ACM CCS 2021 - November, 2021

MAIN CONFERENCE PROGRAM

ACM CCS 2021, November 15-19

Day 1

Day 2

Day 3

Click to show the timezone:
KST (UTC+9) EST CET

Day 1: Tuesday, Nov 16 (KST/CET) and Monday, Nov 15 (EST)

8:00AM-8:15AM (KST)

6:00PM-6:15PM (EST)

12:00AM-12:15AM (CET)

Opening Remarks: PC Chairs and General Chairs Presentation

8:15AM-9:00AM (KST)

6:15PM-7:00PM (EST)

12:15AM-1:00AM (CET)

Keynote: Pseudo-Randomness and the Crystal Ball
Cynthia Dwork (Harvard University)

Session Chair: Elaine Shi

9:00AM-9:15AM (KST)

7:00PM-7:15PM (EST)

1:00AM-1:15AM (CET)

Keynote Q&A

9:15AM-9:20AM (KST)

7:15PM-7:20PM (EST)

1:15AM-1:20AM (CET)

Break

9:20AM-10:00AM (KST)

7:20PM-8:00PM (EST)

1:20AM-2:00AM (CET)

Session 1A-Web Security 1:
Cybercrime

Session Chair: Alexandros Kapravelos

Chunk-Level Password Guessing: Towards Modeling Refined Password Composition Representations

Ming Xu (Fudan University); Chuanwang Wang (Fudan University); Jitao Yu (Fudan University); Junjie Zhang (Fudan University); Kai Zhang (Fudan University); Weili Han (Fudan University)

Out of Sight, Out of Mind: Detecting Orphaned Web Pages at Internet-Scale

Stijn Pletinckx (TU Delft); Kevin Borgolte (Ruhr University Bochum); Tobias Fiebig (TU Delft)

Catching Transparent Phish: Analyzing and Detecting MITM Phishing Toolkits

Brian Kondracki (Stony Brook University); Babak Amin Azad (Stony Brook University); Oleksii Starov (Palo Alto Networks); Nick Nikiforakis (Stony Brook University)

Reverse Attack: Black-box Attacks on Collaborative Recommendation

Yihe Zhang (University of Louisiana at Lafayette); Xu Yuan (University of Louisiana at Lafayette); Jin Li (Guangzhou University); Jiadong Lou (University of Louisiana at Lafayette); Li Chen (University of Louisiana at Lafayette); Nian-Feng Tzeng (University of Louisiana at Lafayette)

It's Not What It Looks Like: Manipulating Perceptual Hashing based Applications

Qingying Hao (University of Illinois at Urbana-Champaign); Licheng Luo (University of Illinois at Urbana-Champaign); Steve T.K. Jan (University of Illinois at Urbana-Champaign); Gang Wang (University of Illinois at Urbana-Champaign)

Session 1B-Machine Learning and Security 1:
Attacks on Robustness

Session Chair: Bimal Viswanath

Black-box Adversarial Attacks on Commercial Speech Platforms with Minimal Information

Baolin Zheng (Wuhan University); Peipei Jiang (Wuhan University); Qian Wang (Wuhan University); Qi Li (Tsinghua University); Chao Shen (Xi'an Jiaotong University); Cong Wang (City University of Hong Kong); Yunjie Ge (Wuhan University); Qingyang Teng (Wuhan University); Shenyi Zhang (Wuhan University)

A Hard Label Black-box Adversarial Attack Against Graph Neural Networks

Jiaming Mu (Tsinghua University); Binghui Wang (Illinois Institute of Technology); Qi Li (Tsinghua University); Kun Sun (George Mason University); Mingwei Xu (Tsinghua University); Zhuotao Liu (Tsinghua University)

Robust Adversarial Attacks Against DNN-Based Wireless Communication Systems

Alireza Bahramali (University of Massachusetts Amherst); Milad Nasr (University of Massachusetts Amherst); Amir Houmansadr (University of Massachusetts Amherst); Dennis Goeckel (University of Massachusetts Amherst); Don Towsley (University of Massachusetts Amherst)

AI-Lancet: Locating Error-inducing Neurons to Optimize Neural Networks

Yue Zhao (Institute of Information Engineering, Chinese Academy of Sciences & University of Chinese Academy of Sciences, China); Hong Zhu (Institute of Information Engineering, Chinese Academy of Sciences & University of Chinese Academy of Sciences, China); Kai Chen (Institute of Information Engineering, Chinese Academy of Sciences & China University of Chinese Academy of Sciences, China & Beijing Academy of Artificial Intelligence, China); Shengzhi Zhang (Metropolitan College, Boston University, USA)

Session 1C-Applied Crypto 1:
Zero Knowledge I

Session Chair: Yupeng Zhang

Doubly Efficient Interactive Proofs for General Arithmetic Circuits with Linear Prover Time

Jiaheng Zhang (University of California, Berkeley); Tianyi Liu (Texas A&M University); Weijie Wang (Shanghai Jiao Tong University); Yinuo Zhang (University of California, Berkeley); Dawn Song (University of California, Berkeley); Xiang Xie (Shanghai Key Laboratory of Privacy-Preserving Computation); Yupeng Zhang (Texas A&M University)

Constant-Overhead Zero-Knowledge for RAM Programs

Nicholas Franzese (Northwestern University); Jonathan Katz (University of Maryland); Steve Lu (Stealth Software Technologies, Inc.); Rafail Ostrovsky (University of California, Los Angeles); Xiao Wang (Northwestern University); Chenkai Weng (Northwestern University)

Appenzeller to Brie: Efficient Zero-Knowledge Proofs for Mixed-Mode Arithmetic and Z_2^k

Carsten Baum (Aarhus University); Lennart Braun (Aarhus University); Alexander Munch-Hansen (Aarhus University); Benoit Razet (Galois, Inc.); Peter Scholl (Aarhus University)

Shorter and Faster Post-Quantum Designated-Verifier zkSNARKs from Lattices

Yuval Ishai (Technion); Hang Su (University of Virginia); David J. Wu (University of Texas at Austin)

Session 1D-Usability and Measurement 1:
Authentication and Click Fraud

Session Chair: Simon Woo

"Hello, It's Me": Deep Learning-based Speech Synthesis Attacks in the Real World

Emily Wenger (University of Chicago); Max Bronckers (University of Chicago); Christian Cianfarani (University of Chicago); Jenna Cryan (University of Chicago); Angela Sha (University of Chicago); Haitao Zheng (University of Chicago); Ben Y. Zhao (University of Chicago)

Don't Forget the Stuffing! Revisiting the Security Impact of Typo-Tolerant Password Authentication

Sena Sahin (Georgia Institute of Technology); Frank Li (Georgia Institute of Technology)

Dissecting Click Fraud Autonomy in the Wild

Tong Zhu (Shanghai Jiao Tong University); Yan Meng (Shanghai Jiao Tong University); Haotian Hu (Shanghai Jiao Tong University); Xiaokuan Zhang (The Ohio State University); Minhui Xue (The University of Adelaide); Haojin Zhu (Shanghai Jiao Tong University)

Understanding and Detecting Mobile Ad Fraud Through the Lens of Invalid Traffic

Suibin Sun (Shanghai Jiao Tong University); Le Yu (Shanghai Jiao Tong University); Xiaokuan Zhang (The Ohio State University); Minhui Xue (The University of Adelaide); Ren Zhou (Shanghai Jiao Tong University); Haojin Zhu (Shanghai Jiao Tong University); Shuang Hao (University of Texas at Dallas); Xiaodong Lin (University of Guelph)

Usable User Authentication on a Smartwatch using Vibration

Sunwoo Lee (Korea University); Wonsuk Choi (Hansung University); Dong Hoon Lee (Korea University)

10:00AM-10:40AM (KST)

8:00PM-8:40PM (EST)

2:00AM-2:40AM (CET)

Session 2A-Software Security 1:
Fuzzing and Bug Finding

Session Chair: Fish Wang

Automated Bug Hunting With Data-Driven Symbolic Root Cause Analysis

Carter Yagemann (Georgia Institute of Technology); Simon P. Chung (Georgia Institute of Technology); Brendan Saltaformaggio (Georgia Institute of Technology); Wenke Lee (Georgia Institute of Technology)

SNIPUZZ: Black-box Fuzzing of IoT Firmware via Message Snippet Inference

Xiaotao Feng (Swinburne University of Technology); Ruoxi Sun (The University of Adelaide); Xiaogang Zhu (Swinburne University of Technology); Minhui Xue (The University of Adelaide); Sheng Wen (Swinburne University of Technology); Dongxi Liu (CSIRO Data61); Surya Nepal (Data61 CSIRO); Yang Xiang (Swinburne University of Technology)

Same Coverage, Less Bloat: Accelerating Binary-only Fuzzing with Coverage-preserving Coverage-guided Tracing

Stefan Nagy (Virginia Tech); Anh Nguyen-Tuong (University of Virginia); Jason D. Hiser (University of Virginia); Jack W. Davidson (University of Virginia); Matthew Hicks (Virginia Tech)

HyperFuzzer: An Efficient Hybrid Fuzzer for Virtual CPUs

Xinyang Ge (Microsoft Research); Ben Niu (Microsoft); Robert Brotzman (Penn State University); Yaohui Chen (Facebook); HyungSeok Han (KAIST); Patrice Godefroid (Microsoft Research); Weidong Cui (Microsoft Research)

HardsHeap: A Universal and Extensible Framework for Evaluating Secure Allocators

Insu Yun (KAIST); Woosun Song (KAIST); Seunggi Min (KAIST); Taesoo Kim (Georgia Institute of Technology)

Session 2B-Formal Methods and PL 1:
Formal Analysis and Verification

Session Chair: Timos Antonopoulos

DPGen: Automated Program Synthesis for Differential Privacy

Yuxin Wang (Pennsylvania State University); Zeyu Ding (Pennsylvania State University); Yingtai Xiao (Pennsylvania State University); Daniel Kifer (Pennsylvania State University); Danfeng Zhang (Pennsylvania State University)

A Formally Verified Configuration for Hardware Security Modules in the Cloud

Riccardo Focardi (Ca’ Foscari University); Flaminia L. Luccio (Ca’ Foscari University)

Solver-Aided Constant-Time Hardware Verification

Klaus v. Gleissenthall (Vrije Universiteit Amsterdam); Rami Gökhan K?c? (University of California, San Diego); Deian Stefan (University of California, San Diego); Ranjit Jhala (University of California, San Diego)

Exorcising Spectres with Secure Compilers

Marco Patrignani (CISPA Helmholtz Center for Information Security); Marco Guarnieri (IMDEA Software Institute)

Structured Leakage and Applications to Cryptographic Constant-Time and Cost

Gilles Barthe (MPI-SP & IMDEA Software Institute); Benjamin Grégoire (Université Côte d’Azur, Inria); Vincent Laporte (Université de Lorraine, CNRS, Inria, LORIA, F-54000); Swarn Priya (Université Côte d’Azur, Inria)

Session 2C-Machine Learning and Security 2:
Defenses for ML Robustness

Session Chair: Shiqing Ma

Learning Security Classifiers with Verified Global Robustness Properties

Yizheng Chen (University of California, Berkeley); Shiqi Wang (Columbia University); Yue Qin (Indiana University Bloomington); Xiaojing Liao (Indiana University Bloomington); Suman Jana (Columbia University); David Wagner (University of California, Berkeley)

On the Robustness of Domain Constraints

Ryan Sheatsley (The Pennsylvania State University); Blaine Hoak (The Pennsylvania State University); Eric Pauley (The Pennsylvania State University); Yohan Beugin (The Pennsylvania State University); Michael J. Weisman (United States Army Research Laboratory); Patrick McDaniel (The Pennsylvania State University)

Cert-RNN: Towards Certifying the Robustness of Recurrent Neural Networks

Tianyu Du (Zhejiang University); Shouling Ji (Zhejiang University & Binjiang Institute of Zhejiang University); Lujia Shen (Zhejiang University); Yao Zhang (Zhejiang University); Jinfeng Li (Zhejiang University); Jie Shi (Huawei International, Singapore); Chengfang Fang (Huawei International, Singapore); Jianwei Yin (Zhejiang University & Binjiang Institute of Zhejiang University); Raheem Beyah (Georgia Institute of Technology); Ting Wang (Pennsylvania State University)

TSS: Transformation-Specific Smoothing for Robustness Certification

Linyi Li (University of Illinois); Maurice Weber (ETH Zürich); Xiaojun Xu (University of Illinois); Luka Rimanic (ETH Zürich); Bhavya Kailkhura (Lawrence Livermore National Laboratory); Tao Xie (Peking University); Ce Zhang (ETH Zürich); Bo Li (University of Illinois)

Session 2D-Applied Crypto 2:
Secure Multiparty Computation

Session Chair: Xiao Wang

Efficient Online-friendly Two-Party ECDSA Signature

Haiyang Xue (Institute of Information Engineering, Chinese Academy of Sciences & The University of Hong Kong); Man Ho Au (The University of Hong Kong); Xiang Xie (Shanghai Key Laboratory of Privacy-Preserving Computation); Tsz Hon Yuen (The University of Hong Kong); Handong Cui (The University of Hong Kong)

One Hot Garbling

David Heath (Georgia Tech); Vladimir Kolesnikov (Georgia Tech)

The Return of Eratosthenes: Secure Generation of RSA Moduli using Distributed Sieving

Cyprien Delpech de Saint Guilhem (KU Leuven); Eleftheria Makri (KU Leuven & Saxion University of Applied Sciences); Dragos Rotaru (KU Leuven & Cape Privacy); Titouan Tanguy (KU Leuven)

Secure Graph Analysis at Scale

Toshinori Araki (NEC Corporation); Jun Furukawa (NEC Corporation); Kazuma Ohara (AIST); Benny Pinkas (Bar-Ilan University); Hanan Rosemarin (Bar-Ilan University); Hikaru Tsuchida (NEC Corporation)

Oblivious Linear Group Actions and Applications

Nuttapong Attrapadung (AIST); Goichiro Hanaoaka (AIST); Takahiro Matsuda (AIST); Hiraku Morita (University of St. Gallen); Kazuma Ohara (AIST); Jacob C. N. Schuldt (AIST); Tadanori Teruya (AIST); Kazunari Tozawa (University of Tokyo)

10:40AM-11:20AM (KST)

8:40PM-9:20PM (EST)

2:40AM-3:20AM (CET)

Break and CCS Town Hall / LGBTQ+ and Allies Social Hour

11:20AM-12:00PM (KST)

9:20PM-10:00PM (EST)

3:20AM-4:00AM (CET)

Session 3A-Hardware, Side Channels, and CPS 1:
Side Channel

Session Chair: Xiaoyu Ji

Wireless Charging Power Side-Channel Attacks

Alexander S. La Cour (Princeton University); Khurram K. Afridi (Cornell University); G. Edward Suh (Cornell University)

Indistinguishability Prevents Scheduler Side Channels in Real-Time Systems

Chien-Ying Chen (University of Illinois at Urbana-Champaign); Debopam Sanyal (University of Illinois at Urbana-Champaign); Sibin Mohan (Oregon State University)

Rosita++: Automatic Higher-Order Leakage Elimination from Cryptographic Code

Madura A. Shelton (University of Adelaide); Łukasz Chmielewski (Radboud University and Riscure); Niels Samwel (Radboud University); Markus Wagner (University of Adelaide); Lejla Batina (Radboud University); Yuval Yarom (University of Adelaide)

Periscope: A Keystroke Inference Attack Using Human Coupled Electromagnetic Emanations

Wenqiang Jin (Hunan University); Srinivasan Murali (The University of Texas at Arlington); Huadi Zhu (The University of Texas at Arlington); Ming Li (The University of Texas at Arlington)

Constantine: Automatic Side-Channel Resistance Using Efficient Control and Data Flow Linearization

Pietro Borrello (Sapienza University of Rome); Daniele Cono D'Elia (Sapienza University of Rome); Leonardo Querzoni (Sapienza University of Rome); Cristiano Giuffrida (Vrije Universiteit Amsterdam)

Session 3B-Software Security 2:
Operating Systems

Session Chair: Georgios Portokalidis

ECMO: Peripheral Transplantation to Rehost Embedded Linux Kernels

Muhui Jiang (The Hong Kong Polytechnic University & Zhejiang University); Lin Ma (Zhejiang University); Yajin Zhou (Zhejiang University); Qiang Liu (Zhejiang University); Cen Zhang (Nanyang Technological University); Zhi Wang (Florida State University); Xiapu Luo (The Hong Kong Polytechnic University); Lei Wu (Zhejiang University); Kui Ren (Zhejiang University)

SyzGen: Automated Generation of Syscall Specification of Closed-Source macOS Drivers

Weiteng Chen (University of California, Riverside); Yu Wang (Didi Research America); Zheng Zhang (University of California, Riverside); Zhiyun Qian (University of California, Riverside)

Demons in the Shared Kernel: Abstract Resource Attacks Against OS-level Virtualization

Nanzi Yang (Xidian University); Wenbo Shen (Zhejiang University); Jinku Li (Xidian University); Yutian Yang (Zhejiang University); Kangjie Lu (University of Minnesota, Twin Cities); Jietao Xiao (Xidian University); Tianyu Zhou (Zhejiang University); Chenggang Qin (Ant Group); Wang Yu (Ant Group); Jianfeng Ma (Xidian University); Kui Ren (Zhejiang University)

SmashEx: Smashing SGX Enclaves Using Exceptions

Jinhua Cui (National University of Defense Technology); Jason Zhijingcheng Yu (National University of Singapore); Shweta Shinde (ETH Zürich); Prateek Saxena (National University of Singapore); Zhiping Cai (National University of Defense Technology)

CPscan: Detecting Bugs Caused by Code Pruning in IoT Kernels

Lirong Fu (Zhejiang University); Shouling Ji (Zhejiang University & Binjiang Institute of Zhejiang University); Kangjie Lu (University of Minnesota); Peiyu Liu (Zhejiang University); Xuhong Zhang (Zhejiang University & Binjiang Institute of Zhejiang University); Yuxuan Duan (Zhejiang University); Zihui Zhang (Zhejiang University); Wenzhi Chen (Zhejiang University); Yanjun Wu (Institute of Software, Chinese Academy of Sciences)

Statically Discovering High-Order Taint Style Vulnerabilities in OS Kernels

Hang Zhang (University of California, Riverside); Weiteng Chen (University of California, Riverside); Yu Hao (University of California, Riverside); Guoren Li (University of California, Riverside); Yizhuo Zhai (University of California, Riverside); Xiaochen Zou (University of California, Riverside); Zhiyun Qian (University of California, Riverside)

Session 3C-Privacy and Anonymity 1:
Inference Attacks

Session Chair: Franziska Boenisch

Honest-but-Curious Nets: Sensitive Attributes of Private Inputs Can Be Secretly Coded into the Classifiers' Outputs

Mohammad Malekzadeh (Imperial College London); Anastasia Borovykh (Imperial College London); Deniz Gündüz (Imperial College London)

Quantifying and Mitigating Privacy Risks of Contrastive Learning

Xinlei He (CISPA Helmholtz Center for Information Security); Yang Zhang (CISPA Helmholtz Center for Information Security)

Membership Inference Attacks Against Recommender Systems

Minxing Zhang (Shandong University & CISPA Helmholtz Center for Information Security); Zhaochun Ren (Shandong University); Zihan Wang (Shandong University); Pengjie Ren (Shandong University); Zhunmin Chen (Shandong University); Pengfei Hu (Shandong University); Yang Zhang (CISPA Helmholtz Center for Information Security)

Membership Leakage in Label-Only Exposures

Zheng Li (CISPA Helmholtz Center for Information Security); Yang Zhang (CISPA Helmholtz Center for Information Security)

When Machine Unlearning Jeopardizes Privacy

Min Chen (CISPA Helmholtz Center for Information Security); Zhikun Zhang (CISPA Helmholtz Center for Information Security); Tianhao Wang (Carnegie Mellon University & University of Virginia); Michael Backes (CISPA Helmholtz Center for Information Security); Mathias Humbert (University of Lausanne); Yang Zhang (CISPA Helmholtz Center for Information Security)

Session 3D-Network Security 1:
DoS

Session Chair: Paul Pearce

Deterrence of Intelligent DDoS via Multi-Hop Traffic Divergence

Yuanjie Li (Tsinghua University); Hewu Li (Tsinghua University); Zhizheng Lv (Tsinghua University); Xingkun Yao (Tsinghua University); Qianru Li (University of California, Los Angeles); Jianping Wu (Tsinghua University)

Scan, Test, Execute: Adversarial Tactics in Amplification DDoS Attacks

Harm Griffioen (Hasso Plattner Institute); Kris Oosthoek (Technische Universiteit Delft); Paul van der Knaap (Technische Universiteit Delft); Christian Doerr (Hasso Plattner Institute)

Warmonger: Inflicting Denial-of-Service via Serverless Functions in the Cloud

Junjie Xiong (University of South Florida); Mingkui Wei (George Mason University); Zhuo Lu (University of South Florida); Yao Liu (University of South Florida)

United We Stand: Collaborative Detection and Mitigation of Amplification DDoS Attacks at Scale

Daniel Wagner (DE-CIX & Max Planck Institute for Informatics); Daniel Kopp (DE-CIX); Matthias Wichtlhuber (DE-CIX); Christoph Dietzel (DE-CIX & Max Planck Institute for Informatics); Oliver Hohlfeld (Brandenburg University of Technology); Georgios Smaragdakis (TU Delft); Anja Feldmann (Max Planck Institute for Informatics)

12:00PM-12:40PM (KST)

10:00PM-10:40PM (EST)

4:00AM-4:40AM (CET)

Session 4A-Blockchain and Distributed Systems 1:
Modeling Blockchains and Distributed Ledgers

Session Chair: Kartik Nayak

Revisiting Nakamoto Consensus in Asynchronous Networks: A Comprehensive Analysis of Bitcoin Safety and Chain Quality

Muhammad Saad (University of Central Florida); Afsah Anwar (University of Central Florida); Srivatsan Ravi (University of Southern California); David Mohaisen (University of Central Florida)

How Does Blockchain Security Dictate Blockchain Implementation?

Andrew Lewis-Pye (London School of Economics); Tim Roughgarden (Columbia University)

The Exact Security of BIP32 Wallets

Poulami Das (Technische Universität Darmstadt); Andreas Erwig (Technische Universität Darmstadt); Sebastian Faust (Technische Universität Darmstadt); Julian Loss (University of Maryland); Siavash Riahi (Technische Universität Darmstadt)

A Security Framework for Distributed Ledgers

Mike Graf (University of Stuttgart); Daniel Rausch (University of Stuttgart); Viktoria Ronge (Friedrich-Alexander University Erlangen-Nürnberg); Christoph Egger (Friedrich-Alexander University Erlangen-Nürnberg); Ralf Küsters (University of Stuttgart); Dominique Schröder (Friedrich-Alexander University Erlangen-Nürnberg)

Session 4B-Network Security 2:
Wireless, Mobile, and IoT

Session Chair: Ben Zhao

This Sneaky Piggy Went to the Android Ad Market: Misusing Mobile Sensors for Stealthy Data Exfiltration

Michalis Diamantaris (FORTH); Serafeim Moustakas (FORTH); Lichao Sun (Lehigh University); Sotiris Ioannidis (Technical University of Crete); Jason Polakis (University of Illinois at Chicago)

Noncompliance as Deviant Behavior: An Automated Black-box Noncompliance Checker for 4G LTE Cellular Devices

Syed Rafiul Hussain (Pennsylvania State University); Imtiaz Karim (Purdue University); Abdullah Al Ishtiaq (Pennsylvania State University); Omar Chowdhury (University of Iowa); Elisa Bertino (Purdue University)

All your Credentials are Belong to Us: On Insecure WPA2-Enterprise Configurations

Man Hong Hue (The Chinese University of Hong Kong); Joyanta Debnath (The University of Iowa); Kin Man Leung (The University of British Columbia); Li Li (Syracuse University); Mohsen Minaei (Visa Research); M. Hammad Mazhar (The University of Iowa); Kailiang Xian (The Chinese University of Hong Kong); Endadul Hoque (Syracuse University); Omar Chowdhury (The University of Iowa); Sze Yiu Chau (The Chinese University of Hong Kong)

On-device IoT Certificate Revocation Checking with Small Memory and Low Latency

Xiaofeng Shi (University of California, Santa Cruz); Shouqian Shi (University of California, Santa Cruz); Minmei Wang (University of California, Santa Cruz); Jonne Kaunisto (University of California, Santa Cruz); Chen Qian (University of California, Santa Cruz)

Session 4C-Applied Crypto 3:
Private Set Intersection

Session Chair: Arkady Yerukhimovich

Labeled PSI from Homomorphic Encryption with Reduced Computation and Communication

Kelong Cong (imec-COSIC, KU Leuven); Radames Cruz Moreno (Microsoft Research); Mariana Botelho da Gama (imec-COSIC, KU Leuven); Wei Dai (Microsoft Research); Ilia Iliashenko (imec-COSIC, KU Leuven); Kim Laine (Microsoft Research); Michael Rosenberg (University of Maryland)

Simple, Fast Malicious Multiparty Private Set Intersection

Ofri Nevo (Open University of Israel); Ni Trieu (Arizona State University); Avishay Yanai (VMware Research)

Compact and Malicious Private Set Intersection for Small Sets

Mike Rosulek (Oregon State University); Ni Trieu (Arizona State University)

Efficient Linear Multiparty PSI and Extensions to Circuit/Quorum PSI

Nishanth Chandran (Microsoft Research); Nishka Dasgupta (Aarhus University); Divya Gupta (Microsoft Research); Sai Lakshmi Bhavana Obbattu (Microsoft Research); Sruthi Sekar (Indian Institute of Science); Akash Shah (University of California, Los Angeles)

Session 4D-Privacy and Anonymity 2:
Differential Privacy

Session Chair: Tianhao Wang

Differential Privacy for Directional Data

Benjamin Weggenmann (SAP Security Research); Florian Kerschbaum (University of Waterloo)

Differentially Private Sparse Vectors with Low Error, Optimal Space, and Fast Access

Martin Aumüller (IT University of Copenhagen); Christian Janos Lebeda (Basic Algorithms Research Copenhagen & IT University of Copenhagen); Rasmus Pagh (Basic Algorithms Research Copenhagen & University of Copenhagen)

Continuous Release of Data Streams under both Centralized and Local Differential Privacy

Tianhao Wang (Carnegie Mellon University & University of Virginia); Joann Qiongna Chen (University of California, Irvine); Zhikun Zhang (CISPA Helmholtz Center for Information Security); Dong Su (Alibaba Inc.); Yueqiang Cheng (NIO Security Research); Zhou Li (University of California, Irvine); Ninghui Li (Purdue University); Somesh Jha (University of Wisconsin, Madison)

Side-Channel Attacks on Query-Based Data Anonymization

Franziska Boenisch (Fraunhofer AISEC); Reinhard Munz (Max Planck Institute for Software Systems); Marcel Tiepelt (Karlsruhe Institute of Technology); Simon Hanisch (TU Dresden); Christiane Kuhn (Karlsruhe Institute of Technology); Paul Francis (Max Planck Institute for Software Systems)

AHEAD: Adaptive Hierarchical Decomposition for Range Query under Local Differential Privacy

Linkang Du (Zhejiang University); Zhikun Zhang (CISPA Helmholtz Center for Information Security); Shaojie Bai (Zhejiang University); Changchang Liu (IBM Research); Shouling Ji (Zhejiang University & Binjiang Institute of Zhejiang University); Peng Cheng (Zhejiang University); Jiming Chen (Zhejiang University & Zhejiang University of Technology)

Day 2: Wednesday, Nov 17 (KST/CET) and Tuesday, Nov 16 (EST)

8:00AM-8:15AM (KST)

6:00PM-6:15PM (EST)

12:00AM-12:15AM (CET)

Opening Remarks: Best Paper Awards

8:15AM-9:00AM (KST)

6:15PM-7:00PM (EST)

12:15AM-1:00AM (CET)

Keynote: Towards Building a Responsible Data Economy
Dawn Song (University of California, Berkeley)

Session Chair: Giovanni Vigna

9:00AM-9:15AM (KST)

7:00PM-7:15PM (EST)

1:00AM-1:15AM (CET)

Keynote Q&A

9:15AM-9:20AM (KST)

7:15PM-7:20PM (EST)

1:15AM-1:20AM (CET)

Break

9:20AM-10:00AM (KST)

7:20PM-8:00PM (EST)

1:20AM-2:00AM (CET)

Session 5A-Hardware, Side Channels, and CPS 2:
Control System Security

Session Chair: Jeyavijayan Rajendran

Who's In Control? On Security Risks of Disjointed IoT Device Management Channels

Yan Jia (Nankai University & Xidian University & Indiana University Bloomington); Bin Yuan (Huazhong University of Science and Technology & Indiana University Bloomington); Luyi Xing (Indiana University Bloomington); Dongfang Zhao (Indiana University Bloomington); XiaoFeng Wang (Indiana University Bloomington); Yifan Zhang (Indiana University Bloomington); Yijing Liu (Nankai University); Kaimin Zheng (Huazhong University of Science and Technology); Peyton Crnjak (Indiana University Bloomington); Yuqing Zhang (University of Chinese Academy of Sciences & Xidian University & Hainan University); Deqing Zou (Huazhong University of Science and Technology); Hai Jin (Huazhong University of Science and Technology)

DroneKey: A Drone-Aided Group-Key Generation Scheme for Large-Scale IoT Networks

Dianqi Han (Arizona State University); Ang Li (Arizona State University); Jiawei Li (Arizona State University); Yan Zhang (Arizona State University); Tao Li (Indiana University–Purdue University Indianapolis); Yanchao Zhang (Arizona State University)

You Make Me Tremble: A First Look at Attacks Against Structural Control Systems

Abel Zambrano (Universidad de Los Andes); Alejandro Palacio Betancur (The Pennsylvania State University); Luis Burbano (University of California, Santa Cruz); Andres Felipe Niño (Universidad de Los Andes); Luis Felipe Giraldo (Universidad de Los Andes); Mariantonieta Gutierrez Soto (The Pennsylvania State University); Jairo Giraldo (University of Utah); Alvaro A. Cardenas (University of California, Santa Cruz)

MaMIoT: Manipulation of Energy Market Leveraging High Wattage IoT Botnets

Tohid Shekari (Georgia Institute of Technology); Celine Irvene (Georgia Institute of Technology); Alvaro A. Cardenas (University of California, Santa Cruz); Raheem Beyah (Georgia Institute of Technology)

Aion: Enabling Open Systems through Strong Availability Guarantees for Enclaves

Fritz Alder (KU Leuven); Jo Van Bulck (KU Leuven); Frank Piessens (KU Leuven); Jan Tobias Mühlberg (KU Leuven)

Session 5B-Network Security 3:
PKI and Access Control

Session Chair: Z. Morley Mao

Rusted Anchors: A National Client-Side View of Hidden Root CAs in the Web PKI Ecosystem

Yiming Zhang (Tsinghua University & Beijing National Research Center for Information Science and Technology); Baojun Liu (Tsinghua University); Chaoyi Lu (Tsinghua University & 360Netlab); Zhou Li (University of California, Irvine); Haixin Duan (Tsinghua University & QI-ANXIN Technology Research Institute); Jiachen Li (Tsinghua University); Zaifeng Zhang (360Netlab)

On Re-engineering the X.509 PKI with Executable Specification for Better Implementation Guarantees

Joyanta Debnath (The University of Iowa); Sze Yiu Chau (The Chinese University of Hong Kong); Omar Chowdhury (The University of Iowa)

APECS: A Distributed Access Control Framework for Pervasive Edge Computing Services

Sean Dougherty (Saint Louis University); Reza Tourani (Saint Louis University); Gaurav Panwar (New Mexico State University); Roopa Vishwanathan (New Mexico State University); Satyajayant Misra (New Mexico State University); Srikathyayani Srikanteswara (Intel Corp.)

Let's Downgrade Let's Encrypt

Tianxiang Dai (ATHENE Center & Fraunhofer SIT); Haya Shulman (ATHENE Center & Fraunhofer SIT); Michael Waidner (ATHENE Center; TU Darmstadt; & Fraunhofer SIT)

Session 5C-Applied Crypto 4:
Messaging and Privacy

Session Chair: Sri Aravinda Krishnan Thyagarajan

A Concrete Treatment of Efficient Continuous Group Key Agreement via Multi-Recipient PKEs

Keitaro Hashimoto (Tokyo Institute of Technology & AIST); Shuichi Katsumata (AIST); Eamonn Postlethwaite (CWI); Thomas Prest (PQShield SAS); Bas Westerbaan (Cloudflare)

Modular Design of Secure Group Messaging Protocols and the Security of MLS

Joël Alwen (AWS Wickr); Sandro Coretti (IOHK); Yevgeniy Dodis (New York University); Yiannis Tselekounis (University of Edinburgh)

Secure Complaint-Enabled Source-Tracking for Encrypted Messaging

Charlotte Peale (Stanford University); Saba Eskandarian (UNC Chapel Hill); Dan Boneh (Stanford University)

Fuzzy Message Detection

Gabrielle Beck (Johns Hopkins University); Julia Len (Cornell University); Ian Miers (University of Maryland); Matthew Green (Johns Hopkins University)

Meteor: Cryptographically Secure Steganography for Realistic Distributions

Gabriel Kaptchuk (Boston University); Tushar M. Jois (Johns Hopkins University); Matthew Green (Johns Hopkins University); Aviel D. Rubin (Johns Hopkins University)

Hiding the Lengths of Encrypted Messages via Gaussian Padding

Jean Paul Degabriele (Technische Universität Darmstadt)

Session 5D-Software Security 3:
Misc: Android and Vulnerabilities

Session Chair: Guliz Seray Tuncay

Android on PC: On the Security of End-user Android Emulators

Fenghao Xu (The Chinese University of Hong Kong); Siyu Shen (The Chinese University of Hong Kong); Wenrui Diao (Shandong University); Zhou Li (University of California, Irvine); Yi Chen (The Chinese University of Hong Kong); Rui Li (Shandong University); Kehuan Zhang (The Chinese University of Hong Kong)

Ghost in the Binder: Binder Transaction Redirection Attacks in Android System Services

Xiaobo Xiang (Institute of Information Engineering, Chinese Academy of Sciences; University of Chinese Academy of Sciences; Alpha Lab; and 360 Government & Enterprise Security Group); Ren Zhang (Nervos & Shandong Institute of Blockchain); Hanxiang Wen (Ant Group); Xiaorui Gong (Institute of Information Engineering, Chinese Academy of Sciences & University of Chinese Academy of Sciences); Baoxu Liu (Institute of Information Engineering, Chinese Academy of Sciences & University of Chinese Academy of Sciences)

Dissecting Residual APIs in Custom Android ROMs

Zeinab El-Rewini (University of Waterloo); Yousra Aafer (University of Waterloo)

VIP: Safeguard Value Invariant Property for Thwarting Critical Memory Corruption Attacks

Mohannad Ismail (Virginia Polytechnic Institute and State University); Jinwoo Yom (Virginia Polytechnic Institute and State University); Christopher Jelesnianski (Virginia Polytechnic Institute and State University); Yeongjin Jang (Oregon State University); Changwoo Min (Virginia Polytechnic Institute and State University)

Detecting Missed Security Operations Through Differential Checking of Object-based Similar Paths

Dinghao Liu (Zhejiang University); Qiushi Wu (University of Minnesota); Shouling Ji (Zhejiang University & Binjiang Institution of Zhejiang University); Kangjie Lu (University of Minnesota); Zhenguang Liu (Zhejiang University); Jianhai Chen (Zhejiang University); Qinming He (Zhejiang University)

10:00AM-10:40AM (KST)

8:00PM-8:40PM (EST)

2:00AM-2:40AM (CET)

Session 6A-Blockchain and Distributed Systems 2:
Consensus and Attacks

Session Chair: Ling Ren

DETER: Denial of Ethereum Txpool sERvices

Kai Li (Syracuse University); Yibo Wang (Syracuse University); Yuzhe Tang (Syracuse University)

SyncAttack: Double-spending in Bitcoin Without Mining Power

Muhammad Saad (University of Central Florida); Songqing Chen (George Mason University); David Mohaisen (University of Central Florida)

Multi-Threshold Byzantine Fault Tolerance

Atsuki Momose (Intelligent Systems Laboratory, SECOM CO., LTD. & Nagoya University); Ling Ren (University of Illinois at Urbana-Champaign)

Securing Parallel-chain Protocols under Variable Mining Power

Xuechao Wang (University of Illinois at Urbana-Champaign); Viswa Virinchi Muppirala (University of Washington at Seattle); Lei Yang (Massachusetts Institute of Technology); Sreeram Kannan (University of Washington at Seattle); Pramod Viswanath (University of Illinois at Urbana-Champaign)

BFT Protocol Forensics

Peiyao Sheng (University of Illinois at Urbana-Champaign); Gerui Wang (University of Illinois at Urbana-Champaign); Kartik Nayak (Duke University); Sreeram Kannan (University of Washington); Pramod Viswanath (University of Illinois at Urbana-Champaign)

Session 6B-Web Security 2:
Web Vulnerabilities

Session Chair: Christopher Kruegel

Supply-Chain Vulnerability Elimination via Active Learning and Regeneration

Nikos Vasilakis (Massachusetts Institute of Technology); Achilles Benetopoulos (University of California, Santa Cruz); Shivam Handa (Massachusetts Institute of Technology); Alizee Schoen (Massachusetts Institute of Technology); Jiasi Shen (Massachusetts Institute of Technology); Martin C. Rinard (Massachusetts Institute of Technology)

XSinator.com: From a Formal Model to the Automatic Evaluation of Cross-Site Leaks in Web Browsers

Lukas Knittel (Ruhr University Bochum); Christian Mainka (Ruhr University Bochum); Marcus Niemietz (Niederrhein University of Applied Sciences); Dominik Trevor Noß (Ruhr University Bochum); Jörg Schwenk (Ruhr University Bochum)

DoubleX: Statically Detecting Vulnerable Data Flows in Browser Extensions at Scale

Aurore Fass (CISPA Helmholtz Center for Information Security); Dolière Francis Somé (CISPA Helmholtz Center for Information Security); Michael Backes (CISPA Helmholtz Center for Information Security); Ben Stock (CISPA Helmholtz Center for Information Security)

T-Reqs: HTTP Request Smuggling with Differential Fuzzing

Bahruz Jabiyev (Northeastern University); Steven Sprecher (Northeastern University); Kaan Onarlioglu (Akamai Technologies); Engin Kirda (Northeastern University)

Preventing Dynamic Library Compromise on Node.js via RWX-Based Privilege Reduction

Nikos Vasilakis (Massachusetts Institute of Technology); Cristian-Alexandru Staicu (CISPA Helmholtz Center for Information Security); Grigoris Ntousakis (TU Crete); Konstantinos Kallas (University of Pennsylvania); Ben Karel (Aarno Labs); André DeHon (University of Pennsylvania); Michael Pradel (University of Stuttgart)

Spinner: Automated Dynamic Command Subsystem Perturbation

Meng Wang (University of Virginia); Chijung Jung (University of Virginia); Ali Ahad (University of Virginia); Yonghwi Kwon (University of Virginia)

Session 6C-Hardware, Side Channels, and CPS 3:
Audio Systems and Autonomous Driving

Session Chair: Qi Alfred Chen

FakeWake: Understanding and Mitigating Fake Wake-up Words of Voice Assistants

Yanjiao Chen (Zhejiang University); Yijie Bai (Zhejiang University); Richard Mitev (Technical University of Darmstadt); Kaibo Wang (Zhejiang University); Ahmad-Reza Sadeghi (Technical University of Darmstadt); Wenyuan Xu (Zhejiang University)

Robust Detection of Machine-induced Audio Attacks in Intelligent Audio Systems with Microphone Array

Zhuohang Li (University of Tennessee, Knoxville); Cong Shi (Rutgers University); Tianfang Zhang (Rutgers University); Yi Xie (Rutgers University); Jian Liu (University of Tennessee, Knoxville); Bo Yuan (Rutgers University); Yingying Chen (Rutgers University)

Glowworm Attack: Optical TEMPEST Sound Recovery via a Device’s Power Indicator LED

Ben Nassi (Ben-Gurion University of the Negev); Yaron Pirutin (Ben-Gurion University of the Negev); Tomer Galor (Ben-Gurion University of the Negev); Yuval Elovici (Ben-Gurion University of the Negev); Boris Zadov (Ben-Gurion University of the Negev)

CapSpeaker: Injecting Voices to Microphones via Capacitors

Xiaoyu Ji (Zhejiang University); Juchuan Zhang (Zhejiang University); Shui Jiang (Zhejiang University); Jishen Li (Zhejiang University); Wenyuan Xu (Zhejiang University)

I Can See the Light: Attacks on Autonomous Vehicles Using Invisible Lights

Wei Wang (University of Maryland, Baltimore County); Yao Yao (University of Maryland, Baltimore County); Xin Liu (University of Maryland, Baltimore County); Xiang Li (Cambricon SingGo); Pei Hao (University of Maryland, Baltimore County); Ting Zhu (University of Maryland, Baltimore County)

Can We Use Arbitrary Objects to Attack LiDAR Perception in Autonomous Driving?

Yi Zhu (State University of New York at Buffalo); Chenglin Miao (University of Georgia); Tianhang Zheng (University of Toronto); Foad Hajiaghajani (State University of New York at Buffalo); Lu Su (Purdue University); Chunming Qiao (State University of New York at Buffalo)

Session 6D-Applied Crypto 5:
Authentication and Privacy

Session Chair: Daniel Slamanig

A PKI-based Framework for Establishing Efficient MPC Channels

Daniel Masny (VISA Research); Gaven Watson (VISA Research)

The Security of ChaCha20-Poly1305 in the Multi-User Setting

Jean Paul Degabriele (Technische Universität Darmstadt); Jérôme Govinden (Technische Universität Darmstadt); Felix Günther (ETH Zurich); Kenneth G. Paterson (ETH Zurich)

With a Little Help from My Friends: Constructing Practical Anonymous Credentials

Lucjan Hanzlik (CISPA Helmholtz Center for Information Security); Daniel Slamanig (AIT Austrian Institute of Technology)

Key Agreement for Decentralized Secure Group Messaging with Strong Security Guarantees

Matthew Weidner (Carnegie Mellon University); Martin Kleppmann (University of Cambridge); Daniel Hugenroth (University of Cambridge); Alastair R. Beresford (University of Cambridge)

Revisiting Fuzzy Signatures: Towards a More Risk-Free Cryptographic Authentication System based on Biometrics

Shuichi Katsumata (AIST); Takahiro Matsuda (AIST); Wataru Nakamura (Hitachi, Ltd.); Kazuma Ohara (AIST); Kenta Takahashi (Hitachi, Ltd.)

On the (In)Security of ElGamal in OpenPGP

Luca De Feo (IBM Research Europe - Zurich); Bertram Poettering (IBM Research Europe - Zurich); Alessandro Sorniotti (IBM Research Europe - Zurich)

10:40AM-11:20AM (KST)

8:40PM-9:20PM (EST)

2:40AM-3:20AM (CET)

Session 7A-Machine Learning and Security 3:
Privacy Attacks and Defenses for ML

Session Chair: Bo Li

EncoderMI: Membership Inference against Pre-trained Encoders in Contrastive Learning

Hongbin Liu (Duke University); Jinyuan Jia (Duke University); Wenjie Qu (Huazhong University of Science and Technology); Neil Zhenqiang Gong (Duke University)

TableGAN-MCA: Evaluating Membership Collisions of GAN-Synthesized Tabular Data Releasing

Aoting Hu (Southeast University); Renjie Xie (Southeast University); Zhigang Lu (Macquarie University); Aiqun Hu (Southeast University); Minhui Xue (The University of Adelaide)

Unleashing the Tiger: Inference Attacks on Split Learning

Dario Pasquini (Sapienza University of Rome & Institute of Applied Computing, IAC-CNR); Giuseppe Ateniese (George Mason University); Massimo Bernaschi (Institute of Applied Computing, IAC-CNR)

Locally Private Graph Neural Networks

Sina Sajadmanesh (Idiap Research Institute & EPFL); Daniel Gatica-Perez (Idiap Research Institute & EPFL)

DataLens: Scalable Privacy Preserving Training via Gradient Compression and Aggregation

Boxin Wang (University of Illinois at Urbana-Champaign); Fan Wu (University of Illinois at Urbana-Champaign); Yunhui Long (University of Illinois at Urbana-Champaign); Luka Rimanic (ETH Zürich); Ce Zhang (ETH Zürich); Bo Li (University of Illinois at Urbana-Champaign)

Session 7B-Software Security 4:
Fuzzing

Session Chair: Kangjie Lu

Regression Greybox Fuzzing

Xiaogang Zhu (Swinburne University of Technology); Marcel Böhme (Monash University)

MirChecker: Detecting Bugs in Rust Programs via Static Analysis

Zhuohua Li (The Chinese University of Hong Kong); Jincheng Wang (The Chinese University of Hong Kong); Mingshen Sun (Baidu Security); John C.S. Lui (The Chinese University of Hong Kong)

V-Shuttle: Scalable and Semantics-Aware Hypervisor Virtual Device Fuzzing

Gaoning Pan (Zhejiang University & Ant Group); Xingwei Lin (Ant Group); Xuhong Zhang (Zhejiang University & Binjiang Institute of Zhejiang University); Yongkang Jia (Zhejiang University); Shouling Ji (Zhejiang University & Binjiang Institute of Zhejiang University); Chunming Wu (Zhejiang University); Xinlei Ying (Ant Group); Jiashui Wang (Ant Group); Yanjun Wu (Institute of Software, Chinese Academy of Sciences)

Hardware Support to Improve Fuzzing Performance and Precision

Ren Ding (Georgia Institute of Technology); Yonghae Kim (Georgia Institute of Technology); Fan Sang (Georgia Institute of Technology); Wen Xu (Georgia Institute of Technology); Gururaj Saileshwar (Georgia Institute of Technology); Taesoo Kim (Georgia Institute of Technology)

SoFi: Reflection-Augmented Fuzzing for JavaScript Engines

Xiaoyu He (Institute of Information Engineering, Chinese Academy of Sciences & University of Chinese Academy of Sciences); Xiaofei Xie (Nanyang Technological University); Yuekang Li (Nanyang Technological University); Jianwen Sun (Huawei Technologies); Feng Li (Institute of Information Engineering, Chinese Academy of Sciences & University of Chinese Academy of Sciences); Wei Zou (Institute of Information Engineering, Chinese Academy of Sciences & University of Chinese Academy of Sciences); Yang Liu (Nanyang Technological University); Lei Yu (Institute of Information Engineering, Chinese Academy of Sciences & University of Chinese Academy of Sciences); Jianhua Zhou (Institute of Information Engineering, Chinese Academy of Sciences & University of Chinese Academy of Sciences); Wenchang Shi (Renmin University of China); Wei Huo (Institute of Information Engineering, Chinese Academy of Sciences & University of Chinese Academy of Sciences)

Session 7C-Applied Crypto 6:
Database and Privacy

Session Chair: Mayank Varia

Reconstructing with Less: Leakage Abuse Attacks in Two Dimensions

Evangelia Anna Markatou (Brown University); Francesca Falzon (University of Chicago); Roberto Tamassia (Brown University); William Schor (Brown University)

Epsolute: Efficiently Querying Databases While Providing Differential Privacy

Dmytro Bogatov (Boston University); Georgios Kellaris (Independent Researcher); George Kollios (Boston University); Kobbi Nissim (Georgetown University); Adam O'Neill (University of Massachusetts, Amherst)

Compressed Oblivious Encoding for Homomorphically Encrypted Search

Seung Geol Choi (United States Naval Academy); Dana Dachman-Soled (University of Maryland); S. Dov Gordon (George Mason University); Linsheng Liu (George Washington University); Arkady Yerukhimovich (George Washington University)

OnionPIR: Response Efficient Single-Server PIR

Muhammad Haris Mughees (University of Illinois at Urbana-Champaign); Hao Chen (Facebook); Ling Ren (University of Illinois at Urbana-Champaign)

Session 7D-Privacy and Anonymity 3:
Privacy for Distributed Data and Federated Learning

Session Chair: Matthew Jagielski

LEAP: Leakage-Abuse Attack on Efficiently Deployable, Efficiently Searchable Encryption with Partially Known Dataset

Jianting Ning (Fujian Normal University & Singapore Management University); Xinyi Huang (Fujian Normal University); Geong Sen Poh (Nanyang Technological University); Jiaming Yuan (University of Oregon); Yingjiu Li (University of Oregon); Jian Weng (Jinan University); Robert H. Deng (Singapore Management University)

On the Renyi Differential Privacy of the Shuffle Model

Antonious M. Girgis (University of California, Los Angeles); Deepesh Data (University of California, Los Angeles); Suhas Diggavi (University of California Los Angeles, USA); Ananda Theertha Suresh (Google Research); Peter Kairouz (Google Research)

Private Hierarchical Clustering in Federated Networks

Aashish Kolluri (National University of Singapore); Teodora Baluta (National University of Singapore); Prateek Saxena (National University of Singapore)

Secure Multi-party Computation of Differentially Private Heavy Hitters

Jonas Böhler (SAP Security Research); Florian Kerschbaum (University of Waterloo)

11:20AM-12:00PM (KST)

9:20PM-10:00PM (EST)

3:20AM-4:00AM (CET)

Session 8: Poster and Demo Session 1

Session Chair: Esha Ghosh
Detailed schedules can be found here.

12:00PM-12:40PM (KST)

10:00PM-10:40PM (EST)

4:00AM-4:40AM (CET)

Session 9: Poster and Demo Session 2

Session Chair: Esha Ghosh
Detailed schedules can be found here.

Day 3: Thursday, Nov 18 (KST/CET) and Wednesday, Nov 17 (EST)

8:00AM-8:15AM (KST)

6:00PM-6:15PM (EST)

12:00AM-12:15AM (CET)

Opening Remarks:
CCS'21 Welcome Event & CCS'22 Venue Announcement

8:15AM-9:00AM (KST)

6:15PM-7:00PM (EST)

12:15AM-1:00AM (CET)

Keynote: Are we done yet? Our journey to fight against memory-safety bugs
Taesoo Kim (Georgia Institute of Technology & Samsung Research)

Session Chair: Yongdae Kim

9:00AM-9:15AM (KST)

7:00PM-7:15PM (EST)

1:00AM-1:15AM (CET)

Keynote Q&A

9:15AM-9:20AM (KST)

7:15PM-7:20PM (EST)

1:15AM-1:20AM (CET)

Break

9:20AM-10:00AM (KST)

7:20PM-8:00PM (EST)

1:20AM-2:00AM (CET)

Session 10A-Software Security 5:
Crypto, Symbols and Obfuscation

Session Chair: Mathy Vanhoef

Util::Lookup: Exploiting Key Decoding in Cryptographic Libraries

Florian Sieck (University of Lübeck); Sebastian Berndt (University of Lübeck); Jan Wichelmann (University of Lübeck); Thomas Eisenbarth (University of Lübeck)

Morpheus: Bringing The (PKCS) One To Meet the Oracle

Moosa Yahyazadeh (The University of Iowa); Sze Yiu Chau (The Chinese University of Hong Kong); Li Li (Syracuse University); Man Hong Hue (The Chinese University of Hong Kong); Joyanta Debnath (The University of Iowa); Sheung Chiu Ip (The Chinese University of Hong Kong); Chun Ngai Li (The Chinese University of Hong Kong); Endadul Hoque (Syracuse University); Omar Chowdhury (The University of Iowa)

PARASITE: PAssword Recovery Attack against Srp Implementations in ThE wild

Daniel De Almeida Braga (Univ Rennes, CNRS, IRISA); Pierre-Alain Fouque (Univ Rennes, CNRS, IRISA); Mohamed Sabt (Univ Rennes, CNRS, IRISA)

Search-Based Local Black-Box Deobfuscation: Understand, Improve and Mitigate

Grégoire Menguy (Université Paris-Saclay, CEA, List); Sébastien Bardin (Université Paris-Saclay, CEA, List); Richard Bonichon (Nomadic Labs); Cauim de Souza Lima (Université Paris-Saclay, CEA, List)

Learning to Explore Paths for Symbolic Execution

Jingxuan He (ETH Zurich); Gishor Sivanrupan (ETH Zurich); Petar Tsankov (ETH Zurich); Martin Vechev (ETH Zurich)

Session 10B-Formal Methods and PL 2:
Crypto and Protocol Security

Session Chair: Catherine Meadows

Mechanized Proofs of Adversarial Complexity and Application to Universal Composability

Manuel Barbosa (University of Porto (FCUP) & INESC TEC); Gilles Barthe (MPI-SP & IMDEA Software Institute); Benjamin Grégoire (Inria - Université Côte d’Azur); Adrien Koutsos (Inria); Pierre-Yves Strub (Institut Polytechnique de Paris)

EasyPQC: Verifying Post-Quantum Cryptography

Manuel Barbosa (University of Porto (FCUP) and INESC TEC); Gilles Barthe (MPI-SP and IMDEA Software Institute); Xiong Fan (Algorand, Inc.); Benjamin Grégoire (INRIA); Shih-Han Hung (University of Texas); Jonathan Katz (University of Maryland); Pierre-Yves Strub (École Polytechnique); Xiaodi Wu (University of Maryland); Li Zhou (MPI-SP)

Machine-checked ZKP for NP relations: Formally Verified Security Proofs and Implementations of MPC-in-the-Head

José Bacelar Almeida (University of Minho & INESC TEC); Manuel Barbosa (University of Porto (FCUP) & INESC TEC); Manuel L. Correia (University of Porto (FCUP) & INESC TEC); Karim Eldefrawy (SRI International); Stéphane Graham-Lengrand (SRI International); Hugo Pacheco (University of Porto (FCUP) & INESC TEC); Vitor Pereira (SRI International)

An In-Depth Symbolic Security Analysis of the ACME Standard

Karthikeyan Bhargavan (INRIA Paris); Abhishek Bichhawat (IIT Gandhinagar); Quoc Huy Do (University of Stuttgart & GLIWA GmbH); Pedram Hosseyni (University of Stuttgart); Ralf Küsters (University of Stuttgart); Guido Schmitz (University of Stuttgart and Royal Holloway University of London); Tim Würtele (University of Stuttgart)

Biometrics-Authenticated Key Exchange for Secure Messaging

Mei Wang (Wuhan University); Kun He (Wuhan University); Jing Chen (Wuhan University); Zengpeng Li (Shandong University); Wei Zhao (Science and Technology on Communication Security Laboratory); Ruiying Du (Wuhan University)

Verifying Table-Based Elections

David Basin (ETH Zurich); Jannik Dreier (Universite de Lorraine, CNRS, Inria, LORIA); Sofia Giampietro (ETH Zurich); Sasa Radomirović (Heriot-Watt University)

Session 10C-Applied Crypto 7:
Foundations

Session Chair: Nishanth Chandran

Efficient CCA Timed Commitments in Class Groups

Sri AravindaKrishnan Thyagarajan (Friedrich Alexander Universität Erlangen-Nürnberg); Guilhem Castagnos (Université de Bordeaux, INRIA, CNRS); Fabian Laguillaumie (LIRMM, Université of Montpellier, CNRS); Giulio Malavolta (Max Planck Institute for Security and Privacy)

MPC-Friendly Commitments for Publicly Verifiable Covert Security

Nitin Agrawal (University of Oxford); James Bell (The Alan Turing Institute); Adrià Gascón (Google); Matt J. Kusner (University College London)

Asynchronous Data Dissemination and its Applications

Sourav Das (University of Illinois at Urbana-Champaign); Zhuolun Xiang (University of Illinois at Urbana-Champaign); Ling Ren (University of Illinois at Urbana-Champaign)

Faster Lattice-Based KEMs via a Generic Fujisaki-Okamoto Transform Using Prefix Hashing

Julien Duman (Ruhr-Universität Bochum); Kathrin Hövelmanns (Eindhoven University of Technology); Eike Kiltz (Ruhr-Universität Bochum); Vadim Lyubashevsky (IBM Research Europe); Gregor Seiler (IBM Research Europe & ETH Zurich)

PPE Circuits for Rational Polynomials

Susan Hohenberger (Johns Hopkins University); Satyanarayana Vusirikala (University of Texas at Austin)

Amortized Threshold Symmetric-key Encryption

Mihai Christodorescu (Visa Research); Sivanarayana Gaddam (C3 Inc.); Pratyay Mukherjee (Visa Research); Rohit Sinha (Swirlds Inc.)

Session 10D-Privacy and Anonymity 4:
Applied Privacy

Session Chair: Zhigang Lu

The Invisible Shadow: How Security Cameras Leak Private Activities

Jian Gong (Central South University); Xinyu Zhang (University of California San Diego); Ju Ren (Tsinghua University); Yaoxue Zhang (Tsinghua University)

The One-Page Setting: A Higher Standard for Evaluating Website Fingerprinting Defenses

Tao Wang (Simon Fraser University)

WristPrint: Characterizing User Re-identification Risks from Wrist-worn Accelerometry Data

Nazir Saleheen (University of Memphis); Md Azim Ullah (University of Memphis); Supriyo Chakraborty (IBM T. J. Watson Research Center); Deniz S. Ones (University of Minnesota); Mani Srivastava (University of California, Los Angeles); Santosh Kumar (University of Memphis)

Consistency Analysis of Data-Usage Purposes in Mobile Apps

Duc Bui (University of Michigan); Yuan Yao (University of Michigan); Kang G. Shin (University of Michigan); Jong-Min Choi (Samsung Research); Junbum Shin (CryptoLab)

SugarCoat: Programmatically Generating Privacy-Preserving, Web-Compatible Resource Replacements for Content Blocking

Michael Smith (University of California, San Diego); Pete Snyder (Brave Software); Benjamin Livshits (Brave Software); Deian Stefan (University of California, San Diego)

10:00AM-10:40AM (KST)

8:00PM-8:40PM (EST)

2:00AM-2:40AM (CET)

Session 11A-Hardware, Side Channels, and CPS 4:
Attestation and Firmware Security

Session Chair: Jonathan McCune

Towards Transparent and Stealthy Android OS Sandboxing via Customizable Container-Based Virtualization

Wenna Song (Wuhan University); Jiang Ming (University of Texas at Arlington); Lin Jiang (Independent Researcher); Yi Xiang (Wuhan University); Xuanchen Pan (Wuhan Antiy Information Technology); Jianming Fu (Wuhan University); Guojun Peng (Wuhan University)

One Glitch to Rule Them All: Fault Injection Attacks Against AMD’s Secure Encrypted Virtualization

Robert Buhren (Technische Universität Berlin - SECT); Hans-Niklas Jacob (Technische Universität Berlin - SECT); Thilo Krachenfels (Technische Universität Berlin - SECT); Jean-Pierre Seifert (Technische Universität Berlin - SECT & Fraunhofer SIT)

RealSWATT: Remote Software-based Attestation for Embedded Devices under Realtime Constraints

Sebastian Surminski (University of Duisburg-Essen); Christian Niesler (University of Duisburg-Essen); Ferdinand Brasser (Technical University Darmstadt); Lucas Davi (University of Duisburg-Essen); Ahmad-Reza Sadeghi (Technical University Darmstadt)

Prime+Scope: Overcoming the Observer Effect for High-Precision Cache Contention Attacks

Antoon Purnal (imec-COSIC, KU Leuven); Furkan Turan (imec-COSIC, KU Leuven); Ingrid Verbauwhede (imec-COSIC, KU Leuven)

On the TOCTOU Problem in Remote Attestation

Ivan De Oliveira Nunes (Rochester Institute of Technology); Sashidhar Jakkamsetti (University of California, Irvine); Norrathep Rattanavipanon (Prince of Songkla University); Gene Tsudik (University of California, Irvine)

CrossLine: Breaking "Security-by-Crash" based Memory Isolation in AMD SEV

Mengyuan Li (The Ohio State University); Yinqian Zhang (Southern University of Science and Technology); Zhiqiang Lin (The Ohio State University)

Session 11B-Applied Crypto 8:
Zero Knowledge II

Session Chair: Benedikt Bunz

Zero Knowledge Static Program Analysis

Zhiyong Fang (Texas A&M University); David Darais (Galois, Inc); Joseph P. Near (University of Vermont); Yupeng Zhang (Texas A&M University)

zkCNN: Zero Knowledge Proofs for Convolutional Neural Network Predictions and Accuracy

Tianyi Liu (Texas A&M University & Shanghai Key Laboratory of Privacy-Preserving Computation); Xiang Xie (Shanghai Key Laboratory of Privacy-Preserving Computation); Yupeng Zhang (Texas A&M University)

QuickSilver: Efficient and Affordable Zero-Knowledge Proofs for Circuits and Polynomials over Any Field

Kang Yang (State Key Laboratory of Cryptology); Pratik Sarkar (Boston University); Chenkai Weng (Northwestern University); Xiao Wang (Northwestern University)

ZKCPlus: Optimized Fair-exchange Protocol Supporting Practical and Flexible Data Exchange

Yun Li (Institute for Network Sciences and Cyberspace of Tsinghua University); Cun Ye (K-Orange/SECBIT Labs); Yuguang Hu (SECBIT Labs); Ivring Morpheus (SECBIT Labs); Yu Guo (SECBIT Labs); Chao Zhang (Institute for Network Science and Cyberspace of Tsinghua University); Yupeng Zhang (Texas A&M University); Zhipeng Sun (SECBIT Labs); Yiwen Lu (SECBIT Labs); Haodi Wang (Beijing Normal University)

Limbo: Efficient Zero-knowledge MPCitH-based Arguments

Cyprien Delpech de Saint Guilhem (KU Leuven); Emmanuela Orsini (KU Leuven); Titouan Tanguy (KU Leuven)

Session 11C-Usability and Measurement 2:
Software Development and Analysis

Session Chair: Ziming Zhao

"I need a better description": An Investigation Into User Expectations For Differential Privacy

Rachel Cummings (Columbia University); Gabriel Kaptchuk (Boston University); Elissa M. Redmiles (Max Planck Institute for Software Systems)

An Inside Look into the Practice of Malware Analysis

Miuyin Yong Wong (Georgia Institute of Technology); Matthew Landen (Georgia Institute of Technology); Manos Antonakakis (Georgia Institute of Technology); Douglas M. Blough (Georgia Institute of Technology); Elissa M. Redmiles (Max Planck Institute for Software Systems); Mustaque Ahamad (Georgia Institute of Technology)

The Effect of Google Search on Software Security: Unobtrusive Security Interventions via Content Re-ranking

Felix Fischer (Technical University Munich); Yannick Stachelscheid (Technical University Munich); Jens Grossklags (Technical University Munich)

12 Angry Developers – A Qualitative Study on Developers’ Struggles with CSP

Sebastian Roth (CISPA Helmholtz Center for Information Security & Saarland University); Lea Gröber (CISPA Helmholtz Center for Information Security & Saarland University); Michael Backes (CISPA Helmholtz Center for Information Security); Katharina Krombholz (CISPA Helmholtz Center for Information Security); Ben Stock (CISPA Helmholtz Center for Information Security)

Session 11D-Machine Learning and Security 4:
Data Poisoning and Backdoor Attacks in ML

Session Chair: Jason Xue

Subpopulation Data Poisoning Attacks

Matthew Jagielski (Northeastern University); Giorgio Severi (Northeastern University); Niklas Pousette Harger (Northeastern University); Alina Oprea (Northeastern University)

Hidden Backdoors in Human-Centric Language Models

Shaofeng Li (Shanghai Jiao Tong University); Hui Liu (Shanghai Jiao Tong University); Tian Dong (Shanghai Jiao Tong University); Benjamin Zi Hao Zhao (The University of New South Wales & CSIRO-Data61); Minhui Xue (The University of Adelaide); Haojin Zhu (Shanghai Jiao Tong University); Jialiang Lu (Shanghai Jiao Tong University)

Backdoor Pre-trained Models Can Transfer to All

Lujia Shen (Zhejiang University); Shouling Ji (Zhejiang University); Xuhong Zhang (Zhejiang University); Jinfeng Li (Zhejiang University); Jing Chen (Wuhan University); Jie Shi (Huawei International, Singapore); Chengfang Fang (Huawei International, Singapore); Jianwei Yin (Zhejiang University); Ting Wang (Pennsylvania State University)

Feature-Indistinguishable Attack to Circumvent Trapdoor-Enabled Defense

Chaoxiang He (Huazhong University of Science and Technology); Bin Benjamin Zhu (Microsoft Research Asia); Xiaojing Ma (Huazhong University of Science and Technology); Hai Jin (Huazhong University of Science and Technology); Shengshan Hu (Huazhong University of Science and Technology)

DetectorGuard: Provably Securing Object Detectors against Localized Patch Hiding Attacks

Chong Xiang (Princeton University); Prateek Mittal (Princeton University)

10:40AM-11:20AM (KST)

8:40PM-9:20PM (EST)

2:40AM-3:20AM (CET)

Break

11:20AM-12:00PM (KST)

9:20PM-10:00PM (EST)

3:20AM-4:00AM (CET)

Session 12A-Machine Learning and Security 5:
Applications and Privacy of ML

Session Chair: Yizheng Chen

DeepAID: Interpreting and Improving Deep Learning-based Anomaly Detection in Security Applications

Dongqi Han (Tsinghua University); Zhiliang Wang (Tsinghua University); Wenqi Chen (Tsinghua University); Ying Zhong (Tsinghua University); Su Wang (Tsinghua University); Han Zhang (Tsinghua University); Jiahai Yang (Tsinghua University); Xingang Shi (Tsinghua University); Xia Yin (Tsinghua University)

Structural Attack against Graph Based Android Malware Detection

Kaifa Zhao (The Hong Kong Polytechnic University); Hao Zhou (The Hong Kong Polytechnic University); Yulin Zhu (The Hong Kong Polytechnic University); Xian Zhan (The Hong Kong Polytechnic University); Kai Zhou (The Hong Kong Polytechnic University); Jianfeng Li (The Hong Kong Polytechnic University); Le Yu (The Hong Kong Polytechnic University); Wei Yuan (Huazhong University of Science and Technology); Xiapu Luo (The Hong Kong Polytechnic University)

PalmTree: Learning an Assembly Language Model for Instruction Embedding

Xuezixiang Li (University of California, Riverside); Yu Qu (University of California, Riverside); Heng Yin (University of California, Riverside)

A One-Pass Distributed and Private Sketch for Kernel Sums with Applications to Machine Learning at Scale

Benjamin Coleman (Rice University); Anshumali Shrivastava (Rice University)

COINN: Crypto/ML Codesign for Oblivious Inference via Neural Networks

Siam Umar Hussain (University of California, San Diego); Mojan Javaheripi (University of California, San Diego); Mohammad Samragh (University of California, San Diego); Farinaz Koushanfar (University of California, San Diego)

Session 12B-Software Security 6:
Analyzing Crashes and Incidents

Session Chair: Deian Stefan

Locating the Security Patches for Disclosed OSS Vulnerabilities with Vulnerability-Commit Correlation Ranking

Xin Tan (Fudan University); Yuan Zhang (Fudan University); Chenyuan Mi (Fudan University); Jiajun Cao (Fudan University); Kun Sun (George Mason University); Yifan Lin (Fudan University); Min Yang (Fudan University)

Facilitating Vulnerability Assessment through PoC Migration

Jiarun Dai (Fudan University); Yuan Zhang (Fudan University); Hailong Xu (Fudan University); Haiming Lyu (Fudan University); Zicheng Wu (Fudan University); Xinyu Xing (Pennsylvania State University); Min Yang (Fudan University)

Igor: Crash Deduplication Through Root-Cause Clustering

Zhiyuan Jiang (National University of Defense Technology); Xiyue Jiang (National University of Defense Technology); Ahmad Hazimeh (EPFL); Chaojing Tang (National University of Defense Technology); Chao Zhang (Tsinghua University); Mathias Payer (EPFL)

Validating the Integrity of Audit Logs Against Execution Repartitioning Attacks

Carter Yagemann (Georgia Institute of Technology); Mohammad A Noureddine (Rose-Hulman Institute of Technology); Wajih Ul Hassan (University of Illinois Urbana-Champaign); Simon Chung (Georgia Institute of Technology); Adam Bates (University of Illinois Urbana-Champaign); Wenke Lee (Georgia Institute of Technology)

C3PO: Large-Scale Study Of Covert Monitoring of C&C Servers via Over-Permissioned Protocol Infiltration

Jonathan Fuller (Georgia Institute of Technology); Ranjita Pai Kasturi (Georgia Institute of Technology); Amit Sikder (Georgia Institute of Technology); Haichuan Xu (Georgia Institute of Technology); Berat Arik (Georgia Institute of Technology); Vivek Verma (Georgia Institute of Technology); Ehsan Asdar (Georgia Institute of Technology); Brendan Saltaformaggio (Georgia Institute of Technology)

Session 12C-Network Security 4:
Traffic Analysis and Side Channels

Session Chair: Tobias Fiebig

New Directions in Automated Traffic Analysis

Jordan Holland (Princeton University); Paul Schmitt (Princeton University); Nick Feamster (University of Chicago); Prateek Mittal (Princeton University)

Themis: Ambiguity-Aware Network Intrusion Detection based on Symbolic Model Comparison

Zhongjie Wang (University of California, Riverside); Shitong Zhu (University of California, Riverside); Keyu Man (University of California, Riverside); Pengxiong Zhu (University of California, Riverside); Yu Hao (University of California, Riverside); Zhiyun Qian (University of California, Riverside); Srikanth V. Krishnamurthy (University of California, Riverside); Tom La Porta (Pennsylvania State University); Michael J. De Lucia (U.S. Army Research Laboratory)

DNS Cache Poisoning Attack: Resurrections with Side Channels

Keyu Man (University of California, Riverside); Xin'an Zhou (University of California, Riverside); Zhiyun Qian (University of California, Riverside)

Packet Scheduling with Optional Client Privacy

Andrew Beams (University of Pennsylvania); Sampath Kannan (University of Pennsylvania); Sebastian Angel (University of Pennsylvania &: Microsoft Research)

Realtime Robust Malicious Traffic Detection via Frequency Domain Analysis

Chuanpu Fu (Tsinghua University); Qi Li (Tsinghua University & Beijing National Research Center for Information Science and Technology (BNRist), Tsinghua University); Meng Shen (Beijing Institute of Technology); Ke Xu (Tsinghua University & Beijing National Research Center for Information Science and Technology (BNRist), Tsinghua University & Peng Cheng Laboratory)

Session 12D-Blockchain and Distributed Systems 3:
Decentralized Cryptographic Protocols

Session Chair: Fan Zhang

OpenSquare: Decentralized Repeated Modular Squaring Service

Sri Aravinda Krishnan Thyagarajan (Friedrich Alexander Universität Erlangen-Nuremberg); Tiantian Gong (Purdue University); Adithya Bhat (Purdue University); Aniket Kate (Purdue University); Dominique Schröder (Friedrich-Alexander Universität Erlangen-Nürnberg)

Generalized Proof of Liabilities

Yan Ji (Cornell Tech & IC3); Konstantinos Chalkias (Novi / Facebook)

Mining in Logarithmic Space

Aggelos Kiayias (University of Edinburgh & IOHK); Nikos Leonardos (University of Athens); Dionysis Zindros (University of Athens)

RandPiper – Reconfiguration-Friendly Random Beacons with Quadratic Communication

Adithya Bhat (Purdue University); Nibesh Shrestha (Rochester Institute of Technology); Zhongtang Luo (Purdue University); Aniket Kate (Purdue University); Kartik Nayak (Duke University)

12:00PM-1:00PM (KST)

10:00PM-11:00AM (EST)

4:00AM-5:00PM (CET)

SIGSAC Award Ceremony and Business Meeting

© 2020-2021 ACM/SIGSAC. All Rights Reserved.