Collection of Security Papers

ACM CCS 2017

Collection of Security Papers

All
IEEE S&P
IEEE S&P
- 2024
- 2023
- 2022
- 2021
- 2020
- 2019
- 2018
- 2017
- 2016
- 2015
ACM CCS
ACM CCS
- 2023
- 2022
- 2021
- 2020
- 2019
- 2018
- 2017
- 2016
- 2015
USENIX Sec
USENIX Sec
- 2024
- 2023
- 2022
- 2021
- 2020
- 2019
- 2018
- 2017
- 2016
- 2015
NDSS
NDSS
- 2024
- 2023
- 2022
- 2021
- 2020
- 2019
- 2018
- 2017
- 2016
- 2015
ICSE
ICSE
- 2024
- 2023
- 2022
- 2021
- 2020
- 2019
- 2018
- 2017
- 2016
- 2015-1
- 2015-2
ISSTA
ISSTA
- 2024
- 2023
- 2022
- 2021
- 2020
- 2019
- 2018
- 2017
- 2016
- 2015

ACM CCS 2017

205 papers accepted.

Updated on 2023-10-06.

You can find the lastest information here.

DUPLO: Unifying Cut-and-Choose for Garbled Circuits.

Authenticated Garbling and Efficient Maliciously Secure Two-Party Computation.

Global-Scale Secure Multiparty Computation.

Hearing Your Voice is Not Enough: An Articulatory Gesture Based Liveness Detection for Voice Authentication.

VibWrite: Towards Finger-input Authentication on Ubiquitous Surfaces via Physical Vibration.

Presence Attestation: The Missing Link in Dynamic Trust Bootstrapping.

DolphinAttack: Inaudible Voice Commands.

Evading Classifiers by Morphing in the Dark.

MagNet: A Two-Pronged Defense against Adversarial Examples.

Hindsight: Understanding the Evolution of UI Vulnerabilities in Mobile Browsers.

Deterministic Browser.

Most Websites Don't Need to Vibrate: A Cost-Benefit Approach to Improving Browser Security.

Be Selfish and Avoid Dilemmas: Fork After Withholding (FAW) Attacks on Bitcoin.

Betrayal, Distrust, and Rationality: Smart Counter-Collusion Contracts for Verifiable Cloud Computing.

Zero-Knowledge Contingent Payments Revisited: Attacks and Payments for Services.

Pool: Scalable On-Demand Secure Computation Service Against Malicious Adversaries.

A Framework for Constructing Fast MPC over Arithmetic Circuits with Malicious Adversaries and an Honest-Majority.

Efficient, Constant-Round and Actively Secure MPC: Beyond the Three-Party Case.

Let's Go in for a Closer Look: Observing Passwords in Their Natural Habitat.

Why Do Developers Get Password Storage Wrong?: A Qualitative Usability Study.

The TypTop System: Personalized Typo-Tolerant Password Checking.

Rise of the HaCRS: Augmenting Autonomous Cyber Reasoning Systems with Human Assistance.

Neural Network-based Graph Embedding for Cross-Platform Binary Code Similarity Detection.

RAIN: Refinable Attack Investigation with On-demand Inter-Process Information Flow Tracking.

Synthesis of Probabilistic Privacy Enforcement.

A Type System for Privacy Properties.

Revive: Rebalancing Off-Blockchain Payment Networks.

Concurrency and Privacy with Payment-Channel Networks.

Bolt: Anonymous Payment Channels for Decentralized Currencies.

Deterministic, Stash-Free Write-Only ORAM.

Scaling ORAM for Secure Computation.

Don't Let One Rotten Apple Spoil the Whole Barrel: Towards Automated Detection of Shadowed Domains.

Herding Vulnerable Cats: A Statistical Approach to Disentangle Joint Responsibility for Web Security in Shared Hosting.

Hiding in Plain Sight: A Longitudinal Study of Combosquatting Abuse.

Machine Learning Models that Remember Too Much.

Deep Models Under the GAN: Information Leakage from Collaborative Deep Learning.

Oblivious Neural Network Predictions via MiniONN Transformations.

Verifying Security Policies in Multi-agent Workflows with Loops.

Attribute-Based Encryption in the Generic Group Model: Automated Proofs and New Constructions.

FAME: Fast Attribute-based Message Encryption.

Practical UC-Secure Delegatable Credentials with Attributes and Their Application to Blockchain.

Solidus: Confidential Distributed Ledger Transactions via PVORM.

Fairness in an Unfair World: Fair Multiparty Computation from Public Bulletin Boards.

5Gen-C: Multi-input Functional Encryption and Program Obfuscation for Arithmetic Circuits.

IRON: Functional Encryption using Intel SGX.

Implementing BP-Obfuscation Using Graph-Induced Encoding.

AUTHSCOPE: Towards Automatic Discovery of Vulnerable Authorizations in Online Services.

Mass Discovery of Android Traffic Imprints through Instantiated Partial Execution.

Unleashing the Walking Dead: Understanding Cross-App Remote Infections on Mobile WebViews.

May the Fourth Be With You: A Microarchitectural Side Channel Attack on Several Real-World Applications of Curve25519.

STACCO: Differentially Analyzing Side-Channel Traces for Detecting SSL/TLS Vulnerabilities in Secure Enclaves.

Precise Detection of Side-Channel Vulnerabilities using Quantitative Cartesian Hoare Logic.

Better Than Advertised: Improved Collision-Resistance Guarantees for MD-Based Hash Functions.

Generic Semantic Security against a Kleptographic Adversary.

Defending Against Key Exfiltration: Efficiency Improvements for Big-Key Cryptography via Large-Alphabet Subkey Prediction.

Client-side Name Collision Vulnerability in the New gTLD Era: A Systematic Study.

The Wolf of Name Street: Hijacking Domains Through Their Nameservers.

Faulds: A Non-Parametric Iterative Classifier for Internet-Wide OS Fingerprinting.

T/Key: Second-Factor Authentication From Secure Hash Chains.

Practical Graphs for Optimal Side-Channel Resistant Memory-Hard Functions.

Better Bounds for Block Cipher Modes of Operation via Nonce-Based Key Derivation.

The ART of App Compartmentalization: Compiler-based Library Privilege Separation on Stock Android.

Vulnerable Implicit Service: A Revisit.

A Stitch in Time: Supporting Android Developers in WritingSecure Code.

Exploiting a Thermal Side Channel for Power Attacks in Multi-Tenant Data Centers.

Watch Me, but Don't Touch Me! Contactless Control Flow Monitoring via Electromagnetic Emanations.

Viden: Attacker Identification on In-Vehicle Networks.

Practical Attacks Against Graph-based Clustering.

Automated Crowdturfing Attacks and Defenses in Online Review Systems.

POISED: Spotting Twitter Spam Off the Beaten Paths.

Practical Secure Aggregation for Privacy-Preserving Machine Learning.

Use Privacy in Data-Driven Systems: Theory and Experiments with Machine Learnt Programs.

SGX-BigMatrix: A Practical Encrypted Data Analytic Framework With Trusted Processors.

Malicious-Secure Private Set Intersection via Dual Execution.

Fast Private Set Intersection from Homomorphic Encryption.

Practical Multi-party Private Set Intersection from Symmetric-Key Techniques.

Detecting Structurally Anomalous Logins Within Enterprise Networks.

DeepLog: Anomaly Detection and Diagnosis from System Logs through Deep Learning.

RiskTeller: Predicting the Risk of Cyber Incidents.

Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2.

CCCP: Closed Caption Crypto Phones to Resist MITM Attacks, Human Errors and Click-Through.

No-Match Attacks and Robust Partnering Definitions: Defining Trivial Attacks for Security Protocols is Not Trivial.

Querying for Queries: Indexes of Queries for Efficient and Expressive IT-PIR.

PeGaSus: Data-Adaptive Differentially Private Stream Processing.

Composing Differential Privacy and Secure Computation: A Case Study on Scaling Private Record Linkage.

Where the Wild Warnings Are: Root Causes of Chrome HTTPS Certificate Errors.

Data Breaches, Phishing, or Malware?: Understanding the Risks of Stolen Credentials.

Certified Malware: Measuring Breaches of Trust in the Windows Code-Signing PKI.

Forward Secure Dynamic Searchable Symmetric Encryption with Efficient Updates.

Forward and Backward Private Searchable Encryption from Constrained Cryptographic Primitives.

Economic Factors of Vulnerability Trade and Exploitation.

Quantifying the Pressure of Legal Risks on Third-party Vulnerability Research.

Identity-Based Format-Preserving Encryption.

Standardizing Bad Cryptographic Practice: A Teardown of the IEEE Standard for Protecting Electronic-design Intellectual Property.

New Techniques for Structural Batch Verification in Bilinear Groups with Applications to Groth-Sahai Proofs.

Practical Quantum-Safe Voting from Lattices.

A Touch of Evil: High-Assurance Cryptographic Hardware from Untrusted Components.

Provably-Secure Logic Locking: From Theory To Practice.

The Return of Coppersmith's Attack: Practical Factorization of Widely Used RSA Moduli.

Algorithm Substitution Attacks from a Steganographic Perspective.

On the Power of Optical Contactless Probing: Attacking Bitstream Encryption of FPGAs.

The Dynamics of Innocent Flesh on the Bone: Code Reuse Ten Years Later.

Capturing Malware Propagations with Code Injections and Code-Reuse Attacks.

Code-Reuse Attacks for the Web: Breaking Cross-Site Scripting Mitigations via Script Gadgets.

Tail Attacks on Web Applications.

Rewriting History: Changing the Archived Web from the Present.

Deemon: Detecting CSRF with Dynamic Analysis and Property Graphs.

A Comprehensive Symbolic Analysis of TLS 1.3.

HACL*: A Verified Modern Cryptographic Library.

Jasmin: High-Assurance and High-Speed Cryptography.

Post-Quantum Zero-Knowledge and Signatures from Symmetric-Key Primitives.

To BLISS-B or not to be: Attacking strongSwan's Implementation of Post-Quantum Signatures.

Side-Channel Attacks on BLISS Lattice-Based Signatures: Exploiting Branch Tracing against strongSwan and Electromagnetic Emanations in Microcontrollers.

Nonmalleable Information Flow Control.

Cryptographically Secure Information Flow Control on Key-Value Stores.

Object Flow Integrity.

BBA+: Improving the Security and Applicability of Privacy-Preserving Point Collection.

Back to the Drawing Board: Revisiting the Design of Optimal Location Privacy-preserving Mechanisms.

Certified Verification of Algebraic Properties on Low-Level Mathematical Constructs in Cryptographic Programs.

A Fast and Verified Software Stack for Secure Function Evaluation.

Verified Correctness and Security of mbedTLS HMAC-DRBG.

How Unique is Your .onion?: An Analysis of the Fingerprintability of Tor Onion Services.

The Waterfall of Liberty: Decoy Routing Circumvention that Resists Routing Attacks.

Compressive Traffic Analysis: A New Paradigm for Scalable Traffic Analysis.

Full Accounting for Verifiable Outsourcing.

Ligero: Lightweight Sublinear Arguments Without a Trusted Setup.

DIFUZE: Interface Aware Fuzzing for Kernel Drivers.

SemFuzz: Semantics-based Automatic Generation of Proof-of-Concept Exploits.

SlowFuzz: Automated Domain-Independent Detection of Algorithmic Complexity Vulnerabilities.

Identifying Open-Source License Violation and 1-day Security Risk at Large Scale.

Keep me Updated: An Empirical Study of Third-Party Library Updatability on Android.

A Large-Scale Empirical Study of Security Patches.

DEFTL: Implementing Plausibly Deniable Encryption in Flash Translation Layer.

FlashGuard: Leveraging Intrinsic Flash Properties to Defend Against Encryption Ransomware.

FirmUSB: Vetting USB Device Firmware using Domain Informed Symbolic Execution.

TinyOLE: Efficient Actively Secure Two-Party Computation from Oblivious Linear Function Evaluation.

Efficient Public Trace and Revoke from Standard Assumptions: Extended Abstract.

Distributed Measurement with Private Set-Union Cardinality.

Designing New Operating Primitives to Improve Fuzzing Performance.

Directed Greybox Fuzzing.

IMF: Inferred Model-based Fuzzer.

PtrSplit: Supporting General Pointers in Automatic Program Partitioning.

HexType: Efficient Detection of Type Confusion Errors for C++.

FreeGuard: A Faster Secure Heap Allocator.

JITGuard: Hardening Just-in-time Compilers with SGX.

Leaky Cauldron on the Dark Land: Understanding Memory Side-Channel Hazards in SGX.

A Formal Foundation for Secure Remote Execution of Enclaves.

DEMO: Akatosh: Automated Cyber Incident Verification and Impact Analysis.

Poster: Adversarial Examples for Classifiers in High-Dimensional Network Data.

POSTER: An Empirical Measurement Study on Multi-tenant Deployment Issues of CDNs.

POSTER: Actively Detecting Implicit Fraudulent Transactions.

POSTER: Semi-supervised Classification for Dynamic Android Malware Detection.

POSTER: Detection of CPS Program Anomalies by Enforcing Cyber-Physical Execution Semantics.

POSTER: A Comprehensive Study of Forged Certificates in the Wild.

POSTER: Rust SGX SDK: Towards Memory Safety in Intel SGX Enclave.

POSTER: Finding Vulnerabilities in P4 Programs with Assertion-based Verification.

POSTER: Covert Channel Based on the Sequential Analysis in Android Systems.

POSTER: Why Are You Going That Way? Measuring Unnecessary Exposure of Network Traffic to Nation States.

POSTER: PriReMat: A Distributed Tool for Privacy Preserving Record Linking in Healthcare.

POSTER: AFL-based Fuzzing for Java with Kelinci.

POSTER: Rethinking Fingerprint Identification on Smartphones.

POSTER: X-Ray Your DNS.

POSTER: Hidden in Plain Sight: A Filesystem for Data Integrity and Confidentiality.

POSTER: Watch Out Your Smart Watch When Paired.

POSTER: Intrusion Detection System for In-vehicle Networks using Sensor Correlation and Integration.

POSTER: Practical Fraud Transaction Prediction.

POSTER: Vulnerability Discovery with Function Representation Learning from Unlabeled Projects.

POSTER: Neural Network-based Graph Embedding for Malicious Accounts Detection.

POSTER: A Unified Framework of Differentially Private Synthetic Data Release with Generative Adversarial Network.

POSTER: TOUCHFLOOD: A Novel Class of Attacks against Capacitive Touchscreens.

POSTER: TouchTrack: How Unique are your Touch Gestures?

POSTER: PenJ1939: An Interactive Framework for Design and Dissemination of Exploits for Commercial Vehicles.

POSTER: Cyber Attack Prediction of Threats from Unconventional Resources (CAPTURE).

POSTER: Towards Precise and Automated Verification of Security Protocols in Coq.

POSTER: Probing Tor Hidden Service with Dockers.

POSTER: Evaluating Reflective Deception as a Malware Mitigation Strategy.

POSTER: Improving Anonymity of Services Deployed Over Tor by Changing Guard Selection.

POSTER: Inaudible Voice Commands.

POSTER: Is Active Electromagnetic Side-channel Attack Practical?

POSTER: BGPCoin: A Trustworthy Blockchain-based Resource Management Solution for BGP Security.

POSTER: Who was Behind the Camera? - Towards Some New Forensics.

POSTER: A PU Learning based System for Potential Malicious URL Detection.

Web Tracking Technologies and Protection Mechanisms.

Tutorial: Private Information Retrieval.

CCS'17 Tutorial Abstract / SGX Security and Privacy.

Cliptography: Post-Snowden Cryptography.

Cache Side Channels: State of the Art and Research Opportunities.

10th International Workshop on Artificial Intelligence and Security (AISec 2017).

ASHES 2017: Workshop on Attacks and Solutions in Hardware Security.

CCSW'17: 2017 ACM Cloud Computing Security.

CPS-SPC 2017: Third Workshop on Cyber-Physical Systems Security and PrivaCy.

CCS 2017: Women in Cyber Security (CyberW) Workshop.

FEAST 2017: The Second Workshop on Forming an Ecosystem Around Software Transformation.

MIST 2017: 9th International Workshop on Managing Insider Security Threats.

MTD 2017: Fourth ACM Workshop on Moving Target Defense (MTD).

PLAS 2017: ACM SIGSAC Workshop on Programming Languages and Analysis for Security.

SafeConfig'17: Applying the Scientific Method to Active Cyber Defense Research.

16th Workshop on Privacy in the Electronic Society (WPES 2017).

Workshop on Multimedia Privacy and Security.

IoT S&P 2017: First Workshop on Internet of Things Security and Privacy.