Accepted Papers

  • Exploiting Sound Masking for Audio Privacy in Smartphones
    Yu-Chih Tung (University of Michigan); Kang G. Shin (University of Michigan)
  • EPISODE: Efficient Privacy-PreservIng Similar Sequence Queries on Outsourced Genomic Databases
    Thomas Schneider (TU Darmstadt); Oleksandr Tkachenko (TU Darmstadt)
  • MoSSOT: An Automated Blackbox Tester for Single Sign-On Vulnerabilities in Mobile Applications
    Shangcheng Shi (The Chinese University of Hong Kong); Xianbo Wang (The Chinese University of Hong Kong); Wing Cheong Lau (The Chinese University of Hong Kong)
  • Revisiting Assumptions for Website Fingerprinting Attacks
    Weiqi Cui (Oklahoma State University); Tao Chen (Oklahoma State University); Christian Fields (Oklahoma State University); Julianna Chen (Oklahoma State University); Anthony Sierra (Oklahoma State University); Eric Chan-Tin (Loyola University Chicago)
  • GraphSE^2: An Encrypted Graph Database for Privacy-Preserving Social Search
    Shangqi Lai (Monash University); Xingliang Yuan (Monash University); Shi-Feng Sun (Monash University); Joseph K. Liu (Monash University); Yuhong Liu (Santa Clara University); Dongxi Liu (Data61, CSIRO)
  • Undermining User Privacy on Mobile Devices Using AI
    Berk Gulmezoglu (WPI); Andreas Zankl (Fraunhofer AISEC); Caner Tol (METU); Saad Islam (WPI); Thomas Eisenbarth (University of Lübeck); Berk Sunar (WPI)
  • Process-Aware Cyberattacks for Thermal Desalination Plants
    Prashant Hari Narayan Rajput (New York University Abu Dhabi); Pankaj Rajput (New York University Abu Dhabi); Marios Sazos (New York University Abu Dhabi); Michail Maniatakos (New York University Abu Dhabi)
  • Can I Opt Out Yet? GDPR and the Global Illusion of Cookie Control
    Iskander Sanchez-Rola (DeustoTech, University of Deusto, Symantec Research Labs); Matteo Dell’Amico (Symantec Research Labs); Platon Kotzias (IMDEA Software Institute, Universidad Politecnica de Madrid); Davide Balzarotti (Eurecom); Leyla Bilge (Symantec Research Labs); Pierre-Antoine Vervier (Symantec Research Labs); Igor Santos (DeustoTech, University of Deusto)
  • Waves of Malice: A Longitudinal Measurement of the Malicious File Delivery Ecosystem on the Web
    Colin Ife (University College London); Yun Shen (Symantec Research Labs); Steven Murdoch (University College London); Gianluca Stringhini (Boston University)
  • Robust Watermarking of Neural Network with Exponential Weighting
    Ryota Namba (University of Tsukuba); Jun Sakuma (University of Tsukuba, RIKEN AIP)
  • MPC Joins the Dark Side
    John Cartlidge (University of Bristol); Nigel P. Smart (KU Leuven and University of Bristol); Younes Talibi Alaoui (KU Leuven)
  • SoK: On DFA Vulnerabilities of Substitution-Permutation Networks
    Mustafa Khairallah (NTU, Singapore); Xiaolu Hou (Acronis, Singapore); Zakaria Najm (NTU, Singapore); Jakub Breier (Underwriters Laboratories, Singapore); Shivam Bhasin (NTU, Singapore); Thomas Peyrin (NTU, Singapore)
  • Pinpoint Rowhammer: Suppressing Unwanted Bit Flips on Rowhammer Attacks
    Sangwoo Ji (POSTECH); Youngjoo Ko (POSTECH); Saeyoung Oh (POSTECH); Jong Kim (POSTECH)
  • On the Difficulty of Hiding the Balance of Lightning Network Channels
    Jordi Herrera-Joancomarti (Universitat Autònoma de Barcelona); Guillermo Navarro-Arribas (Universitat Autònoma de Barcelona); Alejandro Ranchal-Pedrosa (Telecom SudParis); Joaquin Garcia-Alfaro (Telecom SudParis, CNRS SAMOVAR); Cristina Perez-Sola (Universitat Rovira i Virgili)
  • Study of Misbinding Attacks on Secure Device Pairing
    Mohit Sethi (NomadicLab, Ericsson Research, Finland); Aleksi Peltonen (Aalto University, Finland); Tuomas Aura (Aalto University, Finland)
  • Multi-Writer Searchable Encryption: An LWE-based Realization and Implementation
    Lei Xu (Nanjing University of Science and Technology); Xingliang Yuan (Monash University); Ron Steinfeld (Monash University); Cong Wang (City University of Hong Kong); Chungen Xu (Nanjing University of Science and Technology)
  • Control-Flow Carrying Code, Yan Lin (School of Information Systems
    Singapore Management University); Debin Gao (School of Information Systems, Singapore Management University); Xiaoyang Cheng (College of Cyber Science , Nankai University)
  • A New Blind ECDSA Scheme for Bitcoin Transaction Anonymity
    Xun Yi (RMIT University, Australia); Kwok-Yan Lam (Nanyang Technological University, Singapore)
  • MagAttack: Guessing Application Launching and Operation via Smartphone
    Yushi Cheng (Zhejiang University); Xiaoyu Ji (Zhejiang University); Wenyuan Xu (Zhejiang University); Hao Pan (Shanghai Jiao Tong University); Zhuangdi Zhu (Michigan State University); Chuang-Wen You (National Taiwan University); Yi-Chao Chen (University of Texas at Austin); Lili Qiu (University of Texas at Austin)
  • What Happens After You Leak Your Password: Understanding Credential Sharing on Phishing Sites
    Peng Peng (Virginia Tech); Chao Xu (Virginia Tech); Luke Quinn (Virginia Tech); Hang Hu (Virginia Tech); Bimal Viswanath (Virginia Tech); Gang Wang (Virginia Tech)
  • SoK: Using Dynamic Binary Instrumentation for Security (And How You May Get Caught Red
    Handed),Daniele Cono D’Elia (Sapienza University of Rome); Emilio Coppa (Sapienza University of Rome); Simone Nicchi (Sapienza University of Rome); Federico Palmaro (Prisma); Lorenzo Cavallaro (King’s College London)
  • The SEVerESt Of Them All ( Inference Attacks Against Secure Virtual Enclaves
    Jan Werner (University of North Carolina at Chapel Hill); Joshua Mason (University of Illinois Urbana-Champaign); Manos Antonakakis (Georgia Institute of Technology); Michalis Polychronakis (Stony Brook University); Fabian Monrose (University of North Carolina at Chapel Hill)
  • Exploiting Determinism in lattice-based signatures – Practical Fault Attacks on pqm4 implementations of NIST candidates
    Prasanna Ravi (Research Assistant); Mahabir Prasad Jhanwar (Assistant Professor); James Howe (Research Associate); Anupam Chattopadhyay (Assistant Professor); Shivam Bhasin (Research Scientist)
  • ObliDC: An SGX-based Oblivious Distributed Computing Framework with Formal Proof
    Pengfei WU (School of Software and Microelectronics, Peking University); Qingni SHEN (School of Software and Microelectronics, Peking University); Robert. H. DENG (School of Information System, Singapore Management University); Ximeng LIU (College of Mathematics and Computer Science, Fuzhou University); Yinghui ZHANG (National Engineering Laboratory for Wireless Security, Xi’an University of Posts and Telecommunications); Zhonghai WU (School of Software and Microelectronics, Peking University)
  • On The Unforkability of Monero
    Dimaz Ankaa Wijaya (Monash University); Joseph Liu (Monash University); Ron Steinfeld (Monash University); Dongxi Liu (Data61, CSIRO, Australia); Jiangshan Yu (Monash University)
  • Proper Usage of the Group Signature Scheme in ISO/IEC 20008-2
    Ai Ishida (National Institute of Advanced Industrial Science and Technology); Yusuke Sakai (National Institute of Advanced Industrial Science and Technology); Keita Emura (National Institute of Information and Communications Technology); Goichiro Hanaoka (National Institute of Advanced Industrial Science and Technology); Keisuke Tanaka (Tokyo Institute of Technology)
  • Identity-Based Broadcast Encryption with Outsourced Partial Decryption for Hybrid Security Models in Edge Computing
    Jongkil kim (University of Wollongong, Australia); Seyit Camtepe (CSIRO, Australia); Willy Susilo (University of Wollongong, Australia); Surya Nepal (CSIRO, Australia); Joonsang Baek (University of Wollongong, Australia)
  • Practical Aggregate Signature from General Elliptic Curves, and Applications to Blockchain
    Yunlei Zhao (Software School, Fudan University, Shanghai, China)
  • RIP-RH: Preventing Rowhammer-based Inter-Process Attacks
    Carsten Bock (TU Darmstadt); Ferdinand Brasser (TU Darmstadt); David Gens (TU Darmstadt); Ahmad-Reza Sadeghi (TU Darmstadt)
  • Ptrix: Efficient Hardware-Assisted Fuzzing for COTS Binary
    Yaohui Chen (Northeastern University); Dongliang Mu (Penn State University); Zhichuang Sun (Northeastern University); Jun Xu (Stevens Institute of Technology); Wenguo Shen (Samsung Research American); Xinyu Xing (Penn State University); Long Lu (Northeastern University); Bing Mao (Nanjing University)
  • Delegable Order-Revealing Encryption
    Yuan Li (Fudan University); Hongbing Wang (Singapore Management University); Yunlei Zhao (Fudan University)
  • Purchased Fame: Exploring the Ecosystem of Private Blog Networks
    Tom Van Goethem (imec-DistriNet, KU Leuven); Najmeh Miramirkhani (Stony Brook University); Wouter Joosen (imec-DistriNet, KU Leuven); Nick Nikiforakis (Stony Brook University)
  • Towards Understanding Android System Vulnerabilities: Techniques and Insights
    Daoyuan Wu (Singapore Management University); Debin Gao (Singapore Management University); Eric K. T. Cheng (The Hong Kong Polytechnic University); Yichen Cao (SOBUG, ShenZhen, China); Jintao Jiang (SOBUG, ShenZhen, China); Robert H. Deng (Singapore Management University)
  • Practical Side-Channel Attacks against WPA-TKIP
    Domien Schepers (Northeastern University); Aanjhan Ranganathan (Northeastern University); Mathy Vanhoef (New York University Abu Dhabi)
  • DeClassifier: Class-Inheritance Inference Engine for Optimized C++ Binaries
    Rukayat Ayomide Erinfolami (Binghamton University); Aravind Prakash (Binghamton University)
  • A Decade of Mal-Activity Reporting: A Retrospective Analysis of Internet Malicious Activity Blacklists
    Benjamin Zi Hao Zhao (Data61, UNSW); Muhammad Ikram (Macquarie University, University of Michigan); Hassan Jameel Asghar (Data61, Macquarie University); Mohamed Ali Kaafar (Data61, Macquarie University); Abdelberi Chaabane (Nokia Bell Labs); Kanchana Thilakarathna (The University of Sydney)
  • A Hybrid Approach to Secure Function Evaluation using SGX
    Joseph I. Choi (University of Florida); Dave (Jing) Tian (University of Florida); Grant Hernandez (University of Florida); Christopher Patton (University of Florida); Benjamin Mood (Point Loma Nazarene University); Thomas Shrimpton (University of Florida); Kevin R. B. Butler (University of Florida); Patrick Traynor (University of Florida)
  • TweetScore: Scoring Tweets via Social Attribute Relationships for Twitter Spammer Detection
    Yihe Zhang (Unaffiliated); Hao Zhang (Unaffiliated); Xu Yuan (Unaffiliated); Nian-Feng Tzeng (Unaffiliated)
  • K2SN-MSS: An Efficient Post-Quantum Signature
    Sabyasachi Karati (University of Calgary); Reihaneh Safavi-Naini (University of Calgary)
  • “I Don’t Think I Can Share My Health Information …”: Understanding Users’ Risk Perceptions about Personal Health Records Shared on Social Networking Services
    Yuri Son (Samsung Electronics Co., Ltd.); Geumhwan Cho (Sungkyunkwan University); Hyoungshick Kim (Sungkyunkwan University); Simon Woo (SUNY Korea)
  • eHIFS: An Efficient History Independent File System
    Biao Gao (Institute of Information Engineering); Bo Chen (Department of Computer Science, Michigan Technological University); Shijie Jia (Institute of Information Engineering, CAS); Luning Xia (Institute of Information Engineering)
  • An Empirical Study of Prioritizing JavaScript Engine Crashes via Machine Learning
    Sunnyeo Park (KAIST); Dohyeok Kim (KAIST); Sooel Son (KAIST)
  • ScriptProtect: Mitigating Unsafe Third-Party JavaScript Practices
    Marius Musch (TU Braunschweig); Marius Steffens (CISPA Helmholtz Center for Information Security); Ben Stock (CISPA Helmholtz Center for Information Security); Martin Johns (TU Braunschweig)
  • Alexa lied to me: Skill-based Man-in-the-Middle Attacks on Virtual Assistants
    Richard Mitev (Technische Universität Darmstadt); Markus Miettinen (Technische Universität Darmstadt); Ahmad-Reza Sadeghi (Technische Universität Darmstadt)
  • (Short Paper) A Feature-Oriented Corpus for understanding, Evaluating and Improving Fuzz Testing
    Xiaogang Zhu (Swinburne University of Technology); Xiaotao Feng (Swinburne University of Technology); Tengyun Jiao (Swinburne University of Technology); Sheng Wen (Swinburne University of Technology); Jingling Xue (The University of New South Wales); Seyit Camtepe (CSIRO Data61); Yang Xiang (Swinburne University of Technology)
  • (Short Paper) Thermanator: Thermal Residue-Based Post Factum Attacks On Keyboard Data Entry
    Tyler Kaczmarek (University of California, Irvine); Ercan Ozturk (University of California, Irvine); Gene Tsudik (University of California, Irvine)
  • (Short Paper) HADES-IoT: A Practical Host-Based Anomaly Detection System for IoT Devices
    Dominik Breitenbacher (Singapore University of Technology and Design); Ivan Homoliak (Singapore University of Technology and Design); Yan Lin Aung (Singapore University of Technology and Design); Nils Ole Tippenhauer (CISPA Helmholtz Center for Information Security); Yuval Elovici (Singapore University of Technology and Design)
  • (Short Paper) Running Language Interpreters Inside SGX: A Lightweight, Legacy-Compatible Script Code Hardening Approach
    Huibo Wang (University of Texas at Dallas); Erick Bauman (University of Texas at Dallas); Vishal Karande (University of Texas at Dallas); Yueqiang Cheng (Baidu USA Xlab); Zhiqiang Lin (The Ohio State University); Yinqian Zhang (The Ohio State University)
  • (Short Paper) A Pilot Study on Consumer IoT Device Vulnerability Disclosure and Patch Release in Japan and the United States
    Asuka Nakajima (NTT Secure Platform Laboratories); Takuya Watanabe (NTT Secure Platform Laboratories); Eitaro Shioji (NTT Secure Platform Laboratories); Mitsuaki Akiyama (NTT Secure Platform Laboratories); Maverick Woo (Carnegie Mellon University)
  • (Short Paper) A Closer Look Tells More: A Facial Distortion Based Liveness Detection for Face Authentication
    Yan Li (Advanced Digital Science Center); Zilong Wang (Xidian University); Yingjiu Li (Singapore Management University); Robert Deng (Singapore Management University); Binbin Chen (Advanced Digital Science Center); Weizhi Meng (Technical University of Denmark); Hui Li (Xidian University)
  • (Short Paper) Flexibly and Securely Shape Your Data Disclosed to Others
    Qingqing Xie (Jiangsu University); Yantian Hou (Boise State University); Ke Cheng (Xidian University); Gaby G. Dagher (Boise State University); Liangmin Wang (Jiangsu University); Shucheng Yu (Stevens Institute of Technology)
  • (Short Paper) R2Q: A Risk Quantification Framework to Authorize Requests in Web-based Collaborations
    Nirnay Ghosh (iTrust Centre for Research in Cyber Security, Singapore University of Technology and Design (SUTD), Singapore 487372.); Rishabh Singhal (JP Morgan & Chase Co., Mumbai, India); Sajal K Das (Department of Computer Science, Missouri University of Science and Technology, Rolla, MO 65409, USA)
  • (Short Paper) Design procedure of knowledge base for practical attack graph generation
    Masaki Inokuchi (Security Research Laboratories, NEC Corporation); Yoshinobu Ohta (Security Research Laboratories, NEC Corporation); Shunichi Kinoshita (Security Research Laboratories, NEC Corporation); Tomohiko Yagyu (Security Research Laboratories, NEC Corporation); Orly Stan (Department of Software and Information Systems Engineering, Ben-Gurion University of the Negev); Ron Bitton (Department of Software and Information Systems Engineering, Ben-Gurion University of the Negev); Yuval Elovici (Department of Software and Information Systems Engineering, Ben-Gurion University of the Negev); Asaf Shabtai (Department of Software and Information Systems Engineering, Ben-Gurion University of the Negev)
  • (Short Paper) AndrEnsemble: Leveraging API Ensembles to Characterize Android Malware Families
    Omid Mirzaei (Universidad Carlos III de Madrid); Guillermo Suarez-Tangil (King’s College London); Jose M. de Fuentes (Universidad Carlos III de Madrid); Juan Tapiador (Universidad Carlos III de Madrid); Gianluca Stringhini (Boston University)
  • (Short Paper) Mobile Friendly or Attacker Friendly? A Large-scale Security Evaluation of Mobile-first Websites
    Tom Van Goethem (imec-DistriNet, KU Leuven); Victor Le Pochat (imec-DistriNet, KU Leuven); Wouter Joosen (imec-DistriNet, KU Leuven)
  • (Short Paper) Unveiling Systematic Biases in Decisional Processes. An Application to Discrimination Discovery
    Laura Genga (Eindhoven University of Technology); Luca Allodi (Eindhoven University of Technology); Nicola Zannone (Eindhoven University of Technology)
  • (Short Paper) E-Spion: A System-Level Intrusion Detection System for IoT Devices
    Anand Mudgerikar (Purdue University); Puneet Sharma (HPE); Elisa Bertino (Purdue University)
  • (Short Paper)Examining DES-based Cipher Suite Support within the TLS Ecosystem
    Vanessa Frost (University of Florida); Dave Tian (University of Florida); Christie Ruales (University of Florida); Vijay Prakash (University of Florida); Kevin Butler (University of Florida); Patrick Traynor (University of Florida)