NDSS 2018 71 papers accepted. Updated on 2023-09-08. You can find the lastest information here. IoTFuzzer: Discovering Memory Corruptions in IoT Through App-based Fuzzing. Fear and Logging in the Internet of Things. Decentralized Action Integrity for Trigger-Action IoT Platforms. What You Corrupt Is Not What You Crash: Challenges in Fuzzing Embedded Devices. Didn't You Hear Me? - Towards More Successful Web Vulnerability Notifications. Exposing Congestion Attack on Emerging Connected Vehicle based Traffic Signal Control. Removing Secrets from Android's TLS. rtCaptcha: A Real-Time CAPTCHA Based Liveness Detection System. Automated Attack Discovery in TCP Congestion Control Using a Model-guided Approach. Preventing (Network) Time Travel with Chronos. LTEInspector: A Systematic Approach for Adversarial Testing of 4G LTE. GUTI Reallocation Demystified: Cellular Location Tracking with Changing Temporary Identifier. Mind Your Keys? A Security Evaluation of Java Keystores. A Security Analysis of Honeywords. Revisiting Private Stream Aggregation: Lattice-Based PSA. ZeroTrace : Oblivious Memory Primitives from Intel SGX. Automated Website Fingerprinting through Deep Learning. VulDeePecker: A Deep Learning-Based System for Vulnerability Detection. Kitsune: An Ensemble of Autoencoders for Online Network Intrusion Detection. Feature Squeezing: Detecting Adversarial Examples in Deep Neural Networks. Trojaning Attack on Neural Networks. Broken Fingers: On the Usage of the Fingerprint API in Android. K-means++ vs. Behavioral Biometrics: One Loop to Rule Them All. ABC: Enabling Smartphone Authentication with Built-in Camera. Device Pairing at the Touch of an Electrode. Face Flashing: a Secure Liveness Detection Protocol based on Light Reflections. A Large-scale Analysis of Content Modification by Open HTTP Proxies. Measuring and Disrupting Anti-Adblockers Using Differential Execution Analysis. Towards Measuring the Effectiveness of Telephony Blacklists. Things You May Not Know About Android (Un)Packers: A Systematic Study based on Whole-System Emulation. KeyDrown: Eliminating Software-Based Keystroke Timing Side-Channel Attacks. Securing Real-Time Microcontroller Systems through Customized Memory View Switching. Automated Generation of Event-Oriented Exploits in Android Hybrid Apps. Tipped Off by Your Memory Allocator: Device-Wide User Activity Sequencing from Android Memory Images. K-Miner: Uncovering Memory Corruption in Linux. CFIXX: Object Type Integrity for C++. Back To The Epilogue: Evading Control Flow Guard via Unaligned Targets. Superset Disassembly: Statically Rewriting x86 Binaries Without Heuristics. Enhancing Memory Error Detection for Large-Scale Applications and Fuzz Testing. Finding Clues for Your Secrets: Semantics-Driven, Learning-Based Privacy Discovery in Mobile Apps. Bug Fixes, Improvements, ... and Privacy Leaks - A Longitudinal Study of PII Leaks Across Android App Versions. Apps, Trackers, Privacy, and Regulators: A Global Study of the Mobile Tracking Ecosystem. OS-level Side Channels without Procfs: Exploring Cross-App Information Leakage on iOS. Knock Knock, Who's There? Membership Inference on Aggregate Location Data. Reduced Cooling Redundancy: A New Security Vulnerability in a Hot Data Center. OBLIVIATE: A Data Oblivious Filesystem for Intel SGX. Microarchitectural Minefields: 4K-Aliasing Covert Channel and Multi-Tenant Detection in Iaas Clouds. Cloud Strife: Mitigating the Security Risks of Domain-Validated Certificates. Consensual and Privacy-Preserving Sharing of Multi-Subject and Interdependent Data. When Coding Style Survives Compilation: De-anonymizing Programmers from Executable Binaries. De-anonymization of Mobility Trajectories: Dissecting the Gaps between Theory and Practice. Veil: Private Browsing Semantics Without Browser-side Assistance. Game of Missuggestions: Semantic Analysis of Search-Autocomplete Manipulations. SYNODE: Understanding and Automatically Preventing Injection Attacks on NODE.JS. JavaScript Zero: Real JavaScript and Zero Side-Channel Attacks. Riding out DOMsday: Towards Detecting and Preventing DOM Cross-Site Scripting. Towards Scalable Cluster Auditing through Grammatical Inference over Provenance Graphs. MCI : Modeling-based Causality Inference in Audit Logging for Attack Investigation. Towards a Timely Causality Analysis for Enterprise Security. JSgraph: Enabling Reconstruction of Web Attacks via Efficient Tracking of Live In-Browser JavaScript Executions. AceDroid: Normalizing Diverse Android Access Control Checks for Inconsistency Detection. InstaGuard: Instantly Deployable Hot-patches for Vulnerable System Programs on Android. BreakApp: Automated, Flexible Application Compartmentalization. Resolving the Predicament of Android Custom Permissions. ZEUS: Analyzing Safety of Smart Contracts. Chainspace: A Sharded Smart Contracts Platform. Settling Payments Fast and Private: Efficient Decentralized Routing for Path-Based Transactions. TLS-N: Non-repudiation over TLS Enablign Ubiquitous Content Signing. Investigating Ad Transparency Mechanisms in Social Media: A Case Study of Facebooks Explanations. Inside Job: Applying Traffic Analysis to Measure Tor from Within. Smoke Screener or Straight Shooter: Detecting Elite Sybil Attacks in User-Review Social Networks.