Accepted papers

Full papers

  • BinSequence: Fast, Accurate and Scalable Binary Code Reuse Detection
    He Huang (Concordia University), Amr Youssef (Concordia University), Mourad Debbabi (Concordia University)
  • Memory Safety for Embedded Devices with nesCheck
    Daniele Midi (Purdue University), Mathias Payer (Purdue University), Elisa Bertino (Purdue University)
  • DRIVE: Dynamic Runtime Integrity Verification and Evaluation
    Andre Rein (Huawei German Research Center)
  • Mis-operation Resistant Searchable Homomorphic Encryption
    Keita Emura (NICT), Takuya Hayashi (NICT), Noboru Kunihiro (The University of Tokyo/JST CREST), Jun Sakuma (University of Tsukuba/JST CREST/RIKEN Center for AIP)
  • Strict Virtual Call Integrity Checking for C++ Binaries
    Mohamed Elsabagh (George Mason University), Dan Fleck (George Mason University), Angelos Stavrou (George Mason University)
  • Proofs of Data Residency: Checking whether Your Cloud Files Have Been Relocated
    Hung Dang (School of Computing, National University of Singapore), Erick Purwanto (School of Computing, National University of Singapore), Ee-Chien Chang (School of Computing, National University of Singapore)
  • EncKV: An Encrypted Key-value Store with Rich Queries
    Xingliang Yuan (City University of Hong Kong), Yu Guo (City University of Hong Kong), Xinyu Wang (City University of Hong Kong), Cong Wang (City University of Hong Kong), Baochun Li (University of Toronto), Xiaohua Jia (City University of Hong Kong)
  • DoS Attacks on Your Memory in the Cloud
    Tianwei Zhang (Princeton University), Yinqian Zhang (The Ohio State University), Ruby B. Lee (Princeton University)
  • Group Signatures with Time-bound Keys Revisited: A New Model and an Efficient Construction
    Keita Emura (NICT), Takuya Hayashi (NICT), Ai Ishida (Tokyo Institute of Technology/AIST)
  • Secure Wallet-Assisted Offline Bitcoin Payments with Double-Spender Revocation
    Alexandra Dmitrienko (ETH Zurich), David Noack, Moti Yung (Snapchat)
  • Almost Universal Forgery Attacks on the COPA and Marble Authenticated Encryption Algorithms
    Jiqiang Lu (Institute for Infocomm Research)
  • Gossip: Automatically Identifying Malicious Domains from Mailing List Discussions
    Cheng Huang (Sichuan University, China), Shuang Hao (University of California, Santa Barbara, USA), Luca Invernizzi (University of California, Santa Barbara, USA), Jiayong Liu (Sichuan University, China), Yong Fang (Sichuan University, China), Christopher Kruegel (University of California, Santa Barbara, USA), Giovanni Vigna (University of California, Santa Barbara, USA)
  • Breaking Ad-hoc Runtime Integrity Protection Mechanisms in Android Financial Apps
    Taehun Kim (Seoul National University), Hyeonmin Ha (Seoul National University), Seoyoon Choi (SAP Labs, Korea), Jaeyeon Jung (Samsung Electronics), Byung-Gon Chun (Seoul National University)
  • Side channels in deduplication: trade-offs between leakage and efficiency
    Frederik Armknecht (University of Mannheim), Colin Boyd (NTNU, Norwegian University of Science and Technology), Gareth T. Davies (NTNU, Norwegian University of Science and Technology), Kristian Gjøsteen (NTNU, Norwegian University of Science and Technology), Mohsen Toorani (University of Bergen)
  • SECRET: On the Feasibility of a Secure, Efficient, and Collaborative Real-Time Web Editor
    Dennis Felsch (Horst Görtz Institute for IT-Security, Chair for Network and Data Security), Christian Mainka (Horst Görtz Institute for IT-Security, Chair for Network and Data Security), Vladislav Mladenov (Horst Görtz Institute for IT-Security, Chair for Network and Data Security), Jörg Schwenk (Horst Görtz Institute for IT-Security, Chair for Network and Data Security)
  • DataShield: Configurable Data Confidentiality and Integrity
    Scott A. Carr (Purdue University), Mathias Payer (Purdue University)
  • Taming Asymmetric Network Delays for Clock Synchronization Using Power Grid Voltage
    Dima Rabadi (Singapore University of Technology and Design, Singapore. Advanced Digital Science Center, Illinois at Singapore), Rui Tan (Nanyang Technological University, Singapore), David K.Y. Yau (Singapore University of Technology and Design, Singapore. Advanced Digital Science Center, Illinois at Singapore), Sreejaya Viswanathan (Advanced Digital Science Center, Illinois at Singapore)
  • DroidForensics: Accurate Reconstruction of Android Attacks via Multi-layer Forensic Logging
    Xingzi Yuan (University of Georgia), Omid Setayeshfar (University of Georgia), Hongfei Yan (University of Georgia), Pranav Panage (University of Georgia), Xuetao Wei (University of Cincinnati), Kyu Hyung Lee (University of Georgia)
  • Privacy-preserving and Optimal Interval Release for Disease Susceptibility
    Kosuke Kusano (University of Tsukuba), Ichiro Takeuchi (Nagoya Institute of Technology), Jun Sakuma (University of Tsukuba / JST CREST)
  • Securing Memory Encryption and Authentication Against Side-Channel Attacks Using Unprotected Primitives
    Thomas Unterluggauer (Graz University of Technology), Mario Werner (Graz University of Technology), Stefan Mangard (Graz University of Technology)
  • Toward Detecting Collusive Ranking Manipulation Attackers in Mobile App Markets
    Hao Chen (East China Normal University), Daojing He (East China Normal University), Sencun Zhu (The Pennsylvania State University), Jingshun Yang (East China Normal University)
  • DroidPill: Pwn Your Daily-Use Apps
    Chaoting Xuan (VMWare), Gong Chen (Georgia Institute of Technology), Erich Stuntebeck (VMWare), KarFai Tse (VMWare)
  • A Ciphertext-Policy Attribute-based Encryption Scheme With Optimized Ciphertext Size And Fast Decryption
    Qutaibah M. Malluhi (Kindi Lab Qatar University), Abdullatif Shikfa (Kindi Lab Qatar University), Viet Cuong Trinh (Kindi Lab Qatar University and Hong Duc Unversity Viet Nam)
  • The Case for In-Network Replay Suppression
    Taeho Lee (ETH Zurich), Christos Pappas (ETH Zurich), Adrian Perrig (ETH Zurich), Virgil Gligor (Carnegie Mellon University), Yih-Chun Hu (UIUC)
  • The Role of Hosting Providers in Fighting Command and Control Infrastructure of Financial Malware
    Samaneh Tajalizadehkhoob (Delft University of Technology), Carlos Ganan (Delft University of Technology), Arman Noroozian (Delft University of Technology), Michel van Eeten (Delft University of Technology)
  • Boosting the guessing attack performance on Android lock patterns with smudge attacks
    Seunghun Cha (Department of Software, Sungkyunkwan University), Sungsu Kwag (Department of Software, Sungkyunkwan University), Hyoungshick Kim (Department of Software, Sungkyunkwan University), Jun Ho Huh (Honeywell ACS Labs, USA)
  • To Update or Not to Update: Insights From a Two-Year Study of Android App Evolution
    Vincent F. Taylor (University of Oxford), Ivan Martinovic (University of Oxford)
  • SPOKE: Scalable Knowledge Collection and Attack Surface Analysis of Access Control Policy for Security Enhanced Android
    Ruowen Wang (Samsung Research America), Ahmed M. Azab (Samsung Research America), William Enck (North Carolina State University), Ninghui Li (Purdue University), Peng Ning (Samsung Research America), Xun Chen (Samsung Research America), Wenbo Shen (Samsung Research America), Yueqiang Cheng (Samsung Research America)
  • Towards Formal Security Analysis of Industrial Control Systems
    Marco Rocchetto (SnT, University of Luxembourg), Nils Ole Tippenhauer (ISTD, Singapore University of Technology and Design)
  • MoPS: A Modular Protection Scheme for Long-Term Storage
    Christian Weinert (TU Darmstadt), Denise Demirel (TU Darmstadt), Martín Vigil (Federal University of Santa Catarina), Matthias Geihs (TU Darmstadt), Johannes Buchmann (TU Darmstadt)
  • Towards Extending Noiseless Privacy – Dependent Data and More Practical Approach
    Krzysztof Grining (Wrocław University of Science and Technology, Faculty of Fundamental Problems of Technology, Department of Computer Science), Marek Klonowski (Wrocław University of Science and Technology, Faculty of Fundamental Problems of Technology, Department of Computer Science)
  • VTBPEKE: Verifier-based Two-Basis Password Exponential Key Exchange
    David Pointcheval (ENS, Paris, France), Guilin Wang (Huawei, Singapore)
  • Accurate Manipulation of Delay-based Internet Geolocation
    AbdelRahman Abdou (Carleton University), Ashraf Matrawy (Carleton University), Paul van Oorschot (Carleton University)
  • Android Database Attacks Revisited
    Behnaz Hassanshahi (National University of Singapore), Roland H. C. Yap (National University of Singapore)
  • Extracting Conditional Formulas for Cross-Platform Bug Search
    Qian Feng (Syracuse University), Minghua Wang (Baidu Security Lab), Mu Zhang (NEC Laboratories America), Rundong Zhou (Syracuse University), Andrew Henderson (Syracuse University), Heng Yin (University of California Riverside)
  • Functional Encryption with Oblivious Helper
    Pierre-Alain Dupont (ENS, CNRS, INRIA, and PSL Research University, Paris, France), David Pointcheval (ENS, CNRS, INRIA, and PSL Research University, Paris, France)
  • Sharing Proofs of Retrievability across Tenants
    Frederik Armknecht (University of Mannheim), Jens-Matthias Bohli (NEC Laboratories Europe), David Froelicher (NEC Laboratories Europe), Ghassan Karame (NEC Laboratories Europe)
  • Secure Integration of Web Content and Applications on Commodity Mobile Operating Systems
    Drew Davidson (University of Wisconsin-Madison), Yaohui Chen (Stony Brook University), Franklin George (Stony Brook University), Long Lu (Stony Brook University), Somesh Jha (University of Wisconsin-Madison)
  • An Attack Against Message Authentication in the ERTMS Train to Trackside Communication Protocols
    Tom Chothia (University of Birmingham), Mihai Ordean (University of Birmingham), Joeri de Ruiter (Radboud University), Richard Thomas (University of Birmingham)
  • On the Detection of Kernel-Level Rootkits Using Hardware Performance Counters
    Baljit Singh (Qatar University), Dmitry Evtyushkin (SUNY Binghamton), Jesse Elwell (SUNY Binghamton), Ryan Riley (Qatar University), Iliano Cervesato (Carnegie Mellon University)
  • Hit by the Bus: QoS Degradation Attack on Android
    Mehmet Sinan INCI (Worcester Polytechnic Institute), Thomas Eisenbarth (Worcester Polytechnic Institute), Berk Sunar (Worcester Polytechnic Institute)
  • A Terrorist-fraud Resistant and Extractor-free Anonymous Distance-bounding Protocol
    Gildas Avoine (INSA/IRISA Rennes), Xavier Bultel (LIMOS, University Clermont Auvergne), Sebastien Gambs (UQAM), David Gerault (LIMOS, University Clermont Auvergne), Pascal Lafourcade (LIMOS, University Clermont Auvergne), Cristina Onete (INSA/IRISA Rennes), Jean-Marc Robert (ETS)
  • TriFlow: Triaging Android Applications using Speculative Information Flows
    Omid Mirzaei (Universidad Carlos III de Madrid), Guillermo Suarez-Tangil (University College London), Juan Tapiador (Universidad Carlos III de Madrid), Jose M. de Fuentes (Universidad Carlos III de Madrid)
  • PrivWatcher: Non-bypassable Monitoring and Protection of Process Credentials from Memory Corruption Attacks
    Quan Chen (NC State University), Ahmed M. Azab (Samsung Research America), Guru Ganesh (Samsung Research America), Peng Ning (Samsung Research America)
  • Heterogeneous Rainbow Table Widths Provide Faster Cryptanalyses
    Gildas Avoine (INSA Rennes / IRISA), Xavier Carpent (Irvine University)
  • Automatically Inferring Malware Signatures for Anti-Virus Assisted Attacks
    Christian Wressnegger (TU Braunschweig), Kevin Freeman (University of Göttingen), Fabian Yamaguchi (TU Braunschweig), Konrad Rieck (TU Braunschweig)
  • An Efficient KP-ABE with Short Ciphertexts in Prime Order Groups under Standard Assumption
    Jongkil Kim (Commonwealth Scientific and Industrial Research Organisation, Australia), Willy Susilo (University of Wollongong, Australia), Fuchun Guo (University of Wollongong, Australia), Man Ho Au (The Hong Kong Polytechnic University, Hong Kong), Surya Nepal (Commonwealth Scientific and Industrial Research Organisation, Australia)
  • Understanding Human-Chosen PINs: Characteristics, Distribution and Security
    Ding Wang (Peking University), Qianchen Gu (Peking University), Xinyi Huang (Fujian Normal University), Ping Wang (Peking University)
  • Collusive Data Leak and More: Large-scale Threat Analysis of Inter-app Communications
    Amiangshu Bosu (Southern Illinois University), Fang Liu (Virginia Tech), Danfeng Yao (Virginia Tech), Gang Wang (Virginia Tech)
  • Don’t Skype & Type! Acoustic Eavesdropping in Voice-Over-IP
    Alberto Compagno (Sapienza University of Rome), Mauro Conti (University of Padua), Daniele Lain (University of Padua), Gene Tsudik (University of California, Irvine)
  • Evaluating Behavioral Biometrics for Continuous Authentication: Challenges and Metrics
    Simon Eberz (University of Oxford), Kasper B. Rasmussen (University of Oxford), Vincent Lenders (armasuisse), Ivan Martinovic (University of Oxford)
  • The Circle Game: Scalable Private Membership Test Using Trusted Hardware
    Sandeep Tamrakar (Aalto University), Jian Liu (Aalto University), Andrew Paverd (Aalto University), Jan-Erik Ekberg (Darkmatter), Benny Pinkas (Bar Ilan University), N. Asokan (Aalto University)
  • Pinpointing Vulnerabilities
    Yue Chen (Florida State University), Mustakimur Khandaker (Florida State University), Zhi Wang (Florida State University)
  • Detecting Privileged Side-Channel Attacks in Shielded Execution with DEJA VU
    Sanchuan Chen (The Ohio State University), Xiaokuan Zhang (The Ohio State University), Michael K. Reiter (University of North Carolina at Chapel Hill), Yinqian Zhang (The Ohio State University)
  • SGX-Log : Securing System Logs With SGX
    Vishal Karande (University of Texas at Dallas), Erick Buaman (University of Texas at Dallas), Zhiqiang Lin (University of Texas at Dallas), Latifur Khan (University of Texas at Dallas)
  • Discovering Logical Vulnerabilities in the Wi-Fi Handshake Using Model-Based Testing
    Mathy Vanhoef (imec-DistriNet, KU Leuven), Domien Schepers, Frank Piessens (imec-DistriNet, KU Leuven)
  • Practical Black-Box Attacks against Machine Learning
    Nicolas Papernot (Penn State University), Patrick McDaniel (Penn State University), Ian Goodfellow (OpenAI), Somesh Jha (University of Wisconsin), Z. Berkay Celik (Penn State University), Ananthram Swami (US Army Research Laboratory)
  • LIghtweight Swarm Attestation: A Tale of Two LISAs
    Xavier Carpent (University of California, Irvine), Karim El Defrawy (HRL Laboratories), Norrathep Rattanavipanon (University of California, Irvine), Gene Tsudik (University of California, Irvine)
  • PayBreak: Defense against cryptographic ransomware
    Eugene Kolodenker (Boston University), William Koch (Boston University), Gianluca Stringhini (University College London), Manuel Egele (Boston University)
  • Cache-based Application Detection in the Cloud using Machine Learning
    Berk Gulmezoglu (WPI), Thomas Eisenbarth (WPI), Berk Sunar (WPI)
  • Scaling and Effectiveness of Email Masquerade Attacks: Exploiting Natural Language Generation
    Shahryar Baki (University of Houston), Rakesh Verma (University of Houston), Arjun Mukherjee (University of Houston), Omprakesh Gnawali (University of Houston)
  • Using Program Analysis to Synthesize Sensor Spoofing Attacks
    Ivan Pustogarov (Cornell Tech), Thomas Ristenpart (Cornell Tech), Vitaly Shmatikov (Cornell Tech)
  • Model-based Attack Detection Scheme for Smart Water Distribution Networks
    Chuadhry Mujeeb Ahmed (Singapore University of Technology and Design), Carlos Murguia (Singapore University of Technology and Design), Justin Ruths (UT Dallas)
  • WedgeTail: An Intrusion Prevention System for the Data Plane of Software Defined Networks
    Arash Shaghaghi (The University of New South Wales (UNSW Australia) and Data61, CSIRO, Australia), Mohamed Ali (Dali) Kaafar (Data61, CSIRO, Australia), Sanjay Jha (The University of New South Wales (UNSW Australia))
  • Updatable Block-Level Message-Locked Encryption
    Yongjun Zhao (The Chinese University of Hong Kong), Sherman S.M. Chow (The Chinese University of Hong Kong)
  • BlindIDS: Market-Compliant, Privacy-Friendly and Security-Aware Intrusion Detection Systems over Encrypted Traffic
    Sébastien Canard (Orange Labs), Aïda Diop (Orange Labs), Nizar Kheir (Thales), Marie Paindavoine (Orange Labs), Mohamed Sabt (Orange Labs)
  • On the Robustness of RSA-OAEP Encryption and RSA-PSS Signatures Against (Malicious) Randomness Failures
    Jacob Schuldt (AIST), Kazumasa Shinagawa (Tsukuba University)

Short papers

  • Pass-O: A Proposal to Improve the Security of Pattern Unlock Scheme
    Harshal Tupsamudre (TCS Research, India), Vijayanand Banahatti (TCS Research, India), Sachin Lodha (TCS Research, India), Ketan Vyas (TCS Research, India)
  • What You See is Not What You Get: Leakage-Resilient Password Entry Schemes for Smart Glasses
    Yan Li (School of Information Systems, Singapore Management University), Yao Cheng (School of Information Systems, Singapore Management University), Yingjiu Li (School of Information Systems, Singapore Management University), Robert H. Deng (School of Information Systems, Singapore Management University)
  • LINCOS – A Storage System Providing Long-Term Integrity, Authenticity, and Confidentiality
    Johannes Braun (TU Darmstadt, Germany), Johannes Buchmann (TU Darmstadt, Germany), Denise Demirel (TU Darmstadt, Germany), Mikio Fujiwara (NICT, Japan), Matthias Geihs (TU Darmstadt, Germany), Shiho Moriai (NICT, Japan), Masahide Sasaki (NICT, Japan), Atsushi Waseda (NICT, Japan)
  • SCM: Secure Code Memory Architecture
    Ruan de Clercq (ESAT/COSIC, KU Leuven), Ronald De Keulenaer (System Software Lab, Ghent University), Pieter Maene (ESAT/COSIC, KU Leuven), Bjorn De Sutter (System Software Lab, Ghent University), Bart Preneel (ESAT/COSIC, KU Leuven), Ingrid Verbauwhede (ESAT/COSIC, KU Leuven)