default search action
27th CCS 2020: Virtual Event, USA
- Jay Ligatti, Xinming Ou, Jonathan Katz, Giovanni Vigna:
CCS '20: 2020 ACM SIGSAC Conference on Computer and Communications Security, Virtual Event, USA, November 9-13, 2020. ACM 2020, ISBN 978-1-4503-7089-9
Keynote Talk I
- Wenke Lee:
Machine Learning and Security: The Good, The Bad, and The Ugly. 1-2
Session 1A: Anonymous Routing and Censorship
- Zhao Zhang, Wenchao Zhou, Micah Sherr:
Bypassing Tor Exit Blocking with Exit Bridge Onion Services. 3-16 - Florentin Rochet, Ryan Wails, Aaron Johnson, Prateek Mittal, Olivier Pereira:
CLAPS: Client-Location-Aware Path Selection in Tor. 17-34 - Diogo Barradas, Nuno Santos, Luís E. T. Rodrigues, Vítor Nunes:
Poking a Hole in the Wall: Efficient Censorship-Resistant Internet Communications by Parasitizing on WebRTC. 35-48 - Ram Sundara Raman, Prerana Shenoy, Katharina Kohls, Roya Ensafi:
Censored Planet: An Internet-wide, Longitudinal Censorship Observatory. 49-66
Session 1B: Attacking and Defending ML Systems
- Shawn Shan, Emily Wenger, Bolun Wang, Bo Li, Haitao Zheng, Ben Y. Zhao:
Gotta Catch'Em All: Using Honeypots to Catch Adversarial Attacks on Neural Networks. 67-83 - Ren Pang, Hua Shen, Xinyang Zhang, Shouling Ji, Yevgeniy Vorobeychik, Xiapu Luo, Alex X. Liu, Ting Wang:
A Tale of Evil Twins: Adversarial Inputs versus Poisoned Models. 85-99 - Yu Li, Min Li, Bo Luo, Ye Tian, Qiang Xu:
DeepDyve: Dynamic Verification for Deep Neural Networks. 101-112 - Junyu Lin, Lei Xu, Yingqi Liu, Xiangyu Zhang:
Composite Backdoor Attack for Deep Neural Network by Mixing Existing Benign Features. 113-131
Session 1C: Binary Analysis/Policy and Access Control
- Rukayat Ayomide Erinfolami, Aravind Prakash:
Devil is Virtual: Reversing Virtual Inheritance in C++ Binaries. 133-148 - Lei Zhao, Yuncong Zhu, Jiang Ming, Yichen Zhang, Haotian Zhang, Heng Yin:
PatchScope: Memory Object Centric Patch Diffing. 149-165 - Haohuang Wen, Zhiqiang Lin, Yinqian Zhang:
FirmXRay: Detecting Bluetooth Link Layer Vulnerabilities From Bare-Metal Firmware. 167-180 - Rakesh Rajan Beck, Abhishek Vijeev, Vinod Ganapathy:
Privaros: A Framework for Privacy-Compliant Delivery Drones. 181-194
Session 1D: Applied Cryptography and Cryptanalysis
- Jake Massimo, Kenneth G. Paterson:
A Performant, Misuse-Resistant API for Primality Testing. 195-210 - Frederik Armknecht, Paul Walther, Gene Tsudik, Martin Beck, Thorsten Strufe:
ProMACs: Progressive and Resynchronizing MACs for Continuous Efficient Authentication of Message Streams. 211-223 - Diego F. Aranha, Felipe Rodrigues Novaes, Akira Takahashi, Mehdi Tibouchi, Yuval Yarom:
LadderLeak: Breaking ECDSA with Less than One Bit of Nonce Leakage. 225-242 - Viet Tung Hoang, Yaobin Shen:
Security of Streaming Encryption in Google's Tink Library. 243-262
Session 1E: Cyberphysical Systems
- Hongjun Choi, Sayali Kate, Yousra Aafer, Xiangyu Zhang, Dongyan Xu:
Cyber-Physical Inconsistency Vulnerability Identification for Safety Checks in Robotic Vehicles. 263-278 - Efrén López-Morales, Carlos E. Rubio-Medrano, Adam Doupé, Yan Shoshitaishvili, Ruoyu Wang, Tiffany Bao, Gail-Joon Ahn:
HoneyPLC: A Next-Generation Honeypot for Industrial Control Systems. 279-291 - Ben Nassi, Yisroel Mirsky, Dudi Nassi, Raz Ben-Netanel, Oleg Drokin, Yuval Elovici:
Phantom of the ADAS: Securing Advanced Driver-Assistance Systems from Split-Second Phantom Attacks. 293-308 - Xiaopeng Li, Qiang Zeng, Lannan Luo, Tongbo Luo:
T2Pair: Secure and Usable Pairing for Heterogeneous IoT Devices. 309-323
Session 2A: ML and Information Leakage
- Deevashwer Rathee, Mayank Rathee, Nishant Kumar, Nishanth Chandran, Divya Gupta, Aseem Rastogi, Rahul Sharma:
CrypTFlow2: Practical 2-Party Secure Inference. 325-342 - Dingfan Chen, Ning Yu, Yang Zhang, Mario Fritz:
GAN-Leaks: A Taxonomy of Membership Inference Attacks against Generative Models. 343-362 - Santiago Zanella Béguelin, Lukas Wutschitz, Shruti Tople, Victor Rühle, Andrew Paverd, Olga Ohrimenko, Boris Köpf, Marc Brockschmidt:
Analyzing Information Leakage of Updates to Natural Language Models. 363-375 - Congzheng Song, Ananth Raghunathan:
Information Leakage in Embedding Models. 377-390
Session 2B: Applied Cryptography
- Susan Hohenberger, Satyanarayana Vusirikala, Brent Waters:
PPE Circuits: Formal Definition to Software Automation. 391-408 - Julian Brost, Christoph Egger, Russell W. F. Lai, Fritz Schmid, Dominique Schröder, Markus Zoppelt:
Threshold Password-Hardened Encryption Services. 409-424 - Ian McQuoid, Mike Rosulek, Lawrence Roy:
Minimal Symmetric PAKE and 1-out-of-N OT from Programmable-Once Public Functions. 425-442 - Francesca Falzon, Evangelia Anna Markatou, Akshima, David Cash, Adam Rivkin, Jesse Stern, Roberto Tamassia:
Full Database Reconstruction in Two Dimensions. 443-460
Session 2C: Browser Security
- Chenxiong Qian, Hyungjoon Koo, ChangSeok Oh, Taesoo Kim, Wenke Lee:
Slimium: Debloating the Chromium Browser with Feature Subsetting. 461-476 - Nikolaos Pantelaios, Nick Nikiforakis, Alexandros Kapravelos:
You've Changed: Detecting Malicious Browser Extensions through their Update Deltas. 477-491 - Marius Steffens, Ben Stock:
PMForce: Systematically Analyzing postMessage Handlers at Scale. 493-505 - Xu Lin, Panagiotis Ilia, Jason Polakis:
Fill in the Blanks: Empirical Analysis of the Privacy Threats of Browser Form Autofill. 507-519
Session 2D: Mobile Security
- Yiming Zhang, Baojun Liu, Chaoyi Lu, Zhou Li, Haixin Duan, Shuang Hao, Mingxuan Liu, Ying Liu, Dong Wang, Qiang Li:
Lies in the Air: Characterizing Fake-base-station Spam Ecosystem in China. 521-534 - Luman Shi, Jiang Ming, Jianming Fu, Guojun Peng, Dongpeng Xu, Kun Gao, Xuanchen Pan:
VAHunt: Warding Off New Repackaged Android Malware in App-Virtualization's Clothing. 535-549 - Kailani R. Jones, Ting-Fang Yen, Sathya Chandran Sundaramurthy, Alexandru G. Bardas:
Deploying Android Security Updates: an Extensive Study Involving Manufacturers, Carriers, and End Users. 551-567 - Haoran Lu, Luyi Xing, Yue Xiao, Yifan Zhang, Xiaojing Liao, XiaoFeng Wang, Xueqiang Wang:
Demystifying Resource Management Risks in Emerging Mobile App-in-App Ecosystems. 569-585
Session 2E: Smart Contracts and Cryptocurrencies
- Karl Wüst, Sinisa Matetic, Silvan Egli, Kari Kostiainen, Srdjan Capkun:
ACE: Asynchronous and Concurrent Execution of Complex Smart Contracts. 587-600 - Michael Mirkin, Yan Ji, Jonathan Pang, Ariah Klages-Mundt, Ittay Eyal, Ari Juels:
BDoS: Blockchain Denial-of-Service. 601-619 - Clara Schneidewind, Ilya Grishchenko, Markus Scherer, Matteo Maffei:
eThor: Practical and Provably Sound Static Analysis of Ethereum Smart Contracts. 621-640 - Ky Nguyen, Miguel Ambrona, Masayuki Abe:
WI is Almost Enough: Contingent Payment All Over Again. 641-656
Session 3A: Privacy
- Borja Balle, James Bell, Adrià Gascón, Kobbi Nissim:
Private Summation in the Multi-Message Shuffle Model. 657-676 - Meisam Mohammady, Shangyu Xie, Yuan Hong, Mengyuan Zhang, Lingyu Wang, Makan Pourzandi, Mourad Debbabi:
R2DP: A Universal and Automated Approach to Optimizing the Randomization Mechanisms of Differential Privacy for Utility Metrics with No Known Optimal Distributions. 677-696 - Marco Romanelli, Konstantinos Chatzikokolakis, Catuscia Palamidessi, Pablo Piantanida:
Estimating g-Leakage via Machine Learning. 697-716 - Christina Ilvento:
Implementing the Exponential Mechanism with Base-2 Differential Privacy. 717-742
Session 3B: Malware
- Harm Griffioen, Christian Doerr:
Examining Mirai's Battle over the Internet of Things. 743-756 - Xiaohan Zhang, Yuan Zhang, Ming Zhong, Daizong Ding, Yinzhi Cao, Yukun Zhang, Mi Zhang, Min Yang:
Enhancing State-of-the-art Classifiers with API Semantics to Detect Evolved Android Malware. 757-770 - Silvia Sebastián, Juan Caballero:
Towards Attribution in Mobile Markets: Identifying Developer Account Polymorphism. 771-785 - Joey Allen, Zheng Yang, Matthew Landen, Raghav Bhat, Harsh Grover, Andrew Chang, Yang Ji, Roberto Perdisci, Wenke Lee:
Mnemosyne: An Effective and Efficient Postmortem Watering Hole Attack Investigation System. 787-802
Session 3C: Consensus
- Bingyong Guo, Zhenliang Lu, Qiang Tang, Jing Xu, Zhenfeng Zhang:
Dumbo: Faster Asynchronous BFT Protocols. 803-818 - Peter Gazi, Aggelos Kiayias, Alexander Russell:
Tight Consistency Bounds for Bitcoin. 819-838 - Nibesh Shrestha, Ittai Abraham, Ling Ren, Kartik Nayak:
On the Optimality of Optimistic Responsiveness. 839-857 - Amir Dembo, Sreeram Kannan, Ertem Nusret Tas, David Tse, Pramod Viswanath, Xuechao Wang, Ofer Zeitouni:
Everything is a Race and Nakamoto Always Wins. 859-878
Session 3D: Formal Methods
- Ioana Boureanu, Tom Chothia, Alexandre Debant, Stéphanie Delaune:
Security Analysis and Implementation of Relay-Resistant Contactless Payments. 879-898 - Marina Polubelova, Karthikeyan Bhargavan, Jonathan Protzenko, Benjamin Beurdouche, Aymeric Fromherz, Natalia Kulatova, Santiago Zanella Béguelin:
HACLxN: Verified Generic SIMD Crypto (for all your favourite platforms). 899-918 - Yuxin Wang, Zeyu Ding, Daniel Kifer, Danfeng Zhang:
CheckDP: An Automated and Integrated Approach for Proving Differential Privacy or Finding Precise Counterexamples. 919-938 - Nick Frymann, Daniel Gardham, Franziskus Kiefer, Emil Lundberg, Mark Manulis, Dain Nilsson:
Asynchronous Remote Key Generation: An Analysis of Yubico's Proposal for W3C WebAuthn. 939-954
Session 3E: Fuzzing/Trusted Execution Environments
- Rui Zhong, Yongheng Chen, Hong Hu, Hangfan Zhang, Wenke Lee, Dinghao Wu:
SQUIRREL: Testing Database Management Systems with Language Validity and Coverage Feedback. 955-970 - Wen Xu, Soyeon Park, Taesoo Kim:
FREEDOM: Engineering a State-of-the-Art DOM Fuzzer. 971-986 - Seonghyun Park, Adil Ahmad, Byoungyoung Lee:
BlackMirror: Preventing Wallhacks in 3D Online FPS Games. 987-1000 - Jie Wang, Kun Sun, Lingguang Lei, Shengye Wan, Yuewu Wang, Jiwu Jing:
Cache-in-the-Middle (CITM) Attacks: Manipulating Sensitive Data in Isolated Execution Environments. 1001-1015
Session 4A: Post-Quantum Cryptography
- Nabil Alkeilani Alkadri, Poulami Das, Andreas Erwig, Sebastian Faust, Juliane Krämer, Siavash Riahi, Patrick Struck:
Deterministic Wallets in a Quantum World. 1017-1031 - Okan Seker, Sebastian Berndt, Luca Wilke, Thomas Eisenbarth:
SNI-in-the-head: Protecting MPC-in-the-head Protocols against Side-channel Analysis. 1033-1049 - Vadim Lyubashevsky, Ngoc Khanh Nguyen, Gregor Seiler:
Practical Lattice-Based Zero-Knowledge Proofs for Integer Relations. 1051-1070 - Koksal Mus, Saad Islam, Berk Sunar:
QuantumHammer: A Practical Hybrid Attack on the LUOV Signature Scheme. 1071-1084
Session 4B: Physical Attacks
- Jieun Choi, Hae-Yong Yang, Dong-Ho Cho:
TEMPEST Comeback: A Realistic Audio Eavesdropping Threat on Mixed-signal SoCs. 1085-1101 - Shu Wang, Jiahao Cao, Xu He, Kun Sun, Qi Li:
When the Differences in Frequency Domain are Compensated: Understanding and Defeating Modulated Replay Attacks on Automatic Speech Recognition. 1103-1119 - Zhuohang Li, Yi Wu, Jian Liu, Yingying Chen, Bo Yuan:
AdvPulse: Universal, Synchronization-free, and Targeted Audio Adversarial Attacks via Subsecond Perturbations. 1121-1134 - Wenqiang Jin, Ming Li, Srinivasan Murali, Linke Guo:
Harnessing the Ambient Radio Frequency Noise for Wearable Device Pairing. 1135-1148
Session 4C: Kernel Security
- Zheyue Jiang, Yuan Zhang, Jun Xu, Qi Wen, Zhenghe Wang, Xiaohan Zhang, Xinyu Xing, Min Yang, Zhemin Yang:
PDiff: Semantic-based Patch Presence Testing for Downstream Kernels. 1149-1163 - Yueqi Chen, Zhenpeng Lin, Xinyu Xing:
A Systematic Study of Elastic Objects in Kernel Exploitation. 1165-1184 - Xiaolong Bai, Luyi Xing, Min Zheng, Fuping Qu:
iDEA: Static Analysis on the Security of Apple Kernel Drivers. 1185-1202 - Aditya Pakki, Kangjie Lu:
Exaggerated Error Handling Hurts! An In-Depth Study and Context-Aware Detection. 1203-1218
Session 4D: Distributed Protocols
- Rui Wen, Yu Yu, Xiang Xie, Yang Zhang:
LEAF: A Faster Secure Search Algorithm via Localization, Extraction, and Reconstruction. 1219-1232 - Ittai Abraham, Benny Pinkas, Avishay Yanai:
Blinder - Scalable, Robust Anonymous Committed Broadcast. 1233-1252 - James Henry Bell, Kallista A. Bonawitz, Adrià Gascón, Tancrède Lepoint, Mariana Raykova:
Secure Single-Server Aggregation with (Poly)Logarithmic Overhead. 1253-1269 - Payman Mohassel, Peter Rindal, Mike Rosulek:
Fast Database Joins and PSI for Secret Shared Data. 1271-1287
Session 4E: Network Security
- Jens Hiller, Johanna Amann, Oliver Hohlfeld:
The Boon and Bane of Cross-Signing: Shedding Light on a Common Practice in Public Key Infrastructures. 1289-1306 - Eihal Alowaisheq, Siyuan Tang, Zhihao Wang, Fatemah Alharbi, Xiaojing Liao, XiaoFeng Wang:
Zombie Awakening: Stealthy Hijacking of Active Domains through DNS Hosting Referral. 1307-1322 - Xuewei Feng, Chuanpu Fu, Qi Li, Kun Sun, Ke Xu:
Off-Path TCP Exploits of the Mixed IPID Assignment. 1323-1335 - Keyu Man, Zhiyun Qian, Zhongjie Wang, Xiaofeng Zheng, Youjun Huang, Haixin Duan:
DNS Cache Poisoning Attack Reloaded: Revolutions with Side Channels. 1337-1350
Session 5A: User Authentication
- Shashank Agrawal, Saikrishna Badrinarayanan, Pratyay Mukherjee, Peter Rindal:
Game-Set-MATCH: Using Mobile Devices for Seamless External-Facing Biometric Matching. 1351-1370 - Kovila P. L. Coopamootoo:
Usage Patterns of Privacy-Enhancing Technologies. 1371-1390 - Chenghui Shi, Shouling Ji, Qianjun Liu, Changchang Liu, Yuefeng Chen, Yuan He, Zhe Liu, Raheem Beyah, Ting Wang:
Text Captcha Is Dead? A Large Scale Deployment and Empirical Study. 1391-1406 - Joshua Tan, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor:
Practical Recommendations for Stronger, More Usable Passwords Combining Minimum-strength, Minimum-length, and Blocklist Requirements. 1407-1426
Session 5B: Secure Messaging and Key Exchange
- Hubert Comon, Charlie Jacomme, Guillaume Scerri:
Oracle Simulation: A Technique for Protocol Composition with Long Term Shared Secrets. 1427-1444 - Melissa Chase, Trevor Perrin, Greg Zaverucha:
The Signal Private Group System and Anonymous Credentials Supporting Efficient Verifiable Encryption. 1445-1459 - Peter Schwabe, Douglas Stebila, Thom Wiggers:
Post-Quantum TLS Without Handshake Signatures. 1461-1480 - Cas Cremers, Jaiden Fairoze, Benjamin Kiesl, Aurora Naska:
Clone Detection in Secure Messaging: Improving Post-Compromise Security in Practice. 1481-1495
Session 5C: Forensics
- Brian Neil Levine, Marc Liberatore, Brian Lynn, Matthew Wright:
A Forensically Sound Method of Identifying Downloaders and Uploaders in Freenet. 1497-1512 - Ivan Pashchenko, Duc-Ly Vu, Fabio Massacci:
A Qualitative Study of Dependency Management and Its Security Implications. 1513-1531 - Nahid Juma, Xiaowei Huang, Mahesh Tripunitara:
Forensic Analysis in Access Control: Foundations and a Case-Study from Practice. 1533-1550 - Riccardo Paccagnella, Kevin Liao, Dave Tian, Adam Bates:
Logging to the Danger Zone: Race Condition Attacks and Defenses on System Audit Frameworks. 1551-1574
Session 5D: Secure Computation
- Marcel Keller:
MP-SPDZ: A Versatile Framework for Multi-Party Computation. 1575-1590 - Jackson Abascal, Mohammad Hossein Faghihi Sereshgi, Carmit Hazay, Yuval Ishai, Muthuramakrishnan Venkitasubramaniam:
Is the Classical GMW Paradigm Practical? The Case of Non-Interactive Actively Secure 2PC. 1591-1605 - Kang Yang, Chenkai Weng, Xiao Lan, Jiang Zhang, Xiao Wang:
Ferret: Fast Extension for Correlated OT with Small Communication. 1607-1626 - Kang Yang, Xiao Wang, Jiang Zhang:
More Efficient MPC from Improved Triple Generation and Authenticated Garbling. 1627-1646
Session 5E: Infrastructure Security
- Jörg Schwenk, Marcus Brinkmann, Damian Poddebniak, Jens Müller, Juraj Somorovsky, Sebastian Schinzel:
Mitigation of Attacks on Email End-to-End Encryption. 1647-1664 - Michele Campobasso, Luca Allodi:
Impersonation-as-a-Service: Characterizing the Emerging Criminal Infrastructure for User Impersonation at Scale. 1665-1680 - Sahar Abdelnabi, Katharina Krombholz, Mario Fritz:
VisualPhishNet: Zero-Day Phishing Website Detection by Visual Similarity. 1681-1698 - Long Cheng, Christin Wilson, Song Liao, Jeffrey Young, Daniel Dong, Hongxin Hu:
Dangerous Skills Got Certified: Measuring the Trustworthiness of Skill Certification in Voice Personal Assistant Platforms. 1699-1716
Session 6A: Signatures
- Jonas Nick, Tim Ruffing, Yannick Seurin, Pieter Wuille:
MuSig-DN: Schnorr Multi-Signatures with Verifiably Deterministic Nonces. 1717-1731 - Sri Aravinda Krishnan Thyagarajan, Adithya Bhat, Giulio Malavolta, Nico Döttling, Aniket Kate, Dominique Schröder:
Verifiable Timed Signatures Made Practical. 1733-1750 - Eleftherios Kokoris-Kogias, Dahlia Malkhi, Alexander Spiegelman:
Asynchronous Distributed Key Generation for Computationally-Secure Randomness, Consensus, and Threshold Signatures. 1751-1767 - Ran Canetti, Rosario Gennaro, Steven Goldfeder, Nikolaos Makriyannis, Udi Peled:
UC Non-Interactive, Proactive, Threshold ECDSA with Identifiable Aborts. 1769-1787
Session 6B: Exploitation and Defenses
- Edward J. Schwartz, Cory F. Cohen, Jeffrey Gennari, Stephanie Schwartz:
A Generic Technique for Automatically Finding Defense-Aware Code Reuse Attacks. 1789-1801 - Salman Ahmed, Ya Xiao, Kevin Z. Snow, Gang Tan, Fabian Monrose, Danfeng (Daphne) Yao:
Methodologies for Quantifying (Re-)randomization Security and Timing under JIT-ROP. 1803-1820 - Yuan Li, Mingzhe Wang, Chao Zhang, Xingman Chen, Songtao Yang, Ying Liu:
Finding Cracks in Shields: On the Security of Control Flow Integrity Mechanisms. 1821-1835 - Tao Lv, Ruishi Li, Yi Yang, Kai Chen, Xiaojing Liao, XiaoFeng Wang, Peiwei Hu, Luyi Xing:
RTFM! Automatic Assumption Discovery and Verification Derivation from Library Document for API Misuse Detection. 1837-1852
Session 6C: Side Channels
- Roberto Guanciale, Musard Balliu, Mads Dam:
InSpectre: Breaking and Fixing Microarchitectural Vulnerabilities by Formal Analysis. 1853-1869 - Enes Göktas, Kaveh Razavi, Georgios Portokalidis, Herbert Bos, Cristiano Giuffrida:
Speculative Probing: Hacking Blind in the Spectre Era. 1871-1885 - Sohaib ul Hassan, Iaroslav Gridin, Ignacio M. Delgado-Lozano, Cesar Pereida García, Jesús-Javier Chi-Domínguez, Alejandro Cabrera Aldaya, Billy Bob Brumley:
Déjà Vu: Side-Channel Analysis of Mozilla's NSS. 1887-1902 - Hyunyoung Oh, Adil Ahmad, Seonghyun Park, Byoungyoung Lee, Yunheung Paek:
TRUSTORE: Side-Channel Resistant Storage for SGX using Intel Hybrid CPU-FPGA. 1903-1918
Session 6D: Web Security
- Fan Zhang, Deepak Maram, Harjasleen Malvai, Steven Goldfeder, Ari Juels:
DECO: Liberating Web Data Using Decentralized Oracles for TLS. 1919-1938 - Mingming Zhang, Xiaofeng Zheng, Kaiwen Shen, Ziqiao Kong, Chaoyi Lu, Yu Wang, Haixin Duan, Shuang Hao, Baojun Liu, Min Yang:
Talking with Familiar Strangers: An Empirical Study on HTTPS Context Confusion Attacks. 1939-1952