang-Yi Yang:
Verifying Curve25519 Software. 299-309 - Florian Hahn, Florian Kerschbaum:
Searchable Encryption with Secure and Efficient Updates. 310-320
Session 3C -- Network Security
- Min Suk Kang, Virgil D. Gligor:
Routing Bottlenecks in the Internet: Causes, Exploits, and Countermeasures. 321-333 - Hemant Sengar:
VoIP Fraud: Identifying a Wolf in Sheep's Clothing. 334-345 - Fuyuan Zhang, Limin Jia, Cristina Basescu, Tiffany Hyun-Jin Kim, Yih-Chun Hu, Adrian Perrig:
Mechanized Network Origin and Path Authenticity Proofs. 346-357 - WonJun Song, John Kim, Jae W. Lee, Dennis Abts:
Security Vulnerability in Processor-Interconnect Router Design. 358-368
Session 4A -- SSL/TLS
- Florian Bergsma, Benjamin Dowling, Florian Kohlar, Jörg Schwenk, Douglas Stebila:
Multi-Ciphersuite Security of the Secure Shell (SSH) Protocol. 369-381 - David A. Basin, Cas Cremers, Tiffany Hyun-Jin Kim, Adrian Perrig, Ralf Sasse, Pawel Szalachowski:
ARPKI: Attack Resilient Public-Key Infrastructure. 382-393 - Adam Bates, Joe Pletcher, Tyler Nichols, Braden Hollembaek, Dave Tian, Kevin R. B. Butler, Abdulrahman Alkhelaifi:
Securing SSL Certificate Verification through Dynamic Linking. 394-405 - Pawel Szalachowski, Stephanos Matsumoto, Adrian Perrig:
PoliCert: Secure and Flexible TLS Certificate Management. 406-417
Session 4B -- Leakage Attacks: Side Channels
- Yi Xu, Jan-Michael Frahm, Fabian Monrose:
Watching the Watchers: Automatically Inferring TV Content From Outdoor Light Effusions. 418-428 - Zhe Zhou, Wenrui Diao, Xiangyu Liu, Kehuan Zhang:
Acoustic Fingerprinting Revisited: Generate Stable Device ID Stealthily with Inaudible Sound. 429-440 - Anupam Das, Nikita Borisov, Matthew Caesar:
Do You Hear What I Hear?: Fingerprinting Smart Devices Through Embedded Acoustic Components. 441-452 - Tong Zhu, Qiang Ma, Shanfeng Zhang, Yunhao Liu:
Context-free Attacks Using Keyboard Acoustic Emanations. 453-464
Session 4C -- Attacking Web Accounts
- Kurt Thomas, Dmytro Iatskiv, Elie Bursztein, Tadek Pietraszek, Chris Grier, Damon McCoy:
Dialing Back Abuse on Phone Verified Accounts. 465-476 - Qiang Cao, Xiaowei Yang, Jieqi Yu, Christopher Palow:
Uncovering Large Groups of Active Malicious Accounts in Online Social Networks. 477-488 - Kurt Thomas, Frank Li, Chris Grier, Vern Paxson:
Consequences of Connectivity: Characterizing Account Hijacking on Twitter. 489-500 - Iasonas Polakis, Panagiotis Ilia, Federico Maggi, Marco Lancini, Georgios Kontaxis, Stefano Zanero, Sotiris Ioannidis, Angelos D. Keromytis:
Faces in the Distorting Mirror: Revisiting Photo-based Social Authentication. 501-512
Session 5A -- Anonymity
- Michael Backes, Aniket Kate, Sebastian Meiser, Esfandiar Mohammadi:
(Nothing else) MATor(s): Monitoring the Anonymity of Tor's Path Selection. 513-524 - Abhinav Narain, Nick Feamster, Alex C. Snoeren:
Deniable Liaisons. 525-536 - Shirin Nilizadeh, Apu Kapadia, Yong-Yeol Ahn:
Community-Enhanced De-anonymization of Online Social Networks. 537-548
Session 5B -- Hardware Security
- Markus Kammerstetter, Markus Muellner, Daniel Burian, Christian Platzer, Wolfgang Kastner:
Breaking Integrated Circuit Device Security through Test Mode Silicon Reverse Engineering. 549-557 - Yajin Zhou, Xiaoguang Wang, Yue Chen, Zhi Wang:
ARMlock: Hardware-based Fault Isolation for ARM. 558-569 - David A. Cock, Qian Ge, Toby C. Murray, Gernot Heiser:
The Last Mile: An Empirical Study of Timing Channels on seL4. 570-581
Session 5C -- Secure Computation Protocols
- Benjamin Mood, Debayan Gupta, Kevin R. B. Butler, Joan Feigenbaum:
Reuse It Or Lose It: More Efficient Secure Computation Through Reuse of Encrypted Values. 582-596 - Ran Canetti, Abhishek Jain, Alessandra Scafuro:
Practical UC security with a Global Random Oracle. 597-608 - Gergei Bana, Hubert Comon-Lundh:
A Computationally Complete Symbolic Attacker for Equivalence Properties. 609-620
Session 6A -- Transportation Security
- Gorkem Kar, Hossen Asiful Mustafa, Yan Wang, Yingying Chen, Wenyuan Xu, Marco Gruteser, Tam Vu:
Detection of On-Road Vehicles Emanating GPS Interference. 621-632 - Devin Lundberg, Brown Farinholt, Edward Sullivan, Ryan A. Mast, Stephen Checkoway, Stefan Savage, Alex C. Snoeren, Kirill Levchenko:
On The Security of Mobile Cockpit Information Systems. 633-645
Session 6B -- Cryptographic Obfuscation
- Prabhanjan Vijendra Ananth, Divya Gupta, Yuval Ishai, Amit Sahai:
Optimizing Obfuscation: Avoiding Barrington's Theorem. 646-658 - Kim Ramchen, Brent Waters:
Fully Secure and Fast Signing from Obfuscation. 659-673
Session 6C -- Web Vulnerabilities
- Gunes Acar, Christian Eubank, Steven Englehardt, Marc Juarez, Arvind Narayanan, Claudia Díaz:
The Web Never Forgets: Persistent Tracking Mechanisms in the Wild. 674-689 - Maliheh Monshizadeh, Prasad Naldurg, V. N. Venkatakrishnan:
MACE: Detecting Privilege Escalation Vulnerabilities in Web Applications. 690-701
Keynote Address I
- Adrian Perrig:
Exciting Security Research Opportunity: Next-generation Internet. 702
Session 7A -- Real-World Systems: Analysis & Threats
- Drew Springall, Travis Finkenauer, Zakir Durumeric, Jason Kitcat, Harri Hursti, Margaret MacAlpine, J. Alex Halderman:
Security Analysis of the Estonian Internet Voting System. 703-715 - Martin Emms, Budi Arief, Leo Freitas, Joseph Hannon, Aad P. A. van Moorsel:
Harvesting High Value Foreign Currency Transactions from EMV Contactless Credit Cards Without the PIN. 716-726 - Chunyi Peng, Chi-Yu Li, Hongyi Wang, Guan-Hua Tu, Songwu Lu:
Real Threats to Your Data Bills: Security Loopholes and Defenses in Mobile Data Charging. 727-738
Session 7B -- User Aspects
- Sauvik Das, Adam D. I. Kramer, Laura A. Dabbish, Jason I. Hong:
Increasing Security Sensitivity With Social Proof: A Large-Scale Experimental Confirmation. 739-749 - Serge Egelman, Sakshi Jain, Rebecca S. Portnoff, Kerwell Liao, Sunny Consolvo, David A. Wagner:
Are You Ready to Lock? 750-761 - Omer Tripp, Salvatore Guarnieri, Marco Pistoia, Aleksandr Y. Aravkin:
ALETHEIA: Improving the Usability of Static Security Analysis. 762-774
Session 7C -- Wireless Security
- Yu-Chih Tung, Sihui Han, Dongyao Chen, Kang G. Shin:
Vulnerability and Protection of Channel State Information in Multiuser MIMO Networks. 775-786 - Vireshwar Kumar, Jung-Min Park, Kaigui Bian:
Blind Transmitter Authentication for Spectrum Security and Enforcement. 787-798 - Aaron Schulman, Dave Levin, Neil Spring:
RevCast: Fast, Private Certificate Revocation over FM Radio. 799-810
Session 8A -- Secure Outsourced Computations
- Dimitrios Papadopoulos, Stavros Papadopoulos, Nikos Triandopoulos:
Taking Authenticated Range Queries to Arbitrary Dimensions. 819-830 - Frederik Armknecht, Jens-Matthias Bohli, Ghassan O. Karame, Zongren Liu, Christian A. Reuter:
Outsourced Proofs of Retrievability. 831-843 - Dario Fiore, Rosario Gennaro, Valerio Pastro:
Efficiently Verifiable Computation on Encrypted Data. 844-855 - Yupeng Zhang, Charalampos Papamanthou, Jonathan Katz:
ALITHEIA: Towards Practical Verifiable Graph Processing. 856-867
Session 8B -- Mobile Security
- Maliheh Shirvanian, Nitesh Saxena:
Wiretapping via Mimicry: Short Voice Imitation Man-in-the-Middle Attacks on Crypto Phones. 868-879 - Markus Miettinen, N. Asokan, Thien Duc Nguyen, Ahmad-Reza Sadeghi, Majid Sobhani:
Context-Based Zero-Interaction Pairing and Key Evolution for Advanced Personal Devices. 880-891 - Eric Yawei Chen, Yutong Pei, Shuo Chen, Yuan Tian, Robert Kotcher, Patrick Tague:
OAuth Demystified for Mobile Application Developers. 892-903 - Diksha Shukla, Rajesh Kumar, Abdul Serwadda, Vir V. Phoha:
Beware, Your Hands Reveal Your Secrets! 904-917
Session 8C -- Security of Web Components
- Tom van Goethem, Frank Piessens, Wouter Joosen, Nick Nikiforakis:
Clubbing Seals: Exploring the Ecosystem of Third-party Security Seals. 918-929 - Nektarios Leontiadis, Tyler Moore, Nicolas Christin:
A Nearly Four-Year Longitudinal Study of Search-Engine Poisoning. 930-941 - Frederico Araujo, Kevin W. Hamlen, Sebastian Biedermann, Stefan Katzenbeisser:
From Patches to Honey-Patches: Lightweight Attacker Misdirection, Deception, and Disinformation. 942-953 - Yu-ichi Hayashi, Naofumi Homma, Mamoru Miura, Takafumi Aoki, Hideaki Sone:
A Threat for Tablet PCs in Public Space: Remote Visualization of Screen Images Using EM Emanation. 954-965
Session 9A -- Cloud & Search Issues
- Arthur Gervais, Reza Shokri, Adish Singla, Srdjan Capkun, Vincent Lenders:
Quantifying Web-Search Privacy. 966-977 - Tongxin Li, Xiao-yong Zhou, Luyi Xing, Yeonjoon Lee, Muhammad Naveed, XiaoFeng Wang, Xinhui Han:
Mayhem in the Push Clouds: Understanding and Mitigating Security Hazards in Mobile Push-Messaging Services. 978-989 - Yinqian Zhang, Ari Juels, Michael K. Reiter, Thomas Ristenpart:
Cross-Tenant Side-Channel Attacks in PaaS Clouds. 990-1003
Session 9B -- Crypto Implementations
- Mario Cornejo, Sylvain Ruhault:
Characterization of Real-Life PRNGs under Partial State Corruption. 1004-1015 - Gilles Barthe, François Dupressoir, Pierre-Alain Fouque, Benjamin Grégoire, Jean-Christophe Zapalowicz:
Synthesis of Fault Attacks on Cryptographic Implementations. 1016-1027 - Warren He, Devdatta Akhawe, Sumeet Jain, Elaine Shi, Dawn Xiaodong Song:
ShadowCrypt: Encrypted Web Applications for Everyone. 1028-1039
Session 9C: Data Privacy
- Shouling Ji, Weiqing Li, Mudhakar Srivatsa, Raheem A. Beyah:
Structural Data De-anonymization: Quantification, Practice, and Implications. 1040-1053 - Úlfar Erlingsson, Vasyl Pihur, Aleksandra Korolova:
RAPPOR: Randomized Aggregatable Privacy-Preserving Ordinal Response. 1054-1067 - Tariq Elahi, George Danezis, Ian Goldberg:
PrivEx: Private Collection of Traffic Statistics for Anonymous Communication Networks. 1068-1079
Session 10A -- Information Flow
- Musard Balliu, Mads Dam, Roberto Guanciale:
Automating Information Flow Analysis of Low Level Code. 1080-1091 - Michael D. Ernst, René Just, Suzanne Millstein, Werner Dietl, Stuart Pernsteiner, Franziska Roesner, Karl Koscher, Paulo Barros, Ravi Bhoraskar, Seungyeop Han, Paul Vines, Edward XueJun Wu:
Collaborative Verification of Information Flow for a High-Assurance App Store. 1092-1104
Session 10B -- Malware Studies
- Mu Zhang, Yue Duan, Heng Yin, Zhiruo Zhao:
Semantics-Aware Android Malware Classification Using Weighted Contextual API Dependency Graphs. 1105-1116 - Ting-Fang Yen, Victor Heorhiadi, Alina Oprea, Michael K. Reiter, Ari Juels:
An Epidemiological Study of Malware Encounters in a Large Enterprise. 1117-1130
Session 10C -- System-Oriented Crypto Integration
- Giorgos Vasiliadis, Elias Athanasopoulos, Michalis Polychronakis, Sotiris Ioannidis:
PixelVault: Using GPUs for Securing Cryptographic Operations. 1131-1142 - Sascha Fahl, Sergej Dechand, Henning Perl, Felix Fischer, Jaromir Smrcek, Matthew Smith:
Hey, NSA: Stay Away from my Market! Future Proofing App Markets against Powerful Attackers. 1143-1155
Keynote Address II
- Christopher W. Clifton:
Privacy Beyond Confidentiality. 1156
Session 11A -- Access Control
- Petar Tsankov, Srdjan Marinovic, Mohammad Torabi Dashti, David A. Basin:
Fail-Secure Access Control. 1157-1168 - Franziska Roesner, David Molnar, Alexander Moshchuk, Tadayoshi Kohno, Helen J. Wang:
World-Driven Access Control for Continuous Sensing. 1169-1181 - Wen Zhang, You Chen, Thaddeus Cybulski, Daniel Fabbri, Carl A. Gunter, Patrick N. Lawlor, David M. Liebovitz, Bradley A. Malin:
Decide Now or Decide Later?: Quantifying the Tradeoff between Prospective and Retrospective Access Decisions. 1182-1192
Session 11B -- Authentication
- Marc Fischlin, Felix Günther:
Multi-Stage Key Exchange and the Case of Google's QUIC Protocol. 1193-1204 - Melissa Chase, Sarah Meiklejohn, Greg Zaverucha:
Algebraic MACs and Keyed-Verification Anonymous Credentials. 1205-1216 - Bin B. Zhu, Jeff Yan, Dongchen Wei, Maowei Yang:
Security Analyses of Click-based Graphical Passwords via Image Point Memorability. 1217-1231
Session 11C -- Web Security Tools
- Minh-Thai Trinh, Duc-Hiep Chu, Joxan Jaffar:
S3: A Symbolic String Solver for Vulnerability Detection in Web Applications. 1232-1243 - Christopher Neasbitt, Roberto Perdisci, Kang Li, Terry Nelms:
ClickMiner: Towards Forensic Reconstruction of User-Browser Interactions from Network Traces. 1244-1255 - Sandy Clark, Michael Collis, Matt Blaze, Jonathan M. Smith:
Moving Targets: Security and Rapid-Release in Firefox. 1256-1266
Session 12A -- Cryptographic Schemes & Techniques
- Gilles Barthe, Gustavo Betarte, Juan Diego Campo, Carlos Daniel Luna, David Pichardie:
System-level Non-interference for Constant-time Cryptography. 1267-1279 - Daniel Luchaup, Thomas Shrimpton, Thomas Ristenpart, Somesh Jha:
Formatted Encryption Beyond Regular Languages. 1292-1303 - Jelle van den Hooff, M. Frans Kaashoek, Nickolai Zeldovich:
VerSum: Verifiable Computations over Large Public Logs. 1304-1316
Session 12B -- Secure Programming & Apps
- Ben Niu, Gang Tan:
RockJIT: Securing Just-In-Time Compilation Using Modular Control-Flow Integrity. 1317-1328 - Fengguo Wei, Sankardas Roy, Xinming Ou, Robby:
Amandroid: A Precise and General Inter-component Data Flow Analysis Framework for Security Vetting of Android Apps. 1329-1341 - Michael Backes, Thorsten Holz, Benjamin Kollenda, Philipp Koppe, Stefan Nürnberger, Jannik Pewny:
You Can Run but You Can't Read: Preventing Disclosure Exploits in Executable Code. 1342-1353 - Zhengyang Qu, Vaibhav Rastogi, Xinyi Zhang, Yan Chen, Tiantian Zhu, Zhong Chen:
AutoCog: Measuring the Description-to-permission Fidelity in Android Applications. 1354-1365
Session 12C -- Systems: Attacks & Security
- Anil Kurmus, Robby Zippel:
A Tale of Two Kernels: Towards Ending Kernel Hardening Wars with Split Kernel. 1366-1377 - Lorenzo De Carli, Robin Sommer, Somesh Jha:
Beyond Pattern Matching: A Concurrency Model for Stateful Deep Packet Inspection. 1378-1390 - Mark S. Dittmer, Mahesh V. Tripunitara:
The UNIX Process Identity Crisis: A Standards-Driven Approach to Setuid. 1391-1402 - Qinggang Yue, Zhen Ling, Xinwen Fu, Benyuan Liu, Kui Ren, Wei Zhao:
Blind Recognition of Touched Keys on Mobile Devices. 1403-1414
Poster Presentations
- Aaron Atwater, Hassan Khan, Urs Hengartner:
POSTER: When and How to Implicitly Authenticate Smartphone Users. 1415-1417 - Gamze Canova, Melanie Volkamer, Simon Weiler:
POSTER: Password Entering and Transmission Security. 1418-1420 - Dai Yumei, Liang Yu, Li Ke:
POSTER: A Hybrid Botnet Ecological Environment. 1421-1423 - Bhaswati Deka, Ryan M. Gerdes, Ming Li, Kevin P. Heaslip:
POSTER: Analysis and Comparison of Secure Localization Schemes for Intelligent Transportation Systems. 1424-1426 - Huan Feng, Kang G. Shin:
POSTER: Positioning Attack on Proximity-Based People Discovery. 1427-1429