default search action
23rd CCS 2016: Vienna, Austria
- Edgar R. Weippl, Stefan Katzenbeisser, Christopher Kruegel, Andrew C. Myers, Shai Halevi:
Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, Vienna, Austria, October 24-28, 2016. ACM 2016, ISBN 978-1-4503-4139-4
Keynote
- Martin E. Hellman:
Cybersecurity, Nuclear Security, Alan Turing, and Illogical Logic. 1-2
Paper Session 1A: Blockchain I
- Arthur Gervais, Ghassan O. Karame, Karl Wüst, Vasileios Glykantzis, Hubert Ritzdorf, Srdjan Capkun:
On the Security and Performance of Proof of Work Blockchains. 3-16 - Loi Luu, Viswesh Narayanan, Chaodong Zheng, Kunal Baweja, Seth Gilbert, Prateek Saxena:
A Secure Sharding Protocol For Open Blockchains. 17-30 - Andrew Miller, Yu Xia, Kyle Croman, Elaine Shi, Dawn Song:
The Honey Badger of BFT Protocols. 31-42
Paper Session 1B: Differential Privacy
- Paul Cuff, Lanqing Yu:
Differential Privacy as a Mutual Information Constraint. 43-54 - Gilles Barthe, Noémie Fong, Marco Gaboardi, Benjamin Grégoire, Justin Hsu, Pierre-Yves Strub:
Advanced Probabilistic Couplings for Differential Privacy. 55-67 - Gilles Barthe, Gian Pietro Farina, Marco Gaboardi, Emilio Jesús Gallego Arias, Andy Gordon, Justin Hsu, Pierre-Yves Strub:
Differentially Private Bayesian Programming. 68-79
Paper Session 1C: Android Security
- Yuru Shao, Jason Ott, Yunhan Jack Jia, Zhiyun Qian, Zhuoqing Morley Mao:
The Misuse of Android Unix Domain Sockets and Security Implications. 80-91 - Kai Wang, Yuqing Zhang, Peng Liu:
Call Me Back!: Attacks on System Server and System Apps in Android through Synchronous Callback. 92-103 - Güliz Seray Tuncay, Soteris Demetriou, Carl A. Gunter:
Draco: A System for Uniform and Fine-grained Access Control for Web Code on Android. 104-115
Paper Session 1D: Hardware Protection
- Gilles Barthe, Sonia Belaïd, François Dupressoir, Pierre-Alain Fouque, Benjamin Grégoire, Pierre-Yves Strub, Rébecca Zucchini:
Strong Non-Interference and Type-Directed Higher-Order Masking. 116-129 - Yuanwen Huang, Swarup Bhunia, Prabhat Mishra:
MERS: Statistical Test Generation for Side-Channel Analysis based Trojan Detection. 130-141 - Stefan Dziembowski, Sebastian Faust, François-Xavier Standaert:
Private Circuits III: Hardware Trojan-Resilience via Testing Amplification. 142-153
Paper Session 2A: Blockchain II
- Miles Carlsten, Harry A. Kalodner, S. Matthew Weinberg, Arvind Narayanan:
On the Instability of Bitcoin Without the Block Reward. 154-167 - Melissa Chase, Sarah Meiklejohn:
Transparency Overlays and Applications. 168-179
Paper Session 2B: Differentially Private Systems I
- Yilin Shen, Hongxia Jin:
EpicRec: Towards Practical Differentially Private Framework for Personalized Recommendation. 180-191 - Zhan Qin, Yin Yang, Ting Yu, Issa Khalil, Xiaokui Xiao, Kui Ren:
Heavy Hitter Estimation over Set-Valued Data with Local Differential Privacy. 192-203
Paper Session 2C: Access Control
- Talia Ringer, Dan Grossman, Franziska Roesner:
AUDACIOUS: User-Driven Access Control with Unmodified Operating Systems. 204-216 - Enrico Bacis, Sabrina De Capitani di Vimercati, Sara Foresti, Stefano Paraboschi, Marco Rosa, Pierangela Samarati:
Mix&Slice: Efficient Access Revocation in the Cloud. 217-228
Paper Session 2D: Security and Persistence
- Isaac C. Sheff, Tom Magrino, Jed Liu, Andrew C. Myers, Robbert van Renesse:
Safe Serializable Secure Scheduling: Transactions and the Trade-Off Between Security and Consistency. 229-241 - Dave (Jing) Tian, Adam Bates, Kevin R. B. Butler, Raju Rangaswami:
ProvUSB: Block-level Provenance-Based Data Protection for USB Storage Devices. 242-253
Paper Session 3A: Smart Contracts
- Loi Luu, Duc-Hiep Chu, Hrishi Olickel, Prateek Saxena, Aquinas Hobor:
Making Smart Contracts Smarter. 254-269 - Fan Zhang, Ethan Cecchetti, Kyle Croman, Ari Juels, Elaine Shi:
Town Crier: An Authenticated Data Feed for Smart Contracts. 270-282 - Ari Juels, Ahmed E. Kosba, Elaine Shi:
The Ring of Gyges: Investigating the Future of Criminal Smart Contracts. 283-295
Paper Session 3B: Differentially Private Systems II
- Xiaocong Jin, Rui Zhang, Yimin Chen, Tao Li, Yanchao Zhang:
DPSense: Differentially Private Crowdsourced Spectrum Sensing. 296-307 - Martín Abadi, Andy Chu, Ian J. Goodfellow, H. Brendan McMahan, Ilya Mironov, Kunal Talwar, Li Zhang:
Deep Learning with Differential Privacy. 308-318 - Michael Backes, Pascal Berrang, Mathias Humbert, Praveen Manoharan:
Membership Privacy in MicroRNA-based Studies. 319-330
Paper Session 3C: Mobile Software Analysis
- Mingshen Sun, Tao Wei, John C. S. Lui:
TaintART: A Practical Multi-level Information-Flow Tracking System for Android RunTime. 331-342 - Benjamin Bichsel, Veselin Raychev, Petar Tsankov, Martin T. Vechev:
Statistical Deobfuscation of Android Applications. 343-355 - Michael Backes, Sven Bugiel, Erik Derr:
Reliable Third-Party Library Detection in Android and its Security Applications. 356-367
Paper Session 3D: Kernel Memory Security
- Daniel Gruss, Clémentine Maurice, Anders Fogh, Moritz Lipp, Stefan Mangard:
Prefetch Side-Channel Attacks: Bypassing SMAP and Kernel ASLR. 368-379 - Yeongjin Jang, Sangho Lee, Taesoo Kim:
Breaking Kernel Address Space Layout Randomization with Intel TSX. 380-392 - Terry Ching-Hsiang Hsu, Kevin J. Hoffman, Patrick Eugster, Mathias Payer:
Enforcing Least Privilege Memory Views for Multithreaded Applications. 393-405
Paper Session 4A: Secure MPC I
- Ranjit Kumaresan, Vinod Vaikuntanathan, Prashant Nalini Vasudevan:
Improvements to Secure Computation with Penalties. 406-417 - Ranjit Kumaresan, Iddo Bentov:
Amortizing Secure Computation with Penalties. 418-429 - Lorenzo Grassi, Christian Rechberger, Dragos Rotaru, Peter Scholl, Nigel P. Smart:
MPC-Friendly Symmetric Key Primitives. 430-443
Paper Session 4B: Attacks on Ciphers
- Mihir Bellare, Viet Tung Hoang, Stefano Tessaro:
Message-Recovery Attacks on Feistel-Based Format Preserving Encryption. 444-455 - Karthikeyan Bhargavan, Gaëtan Leurent:
On the Practical (In-)Security of 64-bit Block Ciphers: Collision Attacks on HTTP over TLS and OpenVPN. 456-467 - Stephen Checkoway, Jacob Maskiewicz, Christina Garman, Joshua Fried, Shaanan Cohney, Matthew Green, Nadia Heninger, Ralf-Philipp Weinmann, Eric Rescorla, Hovav Shacham:
A Systematic Analysis of the Juniper Dual EC Incident. 468-479
Paper Session 4C: Big Data Meets Security
- Qian Feng, Rundong Zhou, Chengcheng Xu, Yao Cheng, Brian Testa, Heng Yin:
Scalable Graph-based Bug Search for Firmware Images. 480-491 - Yushan Liu, Shouling Ji, Prateek Mittal:
SmartWalk: Enhancing Social Network Security via Adaptive Random Walks. 492-503 - Zhang Xu, Zhenyu Wu, Zhichun Li, Kangkook Jee, Junghwan Rhee, Xusheng Xiao, Fengyuan Xu, Haining Wang, Guofei Jiang:
High Fidelity Data Reduction for Big Data Security Dependency Analyses. 504-516
Paper Session 4D: Types and Memory Safety
- István Haller, Yuseok Jeon, Hui Peng, Mathias Payer, Cristiano Giuffrida, Herbert Bos, Erik van der Kouwe:
TypeSan: Practical Type Confusion Detection. 517-528 - Jun Xu, Dongliang Mu, Ping Chen, Xinyu Xing, Pei Wang, Peng Liu:
CREDAL: Towards Locating a Memory Corruption Vulnerability with Your Core Dump. 529-540 - Christian Wressnegger, Fabian Yamaguchi, Alwin Maier, Konrad Rieck:
Twice the Bits, Twice the Trouble: Vulnerabilities Induced by Migrating to 64-Bit Platforms. 541-552
Paper Session 5A: Secure MPC II
- Vassil S. Dimitrov, Liisi Kerik, Toomas Krips, Jaak Randmets, Jan Willemson:
Alternative Implementations of Secure Real Numbers. 553-564 - Marshall Ball, Tal Malkin, Mike Rosulek:
Garbling Gadgets for Boolean and Arithmetic Circuits. 565-577 - Aner Ben-Efraim, Yehuda Lindell, Eran Omri:
Optimizing Semi-Honest Secure Multiparty Computation for the Internet. 578-590
Paper Session 5B: Physically Based Authentication
- Oliver Willers, Christopher Huth, Jorge Guajardo, Helmut Seidel:
MEMS Gyroscopes as Physical Unclonable Functions. 591-602 - Tianhao Wang, Huangyi Ge, Omar Chowdhury, Hemanta K. Maji, Ninghui Li:
On the Security and Usability of Segment-based Visual Cryptographic Authentication Protocols. 603-615 - Wei Xi, Chen Qian, Jinsong Han, Kun Zhao, Sheng Zhong, Xiang-Yang Li, Jizhong Zhao:
Instant and Robust Authentication and Key Agreement among Mobile Devices. 616-627
Paper Session 5C: Web Security
- Frank Cangialosi, Taejoong Chung, David R. Choffnes, Dave Levin, Bruce M. Maggs, Alan Mislove, Christo Wilson:
Measurement and Analysis of Private Key Sharing in the HTTPS Ecosystem. 628-640 - Abeer Alhuzali, Birhanu Eshete, Rigel Gjomemo, V. N. Venkatakrishnan:
Chainsaw: Chained Automated Workflow-based Exploit Generation. 641-652 - Xiang Pan, Yinzhi Cao, Shuangping Liu, Yu Zhou, Yan Chen, Tingzhe Zhou:
CSPAutoGen: Black-box Enforcement of Content Security Policy upon Real-world Websites. 653-665
Paper Session 5D: Security Bug Finding
- Elissa M. Redmiles, Sean Kross, Michelle L. Mazurek:
How I Learned to be Secure: a Census-Representative Survey of Security Advice Sources and Behavior. 666-677 - Felix Dörre, Vladimir Klebanov:
Practical Detection of Entropy Loss in Pseudo-Random Number Generators. 678-689 - Andrew Ruef, Michael W. Hicks, James Parker, Dave Levin, Michelle L. Mazurek, Piotr Mardziel:
Build It, Break It, Fix It: Contesting Secure Development. 690-703
Paper Session 6A: Phone Security using Formal Methods
- Luke Deshotels, Razvan Deaconescu, Mihai Chiroiu, Lucas Davi, William Enck, Ahmad-Reza Sadeghi:
SandScout: Automatic Detection of Flaws in iOS Sandbox Profiles. 704-716 - Michael Backes, Robert Künnemann, Esfandiar Mohammadi:
Computational Soundness for Dalvik Bytecode. 717-730
Paper Session 6B: Attestation
- Moreno Ambrosin, Mauro Conti, Ahmad Ibrahim, Gregory Neven, Ahmad-Reza Sadeghi, Matthias Schunter:
SANA: Secure and Scalable Aggregate Network Attestation. 731-742 - Tigist Abera, N. Asokan, Lucas Davi, Jan-Erik Ekberg, Thomas Nyman, Andrew Paverd, Ahmad-Reza Sadeghi, Gene Tsudik:
C-FLAT: Control-Flow Attestation for Embedded Systems Software. 743-754
Paper Session 6C: Mine your Literature
- Xiaojing Liao, Kan Yuan, XiaoFeng Wang, Zhou Li, Luyi Xing, Raheem A. Beyah:
Acing the IOC Game: Toward Automatic Discovery and Analysis of Open-Source Cyber Threat Intelligence. 755-766 - Ziyun Zhu, Tudor Dumitras:
FeatureSmith: Automatically Engineering Features for Malware Detection by Mining the Security Literature. 767-778
Paper Session 6D: Security Studies
- Philipp Holzinger, Stefan Triller, Alexandre Bartel, Eric Bodden:
An In-Depth Study of More Than Ten Years of Java Exploitation. 779-790 - Yaoqi Jia, Zheng Leong Chua, Hong Hu, Shuo Chen, Prateek Saxena, Zhenkai Liang:
"The Web/Local" Boundary Is Fuzzy: A Security Study of Chrome's Process-based Sandboxing. 791-804
Paper Session 7A: Secure MPC III
- Toshinori Araki, Jun Furukawa, Yehuda Lindell, Ariel Nof, Kazuma Ohara:
High-Throughput Semi-Honest Secure Three-Party Computation with an Honest Majority. 805-817 - Vladimir Kolesnikov, Ranjit Kumaresan, Mike Rosulek, Ni Trieu:
Efficient Batched Oblivious PRF with Applications to Private Set Intersection. 818-829 - Marcel Keller, Emmanuela Orsini, Peter Scholl:
MASCOT: Faster Malicious Arithmetic Secure Computation with Oblivious Transfer. 830-842
Paper Session 7B: Side-Channel Attacks
- Dmitry Evtyushkin, Dmitry V. Ponomarev:
Covert Channels through Random Number Generator: Mechanisms, Capacity Estimation and Mitigations. 843-857 - Xiaokuan Zhang, Yuan Xiao, Yinqian Zhang:
Return-Oriented Flush-Reload Side Channels on ARM and Their Implications for Android Devices. 858-870 - Ziqiao Zhou, Michael K. Reiter, Yinqian Zhang:
A Software Approach to Defeating Side Channels in Last-Level Caches. 871-882
Paper Session 7C: Acoustic Attacks
- Avesta Hojjati, Anku Adhikari, Katarina Struckmann, Edward Chou, Thi Ngoc Tho Nguyen, Kushagra Madan, Marianne Southall Winslett, Carl A. Gunter, William P. King:
Leave Your Phone at the Door: Side Channels that Reveal Factory Floor Secrets. 883-894 - Chen Song, Feng Lin, Zhongjie Ba, Kui Ren, Chi Zhou, Wenyao Xu:
My Smartphone Knows What You Print: Exploring Smartphone-based Side-channel Attacks Against 3D Printers. 895-907 - Babins Shrestha, Maliheh Shirvanian, Prakash Shrestha, Nitesh Saxena:
The Sounds of the Phones: Dangers of Zero-Effort Second Factor Login based on Ambient Audio. 908-919
Paper Session 7D: Protection Across Executions
- Kangjie Lu, Chengyu Song, Taesoo Kim, Wenke Lee:
UniSan: Proactive Kernel Memory Initialization to Eliminate Data Leakages. 920-932 - Tao Li, Yimin Chen, Jingchao Sun, Xiaocong Jin, Yanchao Zhang:
iLock: Immediate and Automatic Locking of Mobile Devices against Data Theft. 933-944 - Lianying Zhao, Mohammad Mannan:
Hypnoguard: Protecting Secrets across Sleep-wake Cycles. 945-957
Paper Session 8A: Lattices and Obfuscation
- Kevin Lewi, Alex J. Malozemoff, Daniel Apon, Brent Carmer, Adam Foltzer, Daniel Wagner, David W. Archer, Dan Boneh, Jonathan Katz, Mariana Raykova:
5Gen: A Framework for Prototyping Applications Using Multilinear Maps and Matrix Branching Programs. 981-992 - Eric Crockett, Chris Peikert:
Λολ: Functional Lattice Cryptography. 993-1005 - Joppe W. Bos, Craig Costello, Léo Ducas, Ilya Mironov, Michael Naehrig, Valeria Nikolaenko, Ananth Raghunathan, Douglas Stebila:
Frodo: Take off the Ring! Practical, Quantum-Secure Key Exchange from LWE. 1006-1018
Paper Session 8B: Attacks and Defenses
- Yannan Liu, Lingxiao Wei, Zhe Zhou, Kehuan Zhang, Wenyuan Xu, Qiang Xu:
On Code Execution Tracking via Power Side-Channel. 1019-1031 - Marcel Böhme, Van-Thuan Pham, Abhik Roychoudhury:
Coverage-based Greybox Fuzzing as Markov Chain. 1032-1043 - Kyong-Tak Cho, Kang G. Shin:
Error Handling of In-vehicle Networks Makes Them Vulnerable. 1044-1055
Paper Session 8C: Phone Security
- Ivo Sluganovic, Marc Roeschlin, Kasper Bonne Rasmussen, Ivan Martinovic:
Using Reflexive Eye Movements for Fast Challenge-Response Authentication. 1056-1067 - Mengyuan Li, Yan Meng, Junyi Liu, Haojin Zhu, Xiaohui Liang, Yao Liu, Na Ruan:
When CSI Meets Public WiFi: Inferring Your Mobile Phone Password via WiFi Signals. 1068-1079 - Linghan Zhang, Sheng Tan, Jie Yang, Yingying Chen:
VoiceLive: A Phoneme Localization based Liveness Detection for Voice Authentication on Smartphones. 1080-1091
Paper Session 8D: Infrastructure Attacks
- David I. Urbina, Jairo Alonso Giraldo, Alvaro A. Cárdenas, Nils Ole Tippenhauer, Junia Valente, Mustafa Amir Faisal, Justin Ruths, Richard Candell, Henrik Sandberg:
Limiting the Impact of Stealthy Attacks on Industrial Control Systems. 1092-1105 - Merve Sahin, Aurélien Francillon:
Over-The-Top Bypass: Study of a Recent Telephony Fraud. 1106-1117 - Guan-Hua Tu, Chi-Yu Li, Chunyi Peng, Yuanjie Li, Songwu Lu:
New Security Threats Caused by IMS-based SMS Service in 4G LTE Networks. 1118-1130
Paper Session 9A: Order-Revealing and Searchable Encryption
- Daniel S. Roche, Daniel Apon, Seung Geol Choi, Arkady Yerukhimovich:
POPE: Partial Order Preserving Encoding. 1131-1142 - Raphael Bost:
∑oφoς: Forward Secure Searchable Encryption. 1143-1154 - F. Betül Durak, Thomas M. DuBuisson, David Cash:
What Else is Revealed by Order-Revealing Encryption? 1155-1166 - Kevin Lewi, David J. Wu:
Order-Revealing Encryption: New Constructions, Applications, and Lower Bounds. 1167-1178
Paper Session 9B: Authentication
- Zhenfeng Zhang, Kang Yang, Xuexian Hu, Yuchen Wang:
Practical Anonymous Password Authentication and TLS with Anonymous Client Authentication. 1179-1191 - Jonas Schneider, Nils Fleischhacker, Dominique Schröder, Michael Backes:
Efficient Cryptographic Password Hardening Services from Partially Oblivious Commitments. 1192-1203 - Daniel Fett, Ralf Küsters, Guido Schmitz:
A Comprehensive Formal Security Analysis of OAuth 2.0. 1204-1215
Paper Session 9C: Passwords
- Weining Yang, Ninghui Li, Omar Chowdhury, Aiping Xiong, Robert W. Proctor:
An Empirical Study of Mnemonic Sentence-based Password Generation Strategies. 1216-1229 - Maximilian Golla, Benedict Beuscher, Markus Dürmuth:
On the Security of Cracking-Resistant Password Vaults. 1230-1241 - Ding Wang, Zijian Zhang, Ping Wang, Jeff Yan, Xinyi Huang:
Targeted Online Password Guessing: An Underestimated Threat. 1242-1254
Paper Session 9D: Internet Security
- Jung-Ho Park, Wookeun Jung, Gangwon Jo, Ilkoo Lee, Jaejin Lee:
PIPSEA: A Practical IPsec Gateway on Embedded APUs. 1255-1267 - Zhuotao Liu, Hao Jin, Yih-Chun Hu, Michael D. Bailey:
MiddlePolice: Toward Enforcing Destination-Defined Policies in the Middle of the Internet. 1268-1279 - Georgios Kontaxis, Angelos D. Keromytis:
Protecting Insecure Communications with Topology-aware Network Tunnels. 1280-1291
Paper Session 10A: Specialized Crypto Tools
- Elette Boyle, Niv Gilboa, Yuval Ishai:
Function Secret Sharing: Improvements and Extensions. 1292-1303 - Dario Fiore, Cédric Fournet, Esha Ghosh, Markulf Kohlweiss, Olga Ohrimenko, Bryan Parno:
Hash First, Argue Later: Adaptive Verifiable Computations on Outsourced Data. 1304-1316 - Aggelos Kiayias, Feng-Hao Liu, Yiannis Tselekounis:
Practical Non-Malleable Codes from l-more Extractable Hash Functions. 1317-1328
Paper Session 11B: Attacks using a Little Leakage
- Georgios Kellaris, George Kollios, Kobbi Nissim, Adam O'Neill:
Generic Attacks on Secure Outsourced Databases. 1329-1340 - David Pouliot, Charles V. Wright:
The Shadow Nemesis: Inference Attacks on Efficiently Deployable, Efficiently Searchable Encryption. 1341-1352 - Paul Grubbs, Richard McPherson, Muhammad Naveed, Thomas Ristenpart, Vitaly Shmatikov:
Breaking Web Applications Built On Top of Encrypted Data. 1353-1364
Paper Session 10C: Measuring Security in the Wild
- Stefano Calzavara, Alvise Rabitti, Michele Bugliesi:
Content Security Problems?: Evaluating the Effectiveness of Content Security Policy in the Wild. 1365-1375 - Lukas Weichselbaum, Michele Spagnuolo, Sebastian Lekies, Artur Janc:
CSP Is Dead, Long Live CSP! On the Insecurity of Whitelists and the Future of Content Security Policy. 1376-1387 - Steven Englehardt, Arvind Narayanan:
Online Tracking: A 1-million-site Measurement and Analysis. 1388-1401
Paper Session 10D: Network Security I
- Xiao Han, Nizar Kheir, Davide Balzarotti:
PhishEye: Live Monitoring of Sandboxed Phishing Kits. 1402-1413 - Daiping Liu, Shuai Hao, Haining Wang:
All Your DNS Records Point to Us: Understanding the Security Threats of Dangling DNS Records. 1414-1425 - Johannes Krupp, Michael Backes, Christian Rossow:
Identifying the Scan and Attack Infrastructures Behind Amplification DDoS Attacks. 1426-1437
Paper Session 11A: Key Exchange
- Hugo Krawczyk:
A Unilateral-to-Mutual Authentication Compiler for Key Exchange (with Applications to Client Authentication in TLS 1.3). 1438-1450 - Vladimir Kolesnikov, Hugo Krawczyk, Yehuda Lindell, Alex J. Malozemoff, Tal Rabin:
Attribute-based Key Exchange with General Policies. 1451-1463 - Yunlei Zhao:
Identity-Concealed Authenticated Encryption and Key Exchange. 1464-1479
Paper Session 10B: Crypto Implementations
- Martin R. Albrecht, Jean Paul Degabriele, Torben Brandt Hansen, Kenneth G. Paterson:
A Surfeit of SSH Cipher Suites. 1480-1491 - Juraj Somorovsky:
Systematic Fuzzing and Testing of TLS Libraries. 1492-1504 - Shuqin Fan, Wenbo Wang, Qingfeng Cheng:
Attacking OpenSSL Implementation of ECDSA with a Few Signatures. 1505-1515
Paper Session 11C: More Attacks
- Jianjun Chen, Jian Jiang, Hai-Xin Duan, Nicholas Weaver, Tao Wan, Vern Paxson:
Host of Troubles: Multiple Host Ambiguities in HTTP Implementations. 1516-1527