List of Accepted Papers

xRay: Enhancing the Web’s Transparency with Differential Correlation

Mathias Lecuyer, Riley Spahn, Andrei Papancea, Theofilos Petsios, Augustin Chaintreau, and Roxana Geambasu, Columbia University

SDDR: Light-Weight, Secure Mobile Encounters

Matthew Lentz, University of Maryland; Viktor Erdelyi and Paarijaat Aditya, Max Planck Institute for Software Systems (MPI-SWS); Elaine Shi, University of Maryland; Peter Druschel, Max Planck Institute for Software Systems (MPI-SWS); Bobby Bhattacharjee, University of Maryland

Peeking into Your App without Actually Seeing it: UI State Inference and Novel Android Attacks

Qi Alfred Chen, University of Michigan; Zhiyun Qian, NEC Laboratories America; Z. Morley Mao University of Michigan

Scheduler-based Defenses against Cross-VM Side-channels

Venkatanathan Varadarajan, Thomas Ristenpart, and Michael Swift, University of Wisconsin—Madison

SpanDex: Secure Password Tracking for Android

Landon P. Cox and Sai Cheemalapati, Duke University; Peter Gilbert, FireEye; Geoffrey Lawler, Valentin Pistol, and Ali Razeen, Duke University; Bi Wu, VMware

Dynamic Hooks: Hiding Control Flow Changes within Non-Control Data

Sebastian Vogl, Technische Universität München; Robert Gawlik and Behrad Garmany, Ruhr-Uni­ver­si­tät Bo­chum; Thomas Kittel, Jonas Pfoh, and Claudia Eckert, Technische Universität München; Thorsten Holz, Ruhr-Uni­ver­si­tät Bo­chum

Man vs. Machine: Practical Adversarial Detection of Malicious Crowdsourcing Workers

Gang Wang, University of California, Santa Barbara; Tianyi Wang, University of California, Santa Barbara and Tsinghua University; Haitao Zheng and Ben Y. Zhao, University of California, Santa Barbara

A Look at Targeted Attacks Through the Lense of an NGO

Stevens Le Blond, Adina Uritesc, Cédric Gilbert, Max Planck Institute for Software Systems (MPI-SWS); Zheng Leong Chua and Prateek Saxena, National University of Singapore; Engin Kirda, Northeastern University

Preventing Cryptographic Key Leakage in Cloud Virtual Machines

Erman Pattuk, Murat Kantarcioglu, Zhiqiang Lin, and Huseyin Ulusoy, The University of Texas at Dallas

Exit from Hell? Reducing the Impact of Amplification DDoS Attacks

Marc Kuehrer, Thomas Hupperich, Christian Rossow, and Thorsten Holz, Ruhr-University Bochum

Privee: An Architecture for Automatically Analyzing Web Privacy Policies

Sebastian Zimmeck and Steven M. Bellovin Columbia University

FLUSH+RELOAD: a High Resolution, Low Noise, L3 Cache Side-Channel Attack

Yuval Yarom and Katrina Falkner, The University of Adelaide

Understanding the Dark Side of Domain Parking

Sumayah Alrwais, Kan Yuan, Eihal Alowaisheq, Zhou Li, and XiaoFeng Wang, Indiana University at Bloomington

Static Detection of Second-Order Vulnerabilities in Web Applications

Johannes Dahse and Thorsten Holz, Ruhr-University Bochum

iSeeYou: Disabling the MacBook Webcam Indicator LED

Matthew Brocker and Stephen Checkoway, Johns Hopkins University

Revisiting SSL/TLS Implementations: New Bleichenbacher Side Channels and Attacks

Christopher Meyer, Juraj Somorovsky, Eugen Weiss, and Jörg Schwenk, Ruhr-University Bochum; Sebastian Schinzel, Münster University of Applied Sciences; Erik Tews, Technische Universität Darmstadt

Succinct Non-Interactive Zero Knowledge for a von Neumann Architecture

Eli Ben-Sasson, Technion—Israel Institute of Technology; Alessandro Chiesa, Massachusetts Institute of Technology; Eran Tromer, Tel Aviv University; Madars Virza, Massachusetts Institute of Technology

A Bayesian Approach to Privacy Enforcement in Smartphones

Omer Tripp and Julia Rubin, IBM Research

A Large-Scale Empirical Analysis on Chinese Web Passwords

Zhigong Li and Weili Han, Fudan University; Wenyuan Xu, Zhejiang University

Never Been KIST: Tor’s Congestion Management Blossoms with Kernel-Informed Socket Transport

Rob Jansen, U.S. Naval Research Laboratory; John Geddes, University of Minnesota; Chris Wacek and Micah Sherr, Georgetown University; Paul Syverson, U.S. Naval Research Laboratory

DSCRETE: Automatic Rendering of Forensic Information from Memory Images via Application Logic Reuse

Brendan Saltaformaggio, Zhongshu Gu, Xiangyu Zhang, and Dongyan Xu, Purdue University

Automated Testing of Web Applications for Single Sign-On Vulnerabilities

Yuchen Zhou and David Evans, University of Virginia

ZØ: An Optimizing Distributing Zero-Knowledge Compiler

Matt Fredrikson, University of Wisconsin—Madison; and Ben Livshits, Microsoft Research

Targeted Threat Index: Characterizing and Quantifying Politically-Motivated Targeted Malware

Seth Hardy, Masashi Crete-Nishihata, Katherine Kleemola, Adam Senft, Byron Sonne, and Greg Wiseman, The Citizen Lab; Phillipa Gill, Stony Brook University

Mimesis Aegis: A Mimicry Privacy Shield, A System’s Approach to Data Privacy on Public Cloud

Billy Lau, Simon Chung, Chengyu Song, Yeongjin Jang, Wenke Lee, and Alexandra Boldyreva, Georgia Institute of Technology

Ad-Hoc Secure Two-Party Computation on Mobile Devices using Hardware Tokens

Daniel Demmler, Thomas Schneider, and Michael Zohner, Technische Universität Darmstadt

Faster Private Set Intersection based on OT Extension

Benny Pinkas, Bar-Ilan University; Thomas Schneider and Michael Zohner, Technische Universität Darmstadt

LibFTE: A User-Friendly Toolkit for Constructing Practical Format-Abiding Encryption Schemes

Daniel Luchaup University of Wisconsin—Madison Kevin P. Dyer, Portland State University; Somesh Jha and Thomas Ristenpart, University of Wisconsin—Madison; Thomas Shrimpton, Portland State University

A Large Scale Analysis of the Security of Embedded Firmwares

Andrei Costin, Jonas Zaddach, Aurélien Francillon, and Davide Balzarotti, Eurecom

ASM: A Programmable Interface for Extending Android Security

Stephan Heuser, Intel Collaborative Research Institute for Secure Computing at Technische Universität Darmstadt; Adwait Nadkarni and William Enck, North Carolina State University; Ahmad-Reza Sadeghi, Technische Universität Darmstadt and Center for Advanced Security Research Darmstadt (CASED)

Brahmastra: Driving Apps to Test the Security of Third-Party Components

Ravi Bhoraskar, University of Washington and Microsoft; Seungyeop Han, University of Washington; Jinseong Jeon, University of Maryland, College Park; Tanzirul Azim, University of California, Riverside; Shuo Chen, Jaeyeon Jung, Suman Nath, and Rui Wang, Microsoft; David Wetherall, University of Washington

From the Aether to the Ethernet—Attacking the Internet using Broadcast Digital Television

Yossef Oren and Angelos D. Keromytis, Columbia University

Towards Reliable Storage of 56-bit Secrets in Human Memory

Joseph Bonneau, Princeton University; Stuart Schechter, Microsoft Research

Enforcing Forward-Edge Control-Flow Integrity in GCC & LLVM

Caroline Tice, Tom Roeder, and Peter Collingbourne, Google, Inc.; Stephen Checkoway, Johns Hopkins University; Ulfar Erlingsson, Luis Lozano, and Geoff Pike, Google, Inc.

Cardinal Pill Testing of System Virtual Machines

Hao Shi, Abdulla Alwabel, and Jelena Mirkovic, USC Information Sciences Institute (ISI)

Effective Attacks and Provable Defenses for Website Fingerprinting

Tao Wang, University of Waterloo; Xiang Cai, Rishab Nithyanand, and Rob Johnson, Stony Brook University; Ian Goldberg, University of Waterloo

Oxymoron: Making Fine-Grained Memory Randomization Practical by Allowing Code Sharing

Michael Backes, Max Planck Institute for Software Systems (MPI-SWS) and Saarland University; Stefan Nürnberger, Saarland University

ret2dir: Rethinking Kernel Isolation

Vasileios P. Kemerlis, Michalis Polychronakis, and Angelos D. Keromytis, Columbia University;

When Governments Hack Opponents: A Look at Actors and Technology

William R. Marczak, University of California, Berkeley, and Citizen Lab; John Scott-Railton, University of California, Los Angeles, and Citizen Lab; Morgan Marquis-Boire, Citizen Lab and Google; Vern Paxson, University of California, Berkeley, and International Computer Science Institute

On the Effective Prevention of TLS Man-in-the-Middle Attacks in Web Applications

Nikolaos Karapanos and Srdjan Capkun, ETH Zürich

On the Feasibility of Large-Scale Infections of iOS Devices

Tielei Wang, Yeongjin Jang, Yizheng Chen, Simon Chung, Billy Lau, and Wenke Lee, Georgia Institute of Technology

Password Managers: Attacks and Defenses

David Silver and Suman Jana, Stanford University; Eric Chen and Collin Jackson, Carnegie Mellon University; Dan Boneh, Stanford University

Password Portfolios and the Finite-Effort User: Sustainably Managing Large Numbers of Accounts

Dinei Florencio and Cormac Herley, Microsoft Research; Paul Van Oorschot, Carleton University

GyroMic: Recognizing Speech from Gyroscope Signals

Yan Michalevsky, Stanford University; Gabi Nakibly, Technion—Israel Institute of Technology; Dan Boneh, Stanford University

Stitching the Gadgets: On the Ineffectiveness of Coarse-Grained Control-Flow Integrity Protection

Lucas Davi, Daniel Lehmann, and Ahmad-Reza Sadeghi, Technische Universität Darmstadt; Fabian Monrose, The University of North Carolina at Chapel Hill

The Emperor’s New Password Manager: Security Analysis of Web-based Password Managers

Zhiwei Li, Warren He, Devdatta Akhawe, and Dawn Song, University of California, Berkeley

Hulk: Eliciting Malicious Behavior in Browser Extensions

Alexandros Kapravelos, University of California, Santa Barbara; Chris Grier, University of California, Berkeley and International Computer Science Institute; Neha Chachra, University of California, San Diego; Chris Kruegel and Giovanni Vigna, University of California, Santa Barbara; Vern Paxson University of California, Berkeley and International Computer Science Institute

Telepathwords: Preventing Weak Passwords by Reading Users’ Minds

Saranga Komanduri, Rich Shay, and Lorrie Cranor, Carnegie Mellon University; Cormac Herley and Stuart Schechter, Microsoft Research

Privacy in Pharmacogenetics: An End-to-End Case Study of Personalized Warfarin Dosing

Matthew Fredrikson, Eric Lantz, and Somesh Jha, University of Wisconsin—Madison; Simon Lin, Marshfield Clinic Research Foundation; David Page and Thomas Ristenpart, University of Wisconsin—Madison

Precise Client-side Protection against DOM-based Cross-Site Scripting

Ben Stock, University of Erlangen-Nuremberg; Sebastian Lekies, Tobias Mueller, Patrick Spiegel, and Martin Johns, SAP AG

An Internet-wide View of Internet-wide Scanning

Zakir Durumeric, Michael Bailey, and J. Alex Halderman, University of Michigan

On the Practical Exploitability of Dual EC in TLS Implementations

Stephen Checkoway, Johns Hopkins University; Matthew Fredrikson, University of Wisconsin—Madison; Ruben Niederhagen, Technische Universiteit Eindhoven; Adam Everspaugh, University of Wisconsin—Madison; Matthew Green, Johns Hopkins University; Tanja Lange, Technische Universiteit Eindhoven;

Automatically Detecting Vulnerable Websites Before They Turn Malicious

Kyle Soska and Nicolas Christin, Carnegie Mellon University

Towards Detecting Anomalous User Behavior in Online Social Networks

Bimal Viswanath and Muhammad Ahmad Bashir, Max Planck Institute for Software Systems (MPI-SWS); Mark Crovella, Boston University; Saikat Guha, Microsoft Research India; Krishna P. Gummadi, Max Planck Institute for Software Systems (MPI-SWS); Balachander Krishnamurthy, AT&T Labs Research; Alan Mislove, Northeastern University

TRUESET: Nearly Practical Verifiable Set Computations

Ahmed E. Kosba, University of Maryland; Dimitrios Papadopoulos, Boston University; Charalampos Papamanthou, Mahmoud F. Sayed, and Elaine Shi, University of Maryland; Nikos Triandopoulos, RSA Laboratories and Boston University

The Long “Taile” of Typosquatting Domain Names

Janos Szurdi, Carnegie Mellon University; Balazs Kocso and Gábor Cseh, Budapest University of Technology and Economics; Jonathan Spring, Carnegie Mellon University; Mark Felegyhazi, Budapest University of Technology and Economics; Chris Kanich, University of Illinois at Chicago

Burst ORAM: Minimizing ORAM Response Times for Bursty Access Patterns

Jonathan Dautrich, University of California, Riverside; Emil Stefanov, University of California, Berkeley; Elaine Shi, University of Maryland, College Park

JIGSAW : Protecting Resource Access by Inferring Programmer Expectations

Hayawardh Vijayakumar and Xinyang Ge, The Pennsylvania State University; Mathias Payer, University of California Berkeley; Trent Jaeger, The Pennsylvania State University

ROP is Still Dangerous: Breaking Modern Defenses

Nicholas Carlini and David Wagner, University of California, Berkeley

TapDance: End-to-Middle Anticensorship without Flow Blocking

Eric Wustrow, Colleen M. Swanson, and J. Alex Halderman, University of Michigan

Blanket Execution: Dynamic Similarity Testing for Program Binaries and Components

Manuel Egele, Maverick Woo, Peter Chapman, and David Brumley, Carnegie Mellon University

X-Force: Force-Executing Binary Programs for Security Applications

Fei Peng, Zhui Deng, Xiangyu Zhang, and Dongyan Xu, Purdue University; Zhiqiang Lin, University of Texas at Dallas; Zhendong Su, University of California, Davis

Size Does Matter: Why Using Gadget-Chain Length to Prevent Code-reuse Attacks is Hard

Enes Göktaş, Vrije Universiteit Amsterdam; Elias Athanasopoulos, FORTH-ICS; Michalis Polychronakis, Columbia University; Herbert Bos, Vrije Universiteit Amsterdam; Georgios Portokalidis, Stevens Institute of Technology

Optimizing Seed Selection for Fuzzing

Alexandre Rebert, ForAllSecure and Carnegie Mellon University; Sang Kil Cha and Thanassis Avgerinos, Carnegie Mellon University; Jonathan Foote and David Warren, Software Engineering Institute CERT; Gustavo Grieco, Centro Internacional Franco Argentino de Ciencias de la Información y de Sistemas (CIFASIS) - Consejo Nacional de Investigaciones Científicas y Técnicas (CONICET); David Brumley, Carnegie Mellon University

BareCloud: Bare-metal Analysis-based Evasive Malware Detection

Dhilung Kirat, Giovanni Vigna, and Christopher Kruegel, University of California, Santa Barbara

BYTEWEIGHT: Learning to Recognize Functions in Binary Code

Tiffany Bao, Jonathan Burket, and Maverick Woo, Carnegie Mellon University; Rafael Turner, University of Chicago; David Brumley, Carnegie Mellon University