Keynote Speakers

Adrian Perrig

ETH Zurich

Dawn Song

University of California, Berkeley

Gene Tsudik

UC Irvine

Accepted Papers

NativeX: Native Executioner Freezes Android
Qinsheng Hou (QI-ANXIN Technology Research Institute & Legendsec Information Technology (Beijing) Inc.); Yao Cheng (Huawei International); Lingyun Ying (QI-ANXIN Technology Research Institute & University of Chinese Academy of Sciences)

To Get Lost is to Learn the Way: Automatically Collecting Multi-step Social Engineering Attacks on the Web
Takashi Koide, Daiki Chiba, and Mitsuaki Akiyama (NTT Secure Platform Laboratories)

Adversarial Attack against Deep Reinforcement Learning with Static Reward Impact Map
Patrick P. K. Chan, Yaxuan Wang, and Daniel S. Yeung (South China University of Technology)

Measuring the Impact of the GDPR on Data Sharing in Ad Networks
Tobias Urban (Insitute for Internet Security; Westphalian University of Applied Sciences); Dennis Tatang, Martin Degeling, and Thorsten Holz (Ruhr University Bochum; Horst Görtz Institute for IT Security); Norbert Pohlmann (Insitute for Internet Security; Westphalian University of Applied Sciences)

LiS: Lightweight Signature Schemes for Continuous Message Authentication in Cyber-Physical Systems
Zheng Yang (Singapore University of Technology and Design); Chenglu Jin (University of Connecticut); Yangguang Tian (Singapore Management University); Junyu Lai (University of Electronic Science and Technology of China); Jianying Zhou (Singapore University of Technology and Design)

CORSICA: Cross-Origin Web Service Identification
Christian Dresen, Fabian Ising, Damian Poddebniak, and Tobias Kappert (Münster University of Applied Sciences); Thorsten Holz (Ruhr-University Bochum); Sebastian Schinzel (Münster University of Applied Sciences)

Formal Analysis and Implementation of a TPM 2.0-based Direct Anonymous Attestation Scheme
Stephan Wesemeyer (University of Surrey); Helen Treharne (Surrey Centre for Cyber Security, University of Surrey, UK); Liqun Chen and Christopher Newton (University of Surrey); Ralf Sasse (ETH Zürich); Jorden Whitefield (Ericsson)

Revisiting Shared Data Protection Against Key Exposure
Gerard Memmi, Katarzyna Kapusta, and Matthieu Rambaud (Telecom Paris - LTCI - IPP)

Fail-safe Watchtowers and Short-lived Assertions for Payment Channels
Bowen Liu and Pawel Szalachowski (Singapore University of Technology and Design, Singapore); Siwei Sun (Institute of Information Engineering, Chinese Academy of Sciences)

Inspecting TLS Anytime Anywhere: A New Approach to TLS Interception
Joonsang Baek, Jongkil Kim, and Willy Susilo (University of Wollongong)

Hunting Sybils in Participatory Mobile Consensus-Based Networks
Nickolai Verchok and Alex Orailoglu (University of California, San Diego)

DISKSHIELD: A Data Tamper-Resistant Storage for Intel SGX
Jinwoo Ahn (Sogang University); Junghee Lee (Korea University); Yungwoo Ko, Donghyun Min, Jiyun Park, Sungyong Park, and Youngjae Kim (Sogang University)

Assessing the Impact of Script Gadgets on CSP at Scale
Sebastian Roth, Michael Backes, and Ben Stock (CISPA Helmholtz Center for Information Security)

BOTection: Bot Detection by Building Markov Chain Models of Bots Network Behavior
Bushra Alahmadi (University of Oxford); Enrico Mariconti (University College London); Riccardo Spolaor (University of Oxford); Gianluca Stringhini (Boston University); Ivan Martinovic (University of Oxford)

Preparing Network Intrusion Detection Deep Learning Models with Minimal Data Using Adversarial Domain Adaptation
Ankush Singla and Elisa Bertino (Purdue University); Dinesh Verma (IBM Research)

Investigating MMM Ponzi scheme on Bitcoin
Yazan Boshmaf (Qatar Computing Research Institute, HBKU); Charitha Elvitigala (University of Colombo); Husam Al Jawaheri (University of Luxembourg); Primal Wijesekera (University of California, Berkeley); Mashael Al Sabah (Qatar Computing Research Institute, HBKU)

Catch You If You Deceive Me: Verifiable and Privacy-Aware Truth Discovery in Crowdsensing Systems
Guowen Xu and Hongwei Li (University of Electronic Science and Technology of China); Shengmin Xu (Secure Mobile Center, Singapore Management University); Hao Ren (University of Electronic Science and Technology of China); Yinghui Zhang (Singapore Management University); Jianfei Sun (University of Electronic Science and Technology of China); Robert H. Deng (School of Information Systems, Singapore Management University, Singapore)

Cybersecurity Event Detection with New and Re-emerging Words
Hyejin Shin, Woochul Shim, Jiin Moon, Jaewoo Seo, Sol Lee, and Yong Ho Hwang (Samsung Research)

Creating Character-based Templates for Log Data to Enable Security Event Classification
Markus Wurzenberger, Georg Höld, Max Landauer, and Florian Skopik (AIT Austrian Institute of Technology GmbH); Wolfgang Kastner (Vienna University of Technology)

The Lazarus Effect: Healing Compromised Devices in the Internet of Small Things
Manuel Huber, Stefan Hristozov, Simon Ott, and Vasil Sarafov (Fraunhofer AISEC); Marcus Peinado (Microsoft Research)

Privacy-Preserving OpenID Connect
Sven Hammann, Ralf Sasse, and David Basin (ETH Zürich)

Post-Quantum TLS on Embedded Systems - Integrating and Evaluating Kyber and SPHINCS + with mbed TLS
Kevin Bürstinghaus-Steinbach (SEW-EURODRIVE); Christoph Krauß and Ruben Niederhagen (Fraunhofer SIT); Michael Schneider (unaffiliated)

AuthCTC: Defending Against Waveform Emulation Attack in Heterogeneous IoT Environments
Sihan Yu, Xiaonan Zhang, Pei Huang, Linke Guo, Long Cheng, and Kuangching Wang (Clemson University)

DeepPower: Non-intrusive Detection of IoT Malware using Power Side Channels
Fei Ding, Hongda Li, Feng Luo, Hongxin Hu, Long Cheng, Hai Xiao, and Rong Ge (Clemson University)

Assessing the Privacy Benefits of Domain Name Encryption
Nguyen Phong Hoang (Stony Brook University); Arian Akhavan Niaki (University of Massachusetts Amherst); Nikita Borisov (UIUC); Phillipa Gill (University of Massachusetts Amherst); Michalis Polychronakis (Stony Brook University)

Utilizing Public Blockchains for the Sybil-Resistant Bootstrapping of Distributed Anonymity Services
Roman Matzutt, Jan Pennekamp, Erik Buchholz, and Klaus Wehrle (Communication and Distributed Systems, RWTH Aachen University)

I came, I saw, I hacked: Automated Generation of Process-independent Attacks for Industrial Control Systems
Esha Sarkar (Tandon School of Engineering, New York University); Hadjer Benkraouda and Michail Maniatakos (Center for Cybersecurity, New York University Abu Dhabi)

Membership Encoding for Deep Learning
Congzheng Song (Cornell); Reza Shokri (National University of Singapore (NUS))

Your Smart Home Can't Keep a Secret: Towards Automated Fingerprinting of IoT Traffic
Shuaike Dong (The Chinese University of Hong Kong); Zhou Li (University of California, Irvine); Di Tang (The Chinese University of Hong Kong); Jiongyi Chen (National University of Defense Technology); Menghan Sun and Kehuan Zhang (The Chinese University of Hong Kong)

SirenAttack: Generating Adversarial Audio for End-to-End Acoustic Systems
Tianyu Du, Shouling Ji, and Jinfeng Li (Zhejiang University); Qinchen Gu (Georgia Institute of Technology); Ting Wang (Pennsylvania State University); Raheem Beyah (Georgia Institute of Technology)

It all Started with Compression: Another Look at Reconciliation Mechanism
Tianyuan Xie (Academy of Mathematics and Systems Science, Chinese Academy of Sciences; University of Chinese Academy of Sciences); Yanbin Pan (AMSS,CAS)

Detecting Unsafe Code Patterns in Industrial Robot Programs
Marcello Pogliani (Politecnico di Milano); Federico Maggi and Marco Balduzzi (Trend Micro Research); Davide Quarta (Eurecom); Stefano Zanero (Politecnico di Milano)

PathAFL: Path-Coverage Assisted Fuzzing
Shengbo Yan, Chenlu Wu, Hang LI, Wei Shao, and Chunfu Jia (Nankai University)

PassTag: A Graphical-Textual Hybrid Fallback Authentication System
Joon Kuy Han (Stony Brook University); Simon S. Woo (SKKU); Hyoungshick Kim (Sungkyunkwan University)

Return-Oriented Programming on RISC-V
Georges-Axel Jaloyan (École normale supérieure); Konstantinos Markantonakis and Raja Naeem Akram (Smart card Centre, Information Security Group, Royal Holloway, University of London); David Robin (École normale supérieure); Keith Mayes (Smart card Centre, Information Security Group, Royal Holloway, University of London); David Naccache (École normale supérieure)

Efficient Secure Computation of Order-Preserving Encryption
Anselme Tueno (SAP SE); Florian Kerschbaum (University of Waterloo)

Can We Use Split Learning on 1D CNN Models for Privacy Preserving Training?
Alsharif Abuadbba (Data61 CSIRO, Cybersecurity CRC); Kyuyeon Kim and Minki Kim (Data61 CSIRO, Sungkyunkwan University); Chandra Thapa (Data61 CSIRO,); Seyit A. Camtepe (Data61 CSIRO); Yansong Gao (Data61 CSIRO, Cybersecurity CRC); Hyoungshick Kim (Data61 CSIRO, Sungkyunkwan University); Surya Nepal (Data61 CSIRO, Cybersecurity CRC)

EchoLock: Towards Low-effort Mobile User Identification Leveraging Structure-borne Echos
Yilin Yang (Rutgers University); Yan Wang (Temple University); Yingying Chen (Rutgers University)

AMSI-Based Detection of Malicious PowerShell Code Using Contextual Embeddings
Amir Rubin (Ben Gurion University of the Negev); Danny Hendler (Ben-Gurion University); Shay Kels (Microsoft)

PISKES: Pragmatic Internet-Scale Key-Establishment System
Benjamin Rothenberger, Dominik Roos, Markus Legner, and Adrian Perrig (ETH Zürich)

XSS Vulnerabilities in Cloud-Application Add-Ons
Thanh Bui, Siddharth Prakash Rao, Markku Antikainen, and Tuomas Aura (Aalto University, Finland)

Hidden in Plain Sight: Obfuscated Strings Threatening Your Privacy
Leonid Glanz, Patrick Müller, Lars Baumgaertner, Michael Reif, and Sven Amann (Technische Universitüt Darmstadt); Pauline Anthonysamy (Google Inc.); Mira Mezini (Technische Universitüt Darmstadt)

Take A Way: Exploring the Security Implications of AMD's Cache Way Predictors
Moritz Lipp, Vedad Hadzic, and Michael Schwarz (Graz University of Technology); Arthur Perais (Unaffiliated); Clémentine Maurice (Univ Rennes, CNRS, IRISA, France); Daniel Gruss (Graz University of Technology)

KASLR: Break It, Fix It, Repeat
Claudio Canella, Michael Schwarz, Martin Haubenwallner, Martin Schwarzl, and Daniel Gruss (Graz University of Technology)

Provable-Security Model for Strong Proximity-based Attacks - with application to contactless payments -
Ioana Boureanu, Liqun Chen, and Samuel Ivey (Univ. of Surrey, Surrey Centre for Cyber Security)

OptiSwap: Fast Optimistic Fair Exchange
Benjamin Schlosser, Lisa Eckey, and Sebastian Faust (TU Darmstadt)

Adversarial Attacks on Link Prediction Algorithms based on Graph Neural Networks
Wanyu Lin, Shengxiang Ji, and Baochun Li (University of Toronto)

On the Security of Randomized Defenses Against Adversarial Samples
Kumar Sharad, Giorgia Azzurra Marson, Hien Truong, and Ghassan Karame (NEC Labs Europe)

BOREALIS: Building Block for Sealed Bid Auctions on Blockchains
Erik-Oliver Blass (Airbus); Florian Kerschbaum (University of Waterloo)

Scam Augmentation and Customization: Identifying Vulnerable Users and Arming Defenders
Shahryar Baki, Rakesh Verma, and Omprakash Gnawali (University of Houston)

Semi-Honest Manager in Bitcoin Mining Pool: Dynamic Strategies to Gain Extra Rewards
Feifan Yu, Na Ruan, and Siyuan Cheng (Shanghai Jiao Tong University)

In-Network Filtering of Distributed Denial-of-Service Traffic with Near-Optimal Rule Selection
Devkishen Sisodia, Jun Li, and Lei Jiao (University of Oregon)

ÆGIS: Shielding Vulnerable Smart Contracts Against Attacks
Christof Ferreira Torres, Mathis Baden, Robert Norvill, and Beltran Borja Fiz Pontiveros (University of Luxembourg); Hugo Jonker (Open University of the Netherlands); Sjouke Mauw (University of Luxembourg)

CoDaRR : Continuous Data Space Randomization against Data-Only Attacks
Prabhu Rajasekaran (University of California, Irvine); Stephen Crane (Immunant, Inc.); David Gens and Yeoul Na (University of California, Irvine); Stijn Volckaert (imec-DistriNet, KU Leuven); Michael Franz (University of California, Irvine)

ModFalcon: compact signatures based on module NTRU lattices
Alexandre Wallet (NTT Corporation); Damien Stehle (ENS Lyon); Thomas Prest (PQ Shield); Keita Xagawa (NTT Corporation); Chitchanok Chuengsatiansup (University of Adelaide)

Contextual and Granular Policy Enforcement in Database-backed Applications
Abhishek Bichhawat, Matt Fredrikson, and Jean Yang (Carnegie Mellon University); Akash Trehan (Microsoft Vancouver)

You shall not pass: Mitigating SQL Injection Attacks on Legacy Web Applications
Rasoul Jahanshahi (Boston University); Adam Doupé (Arizona State University); Manuel Egele (Boston University)

What risk? I don't understand. An Empirical Study on Users' Understanding of the Terms Used in Security Texts
Tingmin Wu and Rongjunchen Zhang (Swinburne University of Technology; CSIRO's Data61); Wanlun Ma (University of Electronic Science and Technology of China); Sheng Wen (Swinburne University of Technology); Xin Xia (Monash University); Cecile Paris and Surya Nepal (CSIRO's Data61); Yang Xiang (Digital Research & Innovation Capability Platform, Swinburne University of Technology)

Skeptic: Automatic, Justified and Privacy-Preserving Password Composition Policy Selection
Saul Johnson (Teesside University); João Ferreira (INESC-ID & Instituto Superior Técnico, University of Lisbon); Alexandra Mendes (HASLAB/INESC-TEC & Department of Informatics, University of Beira Interior); Julien Cordry (Teesside University)

Uranus: Simple, Efficient SGX Programming and Its Applications
Jianyu Jiang (The University of Hong Kong); Xusheng Chen (the University of Hong Kong); Tze On Li, Cheng Wang, Tianxiang Shen, and Shixiong Zhao (The University of Hong Kong); Heming Cui (University of Hong Kong); Cho-Li Wang (The University of Hong Kong); Fengwei Zhang (Southern University of Science and Technology (SUSTech))

The Taint Rabbit: Optimizing Generic Taint Analysis with Dynamic Fast Path Generation
John Galea and Daniel Kroening (University of Oxford)

Be the Phisher - Understanding Users' Perception of Malicious Domains
Florian Quinkert (Ruhr University Bochum); Martin Degeling (Ruhr University Bochum; Horst Görtz Institute for IT Security); Jim Blythe (ISI, University of Southern California); Thorsten Holz (Ruhr-University Bochum)

A Comb for Decompiled C Code
Andrea Gussoni (Politecnico di Milano); Pietro Fezzardi and Alessandro Di Federico (rev.ng Srls); Giovanni Agosta (Politecnico di Milano)

Exploring Architectures for Cryptographic Access Control Enforcement in the Cloud for Fun and Optimization
Stefano Berlato, Roberto Carbone, and Silvio Ranise (Fondazione Bruno Kessler); Adam J. Lee (University of Pittsburgh)

Lattice Klepto Revisited
Zhaomin Yang and Tianyuan Xie (Academy of Mathematics and Systems Science, Chinese Academy of Sciences; University of Chinese Academy of Sciences); Yanbin Pan (AMSS,CAS)

Privacy-Preserving Incentive Systems with Highly Efficient Point-Collection
Jan Bobolz and Fabian Eidens (Paderborn University); Stephan Krenn, Daniel Slamanig, and Christoph Striecks (AIT Austrian Institute of Technology)

Social Botnet Community Detection: A Novel Approach based on Behavioral Similarity in Twitter Network using Deep Learning
Greeshma Lingam and Rashmi Ranjan Rout (National Institute of Technology, Warangal, 506004, India); DVLN Somayajulu (National Institute of Technology, Warangal, 506004, India, Indian Institute of Information Technology Design and Manufacturing, Kurnool, Andhra Pradesh, 518002, India); Sajal K Das (Missouri University of Science and Technology, Rolla, MO 65409-0350, USA)