Transcript Collision Attacks: Breaking Authentication in TLS, IKE and SSH
Karthikeyan Bhargavan and Gaetan Leurent
TLS in the Wild: An Internet-wide Analysis of TLS-based Protocols for Electronic Communication
Ralph Holz, Johanna Amann, Olivier Mehani, Mohamed Ali Kaafar and Matthias Wachs
Killed by Proxy: Analyzing Client-end TLS Interception Software
Xavier de Carné de Carnavalet and Mohammad Mannan
SIBRA: Scalable Internet Bandwidth Reservation Architecture
Cristina Basescu, Raphael M. Reischuk, Pawel Szalachowski, Adrian Perrig, Yao Zhang, Hsu-Chun Hsiao, Ayumu Kubota and Jumpei Urakawa
Don’t Forget to Lock the Back Door! A Characterization of IPv6 Network Security Policy
Jakub Czyz, Matthew Luckie, Mark Allman and Michael Bailey
Attacking the Network Time Protocol
Aanchal Malhotra, Isaac E. Cohen, Erik Brakke and Sharon Goldberg
SPIFFY: Inducing Cost-Detectability Tradeoffs for Persistent Link-Flooding Attacks
Min Suk Kang, Virgil D. Gligor and Vyas Sekar
CrossFire: An Analysis of Firefox Extension-Reuse Vulnerabilities
Ahmet Buyukkayhan, Kaan Onarlioglu, William Robertson and Engin Kirda
It’s Free for a Reason: Exploring the Ecosystem of Free Live Streaming Services
M. Zubair Rafique, Tom Van Goethem, Wouter Joosen, Christophe Huygens and Nick Nikiforakis
Attack Patterns for Black-Box Security Testing of Multi-Party Web Applications
Avinash Sudhodanan, Alessandro Armando, Roberto Carbone and Luca Compagna
Are these Ads Safe: Detecting Hidden Attacks through the Mobile App-Web Interfaces
Vaibhav Rastogi, Rui Shao, Yan Chen, Xiang Pan, Shihong Zou and Ryan Riley
Enabling Practical Software-defined Networking Security Applications with OFX
John Sonchack, Jonathan M. Smith, Adam J. Aviv and Eric Keller
Forwarding-Loop Attacks in Content Delivery Networks
Jianjun Chen, Xiaofeng Zheng, Haixin Duan and Jinjin Liang, Jian Jiang, Kang Li, Tao Wan and Vern Paxson
CDN-on-Demand: An affordable DDoS Defense via Untrusted Clouds
Yossi Gilad, Amir Herzberg, Michael Sudkovitch and Michael Goberman
Towards SDN-Defined Programmable BYOD (Bring Your Own Device) Security
Sungmin Hong, Robert Baykov, Lei Xu, Srinath Nadimpalli and Guofei Gu
Centrally Banked Cryptocurrencies
George Danezis and Sarah Meiklejohn
Equihash: Asymmetric Proof-of-Work Based on the Generalized Birthday Problem
Alex Biryukov and Dmitry Khovratovich
A Simple Generic Attack on Text Captchas
Haichang Gao, Jeff Yan, Fang Cao, Zhengya Zhang, Lei Lei, Mengyun Tang, Ping Zhang, Xin Zhou, Xuqin Wang and Jiawei Li
You are a Game Bot!: Uncovering Game Bots in MMORPGs via Self-similarity in the Wild
Eunjo Lee, Jiyoung Woo, Hyoungshick Kim, Aziz Mohaisen and Huy Kang Kim
Tracking Mobile Web Users Through Motion Sensors: Attacks and Defenses
Anupam Das, Nikita Borisov and Matthew Caesar
The Price of Free: Privacy Leakage in Personalized Mobile In-Apps Ads
Wei Meng, Ren Ding, Simon P. Chung, Steven Han and Wenke Lee
What Mobile Ads Know About Mobile Users
Sooel Son, Daehyeok Kim and Vitaly Shmatikov
Free for All! Assessing User Data Exposure to Advertising Libraries on Android
Soteris Demetriou, Whitney Merrill, Wei Yang, Aston Zhang and Carl A. Gunter
Practical Attacks Against Privacy and Availability in 4G/LTE Mobile Communication Systems
Altaf Shaik, Jean-Pierre Seifert, Ravishankar Borgaonkar, N. Asokan and Valtteri Niemi
Towards Automated Dynamic Analysis for Linux-based Embedded Firmware
Daming D. Chen, Maverick Woo and David Brumley and Manuel Egele
discovRE: Efficient Cross-Architecture Identification of Bugs in Binary Code
Sebastian Eschweiler and Khaled Yakdan and Elmar Gerhards-Padilla
Driller: Augmenting Fuzzing Through Selective Symbolic Execution
Nick Stephens, John Grosen, Christopher Salls, Andrew Dutcher, Ruoyu Wang, Jacopo Corbetta, Yan Shoshitaishvili, Christopher Kruegel and Giovanni Vigna
VTrust: Regaining Trust on Virtual Calls
Chao Zhang and Dawn Song, Scott A. Carr and Mathias Payer, Tongxin Li and Yu Ding and Chengyu Song
Protecting C++ Dynamic Dispatch Through VTable Interleaving
Dimitar Bounov, Rami Gökhan Kıcı and Sorin Lerner
ProTracer: Towards Practical Provenance Tracing by Alternating Between Logging and Tainting
Shiqing Ma, Xiangyu Zhang and Dongyan Xu
Who’s in Control of Your Control System? Device Fingerprinting for Cyber-Physical Systems
David Formby, Preethi Srinivasan, Andrew Leonard, Jonathan Rogers and Raheem Beyah
SKEE: A lightweight Secure Kernel-level Execution Environment for ARM
Ahmed Azab, Kirk Swidowski, Rohan Bhutkar, Jia Ma, Wenbo Shen, Ruowen Wang and Peng Ning
OpenSGX: An Open Platform for SGX Research
Prerit Jain, Soham Desai, Ming-Wei Shih and Taesoo Kim, Seongmin Kim, JaeHyuk Lee, Changho Choi, Youjung Shin, Brent Byunghoon Kang and Dongsu Han
Efficient Private Statistics with Succinct Sketches
Luca Melis, George Danezis and Emiliano De Cristofaro
Dependence Makes You Vulnerable: Differential Privacy Under Dependent Tuples
Changchang Liu and Prateek Mittal and Supriyo Chakraborty
Privacy-Preserving Shortest Path Computation
David J. Wu, Joe Zimmerman, Jérémy Planul and John C. Mitchell
LinkMirage: Enabling Privacy-preserving Analytics on Social Relationships
Changchang Liu and Prateek Mittal
Do You See What I See? Differential Treatment of Anonymous Users
Sheharbano Khattak, David Fifield, Sadia Afroz and Mobin Javed, Srikanth Sundaresan and Damon McCoy, Vern Paxson and Steven J. Murdoch
Measuring and Mitigating AS-level Adversaries Against Tor
Rishab Nithyanand, Oleksii Starov and Phillipa Gill, Adva Zair and Michael Schapira
Website Fingerprinting at Internet Scale
Andriy Panchenko, Fabian Lanze, Jan Pennekamp and Thomas Engel, Andreas Zinnen, Martin Henze and Klaus Wehrle
Extract Me If You Can: Abusing PDF Parsers in Malware Detectors
Curtis Carmony, Xunchao Hu, Heng Yin and Abhishek Vasisht and Mu Zhang
Automatically Evading Classifiers: A Case Study on PDF Malware Classifiers
Weilin Xu, Yanjun Qi and David Evans
Cache, Trigger, Impersonate: Enabling Context-Sensitive Honeyclient Analysis On-the-Wire
Teryl Taylor, Kevin Z. Snow, Nathan Otterness and Fabian Monrose
LO-PHI: Low-Observable Physical Host Instrumentation for Malware Analysis
Chad Spensky, Hongyi Hu and Kevin Leach
When a Tree Falls: Using Diversity in Ensemble Classifiers to Identify Evasion in Malware Detectors
Charles Smutz and Angelos Stavrou
Kratos: Discovering Inconsistent Security Policy Enforcement in the Android Framework
Yuru Shao, Qi Alfred Chen and Z. Morley Mao, Jason Ott and Zhiyun Qian
How to Make ASLR Win the Clone Wars: Runtime Re-Randomization
Kangjie Lu and Wenke Lee, Stefan Nürnberger and Michael Backes
Leakage-Resilient Layout Randomization for Mobile Devices
Kjell Braden, Lucas Davi, Christopher Liebchen, Ahmad-Reza Sadeghi, Stephen Crane, Michael Franz and Per Larsen
Enabling Client-Side Crash-Resistance to Overcome Diversification and Information Hiding
Robert Gawlik, Benjamin Kollenda, Philipp Koppe, Behrad Garmany and Thorsten Holz
Enforcing Kernel Security Invariants with Data Flow Integrity
Chengyu Song, Byoungyoung Lee, Kangjie Lu, William Harris, Taesoo Kim and Wenke Lee
Going Native: Using a Large-Scale Analysis of Android Apps to Create a Practical Native-Code Sandboxing Policy
Vitor Afonso and Paulo de Geus, Antonio Bianchi, Yanick Fratantonio, Christopher Kruegel, Giovanni Vigna, Adam Doupe and Mario Polino
Life after App Uninstallation: Are the Data Still Alive? Data Residue Attacks on Android
Xiao Zhang, Kailiang Ying, Yousra Aafer, Zhenshen Qiu and Wenliang Du
FLEXDROID: Enforcing In-App Privilege Separation in Android
Jaebaek Seo, Daehyeok Kim, Donghyun Cho, Insik Shin and Taesoo Kim
IntelliDroid: A Targeted Input Generator for the Dynamic Analysis of Android Malware
Michelle Y. Wong and David Lie
Harvesting Runtime Values in Android Applications That Feature Anti-Analysis Techniques
Siegfried Rasthofer, Steven Arzt, Marc Miltenberger and Eric Bodden
Automatic Forgery of Cryptographically Consistent Messages to Identify Security Vulnerabilities in Mobile Services
Chaoshun Zuo, Wubing Wang, Zhiqiang Lin and Rui Wang
Differentially Private Password Frequency Lists
Jeremiah Blocki, Anupam Datta and Joseph Bonneau
Who Are You? A Statistical Approach to Measuring User Authenticity
David Freeman, Sakshi Jain, Markus Duermuth, Battista Biggio and Giorgio Giacinto
Pitfalls in Designing Zero-Effort Deauthentication: Opportunistic Human Observation Attacks
Otto Huhta, Swapnil Udar, Mika Juuti, Prakash Shrestha, Nitesh Saxena and N. Asokan
VISIBLE: Video-Assisted Keystroke Inference from Tablet Backside Motion
Jingchao Sun, Xiaocong, Yimin Chen, Jinxue Zhang, Yanchao Zhang and Rui Zhang