NDSS Symposium 2017 Accepted Papers
Indiscreet Logs: Diffie-Hellman Backdoors in TLS
Kristen Dorey, Nicholas Chang-Fong and Aleksander Essex
On the Safety and Efficiency of Virtual Firewall Elasticity Control
Juan Deng, Hongda Li, Hongxin Hu, Kuang-Ching Wang, Gail-Joon Ahn, Siming Zhao and Wonkyu Han
Fake Co-visitation Injection Attacks to Recommender Systems
Guolei Yang, Neil Zhenqiang Gong and Ying Cai
KEH-Gait: Towards a Mobile Healthcare User Authentication System by Kinetic Energy Harvesting
Weitao Xu, Guohao Lan, Qi Lin, Sara Khalifa, Neil Bergmann, Mahbub Hassan and Wen Hu
Dynamic Virtual Address Range Adjustment for Intra-Level Privilege Separation on ARM
Yeongpil Cho, Donghyun Kwon, Hayoon Yi and Yunheung Paek
Automated Analysis of Privacy Requirements for Mobile Apps
Sebastian Zimmeck, Ziqi Wang, Lieyong Zou, Roger Iyengar, Bin Liu, Florian Schaub, Shomir Wilson, Norman Sadeh, Steven M. Bellovin and Joel Reidenberg
SGX-Shield: Enabling Address Space Layout Randomization for SGX Programs
Jaebaek Seo, Byoungyoung Lee, Seongmin Kim, Ming-Wei Shih, Insik Shin, Dongsu Han and Taesoo Kim
ContexIoT: Towards Providing Contextual Integrity to Appified IoT Platforms
Yunhan Jack Jia, Qi Alfred Chen, Shiqi Wang, Amir Rahmati, Earlence Fernandes, Z. Morley Mao and Atul Prakash
Constant Round Maliciously Secure 2PC with Function-independent Preprocessing using LEGO
Jesper Buus Nielsen, Thomas Schneider and Roberto Trifiletti
A Large-scale Analysis of the Mnemonic Password Advice
Johannes Kiesel, Benno Stein and Stefan Lucks
TumbleBit: An Untrusted Bitcoin-Compatible Anonymous Payment Hub
Ethan Heilman, Leen Alshenibr, Foteini Baldimtsi, Alessandra Scafuro and Sharon Goldberg
Fast Actively Secure OT Extension for Short Secrets
Arpita Patra, Pratik Sarkar and Ajith Suresh
Show Me the Money! Finding Flawed Implementations of Third-party In-app Payment in Android Apps
Wenbo Yang, Juanru Li, Hui Liu, Qing Wang, Yueheng Zhang, Yuanyuan Zhang and Dawu Gu
MARX: Uncovering Class Hierarchies in C++ Programs
Andre Pawlowski, Moritz Contag, Victor van der Veen, Chris Ouwehand, Thorsten Holz, Herbert Bos, Elias Athanasopoulos and Cristiano Giuffrida
Pushing the Communication Barrier in Secure Computation using Lookup Tables
Ghada Dessouky, Farinaz Koushanfar, Ahmad-Reza Sadeghi, Thomas Schneider, Shaza Zeitouni and Michael Zohner
FBS-Radar: Uncovering Fake Base Stations at Scale in the Wild
Zhenhua Li, Weiwei Wang, Christo Wilson, Jian Chen, Chen Qian, Taeho Jung, Lan Zhang, Kebin Liu, Xiangyang Li and Yunhao Liu
Enabling Reconstruction of Attacks on Users via Efficient Browsing Snapshots
Phani Vadrevu, Jienan Liu, Bo Li, Babak Rahbarinia, Kyu Hyung Lee and Roberto Perdisci
A Call to ARMs: Understanding the Costs and Benefits of JIT Spraying Mitigations
Wilson Lian, Hovav Shacham and Stefan Savage
Using Fully Homomorphic Encryption for Statistical Analysis of Categorical, Ordinal and Numerical Data
Wen-jie Lu, Shohei Kawasaki and Jun Sakuma
Are We There Yet? On RPKI’s Deployment and Security
Yossi Gilad, Avichai Cohen, Amir Herzberg, Michael Schapira and Haya Shulman
Cracking Android Pattern Lock in Five Attempts
Guixin Ye, Zhanyong Tang, Dingyi Fang, Xiaojiang Chen, Kwang In Kim, Ben Taylor and Zheng Wang
Internet-scale Probing of CPS: Inference, Characterization and Orchestration Analysis
Claude Fachkha, Elias Bou-Harb, Anastasis Keliris, Nasir Memon and Mustaque Ahamad
(Cross-)Browser Fingerprinting via OS and Hardware Level Features
Yinzhi Cao, Song Li and Erik Wijmans
WireGuard: Next Generation Kernel Network Tunnel
Jason A. Donenfeld
Dial One for Scam: A Large-Scale Analysis of Technical Support Scams
Najmeh Miramirkhani, Oleksii Starov and Nick Nikiforakis
Measuring small subgroup attacks against Diffie-Hellman
Luke Valenta, David Adrian, Antonio Sanso, Shaanan Cohney, Joshua Fried, Marcella Hastings, J. Alex Halderman and Nadia Heninger
SafeInit: Comprehensive and Practical Mitigation of Uninitialized Read Vulnerabilities
Alyssa Milburn, Herbert Bos and Cristiano Giuffrida
ObliviSync: Practical Oblivious File Backup and Synchronization
Adam J. Aviv, Seung Geol Choi, Travis Mayberry and Daniel S. Roche
T-SGX: Eradicating Controlled-Channel Attacks Against Enclave Programs
Ming-Wei Shih, Sangho Lee, Taesoo Kim and Marcus Peinado
An Evil Copy: How the Loader Betrays You
Xinyang Ge, Mathias Payer and Trent Jaeger
PSI: Precise Security Instrumentation for Enterprise Networks
Tianlong Yu, Seyed K. Fayaz, Michael Collins, Vyas Sekar and Srinivasan Seshan
Catching Worms, Trojan Horses and PUPs: Unsupervised Detection of Silent Delivery Campaigns
Bum Jun Kwon, Virinchi Srinivas, Amol Deshpande and Tudor Dumitras
Dachshund: Digging for and Securing (Non-)Blinded Constants in JIT Code
Giorgi Maisuradze, Michael Backes and Christian Rossow
Ramblr: Making Reassembly Great Again
Ruoyu Wang, Yan Shoshitaishvili, Antonio Bianchi, Aravind Machiry, John Grosen, Paul Grosen, Christopher Kruegel and Giovanni Vigna
BOOMERANG: Exploiting the Semantic Gap in Trusted Execution Environments
Aravind Machiry, Eric Gustafson, Chad Spensky, Christopher Salls, Nick Stephens, Ruoyu Wang, Antonio Bianchi, Yung Ryn Choe, Christopher Kruegel and Giovanni Vigna
Dynamic Differential Location Privacy with Personalized Error Bounds
Lei Yu, Ling Liu and Calton Pu
A Broad View of the Ecosystem of Socially Engineered Exploit Documents
Stevens Le Blond, Cedric Gilbert, Utkarsh Upadhyay, Manuel Gomez Rodriguez and David Choffnes
Dark Hazard: Learning-based, Large-Scale Discovery of Hidden Sensitive Operations in Android Apps
Xiaorui Pan, Xueqiang Wang, Yue Duan, XiaoFeng Wang and Heng Yin
ASLR on the Line: Practical Cache Attacks on the MMU
Ben Gras, Kaveh Razavi, Erik Bosman, Herbert Bos and Cristiano Giuffrida
Stack Bounds Protection with Low Fat Pointers
Gregory J. Duck, Roland H.C. Yap and Lorenzo Cavallaro
Towards Implicit Visual Memory-Based Authentication
Claude Castelluccia, Markus Duermuth, Maximilian Golla and Fatma Imamoglu
Hello from the Other Side: SSH over Robust Cache Covert Channels in the Cloud
Clementine Maurice, Manuel Weber, Michael Schwarz, Lukas Giner, Daniel Gruss, Carlo Alberto Boano, Stefan Mangard and Kay Rœmer
Avoiding The Man on the Wire: Improving Tor’s Security with Trust-Aware Path Selection
Aaron Johnson, Rob Jansen, Aaron D. Jaggard, Joan Feigenbaum and Paul Syverson
The Effect of DNS on Tor’s Anonymity
Benjamin Greschbach, Tobias Pulls, Laura M. Roberts, Philipp Winter and Nick Feamster
Hey, My Malware Knows Physics! Attacking PLCs with Physical Model Aware Rootkit
Luis Garcia, Ferdinand Brasser, Mehmet H. Cintuglu, Ahmad-Reza Sadeghi, Osama Mohammed and Saman A. Zonouz
Wi-Fly?: Detecting Privacy Invasion Attacks by Consumer Drones
Simon Birnbach, Richard Baker and Ivan Martinovic
Dissecting Tor Bridges: a Security Evaluation of their Private and Public Infrastructures
Srdjan Matic, Carmela Troncoso and Juan Caballero
HOP: Hardware makes Obfuscation Practical
Kartik Nayak, Christopher Fletcher, Ling Ren, Nishanth Chandran, Satya Lokam, Elaine Shi and Vipul Goyal
MaMaDroid: Detecting Android Malware by Building Markov Chains of Behavioral Models
Enrico Mariconti, Lucky Onwuzurike, Panagiotis Andriotis, Emiliano De Cristofaro, Gordon Ross and Gianluca Stringhini
TenantGuard: Scalable Runtime Verification of Cloud-Wide VM-Level Network Isolation
Yushun Wang, Taous Madi, Suryadipta Majumdar, Yosr Jarraya, Amir Alimohammadifar, Makan Pourzandi, Lingyu Wang and Mourad Debbabi
Automated Synthesis of Semantic Malware Signatures using Maximum Satisfiability
Yu Feng, Osbert Bastani, Ruben Martins, Isil Dillig and Saswat Anand
Unleashing Use-Before-Initialization Vulnerabilities in the Linux Kernel Using Targeted Stack Spraying
Kangjie Lu, Marie-Therese Walter, David Pfaff, Stefan Nuernberger, Wenke Lee and Michael Backes
IO-DSSE: Scaling Dynamic Searchable Encryption to Millions of Indexes By Improving Locality
Ian Miers and Payman Mohassel
VUzzer: Application-aware Evolutionary Fuzzing
Sanjay Rawat, Vivek Jain, Ashish Kumar, Lucian Cojocar, Cristiano Giuffrida and Herbert Bos
Broken Hearted: How To Attack ECG Biometrics
Simon Eberz, Nicola Paoletti, Marc Roeschlin, Andrea Patane, Marta Kwiatkowska and Ivan Martinovic
HisTorε: Differentially Private and Robust Statistics Collection for Tor
Akshaya Mani and Micah Sherr
Thou Shalt Not Depend on Me: Analysing the Use of Outdated JavaScript Libraries on the Web
Tobias Lauinger, Abdelberi Chaabane, Sajjad Arshad, William Robertson, Christo Wilson and Engin Kirda
P2P Mixing and Unlinkable Bitcoin Transactions
Tim Ruffing, Pedro Moreno-Sanchez and Aniket Kate
PT-Rand: Practical Mitigation of Data-only Attacks against Page Tables
Lucas Davi, David Gens, Christopher Liebchen and Ahmad-Reza Sadeghi
SilentWhispers: Enforcing Security and Privacy in Decentralized Credit Networks
Giulio Malavolta, Pedro Moreno-Sanchez, Aniket Kate and Matteo Maffei
Deconstructing Xen
Lei Shi, Yuming Wu, Yubin Xia, Nathan Dautenhahn, Haibo Chen, Binyu Zang, Haibing Guan and Jinming Li
The Security Impact of HTTPS Interception
Zakir Durumeric, Zane Ma, Drew Springall, Richard Barnes, Nick Sullivan, Elie Bursztein, Michael Bailey, J. Alex Halderman and Vern Paxson
DELTA: A Security Assessment Framework for Software-Defined Networks
Seungsoo Lee, Changhoon Yoon, Chanhee Lee, Seungwon Shin, Vinod Yegneswaran and Phillip Porras
Obfuscation-Resilient Privacy Leak Detection for Mobile Apps Through Differential Analysis
Andrea Continella, Yanick Fratantonio, Martina Lindorfer, Alessandro Puccetti, Ali Zand, Christopher Kruegel and Giovanni Vigna
A2C: Self Destructing Exploit Executions via Input Perturbation
Yonghwi Kwon, Brendan Saltaformaggio, I Luk Kim, Kyu Hyung Lee, Xiangyu Zhang and Dongyan Xu
Address Oblivious Code Reuse: On the Effectiveness of Leakage Resilient Diversity
Robert Rudd, Richard Skowyra, David Bigelow, Veer Dedhia, Thomas Hobson, Stephen Crane, Christopher Liebchen, Per Larsen, Lucas Davi, Michael Franz, Ahmad-Reza Sadeghi and Hamed Okhravi
Panoply: Low-TCB Linux Applications With SGX Enclaves
Shweta Shinde, Dat Le Tien, Shruti Tople and Prateek Saxena
WindowGuard: Systematic Protection of GUI Security in Android
Chuangang Ren, Peng Liu and Sencun Zhu