default search action
Google
Google Scholar
Semantic Scholar
Internet Archive Scholar
CiteSeerX
ORCID27th USENIX Security Symposium 2018: Baltimore, MD, USA
- William Enck, Adrienne Porter Felt:
27th USENIX Security Symposium, USENIX Security 2018, Baltimore, MD, USA, August 15-17, 2018. USENIX Association 2018
Security Impacting the Physical World
- Nolen Scaife, Christian Peeters, Patrick Traynor:
Fear the Reaper: Characterization and Fast Detection of Card Skimmers. 1-14 - Saleh Soltan, Prateek Mittal, H. Vincent Poor:
BlackIoT: IoT Botnet of High Wattage Devices Can Disrupt the Power Grid. 15-32 - Deepak Kumar, Riccardo Paccagnella, Paul Murley, Eric Hennenfent, Joshua Mason, Adam Bates, Michael D. Bailey:
Skill Squatting Attacks on Amazon Alexa. 33-47 - Xuejing Yuan, Yuxuan Chen, Yue Zhao, Yunhui Long, Xiaokang Liu, Kai Chen, Shengzhi Zhang, Heqing Huang, Xiaofeng Wang, Carl A. Gunter:
CommanderSong: A Systematic Approach for Practical Adversarial Voice Recognition. 49-64
Memory Defenses
- Abraham A. Clements, Naif Saleh Almakhdhub, Saurabh Bagchi, Mathias Payer:
ACES: Automatic Compartments for Embedded Systems. 65-82 - Tommaso Frassetto, Patrick Jauernig, Christopher Liebchen, Ahmad-Reza Sadeghi:
IMIX: In-Process Memory Isolation EXtension. 83-97 - Moritz Eckert, Antonio Bianchi, Ruoyu Wang, Yan Shoshitaishvili, Christopher Kruegel, Giovanni Vigna:
HeapHopper: Bringing Bounded Model Checking to Heap Implementation Security. 99-116 - Sam Silvestro, Hongyu Liu, Tianyi Liu, Zhiqiang Lin, Tongping Liu:
Guarder: A Tunable Secure Allocator. 117-133
Censorship and Web Privacy
- Antoine Vastel, Pierre Laperdrix, Walter Rudametkin, Romain Rouvoy:
Fp-Scanner: The Privacy Implications of Browser Fingerprint Inconsistencies. 135-150 - Gertjan Franken, Tom van Goethem, Wouter Joosen:
Who Left Open the Cookie Jar? A Comprehensive Evaluation of Third-Party Cookie Policies. 151-168 - Diogo Barradas, Nuno Santos, Luís E. T. Rodrigues:
Effective Detection of Multimedia Protocol Tunneling using Machine Learning. 169-185 - Benjamin VanderSloot, Allison McDonald, Will Scott, J. Alex Halderman, Roya Ensafi:
Quack: Scalable Remote Measurement of Application-Layer Censorship. 187-202
Understanding How Humans Authenticate
- Sanam Ghorbani Lyastani, Michael Schilling, Sascha Fahl, Michael Backes, Sven Bugiel:
Better managed than memorized? Studying the Impact of Managers on Password Strength and Reuse. 203-220 - Xianyi Gao, Yulong Yang, Can Liu, Christos Mitropoulos, Janne Lindqvist, Antti Oulasvirta:
Forgetting of Passwords: Ecological Theory and Data. 221-238 - Ingolf Becker, Simon Parkin, M. Angela Sasse:
The Rewards and Costs of Stronger Passwords in a University: Linking Password Lifetime to Strength. 239-253 - Weijia He, Maximilian Golla, Roshni Padhi, Jordan Ofek, Markus Dürmuth, Earlence Fernandes, Blase Ur:
Rethinking Access Control and Authentication for the Home Internet of Things (IoT). 255-272
Vulnerability Discovery
- Dave (Jing) Tian, Grant Hernandez, Joseph I. Choi, Vanessa Frost, Christie Ruales, Patrick Traynor, Hayawardh Vijayakumar, Lee Harrison, Amir Rahmati, Michael Grace, Kevin R. B. Butler:
ATtention Spanned: Comprehensive Vulnerability Analysis of AT Commands Within the Android Ecosystem. 273-290 - Seyed Mohammadjavad Seyed Talebi, Hamid Tavakoli, Hang Zhang, Zheng Zhang, Ardalan Amiri Sani, Zhiyun Qian:
Charm: Facilitating Dynamic Analysis of Device Drivers of Mobile Systems. 291-307 - Nassim Corteggiani, Giovanni Camurati, Aurélien Francillon
:
Inception: System-Wide Security Testing of Real-World Embedded Systems Software. 309-326 - Xuan Feng, Qiang Li, Haining Wang, Limin Sun:
Acquisitional Rule-based Engine for Discovering Internet-of-Thing Devices. 327-341
Information Tracking
- Xiang Pan, Yinzhi Cao, Xuechao Du, Boyuan He, Gan Fang, Rui Shao, Yan Chen:
FlowCog: Context-aware Semantics Extraction and Analysis of Information Flow Leaks in Android Apps. 1669-1685 - Z. Berkay Celik, Leonardo Babun, Amit Kumar Sikder, Hidayet Aksu, Gang Tan, Patrick D. McDaniel, A. Selcuk Uluagac:
Sensitive Information Tracking in Commodity IoT. 1687-1704 - Yang Ji, Sangho Lee, Mattia Fazzini, Joey Allen, Evan Downing, Taesoo Kim, Alessandro Orso, Wenke Lee:
Enabling Refinable Cross-Host Attack Investigation with Efficient Data Flow Tagging and Tracking. 1705-1722 - Md Nahid Hossain, Junao Wang, R. Sekar, Scott D. Stoller:
Dependence-Preserving Data Compaction for Scalable Forensic Analysis. 1723-1740
Web Applications
- James C. Davis, Eric R. Williamson, Dongyoon Lee:
A Sense of Time for JavaScript and Node.js: First-Class Timeouts as a Cure for Event Handler Poisoning. 343-359 - Cristian-Alexandru Staicu, Michael Pradel:
Freezing the Web: A Study of ReDoS Vulnerabilities in JavaScript-based Web Servers. 361-376 - Abeer Alhuzali, Rigel Gjomemo, Birhanu Eshete, V. N. Venkatakrishnan:
NAVEX: Precise and Scalable Exploit Generation for Dynamic Web Applications. 377-392 - Wei Meng, Chenxiong Qian, Shuang Hao, Kevin Borgolte, Giovanni Vigna, Christopher Kruegel, Wenke Lee:
Rampart: Protecting Web Applications from CPU-Exhaustion Denial-of-Service Attacks. 393-410
Anonymity
- Philipp Winter, Anne Edmundson, Laura M. Roberts, Agnieszka Dutkowska-Zuk, Marshini Chetty, Nick Feamster:
How Do Tor Users Interact With Onion Services? 411-428 - Armon Barton, Matthew Wright, Jiang Ming, Mohsen Imani:
Towards Predicting Efficient and Anonymous Tor Circuits. 429-444 - Nirvan Tyagi, Muhammad Haris Mughees, Thomas Ristenpart, Ian Miers:
BurnBox: Self-Revocable Encryption in a World Of Compelled Access. 445-461 - George Kappos, Haaroon Yousaf, Mary Maller, Sarah Meiklejohn:
An Empirical Analysis of Anonymity in Zcash. 463-477
Privacy in a Digital World
- José González Cabañas, Ángel Cuevas, Rubén Cuevas:
Unveiling and Quantifying Facebook Exploitation of Sensitive Personal Data for Advertising Purposes. 479-495 - Wajih Ul Hassan, Saad Hussain, Adam Bates:
Analysis of Privacy Protections in Fitness Tracking Social Networks -or- You can run, but can you hide? 497-512 - Jinyuan Jia, Neil Zhenqiang Gong:
AttriGuard: A Practical Defense Against Attribute Inference Attacks via Adversarial Machine Learning. 513-529 - Hamza Harkous, Kassem Fawaz, Rémi Lebret, Florian Schaub, Kang G. Shin, Karl Aberer:
Polisis: Automated Analysis and Presentation of Privacy Policies Using Deep Learning. 531-548
Attacks on Crypto & Crypto Libraries
- Damian Poddebniak, Christian Dresen, Jens Müller, Fabian Ising, Sebastian Schinzel, Simon Friedberger, Juraj Somorovsky, Jörg Schwenk:
Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels. 549-566 - Dennis Felsch, Martin Grothe, Jörg Schwenk, Adam Czubak, Marcin Szymanek:
The Dangers of Key Reuse: Practical Attacks on IPsec IKE. 567-583 - Monjur Alam, Haider Adnan Khan, Moumita Dey, Nishith Sinha, Robert Locke Callan, Alenka G. Zajic, Milos Prvulovic:
One&Done: A Single-Decryption EM-Based Attack on OpenSSL's Constant-Time Blinded RSA. 585-602 - Samuel Weiser, Andreas Zankl, Raphael Spreitzer, Katja Miller, Stefan Mangard, Georg Sigl:
DATA - Differential Address Trace Analysis: Finding Address-based Side-Channels in Binaries. 603-620
Enterprise Security
- Rock Stevens, Daniel Votipka, Elissa M. Redmiles, Colin Ahern, Patrick Sweeney, Michelle L. Mazurek:
The Battle for New York: A Case Study of Applied Digital Threat Modeling at the Enterprise Level. 621-637 - Peng Gao, Xusheng Xiao, Ding Li, Zhichun Li, Kangkook Jee, Zhenyu Wu, Chung Hwan Kim, Sanjeev R. Kulkarni, Prateek Mittal:
SAQL: A Stream-based Query System for Real-Time Abnormal System Behavior Detection. 639-656
Zero-Knowledge
- Jonathan Frankle, Sunoo Park, Daniel Shaar, Shafi Goldwasser, Daniel J. Weitzner:
Practical Accountability of Secret Processes. 657-674 - Howard Wu, Wenting Zheng, Alessandro Chiesa, Raluca Ada Popa, Ion Stoica:
DIZK: A Distributed Zero Knowledge Proof System. 675-692
Network Defenses
- Roland Meier, Petar Tsankov, Vincent Lenders, Laurent Vanbever, Martin T. Vechev:
NetHide: Secure and Practical Network Topology Obfuscation. 693-709 - Zhiheng Liu, Zhen Zhang, Yinzhi Cao, Zhaohan Xi, Shihao Jing, Humberto J. La Roche:
Towards a Secure Zero-rating Framework with Three Parties. 711-728
Fuzzing and Exploit Generation
- Shankara Pailoor, Andrew Aday, Suman Jana:
MoonShine: Optimizing OS Fuzzer Seed Selection with Trace Distillation. 729-743 - Insu Yun, Sangho Lee, Meng Xu, Yeongjin Jang, Taesoo Kim:
QSYM : A Practical Concolic Execution Engine Tailored for Hybrid Fuzzing. 745-761 - Sean Heelan, Tom Melham, Daniel Kroening:
Automatic Heap Layout Manipulation for Exploitation. 763-779 - Wei Wu, Yueqi Chen, Jun Xu, Xinyu Xing, Xiaorui Gong, Wei Zou:
FUZE: Towards Facilitating Exploit Generation for Kernel Use-After-Free Vulnerabilities. 781-797
TLS and PKI
- Mark O'Neill, Scott Heidbrink, Jordan Whitehead, Tanner Perdue, Luke Dickinson, Torstein Collett, Nick Bonner, Kent E. Seamons, Daniel Zappala:
The Secure Socket API: TLS as an Operating System Service. 799-816 - Hanno Böck, Juraj Somorovsky, Craig Young:
Return Of Bleichenbacher's Oracle Threat (ROBOT). 817-849 - Henry Birge-Lee, Yixin Sun, Anne Edmundson, Jennifer Rexford, Prateek Mittal:
Bamboozling Certificate Authorities with BGP. 833-849 - Doowon Kim, Bum Jun Kwon, Kristián Kozák, Christopher Gates, Tudor Dumitras:
The Broken Shield: Measuring Revocation Effectiveness in the Windows Code-Signing PKI. 851-868
Vulnerability Mitigations
- Anh Quach, Aravind Prakash, Lok-Kwong Yan:
Debloating Software through Piece-Wise Compilation and Loading. 869-886 - Hang Zhang, Zhiyun Qian:
Precise and Accurate Patch Presence Test for Binaries. 887-902 - Chaowei Xiao, Armin Sarabi, Yang Liu, Bo Li, Mingyan Liu, Tudor Dumitras:
From Patching Delays to Infection Symptoms: Using Risk Profiles for an Early Discovery of Vulnerabilities Exploited in the Wild. 903-918 - Dongliang Mu, Alejandro Cuevas, Limin Yang, Hang Hu, Xinyu Xing, Bing Mao, Gang Wang:
Understanding the Reproducibility of Crowd-reported Security Vulnerabilities. 919-936
Side Channels
- Stephan van Schaik, Cristiano Giuffrida, Herbert Bos, Kaveh Razavi:
Malicious Management Unit: Why Stopping Cache Attacks in Software is Harder Than You Think. 937-954 - Ben Gras, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida:
Translation Leak-aside Buffer: Defeating Cache Side-channel Protections with TLB Attacks. 955-972 - Moritz Lipp, Michael Schwarz, Daniel Gruss, Thomas Prescher, Werner Haas, Anders Fogh, Jann Horn, Stefan Mangard, Paul Kocher, Daniel Genkin, Yuval Yarom, Mike Hamburg:
Meltdown: Reading Kernel Memory from User Space. 973-990 - Jo Van Bulck, Marina Minkin, Ofir Weisse, Daniel Genkin, Baris Kasikci, Frank Piessens, Mark Silberstein, Thomas F. Wenisch, Yuval Yarom, Raoul Strackx:
Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution. 991-1008
Cybercrime
- Rolf van Wegberg, Samaneh Tajalizadehkhoob, Kyle Soska, Ugur Akyazi, Carlos Hernandez Gañán, Bram Klievink, Nicolas Christin, Michel van Eeten:
Plug and Prey? Measuring the Commoditization of Cybercrime via Online Anonymous Markets. 1009-1026 - Kan Yuan, Haoran Lu, Xiaojing Liao, XiaoFeng Wang:
Reading Thieves' Cant: Automatically Identifying and Understanding Dark Jargons from Cybercrime Marketplaces. 1027-1041 - Mohammad Rezaeirad, Brown Farinholt, Hitesh Dharmdasani, Paul Pearce, Kirill Levchenko, Damon McCoy:
Schrödinger's RAT: Profiling the Stakeholders in the Remote Access Trojan Ecosystem. 1043-1060 - Leah Zhang-Kennedy, Hala Assal, Jessica N. Rocheleau, Reham Mohamed, Khadija Baig, Sonia Chiasson:
The aftermath of a crypto-ransomware attack at a large academic institution. 1061-1078
Web and Network Measurement
- Jianjun Chen, Jian Jiang, Hai-Xin Duan, Tao Wan, Shuo Chen, Vern Paxson, Min Yang:
We Still Don't Have Secure Cross-Domain Requests: an Empirical Study of CORS. 1079-1093 - Hang Hu, Gang Wang:
End-to-End Measurements of Email Spoofing Attacks. 1095-1112 - Baojun Liu, Chaoyi Lu, Hai-Xin Duan, Ying Liu, Zhou Li, Shuang Hao, Min Yang:
Who Is Answering My Queries: Understanding and Characterizing Interception of the DNS Resolution Path. 1113-1128 - Shuai Hao, Yubao Zhang, Haining Wang, Angelos Stavrou:
End-Users Get Maneuvered: Empirical Analysis of Redirection Hijacking in Content Delivery Networks. 1129-1145
Malware
- Jonathan P. Chapman:
SAD THUG: Structural Anomaly Detection for Transmissions of High-value Information Using Graphics. 1147-1164 - Samuel Schüppen, Dominik Teubert, Patrick Herrmann, Ulrike Meyer:
FANCI : Feature-based Automated NXDomain Classification and Intelligence. 1165-1181 - Xiaohan Zhang, Yuan Zhang, Qianqian Mo, Hao Xia, Zhemin Yang, Min Yang, Xiaofeng Wang, Long Lu, Hai-Xin Duan:
An Empirical Study of Web Resource Manipulation in Real-world Mobile Applications. 1183-1198 - Ashton Webster, Ryan Eckenrod, James Purtilo:
Fast and Service-preserving Recovery from Malware Infections Using CRIU. 1199-1211
Invited Talks
- Susan Landau:
The Second Crypto War - What's Different Now.
Subverting Hardware Protections
- Andrea Biondo, Mauro Conti, Lucas Davi, Tommaso Frassetto, Ahmad-Reza Sadeghi:
The Guard's Dilemma: Efficient Code-Reuse Attacks Against Intel SGX. 1213-1227 - Seunghun Han, Wook Shin, Jun-Hyeok Park, Hyoung-Chun Kim:
A Bad Dream: Subverting Trusted Platform Module While You Are Sleeping. 1229-1246
More Malware
- Michelle Y. Wong, David Lie:
Tackling runtime-based obfuscation in Android with TIRO. 1247-1262 - Richard Bonett, Kaushal Kafle, Kevin Moran, Adwait Nadkarni, Denys Poshyvanyk:
Discovering Flaws in Security-Focused Static Analysis Tools for Android using Systematic Mutation. 1263-1280
Attacks on Systems That Learn
- Bolun Wang, Yuanshun Yao, Bimal Viswanath, Haitao Zheng, Ben Y. Zhao:
With Great Training Comes Great Vulnerability: Practical Attacks against Transfer Learning. 1281-1297 - Octavian Suciu, Radu Marginean, Yigitcan Kaya, Hal Daumé III, Tudor Dumitras:
When Does Machine Learning FAIL? Generalized Transferability for Evasion and Poisoning Attacks. 1299-1316
Smart Contracts
- Johannes Krupp, Christian Rossow:
teEther: Gnawing at Ethereum to Automatically Exploit Smart Contracts. 1317-1333 - Lorenz Breidenbach, Philip Daian, Florian Tramèr, Ari Juels:
Enter the Hydra: Towards Principled Bug Bounties and Exploit-Resistant Smart Contracts. 1335-1352 - Harry A. Kalodner, Steven Goldfeder, Xiaoqi Chen, S. Matthew Weinberg, Edward W. Felten:
Arbitrum: Scalable, private smart contracts. 1353-1370 - Yi Zhou, Deepak Kumar, Surya Bakshi, Joshua Mason, Andrew Miller, Michael D. Bailey:
Erays: Reverse Engineering Ethereum's Opaque Smart Contracts. 1371-1385
Executing in Untrusted Environments
- Sinisa Matetic, Moritz Schneider, Andrew Miller, Ari Juels, Srdjan Capkun:
DelegaTEE: Brokered Delegation Using Trusted Execution Environments. 1387-1403 - Russell W. F. Lai, Christoph Egger, Manuel Reinert, Sherman S. M. Chow, Matteo Maffei, Dominique Schröder:
Simple Password-Hardened Encryption Services. 1405-1421 - Yuqiong Sun, David Safford, Mimi Zohar, Dimitrios Pendarakis, Zhongshu Gu, Trent Jaeger:
Security Namespace: Making Linux Security Frameworks Available to Containers. 1423-1439 - Xiaowan Dong, Zhuojia Shen, John Criswell, Alan L. Cox, Sandhya Dwarkadas:
Shielding Software From Privileged Side-Channel Attacks. 1441-1458
Web Authentication
- Ronghai Yang, Wing Cheong Lau, Jiongyi Chen, Kehuan Zhang:
Vetting Single Sign-On SDK Implementations via Symbolic Reasoning. 1459-1474 - Mohammad Ghasemisharif, Amrutha Ramesh, Stephen Checkoway, Chris Kanich, Jason Polakis:
O Single Sign-Off, Where Art Thou? An Empirical Analysis of Single Sign-On Account Hijacking and Session Management on the Web. 1475-1492 - Stefano Calzavara, Riccardo Focardi, Matteo Maffei, Clara Schneidewind, Marco Squarcina, Mauro Tempesta:
WPSE: Fortifying Web Protocols via Browser-Side Security Monitoring. 1493-1510 - Thanh Bui, Siddharth Prakash Rao, Markku Antikainen, Viswanathan Manihatty Bojan, Tuomas Aura:
Man-in-the-Machine: Exploiting Ill-Secured Communication Inside the Computer. 1511-1525
Wireless Attacks
- Kexiong Curtis Zeng, Shinan Liu, Yuanchao Shu, Dong Wang, Haoyu Li, Yanzhi Dou, Gang Wang, Yaling Yang:
All Your GPS Are Belong To Us: Towards Stealthy Manipulation of Road Navigation Systems. 1527-1544 - Yazhou Tu, Zhiqiang Lin, Insup Lee, Xiali Hei:
Injected and Delivered: Fabricating Implicit Control over Actuation Systems by Spoofing Inertial Sensors. 1545-1562 - Tom Chothia, Joeri de Ruiter, Ben Smyth:
Modelling and Analysis of a Hierarchy of Distance Bounding Attacks. 1563-1580 - Weiteng Chen, Zhiyun Qian:
Off-Path TCP Exploit: How Wireless Routers Can Jeopardize Your Secrets. 1581-1598
Neural Networks
- Shiqi Wang, Kexin Pei, Justin Whitehouse, Junfeng Yang, Suman Jana:
Formal Security Analysis of Neural Networks using Symbolic Intervals. 1599-1614 - Yossi Adi, Carsten Baum, Moustapha Cissé, Benny Pinkas, Joseph Keshet:
Turning Your Weakness Into a Strength: Watermarking Deep Neural Networks by Backdooring. 1615-1631 - Rakshith Shetty, Bernt Schiele, Mario Fritz:
A4NT: Author Attribute Anonymity by Adversarial Training of Neural Machine Translation. 1633-1650 - Chiraag Juvekar, Vinod Vaikuntanathan, Anantha P. Chandrakasan:
GAZELLE: A Low Latency Framework for Secure Neural Network Inference. 1651-1669
manage site settings
To protect your privacy, all features that rely on external API calls from your browser are turned off by default. You need to opt-in for them to become active. All settings here will be stored as cookies with your web browser. For more information see our F.A.Q.
last updated on 2025-10-24 21:49 CEST by the dblp team
all metadata released as open data under CC0 1.0 license
see also: Terms of Use | Privacy Policy | Imprint
dblp was originally created in 1993 at:
since 2018, dblp has been operated and maintained by:
the dblp computer science bibliography is funded and supported by:
