default search action
22nd CCS 2015: Denver, CO, USA
- Indrajit Ray, Ninghui Li, Christopher Kruegel:
Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, Denver, CO, USA, October 12-16, 2015. ACM 2015, ISBN 978-1-4503-3832-5
Keynote Talks
- Moti Yung:
From Mental Poker to Core Business: Why and How to Deploy Secure Computation Protocols? 1-2 - Edward W. Felten:
Keynote Talk. 3
Session 1A: How Real World Crypto Fails
- David Adrian, Karthikeyan Bhargavan, Zakir Durumeric, Pierrick Gaudry, Matthew Green, J. Alex Halderman, Nadia Heninger, Drew Springall, Emmanuel Thomé, Luke Valenta, Benjamin VanderSloot, Eric Wustrow, Santiago Zanella Béguelin, Paul Zimmermann:
Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice. 5-17 - Carlo Meijer, Roel Verdult:
Ciphertext-only Cryptanalysis on Hardened Mifare Classic Cards. 18-30
Session 1B: MAC OS and iOS Security
- Luyi Xing, Xiaolong Bai, Tongxin Li, XiaoFeng Wang, Kai Chen, Xiaojing Liao, Shi-Min Hu, Xinhui Han:
Cracking App Isolation on Apple: Unauthorized Cross-App Resource Access on MAC OS~X and iOS. 31-43 - Zhui Deng, Brendan Saltaformaggio, Xiangyu Zhang, Dongyan Xu:
iRiS: Vetting Private API Abuse in iOS Applications. 44-56
Session 1C: Censorship and Resistance
- Liang Wang, Kevin P. Dyer, Aditya Akella, Thomas Ristenpart, Thomas Shrimpton:
Seeing through Network-Protocol Obfuscation. 57-69 - John Holowczak, Amir Houmansadr:
CacheBrowser: Bypassing Chinese Censorship without Proxies Using Cached Content. 70-83
Session 2A: Authenticated Encryption
- Viet Tung Hoang, Jonathan Katz, Alex J. Malozemoff:
Automated Analysis and Synthesis of Authenticated Encryption Schemes. 84-95 - Olivier Pereira, François-Xavier Standaert, Srinivas Vivek:
Leakage-Resilient Authentication and Encryption from Symmetric Cryptographic Primitives. 96-108 - Shay Gueron, Yehuda Lindell:
GCM-SIV: Full Nonce Misuse-Resistant Authenticated Encryption at Under One Cycle per Byte. 109-119
Session 2B: Android and Web Forensics
- Brendan Saltaformaggio, Rohit Bhatia, Zhongshu Gu, Xiangyu Zhang, Dongyan Xu:
GUITAR: Piecing Together Android App GUIs from Memory Images. 120-132 - Christopher Neasbitt, Bo Li, Roberto Perdisci, Long Lu, Kapil Singh, Kang Li:
WebCapsule: Towards a Lightweight Forensic Engine for Web Browsers. 133-145 - Brendan Saltaformaggio, Rohit Bhatia, Zhongshu Gu, Xiangyu Zhang, Dongyan Xu:
VCR: App-Agnostic Recovery of Photographic Evidence from Android Device Memory Images. 146-157
Session 2C: Password Security
- Matteo Dell'Amico, Maurizio Filippone:
Monte Carlo Strength Evaluation: Fast and Reliable Password Checking. 158-169 - Jun Ho Huh, Seongyeol Oh, Hyoungshick Kim, Konstantin Beznosov, Apurva Mohan, S. Raj Rajagopalan:
Surpass: System-initiated User-replaceable Passwords. 170-181 - Jan Camenisch, Anja Lehmann, Gregory Neven:
Optimal Distributed Password Verification. 182-194
Session 3A: Using CryptoCurrency
- Ranjit Kumaresan, Tal Moran, Iddo Bentov:
How to Use Bitcoin to Play Decentralized Poker. 195-206 - Rafael Pass, Abhi Shelat:
Micropayments for Decentralized Currencies. 207-218 - Tim Ruffing, Aniket Kate, Dominique Schröder:
Liar, Liar, Coins on Fire!: Penalizing Equivocation By Loss of Bitcoins. 219-230 - Aggelos Kiayias, Qiang Tang:
Traitor Deterring Schemes: Using Bitcoin as Collateral for Digital Content. 231-242
Session 3B: Memory Randomization
- Stephen J. Crane, Stijn Volckaert, Felix Schuster, Christopher Liebchen, Per Larsen, Lucas Davi, Ahmad-Reza Sadeghi, Thorsten Holz, Bjorn De Sutter, Michael Franz:
It's a TRaP: Table Randomization and Protection against Function-Reuse Attacks. 243-255 - Adrian Tang, Simha Sethumadhavan, Salvatore J. Stolfo:
Heisenbyte: Thwarting Memory Disclosure Attacks using Destructive Code Reads. 256-267 - David Bigelow, Thomas Hobson, Robert Rudd, William W. Streilein, Hamed Okhravi:
Timely Rerandomization for Mitigating Memory Disclosures. 268-279 - Kangjie Lu, Chengyu Song, Byoungyoung Lee, Simon P. Chung, Taesoo Kim, Wenke Lee:
ASLR-Guard: Stopping Address Space Leakage for Code Reuse Attacks. 280-291
Session 3C: Wireless and VoLTE Security
- Tao Wang, Yao Liu, Qingqi Pei, Tao Hou:
Location-restricted Services Access Control Leveraging Pinpoint Waveforming. 292-303 - Xiaocong Jin, Jingchao Sun, Rui Zhang, Yanchao Zhang:
SafeDSA: Safeguard Dynamic Spectrum Access against Fake Secondary Users. 304-315 - Chi-Yu Li, Guan-Hua Tu, Chunyi Peng, Zengwen Yuan, Yuanjie Li, Songwu Lu, Xinbing Wang:
Insecurity of Voice Solution VoLTE in LTE Mobile Networks. 316-327 - Hongil Kim, Dongkwan Kim, Minhee Kwon, HyungSeok Han, Yeongjin Jang, Dongsu Han, Taesoo Kim, Yongdae Kim:
Breaking and Fixing VoLTE: Exploiting Hidden Data Channels and Mis-implementations. 328-339
Session 4A: Applied Crypto
- Fabian van den Broek, Roel Verdult, Joeri de Ruiter:
Defeating IMSI Catchers. 340-351 - Aggelos Kiayias, Thomas Zacharias, Bingsheng Zhang:
DEMOS-2: Scalable E2E Verifiable Elections without Random Oracles. 352-363 - Giuseppe Ateniese, Bernardo Magri, Daniele Venturi:
Subversion-Resilient Signature Schemes. 364-375 - Qian Wang, Kui Ren, Guancheng Li, Chenbo Xia, Xiaobing Chen, Zhibo Wang, Qin Zou:
Walls Have Ears! Opportunistically Communicating Secret Messages Over the Wiretap Channel: from Theory to Practice. 376-387
Session 4B: Software Vulnerabilities
- Qi Alfred Chen, Zhiyun Qian, Yunhan Jack Jia, Yuru Shao, Zhuoqing Morley Mao:
Static Detection of Packet Injection Vulnerabilities: A Case for Identifying Attacker-controlled Implicit Information Leaks. 388-400 - Xiaokui Shu, Danfeng Yao, Naren Ramakrishnan:
Unearthing Stealthy Program Attacks Buried in Extremely Long Execution Paths. 401-413 - Wen Xu, Juanru Li, Junliang Shu, Wenbo Yang, Tianyi Xie, Yuanyuan Zhang, Dawu Gu:
From Collision To Exploitation: Unleashing Use-After-Free Vulnerabilities in Linux Kernel. 414-425 - Henning Perl, Sergej Dechand, Matthew Smith, Daniel Arp, Fabian Yamaguchi, Konrad Rieck, Sascha Fahl, Yasemin Acar:
VCCFinder: Finding Potential Vulnerabilities in Open-Source Projects to Assist Code Audits. 426-437
Session 4C: Assessing Current Defences
- Meng Xu, Yeongjin Jang, Xinyu Xing, Taesoo Kim, Wenke Lee:
UCognito: Private Browsing without Tears. 438-449 - Ian D. Foster, Jon Larson, Max Masich, Alex C. Snoeren, Stefan Savage, Kirill Levchenko:
Security by Any Other Name: On the Effectiveness of Provider Based Email Security. 450-464 - Platon Kotzias, Srdjan Matic, Richard Rivera, Juan Caballero:
Certified PUP: Abuse in Authenticode Code Signing. 465-478 - Ajaya Neupane, Md. Lutfor Rahman, Nitesh Saxena, Leanne M. Hirshfield:
A Multi-Modal Neuro-Physiological Study of Phishing Detection and Malware Warnings. 479-491
Session 5A: Computing on Encrypted Data
- Xiao Shaun Wang, Yan Huang, Yongan Zhao, Haixu Tang, XiaoFeng Wang, Diyue Bu:
Efficient Genome-Wide, Privacy-Preserving Similar Patient Query based on Private Edit Distance. 492-503 - Xianrui Meng, Seny Kamara, Kobbi Nissim, George Kollios:
GRECS: Graph Encryption for Approximate Shortest Distance Queries. 504-517
Session 5B: Understanding Android Apps
- Mu Zhang, Yue Duan, Qian Feng, Heng Yin:
Towards Automatic Generation of Security-Centric Descriptions for Android Apps. 518-529 - Deguang Kong, Lei Cen, Hongxia Jin:
AUTOREB: Automatically Understanding the Review-to-Behavior Fidelity in Android Applications. 530-541
Session 5C: Scanning the Web
- Zakir Durumeric, David Adrian, Ariana Mirian, Michael D. Bailey, J. Alex Halderman:
A Search Engine Backed by Internet-Wide Scanning. 542-553 - Mathias Lécuyer, Riley Spahn, Yannis Spiliopolous, Augustin Chaintreau, Roxana Geambasu, Daniel J. Hsu:
Sunlight: Fine-grained Targeting Detection at Scale with Statistical Confidence. 554-566
Session 6A: Garbled Circuits
- Shay Gueron, Yehuda Lindell, Ariel Nof, Benny Pinkas:
Fast Garbling of Circuits Under Standard Assumptions. 567-578 - Yehuda Lindell, Ben Riva:
Blazing Fast 2PC in the Offline/Online Setting with Security for Malicious Adversaries. 579-590 - Payman Mohassel, Mike Rosulek, Ye Zhang:
Fast and Secure Three-party Computation: The Garbled Circuit Approach. 591-602
Session 6B: Web Application Security
- Divya Muthukumaran, Dan O'Keeffe, Christian Priebe, David M. Eyers, Brian Shand, Peter R. Pietzuch:
FlowWatcher: Defending against Data Disclosure Vulnerabilities in Web Applications. 603-615 - Oswaldo Olivo, Isil Dillig, Calvin Lin:
Detecting and Exploiting Second Order Denial-of-Service Vulnerabilities in Web Applications. 616-628 - Andrey Chudnov, David A. Naumann:
Inlined Information Flow Monitoring for JavaScript. 629-643
Session 6C: Property-Preserving Encryption
- Florian Kerschbaum:
Frequency-Hiding Order-Preserving Encryption. 656-667 - David Cash, Paul Grubbs, Jason Perry, Thomas Ristenpart:
Leakage-Abuse Attacks Against Searchable Encryption. 668-679
Session 7A: CryptoCurrency
- Andrew Miller, Ahmed E. Kosba, Jonathan Katz, Elaine Shi:
Nonoutsourceable Scratch-Off Puzzles to Discourage Bitcoin Mining Coalitions. 680-691 - Arthur Gervais, Hubert Ritzdorf, Ghassan O. Karame, Srdjan Capkun:
Tampering with the Delivery of Blocks and Transactions in Bitcoin. 692-705 - Loi Luu, Jason Teutsch, Raghav Kulkarni, Prateek Saxena:
Demystifying Incentives in the Consensus Computer. 706-719 - Gaby G. Dagher, Benedikt Bünz, Joseph Bonneau, Jeremy Clark, Dan Boneh:
Provisions: Privacy-preserving Proofs of Solvency for Bitcoin Exchanges. 720-731
Session 7B: Analyzing Obfuscated Code
- Babak Yadegari, Saumya Debray:
Symbolic Execution of Obfuscated Code. 732-744 - Guillaume Bonfante, José M. Fernandez, Jean-Yves Marion, Benjamin Rouxel, Fabrice Sabatier, Aurélien Thierry:
CoDisasm: Medium Scale Concatic Disassembly of Self-Modifying Binaries with Overlapping Instructions. 745-756 - Jiang Ming, Dongpeng Xu, Li Wang, Dinghao Wu:
LOOP: Logic-Oriented Opaque Predicate Detection in Obfuscated Binary Code. 757-768 - Dhilung Kirat, Giovanni Vigna:
MalGene: Automatic Extraction of Malware Analysis Evasion Signature. 769-780
Session 7C: Online Social Networks
- Panagiotis Ilia, Iasonas Polakis, Elias Athanasopoulos, Federico Maggi, Sotiris Ioannidis:
Face/Off: Preventing Privacy Leakage From Photos in Social Networks. 781-792 - Jonghyuk Song, Sangho Lee, Jong Kim:
CrowdTarget: Target-based Detection of Crowdturfing in Online Social Networks. 793-804 - Changchang Liu, Peng Gao, Matthew K. Wright, Prateek Mittal:
Exploiting Temporal Dynamics in Sybil Defenses. 805-816 - Iasonas Polakis, George Argyros, Theofilos Petsios, Suphannee Sivakorn, Angelos D. Keromytis:
Where's Wally?: Precise User Discovery Attacks in Location Proximity Services. 817-828
Session 8A: Outsourced Storage
- Vincent Bindschaedler, Muhammad Naveed, Xiaorui Pan, XiaoFeng Wang, Yan Huang:
Practicing Oblivious Access on Cloud Storage: the Gap, the Fallacy, and the New Way Forward. 837-849 - Xiao Wang, T.-H. Hubert Chan, Elaine Shi:
Circuit ORAM: On Tightness of the Goldreich-Ostrovsky Lower Bound. 850-861 - Tarik Moataz, Travis Mayberry, Erik-Oliver Blass:
Constant Communication ORAM with Small Blocksize. 862-873 - Jian Liu, N. Asokan, Benny Pinkas:
Secure Deduplication of Encrypted Data without Additional Independent Servers. 874-885 - Frederik Armknecht, Jens-Matthias Bohli, Ghassan O. Karame, Franck Youssef:
Transparent Data Deduplication in the Cloud. 886-900
Session 8B: Control Flow Integrity
- Isaac Evans, Fan Long, Ulziibayar Otgonbaatar, Howard E. Shrobe, Martin C. Rinard, Hamed Okhravi, Stelios Sidiroglou-Douskos:
Control Jujutsu: On the Weaknesses of Fine-Grained Control Flow Integrity. 901-913 - Ben Niu, Gang Tan:
Per-Input Control-Flow Integrity. 914-926 - Victor van der Veen, Dennis Andriesse, Enes Göktas, Ben Gras, Lionel Sambuc, Asia Slowinska, Herbert Bos, Cristiano Giuffrida:
Practical Context-Sensitive CFI. 927-940 - Ali José Mashtizadeh, Andrea Bittau, Dan Boneh, David Mazières:
CCFI: Cryptographically Enforced Control Flow Integrity. 941-951 - Mauro Conti, Stephen Crane, Lucas Davi, Michael Franz, Per Larsen, Marco Negro, Christopher Liebchen, Mohaned Qunaibit, Ahmad-Reza Sadeghi:
Losing Control: On the Effectiveness of Control-Flow Integrity under Stack Attacks. 952-963
Session 8C: Enhancing Trust
- N. Asokan, Ferdinand Brasser, Ahmad Ibrahim, Ahmad-Reza Sadeghi, Matthias Schunter, Gene Tsudik, Christian Wachsmann:
SEDA: Scalable Embedded Device Attestation. 964-975 - He Sun, Kun Sun, Yuewu Wang, Jiwu Jing:
TrustOTP: Transforming Smartphones into Secure One-Time Password Tokens. 976-988 - Miao Yu, Virgil D. Gligor, Zongwei Zhou:
Trusted Display on Untrusted Commodity Platforms. 989-1003 - Yasser Shoukry, Paul Martin, Yair Yona, Suhas N. Diggavi, Mani B. Srivastava:
PyCRA: Physical Challenge-Response Authentication For Active Sensors Under Spoofing Attacks. 1004-1015 - Khilan Gudka, Robert N. M. Watson, Jonathan Anderson, David Chisnall, Brooks Davis, Ben Laurie, Ilias Marinos, Peter G. Neumann, Alex Richardson:
Clean Application Compartmentalization with SOAAP. 1016-1031
Session 9A: Coding, Commitments, and Cipher Design
- Ari Juels, James Kelley, Roberto Tamassia, Nikos Triandopoulos:
Falcon Codes: Fast, Authenticated LT Codes (Or: Making Rapid Tornadoes Unstoppable). 1032-1047 - Hai Brenner, Vipul Goyal, Silas Richelson, Alon Rosen, Margarita Vald:
Fast Non-Malleable Commitments. 1048-1057 - Andrey Bogdanov, Takanori Isobe:
White-Box Cryptography Revisited: Space-Hard Ciphers. 1058-1069 - Fatemeh Ganji, Juliane Krämer, Jean-Pierre Seifert, Shahin Tajik:
Lattice Basis Reduction Attack against Physically Unclonable Functions. 1070-1080
Session 9B: Security-Related Ecosystems
- Shuang Hao, Kevin Borgolte, Nick Nikiforakis, Gianluca Stringhini, Manuel Egele, Michael Eubanks, Brian Krebs, Giovanni Vigna:
Drops for Stuff: An Analysis of Reshipping Mule Scams. 1081-1092 - Hang Zhang, Dongdong She, Zhiyun Qian:
Android Root and its Providers: A Double-Edged Sword. 1093-1104 - Mingyi Zhao, Jens Grossklags, Peng Liu:
An Empirical Study of Web Vulnerability Discovery Ecosystems. 1105-1117 - Bum Jun Kwon, Jayanta Mondal, Jiyong Jang, Leyla Bilge, Tudor Dumitras:
The Dropper Effect: Insights into Malware Distribution with Downloader Graph Analytics. 1118-1129
Session 9C: Formal Methods Meet Cryptography
- Omar Chowdhury, Deepak Garg, Limin Jia, Anupam Datta:
Equivalence-based Security for Querying Encrypted Databases: Theory and Application to Privacy Policy Audits. 1130-1143 - David A. Basin, Jannik Dreier, Ralf Sasse:
Automated Symbolic Proofs of Observational Equivalence. 1144-1155 - Gilles Barthe, Benjamin Grégoire, Benedikt Schmidt:
Automated Proofs of Pairing-Based Cryptography. 1156-1168 - Rohit Sinha, Sriram K. Rajamani, Sanjit A. Seshia, Kapil Vaswani:
Moat: Verifying Confidentiality of Enclave Programs. 1169-1184
Session 10A: Key Exchange: Theory and Practice
- Tibor Jager, Jörg Schwenk, Juraj Somorovsky:
On the Security of TLS 1.3 and QUIC Against Weaknesses in PKCS#1 v1.5 Encryption. 1185-1196 - Benjamin Dowling, Marc Fischlin, Felix Günther, Douglas Stebila:
A Cryptographic Analysis of the TLS 1.3 Handshake Protocol Candidates. 1197-1210 - Nik Unger, Ian Goldberg:
Deniable Key Exchanges for Secure Messaging. 1211-1223 - Sven Schäge:
TOPAS: 2-Pass Key Exchange with Full Perfect Forward Secrecy and Optimal Communication Complexity. 1224-1235
Session 10B: Mobile Device Attacks
- Heqing Huang, Sencun Zhu, Kai Chen, Peng Liu:
From System Services Freezing to System Server Shutdown in Android: All You Need Is a Loop in an App. 1236-1247 - Yousra Aafer, Nan Zhang, Zhongwen Zhang, Xiao Zhang, Kai Chen, XiaoFeng Wang, Xiao-yong Zhou, Wenliang Du, Michael Grace:
Hare Hunting in the Wild Android: A Study on the Threat of Hanging Attribute References. 1248-1259 - Yangyi Chen, Tongxin Li, XiaoFeng Wang, Kai Chen, Xinhui Han:
Perplexed Messengers from the Cloud: Automated Security Analysis of Push-Messaging Integrations. 1260-1272 - Xiangyu Liu, Zhe Zhou, Wenrui Diao, Zhou Li, Kehuan Zhang:
When Good Becomes Evil: Keystroke Inference with Smartwatch. 1273-1285
Session 10C: Statistical Privacy
- Florian Tramèr, Zhicong Huang, Jean-Pierre Hubaux, Erman Ayday:
Differential Privacy with Bounded Priors: Reconciling Utility and Privacy in Genome-Wide Association Studies. 1286-1297 - Yonghui Xiao, Li Xiong:
Protecting Locations with Differential Privacy under Temporal Correlations. 1298-1309 - Reza Shokri, Vitaly Shmatikov:
Privacy-Preserving Deep Learning. 1310-1321 - Matt Fredrikson, Somesh Jha, Thomas Ristenpart:
Model Inversion Attacks that Exploit Confidence Information and Basic Countermeasures. 1322-1333
Session 11A: Privacy-Preserving Authentication
- Vireshwar Kumar, He Li, Jung-Min "Jerry" Park, Kaigui Bian, Yaling Yang:
Group Signatures with Probabilistic Revocation: A Computationally-Scalable Approach for Providing Privacy-Preserving Authentication. 1334-1345 - Aldo Cassola, Erik-Oliver Blass, Guevara Noubir:
Authenticating Privately over Public Wi-Fi Hotspots. 1346-1357 - Daniel Fett, Ralf Küsters, Guido Schmitz:
SPRESSO: A Secure, Privacy-Respecting Single Sign-On System for the Web. 1358-1369 - Joseph A. Akinyele, Christina Garman, Susan Hohenberger:
Automating Fast and Secure Translations from Type-I to Type-III Pairing Schemes. 1370-1381
Session 11B: Web Attacks
- Tom van Goethem, Wouter Joosen, Nick Nikiforakis:
The Clock is Still Ticking: Timing Attacks in the Modern Web. 1382-1393 - Nethanel Gelernter, Amir Herzberg:
Cross-Site Search Attacks. 1394-1405 - Yossef Oren, Vasileios P. Kemerlis, Simha Sethumadhavan, Angelos D. Keromytis:
The Spy in the Sandbox: Practical Cache Attacks in JavaScript and their Implications. 1406-1418 - Ben Stock, Stephan Pfistner, Bernd Kaiser, Sebastian Lekies, Martin Johns:
From Facepalm to Brain Bender: Exploring Client-Side Cross-Site Scripting. 1419-1430
Session 11C: Surveillance and Countermeasures
- Mihir Bellare, Joseph Jaeger, Daniel Kane:
Mass-surveillance without the State: Strongly Undetectable Algorithm-Substitution Attacks. 1431-1440 - Chen Chen, Daniele Enrico Asoni, David Barrera, George Danezis, Adrian Perrig:
HORNET: High-speed Onion Routing at the Network Layer. 1441-1454 - Srdjan Matic, Platon Kotzias, Juan Caballero:
CARONTE: Detecting Location Leaks for Deanonymizing Tor Hidden Services. 1455-1466 - Jan Camenisch, Anja Lehmann:
(Un)linkable Pseudonyms for Governmental Databases. 1467-1479
Session 12A: Outsourcing Data and Computation
- Yupeng Zhang, Jonathan Katz, Charalampos Papamanthou:
IntegriDB: Verifiable SQL for Outsourced Databases. 1480-1491 - Peeter Laud, Jaak Randmets:
A Domain-Specific Language for Low-Level Secure Multiparty Computation Protocols. 1492-1503 - Daniel Demmler, Ghada Dessouky, Farinaz Koushanfar, Ahmad-Reza Sadeghi, Thomas Schneider, Shaza Zeitouni:
Automated Synthesis of Optimized Circuits for S