Annual Computer Security Applications Conference (ACSAC) 2020

Monday, 7 December 2020
09:00-10:00

One-Day Workshop (Keynote address by Alina Oprea)

Workshop Co-Chairs: Michael Clifford (Toyota InfoTech Labs), Michael Collins (USC-ISI), Nidhi Rastogi (Rensselear Polytechnic Institute)

10:00-16:00

(continued)

Two-day Workshop

Instructors: Kevin Nauer, Nicholas Kantor, and Tyler Morris

One-Day Training Workshop

Instructor: John A. Ortiz (L3Harris Inc.)

TW1 Course MaterialsJohn Ortiz
Tuesday, 8 December 2020
08:30-10:00

One-Day Workshop

General Co-Chairs: Harvey Rubinovitz (The MITRE Corportation), Adam Hahn (The MITRE Corporation)

Program Chair: Irfan Ahmed (Virginia Commonwealth University)

10:00-16:00

(Continued)

One-Day Workshop

Organizers: David Balenson (SRI International), Terry Benzel (USC-ISI), Laura Tinnel (SRI International)

(Workshop confinues)

One-Day Training Workshop

Instructor: Harold J. Podell (Johns Hopkins University)

TW2-VOIP Training MaterialsHarold Podell
16:00-17:00

(Continued)

Wednesday, 9 December 2020
10:00-10:30

ACSAC Conference Welcome: Kevin Butler, Conference Chair

PC Chair Opening Remarks and Distinguished Paper Awards: Daphne Yao, Program Chair

SWSIS Scholarship Awards: Mary Ellen Zurko and Jeremy Epstein, ACSA

10:30-11:45

When Security Meets Compatibility
Emily Stark, Tech Lead and Manager, Chrome Security Team, Google

11:45-12:00
12:00-13:15
Session Chair: Daniel Massey, OUSD(R&E)

Panelists:

  • Ehab Al-Shaer, Distinguished Career Professor, Carnegie Mellon INI and CyLab Security, and Privacy Institute
  • Wayne Phoel, Visiting Research Engineer, University of Maryland Institute for Systems Research
  • Sumit Roy, Innovate Beyond 5G Lead, OUSD(R&E)
  • Alex Sprintson, Program Director, NSF/CISE
  • Vincent Sritapan, Cyber QSMO Section Chief, Cybersecurity and Infrastructure Security Agency
Session Chair: Heng Yin, Dima RabadiThe Tangled Genealogy of IoT MalwareEmanuele Cozzi; Pierre-Antoine Vervier; Matteo Dell'Amico; Yun Shen; Leyla Bilge; Davide BalzarottiSpotlight: Malware Lead Generation at ScaleFabian Kaczmarczyck; Bernhard Grill; Luca Invernizzi; Jennifer Pullman; Cecilia M. Procopiuc; David Tao; Borbala Benko; Elie BurszteinApp-Agnostic Post-Execution Semantic Analysis of Android In-Memory Forensics ArtifactsAisha Ali-Gombe; Alexandra Tambaoan; Angela Gurfolino; Golden G. Richard IIIAVClass2: Massive Malware Tag Extraction from AV LabelsSilvia Sebastián; Juan CaballeroAdvanced Windows Methods on Malware Detection and Family ClassificationDima Rabadi; Sin G. Teo Session Chair: Tristan Allard, Sean OeschBetrayed by the Guardian: Security and Privacy Risks of Parental Control SolutionsSuzan Ali; Mounir Elgharabawy; Quentin Duchaussoy; Mohammad Mannan; Amr YoussefTalek: Private Group Messaging with Hidden Access PatternsRaymond Cheng; William Scott; Elisaweta Masserova; Irene Zhang; Vipul Goyal; Thomas Anderson; Arvind Krishnamurthy; Bryan ParnoTowards a Practical Differentially Private Collaborative Phone Blacklisting SystemUcci Daniele; Roberto Perdisci; Jaewoo Lee; Mustaque AhamadTowards Realistic Membership Inferences: The Case of Survey DataLuke A. Bauer; Vincent BindschaedlerQuantifying measurement quality and load distribution in TorAndre Greubel; Steffen Pohl; Samuel Kounev
13:15-13:30
13:30-14:45
Session Chair: Tomas Vagoun, NITRD/NCO

Panelists:

  • Heidi Sofia, Program Director, National Human Genome Research Institute, NIH
  • Josh Baron, Program Manager, Information Innovation Office, DARPA
  • Kurt Rohloff, Co-founder and CTO, Duality Technologies
  • Moderator: Tomas Vagoun, Cybersecurity R&D Coordinator, NITRD/NCO

 

 

Session Chair: Xiaokui Shu, Juan CaballeroSAIBERSOC: Synthetic Attack Injection to Benchmark and Evaluate the Performance of Security Operation CentersMartin Rosso; Michele Campobasso; Ganduulga Gankhuyag; Luca AllodiMeasurements of the Most Significant Software Security WeaknessesCarlos Cardoso Galhardo; Peter Mell; Irena Bojanova; Assane GueyeThis is Why We Can’t Cache Nice Things: Lightning-Fast Threat Hunting using Suspicion-Based Hierarchical StorageWajih Ul Hassan; Ding Li; Kangkook Jee; Xiao Yu; Kexuan (Klaus) Zou; Daiwei Wang; Zhengzhang Chen; Zhichun Li; Junghwan Rhee; Jiaping Gui; Adam BatesCDL: Classified Distributed Learning for Detecting Security Attacks in Containerized ApplicationsYuhang Lin; Olufogorehan Tunde-Onadele; Xiaohui GuOn the Forensic Validity of Approximated Audit LogsNoor Michael; Jaron Mink; Jason Liu; Sneha Gaur; Wajih Ul Hassan; Adam Bates Session Chair: Sazzadur Rahaman, Peter MayerMore Than Just Good Passwords? A Study on Usability and Security Perceptions of Risk-based AuthenticationStephan Wiefling; Markus Dürmuth; Luigi Lo IaconoDouble Patterns: A Usable Solution to Increase the Security of Android Unlock PatternsTim Forman; Adam AvivUnderstanding User Perceptions of Security and Privacy for Group Chat: A Survey of Users in the US and UKSean Oesch; Ruba Abu-Salma; Oumar Diallo; Juliane Krämer; James Simmons; Justin Wu; Scott RuotiWidely Reused and Shared, Infrequently Updated, and Sometimes Inherited: A Holistic View of PIN Authentication in Digital Lives and BeyondHassan Khan; Jason Ceci; Jonah Stegman; Adam J. Aviv; Rozita Dara; Ravi KuberUp2Dep: Android Tool Support to Fix Insecure Code DependenciesDuc Cuong Nguyen; Erik Derr; Michael Backes; Sven Bugiel
14:45-15:00
15:00-16:00
Session Chair: Brendan Saltaformaggio, Georgia Tech

 

 

Thursday, 10 December 2020
10:00-10:30
Session Chair: Gabriela Ciocarlie
10:30-11:45
Session Chair: Jeremy Epstein
11:45-12:00
12:00-13:15
Session Chair: Tomas Vagoun, NITRD/NCO

Panelists:

  • Stacy Bostjanick, CMMC Director, Office of the Undersecretary of Defense for Acquisition and Sustainment
  • Regan Edens, Chief Transformation Officer, DTC Global; Board of Directors and Chair, Committee on Standards, CMMC Accreditation Body
  • Katie Stewart, Senior Member of the Technical Staff, Carnegie Mellon Software Engineering Institute
  • Moderator: Tomas Vagoun, Cybersecurity R&D Coordinator, NITRD/NCO

 

Session Chair: Ming Li, Sivaram RamanathanOn the Feasibility of Automating Stock Market ManipulationCarter Yagemann; Simon P. Chung; Erkam Uzun; Sai Ragam; Brendan Saltaformaggio; Wenke LeeDragonblood is Still Leaking: Practical Cache-based Side-Channel in the WildDaniel De Almeida Braga; Pierre-Alain Fouque; Sabt MohamedDeepSIM: GPS Spoofing Detection on UAVs using Satellite Imagery MatchingNian Xue; Liang Niu; Xianbin Hong; Zhen Li; Larissa Hoffaeller; Christina PoepperCertified Copy? Understanding Security Risks of Wi-Fi Hotspot based Android Data Clone ServicesSiqi Ma; Hehao Li; Wenbo Yang; Juanru Li; Surya Nepal; Elisa BertinoDPIFuzz: A Differential Fuzzing Framework to Detect DPI Elusion Strategies for QUICGaganjeet Reen; Christian Rossow Session Chair: Tiffany Bao, Min XuA Flexible Framework for Expediting Bug Finding by Leveraging Past (Mis-)Behavior to Discover New BugsSanjeev Das; Kedrian James; Jan Werner; Manos Antonakakis; Michalis Polychronakis; Fabian MonroseCupid: Automatic Fuzzer Selection for Collaborative FuzzingEmre Güler; Philipp Görz; Elia Geretto; Andrea Jemmett; Sebastian Österlund; Herbert Bos; Cristiano Giuffrida; Thorsten HolzProbabilistic Naming of Functions in Stripped BinariesJames Patrick-Evans; Lorenzo Cavallaro; Johannes KinderGuide Me to Exploit: Assisted ROP Exploit Generation for ActionScript Virtual MachineFadi Yilmaz; Meera Sridhar; Wontae ChoiPractical Fine-Grained Binary Code RandomizationSoumyakant Priyadarshan; Huan Nguyen; R. Sekar
13:15-13:30

Alexandra Sandulescu, IBM Research

13:30-14:45
Session Chair: Randy Smith

Cybersecurity Test and Evaluation Lessons Learned,  Peter Christensen

 

Session Chair: Sébastien Bardin, Lesly-Ann DanielFaulty Point Unit: ABI Poisoning Attacks on Intel SGXFritz Alder; Jo Van Bulck; David Oswald; Frank PiessensReboot-Oriented IoT: Life Cycle Management in Trusted Execution Environment for Disposable IoT devicesKuniyasu Suzaki; Akira Tsukamoto; Andy Green; Mohammad MannanRusTEE: Developing Memory-Safe ARM TrustZone ApplicationsShengye Wan; Mingshen Sun; Kun Sun; Ning Zhang; Xu HeHeapExpo: Pinpointing Promoted Pointers to Prevent Use-After-Free VulnerabilitiesZekun Shen; Brendan Dolan-GavittρFEM: Efficient Backward-edge Protection Using Reversed Forward-edge MappingsPaul Muntean; Mathias Neumayer; Zhiqiang Lin; Gang Tan; Jens Grossklags; Claudia Eckert Session Chair: Salman Ahmed, Kangkook JeeConstrained Concealment Attacks against Reconstruction-based Anomaly Detectors in Industrial Control SystemsAlessandro Erba; Riccardo Taormina; Stefano Galelli; Marcello Pogliani; Michele Carminati; Stefano Zanero; Nils Ole TippenhauerWorkflow Integration Alleviates Identity and Access Management in Serverless ComputingArnav Sankaran; Pubali Datta; Adam BatesPrivacy-Preserving Production Process Parameter ExchangeJan Pennekamp; Erik Buchholz; Yannik Lockner; Markus Dahlmanns; Tiandong Xi; Marcel Fey; Christian Brecher; Christian Hopmann; Klaus WehrleEfficient Oblivious Substring Search via Architectural SupportNicholas Mainardi; Davide Sampietro; Alessandro Barenghi; Gerardo PelosiSERENIoT: Distributed Network Security Policy Management and Enforcement for Smart HomesCorentin Thomasset; David Barrera
14:45-15:00
15:00-16:00
Session Chair: Kevin Alejandro Roundy, Norton Lifelock
Friday, 11 December 2020
10:00-11:15
Session Chair: Carrie Gates, Bank of America

Panelists:

  • Diana Burley, Vice Provost for Research, American University
  • Ada Lerner, Assistant Professor of Computer Science, Wellesley College
  • Mary Theofanos, Computer Scientist, National Institute of Standards and Technology
  • Chenxi Wang, Managing General Partner, Rain Capital
Session Chair: Ya Xiao, Sharmin AfroseEffect of Security Controls on Patching Window: A Causal Inference based ApproachAditya Kuppa; Lamine Aouad; Nhien-An Le-KhacNoSQL Breakdown: A Large-scale Analysis of Misconfigured NoSQL ServicesDario Ferrari; Michele Carminati; Mario Polino; Stefano ZaneroGuardSpark++: Fine-Grained Purpose-Aware Access Control for Secure Data Sharing and Analysis in SparkTao Xue; Yu Wen; Bo Luo; Boyang Zhang; Yang Zheng; Yanfei Hu; Yingjiu Li; Gang Li; Dan MengUnderstanding Promotion-as-a-Service on GitHubKun Du; Hao Yang; Yubao Zhang; Haixin Duan; Haining Wang; Shuang Hao; Zhou Li; Min YangQuery-Efficient Black-Box Attack Against Sequence-Based Malware ClassifiersIshai Rosenberg; Asaf Shabtai; Yuval Elovici; Lior Rokach Session Chair: Tijay Chung, Roberto PerdisciFPSelect: Low-Cost Browser Fingerprints for Mitigating Dictionary Attacks against Web Authentication MechanismsNampoina Andriamilanto; Tristan Allard; Gaëtan Le GuelvouitSecurity Study of Service Worker Cross-Site ScriptingPhakpoom Chinprutthiwong; Raj Vardhan; GuangLiang Yang; Guofei GuCAPS: Smoothly Transitioning to a More Resilient Web PKIStephanos Matsumoto; Jay Bosamiya; Yucheng Dai; Paul van Oorschot; Bryan ParnodStyle-GAN: Generative Adversarial Network based on Writing and Photography Styles for Drug Identification in Darknet MarketsYiming Zhang; Yiyue Qian; Yujie Fan; Yanfang (Fanny) Ye; Xin Li; Qi Xiong; Fudong ShaoSession Key Distribution Made Practical for CAN and CAN-FD Message AuthenticationYang Xiao; Shanghao Shi; Ning Zhang; Wenjing Lou; Y. Thomas Hou
11:15-11:30

Xiaokui Shu, IBM Research

11:30-12:45
Session Chair: Saurabh Shintre

Anchoring Trust in a Totally Open Platform, Elaine R Palmer and George Wilson

Incident Response Planning for Election Cybersecurity: Designing a Workshop for County Clerks, Tom Edelberg and Mark Bruhn

Summarizing Intrusion Alerts to Attack Models for Higher-Ed SOC, Shanchieh (Jay) Yang, Ryan Kiser, Emily Adams, and Scott Orr

 

Session Chair: Long Cheng, Ning ZhangLeakyPick: IoT Audio Spy DetectorRichard Mitev; Anna Pazii; Markus Miettinen; William Enck; Ahmad-Reza SadeghiIvoriWatch: Exploring Transparent Integrity Verification of Remote User Input Leveraging WearablesPrakash Shrestha; Zengrui Liu; Nitesh SaxenaVerify&Revive: Secure Detection and Recovery of Compromised Low-end Embedded DevicesMahmoud Ammar; Bruno CrispoFirmAE: Towards Large-Scale Emulation of IoT Firmware for Dynamic AnalysisMingeun Kim; Dongkwan Kim; Eunsoo Kim; Suryeon Kim; Yeongjin Jang; Yongdae KimDevice-agnostic Firmware Execution is Possible: A Concolic Execution Approach for Peripheral EmulationChen Cao; Le Guan; Jiang Ming; Peng Liu Session Chair: Thang Hoang, Daphne YaoSet It and Forget It! Turnkey ECC for Instant IntegrationDmitry Belyavsky; Billy Brumley; Jesús-Javier Chi-Domínguez; Luis Rivera-Zamarripa; Igor UstinovPractical Over-Threshold Multi-Party Private Set IntersectionRasoul Akhavan Mahdavi; Thomas Humphries; Bailey Kacsmar; Simeon Krastnikov; Nils Lukas; John Abraham Premkumar; Masoumeh Shafieinejad; Simon Oya; Florian Kerschbaum; Erik-Oliver BlassSecure and Verifiable Inference in Deep Neural NetworksGuowen Xu; Hongwei Li; Hao Ren; Jianfei Sun; Shengmin Xu; Jianting Ning; Haomiao Yang; Kan Yang; Robert H. DengZeroAUDITAman Luthra; James Cavanaugh; Hugo Renzzo Oclese; Rina M. Hirsch; Xiang FuPolicy-based Chameleon Hash for Blockchain Rewriting with Black-box AccountabilityYangguang Tian; Nan Li; Yingjiu Li; Pawel Szalachowski; Jianying ZHOU
12:45-13:00
13:00-14:15
Session Chair: Adam Bates, Maliheh ShirvanianWearID: Low-Effort Wearable-Assisted Authentication of Voice Commands via Cross-Domain Comparison without TrainingCong Shi; Yan Wang; Yingying Chen; Nitesh Saxena; Chen WangImperio: Robust Over-the-Air Adversarial Examples for Automatic Speech Recognition SystemsLea Schönherr; Thorsten Eisenhofer; Steffen Zeiler; Thorsten Holz; Dorothea KolossaMeasuring the Effectiveness of Privacy Policies for Voice Assistant ApplicationsSong Liao; Christin Wilson; Long Cheng; Hongxin Hu; Huixing DengVoicefox: Leveraging Inbuilt Transcription to Enhance the Security of Machine-Human Speaker Verification against Voice Synthesis AttacksMaliheh Shirvanian; Manar Mohammed; Nitesh Saxena; S Abhishek AnandVibLive: A Continuous Liveness Detection for Secure Voice User Interface in IoT EnvironmentLinghan Zhang; Sheng Tan; Zi Wang; Yili Ren; Zhi Wang; Jie Yang Session Chair: Gang Wang, Bimal ViswanathFebruus: Input Purification Defense Against Trojan Attacks onDeep Neural Network SystemsBao Gia Doan; Ehsan Abbasnejad; Damith C. RanasingheNoiseScope: Detecting Deepfake Images in a Blind SettingJiameng Pu; Neal Mangaokar; Bolun Wang; Chandan K Reddy; Bimal ViswanathStegoNet: Turn Deep Neural Network into a StegomalwareTao Liu; Zihao Liu; Qi Liu; Wujie Wen; Wenyao Xu; Ming LiSEEF-ALDR: A Speaker Embedding Enhancement Framework via Adversarial Learning based Disentangled RepresentationJianwei Tai; Xiaoqi Jia; Qingjia Huang; Weijuan Zhang; Haichao Du; Shengzhi ZhangAttacking Graph-Based Classification without Changing Existing ConnectionsXuening Xu; Xiaojiang Du; Qiang Zeng
14:15-14:30
14:30-16:00

 



Powered by OpenConf®
Copyright©2002-2021 Zakon Group LLC