Network and Distributed System Security Symposium, NDSS 2017


Title/Authors Title Research Artifacts
[?] A research artifact is any by-product of a research project that is not directly included in the published research paper. In Computer Science research this is often source code and data sets, but it could also be media, documentation, inputs to proof assistants, shell-scripts to run experiments, etc.
Details

Dynamic Differential Location Privacy with Personalized Error Bounds

Lei Yu, Ling Liu, Calton Pu

Dynamic Differential Location Privacy with Personalized Error Bounds

Details
Author Comments: This paper is a part of the umbrella project on PrivacyGuards at Georgia Tech.
Discussion Comments: 0
Sharing: Not able to share produced artifacts
Verification: Authors have verified information

PSI: Precise Security Instrumentation for Enterprise Networks

Tianlong Yu, Seyed Kaveh Fayaz, Michael P. Collins, Vyas Sekar, Srinivasan Seshan

PSI: Precise Security Instrumentation for Enterprise Networks

Details
Discussion Comments: 0
Verification: Authors have not verified information

Ramblr: Making Reassembly Great Again

Ruoyu Wang, Yan Shoshitaishvili, Antonio Bianchi, Aravind Machiry, John Grosen, Paul Grosen, Christopher Kruegel, Giovanni Vigna

Ramblr: Making Reassembly Great Again

Details
Author Comments:
Discussion Comments: 0
Sharing: Research produced artifacts
Verification: Authors have verified information

Hello from the Other Side: SSH over Robust Cache Covert Channels in the Cloud

Clémentine Maurice, Manuel Weber, Michael Schwarz, Lukas Giner, Daniel Gruss, Carlo Alberto Boano, Stefan Mangard, Kay Römer

Hello from the Other Side: SSH over Robust Cache Covert Channels in the Cloud

Details
Author Comments:
Discussion Comments: 0
Sharing: Research produced artifacts
Verification: Authors have verified information

The Security Impact of HTTPS Interception

Zakir Durumeric, Zane Ma, Drew Springall, Richard Barnes, Nick Sullivan, Elie Bursztein, Michael Bailey, J. Alex Halderman, Vern Paxson

The Security Impact of HTTPS Interception

Details
Discussion Comments: 0
Verification: Authors have not verified information

TenantGuard: Scalable Runtime Verification of Cloud-Wide VM-Level Network Isolation

Yushun Wang, Taous Madi, Suryadipta Majumdar, Yosr Jarraya, Amir Alimohammadifar, Makan Pourzandi, Lingyu Wang, Mourad Debbabi

TenantGuard: Scalable Runtime Verification of Cloud-Wide VM-Level Network Isolation

Details
Discussion Comments: 0
Verification: Authors have not verified information

ObliviSync: Practical Oblivious File Backup and Synchronization

Adam J. Aviv, Seung Geol Choi, Travis Mayberry, Daniel S. Roche

ObliviSync: Practical Oblivious File Backup and Synchronization

Details
Discussion Comments: 0
Verification: Authors have not verified information

WireGuard: Next Generation Kernel Network Tunnel

Jason A. Donenfeld

WireGuard: Next Generation Kernel Network Tunnel

Details
Discussion Comments: 0
Verification: Author has not verified information

VUzzer: Application-aware Evolutionary Fuzzing

Sanjay Rawat, Vivek Jain, Ashish Kumar, Lucian Cojocar, Cristiano Giuffrida, Herbert Bos

VUzzer: Application-aware Evolutionary Fuzzing

Details
Discussion Comments: 0
Verification: Authors have not verified information

Cracking Android Pattern Lock in Five Attempts

Guixin Ye, Zhanyong Tang, Dingyi Fang, Xiaojiang Chen, Kwang In Kim, Ben Taylor, Zheng Wang

Cracking Android Pattern Lock in Five Attempts

Details
Discussion Comments: 0
Verification: Authors have not verified information

Enabling Reconstruction of Attacks on Users via Efficient Browsing Snapshots

Phani Vadrevu, Jienan Liu, Bo Li, Babak Rahbarinia, Kyu Hyung Lee, Roberto Perdisci

Enabling Reconstruction of Attacks on Users via Efficient Browsing Snapshots

Details
Discussion Comments: 0
Verification: Authors have not verified information

SGX-Shield: Enabling Address Space Layout Randomization for SGX Programs

Jaebaek Seo, Byoungyoung Lee, Seong Min Kim, Ming-Wei Shih, Insik Shin, Dongsu Han, Taesoo Kim

SGX-Shield: Enabling Address Space Layout Randomization for SGX Programs

Details
Author Comments:
Discussion Comments: 0
Sharing: Research produced artifacts
Verification: Authors have verified information

Automated Synthesis of Semantic Malware Signatures using Maximum Satisfiability

Yu Feng, Osbert Bastani, Ruben Martins, Isil Dillig, Saswat Anand

Automated Synthesis of Semantic Malware Signatures using Maximum Satisfiability

Details
Discussion Comments: 0
Verification: Authors have not verified information

Thou Shalt Not Depend on Me: Analysing the Use of Outdated JavaScript Libraries on the Web

Tobias Lauinger, Abdelberi Chaabane, Sajjad Arshad, William Robertson, Christo Wilson, Engin Kirda

Thou Shalt Not Depend on Me: Analysing the Use of Outdated JavaScript Libraries on the Web

Details
Discussion Comments: 0
Verification: Authors have not verified information

Towards Implicit Visual Memory-Based Authentication

Claude Castelluccia, Markus Dürmuth, Maximilian Golla, Fatma Deniz

Towards Implicit Visual Memory-Based Authentication

Details
Discussion Comments: 0
Verification: Authors have not verified information

Internet-scale Probing of CPS: Inference, Characterization and Orchestration Analysis

Claude Fachkha, Elias Bou-Harb, Anastasis Keliris, Nasir D. Memon, Mustaque Ahamad

Internet-scale Probing of CPS: Inference, Characterization and Orchestration Analysis

Details
Discussion Comments: 0
Verification: Authors have not verified information

DELTA: A Security Assessment Framework for Software-Defined Networks

Seungsoo Lee, Changhoon Yoon, Chanhee Lee, Seungwon Shin, Vinod Yegneswaran, Phillip A. Porras

DELTA: A Security Assessment Framework for Software-Defined Networks

Details
Discussion Comments: 0
Verification: Authors have not verified information

HisTorε: Differentially Private and Robust Statistics Collection for Tor

Akshaya Mani, Micah Sherr

HisTorε: Differentially Private and Robust Statistics Collection for Tor

Details
Discussion Comments: 0
Verification: Authors have not verified information

Unleashing Use-Before-Initialization Vulnerabilities in the Linux Kernel Using Targeted Stack Spraying

Kangjie Lu, Marie-Therese Walter, David Pfaff, Stefan Nümberger, Wenke Lee, Michael Backes

Unleashing Use-Before-Initialization Vulnerabilities in the Linux Kernel Using Targeted Stack Spraying

Details
Discussion Comments: 0
Verification: Authors have not verified information

Fast Actively Secure OT Extension for Short Secrets

Arpita Patra, Pratik Sarkar, Ajith Suresh

Fast Actively Secure OT Extension for Short Secrets

Details
Discussion Comments: 0
Verification: Authors have not verified information

On the Safety and Efficiency of Virtual Firewall Elasticity Control

Juan Deng, Hongda Li, Hongxin Hu, Kuang-Ching Wang, Gail-Joon Ahn, Ziming Zhao, Wonkyu Han

On the Safety and Efficiency of Virtual Firewall Elasticity Control

Details
Author Comments:
Discussion Comments: 0
Sharing: Research produced artifacts
Verification: Authors have verified information

Broken Hearted: How To Attack ECG Biometrics

Simon Eberz, Nicola Paoletti, Marc Roeschlin, Andrea Patané, Marta Kwiatkowska, Ivan Martinovic

Broken Hearted: How To Attack ECG Biometrics

Details
Discussion Comments: 0
Verification: Authors have not verified information

Dynamic Virtual Address Range Adjustment for Intra-Level Privilege Separation on ARM

Yeongpil Cho, Donghyun Kwon, Hayoon Yi, Yunheung Paek

Dynamic Virtual Address Range Adjustment for Intra-Level Privilege Separation on ARM

Details
Discussion Comments: 0
Verification: Authors have not verified information

IO-DSSE: Scaling Dynamic Searchable Encryption to Millions of Indexes By Improving Locality

Ian Miers, Payman Mohassel

IO-DSSE: Scaling Dynamic Searchable Encryption to Millions of Indexes By Improving Locality

Details
Discussion Comments: 0
Verification: Authors have not verified information

Dark Hazard: Learning-based, Large-Scale Discovery of Hidden Sensitive Operations in Android Apps

Xiaorui Pan, Xueqiang Wang, Yue Duan, XiaoFeng Wang, Heng Yin

Dark Hazard: Learning-based, Large-Scale Discovery of Hidden Sensitive Operations in Android Apps

Details
Discussion Comments: 0
Verification: Authors have not verified information

Dial One for Scam: A Large-Scale Analysis of Technical Support Scams

Najmeh Miramirkhani, Oleksii Starov, Nick Nikiforakis

Dial One for Scam: A Large-Scale Analysis of Technical Support Scams

Details
Discussion Comments: 0
Verification: Authors have not verified information

Obfuscation-Resilient Privacy Leak Detection for Mobile Apps Through Differential Analysis

Andrea Continella, Yanick Fratantonio, Martina Lindorfer, Alessandro Puccetti, Ali Zand, Christopher Kruegel, Giovanni Vigna

Obfuscation-Resilient Privacy Leak Detection for Mobile Apps Through Differential Analysis

Details
Author Comments:
Discussion Comments: 0
Sharing: Research produced artifacts
Verification: Authors have verified information

A Large-scale Analysis of the Mnemonic Password Advice

Johannes Kiesel, Benno Stein, Stefan Lucks

A Large-scale Analysis of the Mnemonic Password Advice

Details
Author Comments:
Discussion Comments: 0
Sharing: Research produced artifacts
Verification: Authors have verified information

ASLR on the Line: Practical Cache Attacks on the MMU

Ben Gras, Kaveh Razavi, Erik Bosman, Herbert Bos, Cristiano Giuffrida

ASLR on the Line: Practical Cache Attacks on the MMU

Details
Discussion Comments: 0
Verification: Authors have not verified information

Indiscreet Logs: Diffie-Hellman Backdoors in TLS

Kristen Dorey, Nicholas Chang-Fong, Aleksander Essex

Indiscreet Logs: Diffie-Hellman Backdoors in TLS

Details
Discussion Comments: 0
Verification: Authors have not verified information

Constant Round Maliciously Secure 2PC with Function-independent Preprocessing using LEGO

Jesper Buus Nielsen, Thomas Schneider, Roberto Trifiletti

Constant Round Maliciously Secure 2PC with Function-independent Preprocessing using LEGO

Details
Discussion Comments: 0
Verification: Authors have not verified information

Measuring small subgroup attacks against Diffie-Hellman

Luke Valenta, David Adrian, Antonio Sanso, Shaanan Cohney, Joshua Fried, Marcella Hastings, J. Alex Halderman, Nadia Heninger

Measuring small subgroup attacks against Diffie-Hellman

Details
Discussion Comments: 0
Verification: Authors have not verified information

ContexloT: Towards Providing Contextual Integrity to Appified IoT Platforms

Yunhan Jack Jia, Qi Alfred Chen, Shiqi Wang, Amir Rahmati, Earlence Fernandes, Zhuoqing Morley Mao, Atul Prakash

ContexloT: Towards Providing Contextual Integrity to Appified IoT Platforms

Details
Author Comments:
Discussion Comments: 0
Sharing: Not able to share produced artifacts
Verification: Authors have verified information

MARX: Uncovering Class Hierarchies in C++ Programs

Andre Pawlowski, Moritz Contag, Victor van der Veen, Chris Ouwehand, Thorsten Holz, Herbert Bos, Elias Athanasopoulos, Cristiano Giuffrida

MARX: Uncovering Class Hierarchies in C++ Programs

Details
Author Comments:
Discussion Comments: 0
Sharing: Research produced artifacts
Verification: Authors have verified information

The Effect of DNS on Tor's Anonymity

Benjamin Greschbach, Tobias Pulls, Laura M. Roberts, Phillip Winter, Nick Feamster

The Effect of DNS on Tor's Anonymity

Details
Discussion Comments: 0
Verification: Authors have not verified information

WindowGuard: Systematic Protection of GUI Security in Android

Chuangang Ren, Peng Liu, Sencun Zhu

WindowGuard: Systematic Protection of GUI Security in Android

Details
Discussion Comments: 0
Verification: Authors have not verified information

Wi-Fly?: Detecting Privacy Invasion Attacks by Consumer Drones

Simon Birnbach, Richard Baker, Ivan Martinovic

Wi-Fly?: Detecting Privacy Invasion Attacks by Consumer Drones

Details
Discussion Comments: 0
Verification: Authors have not verified information

Dissecting Tor Bridges: A Security Evaluation of their Private and Public Infrastructures

Srdjan Matic, Carmela Troncoso, Juan Caballero

Dissecting Tor Bridges: A Security Evaluation of their Private and Public Infrastructures

Details
Discussion Comments: 0
Verification: Authors have not verified information

SilentWhispers: Enforcing Security and Privacy in Decentralized Credit Networks

Giulio Malavolta, Pedro Moreno-Sanchez, Aniket Kate, Matteo Maffei

SilentWhispers: Enforcing Security and Privacy in Decentralized Credit Networks

Details
Discussion Comments: 0
Verification: Authors have not verified information

Stack Bounds Protection with Low Fat Pointers

Gregory J. Duck, Roland H. C. Yap, Lorenzo Cavallaro

Stack Bounds Protection with Low Fat Pointers

Details
Discussion Comments: 0
Verification: Authors have not verified information

Pushing the Communication Barrier in Secure Computation using Lookup Tables

Ghada Dessouky, Farinaz Koushanfar, Ahmad-Reza Sadeghi, Thomas Schneider, Shaza Zeitouni, Michael Zohner

Pushing the Communication Barrier in Secure Computation using Lookup Tables

Details
Discussion Comments: 0
Verification: Authors have not verified information

BOOMERANG: Exploiting the Semantic Gap in Trusted Execution Environments

Aravind Machiry, Eric Gustafson, Chad Spensky, Christopher Salls, Nick Stephens, Ruoyu Wang, Antonio Bianchi, Yung Ryn Choe, Christopher Kruegel, Giovanni Vigna

BOOMERANG: Exploiting the Semantic Gap in Trusted Execution Environments

Details
Author Comments:
Discussion Comments: 0
Sharing: Research produced artifacts
Verification: Authors have verified information

PT-Rand: Practical Mitigation of Data-only Attacks against Page Tables

Lucas Davi, David Gens, Christopher Liebchen, Ahmad-Reza Sadeghi

PT-Rand: Practical Mitigation of Data-only Attacks against Page Tables

Details
Discussion Comments: 0
Verification: Authors have not verified information

TumbleBit: An Untrusted Bitcoin-Compatible Anonymous Payment Hub

Ethan Heilman, Leen Alshenibr, Foteini Baldimtsi, Alessandra Scafuro, Sharon Goldberg

TumbleBit: An Untrusted Bitcoin-Compatible Anonymous Payment Hub

Details
Author Comments:
Discussion Comments: 0
Sharing: Research produced artifacts
Verification: Authors have verified information

T-SGX: Eradicating Controlled-Channel Attacks Against Enclave Programs

Ming-Wei Shih, Sangho Lee, Taesoo Kim, Marcus Peinado

T-SGX: Eradicating Controlled-Channel Attacks Against Enclave Programs

Details
Author Comments:
Discussion Comments: 0
Sharing: Research produced artifacts
Verification: Authors have verified information

Hey, My Malware Knows Physics! Attacking PLCs with Physical Model Aware Rootkit

Luis Garcia, Ferdinand Brasser, Mehmet Hazar Cintuglu, Ahmad-Reza Sadeghi, Osama A. Mohammed, Saman A. Zonouz

Hey, My Malware Knows Physics! Attacking PLCs with Physical Model Aware Rootkit

Details
Discussion Comments: 0
Verification: Authors have not verified information

MaMaDroid: Detecting Android Malware by Building Markov Chains of Behavioral Models

Enrico Mariconti, Lucky Onwuzurike, Panagiotis Andriotis, Emiliano De Cristofaro, Gordon J. Ross, Gianluca Stringhini

MaMaDroid: Detecting Android Malware by Building Markov Chains of Behavioral Models

Details
Discussion Comments: 0
Verification: Authors have not verified information

A Call to ARMs: Understanding the Costs and Benefits of JIT Spraying Mitigations

Wilson Lian, Hovav Shacham, Stefan Savage

A Call to ARMs: Understanding the Costs and Benefits of JIT Spraying Mitigations

Details
Discussion Comments: 0
Verification: Authors have not verified information

(Cross-)Browser Fingerprinting via OS and Hardware Level Features

Yinzhi Cao, Song Li, Erik Wijmans

(Cross-)Browser Fingerprinting via OS and Hardware Level Features

Details
Discussion Comments: 0
Verification: Authors have not verified information

Dachshund: Digging for and Securing (Non-)Blinded Constants in JIT Code

Giorgi Maisuradze, Michael Backes, Christian Rossow

Dachshund: Digging for and Securing (Non-)Blinded Constants in JIT Code

Details
Discussion Comments: 0
Verification: Authors have not verified information

P2P Mixing and Unlinkable Bitcoin Transactions

Tim Ruffing, Pedro Moreno-Sanchez, Aniket Kate

P2P Mixing and Unlinkable Bitcoin Transactions

Details
Discussion Comments: 0
Verification: Authors have not verified information

Panoply: Low-TCB Linux Applications With SGX Enclaves

Shweta Shinde, Dat Le Tien, Shruti Tople, Prateek Saxena

Panoply: Low-TCB Linux Applications With SGX Enclaves

Details
Discussion Comments: 0
Verification: Authors have not verified information

HOP: Hardware makes Obfuscation Practical

Kartik Nayak, Christopher W. Fletcher, Ling Ren, Nishanth Chandran, Satya V. Lokam, Elaine Shi, Vipul Goyal

HOP: Hardware makes Obfuscation Practical

Details
Discussion Comments: 0
Verification: Authors have not verified information

A Broad View of the Ecosystem of Socially Engineered Exploit Documents

Stevens Le Blond, Cédric Gilbert, Utkarsh Upadhyay, Manuel Gomez-Rodriguez, David R. Choffnes

A Broad View of the Ecosystem of Socially Engineered Exploit Documents

Details
Discussion Comments: 0
Verification: Authors have not verified information

Using Fully Homomorphic Encryption for Statistical Analysis of Categorical, Ordinal and Numerical Data

Wenjie Lu, Shohei Kawasaki, Jun Sakuma

Using Fully Homomorphic Encryption for Statistical Analysis of Categorical, Ordinal and Numerical Data

Details
Author Comments:
Discussion Comments: 0
Sharing: Research produced artifacts
Verification: Authors have verified information

An Evil Copy: How the Loader Betrays You

Xinyang Ge, Mathias Payer, Trent Jaeger

An Evil Copy: How the Loader Betrays You

Details
Author Comments: The underlying bugs in the loader have been fixed and the problem is mitigated.
Discussion Comments: 0
Sharing: Research produced no artifacts
Verification: Authors have verified information

Avoiding The Man on the Wire: Improving Tor's Security with Trust-Aware Path Selection

Aaron Johnson, Rob Jansen, Aaron D. Jaggard, Joan Feigenbaum, Paul Syverson

Avoiding The Man on the Wire: Improving Tor's Security with Trust-Aware Path Selection

Details
Discussion Comments: 0
Verification: Authors have not verified information

KEH-Gait: Towards a Mobile Healthcare User Authentication System by Kinetic Energy Harvesting

Weitao Xu, Guohao Lan, Qi Lin, Sara Khalifa, Neil Bergmann, Mahbub Hassan, Wen Hu

KEH-Gait: Towards a Mobile Healthcare User Authentication System by Kinetic Energy Harvesting

Details
Author Comments: Due to school policy, we cannot provide the code and dataset related to this paper. This paper needs a custom prototype to collect data. We are happy to provide help if anyone is interested in this work.
Discussion Comments: 0
Sharing: Not able to share produced artifacts
Verification: Authors have verified information

Deconstructing Xen

Le Shi, Yuming Wu, Yubin Xia, Nathan Dautenhahn, Haibo Chen, Binyu Zang, Jinming Li

Deconstructing Xen

Details
Discussion Comments: 0
Verification: Authors have not verified information

Address Oblivious Code Reuse: On the Effectiveness of Leakage Resilient Diversity

Robert Rudd, Richard Skowyra, David Bigelow, Veer Dedhia, Thomas Hobson, Stephen Crane, Christopher Liebchen, Per Larsen, Lucas Davi, Michael Franz, Ahmad-Reza Sadeghi, Hamed Okhravi

Address Oblivious Code Reuse: On the Effectiveness of Leakage Resilient Diversity

Details
Author Comments:
Discussion Comments: 0
Sharing: Not able to share produced artifacts
Verification: Authors have verified information

Automated Analysis of Privacy Requirements for Mobile Apps

Sebastian Zimmeck, Ziqi Wang, Lieyong Zou, Roger Iyengar, Bin Liu, Florian Schaub, Shomir Wilson, Norman M. Sadeh, Steven M. Bellovin, Joel R. Reidenberg

Automated Analysis of Privacy Requirements for Mobile Apps

Details
Discussion Comments: 0
Verification: Authors have not verified information

Fake Co-visitation Injection Attacks to Recommender Systems

Guolei Yang, Neil Zhenqiang Gong, Ying Cai

Fake Co-visitation Injection Attacks to Recommender Systems

Details
Discussion Comments: 0
Verification: Authors have not verified information

Safelnit: Comprehensive and Practical Mitigation of Uninitialized Read Vulnerabilities

Alyssa Milburn, Herbert Bos, Cristiano Giuffrida

Safelnit: Comprehensive and Practical Mitigation of Uninitialized Read Vulnerabilities

Details
Discussion Comments: 0
Verification: Authors have not verified information

Catching Worms, Trojan Horses and PUPs: Unsupervised Detection of Silent Delivery Campaigns

Bum Jun Kwon, Virinshi Srinivas, Amol Deshpande, Tudor Dumitras

Catching Worms, Trojan Horses and PUPs: Unsupervised Detection of Silent Delivery Campaigns

Details
Discussion Comments: 0
Verification: Authors have not verified information

FBS-Radar: Uncovering Fake Base Stations at Scale in the Wild

Zhenhua Li, Weiwei Wang, Christo Wilson, Jian Chen, Chen Qian, Taeho Jung, Lan Zhang, Kebin Liu, Xiangyang Li, Yunhao Liu

FBS-Radar: Uncovering Fake Base Stations at Scale in the Wild

Details
Discussion Comments: 0
Verification: Authors have not verified information

Self Destructing Exploit Executions via Input Perturbation

Yonghwi Kwon, Brendan Saltaformaggio, I Luk Kim, Kyu Hyung Lee, Xiangyu Zhang, Dongyan Xu

Self Destructing Exploit Executions via Input Perturbation

Details
Discussion Comments: 0
Verification: Authors have not verified information

Show Me the Money! Finding Flawed Implementations of Third-party In-app Payment in Android Apps

Wenbo Yang, Yuanyuan Zhang, Juanru Li, Hui Liu, Qing Wang, Yueheng Zhang, Dawu Gu

Show Me the Money! Finding Flawed Implementations of Third-party In-app Payment in Android Apps

Details
Discussion Comments: 0
Verification: Authors have not verified information

Are We There Yet? On RPKI's Deployment and Security

Yossi Gilad, Avichai Cohen, Amir Herzberg, Michael Schapira, Haya Shulman

Are We There Yet? On RPKI's Deployment and Security

Details
Discussion Comments: 0
Verification: Authors have not verified information