default search action
28th CCS 2021: Virtual Event, Korea
- Yongdae Kim, Jong Kim, Giovanni Vigna, Elaine Shi:
CCS '21: 2021 ACM SIGSAC Conference on Computer and Communications Security, Virtual Event, Republic of Korea, November 15 - 19, 2021. ACM 2021, ISBN 978-1-4503-8454-4
Keynote Talks
- Cynthia Dwork:
Pseudo-Randomness and the Crystal Ball. 1-2 - Dawn Song:
Towards Building a Responsible Data Economy. 3 - Taesoo Kim:
Are we done yet? Our Journey to Fight against Memory-safety Bugs. 4
Session 1A: Cybercrime
- Ming Xu, Chuanwang Wang, Jitao Yu, Junjie Zhang, Kai Zhang, Weili Han:
Chunk-Level Password Guessing: Towards Modeling Refined Password Composition Representations. 5-20 - Stijn Pletinckx, Kevin Borgolte, Tobias Fiebig:
Out of Sight, Out of Mind: Detecting Orphaned Web Pages at Internet-Scale. 21-35 - Brian Kondracki, Babak Amin Azad, Oleksii Starov, Nick Nikiforakis:
Catching Transparent Phish: Analyzing and Detecting MITM Phishing Toolkits. 36-50 - Yihe Zhang, Xu Yuan, Jin Li, Jiadong Lou, Li Chen, Nian-Feng Tzeng:
Reverse Attack: Black-box Attacks on Collaborative Recommendation. 51-68 - Qingying Hao, Licheng Luo, Steve T. K. Jan, Gang Wang:
It's Not What It Looks Like: Manipulating Perceptual Hashing based Applications. 69-85
Session 1B: Attacks and Robustness
- Baolin Zheng, Peipei Jiang, Qian Wang, Qi Li, Chao Shen, Cong Wang, Yunjie Ge, Qingyang Teng, Shenyi Zhang:
Black-box Adversarial Attacks on Commercial Speech Platforms with Minimal Information. 86-107 - Jiaming Mu, Binghui Wang, Qi Li, Kun Sun, Mingwei Xu, Zhuotao Liu:
A Hard Label Black-box Adversarial Attack Against Graph Neural Networks. 108-125 - Alireza Bahramali, Milad Nasr, Amir Houmansadr, Dennis Goeckel, Don Towsley:
Robust Adversarial Attacks Against DNN-Based Wireless Communication Systems. 126-140 - Yue Zhao, Hong Zhu, Kai Chen, Shengzhi Zhang:
AI-Lancet: Locating Error-inducing Neurons to Optimize Neural Networks. 141-158
Session 1C: Zero Knowledge I
- Jiaheng Zhang, Tianyi Liu, Weijie Wang, Yinuo Zhang, Dawn Song, Xiang Xie, Yupeng Zhang:
Doubly Efficient Interactive Proofs for General Arithmetic Circuits with Linear Prover Time. 159-177 - Nicholas Franzese, Jonathan Katz, Steve Lu, Rafail Ostrovsky, Xiao Wang, Chenkai Weng:
Constant-Overhead Zero-Knowledge for RAM Programs. 178-191 - Carsten Baum, Lennart Braun, Alexander Munch-Hansen, Benoît Razet, Peter Scholl:
Appenzeller to Brie: Efficient Zero-Knowledge Proofs for Mixed-Mode Arithmetic and Z2k. 192-211 - Yuval Ishai, Hang Su, David J. Wu:
Shorter and Faster Post-Quantum Designated-Verifier zkSNARKs from Lattices. 212-234
Session 1D: Authentication and Click Fraud
- Emily Wenger, Max Bronckers, Christian Cianfarani, Jenna Cryan, Angela Sha, Haitao Zheng, Ben Y. Zhao:
"Hello, It's Me": Deep Learning-based Speech Synthesis Attacks in the Real World. 235-251 - Sena Sahin, Frank Li:
Don't Forget the Stuffing! Revisiting the Security Impact of Typo-Tolerant Password Authentication. 252-270 - Tong Zhu, Yan Meng, Haotian Hu, Xiaokuan Zhang, Minhui Xue, Haojin Zhu:
Dissecting Click Fraud Autonomy in the Wild. 271-286 - Suibin Sun, Le Yu, Xiaokuan Zhang, Minhui Xue, Ren Zhou, Haojin Zhu, Shuang Hao, Xiaodong Lin:
Understanding and Detecting Mobile Ad Fraud Through the Lens of Invalid Traffic. 287-303 - Sunwoo Lee, Wonsuk Choi, Dong Hoon Lee:
Usable User Authentication on a Smartwatch using Vibration. 304-319
Session 2A: Fuzzing and Bug Finding
- Carter Yagemann, Simon P. Chung, Brendan Saltaformaggio, Wenke Lee:
Automated Bug Hunting With Data-Driven Symbolic Root Cause Analysis. 320-336 - Xiaotao Feng, Ruoxi Sun, Xiaogang Zhu, Minhui Xue, Sheng Wen, Dongxi Liu, Surya Nepal, Yang Xiang:
Snipuzz: Black-box Fuzzing of IoT Firmware via Message Snippet Inference. 337-350 - Stefan Nagy, Anh Nguyen-Tuong, Jason D. Hiser, Jack W. Davidson, Matthew Hicks:
Same Coverage, Less Bloat: Accelerating Binary-only Fuzzing with Coverage-preserving Coverage-guided Tracing. 351-365 - Xinyang Ge, Ben Niu, Robert Brotzman, Yaohui Chen, HyungSeok Han, Patrice Godefroid, Weidong Cui:
HyperFuzzer: An Efficient Hybrid Fuzzer for Virtual CPUs. 366-378 - Insu Yun, Woosun Song, Seunggi Min, Taesoo Kim:
HardsHeap: A Universal and Extensible Framework for Evaluating Secure Allocators. 379-392
Session 2B: Formal Analysis and Verification
- Yuxin Wang, Zeyu Ding, Yingtai Xiao, Daniel Kifer, Danfeng Zhang:
DPGen: Automated Program Synthesis for Differential Privacy. 393-411 - Riccardo Focardi, Flaminia L. Luccio:
A Formally Verified Configuration for Hardware Security Modules in the Cloud. 412-428 - Klaus von Gleissenthall, Rami Gökhan Kici, Deian Stefan, Ranjit Jhala:
Solver-Aided Constant-Time Hardware Verification. 429-444 - Marco Patrignani, Marco Guarnieri:
Exorcising Spectres with Secure Compilers. 445-461 - Gilles Barthe, Benjamin Grégoire, Vincent Laporte, Swarn Priya:
Structured Leakage and Applications to Cryptographic Constant-Time and Cost. 462-476
Session 2C: Defenses for ML Robustness
- Yizheng Chen, Shiqi Wang, Yue Qin, Xiaojing Liao, Suman Jana, David A. Wagner:
Learning Security Classifiers with Verified Global Robustness Properties. 477-494 - Ryan Sheatsley, Blaine Hoak, Eric Pauley, Yohan Beugin, Michael J. Weisman, Patrick D. McDaniel:
On the Robustness of Domain Constraints. 495-515 - Tianyu Du, Shouling Ji, Lujia Shen, Yao Zhang, Jinfeng Li, Jie Shi, Chengfang Fang, Jianwei Yin, Raheem Beyah, Ting Wang:
Cert-RNN: Towards Certifying the Robustness of Recurrent Neural Networks. 516-534 - Linyi Li, Maurice Weber, Xiaojun Xu, Luka Rimanic, Bhavya Kailkhura, Tao Xie, Ce Zhang, Bo Li:
TSS: Transformation-Specific Smoothing for Robustness Certification. 535-557
Session 2D: Secure Multiparty Computation
- Haiyang Xue, Man Ho Au, Xiang Xie, Tsz Hon Yuen, Handong Cui:
Efficient Online-friendly Two-Party ECDSA Signature. 558-573 - David Heath, Vladimir Kolesnikov:
One Hot Garbling. 574-593 - Cyprien Delpech de Saint Guilhem, Eleftheria Makri, Dragos Rotaru, Titouan Tanguy:
The Return of Eratosthenes: Secure Generation of RSA Moduli using Distributed Sieving. 594-609 - Toshinori Araki, Jun Furukawa, Kazuma Ohara, Benny Pinkas, Hanan Rosemarin, Hikaru Tsuchida:
Secure Graph Analysis at Scale. 610-629 - Nuttapong Attrapadung, Goichiro Hanaoka, Takahiro Matsuda, Hiraku Morita, Kazuma Ohara, Jacob C. N. Schuldt, Tadanori Teruya, Kazunari Tozawa:
Oblivious Linear Group Actions and Applications. 630-650
Session 3A: Side Channel
- Alexander S. La Cour, Khurram K. Afridi, G. Edward Suh:
Wireless Charging Power Side-Channel Attacks. 651-665 - Chien-Ying Chen, Debopam Sanyal, Sibin Mohan:
Indistinguishability Prevents Scheduler Side Channels in Real-Time Systems. 666-684 - Madura A. Shelton, Lukasz Chmielewski, Niels Samwel, Markus Wagner, Lejla Batina, Yuval Yarom:
Rosita++: Automatic Higher-Order Leakage Elimination from Cryptographic Code. 685-699 - Wenqiang Jin, Srinivasan Murali, Huadi Zhu, Ming Li:
Periscope: A Keystroke Inference Attack Using Human Coupled Electromagnetic Emanations. 700-714 - Pietro Borrello, Daniele Cono D'Elia, Leonardo Querzoni, Cristiano Giuffrida:
Constantine: Automatic Side-Channel Resistance Using Efficient Control and Data Flow Linearization. 715-733
Session 3B: Operating Systems
- Muhui Jiang, Lin Ma, Yajin Zhou, Qiang Liu, Cen Zhang, Zhi Wang, Xiapu Luo, Lei Wu, Kui Ren:
ECMO: Peripheral Transplantation to Rehost Embedded Linux Kernels. 734-748 - Weiteng Chen, Yu Wang, Zheng Zhang, Zhiyun Qian:
SyzGen: Automated Generation of Syscall Specification of Closed-Source macOS Drivers. 749-763 - Nanzi Yang, Wenbo Shen, Jinku Li, Yutian Yang, Kangjie Lu, Jietao Xiao, Tianyu Zhou, Chenggang Qin, Wang Yu, Jianfeng Ma, Kui Ren:
Demons in the Shared Kernel: Abstract Resource Attacks Against OS-level Virtualization. 764-778 - Jinhua Cui, Jason Zhijingcheng Yu, Shweta Shinde, Prateek Saxena, Zhiping Cai:
SmashEx: Smashing SGX Enclaves Using Exceptions. 779-793 - Lirong Fu, Shouling Ji, Kangjie Lu, Peiyu Liu, Xuhong Zhang, Yuxuan Duan, Zihui Zhang, Wenzhi Chen, Yanjun Wu:
CPscan: Detecting Bugs Caused by Code Pruning in IoT Kernels. 794-810 - Hang Zhang, Weiteng Chen, Yu Hao, Guoren Li, Yizhuo Zhai, Xiaochen Zou, Zhiyun Qian:
Statically Discovering High-Order Taint Style Vulnerabilities in OS Kernels. 811-824
Session 3C: Inference Attacks
- Mohammad Malekzadeh, Anastasia Borovykh, Deniz Gündüz:
Honest-but-Curious Nets: Sensitive Attributes of Private Inputs Can Be Secretly Coded into the Classifiers' Outputs. 825-844 - Xinlei He, Yang Zhang:
Quantifying and Mitigating Privacy Risks of Contrastive Learning. 845-863 - Minxing Zhang, Zhaochun Ren, Zihan Wang, Pengjie Ren, Zhumin Chen, Pengfei Hu, Yang Zhang:
Membership Inference Attacks Against Recommender Systems. 864-879 - Zheng Li, Yang Zhang:
Membership Leakage in Label-Only Exposures. 880-895 - Min Chen, Zhikun Zhang, Tianhao Wang, Michael Backes, Mathias Humbert, Yang Zhang:
When Machine Unlearning Jeopardizes Privacy. 896-911
Session 3D: DoS
- Yuanjie Li, Hewu Li, Zhizheng Lv, Xingkun Yao, Qianru Li, Jianping Wu:
Deterrence of Intelligent DDoS via Multi-Hop Traffic Divergence. 923-939 - Harm Griffioen, Kris Oosthoek, Paul van der Knaap, Christian Doerr:
Scan, Test, Execute: Adversarial Tactics in Amplification DDoS Attacks. 940-954 - Junjie Xiong, Mingkui Wei, Zhuo Lu, Yao Liu:
Warmonger: Inflicting Denial-of-Service via Serverless Functions in the Cloud. 955-969 - Daniel Wagner, Daniel Kopp, Matthias Wichtlhuber, Christoph Dietzel, Oliver Hohlfeld, Georgios Smaragdakis, Anja Feldmann:
United We Stand: Collaborative Detection and Mitigation of Amplification DDoS Attacks at Scale. 970-987
Session 4A: Modeling Blockchains and Distributed Ledgers
- Muhammad Saad, Afsah Anwar, Srivatsan Ravi, David Mohaisen:
Revisiting Nakamoto Consensus in Asynchronous Networks: A Comprehensive Analysis of Bitcoin Safety and ChainQuality. 988-1005 - Andrew Lewis-Pye, Tim Roughgarden:
How Does Blockchain Security Dictate Blockchain Implementation? 1006-1019 - Poulami Das, Andreas Erwig, Sebastian Faust, Julian Loss, Siavash Riahi:
The Exact Security of BIP32 Wallets. 1020-1042 - Mike Graf, Daniel Rausch, Viktoria Ronge, Christoph Egger, Ralf Küsters, Dominique Schröder:
A Security Framework for Distributed Ledgers. 1043-1064
Session 4B: Wireless, Mobile, and IoT
- Michalis Diamantaris, Serafeim Moustakas, Lichao Sun, Sotiris Ioannidis, Jason Polakis:
This Sneaky Piggy Went to the Android Ad Market: Misusing Mobile Sensors for Stealthy Data Exfiltration. 1065-1081 - Syed Rafiul Hussain, Imtiaz Karim, Abdullah Al Ishtiaq, Omar Chowdhury, Elisa Bertino:
Noncompliance as Deviant Behavior: An Automated Black-box Noncompliance Checker for 4G LTE Cellular Devices. 1082-1099 - Man Hong Hue, Joyanta Debnath, Kin Man Leung, Li Li, Mohsen Minaei, M. Hammad Mazhar, Kailiang Xian, Md. Endadul Hoque, Omar Chowdhury, Sze Yiu Chau:
All your Credentials are Belong to Us: On Insecure WPA2-Enterprise Configurations. 1100-1117 - Xiaofeng Shi, Shouqian Shi, Minmei Wang, Jonne Kaunisto, Chen Qian:
On-device IoT Certificate Revocation Checking with Small Memory and Low Latency. 1118-1134
Session 4C: Private Set Intersection
- Kelong Cong, Radames Cruz Moreno, Mariana Botelho da Gama, Wei Dai, Ilia Iliashenko, Kim Laine, Michael Rosenberg:
Labeled PSI from Homomorphic Encryption with Reduced Computation and Communication. 1135-1150 - Ofri Nevo, Ni Trieu, Avishay Yanai:
Simple, Fast Malicious Multiparty Private Set Intersection. 1151-1165 - Mike Rosulek, Ni Trieu:
Compact and Malicious Private Set Intersection for Small Sets. 1166-1181 - Nishanth Chandran, Nishka Dasgupta, Divya Gupta, Sai Lakshmi Bhavana Obbattu, Sruthi Sekar, Akash Shah:
Efficient Linear Multiparty PSI and Extensions to Circuit/Quorum PSI. 1182-1204
Session 4D: Differential Privacy
- Benjamin Weggenmann, Florian Kerschbaum:
Differential Privacy for Directional Data. 1205-1222 - Martin Aumüller, Christian Janos Lebeda, Rasmus Pagh:
Differentially Private Sparse Vectors with Low Error, Optimal Space, and Fast Access. 1223-1236 - Tianhao Wang, Joann Qiongna Chen, Zhikun Zhang, Dong Su, Yueqiang Cheng, Zhou Li, Ninghui Li, Somesh Jha:
Continuous Release of Data Streams under both Centralized and Local Differential Privacy. 1237-1253 - Franziska Boenisch, Reinhard Munz, Marcel Tiepelt, Simon Hanisch, Christiane Kuhn, Paul Francis:
Side-Channel Attacks on Query-Based Data Anonymization. 1254-1265 - Linkang Du, Zhikun Zhang, Shaojie Bai, Changchang Liu, Shouling Ji, Peng Cheng, Jiming Chen:
AHEAD: Adaptive Hierarchical Decomposition for Range Query under Local Differential Privacy. 1266-1288
Session 5A: Control System Security
- Yan Jia, Bin Yuan, Luyi Xing, Dongfang Zhao, Yifan Zhang, XiaoFeng Wang, Yijing Liu, Kaimin Zheng, Peyton Crnjak, Yuqing Zhang, Deqing Zou, Hai Jin:
Who's In Control? On Security Risks of Disjointed IoT Device Management Channels. 1289-1305 - Dianqi Han, Ang Li, Jiawei Li, Yan Zhang, Tao Li, Yanchao Zhang:
DroneKey: A Drone-Aided Group-Key Generation Scheme for Large-Scale IoT Networks. 1306-1319 - Abel Zambrano, Alejandro Palacio Betancur, Luis Burbano, Andres Felipe Niño, Luis Felipe Giraldo, Mariantonieta Gutierrez Soto, Jairo Giraldo, Alvaro A. Cárdenas:
You Make Me Tremble: A First Look at Attacks Against Structural Control Systems. 1320-1337 - Tohid Shekari, Celine Irvene, Alvaro A. Cárdenas, Raheem Beyah:
MaMIoT: Manipulation of Energy Market Leveraging High Wattage IoT Botnets. 1338-1356 - Fritz Alder, Jo Van Bulck, Frank Piessens, Jan Tobias Mühlberg:
Aion: Enabling Open Systems through Strong Availability Guarantees for Enclaves. 1357-1372
Session 5B: PKI and Access Control
- Yiming Zhang, Baojun Liu, Chaoyi Lu, Zhou Li, Haixin Duan, Jiachen Li, Zaifeng Zhang:
Rusted Anchors: A National Client-Side View of Hidden Root CAs in the Web PKI Ecosystem. 1373-1387 - Joyanta Debnath, Sze Yiu Chau, Omar Chowdhury:
On Re-engineering the X.509 PKI with Executable Specification for Better Implementation Guarantees. 1388-1404 - Sean Dougherty, Reza Tourani, Gaurav Panwar, Roopa Vishwanathan, Satyajayant Misra, Srikathyayani Srikanteswara:
APECS: A Distributed Access Control Framework for Pervasive Edge Computing Services. 1405-1420 - Tianxiang Dai, Haya Schulmann, Michael Waidner:
Let's Downgrade Let's Encrypt. 1421-1440
Session 5C: Messaging and Privacy
- Keitaro Hashimoto, Shuichi Katsumata, Eamonn W. Postlethwaite, Thomas Prest, Bas Westerbaan:
A Concrete Treatment of Efficient Continuous Group Key Agreement via Multi-Recipient PKEs. 1441-1462 - Joël Alwen, Sandro Coretti, Yevgeniy Dodis, Yiannis Tselekounis:
Modular Design of Secure Group Messaging Protocols and the Security of MLS. 1463-1483 - Charlotte Peale, Saba Eskandarian, Dan Boneh:
Secure Complaint-Enabled Source-Tracking for Encrypted Messaging. 1484-1506 - Gabrielle Beck, Julia Len, Ian Miers, Matthew Green:
Fuzzy Message Detection. 1507-1528 - Gabriel Kaptchuk, Tushar M. Jois, Matthew Green, Aviel D. Rubin:
Meteor: Cryptographically Secure Steganography for Realistic Distributions. 1529-1548 - Jean Paul Degabriele:
Hiding the Lengths of Encrypted Messages via Gaussian Padding. 1549-1565
Session 5D: Misc: Android and Vulnerabilities
- Fenghao Xu, Siyu Shen, Wenrui Diao, Zhou Li, Yi Chen, Rui Li, Kehuan Zhang:
Android on PC: On the Security of End-user Android Emulators. 1566-1580 - Xiaobo Xiang, Ren Zhang, Hanxiang Wen, Xiaorui Gong, Baoxu Liu:
Ghost in the Binder: Binder Transaction Redirection Attacks in Android System Services. 1581-1597 - Zeinab El-Rewini, Yousra Aafer:
Dissecting Residual APIs in Custom Android ROMs. 1598-1611 - Mohannad Ismail, Jinwoo Yom, Christopher Jelesnianski, Yeongjin Jang, Changwoo Min:
VIP: Safeguard Value Invariant Property for Thwarting Critical Memory Corruption Attacks. 1612-1626 - Dinghao Liu, Qiushi Wu, Shouling Ji, Kangjie Lu, Zhenguang Liu, Jianhai Chen, Qinming He:
Detecting Missed Security Operations Through Differential Checking of Object-based Similar Paths. 1627-1644
Session 6A: Consensus and Attacks
- Kai Li, Yibo Wang, Yuzhe Tang:
DETER: Denial of Ethereum Txpool sERvices. 1645-1667 - Muhammad Saad, Songqing Chen, David Mohaisen:
SyncAttack: Double-spending in Bitcoin Without Mining Power. 1668-1685 - Atsuki Momose, Ling Ren:
Multi-Threshold Byzantine Fault Tolerance. 1686-1699 - Xuechao Wang, Viswa Virinchi Muppirala, Lei Yang, Sreeram Kannan, Pramod Viswanath:
Securing Parallel-chain Protocols under Variable Mining Power. 1700-1721 - Peiyao Sheng, Gerui Wang, Kartik Nayak, Sreeram Kannan, Pramod Viswanath:
BFT Protocol Forensics. 1722-1743
Session 6B: Web Vulnerabilities
- Nikos Vasilakis, Achilles Benetopoulos, Shivam Handa, Alizee Schoen, Jiasi Shen, Martin C. Rinard:
Supply-Chain Vulnerability Elimination via Active Learning and Regeneration. 1755-1770 - Lukas Knittel, Christian Mainka, Marcus Niemietz, Dominik Trevor Noß, Jörg Schwenk:
XSinator.com: From a Formal Model to the Automatic Evaluation of Cross-Site Leaks in Web Browsers. 1771-1788 - Aurore Fass, Dolière Francis Somé, Michael Backes, Ben Stock:
DoubleX: Statically Detecting Vulnerable Data Flows in Browser Extensions at Scale. 1789-1804 - Bahruz Jabiyev, Steven Sprecher, Kaan Onarlioglu, Engin Kirda:
T-Reqs: HTTP Request Smuggling with Differential Fuzzing. 1805-1820 - Nikos Vasilakis, Cristian-Alexandru Staicu, Grigoris Ntousakis, Konstantinos Kallas, Ben Karel, André DeHon, Michael Pradel:
Preventing Dynamic Library Compromise on Node.js via RWX-Based Privilege Reduction. 1821-1838 - Meng Wang, Chijung Jung, Ali Ahad, Yonghwi Kwon:
Spinner: Automated Dynamic Command Subsystem Perturbation. 1839-1860
Session 6C: Audio Systems and Autonomous Driving
- Yanjiao Chen, Yijie Bai, Richard Mitev, Kaibo Wang, Ahmad-Reza Sadeghi, Wenyuan Xu:
FakeWake: Understanding and Mitigating Fake Wake-up Words of Voice Assistants. 1861-1883 - Zhuohang Li, Cong Shi, Tianfang Zhang, Yi Xie, Jian Liu, Bo Yuan, Yingying Chen:
Robust Detection of Machine-induced Audio Attacks in Intelligent Audio Systems with Microphone Array. 1884-1899 - Ben Nassi, Yaron Pirutin, Tomer Cohen Galor, Yuval Elovici, Boris Zadov:
Glowworm Attack: Optical TEMPEST Sound Recovery via a Device's Power Indicator LED. 1900-1914 - Xiaoyu Ji, Juchuan Zhang, Shui Jiang, Jishen Li, Wenyuan Xu:
CapSpeaker: Injecting Voices to Microphones via Capacitors. 1915-1929 - Wei Wang, Yao Yao, Xin Liu, Xiang Li, Pei Hao, Ting Zhu:
I Can See the Light: Attacks on Autonomous Vehicles Using Invisible Lights. 1930-1944 - Yi Zhu, Chenglin Miao, Tianhang Zheng, Foad Hajiaghajani, Lu Su, Chunming Qiao:
Can We Use Arbitrary Objects to Attack LiDAR Perception in Autonomous Driving? 1945-1960