Collection of Security Papers

ACM CCS 2016

Collection of Security Papers

All
IEEE S&P
IEEE S&P
- 2024
- 2023
- 2022
- 2021
- 2020
- 2019
- 2018
- 2017
- 2016
- 2015
ACM CCS
ACM CCS
- 2023
- 2022
- 2021
- 2020
- 2019
- 2018
- 2017
- 2016
- 2015
USENIX Sec
USENIX Sec
- 2024
- 2023
- 2022
- 2021
- 2020
- 2019
- 2018
- 2017
- 2016
- 2015
NDSS
NDSS
- 2024
- 2023
- 2022
- 2021
- 2020
- 2019
- 2018
- 2017
- 2016
- 2015
ICSE
ICSE
- 2024
- 2023
- 2022
- 2021
- 2020
- 2019
- 2018
- 2017
- 2016
- 2015-1
- 2015-2
ISSTA
ISSTA
- 2024
- 2023
- 2022
- 2021
- 2020
- 2019
- 2018
- 2017
- 2016
- 2015

ACM CCS 2016

195 papers accepted.

Updated on 2023-10-06.

You can find the lastest information here.

On the Security and Performance of Proof of Work Blockchains.

A Secure Sharding Protocol For Open Blockchains.

The Honey Badger of BFT Protocols.

Differential Privacy as a Mutual Information Constraint.

Advanced Probabilistic Couplings for Differential Privacy.

Differentially Private Bayesian Programming.

The Misuse of Android Unix Domain Sockets and Security Implications.

Call Me Back!: Attacks on System Server and System Apps in Android through Synchronous Callback.

Draco: A System for Uniform and Fine-grained Access Control for Web Code on Android.

Strong Non-Interference and Type-Directed Higher-Order Masking.

MERS: Statistical Test Generation for Side-Channel Analysis based Trojan Detection.

Private Circuits III: Hardware Trojan-Resilience via Testing Amplification.

On the Instability of Bitcoin Without the Block Reward.

Transparency Overlays and Applications.

EpicRec: Towards Practical Differentially Private Framework for Personalized Recommendation.

Heavy Hitter Estimation over Set-Valued Data with Local Differential Privacy.

AUDACIOUS: User-Driven Access Control with Unmodified Operating Systems.

Mix&Slice: Efficient Access Revocation in the Cloud.

Safe Serializable Secure Scheduling: Transactions and the Trade-Off Between Security and Consistency.

ProvUSB: Block-level Provenance-Based Data Protection for USB Storage Devices.

Making Smart Contracts Smarter.

Town Crier: An Authenticated Data Feed for Smart Contracts.

The Ring of Gyges: Investigating the Future of Criminal Smart Contracts.

DPSense: Differentially Private Crowdsourced Spectrum Sensing.

Deep Learning with Differential Privacy.

Membership Privacy in MicroRNA-based Studies.

TaintART: A Practical Multi-level Information-Flow Tracking System for Android RunTime.

Statistical Deobfuscation of Android Applications.

Reliable Third-Party Library Detection in Android and its Security Applications.

Prefetch Side-Channel Attacks: Bypassing SMAP and Kernel ASLR.

Breaking Kernel Address Space Layout Randomization with Intel TSX.

Enforcing Least Privilege Memory Views for Multithreaded Applications.

Improvements to Secure Computation with Penalties.

Amortizing Secure Computation with Penalties.

MPC-Friendly Symmetric Key Primitives.

Message-Recovery Attacks on Feistel-Based Format Preserving Encryption.

On the Practical (In-)Security of 64-bit Block Ciphers: Collision Attacks on HTTP over TLS and OpenVPN.

A Systematic Analysis of the Juniper Dual EC Incident.

Scalable Graph-based Bug Search for Firmware Images.

High Fidelity Data Reduction for Big Data Security Dependency Analyses.

TypeSan: Practical Type Confusion Detection.

CREDAL: Towards Locating a Memory Corruption Vulnerability with Your Core Dump.

Twice the Bits, Twice the Trouble: Vulnerabilities Induced by Migrating to 64-Bit Platforms.

Alternative Implementations of Secure Real Numbers.

Garbling Gadgets for Boolean and Arithmetic Circuits.

Optimizing Semi-Honest Secure Multiparty Computation for the Internet.

MEMS Gyroscopes as Physical Unclonable Functions.

On the Security and Usability of Segment-based Visual Cryptographic Authentication Protocols.

Instant and Robust Authentication and Key Agreement among Mobile Devices.

Chainsaw: Chained Automated Workflow-based Exploit Generation.

CSPAutoGen: Black-box Enforcement of Content Security Policy upon Real-world Websites.

How I Learned to be Secure: a Census-Representative Survey of Security Advice Sources and Behavior.

Practical Detection of Entropy Loss in Pseudo-Random Number Generators.

Build It, Break It, Fix It: Contesting Secure Development.

SandScout: Automatic Detection of Flaws in iOS Sandbox Profiles.

Computational Soundness for Dalvik Bytecode.

SANA: Secure and Scalable Aggregate Network Attestation.

C-FLAT: Control-Flow Attestation for Embedded Systems Software.

Acing the IOC Game: Toward Automatic Discovery and Analysis of Open-Source Cyber Threat Intelligence.

FeatureSmith: Automatically Engineering Features for Malware Detection by Mining the Security Literature.

An In-Depth Study of More Than Ten Years of Java Exploitation.

"The Web/Local" Boundary Is Fuzzy: A Security Study of Chrome's Process-based Sandboxing.

High-Throughput Semi-Honest Secure Three-Party Computation with an Honest Majority.

Efficient Batched Oblivious PRF with Applications to Private Set Intersection.

MASCOT: Faster Malicious Arithmetic Secure Computation with Oblivious Transfer.

Covert Channels through Random Number Generator: Mechanisms, Capacity Estimation and Mitigations.

Return-Oriented Flush-Reload Side Channels on ARM and Their Implications for Android Devices.

A Software Approach to Defeating Side Channels in Last-Level Caches.

Leave Your Phone at the Door: Side Channels that Reveal Factory Floor Secrets.

My Smartphone Knows What You Print: Exploring Smartphone-based Side-channel Attacks Against 3D Printers.

UniSan: Proactive Kernel Memory Initialization to Eliminate Data Leakages.

iLock: Immediate and Automatic Locking of Mobile Devices against Data Theft.

Hypnoguard: Protecting Secrets across Sleep-wake Cycles.

5Gen: A Framework for Prototyping Applications Using Multilinear Maps and Matrix Branching Programs.

Λολ: Functional Lattice Cryptography.

Frodo: Take off the Ring! Practical, Quantum-Secure Key Exchange from LWE.

On Code Execution Tracking via Power Side-Channel.

Coverage-based Greybox Fuzzing as Markov Chain.

Error Handling of In-vehicle Networks Makes Them Vulnerable.

Using Reflexive Eye Movements for Fast Challenge-Response Authentication.

When CSI Meets Public WiFi: Inferring Your Mobile Phone Password via WiFi Signals.

VoiceLive: A Phoneme Localization based Liveness Detection for Voice Authentication on Smartphones.

Limiting the Impact of Stealthy Attacks on Industrial Control Systems.

Over-The-Top Bypass: Study of a Recent Telephony Fraud.

New Security Threats Caused by IMS-based SMS Service in 4G LTE Networks.

POPE: Partial Order Preserving Encoding.

∑oφoς: Forward Secure Searchable Encryption.

What Else is Revealed by Order-Revealing Encryption?

Order-Revealing Encryption: New Constructions, Applications, and Lower Bounds.

Practical Anonymous Password Authentication and TLS with Anonymous Client Authentication.

Efficient Cryptographic Password Hardening Services from Partially Oblivious Commitments.

A Comprehensive Formal Security Analysis of OAuth 2.0.

An Empirical Study of Mnemonic Sentence-based Password Generation Strategies.

On the Security of Cracking-Resistant Password Vaults.

Targeted Online Password Guessing: An Underestimated Threat.

PIPSEA: A Practical IPsec Gateway on Embedded APUs.

MiddlePolice: Toward Enforcing Destination-Defined Policies in the Middle of the Internet.

Protecting Insecure Communications with Topology-aware Network Tunnels.

Hash First, Argue Later: Adaptive Verifiable Computations on Outsourced Data.

Practical Non-Malleable Codes from l-more Extractable Hash Functions.

Generic Attacks on Secure Outsourced Databases.

The Shadow Nemesis: Inference Attacks on Efficiently Deployable, Efficiently Searchable Encryption.

Breaking Web Applications Built On Top of Encrypted Data.

Content Security Problems?: Evaluating the Effectiveness of Content Security Policy in the Wild.

CSP Is Dead, Long Live CSP! On the Insecurity of Whitelists and the Future of Content Security Policy.

Online Tracking: A 1-million-site Measurement and Analysis.

PhishEye: Live Monitoring of Sandboxed Phishing Kits.

All Your DNS Records Point to Us: Understanding the Security Threats of Dangling DNS Records.

Identifying the Scan and Attack Infrastructures Behind Amplification DDoS Attacks.

A Unilateral-to-Mutual Authentication Compiler for Key Exchange (with Applications to Client Authentication in TLS 1.3).

Attribute-based Key Exchange with General Policies.

Identity-Concealed Authenticated Encryption and Key Exchange.

A Surfeit of SSH Cipher Suites.

Systematic Fuzzing and Testing of TLS Libraries.

Attacking OpenSSL Implementation of ECDSA with a Few Signatures.

Host of Troubles: Multiple Host Ambiguities in HTTP Implementations.

Accessorize to a Crime: Real and Stealthy Attacks on State-of-the-Art Face Recognition.

Lurking Malice in the Cloud: Understanding and Detecting Cloud Repository as a Malicious Service.

Safely Measuring Tor.

PREDATOR: Proactive Recognition and Elimination of Domain Abuse at Time-Of-Registration.

Stemming Downlink Leakage from Training Sequences in Multi-User MIMO Networks.

A Protocol for Privately Reporting Ad Impressions at Scale.

Secure Stable Matching at Scale.

BeleniosRF: A Non-interactive Receipt-Free Electronic Voting Scheme.

ECDSA Key Extraction from Mobile Devices via Nonintrusive Physical Side Channels.

"Make Sure DSA Signing Exponentiations Really are Constant-Time".

On the Provable Security of (EC)DSA Signatures.

Android ION Hazard: the Curse of Customizable Memory Management System.

Drammer: Deterministic Rowhammer Attacks on Mobile Platforms.

SFADiff: Automated Evasion Attacks and Fingerprinting Using Black-box Differential Automata Learning.

Slitheen: Perfectly Imitated Decoy Routing through Traffic Replacement.

Practical Censorship Evasion Leveraging Content Delivery Networks.

GAME OF DECOYS: Optimal Decoy Routing Through Game Theory.

POSTER: An Educational Network Protocol for Covert Channel Analysis Using Patterns.

POSTER: A Behavioural Authentication System for Mobile Users.

POSTER: A Keyless Efficient Algorithm for Data Protection by Means of Fragmentation.

POSTER: Accuracy vs. Time Cost: Detecting Android Malware through Pareto Ensemble Pruning.

POSTER: Attack on Non-Linear Physical Unclonable Function.

POSTER: ConcurORAM: High-Throughput Parallel Multi-Client ORAM.

POSTER: DataLair: A Storage Block Device with Plausible Deniability.

POSTER: DroidShield: Protecting User Applications from Normal World Access.

POSTER: Efficient Cross-User Chunk-Level Client-Side Data Deduplication with Symmetrically Encrypted Two-Party Interactions.

POSTER: Fingerprinting Tor Hidden Services.

POSTER: I Don't Want That Content! On the Risks of Exploiting Bitcoin's Blockchain as a Content Store.

POSTER: Identifying Dynamic Data Structures in Malware.

POSTER: Improved Markov Strength Meters for Passwords.

POSTER: Insights of Antivirus Relationships when Detecting Android Malware: A Data Analytics Approach.

POSTER: KXRay: Introspecting the Kernel for Rootkit Timing Footprints.

POSTER: Locally Virtualized Environment for Mitigating Ransomware Threat.

POSTER: Mapping the Landscape of Large-Scale Vulnerability Notifications.

POSTER: Phishing Website Detection with a Multiphase Framework to Find Visual Similarity.

POSTER: Privacy Enhanced Secure Location Verification.

POSTER: Re-Thinking Risks and Rewards for Trusted Third Parties.

POSTER: RIA: an Audition-based Method to Protect the Runtime Integrity of MapReduce Applications.

POSTER: Security Enhanced Administrative Role Based Access Control Models.

POSTER: (Semi)-Supervised Machine Learning Approaches for Network Security in High-Dimensional Network Data.

POSTER: Static ROP Chain Detection Based on Hidden Markov Model Considering ROP Chain Integrity.

POSTER: The ART of App Compartmentalization.

POSTER: Toward Automating the Generation of Malware Analysis Reports Using the Sandbox Logs.

POSTER: Towards Collaboratively Supporting Decision Makers in Choosing Suitable Authentication Schemes.

POSTER: Towards Exposing Internet of Things: A Roadmap.

POSTER: Towards Highly Interactive Honeypots for Industrial Control Systems.

POSTER: Towards Privacy-Preserving Biometric Identification in Cloud Computing.

POSTER: VUDEC: A Framework for Vulnerability Management in Decentralized Communication Networks.

POSTER: Weighing in eHealth Security.

POSTER: WiPING: Wi-Fi signal-based PIN Guessing attack.

DEMO: Easy Deployment of a Secure Internet Architecture for the 21st Century: How hard can it be to build a secure Internet?

DEMO: High-Throughput Secure Three-Party Computation of Kerberos Ticket Generation.

DEMO: Integrating MPC in Big Data Workflows.

DEMO: OffPAD - Offline Personal Authenticating Device with Applications in Hospitals and e-Banking.

DEMO: Starving Permission-Hungry Android Apps Using SecuRank.

Program Anomaly Detection: Methodology and Practices.

Security on Wheels: Security and Privacy for Vehicular Communication Systems.

Condensed Cryptographic Currencies Crash Course (C5).

Introduction to Credit Networks: Security, Privacy, and Applications.

On the Security and Scalability of Bitcoin's Blockchain.

Privacy and Security in the Genomic Era.

Adversarial Data Mining: Big Data Meets Cyber Security.

MTD 2016: Third ACM Workshop on Moving Target Defense.

PLAS'16: ACM SIGPLAN 11th Workshop on Programming Languages and Analysis for Security.

SafeConfig'16: Testing and Evaluation for Active and Resilient Cyber Systems.

Sixth Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM 2016).

Theory of Implementation Security Workshop (TIs 2016).

15th Workshop on Privacy in the Electronic Society (WPES 2016).

9th International Workshop on Artificial Intelligence and Security: AISec 2016.

CCSW'16: 8th ACM Cloud Computing Security Workshop.

Second Workshop on Cyber-Physical Systems Security and PrivaCy (CPS-SPC'16).

2nd International Workshop on Software Protection: SPRO 2016.

Sixth International Workshop on Trustworthy Embedded Devices (TrustED 2016).

MIST 2016: 8th International Workshop on Managing Insider Security Threats.