Skip to main content

Accepted Papers

The following technical papers have been accepted for this year's program.

The Tangled Genealogy of IoT Malware
Emanuele Cozzi (Eurecom), Pierre-Antoine Vervier, Matteo Dell'Amico, Yun Shen, Leyla Bilge (NortonLifeLock Research Group), Davide Balzarotti (Eurecom)

Spotlight: Malware Lead Generation at Scale
Fabian Kaczmarczyck, Bernhard Grill, Luca Invernizzi, Jennifer Pullman, Cecilia M. Procopiuc, David Tao, Borbala Benko, Elie Bursztein (Google)

App-Agnostic Post-Execution Semantic Analysis of Android In-Memory Forensics Artifacts
Aisha Ali-Gombe, Alexandra Tambaoan, Angela Gurfolino (Towson University), Golden Richard (Louisiana State University)

AVClass2: Massive Malware Tag Extraction from AV Labels
Silvia Sebastián, Juan Caballero (IMDEA Software Institute)

Advanced Windows Methods on Malware Detection and Classification 
Dima Rabadi, Sin Teo (Institute for Infocomm Research (I2R), A*STAR, Singapore)

SAIBERSOC: Synthetic Attack Injection to Benchmark and Evaluate the Performance of Security Operation Centers
Martin Rosso, Michele Campobasso, Ganduulga Gankhuyag, Luca Allodi (Eindhoven University of Technology)

Measurements of the Most Significant Software Security Weaknesses
Carlos Cardoso Galhardo (National Institute of Standards and Technology; INMETRO), Peter Mell, Irena Bojanova (National Institute of Standards and Technology), Assane Gueye (UADB-Senegal & Prometheus Computing)

This is Why We Can’t Cache Nice Things: Lightning-Fast Threat Hunting using Suspicion-Based Hierarchical Storage
Wajih Ul Hassan (University of Illinois Urbana-Champaign), Ding Li (NEC Laboratories America), Kangkook Jee (University of Texas at Dallas), Xiao Yu (NEC Laboratories America), Kexuan (Klaus) Zou, Dawei Wang (University of Illinois Urbana-Champaign), Zhengzhang Chen, Zhichun Li, Junghwan Rhee, Jiaping Gui (NEC Laboratories America), Adam Bates (University of Illinois Urbana-Champaign)

CDL: Classified Distributed Learning for Detecting Security Attacks in Containerized Applications
Yuhang Lin, Olufogorehan Tunde-Onadele, Xiaohui Gu (North Carolina State University)

On the Forensic Validity of Approximated Audit Logs
Noor Michael, Jaron Mink, Jason Liu, Sneha Gaur, Wajih Ul Hassan, Adam Bates (University of Illinois Urbana-Champaign)

On the Feasibility of Automating Stock Market Manipulation
Carter Yagemann, Simon Chung, Erkam Uzun, Sai Ragam, Brendan Saltaformaggio, Wenke Lee (Georgia Institute of Technology)

Dragonblood is Still Leaking: Practical Cache-based Side-Channel in the Wild
Daniel De Almeida Braga, Pierre-Alain Fouque, Sabt Mohamed (Univ Rennes, CNRS, IRISA)

DeepSIM: GPS Spoofing Detection on UAVs using Satellite Imagery Matching
Nian Xue, Liang Niu (New York University), Xianbin Hong (University of Liverpool), Zhen Li (Shanghai Glotech Information Technology Co.), Larissa Hoffaeller (Hasso Plattner Institute), Christina Poepper (New York University Abu Dhabi)

Certified Copy? Understanding Security Risks of Wi-Fi Hotspot based Android Data Clone Services
Siqi Ma (CSIRO), Haohe Li, Wenbo Yang (Shanghai Jiao Tong University), Juanru Li (Shanghai Jiao Tong University), Surya Nepal (CSIRO), Elisa Bertino (Purdue University) 

DPIFuzz: A Differential Fuzzing Framework to Detect DPI Elusion Strategies for QUIC
Gaganjeet Reen, Christian Rossow (CISPA – Helmholtz Center for Information Security)

Faulty Point Unit: ABI Poisoning Attacks on Intel SGX
Fritz Alder, Jo Van Bulck (imec-DistriNet, KU Leuven), David Oswald (The University of Birmingham, UK), Frank Piessens (imec-DistriNet, KU Leuven)

Reboot-Oriented IoT: Life Cycle Management in Trusted Execution Environment for Disposable IoT devices
Kuniyasu Suzaki, Akira Tsukamoto (National Institute of Advanced Industrial Science and Technology), Andy Green (Warmcat), Mohammad Mannan (Concordia University)

RusTEE: Developing Memory-Safe ARM TrustZone Applications
Shengye Wan (The College of William & Mary), Mingshen Sun (Baidu), Kun Sun (George Mason University), Ning Zhang (Washington University in St. Louis), Xu He (George Mason University)

HeapExpo: Pinpointing Promoted Pointers to Prevent Use-After-Free Vulnerabilities 
Zekun Shen, Brendan Dolan-Gavitt (New York University)

ρFEM: Efficient Backward-edge Protection Using Reversed Forward-edge Mappings
Paul Muntean, Matthias Neumayer (TU Munich), Zhiqiang Lin (Ohio State University), Gang Tan (Penn State University), Jens Grossklags, Claudia Eckert (TU Munich)

Effect of Security Controls on Patching Window: A Causal Inference based Approach
Aditya Kuppa (University College Dublin), Lamine Aouad (Tenable Network Security), Nhien-An Le-Khac (University College Dublin)

NoSQL Breakdown: A Large-scale Analysis of Misconfigured NoSQL Services 
Dario Ferrari, Michele Carminati, Mario Polino, Stefano Zanero (Politecnico di Milano)

GuardSpark++: Fine-Grained Purpose-Aware Access Control for Secure Data Sharing and Analysis in Spark
Tao Xue, Yu Wen (Institute of Information Engineering, Chinese Academy of Sciences), Bo Luo (The University of Kansas), Boyang Zhang, Yang Zheng, Yanfei Hu (Institute of Information Engineering, Chinese Academy of Sciences), Yingjiu Li (Singapore Management University), Gang Li (Deakin University), Dan Meng (Institute of Information Engineering, Chinese Academy of Sciences)

Understanding Promotion-as-a-Service on GitHub
Kun Du, Hao Yang (TsingHua University), Yubao Zhang (University of Delaware), Haixin Duan (Tsinghua University; Qi An Xin Group Corp.), Haining Wang (Virginia Tech), Shuang Hao (University of Texas at Dallas), Zhou Li (University of California, Irvine), Min Yang (Fudan University)

Query-Efficient Black-Box Attack Against Sequence-Based Malware Classifiers 
Ishai Rosenberg, Asaf Shabtai, Yuval Elovici, Lior Rokach (Ben-Gurion University of the Negev)

LeakyPick: IoT Audio Spy Detector
Richard Mitev (Technical University of Darmstadt), Anna Pazii (University of Paris Saclay), Markus Miettinen (Technical University of Darmstadt), William Enck (North Carolina State University), Ahmad-Reza Sadeghi (Technical University of Darmstadt)

IvoriWatch: Exploring Transparent Integrity Verification of Remote User Input Leveraging Wearables
Prakash Shrestha, Zengrui Liu, Nitesh Saxena (The University of Alabama at Birmingham)

Verify&Revive: Secure Detection and Recovery of Compromised Low-end Embedded Devices
Mahmoud Ammar (KU Leuven), Bruno Crispo (University of Trento)

FirmAE: Towards Large-Scale Emulation of IoT Firmware for Dynamic Analysis
Mingeun Kim (The Affiliated Institute of ETRI), Dongkwan Kim, Eunsoo Kim (KAIST), Suryeon Kim (Ministry of National Defense, Republic of Korea), Yeongjin Jang (Oregon State University), Yongdae Kim (KAIST)

Device-agnostic Firmware Execution is Possible: A Concolic Execution Approach for Peripheral Emulation
Chen Cao (The Pennsylvania State University), Le Guan (University of Georgia), Jiang Ming (University of Texas at Arlington), Peng Liu (The Pennsylvania State University)

WearID: Low-Effort Wearable-Assisted Authentication of Voice Commands via Cross-Domain Comparison without Training
Cong Shi (Rutgers University), Yan Wang (Temple University), Yingying Chen (Rutgers University), Nitesh Saxena (The University of Alabama at Birmingham), Chen Wang (Rutgers University)

Imperio: Robust Over-the-Air Adversarial Examples for Automatic Speech Recognition Systems
Lea Schönherr, Thorsten Eisenhofer, Steffen Zeiler, Thorsten Holz, Dorothea Kolossa (Ruhr University Bochum)

Measuring the Effectiveness of Privacy Policies for Voice Assistant Applications 
Song Liao, Christin Wilson, Long Cheng, Hongxin Hu, Huixing Deng (Clemson University)

Voicefox: Leveraging Inbuilt Transcription to Enhance the Security of Machine-Human Speaker Verification against Voice Synthesis Attacks
Maliheh Shirvanian (Visa Research), Manar Mohammed (Miami University), Nitesh Saxena (The University of Alabama at Birmingham), Abhishek Anand (Bloomberg)

VibLive: A Continuous Liveness Detection for Secure Voice User Interface in IoT Environment
Linghan Zhang (Florida State University), Sheng Tan (Trinity University), Zi Wang, Yili Ren, Zhi Wang, Jie Yang (Florida State University)

Betrayed by the Guardian: Security and Privacy Risks of Parental Control Solutions
Suzan Ali, Mounir Elgharabawy, Quentin Duchaussoy, Mohammad Mannan, Amr Youssef (Concordia University)

Talek: Private Group Messaging with Hidden Access Patterns
Raymond Cheng, William Scott (University of Washington), Elisaweta Masserova (Carnegie Mellon University), Irene Zhang (Microsoft Research), Vipul Goyal (Carnegie Mellon University), Thomas Anderson, Arvind Krishnamurthy (University of Washington), Bryan Parno (Carnegie Mellon University)

Towards a Practical Differentially Private Collaborative Phone Blacklisting System 
Ucci Daniele (University of Rome), Roberto Perdisci, Jaewoo Lee (University of Georgia), Mustaque Ahamad (Georgia Institute of Technology)

Towards Realistic Membership Inferences: The Case of Survey Data 
Luke Bauer, Vincent Bindschaedler (University of Florida)

Quantifying measurement quality and load distribution in Tor 
Andre Greubel, Steffen Pohl, Samuel Kounev (University of Wuerzburg)

More Than Just Good Passwords? A Study on Usability and Security Perceptions of Risk-based Authentication
Stephan Wiefling (H-BRS University of Applied Sciences, Ruhr University Bochum), Markus Dürmuth (Ruhr University Bochum), Luigi Lo Iacono (H-BRS University of Applied Sciences)

Double Patterns: A Usable Solution to Increase the Security of Android Unlock Patterns
Tim Forman (United States Naval Academy), Adam Aviv (The George Washington University)

Understanding User Perceptions of Security and Privacy for Group Chat: A Survey of Users in the US and UK 
Sean Oesch (University of Tennessee, Knoxville), Ruba Abu-Salma (University of Cambridge), Oumar Diallo (University of Tennessee, Knoxville), Juliane Krämer (TU Darmstadt), James Simmons (University of Tennessee, Knoxville), Justin Wu (Brigham Young University), Scott Ruoti (University of Tennessee, Knoxville)

Widely Reused and Shared, Infrequently Updated, and Sometimes Inherited: A Holistic View of PIN Authentication in Digital Lives and Beyond 
Hassan Khan, Jason Ceci, Jonah Stegman (University of Guelph), Adam Aviv (The George Washington University), Rozita Dara (University of Guelph), Ravi Kuber (University of Maryland, Baltimore County)

Up2Dep: Android Tool Support to Fix Insecure Code Dependencies
Duc Cuong Nguyen, Erik Derr, Michael Backes, Sven Bugiel (CISPA Helmholtz Center for Information Security)

A Flexible Framework for Expediting Bug Finding by Leveraging Past (Mis-)Behavior to Discover New Bugs
Sanjeev Das (IBM Research), Kedrian James, Jan Werner (University of North Carolina at Chapel Hill), Manos Antonakakis (Georgia Tech), Michalis Polychronakis (Stony Brook University), Fabian Monrose (University of North Carolina at Chapel Hill)

Cupid: Automatic Fuzzer Selection for Collaborative Fuzzing
Emre Güler, Philipp Görz (Ruhr-Universität Bochum), Elia Geretto, Andrea Jemmett, Sebastian Österlund, Herbert Bos, Cristiano Giuffrida (Vrije Universiteit Amsterdam), Thorsten Holz (Ruhr-Universtität Bochum)

Probabilistic Naming of Functions in Stripped Binaries
James Patrick-Evans (Royal Holloway, University of London), Lorenzo Cavallaro (King's College London), Johannes Kinder (Bundeswehr University Munich)

Guide Me to Exploit: Assisted ROP Exploit Generation for ActionScript Virtual Machine
Fadi Yilmaz, Meera Sridhar, Wontae Choi (University of North Carolina at Charlotte)

Practical Fine-Grained Binary Code Randomization
Soumyakant Priyadarshan, Huan Nguyen, R. Sekar (Stony Brook University)

Constrained Concealment Attacks against Reconstruction-based Anomaly Detectors in Industrial Control Systems
Alessandro Erba (CISPA Helmholtz Center for Information Security), Riccardo Taormina (TU Delft), Stefano Galelli (Singapore University of Technology and Design), Marcello Pogliani, Michele Carminati, Stefano Zanero (Politecnico di Milano), Nils Ole Tippenhauer (CISPA Helmholtz Center for Information Security)

Workflow Integration Alleviates Identity and Access Management in Serverless Computing
Arnav Sankaran, Pubali Datta, Adam Bates (University of Illinois at Urbana–Champaign)

Privacy-Preserving Production Process Parameter Exchange
Jan Pennekamp, Erik Buchholz, Yannik Lockner, Markus Dahlmanns, Tiandong Xi, Marcel Fey, Christian Brecher, Christian Hopmann, Klaus Wehrle (RWTH Aachen University)

Efficient Oblivious Substring Search via Architectural Support
Nicholas Mainardi, Davide Sampietro, Alessandro Barenghi, Gerardo Pelosi (Politecnico di Milano)

SERENIoT: Distributed Network Security Policy Management and Enforcement for Smart Homes
Corentin Thomasset (Polytechnique Montréal), David Barrera (Carleton University)

FPSelect: Low-Cost Browser Fingerprints for Mitigating Dictionary Attacks against Web Authentication Mechanisms 
Nampoina Andriamilanto (Institute of Research and Technology b<>com and Univ Rennes, CNRS, IRISA), Tristan Allard (Univ Rennes, CNRS, IRISA), Gaëtan Le Guelvouit (Institute of Research and Technology b<>com)

Security Study of Service Worker Cross-Site Scripting
Phakpoom Chinprutthiwong, Raj Vardhan, GuangLiang Yang, Guofei Gu (Texas A&M University)

CAPS: Smoothly Transitioning to a More Resilient Web PKI
Stephanos Matsumoto (Olin College of Engineering), Jay Bosamiya, Yucheng Dai (Carnegie Mellon University), Paul van Oorschot (Carleton University), Bryan Parno (Carnegie Mellon University)

dStyle-GAN: Generative Adversarial Network based on Writing and Photography Styles for Drug Identification in Darknet Markets
Yiming Zhang, Yiyue Qian, Yujie Fan, Yanfang (Fanny) Ye (Case Western Reserve University), Xin Li (West Virginia University), Qi Xiong, Fudong Shao (Tencent Security Lab)

Session Key Distribution Made Practical for CAN and CAN-FD Message Authentication 
Yang Xiao, Shanghao Shi (Virginia Tech), Ning Zhang (Washington University in St. Louis), Wenjing Lou, Y. Thomas Hou (Virginia Tech)

Set It and Forget It! Turnkey ECC for Instant Integration
Dmitry Belyavsky (Cryptocom), Billy Brumley, Jesús-Javier Chi-Domínguez, Luis Rivera-Zamarripa (Tampere University), Igor Ustinov (Cryptocom)

Practical Over-Threshold Multi-Party Private Set Intersection
Rasoul Akhavan Mahdavi, Thomas Humphries, Bailey Kacsmar, Simeon Krastnikov, Nils Lukas, John Abraham Premkumar, Masoumeh Shafieinejad, Simon Oya, Florian Kerschbaum (University of Waterloo), Erik-Oliver Blass (Airbus)

Secure and Verifiable Inference in Deep Neural Networks
Guowen Xu, Hongwei Li, Hao Ren, Jianfei Sun (University of Electronic Science and Technology of China), Shengmin Xu (Singapore University of Technology and Design), Jianting Ning (Fujian Normal University & Singapore Management University), Haomiao Yang (University of Electronic Science and Technology of China), Kan Yang (The University of Memphis), Robert Deng (Singapore Management University)

ZeroAUDIT 
Aman Luthra, James Cavanaugh, Hugo Renzzo Oclese, Rina Hirsch, Xiang Fu (Hofstra University)

Policy-based Chameleon Hash for Blockchain Rewriting with Black-box Accountability
Yangguang Tian (Singapore University of Technology and Design), Nan Li (University of Newcastle), Yingjiu Li (University of Oregon), Pawel Szalachowski, Jianying Zhou (Singapore University of Technology and Design)

Februus: Input Purification Defense Against Trojan Attacks on Deep Neural Network Systems
Bao Gia Doan, Ehsan Abbasnejad, Damith Ranasinghe (The University of Adelaide)

NoiseScope: Detecting Deepfake Images in a Blind Setting
Jiameng Pu, Neal Mangaokar (Virginia Tech), Bolun Wang (Facebook), Chandan Reddy, Bimal Viswanath (Virginia Tech)

StegoNet: Turn Deep Neural Network into a Stegomalware
Tao Liu (Lawrence Technological University), Zihao Liu (Florida International University), Qi Liu, Wujie Wen (Lehigh University), Wenyao Xu (SUNY Buffalo), Ming Li (University of Arizona)

SEEF-ALDR: A Speaker Embedding Enhancement Framework via Adversarial Learning based Disentangled Representation
Jianwei Tai, Xiaoqi Jia, Qingjia Huang, Weijuan Zhang, Haichao Du (Institute of Information Engineering, Chinese Academy of Sciences), Shengzhi Zhang (Boston University)

Attacking Graph-Based Classification without Changing Existing Connections 
Xuening Xu, Xiaojiang Du (Temple University), Qiang Zeng (University of South Carolina)