ACM Annual Conference on Computer Security Applications, ACSAC 2015


Title/Authors Title Research Artifacts
[?] A research artifact is any by-product of a research project that is not directly included in the published research paper. In Computer Science research this is often source code and data sets, but it could also be media, documentation, inputs to proof assistants, shell-scripts to run experiments, etc.
Details

On the Robustness of Mobile Device Fingerprinting: Can Mobile Users Escape Modern Web-Tracking Mechanisms?

Thomas Hupperich, Davide Maiorca, Marc Kührer, Thorsten Holz, Giorgio Giacinto

On the Robustness of Mobile Device Fingerprinting: Can Mobile Users Escape Modern Web-Tracking Mechanisms?

Details
Discussion Comments: 0
Verification: Authors have not verified information

Emerging Image Game CAPTCHAs for Resisting Automated and Human-Solver Relay Attacks

Song Gao, Manar Mohamed, Nitesh Saxena, Chengcui Zhang

Emerging Image Game CAPTCHAs for Resisting Automated and Human-Solver Relay Attacks

Details
Discussion Comments: 0
Verification: Authors have not verified information

Proximity Verification for Contactless Access Control and Authentication Systems

Aanjhan Ranganathan, Boris Danev, Srdjan Capkun

Proximity Verification for Contactless Access Control and Authentication Systems

Details
Discussion Comments: 0
Verification: Authors have not verified information

MOSE: Live Migration Based On-the-Fly Software Emulation

Jinpeng Wei, Lok K. Yan, Muhammad Azizul Hakim

MOSE: Live Migration Based On-the-Fly Software Emulation

Details
Discussion Comments: 0
Verification: Authors have not verified information

BareDroid: Large-Scale Analysis of Android Apps on Real Devices

Simone Mutti, Yanick Fratantonio, Antonio Bianchi, Luca Invernizzi, Jacopo Corbetta, Dhilung Kirat, Christopher Kruegel, Giovanni Vigna

BareDroid: Large-Scale Analysis of Android Apps on Real Devices

Details
Discussion Comments: 0
Verification: Authors have not verified information

Scalable and Secure Concurrent Evaluation of History-based Access Control Policies

Maarten Decat, Bert Lagaisse, Wouter Joosen

Scalable and Secure Concurrent Evaluation of History-based Access Control Policies

Details
Discussion Comments: 0
Verification: Authors have not verified information

Cross-Site Framing Attacks

Nethanel Gelernter, Yoel Grinstein, Amir Herzberg

Cross-Site Framing Attacks

Details
Discussion Comments: 0
Verification: Authors have not verified information

MorphDroid: Fine-grained Privacy Verification

Pietro Ferrara, Omer Tripp, Marco Pistoia

MorphDroid: Fine-grained Privacy Verification

Details
Discussion Comments: 0
Verification: Authors have not verified information

Grab 'n Run: Secure and Practical Dynamic Code Loading for Android Applications

Luca Falsina, Yanick Fratantonio, Stefano Zanero, Christopher Kruegel, Giovanni Vigna, Federico Maggi

Grab 'n Run: Secure and Practical Dynamic Code Loading for Android Applications

Details
Author Comments:
Discussion Comments: 0
Sharing: Research produced artifacts
Verification: Authors have verified information

AuDroid: Preventing Attacks on Audio Channels in Mobile Devices

Giuseppe Petracca, Yuqiong Sun, Trent Jaeger, Ahmad Atamli

AuDroid: Preventing Attacks on Audio Channels in Mobile Devices

Details
Author Comments:
Discussion Comments: 0
Sharing: Research produced artifacts
Verification: Authors have verified information

Soteria: Offline Software Protection within Low-cost Embedded Devices

Johannes Götzfried, Tilo Müller, Ruan de Clercq, Pieter Maene, Felix C. Freiling, Ingrid Verbauwhede

Soteria: Offline Software Protection within Low-cost Embedded Devices

Details
Author Comments:
Discussion Comments: 0
Sharing: Research produced artifacts
Verification: Authors have verified information

Defeating ROP Through Denial of Stack Pivot

Aravind Prakash, Heng Yin

Defeating ROP Through Denial of Stack Pivot

Details
Discussion Comments: 0
Verification: Authors have not verified information

SeSQLite: Security Enhanced SQLite: Mandatory Access Control for Android databases

Simone Mutti, Enrico Bacis, Stefano Paraboschi

SeSQLite: Security Enhanced SQLite: Mandatory Access Control for Android databases

Details
Author Comments: SQLite is the most widely deployed in-process library that implements a SQL database engine. It offers high storage efficiency, fast query operation and small memory needs. Due to the fact that a complete SQLite database is stored in a single cross-platform disk file and SQLite does not support multiple users, anyone who has direct access to the file can read the whole database content. SELinux was originally developed as a Mandatory Access Control (MAC) mechanism for Linux to demonstrate how to overcome DAC limitations. However, SELinux provides per-file protection, thus the database file is treated as an atomic unit, impeding the definition of a fine-grained mandatory access control (MAC) policy for database objects. We introduce SeSQLite, an SQLite extension that integrates SELinux access controls into SQLite with minimal performance and storage overhead. SeSQLite implements labeling and access control at both schema level (for tables and columns) and row level. This permits the management of a fine-grained access policy for database objects. A prototype has been implemented and it has been used to improve the security of Android Content Providers.
Discussion Comments: 0
Sharing: Research produced artifacts
Verification: Authors have verified information

A Principled Approach for ROP Defense

Rui Qiao, Mingwei Zhang, R. Sekar

A Principled Approach for ROP Defense

Details
Discussion Comments: 0
Verification: Authors have not verified information

ShrinkWrap: VTable Protection without Loose Ends

István Haller, Enes Göktas, Elias Athanasopoulos, Georgios Portokalidis, Herbert Bos

ShrinkWrap: VTable Protection without Loose Ends

Details
Author Comments:
Discussion Comments: 0
Sharing: Research produced artifacts
Verification: Authors have verified information

PARS: A Uniform and Open-source Password Analysis and Research System

Shouling Ji, Shukun Yang, Ting Wang, Changchang Liu, Wei-Han Lee, Raheem A. Beyah

PARS: A Uniform and Open-source Password Analysis and Research System

Details
Discussion Comments: 0
Verification: Authors have not verified information

Provenance-based Integrity Protection for Windows

Wai-Kit Sze, R. Sekar

Provenance-based Integrity Protection for Windows

Details
Discussion Comments: 0
Verification: Authors have not verified information

Analyzing and Modeling Longitudinal Security Data: Promise and Pitfalls

Benjamin Edwards, Steven A. Hofmeyr, Stephanie Forrest, Michel van Eeten

Analyzing and Modeling Longitudinal Security Data: Promise and Pitfalls

Details
Discussion Comments: 0
Verification: Authors have not verified information

JaTE: Transparent and Efficient JavaScript Confinement

Tung Tran, Riccardo Pelizzi, R. Sekar

JaTE: Transparent and Efficient JavaScript Confinement

Details
Author Comments:
Discussion Comments: 0
Sharing: Research produced artifacts
Verification: Authors have verified information

Is Bigger Better? Comparing User-Generated Passwords on 3x3 vs. 4x4 Grid Sizes for Android's Pattern Unlock

Adam J. Aviv, Devon Budzitowski, Ravi Kuber

Is Bigger Better? Comparing User-Generated Passwords on 3x3 vs. 4x4 Grid Sizes for Android's Pattern Unlock

Details
Discussion Comments: 0
Verification: Authors have not verified information

Towards Analyzing the Input Validation Vulnerabilities associated with Android System Services

Chen Cao, Neng Gao, Peng Liu, Ji Xiang

Towards Analyzing the Input Validation Vulnerabilities associated with Android System Services

Details
Discussion Comments: 0
Verification: Authors have not verified information

Binary Code Continent: Finer-Grained Control Flow Integrity for Stripped Binaries

Minghua Wang, Heng Yin, Abhishek Vasisht Bhaskar, Purui Su, Dengguo Feng

Binary Code Continent: Finer-Grained Control Flow Integrity for Stripped Binaries

Details
Discussion Comments: 0
Verification: Authors have not verified information

Logical Partitions on Many-Core Platforms

Ramya Jayaram Masti, Claudio Marforio, Kari Kostiainen, Claudio Soriente, Srdjan Capkun

Logical Partitions on Many-Core Platforms

Details
Discussion Comments: 0
Verification: Authors have not verified information

On the Security and Usability of Crypto Phones

Maliheh Shirvanian, Nitesh Saxena

On the Security and Usability of Crypto Phones

Details
Discussion Comments: 0
Verification: Authors have not verified information

Accurate, Low Cost and Instrumentation-Free Security Audit Logging for Windows

Shiqing Ma, Kyu Hyung Lee, Chung Hwan Kim, Junghwan Rhee, Xiangyu Zhang, Dongyan Xu

Accurate, Low Cost and Instrumentation-Free Security Audit Logging for Windows

Details
Discussion Comments: 0
Verification: Authors have not verified information

Vulnerability Assessment of OAuth Implementations in Android Applications

Hui Wang, Yuanyuan Zhang, Juanru Li, Hui Liu, Wenbo Yang, Bodong Li, Dawu Gu

Vulnerability Assessment of OAuth Implementations in Android Applications

Details
Discussion Comments: 0
Verification: Authors have not verified information

Handling Reboots and Mobility in 802.15.4 Security

Konrad-Felix Krentz, Christoph Meinel

Handling Reboots and Mobility in 802.15.4 Security

Details
Discussion Comments: 0
Verification: Authors have not verified information

Defending Against Malicious USB Firmware with GoodUSB

Jing (Dave) Tian, Adam M. Bates, Kevin R. B. Butler

Defending Against Malicious USB Firmware with GoodUSB

Details
Discussion Comments: 0
Verification: Authors have not verified information

MobiPluto: File System Friendly Deniable Storage for Mobile Devices

Bing Chang, Zhan Wang, Bo Chen, Fengwei Zhang

MobiPluto: File System Friendly Deniable Storage for Mobile Devices

Details
Discussion Comments: 0
Verification: Authors have not verified information

DynaGuard: Armoring Canary-based Protections against Brute-force Attacks

Theofilos Petsios, Vasileios P. Kemerlis, Michalis Polychronakis, Angelos D. Keromytis

DynaGuard: Armoring Canary-based Protections against Brute-force Attacks

Details
Author Comments:
Discussion Comments: 0
Sharing: Research produced artifacts
Verification: Authors have verified information

Know Your Achilles' Heel: Automatic Detection of Network Critical Services

Ali Zand, Amir Houmansadr, Giovanni Vigna, Richard A. Kemmerer, Christopher Kruegel

Know Your Achilles' Heel: Automatic Detection of Network Critical Services

Details
Discussion Comments: 0
Verification: Authors have not verified information

Combining Differential Privacy and Secure Multiparty Computation

Martin Pettai, Peeter Laud

Combining Differential Privacy and Secure Multiparty Computation

Details
Discussion Comments: 0
Verification: Authors have not verified information

ErsatzPasswords: Ending Password Cracking and Detecting Password Leakage

Mohammed H. Almeshekah, Christopher N. Gutierrez, Mikhail J. Atallah, Eugene H. Spafford

ErsatzPasswords: Ending Password Cracking and Detecting Password Leakage

Details
Discussion Comments: 0
Verification: Authors have not verified information

Decentralized Authorization and Privacy-Enhanced Routing for Information-Centric Networks

Mariana Raykova, Hasnain Lakhani, Hasanat Kazmi, Ashish Gehani

Decentralized Authorization and Privacy-Enhanced Routing for Information-Centric Networks

Details
Discussion Comments: 0
Verification: Authors have not verified information

Using Visual Challenges to Verify the Integrity of Security Cameras

Junia Valente, Alvaro A. Cárdenas

Using Visual Challenges to Verify the Integrity of Security Cameras

Details
Discussion Comments: 0
Verification: Authors have not verified information

Secure and Efficient Key Derivation in Portfolio Authentication Schemes Using Blakley Secret Sharing

Peter Mayer, Melanie Volkamer

Secure and Efficient Key Derivation in Portfolio Authentication Schemes Using Blakley Secret Sharing

Details
Author Comments:
Discussion Comments: 0
Sharing: Research produced artifacts
Verification: Authors have verified information

Control Flow and Code Integrity for COTS binaries: An Effective Defense Against Real-World ROP Attacks

Mingwei Zhang, R. Sekar

Control Flow and Code Integrity for COTS binaries: An Effective Defense Against Real-World ROP Attacks

Details
Discussion Comments: 0
Verification: Authors have not verified information

Covert Botnet Command and Control Using Twitter

Nick Pantic, Mohammad Iftekhar Husain

Covert Botnet Command and Control Using Twitter

Details
Discussion Comments: 0
Verification: Authors have not verified information

Proactive Security Analysis of Changes in Virtualized Infrastructures

Sören Bleikertz, Carsten Vogel, Thomas Groß, Sebastian Mödersheim

Proactive Security Analysis of Changes in Virtualized Infrastructures

Details
Discussion Comments: 0
Verification: Authors have not verified information

Experimental Study with Real-world Data for Android App Security Analysis using Machine Learning

Sankardas Roy, Jordan DeLoach, Yuping Li, Nic Herndon, Doina Caragea, Xinming Ou, Venkatesh Prasad Ranganath, Hongmin Li, Nicolais Guevara

Experimental Study with Real-world Data for Android App Security Analysis using Machine Learning

Details
Author Comments: TBOMK we did not archive data, scripts, and results from our experiments.
Discussion Comments: 0
Sharing: Not able to share produced artifacts
Verification: Authors have verified information

Using Channel State Information for Tamper Detection in the Internet of Things

Ibrahim Ethem Bagci, Utz Roedig, Ivan Martinovic, Matthias Schulz, Matthias Hollick

Using Channel State Information for Tamper Detection in the Internet of Things

Details
Discussion Comments: 0
Verification: Authors have not verified information

Privacy-preserving Virtual Machine

Tianlin Li, Yaohui Hu, Ping Yang, Kartik Gopalan

Privacy-preserving Virtual Machine

Details
Discussion Comments: 0
Verification: Authors have not verified information

Hardware-assisted Memory Tracing on New SoCs Embedding FPGA Fabrics

Letitia W. Li, Guillaume Duc, Renaud Pacalet

Hardware-assisted Memory Tracing on New SoCs Embedding FPGA Fabrics

Details
Author Comments:
Discussion Comments: 0
Sharing: Research produced artifacts
Verification: Authors have verified information

Evaluating the Flexibility of the Java Sandbox

Zack Coker, Michael Maass, Tianyuan Ding, Claire Le Goues, Joshua Sunshine

Evaluating the Flexibility of the Java Sandbox

Details
Author Comments:
Discussion Comments: 0
Sharing: Research produced artifacts
Verification: Authors have verified information

Entity-Based Access Control: supporting more expressive access control policies

Jasper Bogaerts, Maarten Decat, Bert Lagaisse, Wouter Joosen

Entity-Based Access Control: supporting more expressive access control policies

Details
Discussion Comments: 0
Verification: Authors have not verified information

Getting to know your Card: Reverse-Engineering the Smart-Card Application Protocol Data Unit

Andriana Gkaniatsou, Fiona McNeill, Alan Bundy, Graham Steel, Riccardo Focardi, Claudio Bozzato

Getting to know your Card: Reverse-Engineering the Smart-Card Application Protocol Data Unit

Details
Discussion Comments: 0
Verification: Authors have not verified information

PIE: Parser Identification in Embedded Systems

Lucian Cojocar, Jonas Zaddach, Roel Verdult, Herbert Bos, Aurélien Francillon, Davide Balzarotti

PIE: Parser Identification in Embedded Systems

Details
Discussion Comments: 0
Verification: Authors have not verified information