The NDSS 2018 Program was constructed from the following list of accepted papers. The papers on the list are ordered by submission number, and some of the papers are subject to shepherding.
IoTFuzzer: Discovering Memory Corruptions in IoT Through App-based Fuzzing
Jiongyi Chen, Wenrui Diao, Qingchuan Zhao, Chaoshun Zuo, Zhiqiang Lin, XiaoFeng Wang, Wing Cheong Lau, Menghan Sun, Ronghai Yang and Kehuan Zhang
Fear and Logging in the Internet of Things
Qi Wang, Wajih Ul Hassan, Adam Bates and Carl Gunter
Decentralized Action Integrity for Trigger-Action IoT Platforms
Earlence Fernandes, Amir Rahmati, Jaeyeon Jung and Atul Prakash
What You Corrupt Is Not What You Crash: Challenges in Fuzzing Embedded Devices
Marius Muench, Jan Stijohann, Frank Kargl, Aurelien Francillon and Davide Balzarotti
Didn’t You Hear Me? – Towards More Successful Web Vulnerability Notifications
Ben Stock, Giancarlo Pellegrino, Frank Li, Michael Backes and Christian Rossow
Exposing Congestion Attack on Emerging Connected Vehicle based Traffic Signal Control
Qi Alfred Chen, Yucheng Yin, Yiheng Feng, Z. Morley Mao and Henry X. Liu
Removing Secrets from Android’s TLS
Jaeho Lee and Dan S. Wallach
rtCaptcha: A Real-Time CAPTCHA Based Liveness Detection System
Erkam Uzun, Simon Pak Ho Chung, Irfan Essa and Wenke Lee
Automated Attack Discovery in TCP Congestion Control Using a Model-guided Approach
Samuel Jero, Endadul Hoque, David Choffnes, Alan Mislove and Cristina Nita-Rotaru
Preventing (Network) Time Travel with Chronos
Omer Deutsch, Neta Rozen Schiff, Danny Dolev and Michael Schapira
LTEInspector: A Systematic Approach for Adversarial Testing of 4G LTE
Syed Rafiul Hussain, Omar Chowdhury, Shagufta Mehnaz and Elisa Bertino
GUTI Reallocation Demystified: Cellular Location Tracking with Changing Temporary Identifier.
Byeongdo Hong, Sangwook Bae and Yongdae Kim
Mind Your Keys? A Security Evaluation of Java Keystores
Riccardo Focardi, Francesco Palmarini, Marco Squarcina, Graham Steel and Mauro Tempesta
A Security Analysis of Honeywords
Ding Wang, Haibo Cheng, Ping Wang, Jeff Yan and Xinyi Huang
Revisiting Private Stream Aggregation: Lattice-Based PSA
Daniela Becker, Jorge Guajardo and Karl-Heinz Zimmermann
ZeroTrace : Oblivious Memory Primitives from Intel SGX
Sajin Sasy, Sergey Gorbunov and Christopher W. Fletcher
Automated Website Fingerprinting through Deep Learning
Vera Rimmer, Davy Preuveneers, Marc Juarez, Tom Van Goethem and Wouter Joosen
VulDeePecker: A Deep Learning-Based System for Vulnerability Detection
Zhen Li, Deqing Zou, Shouhuai Xu, Xinyu Ou, Hai Jin, Sujuan Wang, Zhijun Deng and Yuyi Zhong
Kitsune: An Ensemble of Autoencoders for Online Network Intrusion Detection
Yisroel Mirsky, Tomer Doitshman, Yuval Elovici and Asaf Shabtai
Feature Squeezing: Detecting Adversarial Examples in Deep Neural Networks
Weilin Xu, David Evans and Yanjun Qi
Trojaning Attack on Neural Networks
Yingqi Liu, Shiqing Ma, Yousra Aafer, Wen-Chuan Lee, Juan Zhai, Weihang Wang and Xiangyu Zhang
Broken Fingers: On the Usage of the Fingerprint API in Android
Antonio Bianchi, Yanick Fratantonio, Aravind Machiry, Christopher Kruegel, Giovanni Vigna, Simon Pak Ho Chung and Wenke Lee
K-means++ vs. Behavioral Biometrics: One Loop to Rule Them All
Parimarjan Negi, Prafull Sharma, Vivek sanjay Jain and Bahman Bahmani
ABC: Enabling Smartphone Authentication with Built-in Camera
Zhongjie Ba, Sixu Piao, Xinwen Fu, Dimitrios Koutsonikolas, Aziz Mohaisen and Kui Ren
Device Pairing at the Touch of an Electrode
Marc Roeschlin, Ivan Martinovic and Kasper B. Rasmussen
Face Flashing: a Secure Liveness Detection Protocol based on Light Reflections
Di Tang, Zhe Zhou, Yinqian Zhang and Kehuan Zhang
A Large-scale Analysis of Content Modification by Open HTTP Proxies
Giorgos Tsirantonakis, Panagiotis Ilia, Sotiris Ioannidis, Elias Athanasopoulos and Michalis Polychronakis
Measuring and Disrupting Anti-Adblockers Using Differential Execution Analysis
Shitong Zhu, Xunchao Hu, Zhiyun Qian, Zubair Shafiq and Heng Yin
Towards Measuring the Effectiveness of Telephony Blacklists
Sharbani Pandit, Roberto Perdisci, Mustaque Ahamad and Payas Gupta
Things You May Not Know About Android (Un)Packers: A Systematic Study based on Whole-System Emulation
Yue Duan, Mu Zhang, Abhishek Vasisht Bhaskar, Heng Yin, Xiaorui Pan, Tongxin Li, Xueqiang Wang and XiaoFeng Wang
KeyDrown: Eliminating Software-Based Keystroke Timing Side-Channel Attacks
Michael Schwarz, Moritz Lipp, Daniel Gruss, Samuel Weiser, Clementine Maurice, Raphael Spreitzer and Stefan Mangard
Securing Real-Time Microcontroller Systems through Customized Memory View Switching
Chung Hwan Kim, Taegyu Kim, Hongjun Choi, Zhongshu Gu, Byoungyoung Lee, Xiangyu Zhang and Dongyan Xu
Automated Generation of Event-Oriented Exploits in Android Hybrid Apps
Guangliang Yang, Jeff Huang and Guofei Gu
Tipped Off by Your Memory Allocator: Device-Wide User Activity Sequencing from Android Memory Images
Rohit Bhatia, Brendan Saltaformaggio, Seung Jei Yang, Aisha Ali-Gombe, Xiangyu Zhang, Dongyan Xu and Golden G. Richard III
K-Miner: Uncovering Memory Corruption in Linux
David Gens, Simon Schmitt, Lucas Davi and Ahmad-Reza Sadeghi
CFIXX: Object Type Integrity for C++
Nathan Burow, Derrick McKee, Scott A. Carr and Mathias Payer
Back To The Epilogue: Evading Control Flow Guard via Unaligned Targets
Andrea Biondo, Mauro Conti and Daniele Lain
Superset Disassembly: Statically Rewriting x86 Binaries Without Heuristics
Erick Bauman, Zhiqiang Lin and Kevin Hamlen
Enhancing Memory Error Detection for Large-Scale Applications and Fuzz Testing
Wookhyun Han, Byunggill Joe, Byoungyoung Lee, Chengyu Song and Insik Shin
Finding Clues for Your Secrets: Semantics-Driven, Learning-Based Privacy Discovery in Mobile Apps
Yuhong Nan, Zhemin Yang, Xiaofeng Wang, Yuan Zhang, Donglai Zhu and Min Yang
Bug Fixes, Improvements, … and Privacy Leaks – A Longitudinal Study of PII Leaks Across Android App Versions
Jingjing Ren, Martina Lindorfer, Daniel J. Dubois, Ashwin Rao, David Choffnes and Narseo Vallina-Rodriguez
Apps, Trackers, Privacy, and Regulators: A Global Study of the Mobile Tracking Ecosystem
Abbas Razaghpanah, Rishab Nithyanand, Narseo Vallina-Rodriguez, Srikanth Sundaresan, Mark Allman, Christian Kreibich and Phillipa Gill
OS-level Side Channels without Procfs: Exploring Cross-App Information Leakage on iOS
Xiaokuan Zhang, Xueqiang Wang, Xiaolong Bai, Yinqian Zhang and XiaoFeng Wang
Knock Knock, Who’s There? Membership Inference on Aggregate Location Data
Apostolos Pyrgelis, Carmela Troncoso and Emiliano De Cristofaro
Reduced Cooling Redundancy: A New Security Vulnerability in a Hot Data Center
Xing Gao, Zhang Xu, Haining Wang, Li Li and Xiaorui Wang
OBLIVIATE: A Data Oblivious Filesystem for Intel SGX
Adil Ahmad, Kyungtae Kim, Muhammad Ihsanulhaq Sarfaraz and Byoungyoung Lee
Microarchitectural Minefields: 4K-Aliasing Covert Channel and Multi-Tenant Detection in Iaas Clouds
Dean Sullivan, Orlando Arias, Travis Meade and Yier Jin
Cloud Strife: Mitigating the Security Risks of Domain-Validated Certificates
Kevin Borgolte, Tobias Fiebig, Shuang Hao, Christopher Kruegel and Giovanni Vigna
Consensual and Privacy-Preserving Sharing of Multi-Subject and Interdependent Data
Alexandra-Mihaela Olteanu, Kevin Huguenin, Italo Dacosta and Jean-Pierre Hubaux
When Coding Style Survives Compilation: De-anonymizing Programmers from Executable Binaries
Aylin Caliskan, Fabian Yamaguchi, Edwin Dauber, Richard Harang, Konrad Rieck, Rachel Greenstadt and Arvind Narayanan
De-anonymization of Mobility Trajectories: Dissecting the Gaps between Theory and Practice
Huandong Wang, Chen Gao, Yong Li, Gang Wang, Depeng Jin and Jingbo Sun
Veil: Private Browsing Semantics Without Browser-side Assistance
Frank Wang, James Mickens and Nickolai Zeldovich
Game of Missuggestions: Semantic Analysis of Search-Autocomplete Manipulations
Peng Wang, Xianghang Mi, Xiaojing Liao, XiaoFeng Wang, Kan Yuan, Feng Qian and Raheem Beyah
SYNODE: Understanding and Automatically Preventing Injection Attacks on NODE.JS.
Cristian-Alexandru Staicu, Michael Pradel and Benjamin Livshits
JavaScript Zero: Real JavaScript and Zero Side-Channel Attacks
Michael Schwarz, Moritz Lipp and Daniel Gruss
Riding out DOMsday: Towards Detecting and Preventing DOM Cross-Site Scripting
William Melicher, Anupam Das, Mahmood Sharif, Lujo Bauer and Limin Jia
Towards Scalable Cluster Auditing through Grammatical Inference over Provenance Graphs
Wajih Ul Hassan, Mark Lemay, Nuraini Aguse, Adam Bates and Thomas Moyer
MCI: Modeling-based Causality Inference in Audit Logging for Attack Investigation
Yonghwi Kwon, Fei Wang, Weihang Wang, Kyu Hyung Lee, Wen-Chuan Lee, Shiqing Ma, Xiangyu Zhang, Dongyan Xu, Somesh Jha, Gabriela Ciocarlie, Ashish Gehani and Vinod Yegneswaran
Towards a Timely Causality Analysis for Enterprise Security
Yushan Liu, Mu Zhang, Ding Li, Kangkook Jee, Zhichun Li, Zhenyu Wu, Junghwan Rhee and Prateek Mittal
JSgraph: Enabling Reconstruction of Web Attacks via Efficient Tracking of Live In-Browser JavaScript Executions
Bo Li, Phani Vadrevu, Kyu Hyung Lee and Roberto Perdisci
AceDroid: Normalizing Diverse Android Access Control Checks for Inconsistency Detection
Yousra Aafer, Jianjun Huang, Yi Sun, Xiangyu Zhang, Ninghui Li and Chen Tian
InstaGuard: Instantly Deployable Hot-patches for Vulnerable System Programs on Android
Yaohui Chen, Yuping Li, Long Lu, Yueh-Hsun Lin, Hayawardh Vijayakumar, Zhi Wang and Xinming Ou
BreakApp: Automated, Flexible Application Compartmentalization
Nikos Vasilakis, Ben Karel, Nick Roessler, Nathan Dautenhahn, Andre DeHon and Jonathan M. Smith
Resolving the Predicament of Android Custom Permissions
Guliz Seray Tuncay, Soteris Demetriou, Karan Ganju and Carl A. Gunter
ZEUS: Analyzing Safety of Smart Contracts
Sukrit Kalra, Seep Goel, Mohan Dhawan and Subodh Sharma
Chainspace: A Sharded Smart Contracts Platform
Mustafa Al-Bassam, Alberto Sonnino, Shehar Bano, Dave Hrycyszyn and George Danezis
Settling Payments Fast and Private: Efficient Decentralized Routing for Path-Based Transactions
Stefanie Roos, Pedro Moreno-Sanchez, Aniket Kate and Ian Goldberg
TLS-N: Non-repudiation over TLS Enablign Ubiquitous Content Signing
Hubert Ritzdorf, Karl Wust, Arthur Gervais, Guillaume Felley and Srdjan Capkun
Investigating Ad Transparency Mechanisms in Social Media: A Case Study of Facebooks Explanations
Athanasios Andreou, Giridhari Venkatadri, Oana Goga, Krishna P. Gummadi, Patrick Loiseau and Alan Mislove
Inside Job: Applying Traffic Analysis to Measure Tor from Within
Rob Jansen, Marc Juarez, Rafa Galvez, Tariq Elahi and Claudia Diaz
Smoke Screener or Straight Shooter: Detecting Elite Sybil Attacks in User-Review Social Networks
Haizhong Zheng, Minhui Xue, Hao Lu, Shuang Hao, Haojin Zhu, Xiaohui Liang and Keith Ross