ACM CCS 2015 167 papers accepted. Updated on 2023-10-06. You can find the lastest information here. Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice. Ciphertext-only Cryptanalysis on Hardened Mifare Classic Cards. Cracking App Isolation on Apple: Unauthorized Cross-App Resource Access on MAC OS~X and iOS. iRiS: Vetting Private API Abuse in iOS Applications. Seeing through Network-Protocol Obfuscation. CacheBrowser: Bypassing Chinese Censorship without Proxies Using Cached Content. Automated Analysis and Synthesis of Authenticated Encryption Schemes. Leakage-Resilient Authentication and Encryption from Symmetric Cryptographic Primitives. GCM-SIV: Full Nonce Misuse-Resistant Authenticated Encryption at Under One Cycle per Byte. GUITAR: Piecing Together Android App GUIs from Memory Images. WebCapsule: Towards a Lightweight Forensic Engine for Web Browsers. VCR: App-Agnostic Recovery of Photographic Evidence from Android Device Memory Images. Monte Carlo Strength Evaluation: Fast and Reliable Password Checking. Surpass: System-initiated User-replaceable Passwords. Optimal Distributed Password Verification. How to Use Bitcoin to Play Decentralized Poker. Micropayments for Decentralized Currencies. Liar, Liar, Coins on Fire!: Penalizing Equivocation By Loss of Bitcoins. Traitor Deterring Schemes: Using Bitcoin as Collateral for Digital Content. It's a TRaP: Table Randomization and Protection against Function-Reuse Attacks. Heisenbyte: Thwarting Memory Disclosure Attacks using Destructive Code Reads. Timely Rerandomization for Mitigating Memory Disclosures. ASLR-Guard: Stopping Address Space Leakage for Code Reuse Attacks. Location-restricted Services Access Control Leveraging Pinpoint Waveforming. SafeDSA: Safeguard Dynamic Spectrum Access against Fake Secondary Users. Insecurity of Voice Solution VoLTE in LTE Mobile Networks. Breaking and Fixing VoLTE: Exploiting Hidden Data Channels and Mis-implementations. Defeating IMSI Catchers. DEMOS-2: Scalable E2E Verifiable Elections without Random Oracles. Subversion-Resilient Signature Schemes. Walls Have Ears! Opportunistically Communicating Secret Messages Over the Wiretap Channel: from Theory to Practice. Static Detection of Packet Injection Vulnerabilities: A Case for Identifying Attacker-controlled Implicit Information Leaks. Unearthing Stealthy Program Attacks Buried in Extremely Long Execution Paths. From Collision To Exploitation: Unleashing Use-After-Free Vulnerabilities in Linux Kernel. VCCFinder: Finding Potential Vulnerabilities in Open-Source Projects to Assist Code Audits. UCognito: Private Browsing without Tears. Security by Any Other Name: On the Effectiveness of Provider Based Email Security. Certified PUP: Abuse in Authenticode Code Signing. A Multi-Modal Neuro-Physiological Study of Phishing Detection and Malware Warnings. Efficient Genome-Wide, Privacy-Preserving Similar Patient Query based on Private Edit Distance. GRECS: Graph Encryption for Approximate Shortest Distance Queries. Towards Automatic Generation of Security-Centric Descriptions for Android Apps. AUTOREB: Automatically Understanding the Review-to-Behavior Fidelity in Android Applications. A Search Engine Backed by Internet-Wide Scanning. Sunlight: Fine-grained Targeting Detection at Scale with Statistical Confidence. Fast Garbling of Circuits Under Standard Assumptions. Blazing Fast 2PC in the Offline/Online Setting with Security for Malicious Adversaries. Fast and Secure Three-party Computation: The Garbled Circuit Approach. FlowWatcher: Defending against Data Disclosure Vulnerabilities in Web Applications. Detecting and Exploiting Second Order Denial-of-Service Vulnerabilities in Web Applications. Inlined Information Flow Monitoring for JavaScript. Inference Attacks on Property-Preserving Encrypted Databases. Frequency-Hiding Order-Preserving Encryption. Leakage-Abuse Attacks Against Searchable Encryption. Nonoutsourceable Scratch-Off Puzzles to Discourage Bitcoin Mining Coalitions. Tampering with the Delivery of Blocks and Transactions in Bitcoin. Demystifying Incentives in the Consensus Computer. Provisions: Privacy-preserving Proofs of Solvency for Bitcoin Exchanges. Symbolic Execution of Obfuscated Code. CoDisasm: Medium Scale Concatic Disassembly of Self-Modifying Binaries with Overlapping Instructions. LOOP: Logic-Oriented Opaque Predicate Detection in Obfuscated Binary Code. MalGene: Automatic Extraction of Malware Analysis Evasion Signature. Face/Off: Preventing Privacy Leakage From Photos in Social Networks. CrowdTarget: Target-based Detection of Crowdturfing in Online Social Networks. Exploiting Temporal Dynamics in Sybil Defenses. Where's Wally?: Precise User Discovery Attacks in Location Proximity Services. Practicing Oblivious Access on Cloud Storage: the Gap, the Fallacy, and the New Way Forward. Circuit ORAM: On Tightness of the Goldreich-Ostrovsky Lower Bound. Constant Communication ORAM with Small Blocksize. Secure Deduplication of Encrypted Data without Additional Independent Servers. Transparent Data Deduplication in the Cloud. Control Jujutsu: On the Weaknesses of Fine-Grained Control Flow Integrity. Per-Input Control-Flow Integrity. Practical Context-Sensitive CFI. CCFI: Cryptographically Enforced Control Flow Integrity. Losing Control: On the Effectiveness of Control-Flow Integrity under Stack Attacks. SEDA: Scalable Embedded Device Attestation. TrustOTP: Transforming Smartphones into Secure One-Time Password Tokens. Trusted Display on Untrusted Commodity Platforms. PyCRA: Physical Challenge-Response Authentication For Active Sensors Under Spoofing Attacks. Clean Application Compartmentalization with SOAAP. Falcon Codes: Fast, Authenticated LT Codes (Or: Making Rapid Tornadoes Unstoppable). Fast Non-Malleable Commitments. White-Box Cryptography Revisited: Space-Hard Ciphers. Lattice Basis Reduction Attack against Physically Unclonable Functions. Drops for Stuff: An Analysis of Reshipping Mule Scams. Android Root and its Providers: A Double-Edged Sword. An Empirical Study of Web Vulnerability Discovery Ecosystems. The Dropper Effect: Insights into Malware Distribution with Downloader Graph Analytics. Equivalence-based Security for Querying Encrypted Databases: Theory and Application to Privacy Policy Audits. Automated Symbolic Proofs of Observational Equivalence. Automated Proofs of Pairing-Based Cryptography. Moat: Verifying Confidentiality of Enclave Programs. On the Security of TLS 1.3 and QUIC Against Weaknesses in PKCS#1 v1.5 Encryption. A Cryptographic Analysis of the TLS 1.3 Handshake Protocol Candidates. Deniable Key Exchanges for Secure Messaging. TOPAS: 2-Pass Key Exchange with Full Perfect Forward Secrecy and Optimal Communication Complexity. From System Services Freezing to System Server Shutdown in Android: All You Need Is a Loop in an App. Hare Hunting in the Wild Android: A Study on the Threat of Hanging Attribute References. Perplexed Messengers from the Cloud: Automated Security Analysis of Push-Messaging Integrations. When Good Becomes Evil: Keystroke Inference with Smartwatch. Differential Privacy with Bounded Priors: Reconciling Utility and Privacy in Genome-Wide Association Studies. Protecting Locations with Differential Privacy under Temporal Correlations. Privacy-Preserving Deep Learning. Model Inversion Attacks that Exploit Confidence Information and Basic Countermeasures. Group Signatures with Probabilistic Revocation: A Computationally-Scalable Approach for Providing Privacy-Preserving Authentication. Authenticating Privately over Public Wi-Fi Hotspots. SPRESSO: A Secure, Privacy-Respecting Single Sign-On System for the Web. Automating Fast and Secure Translations from Type-I to Type-III Pairing Schemes. The Clock is Still Ticking: Timing Attacks in the Modern Web. Cross-Site Search Attacks. The Spy in the Sandbox: Practical Cache Attacks in JavaScript and their Implications. From Facepalm to Brain Bender: Exploring Client-Side Cross-Site Scripting. Mass-surveillance without the State: Strongly Undetectable Algorithm-Substitution Attacks. HORNET: High-speed Onion Routing at the Network Layer. CARONTE: Detecting Location Leaks for Deanonymizing Tor Hidden Services. (Un)linkable Pseudonyms for Governmental Databases. IntegriDB: Verifiable SQL for Outsourced Databases. A Domain-Specific Language for Low-Level Secure Multiparty Computation Protocols. Automated Synthesis of Optimized Circuits for Secure Computation. Using Linearly-Homomorphic Encryption to Evaluate Degree-2 Functions on Encrypted Data. Maneuvering Around Clouds: Bypassing Cloud-based Security Providers. The SICILIAN Defense: Signature-based Whitelisting of Web JavaScript. Seeing Your Face Is Not Enough: An Inertial Sensor-Based Liveness Detection for Face Authentication. Observing and Preventing Leakage in MapReduce. Mitigating Storage Side Channels Using Statistical Privacy Mechanisms. Nomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration. Thwarting Memory Disclosure with Efficient Hypervisor-enforced Intra-domain Isolation. DEMO: Action Recommendation for Cyber Resilience. POSTER: Secure Chat for the Masses? User-centered Security to the Rescue. POSTER: In the Net of the Spider: Measuring the Anonymity-Impact of Network-level Adversaries Against Tor. POSTER: Towards Compiler-Assisted Taint Tracking on the Android Runtime (ART). POSTER: iPKI: Identity-based Private Key Infrastructure for Securing BGP Protocol. POSTER: Mobile Device Identification by Leveraging Built-in Capacitive Signature. POSTER: Implementing and Testing a Novel Chaotic Cryptosystem for Use in Small Satellites. POSTER: A Password-based Authentication by Splitting Roles of User Interface. POSTER: Page Table Manipulation Attack. POSTER: Toward Energy-Wasting Misbehavior Detection Platform with Privacy Preservation in Building Energy Use. POSTER: A Hardware Fingerprint Using GPU Core Frequency Variations. POSTER: The Popular Apps in Your Pocket Are Leaking Your Privacy. POSTER: PatchGen: Towards Automated Patch Detection and Generation for 1-Day Vulnerabilities. POSTER: Using Unit Testing to Detect Sanitization Flaws. POSTER: PsychoRithm: A Framework for Studying How Human Traits Affect User Response to Security Situations. POSTER: Dynamic Labelling for Analyzing Security Protocols. POSTER: Computations on Encrypted Data in the Internet of Things Applications. POSTER: Detecting Malicious Web Pages based on Structural Similarity of Redirection Chains. POSTER: WinOver Enterprise Dark Data. POSTER: A Logic Based Network Forensics Model for Evidence Analysis. POSTER: OFX: Enabling OpenFlow Extensions for Switch-Level Security Applications. POSTER: Blackboard-Based Electronic Warfare System. POSTER: PRINCESS: A Secure Cloud File Storage System for Managing Data with Hierarchical Levels of Sensitivity. POSTER: Pseudonymizing Client as a Privacy-Preserving Service: A Case Study of CDN. POSTER: biTheft: Stealing Your Secrets by Bidirectional Covert Channel Communication with Zero-Permission Android Application. POSTER: Lightweight Streaming Authenticated Data Structures. Fraud Detection through Graph-Based User Behavior Modeling. Program Analysis for Mobile Application Integrity and Privacy Enforcement. Introduction to Cryptocurrencies. Workshop Summary of AISec'15: 2015 Workshop on Artificial Intelligent and Security. CCSW 2015: The 7th ACM Cloud Computing Security Workshop. First Workshop on Cyber-Physical Systems Security and PrivaCy (CPS-SPC): Challenges and Research Directions. MIST 2015: 7th International Workshop on Managing Insider Security Threats. MTD 2015: Second ACM Workshop on Moving Target Defense. SafeConfig 2015: Workshop on Automated Decision Making for Active Cyber Defense. SPSM 2015: 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices. Fifth International Workshop on Trustworthy Embedded Devices (TrustED 2015). WISCS'15: The 2nd ACM Workshop on Information Sharing and Collaborative Security. WPES 2015: The 14th Workshop on Privacy in the Electronic Society.