default search action
24th CCS 2017: Dallas, TX, USA
- Bhavani Thuraisingham, David Evans, Tal Malkin, Dongyan Xu:
Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, CCS 2017, Dallas, TX, USA, October 30 - November 03, 2017. ACM 2017, ISBN 978-1-4503-4946-8
Keynote Talk
- David A. Wagner:
Security and Machine Learning. 1
Session A1: Multi-Party Computation 1
- Vladimir Kolesnikov, Jesper Buus Nielsen, Mike Rosulek, Ni Trieu, Roberto Trifiletti:
DUPLO: Unifying Cut-and-Choose for Garbled Circuits. 3-20 - Xiao Wang, Samuel Ranellucci, Jonathan Katz:
Authenticated Garbling and Efficient Maliciously Secure Two-Party Computation. 21-37 - Xiao Wang, Samuel Ranellucci, Jonathan Katz:
Global-Scale Secure Multiparty Computation. 39-56
Session A2: Human Authentication
- Linghan Zhang, Sheng Tan, Jie Yang:
Hearing Your Voice is Not Enough: An Articulatory Gesture Based Liveness Detection for Voice Authentication. 57-71 - Jian Liu, Chen Wang, Yingying Chen, Nitesh Saxena:
VibWrite: Towards Finger-input Authentication on Ubiquitous Surfaces via Physical Vibration. 73-87 - Zhangkai Zhang, Xuhua Ding, Gene Tsudik, Jinhua Cui, Zhoujun Li:
Presence Attestation: The Missing Link in Dynamic Trust Bootstrapping. 89-102
Session A3: Adversarial Machine Learning
- Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang, Taimin Zhang, Wenyuan Xu:
DolphinAttack: Inaudible Voice Commands. 103-117 - Hung Dang, Yue Huang, Ee-Chien Chang:
Evading Classifiers by Morphing in the Dark. 119-133 - Dongyu Meng, Hao Chen:
MagNet: A Two-Pronged Defense against Adversarial Examples. 135-147
Session A4: Browsers
- Meng Luo, Oleksii Starov, Nima Honarmand, Nick Nikiforakis:
Hindsight: Understanding the Evolution of UI Vulnerabilities in Mobile Browsers. 149-162 - Yinzhi Cao, Zhanhao Chen, Song Li, Shujiang Wu:
Deterministic Browser. 163-178 - Peter Snyder, Cynthia Bagier Taylor, Chris Kanich:
Most Websites Don't Need to Vibrate: A Cost-Benefit Approach to Improving Browser Security. 179-194
Session A5: Cryptocurrency
- Yujin Kwon, Dohyun Kim, Yunmok Son, Eugene Y. Vasserman, Yongdae Kim:
Be Selfish and Avoid Dilemmas: Fork After Withholding (FAW) Attacks on Bitcoin. 195-209 - Changyu Dong, Yilei Wang, Amjad Aldweesh, Patrick McCorry, Aad van Moorsel:
Betrayal, Distrust, and Rationality: Smart Counter-Collusion Contracts for Verifiable Cloud Computing. 211-227 - Matteo Campanelli, Rosario Gennaro, Steven Goldfeder, Luca Nizzardo:
Zero-Knowledge Contingent Payments Revisited: Attacks and Payments for Services. 229-243
Session B1: Multi-Party Computation 2
- Ruiyu Zhu, Yan Huang, Darion Cassel:
Pool: Scalable On-Demand Secure Computation Service Against Malicious Adversaries. 245-257 - Yehuda Lindell, Ariel Nof:
A Framework for Constructing Fast MPC over Arithmetic Circuits with Malicious Adversaries and an Honest-Majority. 259-276 - Nishanth Chandran, Juan A. Garay, Payman Mohassel, Satyanarayana Vusirikala:
Efficient, Constant-Round and Actively Secure MPC: Beyond the Three-Party Case. 277-294
Session B2: Passwords
- Sarah Pearman, Jeremy Thomas, Pardis Emami Naeini, Hana Habib, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, Serge Egelman, Alain Forget:
Let's Go in for a Closer Look: Observing Passwords in Their Natural Habitat. 295-310 - Alena Naiakshina, Anastasia Danilova, Christian Tiefenau, Marco Herzog, Sergej Dechand, Matthew Smith:
Why Do Developers Get Password Storage Wrong?: A Qualitative Usability Study. 311-328 - Rahul Chatterjee, Joanne Woodage, Yuval Pnueli, Anusha Chowdhury, Thomas Ristenpart:
The TypTop System: Personalized Typo-Tolerant Password Checking. 329-346
Session B3: Investigating Attacks
- Yan Shoshitaishvili, Michael Weissbacher, Lukas Dresel, Christopher Salls, Ruoyu Wang, Christopher Kruegel, Giovanni Vigna:
Rise of the HaCRS: Augmenting Autonomous Cyber Reasoning Systems with Human Assistance. 347-362 - Xiaojun Xu, Chang Liu, Qian Feng, Heng Yin, Le Song, Dawn Song:
Neural Network-based Graph Embedding for Cross-Platform Binary Code Similarity Detection. 363-376 - Yang Ji, Sangho Lee, Evan Downing, Weiren Wang, Mattia Fazzini, Taesoo Kim, Alessandro Orso, Wenke Lee:
RAIN: Refinable Attack Investigation with On-demand Inter-Process Information Flow Tracking. 377-390
Session B4: Privacy Policies
- Martin Kucera, Petar Tsankov, Timon Gehr, Marco Guarnieri, Martin T. Vechev:
Synthesis of Probabilistic Privacy Enforcement. 391-408 - Véronique Cortier, Niklas Grimm, Joseph Lallemand, Matteo Maffei:
A Type System for Privacy Properties. 409-423 - Zhan Qin, Ting Yu, Yin Yang, Issa Khalil, Xiaokui Xiao, Kui Ren:
Generating Synthetic Decentralized Social Graphs with Local Differential Privacy. 425-438
Session B5: Blockchains
- Rami Khalil, Arthur Gervais:
Revive: Rebalancing Off-Blockchain Payment Networks. 439-453 - Giulio Malavolta, Pedro Moreno-Sanchez, Aniket Kate, Matteo Maffei, Srivatsan Ravi:
Concurrency and Privacy with Payment-Channel Networks. 455-471 - Matthew Green, Ian Miers:
Bolt: Anonymous Payment Channels for Decentralized Currencies. 473-489
Session C1: Oblivious RAM
- Thang Hoang, Ceyhun D. Ozkaptan, Attila A. Yavuz, Jorge Guajardo, Tam Nguyen:
S3ORAM: A Computation-Efficient and Constant Client Bandwidth Blowup ORAM with Shamir Secret Sharing. 491-505 - Daniel S. Roche, Adam J. Aviv, Seung Geol Choi, Travis Mayberry:
Deterministic, Stash-Free Write-Only ORAM. 507-521 - Jack Doerner, Abhi Shelat:
Scaling ORAM for Secure Computation. 523-535
Session C2: World Wide Web of Wickedness
- Daiping Liu, Zhou Li, Kun Du, Haining Wang, Baojun Liu, Hai-Xin Duan:
Don't Let One Rotten Apple Spoil the Whole Barrel: Towards Automated Detection of Shadowed Domains. 537-552 - Samaneh Tajalizadehkhoob, Tom van Goethem, Maciej Korczynski, Arman Noroozian, Rainer Böhme, Tyler Moore, Wouter Joosen, Michel van Eeten:
Herding Vulnerable Cats: A Statistical Approach to Disentangle Joint Responsibility for Web Security in Shared Hosting. 553-567 - Panagiotis Kintis, Najmeh Miramirkhani, Charles Lever, Yizheng Chen, Rosa Romero Gómez, Nikolaos Pitropakis, Nick Nikiforakis, Manos Antonakakis:
Hiding in Plain Sight: A Longitudinal Study of Combosquatting Abuse. 569-586
Session C3: Machine Learning Privacy
- Congzheng Song, Thomas Ristenpart, Vitaly Shmatikov:
Machine Learning Models that Remember Too Much. 587-601 - Briland Hitaj, Giuseppe Ateniese, Fernando Pérez-Cruz:
Deep Models Under the GAN: Information Leakage from Collaborative Deep Learning. 603-618 - Jian Liu, Mika Juuti, Yao Lu, N. Asokan:
Oblivious Neural Network Predictions via MiniONN Transformations. 619-631
Session C4: From Verification to ABE
- Bernd Finkbeiner, Christian Müller, Helmut Seidl, Eugen Zalinescu:
Verifying Security Policies in Multi-agent Workflows with Loops. 633-645 - Miguel Ambrona, Gilles Barthe, Romain Gay, Hoeteck Wee:
Attribute-Based Encryption in the Generic Group Model: Automated Proofs and New Constructions. 647-664 - Shashank Agrawal, Melissa Chase:
FAME: Fast Attribute-based Message Encryption. 665-682
Session C5: Using Blockchains
- Jan Camenisch, Manu Drijvers, Maria Dubovitskaya:
Practical UC-Secure Delegatable Credentials with Attributes and Their Application to Blockchain. 683-699 - Ethan Cecchetti, Fan Zhang, Yan Ji, Ahmed E. Kosba, Ari Juels, Elaine Shi:
Solidus: Confidential Distributed Ledger Transactions via PVORM. 701-717 - Arka Rai Choudhuri, Matthew Green, Abhishek Jain, Gabriel Kaptchuk, Ian Miers:
Fairness in an Unfair World: Fair Multiparty Computation from Public Bulletin Boards. 719-728
Session D1: Functional Encryption and Obfuscation
- Brent Carmer, Alex J. Malozemoff, Mariana Raykova:
5Gen-C: Multi-input Functional Encryption and Program Obfuscation for Arithmetic Circuits. 747-764 - Ben Fisch, Dhinakaran Vinayagamurthy, Dan Boneh, Sergey Gorbunov:
IRON: Functional Encryption using Intel SGX. 765-782 - Shai Halevi, Tzipora Halevi, Victor Shoup, Noah Stephens-Davidowitz:
Implementing BP-Obfuscation Using Graph-Induced Encoding. 783-798
Session D2: Vulnerable Mobile Apps
- Chaoshun Zuo, Qingchuan Zhao, Zhiqiang Lin:
AUTHSCOPE: Towards Automatic Discovery of Vulnerable Authorizations in Online Services. 799-813 - Yi Chen, Wei You, Yeonjoon Lee, Kai Chen, XiaoFeng Wang, Wei Zou:
Mass Discovery of Android Traffic Imprints through Instantiated Partial Execution. 815-828 - Tongxin Li, Xueqiang Wang, Mingming Zha, Kai Chen, XiaoFeng Wang, Luyi Xing, Xiaolong Bai, Nan Zhang, Xinhui Han:
Unleashing the Walking Dead: Understanding Cross-App Remote Infections on Mobile WebViews. 829-844
Session D3: Logical Side Channels
- Daniel Genkin, Luke Valenta, Yuval Yarom:
May the Fourth Be With You: A Microarchitectural Side Channel Attack on Several Real-World Applications of Curve25519. 845-858 - Yuan Xiao, Mengyuan Li, Sanchuan Chen, Yinqian Zhang:
STACCO: Differentially Analyzing Side-Channel Traces for Detecting SSL/TLS Vulnerabilities in Secure Enclaves. 859-874 - Jia Chen, Yu Feng, Isil Dillig:
Precise Detection of Side-Channel Vulnerabilities using Quantitative Cartesian Hoare Logic. 875-890
Session D4: Crypto Primitives
- Mihir Bellare, Joseph Jaeger, Julia Len:
Better Than Advertised: Improved Collision-Resistance Guarantees for MD-Based Hash Functions. 891-906 - Alexander Russell, Qiang Tang, Moti Yung, Hong-Sheng Zhou:
Generic Semantic Security against a Kleptographic Adversary. 907-922 - Mihir Bellare, Wei Dai:
Defending Against Key Exfiltration: Efficiency Improvements for Big-Key Cryptography via Large-Alphabet Subkey Prediction. 923-940
Session D5: Network Security
- Qi Alfred Chen, Matthew Thomas, Eric Osterweil, Yulong Cao, Jie You, Zhuoqing Morley Mao:
Client-side Name Collision Vulnerability in the New gTLD Era: A Systematic Study. 941-956 - Thomas Vissers, Timothy Barron, Tom van Goethem, Wouter Joosen, Nick Nikiforakis:
The Wolf of Name Street: Hijacking Domains Through Their Nameservers. 957-970 - Zain Shamsi, Daren B. H. Cline, Dmitri Loguinov:
Faulds: A Non-Parametric Iterative Classifier for Internet-Wide OS Fingerprinting. 971-982
Session E1: Hardening Crypto
- Dmitry Kogan, Nathan Manohar, Dan Boneh:
T/Key: Second-Factor Authentication From Secure Hash Chains. 983-999 - Joël Alwen, Jeremiah Blocki, Benjamin Harsha:
Practical Graphs for Optimal Side-Channel Resistant Memory-Hard Functions. 1001-1017 - Shay Gueron, Yehuda Lindell:
Better Bounds for Block Cipher Modes of Operation via Nonce-Based Key Derivation. 1019-1036
Session E2: Securing Mobile Apps
- Jie Huang, Oliver Schranz, Sven Bugiel, Michael Backes:
The ART of App Compartmentalization: Compiler-based Library Privilege Separation on Stock Android. 1037-1049 - Lingguang Lei, Yi He, Kun Sun, Jiwu Jing, Yuewu Wang, Qi Li, Jian Weng:
Vulnerable Implicit Service: A Revisit. 1051-1063 - Duc Cuong Nguyen, Dominik Wermke, Yasemin Acar, Michael Backes, Charles Weir, Sascha Fahl:
A Stitch in Time: Supporting Android Developers in WritingSecure Code. 1065-1077
Session E3: Physical Side Channels
- Mohammad A. Islam, Shaolei Ren, Adam Wierman:
Exploiting a Thermal Side Channel for Power Attacks in Multi-Tenant Data Centers. 1079-1094 - Yi Han, Sriharsha Etigowni, Hua Liu, Saman A. Zonouz, Athina P. Petropulu:
Watch Me, but Don't Touch Me! Contactless Control Flow Monitoring via Electromagnetic Emanations. 1095-1108 - Kyong-Tak Cho, Kang G. Shin:
Viden: Attacker Identification on In-Vehicle Networks. 1109-1123
Session E4: Adversarial Social Networking
- Yizheng Chen, Yacin Nadji, Athanasios Kountouras, Fabian Monrose, Roberto Perdisci, Manos Antonakakis, Nikolaos Vasiloglou:
Practical Attacks Against Graph-based Clustering. 1125-1142 - Yuanshun Yao, Bimal Viswanath, Jenna Cryan, Haitao Zheng, Ben Y. Zhao:
Automated Crowdturfing Attacks and Defenses in Online Review Systems. 1143-1158 - Shirin Nilizadeh, Francois Labreche, Alireza Sedighian, Ali Zand, José M. Fernandez, Christopher Kruegel, Gianluca Stringhini, Giovanni Vigna:
POISED: Spotting Twitter Spam Off the Beaten Paths. 1159-1174
Session E5: Privacy-Preserving Analytics
- Kallista A. Bonawitz, Vladimir Ivanov, Ben Kreuter, Antonio Marcedone, H. Brendan McMahan, Sarvar Patel, Daniel Ramage, Aaron Segal, Karn Seth:
Practical Secure Aggregation for Privacy-Preserving Machine Learning. 1175-1191 - Anupam Datta, Matthew Fredrikson, Gihyuk Ko, Piotr Mardziel, Shayak Sen:
Use Privacy in Data-Driven Systems: Theory and Experiments with Machine Learnt Programs. 1193-1210 - Fahad Shaon, Murat Kantarcioglu, Zhiqiang Lin, Latifur Khan:
SGX-BigMatrix: A Practical Encrypted Data Analytic Framework With Trusted Processors. 1211-1228
Session F1: Private Set Intersection
- Peter Rindal, Mike Rosulek:
Malicious-Secure Private Set Intersection via Dual Execution. 1229-1242 - Hao Chen, Kim Laine, Peter Rindal:
Fast Private Set Intersection from Homomorphic Encryption. 1243-1255 - Vladimir Kolesnikov, Naor Matania, Benny Pinkas, Mike Rosulek, Ni Trieu:
Practical Multi-party Private Set Intersection from Symmetric-Key Techniques. 1257-1272
Session F2: Insights from Log(in)s
- Hossein Siadati, Nasir D. Memon:
Detecting Structurally Anomalous Logins Within Enterprise Networks. 1273-1284 - Min Du, Feifei Li, Guineng Zheng, Vivek Srikumar:
DeepLog: Anomaly Detection and Diagnosis from System Logs through Deep Learning. 1285-1298 - Leyla Bilge, Yufei Han, Matteo Dell'Amico:
RiskTeller: Predicting the Risk of Cyber Incidents. 1299-1311
Session F3: Crypto Pitfalls
- Mathy Vanhoef, Frank Piessens:
Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2. 1313-1328 - Maliheh Shirvanian, Nitesh Saxena:
CCCP: Closed Caption Crypto Phones to Resist MITM Attacks, Human Errors and Click-Through. 1329-1342 - Yong Li, Sven Schäge:
No-Match Attacks and Robust Partnering Definitions: Defining Trivial Attacks for Security Protocols is Not Trivial. 1343-1360
Session F4: Private Queries
- Syed Mahbub Hafiz, Ryan Henry:
Querying for Queries: Indexes of Queries for Efficient and Expressive IT-PIR. 1361-1373 - Yan Chen, Ashwin Machanavajjhala, Michael Hay, Gerome Miklau:
PeGaSus: Data-Adaptive Differentially Private Stream Processing. 1375-1388 - Xi He, Ashwin Machanavajjhala, Cheryl J. Flynn, Divesh Srivastava:
Composing Differential Privacy and Secure Computation: A Case Study on Scaling Private Record Linkage. 1389-1406
Session F5: Understanding Security Fails
- Mustafa Emre Acer, Emily Stark, Adrienne Porter Felt, Sascha Fahl, Radhika Bhargava, Bhanu Dev, Matt Braithwaite, Ryan Sleevi, Parisa Tabriz:
Where the Wild Warnings Are: Root Causes of Chrome HTTPS Certificate Errors. 1407-1420 - Kurt Thomas, Frank Li, Ali Zand, Jacob Barrett, Juri Ranieri, Luca Invernizzi, Yarik Markov, Oxana Comanescu, Vijay Eranti, Angelika Moscicki, Daniel Margolis, Vern Paxson, Elie Bursztein:
Data Breaches, Phishing, or Malware?: Understanding the Risks of Stolen Credentials. 1421-1434 - Doowon Kim, Bum Jun Kwon, Tudor Dumitras:
Certified Malware: Measuring Breaches of Trust in the Windows Code-Signing PKI. 1435-1448
Session G1: Searchable Encryption
- Kee Sung Kim, Minkyu Kim, Dongsoo Lee, Je Hong Park, Woo-Hwan Kim:
Forward Secure Dynamic Searchable Symmetric Encryption with Efficient Updates. 1449-1463 - Raphaël Bost, Brice Minaud, Olga Ohrimenko:
Forward and Backward Private Searchable Encryption from Constrained Cryptographic Primitives. 1465-1482
Session G2: Bug-Hunting Risks and Rewards
- Luca Allodi:
Economic Factors of Vulnerability Trade and Exploitation. 1483-1499 - Alexander Gamero-Garrido, Stefan Savage, Kirill Levchenko, Alex C. Snoeren:
Quantifying the Pressure of Legal Risks on Third-party Vulnerability Research. 1501-1513
Session G3: Crypto Standards
- Mihir Bellare, Viet Tung Hoang:
Identity-Based Format-Preserving Encryption. 1515-1532 - Animesh Chhotaray, Adib Nahiyan, Thomas Shrimpton, Domenic Forte, Mark M. Tehranipoor:
Standardizing Bad Cryptographic Practice: A Teardown of the IEEE Standard for Protecting Electronic-design Intellectual Property. 1533-1546
Session G4: Voting
- Gottfried Herold, Max Hoffmann, Michael Klooß, Carla Ràfols, Andy Rupp:
New Techniques for Structural Batch Verification in Bilinear Groups with Applications to Groth-Sahai Proofs. 1547-1564 - Rafaël del Pino, Vadim Lyubashevsky, Gregory Neven, Gregor Seiler:
Practical Quantum-Safe Voting from Lattices. 1565-1581
Session G5: Hardening Hardware
- Vasilios Mavroudis, Andrea Cerulli, Petr Svenda, Dan Cvrcek, Dusan Klinec, George Danezis:
A Touch of Evil: High-Assurance Cryptographic Hardware from Untrusted Components. 1583-1600 - Muhammad Yasin, Abhrajit Sengupta, Mohammed Thari Nabeel, Mohammed Ashraf, Jeyavijayan Rajendran, Ozgur Sinanoglu:
Provably-Secure Logic Locking: From Theory To Practice. 1601-1618
Session H1: Crypto Attacks
- Matús Nemec, Marek Sýs, Petr Svenda, Dusan Klinec, Vashek Matyas:
The Return of Coppersmith's Attack: Practical Factorization of Widely Used RSA Moduli. 1631-1648 - Sebastian Berndt, Maciej Liskiewicz:
Algorithm Substitution Attacks from a Steganographic Perspective. 1649-1660 - Shahin Tajik, Heiko Lohrke, Jean-Pierre Seifert, Christian Boit:
On the Power of Optical Contactless Probing: Attacking Bitstream Encryption of FPGAs. 1661-1674
Session H2: Code Reuse Attacks
- Victor van der Veen, Dennis Andriesse, Manolis Stamatogiannakis, Xi Chen, Herbert Bos, Cristiano Giuffrida:
The Dynamics of Innocent Flesh on the Bone: Code Reuse Ten Years Later. 1675-1689 - David Korczynski, Heng Yin:
Capturing Malware Propagations with Code Injections and Code-Reuse Attacks. 1691-1708 - Sebastian Lekies, Krzysztof Kotowicz, Samuel Groß, Eduardo A. Vela Nava, Martin Johns:
Code-Reuse Attacks for the Web: Breaking Cross-Site Scripting Mitigations via Script Gadgets. 1709-1723
Session H3: Web Security
- Huasong Shan, Qingyang Wang, Calton Pu:
Tail Attacks on Web Applications. 1725-1739 - Ada Lerner, Tadayoshi Kohno, Franziska Roesner:
Rewriting History: Changing the Archived Web from the Present. 1741-1755 - Giancarlo Pellegrino, Martin Johns, Simon Koch, Michael Backes, Christian Rossow:
Deemon: Detecting CSRF with Dynamic Analysis and Property Graphs. 1757-1771
Session H4: Formal Verification
- Cas Cremers, Marko Horvat, Jonathan Hoyland, Sam Scott, Thyla van der Merwe:
A Comprehensive Symbolic Analysis of TLS 1.3. 1773-1788 - Jean Karim Zinzindohoué, Karthikeyan Bhargavan, Jonathan Protzenko, Benjamin Beurdouche:
HACL*: A Verified Modern Cryptographic Library. 1789-1806 - José Bacelar Almeida, Manuel Barbosa, Gilles Barthe, Arthur Blot, Benjamin Grégoire, Vincent Laporte, Tiago Oliveira, Hugo Pacheco, Benedikt Schmidt, Pierre-Yves Strub:
Jasmin: High-Assurance and High-Speed Cryptography. 1807-1823
Session I1: Post-Quantum
- Melissa Chase, David Derler, Steven Goldfeder, Claudio Orlandi, Sebastian Ramacher, Christian Rechberger, Daniel Slamanig, Greg Zaverucha:
Post-Quantum Zero-Knowledge and Signatures from Symmetric-Key Primitives. 1825-1842 - Peter Pessl, Leon Groot Bruinderink, Yuval Yarom:
To BLISS-B or not to be: Attacking strongSwan's Implementation of Post-Quantum Signatures. 1843-1855