The full Proceedings published by USENIX for the symposium are available for download below. Individual papers can also be downloaded from the presentation pages. Copyright to the individual works is retained by the author[s].
Full Proceedings
RAID 2020 Full Proceedings (PDF)
View the full program on the RAID 2020 website.
Wednesday, October 14
Attacks
SpecROP: Speculative Exploitation of ROP Chains
Atri Bhattacharyya and Andrés Sánchez, EPFL; Esmaeil M. Koruyeh, Nael Abu-Ghazaleh, and Chengyu Song UC Riverside; Mathias Payer, EPFL
Never Trust Your Victim: Weaponizing Vulnerabilities in Security Scanners
Andrea Valenza, University of Genova; Gabriele Costa, IMT School for Advanced Studies Lucca; Alessandro Armando, University of Genova
Camera Fingerprinting Authentication Revisited
Dominik Maier, Technische Universität Berlin; Henrik Erb, Patrick Mullan, and Vincent Haupert, Friedrich-Alexander-Universität Erlangen-Nürnberg
Dynamic Program Analysis
Binary-level Directed Fuzzing for Use-After-Free Vulnerabilities
Manh-Dung Nguyen and Sébastien Bardin, Univ. Paris-Saclay, CEA LIST, France; Richard Bonichon, Tweag I/O, France; Roland Groz, Univ. Grenoble Alpes, France; Matthieu Lemerre, Univ. Paris-Saclay, CEA LIST, France
WearFlow: Expanding Information Flow Analysis To Companion Apps in Wear OS
Marcos Tileria and Jorge Blasco, Royal Holloway, University of London; Guillermo Suarez-Tangil, King's College London, IMDEA Networks
MEUZZ: Smart Seed Scheduling for Hybrid Fuzzing
Yaohui Chen, Mansour Ahmadi, and Reza Mirzazade farkhani, Northeastern University; Boyu Wang, Stony Brook University; Long Lu, Northeastern University
Web Security
Tracing and Analyzing Web Access Paths Based on User-Side Data Collection: How Do Users Reach Malicious URLs?
Takeshi Takahashi, National Institute of Information and Communications Technology; Christopher Kruegel and Giovanni Vigna, University of California, Santa Barbara; Katsunari Yoshioka, Yokohama National University; Daisuke Inoue, National Institute of Information and Communications Technology
What's in an Exploit? An Empirical Analysis of Reflected Server XSS Exploitation Techniques
Ahmet Salih Buyukkayhan, Microsoft; Can Gemicioglu, Northeastern University; Tobias Lauinger, New York University; Alina Oprea, William Robertson, and Engin Kirda, Northeastern University
Mininode: Reducing the Attack Surface of Node.js Applications
Igibek Koishybayev and Alexandros Kapravelos, North Carolina State University
Evaluating Changes to Fake Account Verification Systems
Fedor Kozlov, Isabella Yuen, Jakub Kowalczyk, Daniel Bernhardt, and David Freeman, Facebook, Inc; Paul Pearce, Facebook, Inc and Georgia Institute of Technology; Ivan Ivanov, Facebook, Inc
Thursday, October 15
Malware
SourceFinder: Finding Malware Source-Code from Publicly Available Repositories in GitHub
Md Omar Faruk Rokon, Risul Islam, Ahmad Darki, Evangelos E. Papalexakis, and Michalis Faloutsos, UC Riverside
HyperLeech: Stealthy System Virtualization with Minimal Target Impact through DMA-Based Hypervisor Injection
Ralph Palutke, Simon Ruderich, Matthias Wild, and Felix Freiling, Friedrich-Alexander-Universität Erlangen-Nürnberg
Effective Detection of Credential Thefts from Windows Memory: Learning Access Behaviours to Local Security Authority Subsystem Service
Patrick Ah-Fat and Michael Huth, Imperial College London; Rob Mead, Tim Burrell, and Joshua Neil, Microsoft
Network & Cloud Security
EnclavePDP: A General Framework to Verify Data Integrity in Cloud Using Intel SGX
Yun He, Institute of Information Engineering, Chinese Academy of Sciences, and School of Cyber Security, University of Chinese Academy of Sciences; Yihua Xu, Metropolitan College, Boston University; Xiaoqi Jia, Institute of Information Engineering, Chinese Academy of Sciences, and School of Cyber Security, University of Chinese Academy of Sciences; Shengzhi Zhang, Metropolitan College, Boston University; Peng Liu, Pennsylvania State University; Shuai Chang, Institute of Information Engineering, Chinese Academy of Sciences, and School of Cyber Security, University of Chinese Academy of Sciences
Robust P2P Primitives Using SGX Enclaves
Yaoqi Jia, ACM Member; Shruti Tople, Microsoft Research; Tarik Moataz, Aroki Systems; Deli Gong, ACM Member; Prateek Saxena and Zhenkai Liang, National University of Singapore
aBBRate: Automating BBR Attack Exploration Using a Model-Based Approach
Anthony Peterson, Northeastern University; Samuel Jero, Purdue University; Endadul Hoque, Syracuse University; David Choffnes and Cristina Nita-Rotaru, Northeastern University
ML-Based Security
Cyber Threat Intelligence Modeling Based on Heterogeneous Graph Convolutional Network
Jun Zhao, Beihang University; Qiben Yan, Michigan State University; Xudong Liu, Bo Li, and Guangsheng Zuo, Beihang University
Detecting Lateral Movement in Enterprise Computer Networks with Unsupervised Graph AI
Benjamin Bowman, Craig Laprade, Yuede Ji, and H. Howie Huang, Graph Computing Lab, George Washington University
An Object Detection based Solver for Google’s Image reCAPTCHA v2
Md Imran Hossen, Yazhou Tu, Md Fazle Rabby, and Md Nazmul Islam, University of Louisiana at Lafayette; Hui Cao, Xi'an Jiaotong University; Xiali Hei, University of Louisiana at Lafayette
Breaking ML
Evasion Attacks against Banking Fraud Detection Systems
Michele Carminati, Luca Santini, Mario Polino, and Stefano Zanero, Politecnico di Milano
The Limitations of Federated Learning in Sybil Settings
Clement Fung, Carnegie Mellon University; Chris J. M. Yoon and Ivan Beschastnikh, University of British Columbia
GhostImage: Remote Perception Attacks against Camera-based Image Classification Systems
Yanmao Man and Ming Li, University of Arizona; Ryan Gerdes, Virginia Tech
Friday, October 16
CPS Security
PLC-Sleuth: Detecting and Localizing PLC Intrusions Using Control Invariants
Zeyu Yang, Zhejiang University; Liang He, University of Colorado Denver; Peng Cheng and Jiming Chen, Zhejiang University; David K.Y. Yau, Singapore University of Technology and Design; Linkang Du, Zhejiang University
Software-based Realtime Recovery from Sensor Attacks on Robotic Vehicles
Hongjun Choi and Sayali Kate, Purdue University; Yousra Aafer, University of Waterloo; Xiangyu Zhang and Dongyan Xu, Purdue University
SIEVE: Secure In-Vehicle Automatic Speech Recognition Systems
Shu Wang, George Mason University; Jiahao Cao, George Mason University and Tsinghua University; Kun Sun, George Mason University; Qi Li, Tsinghua University and Beijing National Research Center for Information Science and Technology
Firmware and Low Level Security
μSBS: Static Binary Sanitization of Bare-metal Embedded Devices for Fault Observability
Majid Salehi and Danny Hughes, imec-Distrinet, KU Leuven; Bruno Crispo, imec-Distrinet, KU Leuven, and Trento University, Italy
BlueShield: Detecting Spoofing Attacks in Bluetooth Low Energy Networks
Jianliang Wu, Yuhong Nan, and Vireshwar Kumar, Purdue University; Mathias Payer, EPFL; Dongyan Xu, Purdue University
Dark Firmware: A Systematic Approach to Exploring Application Security Risks in the Presence of Untrusted Firmware
Duha Ibdah, Nada Lachtar, Abdulrahman Abu Elkhail, Anys Bacha, and Hafiz Malik, University of Michigan, Dearborn
Systems Security
A Framework for Software Diversification with ISA Heterogeneity
Xiaoguang Wang, SengMing Yeoh, and Robert Lyerly, Virginia Tech; Pierre Olivier, The University of Manchester; Sang-Hoon Kim, Ajou University; Binoy Ravindran, Virginia Tech
Confine: Automated System Call Policy Generation for Container Attack Surface Reduction
Seyedhamed Ghavamnia and Tapti Palit, Stony Brook University; Azzedine Benameur, Cloudhawk.io; Michalis Polychronakis, Stony Brook University
sysfilter: Automated System Call Filtering for Commodity Software
Nicholas DeMarinis, Kent Williams-King, Di Jin, Rodrigo Fonseca, and Vasileios P. Kemerlis, Brown University