Experts Are Not Infallible – The Need for Usable System Security
Matthew Smith
Liar Buyer Fraud, and How to Curb It
Markus Jakobsson, Hossein Siadati and Mayank Dhiman
NoPhish App Evaluation: Lab and Retention Study
Gamze Canova, Melanie Volkamer, Clemens Bergmann and Benjamin Reinheimer
Introducing Privacy Threats from Ad Libraries to Android Users Through Privacy Granules
Anand Paturi, Patrick Gage Kelley and Subhasish Mazumdar
Pitfalls of Shoulder Surfing Studies
Oliver Wiese and Volker Roth
A First Look at the Usability of Bitcoin Key Management
Shayan Eskandari, David Barrera, Elizabeth Stobert and Jeremy Clark
An Unattended Study of Users Performing Security Critical Tasks Under Adversarial Noise
Tyler Kaczmarek, Alfred Kobsa, Robert Sy and Gene Tsudik
Fixing Security Together: Leveraging trust relationships to improve security in organizations
Iacovos Kirlappos and Martina Angela Sasse
Usability and Security by Design: A Case Study in Research and Development
Shamal Faily, John Lyle, Ivan Fléchais and Andrew Simpson
Participatory Design for Security-Related User Interfaces
Susanne Weber, Marian Harbach and Matthew Smith
Exploring the Usability of CAPTCHAS on Smartphones: Comparisons and Recommendations
Gerardo Reynaga, Sonia Chiasson and Paul C. van Oorschot
Passwords Are Not Always Stronger on the Other Side of the Fence
Ijlal Loutfi and Audun Jøsang
Multiple-Password Interference in the GeoPass User Authentication Scheme
Mahdi Nasrullah Al-Ameen and Matthew Wright
Biometric Authentication on iPhone and Android: Usability, Perceptions, and Influences on Adoption
Chandrasekhar Bhagavatula, Blase Ur, Kevin Iacovino, Su Mon Kywey, Lorrie Faith Cranor and Marios Savvides
New Directions in Social Authentication
Sakshi Jain, Juan Lang, Neil Zhenqiang Gong, Dawn Song, Sreya Basuroy and Prateek Mittal
“They brought in the horrible key ring thing!” Analysing the Usability of Two-Factor Authentication in UK Online Banking
Kat Krol, Eleni Philippou, Emiliano De Cristofaro and M. Angela Sasse
Towards Practical Infrastructure for Decoy Routing
Sambuddho Chakravarty, Vinayak Naik, Hrishikesh B. Acharya and Chaitanya Singh Tanwar
Certificates-as-an-Insurance: Incentivizing Accountability in SSL/TLS
Stephanos Matsumoto and Raphael M. Reischuk
The Resilience of the Internet to Colluding Country Induced Connectivity Disruptions
Peter Mell, Richard Harang and Assane Gueye
Inter-Flow Consistency: Novel SDN Update Abstraction for Supporting Inter-Flow Constraints
Weijie Liu, Rakesh B. Bobba, Sibin Mohan and Roy H. Campbell
Towards Autonomic DDoS Mitigation using Software Defined Networking
Rishikesh Sahay, Gregory Blanc, Zonghua Zhang and Herve Debar
Classification of Quantum Repeater Attacks
Shigeya Suzuki and Rodney Van Meter
Congestion Attacks to Autonomous Cars Using Vehicular Botnets
Mevlut Turker Garip, Mehmet Emre Gursoy, Peter Reiher and Mario Gerla
No More Gotos: Decompilation Using Pattern-Independent Control-Flow Structuring and Semantics-Preserving Transformations
Khaled Yakdan, Sebastian Eschweiler, Elmar Gerhards-Padilla and Matthew Smith
P2C: Understanding Output Data Files via On-the-Fly Transformation from Producer to Consumer Executions
Yonghwi Kwon, Fei Peng, Dohyeong Kim, Kyungtae Kim, Xiangyu Zhang, Dongyan Xu, Vinod Yegneswaran and John Qian
vfGuard: Strict Protection for Virtual Function Calls in COTS C++ Binaries
Aravind Prakashm Xunchao Hu and Heng Yin
Firmalice – Automatic Detection of Authentication Bypass Vulnerabilities in Binary Firmware
Yan Shoshitaishvili, Ruoyu Wang, Christophe Hauser, Christopher Kruegel and Giovanni Vigna
Poisoning Network Visibility in Software-Defined Networks: New Attacks and Countermeasures
Sungmin Hong, Lei Xu, Haopei Wang and Guofei Gu
Securing the Software-Defined Network Control Layer
Phillip Porras, Steven Cheung, Martin Fong, Keith Skinner and Vinod Yegneswaran
SPHINX: Detecting Security Attacks in Software-Defined Networks
Mohan Dhawan, Rishabh Poddar, Kshiteej Mahajan and Vijay Mann
Mind Your Blocks: On the Stealthiness of Malicious BGP Hijacks
Pierre-Antoine Vervier, Olivier Thonnard and Marc Dacier
Run-time Monitoring and Formal Analysis of Information Flows in Chromium
Lujo Bauer, Shaoying Cai, Limin Jia, Timothy Passaro, Michael Stroucken and Yuan Tian
Too LeJIT to Quit: Extending JIT Spraying to ARM
Wilson Lian, Hovav Shacham and Stefan Savage
Exploiting and Protecting Dynamic Code Generation
Chengyu Song, Chao Zhang, Tielei Wang, Wenke Lee and David Melski
The Devil is in the Constants: Bypassing Defenses in Browser JIT Engines
Michalis Athanasakis, Elias Athanasopoulos, Michalis Polychronakis, Georgios Portokalidis and Sotiris Ioannidis
Verified Contributive Channel Bindings for Compound Authentication
Karthikeyan Bhargavan, Antoine Delignat-Lavaud and Alfredo Pironti
Knock Yourself Out: Secure Authentication with Short Re-Usable Passwords
Benjamin Guldenring, Volker Roth and Lars Ries
Preventing Lunchtime Attacks: Fighting Insider Threats With Eye Movement Biometrics
Simon Eberz, Kasper B. Rasmussen, Vincent Lenders and Ivan Martinovic
ABY – A Framework for Efficient Mixed-Protocol Secure Two-Party Computation
Daniel Demmler, Thomas Schneider and Michael Zohner
Spaced Repetition and Mnemonics Enable Recall of Multiple Strong Passwords
Jeremiah Blocki, Saranga Komanduri, Lorrie Cranor and Anupam Datta
Integro: Leveraging Victim Prediction for Robust Fake Account Detection in OSNs
Yazan Boshmaf, Dionysios Logothetis, Georgos Siganos, Jorge Lería, Jose Lorenzo, Matei Ripeanu and Konstantin Beznosov
Efficient RAM and Control Flow in Verifiable Outsourced Computation
Riad S. Wahby, Srinath Setty, Zuocheng Ren, Andrew J. Blumberg and Michael Walfish
On Your Social Network De-anonymizablity: Quantification and Large Scale Evaluation with Seed Knowledge
Shouling Ji, Weiqing Li, Neil Zhenqiang Gong, Prateek Mittal and Raheem Beyah
Predicting Users’ Motivations behind Location Check-Ins and Utility Implications of Privacy Protection Mechanisms
Igor Bilogrevic, Kevin Huguenin, Stefan Mihaila, Reza Shokri and Jean-Pierre Hubaux
NSEC5: Provably Preventing DNSSEC Zone Enumeration
Sharon Goldberg, Moni Naor, Dimitrios Papadopoulos, Leonid Reyzin and Sachin Vasantand Asaf Ziv
Bloom Cookies: Web Search Personalization without User Tracking
Nitesh Mor, Oriana Riva, Suman Nath and John Kubiatowicz
Opaque Control-Flow Integrity
Vishwath Mohan, Per Larsen, Stefan Brunthaler, Kevin W. Hamlen and Michael Franz
Integrated Circuit (IC) Decamouflaging: Reverse Engineering Camouflaged ICs within Minutes
Mohamed El Massad, Siddarth Garg and Mahesh V. Tripunitara
Principled Sampling for Anomaly Detection
Brendan Juba, Christopher Musco, Fan Long, Stelios Sidiroglou-Douskos and Martin Rinard
Thwarting Cache Side-Channel Attacks Through Dynamic Software Diversity
Stephen Crane, Andrei Homescu, Stefan Brunthaler, Per Larsen and Michael Franz
Isomeron: Code Randomization Resilient to (Just-In-Time) Return-Oriented Programming
Lucas Davi, Christopher Liebchen, Ahmad-Reza Sadeghi, Kevin Z. Snow and Fabian Monrose
StackArmor: Comprehensive Protection from Stack-based Memory Error Vulnerabilities for Binaries
Xi Chen, Asia Slowinska, Dennis Andriesse, Herbert Bos and Cristiano Giuffrida
Preventing Use-after-free with Dangling Pointers Nullification
Byoungyoung Lee, Chengyu Song, Yeongjin Jang, Tielei Wang, Taesoo Kim, Long Lu and Wenke Lee
DEFY: A Deniable, Encrypted File System for Log-Structured Storage
Timothy M. Peters, Mark A. Gondree and Zachary N. J. Peterson
Checking More and Alerting Less: Detecting Privacy Leakages via Enhanced Data-flow Analysis and Peer Voting
Kangjie Lu, Zhichun Li, Vasileios P. Kemerlis, Zhenyu Wu, Long Lu, Cong Zheng, Zhiyun Qian, Wenke Lee and Guofie Jiang
Privacy Preserving Payments in Credit Networks: Enabling trust with privacy in online marketplaces
Pedro Moreno-Sanchez, Aniket Kate, Matteo Maffei and Kim Pecina
Gracewipe: Secure and Verifiable Deletion under Coercion
Lianying Zhao and Mohammad Mannan
Machine Learning Classification over Encrypted Data
Raphael Bost, Raluca Ada Popa, Stephen Tu and Shafi Goldwasser
EKHUNTER: A Counter-Offensive Toolkit for Exploit Kit Infiltration
Birhanu Eshete, Abeer Alhuzali, Maliheh Monshizadeh, Phillip Porras, V.N. Venkatakrishnan and Vinod Yegneswaran
FreeSentry: Protecting Against Use-After-Free Vulnerabilities Due to Dangling Pointers
Yves Younan
SeCReT: Secure Channel between Rich Execution Environment and Trusted Execution Environment
Jinsoo Jang, Sunjune Kong, Minsu Kim, Daegyeong Kim and Brent Byunghoon Kang
Phoneypot: Data-driven Understanding of Telephony Threats
Payas Gupta, Bharat Srinivasan, Vijay Balasubramaniyan and Mustaque Ahamad
VTint: Protecting Virtual Function Tables’ Integrity
Chao Zhang, Chengyu Songz, Kevin Zhijie Chen, Zhaofeng Cheny and Dawn Song
DeepDroid: Dynamically Enforcing Enterprise Policy on Android Devices
Xueqiang Wangy, Kun Sun, Yuewu Wang and Jiwu Jing
CopperDroid: Automatic Reconstruction of Android Malware Behaviors
Kimberly Tam, Salahuddin J. Khan, Aristide Fattoriy and Lorenzo Cavallaro
EdgeMiner: Automatically Detecting Implicit Control Flow Transitions through the Android Framework
Yinzhi Caox, Yanick Fratantonioy, Antonio Bianchiy, Manuel Egelez, Christopher Kruegely, Giovanni Vignay, Yan Chen
What’s in Your Dongle and Bank Account? Mandatory and Discretionary Protection of Android External Resources
Soteris Demetriou, Xiaoyong Zhou, Muhammad Naveed, Yeonjoon Lee, Kan Yuan, XiaoFeng Wang and Carl A Gunter
Information-Flow Analysis of Android Applications in DroidSafe
Michael I. Gordon, Deokhwan Kim, Jeff Perkins, Limei Gilhamy, Nguyen Nguyenz and Martin Rinard
I Do Not Know What You Visited Last Summer: Protecting Users from Third-party Web Tracking with TrackingFree Browser
Xiang Pan, Yinzhi Cao and Yan Chen
Upgrading HTTPS in Mid-Air: An Empirical Study of Strict Transport Security and Key Pinning
Michael Kranch and Joseph Bonneau
Seven Months’ Worth of Mistakes: A Longitudinal Study of Typosquatting Abuse
Pieter Agten, Wouter Joosen, Frank Piessensand and Nick Nikiforakis
Parking Sensors: Analyzing and Detecting Parked Domains
Thomas Vissers, Wouter Joosenand and Nick Nikiforakisy
Identifying Cross-origin Resource Status Using Application Cache
Sangho Lee, Hyungsub Kim and Jong Kim