Paper list

• 1 Don’t Trust The Locals: Investigating the Prevalence of Persistent Client-Side Cross-Site Scripting in the Wild
• 2 Countering Malicious Processes with Process-DNS Association
• 3 A Treasury System for Cryptocurrencies: Enabling Better Collaborative Intelligence
• 4 The Unexpected Danger of UX Features: A Case of Sensitive Data Leakage of Drivers in Ride-Hailing Services
• 5 Cybercriminal Minds: An investigative study of cryptocurrency abuses in the Dark Web
• 6 Giving State to the Stateless: Augmenting Trustworthy Computation with Ledgers
• 7 Data Oblivious ISA Extensions for Side Channel-Resistant and High Performance Computing
• 8 MBeacon: Privacy-Preserving Beacons for DNA Methylation Data
• 9 Fine-Grained and Controlled Rewriting in Blockchains: Chameleon-Hashing Gone Attribute-Based
• 10 TIMBER-V: Tag-Isolated Memory Bringing Fine-grained Enclaves to RISC-V
• 11 Master of Web Puppets: Abusing Web Browsers for Persistent and Stealthy Computation
• 12 UWB with Pulse Reordering: Securing Ranging against Relay and Physical-Layer Attacks
• 13 ML-Leaks: Model and Data Independent Membership Inference Attacks and Defenses on Machine Learning Models
• 14 Distinguishing Attacks from Legitimate Authentication Traffic at Scale
• 15 Automating Patching of Vulnerable Open-Source Software Versions in Application Binaries
• 16 TextBugger: Generating Adversarial Text Against Real-world Applications
• 17 YODA: Enabling computationally intensive contracts on blockchains with Byzantine and Selfish nodes
• 18 Time Does Not Heal All Wounds: A Longitudinal Analysis of Security-Mechanism Support in Mobile Browsers
• 19 Please Forget Where I Was Last Summer: The Privacy Risks of Public Location (Meta)Data
• 20 JavaScript Template Attacks: Automatically Inferring Host Information for Targeted Exploits
• 21 Establishing Software Root of Trust Unconditionally
• 22 Understanding Open Ports in Android Applications: Discovery, Diagnosis, and Security Assessment
• 23 PeriScope: An Effective Probing and Fuzzing Framework for the Hardware-OS Boundary
• 24 Total Recall: Persistence of Password in Android
• 25 DNS Cache-Based User Tracking
• 26 Thunderclap: Exploiting the Attack Surface of Operating-System IOMMU Protection with DMA from Malicious Peripherals
• 27 TEE-aided Write Protection Against Privileged Data Tampering
• 28 Stealthy Adversarial Perturbations Against Real-Time Video Classification Systems
• 29 The Crux of Voice (In)Security: A Brain Study of Speaker Legitimacy Detection
• 30 Statistical Privacy for Streaming Traffic
• 31 Unveiling your keystrokes: A Cache-based Side-channel Attack on Graphics Libraries
• 32 Graph-based Security and Privacy Analytics via Collective Classification with Joint Weight Learning and Propagation
• 33 Cracking Wall of Confinement: Understanding and Analyzing Malicious Domain Takedowns
• 34 SABRE: Protecting Bitcoin against Routing Attacks
• 35 CodeAlchemist: Semantics-Aware Code Generation to Find Vulnerabilities in JavaScript Engines
• 36 A Systematic Framework to Generate Invariants for Anomaly Detection in Industrial Control Systems
• 37 ICSREF: A Framework for Automated Reverse Engineering of Industrial Control Systems Binaries
• 38 Coconut: Threshold Issuance Selective Disclosure Credentials with Applications to Distributed Ledgers
• 39 A First Look into the Facebook Advertising Ecosystem
• 40 Adversarial Attacks Against Automatic Speech Recognition Systems via Psychoacoustic Hiding
• 41 Latex Gloves: Protecting Browser Extensions from Probing and Revelation Attacks
• 42 Vault: Fast Bootstrapping for Cryptocurrencies
• 43 rORAM: Efficient Range ORAM with O(log2 N) Locality
• 44 IoTGuard: Dynamic Enforcement of Security and Safety Policy in Commodity IoT
• 45 Ginseng: Keeping Secrets in Registers When You Distrust the Operating System
• 46 Privacy-preserving Multi-hop Locks for Blockchain Scalability and Interoperability
• 47 Constructing an Adversary Solver for Equihash
• 48 One Engine To Serve’em All: Inferring Taint Rules Without Architectural Semantics
• 49 NoDoze: Combatting Threat Alert Fatigue with Automated Provenance Triage
• 50 How to end password reuse on the web
• 51 Robust Performance Metrics for Authentication Systems
• 52 Practical Hidden Voice Attacks against Speech and Speaker Recognition Systems
• 53 Nearby Threats: Reversing, Analyzing, and Attacking Google’s “Nearby Connections” on Android
• 54 REDQUEEN: Fuzzing with Input-to-State Correspondence
• 55 We Value Your Privacy … Now Take Some Cookies: Measuring the GDPR’s Impact on Web Privacy
• 56 Rigging Research Results by Manipulating Top Websites Rankings
• 57 Quantity vs. Quality: Evaluating User Interest Profiles Using Ad Preference Managers
• 58 Component-Based Formal Analysis of 5G-AKA: Channel Assumptions and Session Confusion
• 59 DroidCap: OS Support for Capability-based Permissions in Android
• 60 On the Challenges of Geographical Avoidance for Tor
• 61 ExSpectre: Hiding Malware in Speculative Execution
• 62 ConcurORAM: High-Throughput Stateless Parallel Multi-Client ORAM
• 63 NAUTILUS: Fishing for Deep Bugs with Grammars
• 64 Seth: Protecting Existing Smart Contracts Against Re-Entrancy Attacks
• 65 NIC: Detecting Adversarial Samples with Neural Network Invariant Checking
• 66 How Bad Can It Git? Characterizing Secret Leakage in Public GitHub Repositories
• 67 DIAT: Data Integrity Attestation for Resilient Collaboration of Autonomous Systems
• 68 Analyzing Semantic Correctness using Symbolic Execution: A Case Study on PKCS#1 v1.5 Signature Verification
• 69 Balancing Image Privacy and Usability with Thumbnail-Preserving Encryption
• 70 Cleaning Up the Internet of Evil Things: Real-World Evidence on ISP and Consumer Efforts to Remove Mirai
• 71 Privacy Attacks to the 4G and 5G Cellular Paging Protocols Using Side Channel Information
• 72 Digital Healthcare-Associated Infection Analysis of a Major Multi-Campus Hospital System
• 73 SANCTUARY: ARMing TrustZone with User-space Enclaves
• 74 RFDIDS: Radio Frequency-based Distributed Intrusion Detection System for the Power Grid
• 75 BadBluetooth: Breaking Android Security Mechanisms via Malicious Bluetooth Peripherals
• 76 Measurement and Analysis of Hajime, a Peer-to-peer IoT Botnet
• 77 Neural Machine Translation Inspired Binary Code Similarity Comparison beyond Function Pairs
• 78 Enemy At the Gateways: Censorship-Resilient Proxy Distribution Using Game Theory
• 79 Send Hardest Problems My Way: Probabilistic Path Prioritization for Hybrid Fuzzing
• 80 The use of TLS in Censorship Circumvention
• 81 OBFSCURO: A Commodity Obfuscation Engine on Intel SGX
• 82 Mind your Own Business: A Longitudinal Study of Threats and Vulnerabilities in Enterprises
• 83 Life after Speech Recognition: Fuzzing Semantic Misinterpretation for Voice Assistant Applications
• 84 Neuro-Symbolic Execution: Augmenting Symbolic Execution with Neural Constraints
• 85 Private Continual Release of Real-Valued Data Streams
• 86 Profit: Detecting and Quantifying Side Channels in Networked Applications
• 87 CRCount: Pointer Invalidation with Reference Counting to Mitigate Use-after-free in Legacy C/C++
• 88 Oligo-Snoop: A Non-Invasive Side Channel Attack Against DNA Synthesis Machines
• 89 maTLS: How to Make TLS middlebox-aware?