NDSS 2019 90 papers accepted. Updated on 2023-09-08. You can find the lastest information here. Keynote: Modern Challenges for Cyber Defense. SANCTUARY: ARMing TrustZone with User-space Enclaves. Ginseng: Keeping Secrets in Registers When You Distrust the Operating System. DroidCap: OS Support for Capability-based Permissions in Android. Time Does Not Heal All Wounds: A Longitudinal Analysis of Security-Mechanism Support in Mobile Browsers. Geo-locating Drivers: A Study of Sensitive Data Leakage in Ride-Hailing Services. Please Forget Where I Was Last Summer: The Privacy Risks of Public Location (Meta)Data. Don't Trust The Locals: Investigating the Prevalence of Persistent Client-Side Cross-Site Scripting in the Wild. Master of Web Puppets: Abusing Web Browsers for Persistent and Stealthy Computation. Tranco: A Research-Oriented Top Sites Ranking Hardened Against Manipulation. JavaScript Template Attacks: Automatically Inferring Host Information for Targeted Exploits. Latex Gloves: Protecting Browser Extensions from Probing and Revelation Attacks. maTLS: How to Make TLS middlebox-aware? SABRE: Protecting Bitcoin against Routing Attacks. A Treasury System for Cryptocurrencies: Enabling Better Collaborative Intelligence. Fine-Grained and Controlled Rewriting in Blockchains: Chameleon-Hashing Gone Attribute-Based. YODA: Enabling computationally intensive contracts on blockchains with Byzantine and Selfish nodes. Giving State to the Stateless: Augmenting Trustworthy Computation with Ledgers. Cracking the Wall of Confinement: Understanding and Analyzing Malicious Domain Take-downs. Cleaning Up the Internet of Evil Things: Real-World Evidence on ISP and Consumer Efforts to Remove Mirai. Measurement and Analysis of Hajime, a Peer-to-peer IoT Botnet. Countering Malicious Processes with Process-DNS Association. ExSpectre: Hiding Malware in Speculative Execution. ML-Leaks: Model and Data Independent Membership Inference Attacks and Defenses on Machine Learning Models. MBeacon: Privacy-Preserving Beacons for DNA Methylation Data. Stealthy Adversarial Perturbations Against Real-Time Video Classification Systems. NIC: Detecting Adversarial Samples with Neural Network Invariant Checking. TextBugger: Generating Adversarial Text Against Real-world Applications. Digital Healthcare-Associated Infection: A Case Study on the Security of a Major Multi-Campus Hospital System. Mind Your Own Business: A Longitudinal Study of Threats and Vulnerabilities in Enterprises. NoDoze: Combatting Threat Alert Fatigue with Automated Provenance Triage. The use of TLS in Censorship Circumvention. On the Challenges of Geographical Avoidance for Tor. PeriScope: An Effective Probing and Fuzzing Framework for the Hardware-OS Boundary. REDQUEEN: Fuzzing with Input-to-State Correspondence. NAUTILUS: Fishing for Deep Bugs with Grammars. Analyzing Semantic Correctness with Symbolic Execution: A Case Study on PKCS#1 v1.5 Signature Verification. Send Hardest Problems My Way: Probabilistic Path Prioritization for Hybrid Fuzzing. Measuring the Facebook Advertising Ecosystem. We Value Your Privacy ... Now Take Some Cookies: Measuring the GDPR's Impact on Web Privacy. How Bad Can It Git? Characterizing Secret Leakage in Public GitHub Repositories. DNS Cache-Based User Tracking. Quantity vs. Quality: Evaluating User Interest Profiles Using Ad Preference Managers. Thunderclap: Exploring Vulnerabilities in Operating System IOMMU Protection via DMA from Untrustworthy Peripherals. One Engine To Serve 'em All: Inferring Taint Rules Without Architectural Semantics. Automating Patching of Vulnerable Open-Source Software Versions in Application Binaries. CRCount: Pointer Invalidation with Reference Counting to Mitigate Use-after-free in Legacy C/C++. CodeAlchemist: Semantics-Aware Code Generation to Find Vulnerabilities in JavaScript Engines. Oligo-Snoop: A Non-Invasive Side Channel Attack Against DNA Synthesis Machines. Profit: Detecting and Quantifying Side Channels in Networked Applications. Unveiling your keystrokes: A Cache-based Side-channel Attack on Graphics Libraries. Data Oblivious ISA Extensions for Side Channel-Resistant and High Performance Computing. Privacy Attacks to the 4G and 5G Cellular Paging Protocols Using Side Channel Information. Coconut: Threshold Issuance Selective Disclosure Credentials with Applications to Distributed Ledgers. Distinguishing Attacks from Legitimate Authentication Traffic at Scale. Robust Performance Metrics for Authentication Systems. Total Recall: Persistence of Passwords in Android. How to End Password Reuse on the Web. Component-Based Formal Analysis of 5G-AKA: Channel Assumptions and Session Confusion. UWB with Pulse Reordering: Securing Ranging against Relay and Physical-Layer Attacks. Nearby Threats: Reversing, Analyzing, and Attacking Google's 'Nearby Connections' on Android. BadBluetooth: Breaking Android Security Mechanisms via Malicious Bluetooth Peripherals. Understanding Open Ports in Android Applications: Discovery, Diagnosis, and Security Assessment. IoTGuard: Dynamic Enforcement of Security and Safety Policy in Commodity IoT. RFDIDS: Radio Frequency-based Distributed Intrusion Detection System for the Power Grid. A Systematic Framework to Generate Invariants for Anomaly Detection in Industrial Control Systems. DIAT: Data Integrity Attestation for Resilient Collaboration of Autonomous Systems. ICSREF: A Framework for Automated Reverse Engineering of Industrial Control Systems Binaries. Balancing Image Privacy and Usability with Thumbnail-Preserving Encryption. ConcurORAM: High-Throughput Stateless Parallel Multi-Client ORAM. Statistical Privacy for Streaming Traffic. rORAM: Efficient Range ORAM with O(log2 N) Locality. Private Continual Release of Real-Valued Data Streams. Practical Hidden Voice Attacks against Speech and Speaker Recognition Systems. Adversarial Attacks Against Automatic Speech Recognition Systems via Psychoacoustic Hiding. The Crux of Voice (In)Security: A Brain Study of Speaker Legitimacy Detection. Life after Speech Recognition: Fuzzing Semantic Misinterpretation for Voice Assistant Applications. Cybercriminal Minds: An investigative study of cryptocurrency abuses in the Dark Web. Vault: Fast Bootstrapping for the Algorand Cryptocurrency. Sereum: Protecting Existing Smart Contracts Against Re-Entrancy Attacks. Anonymous Multi-Hop Locks for Blockchain Scalability and Interoperability. Constructing an Adversary Solver for Equihash. OBFUSCURO: A Commodity Obfuscation Engine on Intel SGX. TEE-aided Write Protection Against Privileged Data Tampering. TIMBER-V: Tag-Isolated Memory Bringing Fine-grained Enclaves to RISC-V. Establishing Software Root of Trust Unconditionally. Graph-based Security and Privacy Analytics via Collective Classification with Joint Weight Learning and Propagation. Enemy At the Gateways: Censorship-Resilient Proxy Distribution Using Game Theory. Neuro-Symbolic Execution: Augmenting Symbolic Execution with Neural Constraints. Neural Machine Translation Inspired Binary Code Similarity Comparison beyond Function Pairs.