Accepted papers

  1. An Historical Examination of Open Source Releases and Their Vulnerabilities.
  2. Nigel Edwards (Hewlett-Packard Laboratories), Liqun Chen (Hewlett-Packard Laboratories).

  3. Non-tracking Web Analytics.
  4. Istemi Ekin Akkus (Max Planck Institute for Software Systems (MPI-SWS)), Ruichuan Chen (Max Planck Institute for Software Systems (MPI-SWS)), Michaela Hardt (Twitter Inc.), Paul Francis (Max Planck Institute for Software Systems (MPI-SWS)), Johannes Gehrke (Cornell University).

  5. A Cross-Protocol Attack on the TLS Protocol.
  6. Nikos Mavrogiannopoulos (KU Leuven - IBBT), Frederik Vercauteren (KU Leuven - IBBT), Vesselin Velichkov (University of Luxembourg), Bart Preneel (KU Leuven - IBBT).

  7. Mobile Data Charging: New Attacks and Countermeasures.
  8. Chunyi Peng (University of California, Los Angeles), Chi-yu Li (University of California, Los Angeles), Guan-Hua Tu (University of California, Los Angeles), Songwu Lu (University of California, Los Angeles), Lixia Zhang (University of California, Los Angeles).

  9. The Devil is in the (Implementation) Details: An Empirical Analysis of OAuth SSO Systems.
  10. San-Tsai Sun (University of British Columbia), Konstantin Beznosov (University of British Columbia).

  11. CensorSpoofer: Asymmetric Communication using IP Spoofing for Censorship-Resistant Web Browsing.
  12. Qiyan Wang (University of Illinois at Urbana-Champaign), Xun Gong (University of Illinois at Urbana-Champaign), Giang T. K. Nguyen (University of Illinois at Urbana-Champaign), Amir Houmansadr (University of Illinois at Urbana-Champaign), Nikita Borisov (University of Illinois at Urbana-Champaign).

  13. Self-service Cloud Computing.
  14. Shakeel Butt (Rutgers University), H. Andres Lagar-Cavilla (GridCentric Inc.), Abhinav Srivastava (AT&T Labs-Research), Vinod Ganapathy (Rutgers University).

  15. Aligot: Cryptographic Function Identification in Obfuscated Binary Programs.
  16. Joan Calvet (Universite de Lorraine, LORIA), Jose M Fernandez (Ecole Polytechnique de Montreal), Jean-Yves Marion (Universite de Lorraine, LORIA).

  17. Populated IP Addresses -- Classification and Applications.
  18. Chi-Yao Hong (UIUC), Fang Yu (MSR Silicon Valley), Yinglian Xie (MSR Silicon Valley).

  19. On the Parameterized Complexity of the Workflow Satisfiability Problem.
  20. Jason Crampton (Royal Holloway, University of London), Gregory Gutin (Royal Holloway, University of London), Anders Yeo (University of Johannesburg).

  21. A Software-Hardware Architecture for Self-Protecting Data.
  22. Yu-Yuan Chen (Princeton University), Pramod A. Jamkhedkar (Princeton University), Ruby B. Lee (Princeton University).

  23. Innocent by Association: Early Recognition of Legitimate Users.
  24. Yinglian Xie (Microsoft Research Silicon Valley), Fang Yu (Microsoft Research Silicon Valley), Qifa Ke (Microsoft Research Silicon Valley), Martin Abadi (Microsoft Research Silicon Valley), Eliot Gillum (Microsoft Corporation), Krish Vitaldevaria (Microsoft Corporation), Jason Walter (Microsoft Corporation), Junxian Huang (University of Michigan), Zhuoqing Morley Mao (University of Michigan).

  25. Deanonymizing Mobility Traces: Using Social Network as a Side-Channel.
  26. Mudhakar Srivatsa (IBM T. J. Watson Research Center), Mike Hicks (University of Maryland).

  27. DCast: Sustaining Collaboration in Overlay Multicast despite Rational Collusion.
  28. Haifeng Yu (National University of Singapore), Phillip B. Gibbons (Intel Labs), Chenwei Shi (Mozat Pte Ltd).

  29. FlowFox: a Web Browser with Flexible and Precise Information Flow Control.
  30. Willem De Groef (KU Leuven), Dominique Devriese (KU Leuven), Nick Nikiforakis (KU Leuven), Frank Piessens (KU Leuven).

  31. Scriptless Attacks.
  32. Mario Heiderich (Ruhr-University Bochum), Marcus Niemietz (Ruhr-University Bochum), Felix Schuster (Ruhr-University Bochum), Thorsten Holz (Ruhr-University Bochum), Jörg Schwenk (Ruhr-University Bochum).

  33. Enhancing Tor's Performance using Real-time Traffic Classification.
  34. Mashael AlSabah (University of Waterloo), Kevin Bauer (University of Waterloo), Ian Goldberg (University of Waterloo).

  35. Computational Soundness Without Protocol Restrictions.
  36. Michael Backes (Saarland University and MPI-SWS), Ankit Malik (IIT Delhi), Dominique Unruh (Tartu University).

  37. Full Proof Cryptography: Verifiable Compilation of Efficient Zero-Knowledge Protocols.
  38. José Bacelar Almeida (Universidade do Minho), Manuel Barbosa (Universidade do Minho), Endre Bangerter (Bern University of Applied Sciences), Gilles Barthe (IMDEA Software Institute), Stephan Krenn (IST Austria), Santiago Zanella Béguelin (Microsoft Research).

  39. Fides: Selectively Hardening Software Application Components against Kernel-level or Process-level Malware.
  40. Raoul Strackx (KU Leuven), Frank Piessens (KU Leuven).

  41. Double-Spending Fast Payments in Bitcoin.
  42. Ghassan O. Karame (NEC Laboratories Europe), Elli Androulaki (ETH Zurich), Srdjan Capkun (ETH Zurich).

  43. Secure Two-Party Computations in ANSI C.
  44. Andreas Holzer (TU Wien), Martin Franz (CrypTool Project), Stefan Katzenbeisser (TU Darmstadt), Helmut Veith (TU Wien).

  45. Neighborhood Watch: Security and Privacy Analysis of Automatic Meter Reading Systems.
  46. Ishtiaq Rouf (University of South Carolina), Hossen Mustafa (University of South Carolina), Miao Xu (University of South Carolina), Wenyuan Xu (University of South Carolina), Rob Miller (Applied Communication Sciences), Marco Gruteser (Rugers University).

  47. New Privacy Issues in Mobile Telephony: Fix and Verification.
  48. Myrto Arapinis (University of Birmingham), Loretta Mancini (University of Birmingham), Eike Ritter (University of Birmingham), Mark Ryan (University of Birmingham), Nico Golde (Technische Universität Berlin), Kevin Redon (Technische Universität Berlin), Ravishankar Borgaonkar (Technische Universität Berlin).

  49. Vanity, Cracks and Malware.
  50. Markus Kammerstetter (Vienna University of Technology), Christian Platzer (Vienna University of Technology), Gilbert Wondracek (Vienna University of Technology).

  51. Before We Knew It.
  52. Leyla Bilge (Symantec Corporation), Tudor Dumitras (Symantec Corporation).

  53. Revoke and Let Live: A Secure Key Revocation API for Cryptographic Devices.
  54. Véronique Cortier (CNRS, Loria, UMR 7503), Graham Steel (INRIA), Cyrille Wiedling (CNRS, Loria, UMR 7503).

  55. You Are What You Include: Large-scale Evaluation of Remote JavaScript Inclusions.
  56. Nick Nikiforakis (KU Leuven), Luca Invernizzi (University of California, Santa Barbara), Alexandros Kapravelos (University of California, Santa Barbara), Steven Van Acker (KU Leuven), Wouter Joosen (KU Leuven), Christopher Kruegel (University of California, Santa Barbara), Frank Piessens (KU Leuven), Giovanni Vigna (University of California, Santa Barbara).

  57. Knowing Your Enemy: Understanding and Detecting Malicious Web Advertising.
  58. Zhou Li (Indiana University Bloomington), Kehuan Zhang (Indiana University Bloomington), Yinglian Xie (MSR Silicon Valley), Fang Yu (MSR Silicon Valley), XiaoFeng Wang (Indiana University Bloomington).

  59. How Secure are Power Network Signature Based Time Stamps?.
  60. Wei-Hong Chuang (University of Maryland), Ravi Garg (University of Maryland), Min Wu (University of Maryland).

  61. Machine-Generated Algorithms, Proofs and Software for the Batch Verification of Digital Signature Schemes.
  62. Joseph A. Akinyele (Johns Hopkins University), Matthew Green (Johns Hopkins University), Susan Hohenberger (Johns Hopkins University), Matthew W. Pagano (Johns Hopkins University).

  63. PERM: Practical Reputation-Based Blacklisting without TTPs.
  64. Man Ho Au (University of Wollongong), Apu Kapadia (Indiana University).

  65. SkypeMorph: Protocol Obfuscation for Tor Bridges.
  66. Hooman Mohajeri Moghaddam (University of Waterloo), Baiyu Li (University of Waterloo), Mohammad Derakhshani (University of Waterloo), Ian Goldberg (University of Waterloo).

  67. The Most Dangerous Code in the World: Validating SSL Certificates in Non-Browser Software.
  68. Martin Georgiev (The University of Texas at Austin), Subodh Iyengar (Stanford University), Suman Jana (The University of Texas at Austin), Rishita Anubhai (Stanford University), Dan Boneh (Stanford University), Vitaly Shmatikov (The University of Texas at Austin).

  69. Towards a Bayesian Network Game Framework for Evaluating DDoS Attacks and Defense.
  70. Guanhua Yan (Los Alamos National Laboratory), Ritchie Lee (Carnegie Mellon University Silicon Valley), Alex Kent (Los Alamos National Laboratory), David Wolpert (Los Alamos National Laboratory).

  71. Privacy-Aware Personalization for Mobile Advertising.
  72. Michaela Hardt (Twitter), Suman Nath (Microsoft Research).

  73. GPS Software Attacks.
  74. Tyler Nighswander (Carnegie Mellon University), Brent Ledvina (Coherent Navigation), Jonathan Diamond (Coherent Navigation), Robert Brumley (Coherent Navigation), David Brumley (Carnegie Mellon University).

  75. PScout: Analyzing the Android Permission Specification.
  76. Kathy Wain Yee Au (University of Toronto), Yi Fan Zhou (University of Toronto), Zhen Huang (University of Toronto), David Lie (University of Toronto).

  77. TreeDroid: A Tree Automaton Based Approach to Enforcing Data Processing Policies.
  78. Mads Dam (KTH Royal Institute of Technology), Gurvan Le Guernic (KTH Royal Institute of Technology), Andreas Lundblad (KTH Royal Institute of Technology).

  79. Collaborative TCP Sequence Number Inference Attack.
  80. Zhiyun Qian (University of Michigan), Z. Morley Mao (University of Michigan), Yinglian Xie (Microsoft Research Silicon Valley).

  81. Operating System Framed in Case of Mistaken Identity.
  82. Cristian Bravo-Lillo (Carnegie Mellon University), Lorrie Cranor (Carnegie Mellon University), Julie Downs (Carnegie Mellon University), Saranga Komanduri (Carnegie Mellon University), Stuart Schechter (Microsoft Research), Manya Sleeper (Carnegie Mellon University).

  83. Practical Yet Universally Composable Two-Server Password-Authenticated Secret Sharing.
  84. Jan Camenisch (IBM Research), Anna Lysyanskaya (Brown University), Gregory Neven (IBM Research).

  85. Hourglass Schemes: How to Prove that Cloud Files Are Encrypted.
  86. Marten van Dijk (RSA Laboratories), Ari Juels (RSA Laboratories), Alina Oprea (RSA Laboratories), Ronald L Rivest (MIT), Emil Stefanov (University of California Berkeley), Nikos Triandopoulos (RSA Laboratories).

  87. Routing Around Decoys.
  88. Max Schuchard (University of Minnesota), John Geddes (University of Minnesota), Christopher Thompson (University of California), Nicholas Hopper (University of Minnesota).

  89. Measuring Vote Privacy, Revisited.
  90. David Bernhard (University of Bristol), Véronique Cortier (CNRS Loria), Olivier Pereira (Université Catholique de Louvain), Bogdan Warinschi (University of Bristol).

  91. Why Eve and Mallory Love Android: An Analysis of Android SSL (In)Security.
  92. Sascha Fahl (Distributed Computing & Security Group, Leibniz University Hannover), Marian Harbach (Distributed Computing & Security Group, Leibniz University Hannover), Thomas Muders (Distributed Computing & Security Group, Leibniz University Hannover), Matthew Smith (Distributed Computing & Security Group, Leibniz University Hannover), Lars Baumgärtner (Department of Math. & Computer Science, Philipps University Marburg), Bernd Freisleben (Department of Math. & Computer Science, Philipps University Marburg).

  93. Intransitive Noninterference in Nondeterministic Systems.
  94. Kai Engelhardt (The University of New South Wales), Ron van der Meyden (The University of New South Wales), Chenyi Zhang (The University of Queensland).

  95. SABOT: Specification-based Payload Generation for Programmable Logic Controllers.
  96. Stephen McLaughlin (The Pennsylvania State University), Patrick McDaniel (The Pennsylvania State University).

  97. Protecting Location Privacy: Optimal Strategy against Localization Attacks.
  98. Reza Shokri (EPFL), George Theodorakopoulos (Cardiff University), Carmela Troncoso (K.U.Leuven), Jean-Pierre Hubaux (EPFL), Jean-Yves Le Boudec (EPFL).

  99. Verifiable Data Streaming.
  100. Dominique Schroeder (University of Maryland), Heike Schroeder (CASED).

  101. Leveraging Choice" to Automate Authorization Hook Placement".
  102. Divya Muthukumaran (The Pennsylvania State University), Trent Jaeger (The Pennsylvania State University), Vinod Ganapathy (Rutgers University).

  103. Publicly Verifiable Delegation of Large Polynomials and Matrix Computations, with Applications.
  104. Dario Fiore (New York University), Rosario Gennaro (City College of New York).

  105. Precise Enforcement of Progress-Sensitive Security.
  106. Scott Moore (Harvard University), Aslan Askarov (Harvard University), Stephen Chong (Harvard University).

  107. Single Round Access Privacy on Outsourced Storage.
  108. Peter Williams (Stony Brook Network Security and Applied Cryptography Lab), Radu Sion (Stony Brook Network Security and Applied Cryptography Lab).

  109. Binary Stirring: Self-randomizing Instruction Addresses of Legacy x86 Binary Code.
  110. Richard Wartell (The University of Texas at Dallas), Vishwath Mohan (The University of Texas at Dallas), Kevin W. Hamlen (The University of Texas at Dallas), Zhiqiang Lin (The University of Texas at Dallas).

  111. PrivateFS: A Parallel Oblivious File System.
  112. Peter Williams (Stony Brook University), Radu Sion (Stony Brook University).

  113. Cross-VM Side Channels and Their Use to Extract Private Keys.
  114. Yinqian Zhang (University of North Carolina), Ari Juels (RSA Laboratories), Michael K. Reiter (University of North Carolina), Thomas Ristenpart (University of Wisconsin).

  115. Priceless: The Role of Payments in Abuse-advertised Goods.
  116. Damon McCoy (George Mason University), Hitesh Dharmdasani (George Mason university), Christian Kreibich (International Computer Science Institute), Geoffrey M Voelker (University of California, San Diego), Stefan Savage (University of California, San Diego).

  117. Provable Security of S-BGP and other Path Vector Protocols: Model, Analysis and Extensions.
  118. Alexandra Boldyreva (Georgia Institute of Technology), Robert Lychev (Georgia Institute of Technology).

  119. Using Probabilistic Generative Models for Ranking Risks of Android Apps.
  120. Hao Peng (Purdue University), Chris Gates (Purdue University), Bhaskar Sarma (Purdue University), Ninghui Li (Purdue University), Yuan Qi (Purdue University), Rahul Potharaju (Purdue University), Cristina Nita-Rotaru (Purdue University), Ian Molloy (IBM Research).

  121. Manufacturing Compromise: The Emergence of Exploit-as-a-Service.
  122. Chris Grier (UC Berkeley), Lucas Ballard (Google, Inc.), Juan Caballero (IMDEA Software Institute), Neha Chachra (UC San Diego), Christian J. Dietrich (University of Applied Sciences Gelsenkirchen), Kirill Levchenko (UC San Diego), Panayiotis Mavrommatis (Google, Inc.), Damon McCoy (George Mason University), Antonio Nappa (IMDEA Software Institute), Andreas Pitsillidis (UC San Diego), Niels Provos (Google, Inc.), M. Zubair Rafique (IMDEA Software Institute), Moheeb Abu Rajab (Google, Inc.), Christian Rossow (University of Applied Sciences Gelsenkirchen), Kurt Thomas (UC Berkeley), Vern Paxson (UC Berkeley), Stefan Savage (UC San Diego), Geoffrey M. Voelker (UC San Diego).

  123. Differentially Private Sequential Data Publication via Variable-Length N-Grams.
  124. Rui Chen (Concordia University), Gergely Acs (INRIA), Claude Castelluccia (INRIA).

  125. Minimizing Private Data Disclosures in the Smart Grid.
  126. Weining Yang (Purdue University), Ninghui Li (Purdue University), Yuan Qi (Purdue University), Wahbeh Qardaji (Purdue University), Stephen McLaughlin (Penn State University), Patrick McDaniel (Penn State University).

  127. Resource-Freeing Attacks: Improve Your Cloud Performance (at Your Neighbor's Expense).
  128. Venkatanathan Varadarajan (University of Wisconsin-Madison), Thawan Kooburat (University of Wisconsin-Madison), Benjamin Farley (University of Wisconsin-Madison), Thomas Ristenpart (University of Wisconsin-Madison), Michael M Swift (University of Wisconsin-Madison).

  129. PeerPress: Utilizing Enemies' P2P Strength against Them.
  130. Zhaoyan Xu (Texas A&M University), Lingfeng Chen (Texas A&M University), Guofei Gu (Texas A&M University), Christopher Kruegel (University of California).

  131. OTO: Online Trust Oracle for User-Centric Trust Establishment.
  132. Tiffany Hyun-Jin Kim (Carnegie Mellon University), Payas Gupta (Singapore Management University), Jun Han (Carnegie Mellon University), Emmanuel Owusu (Carnegie Mellon University), Jason Hong (Carnegie Mellon University), Adrian Perrig (Carnegie Mellon University), Debin Gao (Singapore Management University).

  133. StegoTorus: A Camouflage Proxy for the Tor Anonymity System.
  134. Zachary Weinberg (Carnegie Mellon University), Jeffrey Wang (Stanford University), Vinod Yegneswaran (SRI International), Linda Briesemeister (SRI International), Steven Cheung (SRI International), Frank Wang (Stanford University), Dan Boneh (Stanford University).

  135. On Significance of the Least Significant Bits For Differential Privacy.
  136. Ilya Mironov (Microsoft Research Silicon Valley).

  137. Adaptive Defenses for Commodity Software through Virtual Application Partitioning.
  138. Dimitris Geneiatakis (Columbia University), Georgios Portokalidis (Columbia University), Vasileios P. Kemerlis (Columbia University), Angelos D. Keromytis (Columbia University).

  139. Foundations of Garbled Circuits.
  140. Mihir Bellare (University of California, San Diego), Viet Tung Hoang (University of California), Phillip Rogaway (University of California, Davis).

  141. Secure Two-Party Computation in Sublinear (Amortized) Time.
  142. S. Dov Gordon (Applied Communication Sciences), Jonathan Katz (University of Maryland), Vladimir Kolesnikov (Bell Labs), Fernando Krell (Columbia University), Tal Malkin (Columbia University), Mariana Raykova (Columbia University), Yevgeniy Vahlis (AT&T).

  143. Computational Verification of C Protocol Implementations by Symbolic Execution.
  144. Mihhail Aizatulin (Open University), Andrew D. Gordon (Microsoft Research Cambridge), Jan Jürjens (TU Dortmund & Fraunhofer ISST).

  145. CHEX: Statically Vetting Android Apps for Component Hijacking Vulnerabilities.
  146. Long Lu (Georgia Institute of Technology), Zhichun Li (NEC Labs America, Inc.), Zhenyu Wu (NEC Labs America, Inc.), Wenke Lee (Georgia Institute of Technology), Guofei Jiang (NEC Labs America, Inc.).

  147. Touching from a Distance: Website Fingerprinting Attacks and Defenses.
  148. Xiang Cai (Stony Brook University), Xin Cheng Zhang (Stony Brook University), Brijesh Joshi (Stony Brook University), Rob Johnson (Stony Brook University).

  149. Dynamic Searchable Symmetric Encryption.
  150. Seny Kamara (Microsoft Research), Charalampos Papamanthou (UC Berkeley), Tom Roeder (Microsoft Research).

  151. Strengthening User Authentication through Opportunistic Cryptographic Identity Assertions.
  152. Alexei Czeskis (University of Washington), Michael Dietz (Rice University), Tadayoshi Kohno (University of Washington), Dan Wallach (Rice University), Dirk Balfanz (Google).

  153. Vigilare: Toward Snoop-based Kernel Integrity Monitor.
  154. Hyungon Moon (Seoul National University), Hojoon Lee (Korea Advanced Institute of Science and Technology), Jihoon Lee (Seoul National University), Kihwan Kim (Korea Advanced Institute of Science and Technology), Yunheung Paek (Seoul National University), Brent Byunghoon Kang (George Mason University).

  155. Blacksheep: Detecting Compromised Hosts in Homogeneous Crowds.
  156. Antonio Bianchi (UC Santa Barbara), Yan Shoshitaishvili (UC Santa Barbara), Christopher Kruegel (UC Santa Barbara), Giovanni Vigna (UC Santa Barbara).

  157. Kargus: a Highly-scalable Software-based Intrusion Detection System.
  158. Muhammad Asim Jamshed (KAIST), Jihyung Lee (KAIST), Sangwoo Moon (KAIST), Insu Yun (KAIST), Deokjin Kim (NSRI), Sungryoul Lee (NSRI), Yung Yi (KAIST), KyoungSoo Park (KAIST).

  159. Verified Security of Redundancy-Free Encryption from Rabin and RSA.
  160. Gilles Barthe (IMDEA Software Institute), David Pointcheval (École Normale Supérieure), Santiago Zanella Béguelin (Microsoft Research).

  161. Salus: A System for Server-Aided Secure Function Evaluation.
  162. Seny Kamara (Microsoft Research), Payman Mohassel (University of Calgary), Ben Riva (Tel Aviv University).

    Last modified: 2012-08-10 17:06:21 EDT