Skip to main content

Accepted Papers

The following technical papers have been accepted for this year's program. ACM will enable access to the papers just prior to the event.

STRIP: A Defence Against Trojan Attacks on Deep Neural Networks
Yansong (Garrison) Gao (NJUST, China and Data61, Australia); Chang Xu (Data61, CSIRO, Sydney, Australia); Derui Wang (Swinburne University of Technology, Australia); Shiping Chen (Data61, CSIRO, Sydney, Australia); Damith C. Ranasinghe (Auto-ID Lab, The School of Computer Science, The University of Adelaide); Nepal Surya (Data61 CSIRO Australia)

MalRank: A Measure of Maliciousness in SIEM-based Knowledge Graphs
Pejman Najafi, Alexander Muehle, Wenzel Puenter, Feng Cheng, and Christoph Meinel (Hasso Plattner Institute)

Survivor: A Fine-Grained Intrusion Response and Recovery Approach for Commodity Operating Systems
Ronny Chevalier (HP Labs, CentraleSupélec / Inria / CNRS / IRISA); David Plaquin and Chris Dalton (HP Labs); Guillaume Hiet (CentraleSupélec / Inria / CNRS / IRISA)

PDoT: Private DNS-over-TLS with TEE Support
Yoshimichi Nakatsuka (UC Irvine); Andrew Paverd (; Gene Tsudik (UC Irvine)

The Chatty-Sensor: A Provably-covert Channel in Cyber Physical Systems
Yehonatan Kfir (Bar Ilan University, Israel); Amir Herzberg (University of Connecticut, USA)

TF-BIV: Transparent and Fine-grained Binary Integrity Verification in the Cloud
Fangjie Jiang (Institute of Information Engineering, Chinese Academy of Sciences, School of Cyber Security, University of Chinese Academy of Sciences); Quanwei Cai and Jingqiang Lin (Institute of Information Engineering, Chinese Academy of Sciences); Bo Luo (The University of Kansas); Le Guan (University of Georgia); Ziqiang Ma (Institute of Information Engineering, Chinese Academy of Sciences, School of Cyber Security, University of Chinese Academy of Sciences)

Systematic Comparison of Symbolic Execution Systems: Intermediate Representation and its Generation
Sebastian Poeplau and Aurélien Francillon (EURECOM, France)

VPS: Excavating High-Level C++ Constructs from Low-Level Binaries to Protect Dynamic Dispatching
Andre Pawlowski (Ruhr-Universität Bochum); Victor van der Veen and Dennis Andriesse (Vrije Universiteit Amsterdam); Erik van der Kouwe (Leiden University); Thorsten Holz (Ruhr-Universität Bochum); Cristiano Giuffrida and Herbert Bos (Vrije Universiteit Amsterdam)

"Your Hashed IP Address: Ubuntu" – Perspectives on Transparency Tools for Online Advertising
Tobias Urban (Institute for Internet Security, Westphalian University of Applied Sciences); Martin Degeling and Thorsten Holz (Ruhr University Bochum; Horst Görtz Institute for IT Security); Norbert Pohlmann (Institute for Internet Security, Westphalian University of Applied Sciences)

FRAMER: A Tagged-Pointer Capability System with Memory Safety Applications
Myoung Jin Nam (Korea University); Periklis Akritidis (Niometrics); David J Greaves (University of Cambridge)

Will You Trust This TLS Certificate? Perceptions of People Working in IT
Martin Ukrop, Lydia Kraus, and Vashek Matyas (Masaryk University); Heider Ahmad Mutleq Wahsheh (Ca' Foscari University of Venice)

How to Prove Your Model Belongs to You: A Blind-Watermark based Framework to Protect Intellectual Property of DNN
Zheng Li and Chengyu Hu (Shandong University); Yang Zhang (CISPA Helmholtz Center for Information Security); Shanqing Guo (Shandong University)

WooKey: Designing a Trusted and Efficient USB Device
Ryad Benadjila, Arnauld Michelizza, Mathieu Renard, Philippe Thierry, And Philippe Trebuchet (ANSSI)

BakingTimer: Privacy Analysis of Server-Side Request Processing Time
Iskander Sanchez-Rola (University of Deusto, Symantec Research Labs); Davide Balzarotti (Eurecom); Igor Santos (University of Deusto)

Koinonia: Verifiable E-Voting with Long-term Privacy
Huangyi Ge, Sze Yiu Chau, and Victor E Gonsalves (Purdue University); Huian Li (Indiana University Purdue University Indianapolis); Tianhao Wang (Purdue University); Xukai Zou (Indiana University Purdue University Indianapolis); Ninghui Li (Purdue University)

Mining Least Privilege Attribute Based Access Control Policies
Matthew Sanders and Chuan Yue (Colorado School of Mines)

Analyzing Control Flow Integrity with LLVM-CFI
Paul Muntean and Matthias Neumayer (Technical University of Munich); Zhiqiang Lin (Ohio State University); Gang Tan (Penn State University); Jens Grossklags and Claudia Eckert (Technical University of Munich)

Whisper: A Unilateral Defense Against VoIP Traffic Re-Identification Attacks
Tavish Vaidya, Tim Walsh, and Micah Sherr (Georgetown University)

EIGER: Automated IOC Generation for Accurate and Interpretable Endpoint Malware Detection
Yuma Kurogome, Yuto Otsuki, Yuhei Kawakoya, and Makoto Iwamura (NTT Secure Platform Laboratories); Syogo Hayashi (NTT Security (Japan) KK); Tatsuya Mori (Waseda University / NICT); Koushik Sen (University of California, Berkeley)

DR.SGX: Automated and Adjustable Side-Channel Protection for SGX using Data Location Randomization
Ferdinand Brasser (Technische Universität Darmstadt); Srdjan Capkun (ETH Zurich); Alexandra Dmitrienko (University of Würzburg); Tommaso Frassetto (Technische Universität Darmstadt); Kari Kostiainen (ETH Zurich); Ahmad-Reza Sadeghi (Technische Universität Darmstadt)

Detecting organized eCommerce fraud using scalable categorical clustering
Samuel Marchal and Sebastian Szyller (Aalto University)

Co-Evaluation of Pattern Matching Algorithms on IoT Devices with Embedded GPUs
Charalampos Stylianopoulos, Simon Kindstrom, and Magnus Almgren (Chalmers University of Technology); Olaf Landsiedel (University of Kiel); Marina Papatriantafilou (Chalmers University of Technology)

How to Kill Symbolic Deobfuscation for Free (or: Unleashing the Potential of Path-Oriented Protections)
Sébastien Bardin and Richard Bonichon (CEA LIST); Jean-Yves Marion (LORIA, Université de Lorraine, CNRS, Inria); Mathilde Ollivier (CEA LIST)

JStap: A Static Pre-Filter for Malicious JavaScript Detection
Aurore Fass, Michael Backes, and Ben Stock (CISPA Helmholtz Center for Information Security)

Detecting (Absent) App-to-app Authentication on Cross-device Short-distance Channels
Stefano Cristalli (University of Milan); Long Lu (Northeastern University); Danilo Bruschi and Andrea Lanzi (University of Milan)

Mitigating Data Leakage by Protecting Memory-resident Sensitive Data
Tapti Palit (Stony Brook University); Fabian Monrose (University of North Carolina-Chapel Hill); Michalis Polychronakis (Stony Brook University)

Robust Keystroke Transcription from the Acoustic Side-Channel
David Slater, Scott Novotney, Jessica Moore, Sean Morgan, and Scott Tenaglia (Two Six Labs, LLC)

Casino Royale: A Deep Exploration of Illegal Online Gambling
Hao Yang and Kun Du (Tsinghua University); Yubao Zhang (University of Delaware); Shuang Hao (University of Texas at Dallas); Zhou Li (University of California, Irvine); Mingxuan Liu (Tsinghua University); Haining Wang (Virginia Tech); Haixin Duan (Tsinghua University, Beijing National Research Center for Information Science and Technology); Yazhou Shi, Xiaodong Su, and Guang Liu (Baidu Inc); Zhifeng Geng (Baidu Inc.); Jianping Wu (Tsinghua University)

Progressive Processing of System Behavioral Query
Jiaping Gui (NEC Laboratories America, Inc.); Xusheng Xiao (Case Western Reserve University); Ding Li, Chung Hwan Kim, and Haifeng Chen (NEC Laboratories America, Inc.)

Leveraging Locality of Reference for Certificate Revocation
Luke Dickinson (Sandia National Laboratories); Trevor Smith, and Kent Seamons (Brigham Young University)

Sleak: Automating Address Space Layout Derandomization
Christophe Hauser (Information Sciences Institute, University of Southern California); Jayakrishna Menon, Yan Shoshitaishvili, and Ruoyu Wang (Arizona State University); Christopher Kruegel and Giovanni Vigna (University of California, Santa Barbara)

CUBISMO: Decloaking Server-side Malware via Cubist Program Analysis
Abbas Naderi-Afooshteh, Yonghwi Kwon, Anh Nguyen-Tuong, Mandana Bagheri-Marzijarani, and Jack W. Davidson (University of Virginia)

Improving Intrusion Detectors by Crook-sourcing
Frederico Araujo (IBM Research); Gbadebo Ayoade (The University of Texas Dallas); Khaled Al-Naami, Yang Gao, Kevin W. Hamlen, and Latifur Khan (The University of Texas at Dallas)

Nibbler: Debloating Binary Shared Libraries
Ioannis Agadakos (SRI International); Di Jin (Brown University); David Williams-King (Columbia University); Vasileios P. Kemerlis (Brown University); Georgios Portokalidis (Stevens Institute of Technology)

Model Inversion Attacks Against Collaborative Inference
Zecheng He (Princeton University); Tianwei Zhang (Nanyang Technological University); Ruby Lee (Princeton University)

Function Boundary Detection in Stripped Binaries
Jim Alves-Foss and Jia Song (University of Idaho)

SRFuzzer: An Automatic Fuzzing Framework for Physical SOHO Router Devices to Discover Multi-Type Vulnerabilities
Yu Zhang, Wei Huo, Kunpeng Jian, Ji Shi, Haoliang Lu, Longquan Liu, Chen Wang, and Dandan Sun (Institute of Information Engineering, Chinese Academy of Sciences); Chao Zhang (Institute for Network Sciences and Cyberspace of Tsinghua University); Baoxu Liu (Institute of Information Engineering, Chinese Academy of Sciences)

Proof of Aliveness
Chenglu Jin (University of Connecticut); Zheng Yang (Singapore University of Technology and Design); Marten van Dijk (University of Connecticut); Jianying Zhou (Singapore University of Technology and Design)

An Empirical Study of the SMS One-Time Password Authentication in Android Apps
Siqi Ma (CSIRO); Runhan Feng and Juanru Li (Shanghai Jiao Tong University); Surya Nepal (Data61, CSIRO); Diethelm Ostry (CSIRO); Yang Liu (Xidian University); Elisa Bertino (Purdue University); Robert H. Deng (School of Information Systems, Singapore Management University, Singapore); Sanjay Jha (UNSW Sydney); Zhuo Ma (Xidian University)

Revisiting Utility Metrics for Location Privacy-Preserving Mechanisms
Virat Shejwalkar, Amir Houmansadr, Hossein Pishro-Nik, and Dennis Goeckel (University of Massachusetts Amherst)

Defeating Hidden Audio Channel Attacks on Voice Assistants via Audio-Induced Surface Vibrations
Chen Wang (WINLAB, Rutgers University); S Abhishek Anand (University of Alabama at Birmingham); Jian Liu (WINLAB, Rutgers University); Payton R. Walker (University of Alabama at Birmingham); Yingying (Jennifer) Chen (WINLAB, Rutgers University); Nitesh Saxena (University of Alabama at Birmingham)

D2NN: A Fine-Grained Dual Modular Redundancy Framework for Deep Neural Networks
Yu Li (The Chinese University of Hong Kong); Yannan Liu (Sangfor Technologies Inc.); Min Li, Ye Tian, Bo Luo, and Qiang Xu (The Chinese University of Hong Kong)

I Know What You Did Last Login: Inconsistent Messages Tell Existence of a Target's Account to Insiders
Ayako Akiyama Hasegawa, Takuya Watanabe, Eitaro Shioji, and Mitsuaki Akiyama (NTT Secure Platform Laboratories)

Opening Pandora's Box through ATFuzzer: Dynamic Analysis of AT Interface for Android Smartphones
Imtiaz Karim, Fabrizio Cicala, and Syed Rafiul Hussain (Purdue University); Omar Chowdhury (The University of Iowa); Elisa Bertino (Purdue University)

SIMPLE: Single-Frame based Physical Layer Identification for Intrusion Detection and Prevention on In-Vehicle Networks
Mahsa Foruhandeh (Virginia Tech); Yanmao Man (University of Arizona); Ryan Gerdes (Virginia Tech); Ming Li (University of Arizona); Thidapat Chantam (Virginia Tech)

Neurlux: Dynamic Malware Analysis Without Feature Engineering
Chani Jindal, Christopher Salls, Hojjat Aghakhani, Keith Long, Christopher Kruegel, and Giovanni Vigna (UC Santa Barbara)

Premadoma: An Operational Solution for DNS Registries to Prevent Malicious Domain Registrations
Jan Spooren and Thomas Vissers (imec - DistriNet, KU Leuven, Belgium); Peter Janssen (EURid VZW, Belgium); Wouter Joosen and Lieven Desmet (imec - DistriNet, KU Leuven, Belgium)

Speculator: A Tool to Analyze Speculative Execution Attacks and Mitigations
Andrea Mambretti (Northeastern University); Matthias Neugschwandtner and Alessandro Sorniotti (IBM Research - Zurich); Engin Kirda and William Robertson (Northeastern University); Anil Kurmus (IBM Research - Zurich)

Challenge-Response Behavioral Mobile Authentication: A Comparative Study of Graphical Patterns and Cognitive Games
Manar Mohamed, Prakash Shrestha, and Nitesh Saxena (University of Alabama at Birmingham)

AppVeto: Mobile Application Self-Defense through Resource Access Veto
Tousif Osman and Mohammad Mannan (Concordia University); Urs Hengartner (University of Waterloo); Amr Youssef (Concordia University)

Aegis: A Context-aware Security Framework for Smart Home Systems
Amit Kumar Sikder, Leonardo Babun, Hidayet Aksu, and A. Selcuk Uluagac (Florida International University)

HDMI-WALK: Attacking HDMI Distribution Networks via Consumer Electronic Control Protocol
Luis C Puche Rondon, Leonardo Babun, Kemal Akkaya, and Selcuk Uluagac (Florida International University)

Privacy Preserving Substring Search Protocol with Polylogarithmic Communication Cost
Nicholas Mainardi, Alessandro Barenghi, and Gerardo Pelosi (Politecnico di Milano)

Coordinated Dataflow Protection for Ultra-High Bandwidth Science Networks
Vasudevan Nagendra (Stony Brook University); Vinod Yegneswaran and Phil Porras (SRI International); Samir Das (Stony Brook University)

A Game of "Cut and Mouse": Bypassing Antivirus by Simulating User Inputs
Ziya Alper Genç and Gabriele Lenzini (University of Luxembourg); Daniele Sgandurra (Royal Holloway, University of London)

SecDATAVIEW: A Secure Big Data Workflow Management System for Heterogeneous Computing Environments
Saeid Mofrad, Ishtiaq Ahmed, and Shiyong Lu (Wayne State University); Ping Yang (State University of New York at Binghamton); Heming Cui (University of Hong Kong); Fengwei Zhang (Wayne State University)

FuzzBuilder: Automated building greybox fuzzing environment for C/C++ library
Joonun Jang (Samsung Research); Huy Kang Kim (Korea University)

Out of Control: Stealthy Attacks Against Robotic Vehicles Protected by Control-based Techniques
Pritam Dash, Mehdi Karimibiuki, and Karthik Pattabiraman (University of British Columbia)

SIP Shaker: Software Integrity Protection Composition
Mohsen Ahmadvand, Dennis Fischer, and Sebastian Banescu (Technical University of Munich)

My Script Engines Know What You Did In The Dark: Converting Engines into Script API Tracers
Toshinori Usui (NTT Secure Platform Laboratories / Institute of Industrial Science, The University of Tokyo); Yuto Otsuki, Yuhei Kawakoya, Makoto Iwamura, and Jun Miyoshi (NTT Secure Platform Laboratories); Kanta Matsuura (Institute of Industrial Science, The University of Tokyo)